last executing test programs:
1m55.523312733s ago: executing program 2 (id=5058):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
socket(0x2, 0x2, 0x0)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
mlockall$auto(0x7)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/dummy0/addr_gen_mode\x00', 0x1, 0x0)
pwrite64$auto(r0, 0x0, 0x0, 0x2000000000040007)
madvise$auto(0x0, 0x7fffffffffffffff, 0xa)
move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2)
tgkill$auto(0x0, 0x0, 0x11)
readv$auto(0x3, 0x0, 0x7)
keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff)
madvise$auto(0x0, 0x2003f2, 0x15)
1m54.398380257s ago: executing program 2 (id=5062):
r0 = socket(0x2, 0x2, 0x88)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x20)
writev$auto(0xffffffffffffffff, 0x0, 0x3)
read$auto_fops_x64_ro_(0xffffffffffffffff, &(0x7f00000001c0)=""/42, 0x2a)
signalfd$auto(0xffffffffffffffff, 0x0, 0xb071)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x44000)
mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000)
write$auto(0xffffffffffffffff, 0x0, 0x5)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
pread64$auto(r1, 0x0, 0x80000000008, 0x8000)
1m53.793464587s ago: executing program 2 (id=5064):
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa142, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4004810}, 0x4008815)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x6)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000)
syz_genetlink_get_family_id$auto_nfsd(0x0, r0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
write$auto(0x3, 0x0, 0x101085)
1m52.347612826s ago: executing program 2 (id=5070):
r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0)
ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))
mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0)
write$auto(0x3, 0x0, 0xffd8)
r1 = socket(0x11, 0xa, 0x9)
unshare$auto(0x40000080)
write$auto(0x3, 0x0, 0x8)
openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/setgroups\x00', 0x7f835763b555bbe0, 0x0)
write$auto(0xffffffffffffffff, 0x0, 0xa)
unshare$auto(0x40000080)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xe187)
write$auto(r1, &(0x7f0000000480)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\x0f\x97\xa1\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd3lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\xfa\v?\\#\xfc\x15-\xbc\xcd$\x83\xcf\xc5D\xcc', 0xc8)
socket(0x1f, 0x1, 0x8)
keyctl$auto(0x23, 0x1, 0x6, 0x3, 0x9)
prctl$auto(0x1000000003b, 0x80001, 0x0, 0x200000005, 0x100000000000007)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000)
mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000)
1m50.639898126s ago: executing program 2 (id=5077):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r0 = socket(0x2, 0x80002, 0x73)
r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video2\x00', 0x0, 0x0)
ioctl$auto(0x3, 0xc0205647, 0x38)
r2 = openat$auto_evm_xattr_ops_evm_secfs(0xffffffffffffff9c, &(0x7f0000000080), 0x100401, 0x0)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
r3 = socket(0x2b, 0x1, 0x1)
setsockopt$auto(r3, 0x0, 0x26, 0x0, 0xc)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff)
sendmsg$auto_TCP_METRICS_CMD_GET(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010027bd7000fedbdf2501000000ceb95a74137160835f8461fc8404943555c6ef24b567a653d914cfe05a9154a9818b22f1f8c6ac51941e2522e428f2e21cc8f619227c187c5f6ad0b06d3cd194ce5eb4ba65460fa1a44ce1ed4d8aaa79ef3d65f47654721e1605a6885a18e8c4a81a960d6d8346e7413ad78dd7b64398248358dafbe42d2e8901d8aadab8a93690212d44ba020ad821b61966dfd0a2628d2b44cf170609f6d13eeae6191bf6ffebfeb589c5174a80aabbb4e3f6df00cfe0cf21d4ef083e0f770692b18b97c22fed1687ff1d574b1024aaece0d3b5f7898f5a5d47f599abf23223494f0e89a855ca91ec40b4"], 0x14}, 0x1, 0x0, 0x0, 0x4004055}, 0x400c0c0)
write$auto_evm_xattr_ops_evm_secfs(r2, &(0x7f00000000c0)='.', 0x1)
r6 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0)
getpgid(0xffffffffffffffff)
sendmsg$auto_NL802154_CMD_STOP_BEACONS(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r6, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@NL802154_ATTR_SCAN_DURATION={0x5, 0x24, 0x6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40100)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mprotect$auto(0x8000, 0x8, 0x8)
syz_clone(0x4001000, 0x0, 0x1b, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x4000c, 0xdf, 0xbb72, 0x7, 0x28000)
fadvise64$auto_POSIX_FADV_DONTNEED(r0, 0x400, 0x6, 0x4)
1m49.678573297s ago: executing program 2 (id=5082):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2c01, 0x0)
ioctl$auto_SOUND_MIXER_READ_RECMASK2(r1, 0x80044dfd, &(0x7f00000014c0))
mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0)
r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0)
pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x8, 0x100000001)
semop$auto(0x38c, &(0x7f0000000040)={0x3, 0x4, 0x10}, 0x4)
1m33.763554551s ago: executing program 32 (id=5082):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2c01, 0x0)
ioctl$auto_SOUND_MIXER_READ_RECMASK2(r1, 0x80044dfd, &(0x7f00000014c0))
mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0)
r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0)
pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x8, 0x100000001)
semop$auto(0x38c, &(0x7f0000000040)={0x3, 0x4, 0x10}, 0x4)
1m28.283699186s ago: executing program 0 (id=5144):
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa142, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4004810}, 0x4008815)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x6)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000)
syz_genetlink_get_family_id$auto_nfsd(0x0, r0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
write$auto(0x3, 0x0, 0x101085)
1m27.042509652s ago: executing program 0 (id=5155):
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa142, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4004810}, 0x4008815)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x6)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000)
syz_genetlink_get_family_id$auto_nfsd(0x0, r0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
write$auto(0x3, 0x0, 0x101085)
1m26.060968441s ago: executing program 0 (id=5149):
write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa)
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
r1 = openat$auto_proc_environ_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/environ\x00', 0x2000, 0x0)
read$auto_proc_environ_operations_base(r1, &(0x7f0000000240)=""/80, 0x50)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sr0\x00', 0x60742, 0x0)
lseek$auto(r2, 0x0, 0x4)
mmap$auto(0x1000, 0x6, 0xffffffff, 0xdc, 0xffffffffffffffff, 0x28000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0)
fstat$auto(r3, 0x0)
getcwd$auto(0x0, 0xffffffffffffffff)
r4 = socket(0xa, 0x5, 0x0)
ioctl$auto(r4, 0x8941, 0x8)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0)
openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
1m25.218989837s ago: executing program 0 (id=5157):
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop1\x00', 0x200, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2000000008000)
r0 = socket(0xa, 0x2, 0x0)
socket(0x1d, 0x2, 0x6)
openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/netfs/cookies\x00', 0xd00, 0x0)
socketpair$auto(0x10000005, 0x2, 0x8000000000000000, 0x0)
close_range$auto(0x2, 0x8000, 0x0)
socket(0x18, 0x1, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close_range$auto(0x2, 0x8, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$auto(0x3, 0xae41, r0)
ioctl$auto_KVM_CREATE_VM(r1, 0x4048aecb, 0x0)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
r3 = socket(0x10, 0x2, 0x4)
close_range$auto(0x2, 0x8, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/fs/ocfs2/cluster_stack\x00', 0x88282, 0x0)
write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef)
1m25.058041826s ago: executing program 0 (id=5159):
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0)
socket(0x29, 0x2, 0x0)
select$auto(0x8, &(0x7f0000000340)={[0x7, 0x6, 0xfffc000000000000, 0x6, 0x1, 0x5, 0x8, 0x1ff, 0x9, 0x1, 0x5, 0x81, 0x5, 0x7fff, 0x8]}, 0x0, &(0x7f00000004c0)={[0xe3c6, 0x8, 0x20000000002, 0x8, 0x7, 0x3ff, 0x3, 0xa, 0x0, 0x9, 0x6, 0x1, 0x7a, 0x8, 0x66960ada, 0xffff]}, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socket(0x2, 0x1, 0x0)
select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x2, 0x1000000000009489, 0x3, 0x15f4da0a, 0x1, 0x7, 0x7, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffa]}, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9)
r0 = getpid()
process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100, 0x0)
ioctl$auto(0x3, 0x400454ca, 0x38)
socket(0x2, 0x1, 0x84)
shutdown$auto(0x200000003, 0x2)
mmap$auto(0x0, 0x400008, 0x7, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pread64$auto(r1, 0x0, 0x200000000006, 0x8)
semtimedop$auto(0xf598, 0x0, 0x0, 0x0)
1m24.625108318s ago: executing program 0 (id=5169):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2c01, 0x0)
ioctl$auto_SOUND_MIXER_READ_RECMASK2(r1, 0x80044dfd, &(0x7f00000014c0))
mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0)
r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0)
pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x8, 0x100000001)
semop$auto(0x38c, &(0x7f0000000040)={0x3, 0x4, 0x10}, 0x4)
1m9.230729647s ago: executing program 33 (id=5169):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
listen$auto(0x3, 0x81)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x2c01, 0x0)
ioctl$auto_SOUND_MIXER_READ_RECMASK2(r1, 0x80044dfd, &(0x7f00000014c0))
mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0)
r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0)
pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x8, 0x100000001)
semop$auto(0x38c, &(0x7f0000000040)={0x3, 0x4, 0x10}, 0x4)
29.807672485s ago: executing program 1 (id=5328):
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0x2b, 0x1, 0x0)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000080)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xfffffffd}, 0xffff}, 0x5, 0x20000043)
mmap$auto(0x0, 0x4, 0xf, 0xeb1, 0x401, 0x8002)
madvise$auto(0x4, 0x3, 0x1e)
poll$auto(0x0, 0x7f, 0x9)
recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/serio/drivers/rainshadow-cec/unbind\x00', 0x0, 0x0)
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x228000, 0x0)
mmap$auto(0xd69, 0x68a, 0x0, 0x17, r1, 0xffffffff80000000)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0)
fcntl$auto(0x3, 0x4, 0xa553)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000240)="39198cef1711315e181bccd25f6fcce87acaeb8f3914f768048b3b3ac82bbf289a87b0a673974522d41fca7ec508dca7b76ce8b6dda2064daf5bc834aff359f6e84b4e8790088d3d085dcd9bd632ca1c5d2879aaed8511d7ba520f73dd18363ecb6ce5b80abfd2728c8179a0409bca8cd22056793124498eddfafcff41ff1bafbfed6ee5d0f70a6da2a91977c2c51a13b240b1b53592edb74b787631279f63eec284c9a7486070f36f8c150f094231953e812a2185de60ee753d2a3ad2d12da09d0000efd5374cc2a9566fca3a9e797dadb7841e1a449508de0cc3d800f81735c09fcd54382219cddad3f3d81ec7aa40b68a42fcf4b48e66497ef1", 0x200084c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x4}, 0xdfffffff, 0xc5c)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
mbind$auto(0x8000002000, 0x100000004, 0x1, 0x0, 0xffffffffffffff39, 0x800001)
write$auto(0xffffffffffffffff, 0x0, 0x8587)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7112}, 0x8)
27.764249897s ago: executing program 1 (id=5333):
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0)
pread64$auto(r1, 0x0, 0x800003, 0x270)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x5, 0x109)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r2, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
shmget$auto(0x100000000, 0x3, 0x79e56dc9)
close_range$auto(0x2, 0xa, 0x0)
setsockopt$auto(0x3, 0x0, 0xd0, 0xfffffffffffffffc, 0x4)
26.140462733s ago: executing program 1 (id=5338):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
unshare$auto(0x40000080)
syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0)
sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r0, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000180)={0x2c, r1, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@ETHTOOL_A_CABLE_TEST_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'batadv0\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40480c0}, 0x80)
mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000)
mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000)
socket(0x2, 0x1, 0x106)
connect$auto(0x3, 0x0, 0x54)
socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_clone(0x4100000, 0x0, 0x0, 0x0, 0x0, 0x0)
futex$auto(0x0, 0x86, 0x8, 0x0, 0x0, 0x7)
mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2)
madvise$auto(0x1000000, 0xffffffffffff0006, 0x17)
mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2)
clone$auto(0x0, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6)
23.688871642s ago: executing program 5 (id=5342):
ioctl$auto_FICLONE(0xffffffffffffffff, 0x40049409, 0xffffffffffffffff)
write$auto(0xffffffffffffffff, 0x0, 0x5)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
select$auto(0xe, 0x0, 0x0, &(0x7f0000000000)={[0x1ff, 0x9, 0x8, 0x1, 0x2, 0x4, 0x15f4da0e, 0x100, 0xd08, 0xc, 0x200000000000c, 0x0, 0x6d2f, 0xffffffffffffff00, 0x2, 0x4000000000000d]}, 0x0)
socket(0x2c, 0x1, 0x4004)
getsockopt$auto(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0)
setregid$auto(0xee01, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0)
sendfile$auto(0x3, 0x3, 0x0, 0x400000000006)
mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
fanotify_init$auto(0x5, 0x0)
mmap$auto(0x0, 0x853, 0x2000000000000002, 0xeb1, 0xffffffffffffffff, 0x8000)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_target_scan_time\x00', 0x201, 0x0)
r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/conf/ip6gretap0/accept_source_route\x00', 0x20140, 0x0)
read$auto(r0, 0x0, 0x1ff)
write$auto(0x3, 0x0, 0xfdef)
23.528503011s ago: executing program 1 (id=5344):
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0)
pread64$auto(r1, 0x0, 0x800003, 0x270)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r2, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230)
shmget$auto(0x100000000, 0x3, 0x79e56dc9)
close_range$auto(0x2, 0xa, 0x0)
setsockopt$auto(0x3, 0x0, 0xd0, 0xfffffffffffffffc, 0x4)
22.306898415s ago: executing program 5 (id=5347):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x2, 0x5, 0x0)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
ioctl$auto(0x3, 0x8905, 0x38)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[], 0x70}}, 0x24048084)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0)
pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00', 0x100000002, 0x100000001)
21.441914501s ago: executing program 1 (id=5350):
r0 = socket(0x2, 0x2, 0x88)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x20)
writev$auto(0xffffffffffffffff, 0x0, 0x3)
read$auto_fops_x64_ro_(0xffffffffffffffff, &(0x7f00000001c0)=""/42, 0x2a)
signalfd$auto(0xffffffffffffffff, 0x0, 0xb071)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x44000)
mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
pread64$auto(r1, 0x0, 0x80000000008, 0x8000)
20.314688355s ago: executing program 1 (id=5353):
unshare$auto(0x40000080)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
keyctl$auto(0x40001b, 0x1, 0x0, 0x3, 0x100010006)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1c9282, 0x0)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
lstat$auto(0x0, 0x0)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x200, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0)
r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, 0x0, 0x12a382, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r1, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
eventfd$auto(0x4)
r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x5)
ioctl$auto(r3, 0x4008af20, r2)
r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000001200), 0x20100, 0x0)
ioctl$auto_UI_SET_SNDBIT(r4, 0x4004556a, &(0x7f0000001240)=0x5)
writev$auto(r1, &(0x7f0000000000)={&(0x7f0000000080)="b3a132cf4c2c77b014964b0eed3232e9d2e4af3ef19744d6800eccd5ab328d5d73a855b6162187166fb5866f2fb1b1b1187d1b6517fac16548d1242aa0611c95a18abf1fd13790bffcc7847454692f", 0x100000001}, 0x530)
18.355337584s ago: executing program 5 (id=5357):
openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/008/001\x00', 0x402, 0x0)
write$auto_lowpan_enable_fops_(0xffffffffffffffff, &(0x7f00000000c0), 0x0)
keyctl$auto_KEY_REQKEY_DEFL_NO_CHANGE(0xe, 0xffffffffffffffff, 0x0, 0x0, 0x4)
inotify_init1$auto(0x800)
pipe$auto(0x0)
r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video36\x00', 0x8a603, 0x0)
select$auto(0x3, 0x0, &(0x7f0000000640)={[0x8, 0xc0b, 0x8, 0x5, 0x1005, 0x1, 0xf, 0x1000, 0xb, 0x1, 0xced80000000000, 0x749e, 0x6, 0x0, 0x1, 0x7fffffff]}, 0x0, 0x0)
ioctl$auto(r0, 0x5646, r0)
socket$nl_generic(0x10, 0x3, 0x10)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/fs/ext4/sda1/last_error_block\x00', 0x20880, 0x0)
read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x40000, 0x0)
ioctl$auto_IOC_PR_RESERVE(r2, 0x401070c9, 0x0)
syz_genetlink_get_family_id$auto_macsec(&(0x7f00000000c0), 0xffffffffffffffff)
close_range$auto(0x2, 0xffffffffffffffff, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
open(0x0, 0x22240, 0x55)
openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0)
sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000005c0)={&(0x7f00000004c0)={0x54, 0x0, 0x100, 0x270bd26, 0x25dfdbfc, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x4}, @ETHTOOL_A_CHANNELS_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x1)
17.043777441s ago: executing program 5 (id=5361):
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x100, 0x0)
openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0)
openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x143b42, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
io_uring_setup$auto(0x2, 0x0)
r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x183941, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, 0x0, 0x1541, 0x0)
socketpair$auto(0x5b, 0x1, 0x420000, 0x0)
r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0)
ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0)
ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0)
16.526970812s ago: executing program 5 (id=5362):
write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9)
mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000)
r0 = socket(0xa, 0x3, 0x3b)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}})
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
close_range$auto(0x2, 0xa, 0x0)
socket(0xa, 0x2, 0x0)
r1 = socket(0xa, 0x3, 0xff)
connect$auto(r1, &(0x7f00000018c0)=@generic={0xa}, 0x55)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe)
write$auto_proc_mem_operations_base(0xffffffffffffffff, 0x0, 0x0)
syz_clone3(0x0, 0x0)
madvise$auto(0x1ffff000, 0x7, 0x100000000)
mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000)
io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}})
syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0)
futex_wake$auto(&(0x7f0000000000)="facff2b53ab3522cb329b5a87bdbc091f5a6ad597f2789e870d64db4cf6503135f5a750abc973b65703b664991ab45d13445d9c4df1d25210345f44468854c9689b943d1c65073bf11fd0c98", 0xfffffffffffffff8, 0xfff, 0x7f)
shmget$auto(0x8, 0x10563, 0x568d1af2)
14.425759948s ago: executing program 5 (id=5367):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400284, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0)
unshare$auto(0x40000080)
setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800)
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000)
sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB], 0x5c}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50)
openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x10540, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0)
ioctl$auto(0xc8, 0x400454cb, 0xffffffffffffffff)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0)
9.763649856s ago: executing program 4 (id=5378):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x2, 0x5, 0x0)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
ioctl$auto(0x3, 0x8905, 0x38)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[], 0x70}}, 0x24048084)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0)
pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00', 0x100000002, 0x100000001)
7.920651799s ago: executing program 4 (id=5380):
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa142, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4004810}, 0x4008815)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x6)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(r0, 0x0, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000)
syz_genetlink_get_family_id$auto_nfsd(0x0, r0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
write$auto(0x3, 0x0, 0x101085)
6.98933586s ago: executing program 4 (id=5382):
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
madvise$auto(0x0, 0xffffffffffff0005, 0x17)
r0 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0)
write$auto_ftrace_subsystem_filter_fops_trace_events(r0, &(0x7f0000000240)="8f0447fef2afea7e35a0274f508a73119aff3bc0528f45fd27fea1bb4baa95f757cf9e57a14e04353736f4a23ce2a531c678ed7d6d28d43aaea2a69abe3e93453380adf35653f5875227ce319330afe5e4cc7601a8eccbb3729f9869ca35edaf6343e41fe91304ef53273ed0943b28e00e9c2f919d54fe990911e4c265c3d23eb66229", 0x83)
syz_clone3(&(0x7f0000000100)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mmap$auto(0x8000000000000001, 0x2020009, 0x3, 0x1fb, 0xfffffffffffffffa, 0xc000000000000)
r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
write$auto(r1, 0x0, 0x2)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/i8042/serio0/err_count\x00', 0x800, 0x0)
r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop4\x00', 0x60742, 0x0)
ioctl$auto_BLKZEROOUT(r2, 0x127f, 0x0)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff)
madvise$auto(0x0, 0x2000000080000001, 0x3)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
write$auto_tap_fops_tap(r3, &(0x7f0000000000)="c6c45342f36d76e12eaa55e1d6f56e36b2641f6f81fa48a1243798eb218435a659637ceb5ff4b2089e31", 0x2a)
shutdown$auto(r3, 0x3)
r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/slab/kmalloc-64/total_objects\x00', 0x80000, 0x0)
read$auto(r4, 0x0, 0x2)
5.95424582s ago: executing program 3 (id=5384):
mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x80002, 0x73)
socket(0xa, 0x1, 0x84)
mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000)
openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, 0x0, 0x101000, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket(0x2, 0x1, 0x106)
r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9)
sysfs$auto(0x2, 0x23, 0x0)
r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0)
syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r0)
fchmod$auto(r2, 0x8)
setreuid$auto(0x4, 0x8)
mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4)
write$auto(r3, 0x0, 0x4)
bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a)
openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0)
shutdown$auto(0x200000003, 0x2)
5.788517959s ago: executing program 3 (id=5385):
mmap$auto(0x0, 0x400408, 0xdf, 0x9b72, 0x2, 0x8000)
r0 = socket(0xa, 0x80002, 0x73)
sendmmsg$auto(r0, &(0x7f0000000200)={{&(0x7f0000000000), 0x3ff, 0x0, 0x9, 0x0, 0x4, 0x24000000}, 0x5}, 0x2, 0x2)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
io_uring_setup$auto(0x23, 0x0)
setsockopt$auto(0xffffffffffffffff, 0x10e, 0x1, 0x0, 0xe)
openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$auto(0xffffffffffffffff, 0x4b40, 0x1)
close_range$auto(0x2, 0x8, 0x0)
socket(0xa, 0x5, 0x84)
socket(0xa, 0x3, 0x3a)
setsockopt$auto(0x400000000000003, 0x29, 0xd0, 0x0, 0x4)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/snd_aloop.0/sound/card1/id\x00', 0x4aa22, 0x0)
mmap$auto(0x0, 0x2000f, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
io_getevents$auto(0x24, 0xffffffff, 0x4, 0x0, 0xfffffffffffffffd)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000380), 0xffffffffffffffff)
sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x14, r2, 0xf25, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4044054)
r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20002, 0x0)
ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, 0x0)
writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8)
5.637979829s ago: executing program 4 (id=5386):
r0 = socket(0xf, 0x3, 0x2)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/oom_adj\x00', 0x980, 0x0)
read$auto(r1, 0x0, 0x4)
r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0)
writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3)
openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0)
r3 = ioctl$auto_NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0)
bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, 0x0, 0x6)
process_madvise$auto_MADV_DOFORK(0xffffffffffffffff, 0x0, 0x0, 0xb, 0x9)
unshare$auto(0x6c000000)
r4 = getgid()
setregid$auto(0x0, r4)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0)
write$auto(0x3, 0x0, 0xfffffdef)
syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff)
read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000540)=""/150, 0x96)
syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r0)
sendmsg$auto_NETDEV_CMD_NAPI_GET(r3, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20044800}, 0x20000001)
5.590152906s ago: executing program 3 (id=5387):
mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000)
openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0)
socket(0x29, 0x2, 0x0)
select$auto(0x8, &(0x7f0000000340)={[0x7, 0x6, 0xfffc000000000000, 0x6, 0x1, 0x5, 0x8, 0x1ff, 0x9, 0x1, 0x5, 0x81, 0x5, 0x7fff, 0x8]}, 0x0, &(0x7f00000004c0)={[0xe3c6, 0x8, 0x20000000002, 0x8, 0x7, 0x3ff, 0x3, 0xa, 0x0, 0x9, 0x6, 0x1, 0x7a, 0x8, 0x66960ada, 0xffff]}, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
socket(0x2, 0x1, 0x0)
select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x0, 0xd, 0x2, 0x1000000000009489, 0x3, 0x15f4da0a, 0x1, 0x7, 0x7, 0x80000001, 0x4, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffa]}, 0x0)
write$auto(0xffffffffffffffff, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9)
r0 = getpid()
process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0)
ioctl$auto(0x3, 0x400454ca, 0x38)
socket(0x2, 0x1, 0x84)
shutdown$auto(0x200000003, 0x2)
mmap$auto(0x0, 0x400008, 0x7, 0x9b72, 0x2, 0x8000)
close_range$auto(0x2, 0x8, 0x0)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pread64$auto(r1, 0x0, 0x200000000006, 0x8)
mmap$auto(0x0, 0x5, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000)
semtimedop$auto(0xf598, 0x0, 0x0, 0x0)
4.863344505s ago: executing program 34 (id=5353):
unshare$auto(0x40000080)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
keyctl$auto(0x40001b, 0x1, 0x0, 0x3, 0x100010006)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1c9282, 0x0)
mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
lstat$auto(0x0, 0x0)
r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x200, 0x0)
read$auto_proc_reg_file_ops_compat_inode(r0, 0x0, 0x0)
r1 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, 0x0, 0x12a382, 0x0)
write$auto_split_huge_pages_fops_huge_memory(r1, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
close_range$auto(0x0, 0xfffffffffffff000, 0x2)
eventfd$auto(0x4)
r2 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0)
r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x5)
ioctl$auto(r3, 0x4008af20, r2)
r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000001200), 0x20100, 0x0)
ioctl$auto_UI_SET_SNDBIT(r4, 0x4004556a, &(0x7f0000001240)=0x5)
writev$auto(r1, &(0x7f0000000000)={&(0x7f0000000080)="b3a132cf4c2c77b014964b0eed3232e9d2e4af3ef19744d6800eccd5ab328d5d73a855b6162187166fb5866f2fb1b1b1187d1b6517fac16548d1242aa0611c95a18abf1fd13790bffcc7847454692f", 0x100000001}, 0x530)
2.670445362s ago: executing program 6 (id=5388):
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
pread64$auto(0xffffffffffffffff, 0x0, 0x800003, 0x270)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x5, 0x109)
r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r1, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230)
shmget$auto(0x100000000, 0x3, 0x79e56dc9)
close_range$auto(0x2, 0xa, 0x0)
setsockopt$auto(0x3, 0x0, 0xd0, 0xfffffffffffffffc, 0x4)
2.669626975s ago: executing program 4 (id=5396):
r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000)
socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6)
syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5)
statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0)
pread64$auto(r1, 0x0, 0x800003, 0x270)
socket(0x2, 0x5, 0x109)
r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x80011, 0x0)
write$auto_seq_oss_f_ops_seq_oss(r2, 0x0, 0x0)
sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230)
shmget$auto(0x100000000, 0x3, 0x79e56dc9)
close_range$auto(0x2, 0xa, 0x0)
setsockopt$auto(0x3, 0x0, 0xd0, 0xfffffffffffffffc, 0x4)
2.668915397s ago: executing program 3 (id=5397):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
write$auto(0xffffffffffffffff, 0x0, 0xdda)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
unshare$auto(0x1)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x80802, 0x0)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
unshare$auto(0x3)
write$auto(r0, &(0x7f0000000000)='//\xf2\x00', 0x80000000)
mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0)
adjtimex$auto(0x0)
open(0x0, 0x261c2, 0x84)
1.925750427s ago: executing program 6 (id=5389):
unshare$auto(0x40000080)
r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9)
socket(0x2, 0x5, 0x0)
setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9)
ioctl$auto(0x3, 0x8905, 0x38)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff)
madvise$auto(0x0, 0xffffffffffff0005, 0x19)
madvise$auto(0x0, 0x2003f2, 0x15)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)=ANY=[], 0x70}}, 0x24048084)
madvise$auto(0x0, 0x200007, 0x19)
openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x1, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0)
r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0)
ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0)
r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0)
pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\x00\x00\x00\x00\x00', 0x100000002, 0x100000001)
1.803471715s ago: executing program 3 (id=5390):
openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0)
openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa142, 0x0)
select$auto(0xe, 0x0, 0x0, 0x0, 0x0)
mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000)
sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x4004810}, 0x4008815)
close_range$auto(0x2, 0x8, 0x0)
socket(0x2, 0x3, 0x6)
r0 = socket(0x2, 0x1, 0x0)
bind$auto(r0, 0x0, 0x6a)
sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000)
syz_genetlink_get_family_id$auto_nfsd(0x0, r0)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7)
mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000)
setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9)
write$auto(0x3, 0x0, 0x101085)
834.936998ms ago: executing program 3 (id=5391):
unshare$auto(0x40000080)
r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0)
sendfile$auto(r0, r0, 0x0, 0x2)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
madvise$auto(0x0, 0xffffffffffff0001, 0x15)
mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000)
bpf$auto(0x11, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0xa, 0x6}, 0xcf)
sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000)
sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0xfffffffd, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008)
r1 = socket(0x29, 0x2, 0x0)
r2 = socket(0x10, 0x2, 0x0)
sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000)
recvmmsg$auto(r2, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0)
ioctl$auto(r1, 0x89f0, 0x24)
r3 = socket(0x29, 0x2, 0x0)
ioctl$auto(r3, 0x89f3, 0x24)
fanotify_mark$auto(0xffffffffffffffff, 0x4, 0x4, 0xffffffffffffffff, 0x0)
close_range$auto(0x2, 0x8, 0x0)
syslog$auto_SYSLOG_ACTION_CLEAR(0x9, &(0x7f0000000040)='/dev/input/event2\x00', 0x4)
shmctl$auto_IPC_SET(0x8, 0x1, &(0x7f00000000c0)={{0x1ff, 0xee00, 0xee01, 0xe, 0x2, 0x2, 0x3}, 0x4, 0x7, 0x2, 0x6, @raw=0x7, @raw=0x7fff, 0x7, 0x0, &(0x7f0000000180)="126d289da8d3b217a0f1779dd34170dda041017970990579761b076012962b196b874a7cbd589af88c8122b51b13b49f780885337c7ce1ef8723a12cf409fc3ee743a7f0dcfd7d42d8dc03bb488f8de24b1108bd160be8268d97d496d5886c76cb951c5dfae47b43ac806ff37563471c5a69e4903b2b17e57a12a3d56b844000c608a568440d905c9f4d969f4fb37bd99e7ebb1fed3747dc254d2000724a7972ed39b0c091ddc60734183cd3470b58f37e8e4b0bc95935786c84469f94952d9c97d1e80cf1177aef4029", &(0x7f0000000080)="4fc0a77e5cb9b9ed1319ed152b180a0183a745647de1ebf26ecbc95dc56eda89"})
mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0)
834.007183ms ago: executing program 4 (id=5401):
mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000)
write$auto(0xffffffffffffffff, 0x0, 0xdda)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0)
unshare$auto(0x1)
openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0)
mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000)
io_uring_setup$auto(0x1, 0x0)
mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000)
socket(0x2, 0x80802, 0x0)
ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
close_range$auto(0x2, 0x8, 0x0)
memfd_create$auto(0x0, 0xe)
r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0)
unshare$auto(0x3)
write$auto(r0, &(0x7f0000000000)='//\xf2\x00', 0x80000000)
mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0)
adjtimex$auto(0x0)
open(0x0, 0x261c2, 0x84)
0s ago: executing program 6 (id=5392):
r0 = socket(0x2, 0x2, 0x88)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000)
read$auto(0xffffffffffffffff, 0x0, 0x20)
writev$auto(0xffffffffffffffff, 0x0, 0x3)
read$auto_fops_x64_ro_(0xffffffffffffffff, &(0x7f00000001c0)=""/42, 0x2a)
signalfd$auto(0xffffffffffffffff, 0x0, 0xb071)
bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a)
sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x44000)
mmap$auto(0x0, 0x2020009, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000)
connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54)
mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000)
write$auto(0x3, 0x0, 0xffd8)
mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000)
connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58)
prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0)
recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0)
sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000)
r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/kallsyms\x00', 0x20100, 0x0)
pread64$auto(r1, 0x0, 0x80000000008, 0x8000)
kernel console output (not intermixed with test programs):
576.311004][T14830] bridge_slave_1: left allmulticast mode
[ 576.377925][T14830] bridge_slave_1: left promiscuous mode
[ 576.415179][T14830] bridge0: port 2(bridge_slave_1) entered disabled state
[ 576.447041][T14830] bridge_slave_0: left allmulticast mode
[ 576.464720][T14830] bridge_slave_0: left promiscuous mode
[ 576.482523][T14830] bridge0: port 1(bridge_slave_0) entered disabled state
[ 578.677927][T14870] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3013'.
[ 579.122826][T14873] netlink: 54 bytes leftover after parsing attributes in process `syz.0.3015'.
[ 580.234184][T14885] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3020'.
[ 581.569323][T14914] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3028'.
[ 583.415362][T14936] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3034'.
[ 583.469716][T14939] netlink: 338 bytes leftover after parsing attributes in process `syz.3.3034'.
[ 586.506524][T14975] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3044'.
[ 586.528961][T14977] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3044'.
[ 586.620255][T14978] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3044'.
[ 586.752696][T14976] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3045'.
[ 589.606668][T15021] netlink: 'syz.3.3059': attribute type 16 has an invalid length.
[ 589.636028][T15021] netlink: 226 bytes leftover after parsing attributes in process `syz.3.3059'.
[ 590.057838][T15025] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3061'.
[ 590.074159][T15025] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3061'.
[ 591.709954][T15048] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3068'.
[ 598.103861][T15132] netlink: 13 bytes leftover after parsing attributes in process `syz.1.3095'.
[ 599.683175][T15144] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3099'.
[ 599.790936][T15148] netlink: 'syz.2.3099': attribute type 1 has an invalid length.
[ 599.837163][T15148] netlink: 13 bytes leftover after parsing attributes in process `syz.2.3099'.
[ 612.375893][T15249] netlink: 'syz.0.3120': attribute type 21 has an invalid length.
[ 612.384408][T15249] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3120'.
[ 613.778215][T15258] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3124'.
[ 614.019521][T15260] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3125'.
[ 616.365334][T15286] netlink: 'syz.1.3134': attribute type 5 has an invalid length.
[ 616.425112][T15287] netlink: 'syz.1.3134': attribute type 5 has an invalid length.
[ 616.482423][T15286] netlink: 'syz.1.3134': attribute type 1 has an invalid length.
[ 616.572993][T15287] netlink: 'syz.1.3134': attribute type 1 has an invalid length.
[ 616.580849][T15287] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3134'.
[ 616.582637][T15286] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3134'.
[ 617.310188][T15298] sp0: Synchronizing with TNC
[ 622.646126][T15338] FAULT_INJECTION: forcing a failure.
[ 622.646126][T15338] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 622.732256][T15338] CPU: 0 UID: 0 PID: 15338 Comm: syz.2.3149 Tainted: G L syzkaller #0 PREEMPT(full)
[ 622.732311][T15338] Tainted: [L]=SOFTLOCKUP
[ 622.732322][T15338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 622.732342][T15338] Call Trace:
[ 622.732353][T15338]
[ 622.732366][T15338] dump_stack_lvl+0x100/0x190
[ 622.732428][T15338] should_fail_ex.cold+0x5/0xa
[ 622.732462][T15338] ? prepare_alloc_pages+0x16d/0x5f0
[ 622.732505][T15338] should_fail_alloc_page+0xeb/0x140
[ 622.732546][T15338] prepare_alloc_pages+0x1f0/0x5f0
[ 622.732583][T15338] ? rcu_is_watching+0x12/0xc0
[ 622.732641][T15338] __alloc_frozen_pages_noprof+0x19a/0x2ba0
[ 622.732694][T15338] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0
[ 622.732748][T15338] ? __pfx_css_rstat_updated+0x10/0x10
[ 622.732816][T15338] ? find_held_lock+0x2b/0x80
[ 622.732849][T15338] ? rcu_read_unlock+0x17/0x60
[ 622.732885][T15338] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 622.732935][T15338] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 622.732987][T15338] ? page_counter_charge+0x1d2/0x240
[ 622.733035][T15338] ? rcu_is_watching+0x12/0xc0
[ 622.733086][T15338] ? trace_mm_page_alloc+0x17a/0x1d0
[ 622.733143][T15338] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 622.733204][T15338] ? policy_nodemask+0xed/0x4f0
[ 622.733243][T15338] alloc_pages_mpol+0x1fb/0x550
[ 622.733282][T15338] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 622.733319][T15338] ? do_raw_spin_lock+0x128/0x260
[ 622.733367][T15338] ? find_held_lock+0x2b/0x80
[ 622.733397][T15338] ? __pud_alloc+0x529/0x6e0
[ 622.733441][T15338] alloc_pages_noprof+0x131/0x390
[ 622.733479][T15338] __pmd_alloc+0x3b/0x950
[ 622.733514][T15338] ? __pud_alloc+0x52e/0x6e0
[ 622.733556][T15338] walk_to_pmd+0x3a3/0x4c0
[ 622.733600][T15338] get_locked_pte+0x25/0xc0
[ 622.733642][T15338] map_ldt_struct+0x3c1/0xa70
[ 622.733688][T15338] ? __pfx_map_ldt_struct+0x10/0x10
[ 622.733721][T15338] ? alloc_pages_noprof+0x233/0x390
[ 622.733776][T15338] write_ldt+0x6d3/0xd40
[ 622.733818][T15338] ? __pfx_write_ldt+0x10/0x10
[ 622.733853][T15338] ? xfd_validate_state+0x129/0x190
[ 622.733913][T15338] __x64_sys_modify_ldt+0xb1/0x170
[ 622.733949][T15338] do_syscall_64+0x106/0xf80
[ 622.733998][T15338] ? clear_bhb_loop+0x40/0x90
[ 622.734042][T15338] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 622.734077][T15338] RIP: 0033:0x7fe3f659c799
[ 622.734104][T15338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 622.734139][T15338] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a
[ 622.734171][T15338] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 622.734193][T15338] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001
[ 622.734214][T15338] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 622.734233][T15338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 622.734253][T15338] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 622.734295][T15338]
[ 623.152231][ T29] audit: type=1800 audit(2147483661.930:14): pid=15341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3149" name="trace_marker" dev="tracefs" ino=3260 res=0 errno=0
[ 624.285191][T15352] netlink: 202 bytes leftover after parsing attributes in process `syz.1.3152'.
[ 624.368209][T15354] netlink: 'syz.2.3154': attribute type 4 has an invalid length.
[ 624.402507][T15354] netlink: 'syz.2.3154': attribute type 32 has an invalid length.
[ 624.463245][T15354] netlink: 46 bytes leftover after parsing attributes in process `syz.2.3154'.
[ 624.803761][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 624.810762][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 628.132644][ T5833] Bluetooth: hci1: unexpected event 0x1d length: 6 > 5
[ 628.794997][T15400] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3177'.
[ 628.847045][T15403] netlink: 13 bytes leftover after parsing attributes in process `syz.0.3177'.
[ 630.824737][T15431] netlink: 13 bytes leftover after parsing attributes in process `syz.0.3178'.
[ 631.418073][T15438] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3179'.
[ 632.906608][ T5833] Bluetooth: hci3: ACL packet too small
[ 635.463269][T15482] tipc: Withdrawal distribution failure
[ 637.831365][T15488] kexec: Could not allocate control_code_buffer
[ 640.643278][ T29] audit: type=1800 audit(2147483679.450:15): pid=15531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3205" name="nullb0" dev="tmpfs" ino=1853 res=0 errno=0
[ 642.209388][T15557] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3212'.
[ 642.247069][T15557] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3212'.
[ 643.793135][T15571] FAULT_INJECTION: forcing a failure.
[ 643.793135][T15571] name failslab, interval 1, probability 0, space 0, times 0
[ 643.834433][T15571] CPU: 0 UID: 0 PID: 15571 Comm: syz.2.3215 Tainted: G L syzkaller #0 PREEMPT(full)
[ 643.834487][T15571] Tainted: [L]=SOFTLOCKUP
[ 643.834500][T15571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 643.834519][T15571] Call Trace:
[ 643.834529][T15571]
[ 643.834542][T15571] dump_stack_lvl+0x100/0x190
[ 643.834600][T15571] should_fail_ex.cold+0x5/0xa
[ 643.834638][T15571] should_failslab+0xc2/0x120
[ 643.834675][T15571] __kvmalloc_node_noprof+0xfa/0xa00
[ 643.834728][T15571] ? bucket_table_alloc.isra.0+0x88/0x460
[ 643.834799][T15571] bucket_table_alloc.isra.0+0x88/0x460
[ 643.834872][T15571] rhashtable_init_noprof+0x43b/0x7d0
[ 643.834904][T15571] ? __init_waitqueue_head+0xca/0x150
[ 643.834961][T15571] rhltable_init_noprof+0x20/0x60
[ 643.834994][T15571] sta_info_init+0x5f/0x160
[ 643.835159][T15571] ieee80211_alloc_hw_nm+0x836/0x22a0
[ 643.835251][T15571] mac80211_hwsim_new_radio+0x1e1/0x57d0
[ 643.835409][T15571] ? __asan_memset+0x23/0x50
[ 643.835459][T15571] ? __nla_validate_parse+0x1e7/0x28b0
[ 643.835511][T15571] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10
[ 643.835580][T15571] hwsim_new_radio_nl+0xc1f/0x1340
[ 643.835637][T15571] ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 643.835758][T15571] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280
[ 643.835798][T15571] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280
[ 643.835857][T15571] genl_family_rcv_msg_doit+0x214/0x300
[ 643.835898][T15571] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 643.835934][T15571] ? genl_get_cmd+0x3ef/0x720
[ 643.835999][T15571] ? bpf_lsm_capable+0x9/0x10
[ 643.836059][T15571] ? security_capable+0x80/0x260
[ 643.836156][T15571] ? ns_capable+0xd2/0xf0
[ 643.836193][T15571] genl_rcv_msg+0x560/0x800
[ 643.836232][T15571] ? __pfx_genl_rcv_msg+0x10/0x10
[ 643.836268][T15571] ? __pfx_hwsim_new_radio_nl+0x10/0x10
[ 643.836337][T15571] netlink_rcv_skb+0x159/0x420
[ 643.836390][T15571] ? __pfx_genl_rcv_msg+0x10/0x10
[ 643.836427][T15571] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 643.836492][T15571] ? netlink_deliver_tap+0x1ae/0xcc0
[ 643.836542][T15571] genl_rcv+0x28/0x40
[ 643.836569][T15571] netlink_unicast+0x5aa/0x870
[ 643.836626][T15571] ? __pfx_netlink_unicast+0x10/0x10
[ 643.836689][T15571] netlink_sendmsg+0x8b0/0xda0
[ 643.836748][T15571] ? __pfx_netlink_sendmsg+0x10/0x10
[ 643.836799][T15571] ? __import_iovec+0x1d2/0x640
[ 643.836854][T15571] ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[ 643.836909][T15571] ____sys_sendmsg+0x9e1/0xb70
[ 643.836939][T15571] ? __pfx_netlink_sendmsg+0x10/0x10
[ 643.836992][T15571] ? __pfx_____sys_sendmsg+0x10/0x10
[ 643.837036][T15571] ? try_to_wake_up+0x644/0x1a80
[ 643.837081][T15571] ___sys_sendmsg+0x190/0x1e0
[ 643.837122][T15571] ? __pfx____sys_sendmsg+0x10/0x10
[ 643.837157][T15571] ? futex_private_hash_put+0x107/0x1c0
[ 643.837249][T15571] __sys_sendmsg+0x170/0x220
[ 643.837297][T15571] ? __pfx___sys_sendmsg+0x10/0x10
[ 643.837357][T15571] ? sched_clock+0x38/0x60
[ 643.837415][T15571] ? trace_csd_function_exit+0x73/0x210
[ 643.837460][T15571] do_syscall_64+0x106/0xf80
[ 643.837508][T15571] ? clear_bhb_loop+0x40/0x90
[ 643.837551][T15571] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 643.837585][T15571] RIP: 0033:0x7fe3f659c799
[ 643.837610][T15571] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 643.837645][T15571] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 643.837681][T15571] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 643.837704][T15571] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000007
[ 643.837724][T15571] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 643.837744][T15571] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 643.837764][T15571] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 643.837807][T15571]
[ 644.685740][T15582] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3217'.
[ 648.502212][ T5833] Bluetooth: hci0: ACL packet too small
[ 649.443435][T15630] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3230'.
[ 649.471241][T15630] netlink: 13 bytes leftover after parsing attributes in process `syz.2.3230'.
[ 649.807996][T15634] netlink: 'syz.1.3231': attribute type 10 has an invalid length.
[ 649.816495][T15634] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3231'.
[ 652.153936][T15670] netlink: 'syz.0.3243': attribute type 10 has an invalid length.
[ 652.212687][T15670] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3243'.
[ 652.263302][T15673] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3244'.
[ 652.277473][T15673] netlink: 17 bytes leftover after parsing attributes in process `syz.1.3244'.
[ 653.143590][ T5833] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260
[ 653.143685][ T5833] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260
[ 653.160811][ T5833] Bluetooth: hci1: Unknown advertising packet type: 0x7f
[ 653.160859][ T5833] Bluetooth: hci1: adv larger than maximum supported
[ 653.168299][ T5833] Bluetooth: hci1: adv larger than maximum supported
[ 653.175307][ T5833] Bluetooth: hci1: Malformed LE Event: 0x0d
[ 659.341305][T15768] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3272'.
[ 659.404955][T15770] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3272'.
[ 659.589458][T15770] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3272'.
[ 659.685316][T15768] netlink: 314 bytes leftover after parsing attributes in process `syz.2.3272'.
[ 659.742474][T15770] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3272'.
[ 659.824574][T15770] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3272'.
[ 659.933135][T15770] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3272'.
[ 660.032519][T15770] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3272'.
[ 660.102489][T15770] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3272'.
[ 661.772766][T15798] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3280'.
[ 663.043089][T15811] FAULT_INJECTION: forcing a failure.
[ 663.043089][T15811] name failslab, interval 1, probability 0, space 0, times 0
[ 663.103887][T15811] CPU: 1 UID: 0 PID: 15811 Comm: syz.2.3285 Tainted: G L syzkaller #0 PREEMPT(full)
[ 663.103940][T15811] Tainted: [L]=SOFTLOCKUP
[ 663.103951][T15811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 663.103971][T15811] Call Trace:
[ 663.103982][T15811]
[ 663.103995][T15811] dump_stack_lvl+0x100/0x190
[ 663.104064][T15811] should_fail_ex.cold+0x5/0xa
[ 663.104106][T15811] should_failslab+0xc2/0x120
[ 663.104144][T15811] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 663.104195][T15811] ? alloc_empty_file+0x55/0x1c0
[ 663.104238][T15811] ? __pfx_stack_trace_save+0x10/0x10
[ 663.104279][T15811] alloc_empty_file+0x55/0x1c0
[ 663.104340][T15811] path_openat+0xe8/0x31a0
[ 663.104372][T15811] ? kasan_save_stack+0x3f/0x50
[ 663.104424][T15811] ? kasan_save_stack+0x30/0x50
[ 663.104471][T15811] ? kasan_save_track+0x14/0x30
[ 663.104519][T15811] ? __kasan_slab_alloc+0x89/0x90
[ 663.104549][T15811] ? kmem_cache_alloc_noprof+0x241/0x6e0
[ 663.104597][T15811] ? do_getname+0x35/0x390
[ 663.104636][T15811] ? do_sys_openat2+0xc5/0x1e0
[ 663.104679][T15811] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 663.104720][T15811] ? __pfx_path_openat+0x10/0x10
[ 663.104772][T15811] do_file_open+0x20e/0x430
[ 663.104810][T15811] ? __pfx_do_file_open+0x10/0x10
[ 663.104877][T15811] ? alloc_fd+0x476/0x790
[ 663.104913][T15811] ? do_getname+0x191/0x390
[ 663.104958][T15811] do_sys_openat2+0x10d/0x1e0
[ 663.105003][T15811] ? __pfx_do_sys_openat2+0x10/0x10
[ 663.105073][T15811] __x64_sys_openat+0x12d/0x210
[ 663.105119][T15811] ? __pfx___x64_sys_openat+0x10/0x10
[ 663.105181][T15811] do_syscall_64+0x106/0xf80
[ 663.105229][T15811] ? clear_bhb_loop+0x40/0x90
[ 663.105270][T15811] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 663.105306][T15811] RIP: 0033:0x7fe3f659c799
[ 663.105335][T15811] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 663.105368][T15811] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[ 663.105400][T15811] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 663.105421][T15811] RDX: 0000000000080201 RSI: 0000000000000000 RDI: ffffffffffffff9c
[ 663.105441][T15811] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 663.105461][T15811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 663.105480][T15811] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 663.105525][T15811]
[ 665.963041][T15841] __nla_validate_parse: 1 callbacks suppressed
[ 665.963070][T15841] netlink: 306 bytes leftover after parsing attributes in process `syz.2.3291'.
[ 666.617729][T15844] FAULT_INJECTION: forcing a failure.
[ 666.617729][T15844] name fail_futex, interval 1, probability 0, space 0, times 0
[ 666.703493][T15844] CPU: 1 UID: 0 PID: 15844 Comm: syz.2.3292 Tainted: G L syzkaller #0 PREEMPT(full)
[ 666.703549][T15844] Tainted: [L]=SOFTLOCKUP
[ 666.703560][T15844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 666.703584][T15844] Call Trace:
[ 666.703596][T15844]
[ 666.703617][T15844] dump_stack_lvl+0x100/0x190
[ 666.703675][T15844] should_fail_ex.cold+0x5/0xa
[ 666.703715][T15844] get_futex_key+0x1d2/0x1620
[ 666.703763][T15844] ? __pfx_get_futex_key+0x10/0x10
[ 666.703800][T15844] ? lockdep_hardirqs_on+0x78/0x100
[ 666.703854][T15844] ? fcntl_setlk+0x4f4/0xe40
[ 666.703889][T15844] ? kmem_cache_free+0x124/0x6a0
[ 666.703942][T15844] futex_wake+0xea/0x530
[ 666.704008][T15844] ? fcntl_setlk+0x4f9/0xe40
[ 666.704048][T15844] ? __pfx_futex_wake+0x10/0x10
[ 666.704095][T15844] ? __pfx_fcntl_setlk+0x10/0x10
[ 666.704138][T15844] ? __might_fault+0xc5/0x140
[ 666.704184][T15844] ? __might_fault+0xc5/0x140
[ 666.704240][T15844] do_futex+0x32b/0x350
[ 666.704284][T15844] ? __pfx_do_futex+0x10/0x10
[ 666.704328][T15844] ? do_fcntl+0x811/0x1670
[ 666.704378][T15844] __x64_sys_futex+0x34f/0x4d0
[ 666.704431][T15844] ? __pfx___x64_sys_futex+0x10/0x10
[ 666.704474][T15844] ? tomoyo_file_fcntl+0x6c/0xc0
[ 666.704539][T15844] do_syscall_64+0x106/0xf80
[ 666.704584][T15844] ? clear_bhb_loop+0x40/0x90
[ 666.704635][T15844] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 666.704671][T15844] RIP: 0033:0x7fe3f659c799
[ 666.704700][T15844] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 666.704733][T15844] RSP: 002b:00007fe3f737e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 666.704766][T15844] RAX: ffffffffffffffda RBX: 00007fe3f6815fa8 RCX: 00007fe3f659c799
[ 666.704789][T15844] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe3f6815fac
[ 666.704809][T15844] RBP: 00007fe3f6815fa0 R08: 0000000000000000 R09: 0000000000000000
[ 666.704828][T15844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 666.704847][T15844] R13: 00007fe3f6816038 R14: 00007ffdf9131ea0 R15: 00007ffdf9131f88
[ 666.704891][T15844]
[ 669.302251][T15880] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3305'.
[ 669.678373][T15881] netlink: 'syz.1.3305': attribute type 1 has an invalid length.
[ 669.686571][T15881] netlink: 'syz.1.3305': attribute type 6 has an invalid length.
[ 671.585174][T15899] FAULT_INJECTION: forcing a failure.
[ 671.585174][T15899] name failslab, interval 1, probability 0, space 0, times 0
[ 671.642159][T15899] CPU: 0 UID: 0 PID: 15899 Comm: syz.2.3310 Tainted: G L syzkaller #0 PREEMPT(full)
[ 671.642217][T15899] Tainted: [L]=SOFTLOCKUP
[ 671.642230][T15899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 671.642250][T15899] Call Trace:
[ 671.642261][T15899]
[ 671.642274][T15899] dump_stack_lvl+0x100/0x190
[ 671.642329][T15899] should_fail_ex.cold+0x5/0xa
[ 671.642364][T15899] should_failslab+0xc2/0x120
[ 671.642394][T15899] kmem_cache_alloc_node_noprof+0x81/0x6f0
[ 671.642441][T15899] ? alloc_unbound_pwq+0x3ff/0xdd0
[ 671.642482][T15899] alloc_unbound_pwq+0x3ff/0xdd0
[ 671.642520][T15899] apply_wqattrs_prepare+0x3aa/0xbb0
[ 671.642563][T15899] apply_workqueue_attrs_locked+0x64/0xe0
[ 671.642595][T15899] __alloc_workqueue+0x1111/0x1880
[ 671.642642][T15899] alloc_workqueue_noprof+0xd2/0x200
[ 671.642688][T15899] ? __pfx_alloc_workqueue_noprof+0x10/0x10
[ 671.642727][T15899] ? kobject_init+0x159/0x1b0
[ 671.642897][T15899] ? __alloc_disk_node+0x4d8/0x6b0
[ 671.642982][T15899] nbd_dev_add+0x51a/0xb10
[ 671.643093][T15899] ? find_held_lock+0x2b/0x80
[ 671.643121][T15899] ? __pfx_nbd_dev_add+0x10/0x10
[ 671.643167][T15899] ? nbd_genl_connect+0x131a/0x1a40
[ 671.643217][T15899] ? bpf_lsm_capable+0x9/0x10
[ 671.643247][T15899] ? __radix_tree_lookup+0x217/0x2b0
[ 671.643314][T15899] nbd_genl_connect+0xb8d/0x1a40
[ 671.643343][T15899] ? rcu_is_watching+0x12/0xc0
[ 671.643392][T15899] ? __pfx_nbd_genl_connect+0x10/0x10
[ 671.643423][T15899] ? __nla_parse+0x40/0x60
[ 671.643469][T15899] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280
[ 671.643501][T15899] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280
[ 671.643557][T15899] genl_family_rcv_msg_doit+0x214/0x300
[ 671.643593][T15899] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 671.643623][T15899] ? genl_get_cmd+0x3ef/0x720
[ 671.643688][T15899] ? __dev_queue_xmit+0x5af/0x4800
[ 671.643720][T15899] ? __radix_tree_lookup+0x217/0x2b0
[ 671.643762][T15899] genl_rcv_msg+0x560/0x800
[ 671.643796][T15899] ? __pfx_genl_rcv_msg+0x10/0x10
[ 671.643831][T15899] ? __pfx_nbd_genl_connect+0x10/0x10
[ 671.643873][T15899] netlink_rcv_skb+0x159/0x420
[ 671.643917][T15899] ? __pfx_genl_rcv_msg+0x10/0x10
[ 671.643948][T15899] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 671.644006][T15899] ? netlink_deliver_tap+0x1ae/0xcc0
[ 671.644053][T15899] genl_rcv+0x28/0x40
[ 671.644077][T15899] netlink_unicast+0x5aa/0x870
[ 671.644126][T15899] ? __pfx_netlink_unicast+0x10/0x10
[ 671.644184][T15899] netlink_sendmsg+0x8b0/0xda0
[ 671.644234][T15899] ? __pfx_netlink_sendmsg+0x10/0x10
[ 671.644276][T15899] ? __import_iovec+0x1d2/0x640
[ 671.644313][T15899] ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[ 671.644366][T15899] ____sys_sendmsg+0x9e1/0xb70
[ 671.644392][T15899] ? __pfx_netlink_sendmsg+0x10/0x10
[ 671.644440][T15899] ? __pfx_____sys_sendmsg+0x10/0x10
[ 671.644476][T15899] ? __pfx_futex_wake_mark+0x10/0x10
[ 671.644527][T15899] ___sys_sendmsg+0x190/0x1e0
[ 671.644559][T15899] ? __pfx____sys_sendmsg+0x10/0x10
[ 671.644633][T15899] __sys_sendmsg+0x170/0x220
[ 671.644682][T15899] ? __pfx___sys_sendmsg+0x10/0x10
[ 671.644721][T15899] ? __x64_sys_futex+0x34f/0x4d0
[ 671.644779][T15899] do_syscall_64+0x106/0xf80
[ 671.644819][T15899] ? clear_bhb_loop+0x40/0x90
[ 671.644854][T15899] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 671.644885][T15899] RIP: 0033:0x7fe3f659c799
[ 671.644912][T15899] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 671.644941][T15899] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 671.644971][T15899] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 671.644991][T15899] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 0000000000000006
[ 671.645009][T15899] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 671.645027][T15899] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 671.645045][T15899] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 671.645088][T15899]
[ 672.082595][T15899] block (null): Could not allocate knbd recv work queue.
[ 672.234040][T15899] nbd: failed to add new device
[ 673.068154][T15905] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3312'.
[ 673.303099][T15914] netlink: 'syz.1.3313': attribute type 1 has an invalid length.
[ 673.333631][T15914] netlink: 306 bytes leftover after parsing attributes in process `syz.1.3313'.
[ 674.272714][T15924] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3318'.
[ 675.958667][T15943] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3323'.
[ 676.012287][T15943] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3323'.
[ 676.036456][T15943] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3323'.
[ 676.062524][T15943] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3323'.
[ 676.119857][T15943] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3323'.
[ 676.162548][T15943] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3323'.
[ 676.222959][T15943] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3323'.
[ 678.589149][T15970] zswap: compressor not available
[ 682.692493][T16022] __nla_validate_parse: 10 callbacks suppressed
[ 682.692521][T16022] netlink: 246 bytes leftover after parsing attributes in process `syz.2.3348'.
[ 683.273218][T16026] vcan0: tx drop: invalid sa for name 0x00000000000000fd
[ 684.380287][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805d9dc800: rx timeout, send abort
[ 684.663932][T16041] zswap: compressor not available
[ 684.888867][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805d9dc800: abort rx timeout. Force session deactivation
[ 685.207796][T16051] netlink: 246 bytes leftover after parsing attributes in process `syz.3.3358'.
[ 686.236267][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 686.243329][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 687.986003][T16086] netlink: 'syz.3.3367': attribute type 29 has an invalid length.
[ 688.052332][T16086] netlink: 'syz.3.3367': attribute type 30 has an invalid length.
[ 688.082497][T16086] netlink: 'syz.3.3367': attribute type 31 has an invalid length.
[ 688.090509][T16086] netlink: 'syz.3.3367': attribute type 32 has an invalid length.
[ 688.185752][T16086] netlink: 'syz.3.3367': attribute type 33 has an invalid length.
[ 688.240669][T16086] netlink: 'syz.3.3367': attribute type 35 has an invalid length.
[ 688.273565][T16086] netlink: 'syz.3.3367': attribute type 37 has an invalid length.
[ 688.313970][T16086] netlink: 18 bytes leftover after parsing attributes in process `syz.3.3367'.
[ 689.744462][T16113] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3377'.
[ 689.813727][T16114] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3377'.
[ 689.886373][ T5833] Bluetooth: hci1: ACL packet for unknown connection handle 0
[ 692.193909][T16137] futex_wake_op: syz.1.3383 tries to shift op by -2048; fix this program
[ 692.375827][T16137] futex_wake_op: syz.1.3383 tries to shift op by -2048; fix this program
[ 692.904054][T16144] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3386'.
[ 694.523678][T16166] [U]
[ 694.526687][T16166] [U]
[ 694.531637][T16166] [U]
[ 694.538921][T16166] [U]
[ 694.607461][T16166] [U]
[ 694.610297][T16166] [U]
[ 694.613110][T16166] [U]
[ 694.615868][T16166] [U]
[ 694.642385][T16166] [U]
[ 694.647183][T16166] [U]
[ 694.650483][T16166] [U]
[ 694.653599][T16166] [U]
[ 694.764069][T16166] [U]
[ 694.767022][T16166] [U]
[ 694.769785][T16166] [U]
[ 694.774036][T16166] [U]
[ 694.822461][T16166] [U]
[ 695.338120][T16176] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3394'.
[ 698.311568][T16208] netlink: 29 bytes leftover after parsing attributes in process `syz.0.3403'.
[ 698.409527][ T5833] Bluetooth: hci3: unexpected event 0x02 length: 726 > 260
[ 708.465591][T16296] netlink: 246 bytes leftover after parsing attributes in process `syz.2.3425'.
[ 709.503918][T16304] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3428'.
[ 709.575287][T16304] netlink: 354 bytes leftover after parsing attributes in process `syz.0.3428'.
[ 709.703372][T16308] futex_wake_op: syz.2.3430 tries to shift op by -2048; fix this program
[ 709.813103][T16308] futex_wake_op: syz.2.3430 tries to shift op by -2048; fix this program
[ 709.864276][T16309] 0x000000000001-0x000000020000 : ""
[ 710.083699][T16308] misc userio: No port type given on /dev/userio
[ 710.154518][T16309] ftl_cs: FTL header corrupt!
[ 711.744572][T16328] random: crng reseeded on system resumption
[ 711.843823][ T5833] Bluetooth: hci0: SCO packet for unknown connection handle 0
[ 711.961164][T16334] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3437'.
[ 713.157202][T16350] netlink: 9 bytes leftover after parsing attributes in process `syz.2.3441'.
[ 717.442231][T16386] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3449'.
[ 722.585244][T16420] HfR: entered promiscuous mode
[ 722.604922][T16421] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3459'.
[ 723.055727][T16421] HfR: left promiscuous mode
[ 725.260308][T16434] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3462'.
[ 731.529668][T16485] netlink: 'syz.1.3478': attribute type 4 has an invalid length.
[ 731.567061][T16485] netlink: 'syz.1.3478': attribute type 5 has an invalid length.
[ 731.636040][T16485] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3478'.
[ 732.010533][T16492] HfR: entered promiscuous mode
[ 732.163813][T16492] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3480'.
[ 732.232170][T16492] HfR: left promiscuous mode
[ 733.383609][T16501] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.3482'.
[ 735.366978][T16516] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3487'.
[ 735.582339][T16516] bond0: (slave bond_slave_0): Releasing backup interface
[ 745.341691][T16617] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3516'.
[ 745.620961][T16617] bond0: (slave bond_slave_1): Releasing backup interface
[ 746.367927][ T5833] Bluetooth: hci2: ACL packet for unknown connection handle 0
[ 747.333293][T16636] futex_wake_op: syz.0.3528 tries to shift op by -2048; fix this program
[ 747.382762][T16636] futex_wake_op: syz.0.3528 tries to shift op by -2048; fix this program
[ 747.676847][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 747.683381][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 749.082906][T16659] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3526'.
[ 749.146306][T16659] veth1_macvtap: left promiscuous mode
[ 751.982795][T16694] netlink: 504 bytes leftover after parsing attributes in process `syz.3.3536'.
[ 752.022803][T16694] netlink: 350 bytes leftover after parsing attributes in process `syz.3.3536'.
[ 753.043038][T16703] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3537'.
[ 753.492956][T16703] bond0: (slave bond_slave_1): Releasing backup interface
[ 761.122490][T16763] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3555'.
[ 761.341345][T16763] i: entered promiscuous mode
[ 761.525610][T16768] HfR: entered promiscuous mode
[ 762.240553][T16783] FAULT_INJECTION: forcing a failure.
[ 762.240553][T16783] name failslab, interval 1, probability 0, space 0, times 0
[ 762.343930][T16783] CPU: 0 UID: 0 PID: 16783 Comm: syz.2.3560 Tainted: G L syzkaller #0 PREEMPT(full)
[ 762.343985][T16783] Tainted: [L]=SOFTLOCKUP
[ 762.343996][T16783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 762.344016][T16783] Call Trace:
[ 762.344027][T16783]
[ 762.344041][T16783] dump_stack_lvl+0x100/0x190
[ 762.344103][T16783] should_fail_ex.cold+0x5/0xa
[ 762.344145][T16783] should_failslab+0xc2/0x120
[ 762.344182][T16783] __kmalloc_cache_noprof+0x7a/0x6f0
[ 762.344228][T16783] ? pkcs7_parse_message+0xfc/0x870
[ 762.344391][T16783] pkcs7_parse_message+0xfc/0x870
[ 762.344438][T16783] ? _request_firmware+0x274/0x13c0
[ 762.344531][T16783] verify_pkcs7_signature+0x30/0xa0
[ 762.344593][T16783] valid_regdb+0x211/0x590
[ 762.344706][T16783] ? __pfx___nla_validate_parse+0x10/0x10
[ 762.344765][T16783] ? __pfx_valid_regdb+0x10/0x10
[ 762.344811][T16783] ? rcu_is_watching+0x12/0xc0
[ 762.344872][T16783] reg_reload_regdb+0x11a/0x460
[ 762.344928][T16783] ? __pfx_reg_reload_regdb+0x10/0x10
[ 762.344988][T16783] ? __pfx_nl80211_pre_doit+0x10/0x10
[ 762.345073][T16783] ? nl80211_pre_doit+0x19a/0xae0
[ 762.345119][T16783] genl_family_rcv_msg_doit+0x214/0x300
[ 762.345163][T16783] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[ 762.345216][T16783] ? genl_get_cmd+0x3ef/0x720
[ 762.345291][T16783] ? bpf_lsm_capable+0x9/0x10
[ 762.345328][T16783] ? security_capable+0x80/0x260
[ 762.345388][T16783] genl_rcv_msg+0x560/0x800
[ 762.345428][T16783] ? __pfx_genl_rcv_msg+0x10/0x10
[ 762.345462][T16783] ? __pfx_nl80211_pre_doit+0x10/0x10
[ 762.345499][T16783] ? __pfx_nl80211_reload_regdb+0x10/0x10
[ 762.345584][T16783] ? __pfx_nl80211_post_doit+0x10/0x10
[ 762.345641][T16783] netlink_rcv_skb+0x159/0x420
[ 762.345691][T16783] ? __pfx_genl_rcv_msg+0x10/0x10
[ 762.345726][T16783] ? __pfx_netlink_rcv_skb+0x10/0x10
[ 762.345795][T16783] ? netlink_deliver_tap+0x1ae/0xcc0
[ 762.345851][T16783] genl_rcv+0x28/0x40
[ 762.345880][T16783] netlink_unicast+0x5aa/0x870
[ 762.345939][T16783] ? __pfx_netlink_unicast+0x10/0x10
[ 762.345990][T16783] ? __pfx_netlink_broadcast_filtered+0x10/0x10
[ 762.346055][T16783] netlink_sendmsg+0x8b0/0xda0
[ 762.346114][T16783] ? __pfx_netlink_sendmsg+0x10/0x10
[ 762.346163][T16783] ? __import_iovec+0x1d2/0x640
[ 762.346208][T16783] ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[ 762.346268][T16783] ____sys_sendmsg+0x9e1/0xb70
[ 762.346313][T16783] ? __pfx_netlink_sendmsg+0x10/0x10
[ 762.346368][T16783] ? __pfx_____sys_sendmsg+0x10/0x10
[ 762.346414][T16783] ? __pfx_futex_wake_mark+0x10/0x10
[ 762.346474][T16783] ___sys_sendmsg+0x190/0x1e0
[ 762.346515][T16783] ? __pfx____sys_sendmsg+0x10/0x10
[ 762.346603][T16783] __sys_sendmsg+0x170/0x220
[ 762.346653][T16783] ? __pfx___sys_sendmsg+0x10/0x10
[ 762.346701][T16783] ? __x64_sys_futex+0x34f/0x4d0
[ 762.346770][T16783] do_syscall_64+0x106/0xf80
[ 762.346816][T16783] ? clear_bhb_loop+0x40/0x90
[ 762.346858][T16783] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 762.346893][T16783] RIP: 0033:0x7fe3f659c799
[ 762.346921][T16783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 762.346956][T16783] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 762.346989][T16783] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 762.347011][T16783] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000005
[ 762.347032][T16783] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 762.347051][T16783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 762.347070][T16783] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 762.347114][T16783]
[ 763.933297][T16804] netlink: 'syz.2.3565': attribute type 2 has an invalid length.
[ 763.941109][T16804] netlink: 'syz.2.3565': attribute type 3 has an invalid length.
[ 764.010083][T16804] netlink: 158 bytes leftover after parsing attributes in process `syz.2.3565'.
[ 764.114449][T16804] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3565'.
[ 769.810083][T16851] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3576'.
[ 771.052808][T16864] netlink: 306 bytes leftover after parsing attributes in process `syz.3.3580'.
[ 778.075843][T16934] zswap: compressor not available
[ 778.748825][T16950] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3599'.
[ 779.216734][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.255826][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.333246][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.390214][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.457038][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.505435][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.632573][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.640272][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.683651][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.771622][T16953] Dead loop on virtual device ip6_vti0, fix it urgently!
[ 779.941339][T16958] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[ 780.575538][T16971] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input6
[ 795.609677][T17128] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3639'.
[ 795.674346][ T5833] Bluetooth: hci1: ACL packet for unknown connection handle 0
[ 796.164373][T17134] netlink: 9 bytes leftover after parsing attributes in process `syz.0.3642'.
[ 798.202617][T17153] futex_wake_op: syz.0.3657 tries to shift op by -2048; fix this program
[ 798.244378][T17153] futex_wake_op: syz.0.3657 tries to shift op by -2048; fix this program
[ 798.917416][T17157] input: j�J�Ǹ-¶š9ã%vø“û¨lÐQ J86Ö�‘ as /devices/virtual/input/input7
[ 800.673347][T17179] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3656'.
[ 803.260760][T17215] FAULT_INJECTION: forcing a failure.
[ 803.260760][T17215] name failslab, interval 1, probability 0, space 0, times 0
[ 803.402182][T17215] CPU: 0 UID: 0 PID: 17215 Comm: syz.2.3668 Tainted: G L syzkaller #0 PREEMPT(full)
[ 803.402237][T17215] Tainted: [L]=SOFTLOCKUP
[ 803.402248][T17215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 803.402268][T17215] Call Trace:
[ 803.402279][T17215]
[ 803.402292][T17215] dump_stack_lvl+0x100/0x190
[ 803.402352][T17215] should_fail_ex.cold+0x5/0xa
[ 803.402392][T17215] should_failslab+0xc2/0x120
[ 803.402429][T17215] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 803.402480][T17215] ? __kernfs_new_node+0xd2/0x960
[ 803.402540][T17215] __kernfs_new_node+0xd2/0x960
[ 803.402592][T17215] ? __pfx___kernfs_new_node+0x10/0x10
[ 803.402649][T17215] ? find_held_lock+0x2b/0x80
[ 803.402680][T17215] ? kernfs_root+0xee/0x2a0
[ 803.402724][T17215] ? kernfs_root+0xee/0x2a0
[ 803.402781][T17215] kernfs_new_node+0x11b/0x1a0
[ 803.402842][T17215] __kernfs_create_file+0x53/0x350
[ 803.402886][T17215] sysfs_add_file_mode_ns+0x207/0x3c0
[ 803.402942][T17215] sysfs_create_file_ns+0x145/0x1e0
[ 803.402988][T17215] ? __pfx_sysfs_create_file_ns+0x10/0x10
[ 803.403052][T17215] ? mark_held_locks+0x40/0x70
[ 803.403103][T17215] device_create_file+0xf2/0x1d0
[ 803.403256][T17215] device_add+0xa74/0x1950
[ 803.403300][T17215] ? __pfx_device_add+0x10/0x10
[ 803.403335][T17215] ? __pfx___might_resched+0x10/0x10
[ 803.403385][T17215] ? lockdep_hardirqs_on+0x78/0x100
[ 803.403451][T17215] __add_disk+0x518/0xe40
[ 803.403550][T17215] add_disk_fwnode+0x118/0x5c0
[ 803.403614][T17215] loop_add+0x90b/0xb60
[ 803.403659][T17215] ? __pfx_loop_add+0x10/0x10
[ 803.403731][T17215] ? find_held_lock+0x2b/0x80
[ 803.403762][T17215] ? __fget_files+0x215/0x3d0
[ 803.403799][T17215] loop_control_ioctl+0xae/0x620
[ 803.403848][T17215] ? __pfx_loop_control_ioctl+0x10/0x10
[ 803.403902][T17215] ? __pfx_loop_control_ioctl+0x10/0x10
[ 803.403952][T17215] __x64_sys_ioctl+0x18e/0x210
[ 803.404014][T17215] do_syscall_64+0x106/0xf80
[ 803.404062][T17215] ? clear_bhb_loop+0x40/0x90
[ 803.404106][T17215] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 803.404142][T17215] RIP: 0033:0x7fe3f659c799
[ 803.404171][T17215] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 803.404205][T17215] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 803.404238][T17215] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 803.404260][T17215] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000007
[ 803.404280][T17215] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 803.404300][T17215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 803.404319][T17215] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 803.404364][T17215]
[ 804.585761][T17224] netlink: 350 bytes leftover after parsing attributes in process `syz.0.3671'.
[ 804.832534][T17231] FAULT_INJECTION: forcing a failure.
[ 804.832534][T17231] name failslab, interval 1, probability 0, space 0, times 0
[ 805.029052][T17231] CPU: 1 UID: 0 PID: 17231 Comm: syz.2.3673 Tainted: G L syzkaller #0 PREEMPT(full)
[ 805.029107][T17231] Tainted: [L]=SOFTLOCKUP
[ 805.029119][T17231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 805.029138][T17231] Call Trace:
[ 805.029148][T17231]
[ 805.029162][T17231] dump_stack_lvl+0x100/0x190
[ 805.029220][T17231] should_fail_ex.cold+0x5/0xa
[ 805.029262][T17231] should_failslab+0xc2/0x120
[ 805.029307][T17231] __kmalloc_cache_noprof+0x7a/0x6f0
[ 805.029355][T17231] ? vkms_plane_duplicate_state+0x87/0x130
[ 805.029549][T17231] vkms_plane_duplicate_state+0x87/0x130
[ 805.029609][T17231] drm_atomic_get_plane_state+0x279/0x760
[ 805.029711][T17231] drm_client_modeset_commit_atomic+0x237/0x7e0
[ 805.029824][T17231] ? trace_contention_end+0x140/0x180
[ 805.029879][T17231] ? __mutex_lock+0x26a/0x1b90
[ 805.029932][T17231] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10
[ 805.029983][T17231] ? drm_master_internal_acquire+0x21/0x80
[ 805.030095][T17231] drm_client_modeset_commit_locked+0x14d/0x580
[ 805.030150][T17231] drm_client_modeset_commit+0x4f/0x80
[ 805.030198][T17231] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160
[ 805.030297][T17231] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0
[ 805.030350][T17231] drm_fbdev_client_restore+0x1b/0x30
[ 805.030414][T17231] ? __pfx_drm_fbdev_client_restore+0x10/0x10
[ 805.030452][T17231] drm_client_dev_restore+0x205/0x2a0
[ 805.030510][T17231] drm_release+0x2c6/0x360
[ 805.030606][T17231] ? __pfx_drm_release+0x10/0x10
[ 805.030650][T17231] __fput+0x3ff/0xb40
[ 805.030702][T17231] task_work_run+0x150/0x240
[ 805.030754][T17231] ? __pfx_task_work_run+0x10/0x10
[ 805.030827][T17231] exit_to_user_mode_loop+0x100/0x4a0
[ 805.030881][T17231] do_syscall_64+0x668/0xf80
[ 805.030928][T17231] ? clear_bhb_loop+0x40/0x90
[ 805.030971][T17231] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 805.031006][T17231] RIP: 0033:0x7fe3f659c799
[ 805.031036][T17231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 805.031071][T17231] RSP: 002b:00007fe3f47f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[ 805.031104][T17231] RAX: 0000000000000000 RBX: 00007fe3f6816090 RCX: 00007fe3f659c799
[ 805.031125][T17231] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002
[ 805.031145][T17231] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 805.031165][T17231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 805.031184][T17231] R13: 00007fe3f6816128 R14: 00007fe3f6816090 R15: 00007ffdf9131f88
[ 805.031228][T17231]
[ 806.898102][T17253] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3678'.
[ 807.117238][T17253] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 807.271883][T17253] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 807.488735][T17253] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 807.602846][T17253] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 807.776546][T17253] bridge0: port 3(batadv0) entered disabled state
[ 808.055810][T17253] batadv0 (unregistering): left allmulticast mode
[ 808.182233][T17253] batadv0 (unregistering): left promiscuous mode
[ 808.188808][T17253] bridge0: port 3(batadv0) entered disabled state
[ 809.118429][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 809.125458][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 811.043675][T17283] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3688'.
[ 811.077282][T17283] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3688'.
[ 813.375356][T17306] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3695'.
[ 813.418311][T17306] vlan1: entered promiscuous mode
[ 813.452467][T17306] vlan1: entered allmulticast mode
[ 817.616158][T17344] FAULT_INJECTION: forcing a failure.
[ 817.616158][T17344] name failslab, interval 1, probability 0, space 0, times 0
[ 817.710429][T17344] CPU: 0 UID: 0 PID: 17344 Comm: syz.2.3707 Tainted: G L syzkaller #0 PREEMPT(full)
[ 817.710483][T17344] Tainted: [L]=SOFTLOCKUP
[ 817.710494][T17344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 817.710514][T17344] Call Trace:
[ 817.710524][T17344]
[ 817.710537][T17344] dump_stack_lvl+0x100/0x190
[ 817.710595][T17344] should_fail_ex.cold+0x5/0xa
[ 817.710634][T17344] should_failslab+0xc2/0x120
[ 817.710671][T17344] __kmalloc_node_track_caller_noprof+0xe3/0x850
[ 817.710727][T17344] ? parse_pred+0x2d4/0x3070
[ 817.710827][T17344] kmemdup_nul+0x49/0xd0
[ 817.710891][T17344] parse_pred+0x2d4/0x3070
[ 817.710951][T17344] ? __pfx_parse_pred+0x10/0x10
[ 817.711013][T17344] ? rcu_is_watching+0x12/0xc0
[ 817.711066][T17344] ? trace_kmalloc+0x101/0x130
[ 817.711107][T17344] ? __kmalloc_noprof+0x320/0x850
[ 817.711166][T17344] process_preds+0x6a6/0x1d90
[ 817.711237][T17344] ? create_filter_start.constprop.0+0x134/0x310
[ 817.711297][T17344] create_filter+0x140/0x210
[ 817.711351][T17344] ? __pfx_create_filter+0x10/0x10
[ 817.711406][T17344] ? find_held_lock+0x2b/0x80
[ 817.711441][T17344] apply_event_filter+0x220/0x500
[ 817.711496][T17344] ? __pfx_apply_event_filter+0x10/0x10
[ 817.711564][T17344] event_filter_write+0x16d/0x290
[ 817.711607][T17344] vfs_write+0x2aa/0x1070
[ 817.711664][T17344] ? __pfx_event_filter_write+0x10/0x10
[ 817.711710][T17344] ? __pfx_vfs_write+0x10/0x10
[ 817.711764][T17344] ? __fget_files+0x215/0x3d0
[ 817.711807][T17344] ? __fget_files+0x21f/0x3d0
[ 817.711850][T17344] ksys_write+0x12a/0x250
[ 817.711882][T17344] ? __pfx_ksys_write+0x10/0x10
[ 817.711926][T17344] do_syscall_64+0x106/0xf80
[ 817.711978][T17344] ? clear_bhb_loop+0x40/0x90
[ 817.712018][T17344] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 817.712051][T17344] RIP: 0033:0x7fe3f659c799
[ 817.712078][T17344] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 817.712111][T17344] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 817.712142][T17344] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 817.712163][T17344] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003
[ 817.712180][T17344] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 817.712199][T17344] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 817.712229][T17344] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 817.712273][T17344]
[ 828.718042][T17442] netlink: 'syz.3.3736': attribute type 4 has an invalid length.
[ 828.857232][T17442] netlink: 'syz.3.3736': attribute type 5 has an invalid length.
[ 828.889321][T17442] netlink: 10 bytes leftover after parsing attributes in process `syz.3.3736'.
[ 829.018199][T17446] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3740'.
[ 829.072772][T17446] netlink: 28905 bytes leftover after parsing attributes in process `syz.2.3740'.
[ 829.716116][T17460] net_ratelimit: 1 callbacks suppressed
[ 829.716163][T17460] netlink: zone id is out of range
[ 829.728009][T17460] netlink: zone id is out of range
[ 829.762027][T17460] netlink: zone id is out of range
[ 829.768737][T17460] netlink: zone id is out of range
[ 829.800865][T17460] netlink: zone id is out of range
[ 829.943652][T17466] netlink: zone id is out of range
[ 829.948877][T17466] netlink: zone id is out of range
[ 830.036827][T17460] netlink: set zone limit has 8 unknown bytes
[ 830.105511][T17466] netlink: zone id is out of range
[ 830.111530][T17466] netlink: zone id is out of range
[ 832.414022][T17486] netlink: 186 bytes leftover after parsing attributes in process `syz.2.3748'.
[ 833.319596][T17510] netlink: 'syz.2.3754': attribute type 3 has an invalid length.
[ 833.553061][T17510] netlink: 306 bytes leftover after parsing attributes in process `syz.2.3754'.
[ 833.920604][T17513] syz.0.3755 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[ 837.765529][T17546] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3763'.
[ 839.166653][T17559] netlink: 13 bytes leftover after parsing attributes in process `syz.1.3768'.
[ 839.913225][T17551] delete_channel: no stack
[ 845.035682][ T5833] block nbd0: Receive control failed (result -32)
[ 849.461757][ T29] audit: type=1800 audit(2147491542.241:16): pid=17662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3803" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[ 853.055952][ T29] audit: type=1804 audit(2147491545.841:17): pid=17694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3802" name="file0" dev="tmpfs" ino=5145 res=1 errno=0
[ 853.162099][ T29] audit: type=1804 audit(2147491545.881:18): pid=17698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3802" name="file0" dev="tmpfs" ino=5145 res=1 errno=0
[ 853.372277][T17705] netlink: 93 bytes leftover after parsing attributes in process `syz.2.3805'.
[ 853.464819][T17702] netlink: 93 bytes leftover after parsing attributes in process `syz.2.3805'.
[ 856.827527][T17733] net_ratelimit: 2 callbacks suppressed
[ 856.827564][T17733] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 864.145649][T17798] capability: warning: `syz.2.3829' uses 32-bit capabilities (legacy support in use)
[ 867.914565][T17832] netlink: 5 bytes leftover after parsing attributes in process `syz.2.3847'.
[ 867.966834][T17832] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3847'.
[ 867.984092][T17835] netlink: 93 bytes leftover after parsing attributes in process `syz.3.3839'.
[ 868.151757][T17834] netlink: 93 bytes leftover after parsing attributes in process `syz.3.3839'.
[ 870.558516][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 870.565123][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 870.651917][T17861] netlink: 50 bytes leftover after parsing attributes in process `syz.3.3845'.
[ 879.290739][T17946] kexec: Could not allocate control_code_buffer
[ 885.112698][ T5833] Bluetooth: hci4: Opcode 0x1003 failed: -110
[ 888.493136][T18050] vcan0: tx drop: invalid sa for name 0x00000000000000fd
[ 892.088053][T18077] random: crng reseeded on system resumption
[ 894.462494][T18098] binder: 18096:18098 ioctl c018620c 2000000000c0 returned -22
[ 898.409971][T18140] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3924'.
[ 898.486244][T18140] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3924'.
[ 901.117845][T18171] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3935'.
[ 901.155866][T18171] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3935'.
[ 911.545131][T18252] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3955'.
[ 923.884876][ T5833] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[ 926.388053][T18374] netlink: 17 bytes leftover after parsing attributes in process `syz.2.3989'.
[ 927.246548][T18382] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3990'.
[ 929.863242][T18404] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3999'.
[ 930.122228][T18404] bridge0: port 2(bridge_slave_1) entered disabled state
[ 930.373791][T18404] bridge_slave_1 (unregistering): left allmulticast mode
[ 930.431755][T18404] bridge_slave_1 (unregistering): left promiscuous mode
[ 930.531539][T18404] bridge0: port 2(bridge_slave_1) entered disabled state
[ 932.001303][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 932.007935][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 938.048633][T18469] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4015'.
[ 938.853933][T18476] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4018'.
[ 941.062208][ T5833] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18
[ 941.529839][T18512] FAULT_INJECTION: forcing a failure.
[ 941.529839][T18512] name failslab, interval 1, probability 0, space 0, times 0
[ 941.747590][T18512] CPU: 0 UID: 0 PID: 18512 Comm: syz.2.4026 Tainted: G L syzkaller #0 PREEMPT(full)
[ 941.747649][T18512] Tainted: [L]=SOFTLOCKUP
[ 941.747662][T18512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 941.747683][T18512] Call Trace:
[ 941.747695][T18512]
[ 941.747708][T18512] dump_stack_lvl+0x100/0x190
[ 941.747771][T18512] should_fail_ex.cold+0x5/0xa
[ 941.747813][T18512] should_failslab+0xc2/0x120
[ 941.747853][T18512] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 941.747905][T18512] ? key_alloc+0x3c5/0x1310
[ 941.748083][T18512] ? rcu_is_watching+0x12/0xc0
[ 941.748147][T18512] key_alloc+0x3c5/0x1310
[ 941.748202][T18512] ? __pfx_key_alloc+0x10/0x10
[ 941.748264][T18512] keyring_alloc+0x44/0xc0
[ 941.748315][T18512] install_session_keyring_to_cred+0x190/0x230
[ 941.748360][T18512] join_session_keyring+0x1bc/0x350
[ 941.748400][T18512] lookup_user_key+0x32f/0x1300
[ 941.748441][T18512] ? __pfx_lookup_user_key+0x10/0x10
[ 941.748481][T18512] ? __pfx_futex_wait+0x10/0x10
[ 941.748541][T18512] ? __pfx_lookup_user_key_possessed+0x10/0x10
[ 941.748584][T18512] ? __pfx_msgctl_down+0x10/0x10
[ 941.748678][T18512] keyctl_get_persistent+0x197/0x8b0
[ 941.748728][T18512] ? __pfx_keyctl_get_persistent+0x10/0x10
[ 941.748780][T18512] ? __x64_sys_futex+0x34f/0x4d0
[ 941.748822][T18512] ? __x64_sys_futex+0x358/0x4d0
[ 941.748872][T18512] ? xfd_validate_state+0x129/0x190
[ 941.748932][T18512] __do_sys_keyctl+0x3b2/0x5a0
[ 941.748968][T18512] do_syscall_64+0x106/0xf80
[ 941.749018][T18512] ? clear_bhb_loop+0x40/0x90
[ 941.749063][T18512] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 941.749100][T18512] RIP: 0033:0x7fe3f659c799
[ 941.749130][T18512] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 941.749164][T18512] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 941.749198][T18512] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 941.749221][T18512] RDX: 7ffffffffffffffd RSI: 0000000000000000 RDI: 0000000000000016
[ 941.749242][T18512] RBP: 00007fe3f6632c99 R08: 0004000000000000 R09: 0000000000000000
[ 941.749271][T18512] R10: 00000000000099a5 R11: 0000000000000246 R12: 0000000000000000
[ 941.749291][T18512] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 941.749336][T18512]
[ 943.117703][ T5836] Bluetooth: hci1: command 0x0406 tx timeout
[ 945.203044][ T5833] Bluetooth: hci1: command 0x0406 tx timeout
[ 950.344600][T18577] can0: slcan on ttyS2.
[ 951.750435][T18573] can0 (unregistered): slcan off ttyS2.
[ 953.899275][T18597] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4049'.
[ 969.093289][T18719] FAULT_INJECTION: forcing a failure.
[ 969.093289][T18719] name fail_usercopy, interval 1, probability 0, space 0, times 1
[ 969.172059][T18719] CPU: 0 UID: 0 PID: 18719 Comm: syz.2.4080 Tainted: G L syzkaller #0 PREEMPT(full)
[ 969.172119][T18719] Tainted: [L]=SOFTLOCKUP
[ 969.172130][T18719] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 969.172151][T18719] Call Trace:
[ 969.172166][T18719]
[ 969.172178][T18719] dump_stack_lvl+0x100/0x190
[ 969.172237][T18719] should_fail_ex.cold+0x5/0xa
[ 969.172280][T18719] _copy_from_user+0x2e/0xd0
[ 969.172323][T18719] copy_msghdr_from_user+0x9f/0x4f0
[ 969.172367][T18719] ? __pfx_copy_msghdr_from_user+0x10/0x10
[ 969.172415][T18719] ? __pfx_futex_wake_mark+0x10/0x10
[ 969.172474][T18719] ___sys_sendmsg+0x106/0x1e0
[ 969.172513][T18719] ? __pfx____sys_sendmsg+0x10/0x10
[ 969.172599][T18719] __sys_sendmsg+0x170/0x220
[ 969.172647][T18719] ? __pfx___sys_sendmsg+0x10/0x10
[ 969.172693][T18719] ? __x64_sys_futex+0x34f/0x4d0
[ 969.172759][T18719] do_syscall_64+0x106/0xf80
[ 969.172806][T18719] ? clear_bhb_loop+0x40/0x90
[ 969.172859][T18719] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 969.172895][T18719] RIP: 0033:0x7fe3f659c799
[ 969.172923][T18719] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 969.172956][T18719] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 969.172986][T18719] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 969.173008][T18719] RDX: 0000000000040000 RSI: 0000000000000000 RDI: 0000000000000008
[ 969.173027][T18719] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 969.173047][T18719] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 969.173067][T18719] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 969.173111][T18719]
[ 969.414255][T18721] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4081'.
[ 973.193665][T18763] netlink: 17 bytes leftover after parsing attributes in process `syz.0.4092'.
[ 975.512563][ T5836] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 982.103104][T18827] can: request_module (can-proto-3) failed.
[ 983.344084][T18883] netlink: 334 bytes leftover after parsing attributes in process `syz.1.4123'.
[ 993.438100][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 993.445061][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 995.152986][T18980] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4146'.
[ 997.123522][T18993] vcan0: tx drop: invalid sa for name 0x00000000000000fd
[ 1001.713879][T19040] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4171'.
[ 1001.748074][T19040] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4171'.
[ 1003.178432][ T29] audit: type=1800 audit(2147491695.961:19): pid=19051 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4166" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[ 1006.483425][T19084] FAULT_INJECTION: forcing a failure.
[ 1006.483425][T19084] name failslab, interval 1, probability 0, space 0, times 0
[ 1006.531875][T19084] CPU: 0 UID: 0 PID: 19084 Comm: syz.2.4175 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1006.531934][T19084] Tainted: [L]=SOFTLOCKUP
[ 1006.531946][T19084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1006.531967][T19084] Call Trace:
[ 1006.531976][T19084]
[ 1006.531988][T19084] dump_stack_lvl+0x100/0x190
[ 1006.532048][T19084] should_fail_ex.cold+0x5/0xa
[ 1006.532090][T19084] should_failslab+0xc2/0x120
[ 1006.532129][T19084] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1006.532182][T19084] ? __proc_create+0x2cb/0x8c0
[ 1006.532245][T19084] __proc_create+0x2cb/0x8c0
[ 1006.532301][T19084] ? __pfx___proc_create+0x10/0x10
[ 1006.532362][T19084] ? _raw_write_unlock+0x28/0x50
[ 1006.532417][T19084] proc_create_reg+0x75/0x170
[ 1006.532462][T19084] proc_create_net_data+0x8e/0x1c0
[ 1006.532498][T19084] ? __pfx_proc_create_net_data+0x10/0x10
[ 1006.532534][T19084] ? __pfx_proc_create_net_data+0x10/0x10
[ 1006.532566][T19084] ? __pfx_uevent_net_rcv+0x10/0x10
[ 1006.532606][T19084] ? __pfx_dev_proc_net_init+0x10/0x10
[ 1006.532750][T19084] wext_proc_init+0x53/0x80
[ 1006.532828][T19084] dev_proc_net_init+0x112/0x230
[ 1006.532873][T19084] ops_init+0x1e2/0x5f0
[ 1006.532927][T19084] setup_net+0x118/0x3a0
[ 1006.532979][T19084] ? __pfx_setup_net+0x10/0x10
[ 1006.533027][T19084] ? lockdep_init_map_type+0x5c/0x250
[ 1006.533075][T19084] ? mutex_init_lockep+0x110/0x150
[ 1006.533127][T19084] copy_net_ns+0x46f/0x7c0
[ 1006.533186][T19084] create_new_namespaces+0x3ea/0xac0
[ 1006.533232][T19084] unshare_nsproxy_namespaces+0xc3/0x1f0
[ 1006.533274][T19084] ksys_unshare+0x473/0xad0
[ 1006.533321][T19084] ? __pfx_ksys_unshare+0x10/0x10
[ 1006.533382][T19084] __x64_sys_unshare+0x31/0x40
[ 1006.533424][T19084] do_syscall_64+0x106/0xf80
[ 1006.533478][T19084] ? clear_bhb_loop+0x40/0x90
[ 1006.533524][T19084] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1006.533559][T19084] RIP: 0033:0x7fe3f659c799
[ 1006.533588][T19084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1006.533622][T19084] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1006.533656][T19084] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 1006.533679][T19084] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080
[ 1006.533699][T19084] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 1006.533720][T19084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1006.533740][T19084] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 1006.533786][T19084]
[ 1007.966156][T19093] =======================================================
[ 1007.966156][T19093] WARNING: The mand mount option has been deprecated and
[ 1007.966156][T19093] and is ignored by this kernel. Remove the mand
[ 1007.966156][T19093] option from the mount to silence this warning.
[ 1007.966156][T19093] =======================================================
[ 1011.655998][T19133] FAULT_INJECTION: forcing a failure.
[ 1011.655998][T19133] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[ 1011.752625][T19133] CPU: 0 UID: 0 PID: 19133 Comm: syz.2.4186 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1011.752687][T19133] Tainted: [L]=SOFTLOCKUP
[ 1011.752699][T19133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1011.752721][T19133] Call Trace:
[ 1011.752732][T19133]
[ 1011.752745][T19133] dump_stack_lvl+0x100/0x190
[ 1011.752806][T19133] should_fail_ex.cold+0x5/0xa
[ 1011.752839][T19133] ? prepare_alloc_pages+0x16d/0x5f0
[ 1011.752882][T19133] should_fail_alloc_page+0xeb/0x140
[ 1011.752930][T19133] prepare_alloc_pages+0x1f0/0x5f0
[ 1011.752975][T19133] __alloc_frozen_pages_noprof+0x19a/0x2ba0
[ 1011.753028][T19133] ? __pfx_stack_trace_save+0x10/0x10
[ 1011.753065][T19133] ? stack_depot_save_flags+0x27/0x9d0
[ 1011.753110][T19133] ? __pfx_mt_destroy_walk+0x10/0x10
[ 1011.753162][T19133] ? kasan_save_stack+0x3f/0x50
[ 1011.753218][T19133] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[ 1011.753276][T19133] ? __lock_acquire+0x4a5/0x2630
[ 1011.753331][T19133] ? lock_acquire+0x1cf/0x380
[ 1011.753374][T19133] ? find_held_lock+0x2b/0x80
[ 1011.753404][T19133] ? page_table_check_set+0x49a/0xa10
[ 1011.753436][T19133] ? __sanitizer_cov_trace_switch+0x54/0x90
[ 1011.753494][T19133] ? policy_nodemask+0xed/0x4f0
[ 1011.753533][T19133] alloc_pages_mpol+0x1fb/0x550
[ 1011.753568][T19133] ? __pfx_alloc_pages_mpol+0x10/0x10
[ 1011.753612][T19133] folio_alloc_mpol_noprof+0x36/0x340
[ 1011.753672][T19133] vma_alloc_folio_noprof+0xed/0x1d0
[ 1011.753714][T19133] ? __pfx_vma_alloc_folio_noprof+0x10/0x10
[ 1011.753768][T19133] do_anonymous_page+0xb3a/0x1fb0
[ 1011.753828][T19133] __handle_mm_fault+0x1d42/0x2b60
[ 1011.753885][T19133] ? __pfx___handle_mm_fault+0x10/0x10
[ 1011.753945][T19133] ? pte_offset_map_lock+0x174/0x320
[ 1011.753980][T19133] ? find_held_lock+0x2b/0x80
[ 1011.754026][T19133] ? follow_page_pte+0x5b3/0x1400
[ 1011.754073][T19133] handle_mm_fault+0x36d/0xa20
[ 1011.754125][T19133] __get_user_pages+0xf9c/0x34d0
[ 1011.754179][T19133] ? __pfx___get_user_pages+0x10/0x10
[ 1011.754229][T19133] populate_vma_page_range+0x267/0x3f0
[ 1011.754272][T19133] ? __pfx_populate_vma_page_range+0x10/0x10
[ 1011.754312][T19133] ? __pfx_find_vma_intersection+0x10/0x10
[ 1011.754350][T19133] ? do_mmap+0x93f/0x12f0
[ 1011.754394][T19133] __mm_populate+0x107/0x3a0
[ 1011.754437][T19133] ? __pfx___mm_populate+0x10/0x10
[ 1011.754481][T19133] ? up_write+0x290/0x4f0
[ 1011.754534][T19133] vm_mmap_pgoff+0x37f/0x470
[ 1011.754577][T19133] ? __pfx_vm_mmap_pgoff+0x10/0x10
[ 1011.754619][T19133] ? do_futex+0x192/0x350
[ 1011.754663][T19133] ? __pfx_do_futex+0x10/0x10
[ 1011.754702][T19133] ? __pfx_do_sys_openat2+0x10/0x10
[ 1011.754755][T19133] ksys_mmap_pgoff+0xe1/0x650
[ 1011.754791][T19133] ? __x64_sys_futex+0x34f/0x4d0
[ 1011.754831][T19133] ? __x64_sys_futex+0x358/0x4d0
[ 1011.754874][T19133] ? __pfx_ksys_mmap_pgoff+0x10/0x10
[ 1011.754921][T19133] ? xfd_validate_state+0x129/0x190
[ 1011.754982][T19133] __x64_sys_mmap+0x125/0x190
[ 1011.755038][T19133] do_syscall_64+0x106/0xf80
[ 1011.755086][T19133] ? clear_bhb_loop+0x40/0x90
[ 1011.755131][T19133] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1011.755167][T19133] RIP: 0033:0x7fe3f659c799
[ 1011.755197][T19133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1011.755232][T19133] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[ 1011.755265][T19133] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 1011.755287][T19133] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000
[ 1011.755310][T19133] RBP: 00007fe3f6632c99 R08: 0000000000000007 R09: 0000000000028000
[ 1011.755332][T19133] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000
[ 1011.755352][T19133] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 1011.755396][T19133]
[ 1020.322553][T19204] zswap: compressor �G not available
[ 1039.950712][ T29] audit: type=1807 audit(2147491732.721:20): UNKNOWN=0"û]$|Ë1jë0B|d�™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ� res=0
[ 1040.011394][ T29] audit: type=1802 audit(2147491732.721:21): pid=19335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.4235" res=0 errno=0
[ 1040.216501][T19351] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4242'.
[ 1040.485408][T19334] ima: policy update failed
[ 1040.490212][ T29] audit: type=1802 audit(2147491733.271:22): pid=19334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.4235" res=0 errno=0
[ 1041.403328][T19366] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4247'.
[ 1046.855771][T19438] netlink: 9 bytes leftover after parsing attributes in process `syz.0.4261'.
[ 1047.802267][T19440] FAULT_INJECTION: forcing a failure.
[ 1047.802267][T19440] name failslab, interval 1, probability 0, space 0, times 0
[ 1047.890468][T19440] CPU: 1 UID: 0 PID: 19440 Comm: syz.2.4262 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1047.890523][T19440] Tainted: [L]=SOFTLOCKUP
[ 1047.890535][T19440] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1047.890556][T19440] Call Trace:
[ 1047.890566][T19440]
[ 1047.890579][T19440] dump_stack_lvl+0x100/0x190
[ 1047.890765][T19440] should_fail_ex.cold+0x5/0xa
[ 1047.890807][T19440] should_failslab+0xc2/0x120
[ 1047.890866][T19440] __kmalloc_cache_noprof+0x7a/0x6f0
[ 1047.890913][T19440] ? trace_pid_list_alloc+0x2fe/0x480
[ 1047.890975][T19440] trace_pid_list_alloc+0x2fe/0x480
[ 1047.891032][T19440] trace_pid_write+0x110/0x460
[ 1047.891086][T19440] ? __pfx_trace_pid_write+0x10/0x10
[ 1047.891164][T19440] event_pid_write.isra.0+0x1e4/0x800
[ 1047.891220][T19440] ? __pfx_event_pid_write.isra.0+0x10/0x10
[ 1047.891286][T19440] vfs_write+0x2aa/0x1070
[ 1047.891340][T19440] ? __pfx_ftrace_event_npid_write+0x10/0x10
[ 1047.891512][T19440] ? __pfx_vfs_write+0x10/0x10
[ 1047.891575][T19440] ? __fget_files+0x215/0x3d0
[ 1047.891621][T19440] ? __fget_files+0x21f/0x3d0
[ 1047.891665][T19440] ksys_write+0x12a/0x250
[ 1047.891695][T19440] ? __pfx_ksys_write+0x10/0x10
[ 1047.891740][T19440] do_syscall_64+0x106/0xf80
[ 1047.891788][T19440] ? clear_bhb_loop+0x40/0x90
[ 1047.891841][T19440] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1047.891880][T19440] RIP: 0033:0x7fe3f659c799
[ 1047.891910][T19440] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1047.891977][T19440] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1047.892010][T19440] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 1047.892032][T19440] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003
[ 1047.892052][T19440] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 1047.892071][T19440] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1047.892090][T19440] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 1047.892134][T19440]
[ 1054.877168][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.883890][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.671463][T19527] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4285'.
[ 1057.603456][T19552] netlink: 'syz.2.4292': attribute type 2 has an invalid length.
[ 1060.484378][T19577] ptrace attach of "./syz-executor exec"[5828] was attempted by "SÒõxâ(¦r*kU¾Ë™Ê¤0Œ¶ëc:ò¬™z@Ç�Òiè‰�,È»cÓ¶ªð’ á=à2ïV¯¬L1îèÐËYÒWOu°™D�è�µ�� �‰`�– \x09©ž– úÄ\x0bçhþ$›Ckµ°o�êÅ\x0a3‚Ÿ\x5c���òç\x0b(”yV�/Ò f§Ög:°}›*ãm†ßÐ~-¥QÝóWQ·òÕuFS~àÙ\x0c��ÿ‡¬{9õ|�11DgÀêöBÈðˆ<º¤µ²Ù1¸�?0¾\x0dè‡QÿÍ/Gù`ùÄ}Á\x0d¹=šú8€ˆ?¥§æ£ûÿ��Éq¨S>Ü\x0cŸ.Ò׺(ÛC½ñ\x0d±‘“Œ¬þ-ßö‡×däc£¯fä_ã€gJ�'ÒDƒ�R|�˜\x0d㘛ýÑÿYÌʬ*mL¦e�0»�†!0´O\x07'V²ôýÈH[ãûó›‰ò{l7Ž'ìm´T¤ñ\x5c¬uspK�•9�D�ë›Ñ¥€®Z{ùÒ�1œ�nÇÀq§�„BÿE˜šÉ–ëÔºøË~é‰6Á\x1bŸð�êÉP•—mµÒ?PVi\x0cêÿ\x1bù‹”3�î³5@ž °!ê7ÿ2Èt8E_#pÓHX\x5c\x0dOA�š-îQ�8¤Kg¦T™ íöÏâG�¨éÇ°ôSU?h2µ�ñdû/\x0aËîV;aG¤«6€\x5céò Íÿ+ˆæ<á 5ª\x22p•‹*=µ2„$Ù£µÌJÎÀ°³a¸�úKñ«]/~ ^�!½¤�FU¡ý�çG»\x0b�õ¹i#ákôh]¤»=þn�\x0cXmÚòBÞWÙJÖ\x0dœÆ,ÌÓª†:´øOù“£†Ï\x0b”2³o�,4B\x2252�Ńì�8tд•’eE5\x0a\x09WE§¥�ñ¥‚FD=2·‚³3®F¯ñ¿§º�%`�$�àrMÛMIåG��µX«}è!DQivÚ$€ÿÛ0�ݵ<+n‹äøsçY•G€�4´@3¨ùN,_\x0bÅ[a±Ý–\x0d7&íÕ�Š;iÝw\x0a§_bšPóÿñ+�ª¨°|Sdk :vÏg F�2P†&Â�é€\x09\x5c\x5c{š �¡fAv–„\x07ÎHH{‡ŒôSµfR{Ä \x07�öÐdÄç\x0c—i•õx¢ÕöI5IŸ�]AøjÐi¦m»Ri�¡ |zi� �leIJeÓ„ÙÑ�ݲ„u\x1b.\x5c×ËìÞ\x2
[ 1063.377804][T19613] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4310'.
[ 1063.864467][ T5836] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18
[ 1063.875174][ T5836] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0'
[ 1063.887105][ T5836] CPU: 0 UID: 0 PID: 5836 Comm: kworker/u9:4 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1063.887173][ T5836] Tainted: [L]=SOFTLOCKUP
[ 1063.887183][ T5836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1063.887239][ T5836] Workqueue: hci2 hci_rx_work
[ 1063.887371][ T5836] Call Trace:
[ 1063.887384][ T5836]
[ 1063.887398][ T5836] dump_stack_lvl+0x100/0x190
[ 1063.887456][ T5836] sysfs_warn_dup.cold+0x1c/0x28
[ 1063.887533][ T5836] sysfs_create_dir_ns+0x24b/0x2b0
[ 1063.887585][ T5836] ? __pfx_sysfs_create_dir_ns+0x10/0x10
[ 1063.887630][ T5836] ? find_held_lock+0x2b/0x80
[ 1063.887663][ T5836] ? kobject_add_internal+0x25f/0x930
[ 1063.887811][ T5836] ? kobject_add_internal+0x25f/0x930
[ 1063.887877][ T5836] ? do_raw_spin_unlock+0x145/0x1e0
[ 1063.887945][ T5836] kobject_add_internal+0x2c8/0x930
[ 1063.888010][ T5836] kobject_add+0x16a/0x1e0
[ 1063.888069][ T5836] ? __pfx_kobject_add+0x10/0x10
[ 1063.888126][ T5836] ? class_to_subsys+0x10f/0x150
[ 1063.888246][ T5836] ? kobject_put+0xb9/0x640
[ 1063.888306][ T5836] ? _raw_spin_unlock+0x28/0x50
[ 1063.888362][ T5836] device_add+0x294/0x1950
[ 1063.888404][ T5836] ? __pfx_dev_set_name+0x10/0x10
[ 1063.888451][ T5836] ? __pfx_device_add+0x10/0x10
[ 1063.888492][ T5836] ? mgmt_send_event_skb+0x2fb/0x460
[ 1063.888596][ T5836] hci_conn_add_sysfs+0x1a3/0x260
[ 1063.888683][ T5836] le_conn_complete_evt+0x11cb/0x1f40
[ 1063.888764][ T5836] ? __pfx_le_conn_complete_evt+0x10/0x10
[ 1063.888802][ T5836] ? __pfx_bt_warn+0x10/0x10
[ 1063.888874][ T5836] hci_le_conn_complete_evt+0x23c/0x3a0
[ 1063.888919][ T5836] ? skb_pull_data+0x15f/0x1e0
[ 1063.888966][ T5836] hci_le_meta_evt+0x34a/0x5f0
[ 1063.889043][ T5836] ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[ 1063.889094][ T5836] hci_event_packet+0x682/0x11c0
[ 1063.889138][ T5836] ? __pfx_hci_le_meta_evt+0x10/0x10
[ 1063.889186][ T5836] ? __pfx_hci_event_packet+0x10/0x10
[ 1063.889232][ T5836] ? kcov_remote_start+0x374/0x660
[ 1063.889281][ T5836] ? lockdep_hardirqs_on+0x78/0x100
[ 1063.889341][ T5836] hci_rx_work+0x451/0xfc0
[ 1063.889392][ T5836] process_one_work+0x9d7/0x1920
[ 1063.889463][ T5836] ? __pfx_process_one_work+0x10/0x10
[ 1063.889529][ T5836] ? __pfx_hci_rx_work+0x10/0x10
[ 1063.889576][ T5836] worker_thread+0x5da/0xe40
[ 1063.889643][ T5836] ? kthread+0x13a/0x450
[ 1063.889688][ T5836] ? __pfx_worker_thread+0x10/0x10
[ 1063.889739][ T5836] kthread+0x370/0x450
[ 1063.889784][ T5836] ? __pfx_kthread+0x10/0x10
[ 1063.889832][ T5836] ret_from_fork+0x754/0xd80
[ 1063.889885][ T5836] ? __pfx_ret_from_fork+0x10/0x10
[ 1063.889937][ T5836] ? __switch_to+0x7b4/0x1120
[ 1063.889973][ T5836] ? __pfx_kthread+0x10/0x10
[ 1063.890018][ T5836] ret_from_fork_asm+0x1a/0x30
[ 1063.890072][ T5836]
[ 1063.890260][ T5836] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory.
[ 1064.181906][ T5836] Bluetooth: hci2: failed to register connection device
[ 1066.242411][ T5833] Bluetooth: hci2: command 0x0406 tx timeout
[ 1068.312434][ T5833] Bluetooth: hci2: command 0x0406 tx timeout
[ 1069.093153][T19666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4323'.
[ 1069.190896][T19670] netlink: 354 bytes leftover after parsing attributes in process `syz.3.4323'.
[ 1079.063402][T19737] netlink: 'syz.3.4339': attribute type 1 has an invalid length.
[ 1079.200937][T19737] netlink: 5 bytes leftover after parsing attributes in process `syz.3.4339'.
[ 1083.014191][T19780] misc userio: Invalid payload size
[ 1089.592191][ T29] audit: type=1800 audit(2147491782.371:23): pid=19834 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4368" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[ 1089.991045][T19845] binder: 19831:19845 ioctl c018620c 0 returned -1
[ 1101.715273][T19936] netlink: 326 bytes leftover after parsing attributes in process `syz.2.4392'.
[ 1101.982375][T19942] FAULT_INJECTION: forcing a failure.
[ 1101.982375][T19942] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1102.055503][T19942] CPU: 1 UID: 0 PID: 19942 Comm: syz.2.4392 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1102.055557][T19942] Tainted: [L]=SOFTLOCKUP
[ 1102.055568][T19942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1102.055590][T19942] Call Trace:
[ 1102.055600][T19942]
[ 1102.055612][T19942] dump_stack_lvl+0x100/0x190
[ 1102.055672][T19942] should_fail_ex.cold+0x5/0xa
[ 1102.055714][T19942] _copy_to_user+0x32/0xd0
[ 1102.055759][T19942] poll_select_finish+0x32f/0x670
[ 1102.055816][T19942] ? __pfx_poll_select_finish+0x10/0x10
[ 1102.055875][T19942] ? ktime_get_ts64+0x2d2/0x3f0
[ 1102.055915][T19942] ? read_tsc+0x9/0x20
[ 1102.055950][T19942] ? ktime_get_ts64+0x256/0x3f0
[ 1102.055990][T19942] kern_select+0x21b/0x270
[ 1102.056049][T19942] ? __pfx_kern_select+0x10/0x10
[ 1102.056117][T19942] __x64_sys_select+0xbd/0x160
[ 1102.056169][T19942] ? do_syscall_64+0x95/0xf80
[ 1102.056230][T19942] ? lockdep_hardirqs_on+0x78/0x100
[ 1102.056275][T19942] do_syscall_64+0x106/0xf80
[ 1102.056319][T19942] ? clear_bhb_loop+0x40/0x90
[ 1102.056361][T19942] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1102.056396][T19942] RIP: 0033:0x7fe3f659c799
[ 1102.056425][T19942] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1102.056457][T19942] RSP: 002b:00007fe3f47f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017
[ 1102.056490][T19942] RAX: ffffffffffffffda RBX: 00007fe3f6816090 RCX: 00007fe3f659c799
[ 1102.056511][T19942] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001
[ 1102.056531][T19942] RBP: 00007fe3f6632c99 R08: 00002000000001c0 R09: 0000000000000000
[ 1102.056551][T19942] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1102.056571][T19942] R13: 00007fe3f6816128 R14: 00007fe3f6816090 R15: 00007ffdf9131f88
[ 1102.056615][T19942]
[ 1102.503345][T19936] FAULT_INJECTION: forcing a failure.
[ 1102.503345][T19936] name failslab, interval 1, probability 0, space 0, times 0
[ 1102.775628][T19936] CPU: 0 UID: 0 PID: 19936 Comm: syz.2.4392 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1102.775686][T19936] Tainted: [L]=SOFTLOCKUP
[ 1102.775698][T19936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1102.775717][T19936] Call Trace:
[ 1102.775728][T19936]
[ 1102.775742][T19936] dump_stack_lvl+0x100/0x190
[ 1102.775804][T19936] should_fail_ex.cold+0x5/0xa
[ 1102.775845][T19936] should_failslab+0xc2/0x120
[ 1102.775885][T19936] __kmalloc_cache_noprof+0x7a/0x6f0
[ 1102.775930][T19936] ? call_usermodehelper_setup+0xaf/0x360
[ 1102.775992][T19936] ? __pfx_free_modprobe_argv+0x10/0x10
[ 1102.776042][T19936] call_usermodehelper_setup+0xaf/0x360
[ 1102.776102][T19936] __request_module+0x3c7/0x6c0
[ 1102.776161][T19936] ? __pfx___request_module+0x10/0x10
[ 1102.776222][T19936] ? __get_fs_type+0x12c/0x170
[ 1102.776258][T19936] ? __get_fs_type+0x12c/0x170
[ 1102.776312][T19936] get_fs_type+0xd7/0x190
[ 1102.776341][T19936] __x64_sys_fsopen+0xca/0x220
[ 1102.776374][T19936] do_syscall_64+0x106/0xf80
[ 1102.776409][T19936] ? clear_bhb_loop+0x40/0x90
[ 1102.776438][T19936] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1102.776576][T19936] RIP: 0033:0x7fe3f659c799
[ 1102.776604][T19936] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1102.776630][T19936] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ae
[ 1102.776654][T19936] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 1102.776670][T19936] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[ 1102.776685][T19936] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 1102.776700][T19936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1102.776715][T19936] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 1102.776752][T19936]
[ 1110.430179][T20006] FAULT_INJECTION: forcing a failure.
[ 1110.430179][T20006] name failslab, interval 1, probability 0, space 0, times 0
[ 1110.538238][T20006] CPU: 1 UID: 0 PID: 20006 Comm: syz.2.4406 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1110.538293][T20006] Tainted: [L]=SOFTLOCKUP
[ 1110.538304][T20006] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1110.538324][T20006] Call Trace:
[ 1110.538335][T20006]
[ 1110.538346][T20006] dump_stack_lvl+0x100/0x190
[ 1110.538418][T20006] should_fail_ex.cold+0x5/0xa
[ 1110.538457][T20006] should_failslab+0xc2/0x120
[ 1110.538493][T20006] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1110.538546][T20006] ? security_inode_alloc+0x3b/0x2c0
[ 1110.538581][T20006] ? lockdep_init_map_type+0x5c/0x250
[ 1110.538636][T20006] security_inode_alloc+0x3b/0x2c0
[ 1110.538671][T20006] inode_init_always_gfp+0xced/0x1040
[ 1110.538712][T20006] alloc_inode+0x8e/0x250
[ 1110.538755][T20006] new_inode+0x22/0x1c0
[ 1110.538803][T20006] hugetlbfs_get_inode+0x313/0x750
[ 1110.538891][T20006] hugetlb_file_setup+0x3cc/0x5b0
[ 1110.538935][T20006] newseg+0xabb/0xed0
[ 1110.538985][T20006] ? __pfx_newseg+0x10/0x10
[ 1110.539024][T20006] ? down_write+0x146/0x1f0
[ 1110.539077][T20006] ? ksys_write+0x190/0x250
[ 1110.539106][T20006] ? ksys_write+0x190/0x250
[ 1110.539142][T20006] ipcget+0xee/0xf50
[ 1110.539183][T20006] ? do_futex+0x192/0x350
[ 1110.539227][T20006] ? __pfx_do_futex+0x10/0x10
[ 1110.539278][T20006] ? __pfx_ipcget+0x10/0x10
[ 1110.539321][T20006] ? __x64_sys_futex+0x34f/0x4d0
[ 1110.539364][T20006] ? __x64_sys_futex+0x358/0x4d0
[ 1110.539426][T20006] __x64_sys_shmget+0x13b/0x1b0
[ 1110.539470][T20006] ? __pfx___x64_sys_shmget+0x10/0x10
[ 1110.539521][T20006] do_syscall_64+0x106/0xf80
[ 1110.539565][T20006] ? clear_bhb_loop+0x40/0x90
[ 1110.539606][T20006] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1110.539641][T20006] RIP: 0033:0x7fe3f659c799
[ 1110.539670][T20006] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1110.539703][T20006] RSP: 002b:00007fe3f47d5028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[ 1110.539735][T20006] RAX: ffffffffffffffda RBX: 00007fe3f6816180 RCX: 00007fe3f659c799
[ 1110.539765][T20006] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[ 1110.539787][T20006] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 1110.539807][T20006] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1110.539827][T20006] R13: 00007fe3f6816218 R14: 00007fe3f6816180 R15: 00007ffdf9131f88
[ 1110.539880][T20006]
[ 1115.411683][T20064] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4423'.
[ 1116.332564][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1116.332659][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1121.234415][T20122] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4439'.
[ 1121.291915][T20122] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4439'.
[ 1121.684445][T20130] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4440'.
[ 1121.702949][T20130] batadv0: left allmulticast mode
[ 1121.708533][T20130] batadv0: left promiscuous mode
[ 1121.795019][T20130] bridge0: port 3(batadv0) entered disabled state
[ 1121.902513][T20130] bridge_slave_1: left allmulticast mode
[ 1121.908922][T20130] bridge_slave_1: left promiscuous mode
[ 1121.926860][T20130] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1121.966357][T20130] bridge_slave_0: left allmulticast mode
[ 1121.988569][T20130] bridge_slave_0: left promiscuous mode
[ 1122.037508][T20130] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1123.785116][T20152] can0: slcan on ttyS2.
[ 1124.189654][T20160] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4449'.
[ 1124.230445][T20160] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4449'.
[ 1124.265865][T20151] can0 (unregistered): slcan off ttyS2.
[ 1128.010329][T20186] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1128.036234][T20186] Bluetooth: hci0: Opcode 0x0406 failed: -4
[ 1128.290419][T20186] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1128.348263][T20189] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4454'.
[ 1128.381354][T20186] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1128.474955][T20186] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1128.503508][T20186] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1128.612330][T20186] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1128.679873][T20186] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1128.728037][T20186] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1128.778920][T20186] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1129.325840][T20198] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4458'.
[ 1129.397946][T20198] netlink: 'syz.0.4458': attribute type 1 has an invalid length.
[ 1129.436495][T20198] netlink: 'syz.0.4458': attribute type 6 has an invalid length.
[ 1130.072144][ T5836] Bluetooth: hci0: command 0x0406 tx timeout
[ 1130.312148][ T5836] Bluetooth: hci1: command 0x0406 tx timeout
[ 1130.562306][ T5836] Bluetooth: hci2: command 0x0406 tx timeout
[ 1130.798637][ T5836] Bluetooth: hci3: command 0x0406 tx timeout
[ 1132.152045][ T5836] Bluetooth: hci0: command 0x0406 tx timeout
[ 1132.411944][ T5836] Bluetooth: hci1: command 0x0406 tx timeout
[ 1132.433049][T20221] can: request_module (can-proto-5) failed.
[ 1132.632537][ T5836] Bluetooth: hci2: command 0x0406 tx timeout
[ 1132.872100][ T5836] Bluetooth: hci3: command 0x0406 tx timeout
[ 1134.722744][ T5836] Bluetooth: hci2: command 0x0406 tx timeout
[ 1136.792068][ T5836] Bluetooth: hci2: command 0x0406 tx timeout
[ 1136.828955][T20265] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4474'.
[ 1136.882949][T20265] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4474'.
[ 1137.732051][T20275] can: request_module (can-proto-5) failed.
[ 1138.216567][T20283] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4478'.
[ 1138.363730][T20283] bridge_slave_0: left allmulticast mode
[ 1138.403518][T20283] bridge_slave_0: left promiscuous mode
[ 1138.492439][T20283] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1142.037865][T20311] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4495'.
[ 1146.419460][T20343] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4496'.
[ 1147.852432][ T5836] Bluetooth: hci3: Received unexpected HCI Event 0x00
[ 1152.836147][T20389] can0: slcan on ttyS2.
[ 1152.996686][T20390] can0 (unregistered): slcan off ttyS2.
[ 1154.064044][T20397] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4510'.
[ 1154.077854][T20397] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4510'.
[ 1155.134773][T20420] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4514'.
[ 1155.374412][T20422] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4515'.
[ 1164.299032][ T29] audit: type=1800 audit(2147491857.081:24): pid=20523 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4536" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0
[ 1168.442869][T20546] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4540'.
[ 1170.263293][T20568] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4545'.
[ 1176.863833][T20628] can: request_module (can-proto-0) failed.
[ 1177.767682][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1177.774142][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1178.938716][T20655] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4568'.
[ 1179.003847][T20655] netlink: 354 bytes leftover after parsing attributes in process `syz.0.4568'.
[ 1184.494871][T20710] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4579'.
[ 1184.597296][T20710] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4579'.
[ 1204.326776][T20858] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4621'.
[ 1204.337620][T20858] netlink: 'syz.2.4621': attribute type 1 has an invalid length.
[ 1204.392326][T20858] netlink: 51505 bytes leftover after parsing attributes in process `syz.2.4621'.
[ 1211.382362][T20935] random: crng reseeded on system resumption
[ 1212.818339][T20948] can: request_module (can-proto-4) failed.
[ 1217.393160][T21000] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4650'.
[ 1217.414025][T21000] netlink: 'syz.0.4650': attribute type 1 has an invalid length.
[ 1217.437346][T21000] netlink: 13 bytes leftover after parsing attributes in process `syz.0.4650'.
[ 1218.686099][T21018] Console: switching to colour VGA+ 80x25
[ 1218.988286][T21019] Console: switching to colour frame buffer device 128x48
[ 1220.643302][T21037] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4658'.
[ 1220.663689][T21037] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4658'.
[ 1239.197233][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1239.203867][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1247.823346][T21236] can: request_module (can-proto-4) failed.
[ 1263.271423][T21366] binder: 21365:21366 ioctl c018620c 0 returned -1
[ 1292.221854][T21642] random: crng reseeded on system resumption
[ 1292.395590][T21642] Restarting kernel threads ...
[ 1292.413234][T21642] Done restarting kernel threads.
[ 1300.638673][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1300.645480][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1324.183700][T21908] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4844'.
[ 1334.272956][T21995] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4864'.
[ 1334.333113][T21997] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4864'.
[ 1334.817071][T22005] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4873'.
[ 1335.202287][T22005] bond0: (slave bond_slave_1): Releasing backup interface
[ 1340.873928][T22062] FAULT_INJECTION: forcing a failure.
[ 1340.873928][T22062] name fail_futex, interval 1, probability 0, space 0, times 0
[ 1340.905193][T22062] CPU: 1 UID: 0 PID: 22062 Comm: syz.2.4882 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1340.905247][T22062] Tainted: [L]=SOFTLOCKUP
[ 1340.905258][T22062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1340.905279][T22062] Call Trace:
[ 1340.905290][T22062]
[ 1340.905303][T22062] dump_stack_lvl+0x100/0x190
[ 1340.905362][T22062] should_fail_ex.cold+0x5/0xa
[ 1340.905407][T22062] get_futex_key+0x1d2/0x1620
[ 1340.905454][T22062] ? __pfx_get_futex_key+0x10/0x10
[ 1340.905510][T22062] futex_wake+0xea/0x530
[ 1340.905564][T22062] ? __pfx_futex_wake+0x10/0x10
[ 1340.905621][T22062] ? putname+0xb1/0x110
[ 1340.905655][T22062] ? kmem_cache_free+0x124/0x6a0
[ 1340.905713][T22062] do_futex+0x32b/0x350
[ 1340.905764][T22062] ? __pfx_do_futex+0x10/0x10
[ 1340.905806][T22062] ? __pfx_do_sys_openat2+0x10/0x10
[ 1340.905863][T22062] __x64_sys_futex+0x34f/0x4d0
[ 1340.905908][T22062] ? __x64_sys_openat+0x12d/0x210
[ 1340.905955][T22062] ? __pfx___x64_sys_futex+0x10/0x10
[ 1340.906017][T22062] do_syscall_64+0x106/0xf80
[ 1340.906065][T22062] ? clear_bhb_loop+0x40/0x90
[ 1340.906106][T22062] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1340.906137][T22062] RIP: 0033:0x7fe3f659c799
[ 1340.906174][T22062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1340.906208][T22062] RSP: 002b:00007fe3f47f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca
[ 1340.906242][T22062] RAX: ffffffffffffffda RBX: 00007fe3f6816098 RCX: 00007fe3f659c799
[ 1340.906265][T22062] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe3f681609c
[ 1340.906284][T22062] RBP: 00007fe3f6816090 R08: 0000000000000000 R09: 0000000000000000
[ 1340.906304][T22062] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000
[ 1340.906324][T22062] R13: 00007fe3f6816128 R14: 00007ffdf9131ea0 R15: 00007ffdf9131f88
[ 1340.906367][T22062]
[ 1351.466014][T22197] tipc: Started in network mode
[ 1351.504818][T22197] tipc: Node identity ffffffff, cluster identity 4711
[ 1351.544485][T22197] tipc: Node number set to 4294967295
[ 1353.228854][T22212] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9
[ 1357.297966][T22287] netlink: zone id is out of range
[ 1357.312221][T22287] netlink: zone id is out of range
[ 1357.351207][T22287] netlink: zone id is out of range
[ 1357.373498][T22288] netlink: zone id is out of range
[ 1357.390097][T22288] netlink: zone id is out of range
[ 1357.411317][T22288] netlink: zone id is out of range
[ 1357.434129][T22288] netlink: zone id is out of range
[ 1357.439901][T22287] netlink: zone id is out of range
[ 1357.458838][T22288] netlink: zone id is out of range
[ 1357.476687][T22288] netlink: zone id is out of range
[ 1358.334476][T22183] Bluetooth: hci1: unexpected event 0x0e length: 440 > 260
[ 1358.336034][T22183] Bluetooth: hci1: unexpected event for opcode 0x0f00
[ 1361.295743][T22359] netlink: 306 bytes leftover after parsing attributes in process `syz.2.4945'.
[ 1362.089421][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1362.111688][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1362.393863][T22183] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 1362.402520][T22183] Bluetooth: hci1: Injecting HCI hardware error event
[ 1362.411461][T22183] Bluetooth: hci1: hardware error 0x00
[ 1364.473268][T22183] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1372.619358][T22520] can0: slcan on ttyS2.
[ 1372.742975][T22525] can0 (unregistered): slcan off ttyS2.
[ 1378.937592][T22630] FAULT_INJECTION: forcing a failure.
[ 1378.937592][T22630] name failslab, interval 1, probability 0, space 0, times 0
[ 1378.950578][T22630] CPU: 1 UID: 0 PID: 22630 Comm: syz.2.5005 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1378.950630][T22630] Tainted: [L]=SOFTLOCKUP
[ 1378.950642][T22630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1378.950662][T22630] Call Trace:
[ 1378.950673][T22630]
[ 1378.950686][T22630] dump_stack_lvl+0x100/0x190
[ 1378.950744][T22630] should_fail_ex.cold+0x5/0xa
[ 1378.950786][T22630] should_failslab+0xc2/0x120
[ 1378.950821][T22630] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1378.950872][T22630] ? security_inode_alloc+0x3b/0x2c0
[ 1378.950908][T22630] ? lockdep_init_map_type+0x5c/0x250
[ 1378.950962][T22630] security_inode_alloc+0x3b/0x2c0
[ 1378.950998][T22630] inode_init_always_gfp+0xced/0x1040
[ 1378.951040][T22630] alloc_inode+0x8e/0x250
[ 1378.951085][T22630] new_inode+0x22/0x1c0
[ 1378.951142][T22630] hugetlbfs_get_inode+0x313/0x750
[ 1378.951188][T22630] hugetlb_file_setup+0x3cc/0x5b0
[ 1378.951232][T22630] newseg+0xabb/0xed0
[ 1378.951282][T22630] ? __pfx_newseg+0x10/0x10
[ 1378.951324][T22630] ? down_write+0x146/0x1f0
[ 1378.951387][T22630] ? ksys_write+0x190/0x250
[ 1378.951418][T22630] ? ksys_write+0x190/0x250
[ 1378.951456][T22630] ipcget+0xee/0xf50
[ 1378.951497][T22630] ? do_futex+0x192/0x350
[ 1378.951543][T22630] ? __pfx_do_futex+0x10/0x10
[ 1378.951594][T22630] ? __pfx_ipcget+0x10/0x10
[ 1378.951638][T22630] ? __x64_sys_futex+0x34f/0x4d0
[ 1378.951680][T22630] ? __x64_sys_futex+0x358/0x4d0
[ 1378.951735][T22630] __x64_sys_shmget+0x13b/0x1b0
[ 1378.951779][T22630] ? __pfx___x64_sys_shmget+0x10/0x10
[ 1378.951835][T22630] do_syscall_64+0x106/0xf80
[ 1378.951880][T22630] ? clear_bhb_loop+0x40/0x90
[ 1378.951921][T22630] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1378.951955][T22630] RIP: 0033:0x7fe3f659c799
[ 1378.951982][T22630] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1378.952013][T22630] RSP: 002b:00007fe3f737e028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[ 1378.952046][T22630] RAX: ffffffffffffffda RBX: 00007fe3f6815fa0 RCX: 00007fe3f659c799
[ 1378.952068][T22630] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[ 1378.952088][T22630] RBP: 00007fe3f6632c99 R08: 0000000000000000 R09: 0000000000000000
[ 1378.952108][T22630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1378.952143][T22630] R13: 00007fe3f6816038 R14: 00007fe3f6815fa0 R15: 00007ffdf9131f88
[ 1378.952190][T22630]
[ 1392.238261][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1392.244981][ C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[ 1392.778022][T22907] net_ratelimit: 16 callbacks suppressed
[ 1392.778050][T22907] netlink: zone id is out of range
[ 1392.824727][T22907] netlink: zone id is out of range
[ 1392.829977][T22907] netlink: zone id is out of range
[ 1392.862001][T22907] netlink: zone id is out of range
[ 1393.001498][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807ffd1c00: rx timeout, send abort
[ 1393.010253][T22907] netlink: zone id is out of range
[ 1393.017214][T22907] netlink: zone id is out of range
[ 1393.053591][T22911] netlink: zone id is out of range
[ 1393.065558][T22911] netlink: zone id is out of range
[ 1393.077956][T22907] netlink: zone id is out of range
[ 1393.207587][T22907] netlink: zone id is out of range
[ 1393.509826][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807ffd1c00: abort rx timeout. Force session deactivation
[ 1394.140062][ T29] audit: type=1806 audit(2147492086.920:25): xattr="." res=0
[ 1399.899297][T23018] netlink: 306 bytes leftover after parsing attributes in process `syz.1.5100'.
[ 1411.400858][T22140] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1411.420975][T22140] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1411.448483][T22140] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1411.463912][T22140] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1411.475810][T22140] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1411.865760][T23143] chnl_net:caif_netlink_parms(): no params data found
[ 1412.063266][T23143] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1412.070571][T23143] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1412.081002][T23143] bridge_slave_0: entered allmulticast mode
[ 1412.095453][T23143] bridge_slave_0: entered promiscuous mode
[ 1412.105923][T23143] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1412.115649][T23143] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1412.124693][T23143] bridge_slave_1: entered allmulticast mode
[ 1412.133336][T23143] bridge_slave_1: entered promiscuous mode
[ 1412.258062][T23143] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1412.271986][T23143] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1412.391634][T23143] team0: Port device team_slave_0 added
[ 1412.400620][T23143] team0: Port device team_slave_1 added
[ 1412.563478][T23143] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1412.570575][T23143] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1412.611706][T23143] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1412.649824][T23143] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1412.675982][T23143] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1412.731620][T23143] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1413.079571][T23143] hsr_slave_0: entered promiscuous mode
[ 1413.091284][T23143] hsr_slave_1: entered promiscuous mode
[ 1413.108903][T23143] debugfs: 'hsr0' already exists in 'hsr'
[ 1413.118185][T23143] Cannot create hsr debugfs directory
[ 1413.592040][T22140] Bluetooth: hci4: command tx timeout
[ 1414.126581][T23143] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1414.262429][T23143] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1414.303244][T23143] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1414.378992][T23143] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1415.025741][T23143] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1415.090694][T23143] 8021q: adding VLAN 0 to HW filter on device team0
[ 1415.138572][T22153] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1415.145874][T22153] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1415.325655][T22153] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1415.332937][T22153] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1415.447988][T23143] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1415.701873][T22140] Bluetooth: hci4: command tx timeout
[ 1416.398484][T23143] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1416.868356][T23143] veth0_vlan: entered promiscuous mode
[ 1416.885055][T23143] veth1_vlan: entered promiscuous mode
[ 1416.940984][T23143] veth0_macvtap: entered promiscuous mode
[ 1416.952230][T23143] veth1_macvtap: entered promiscuous mode
[ 1416.974880][T23143] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1416.993095][T23143] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1417.009888][T22153] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.020589][T22153] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.038977][T22153] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.047897][T22153] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1417.145582][T22139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1417.158512][T22139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1417.193911][T22139] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1417.204593][T22139] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1417.392462][T23263] net_ratelimit: 42 callbacks suppressed
[ 1417.392490][T23263] netlink: zone id is out of range
[ 1417.412738][T23263] netlink: zone id is out of range
[ 1417.417977][T23263] netlink: zone id is out of range
[ 1417.427421][T23263] netlink: zone id is out of range
[ 1417.453067][T23263] netlink: zone id is out of range
[ 1417.459441][T23263] netlink: zone id is out of range
[ 1417.472475][T23263] netlink: zone id is out of range
[ 1417.492942][T23263] netlink: zone id is out of range
[ 1417.498121][T23263] netlink: zone id is out of range
[ 1417.510476][T23264] netlink: zone id is out of range
[ 1417.753119][T22140] Bluetooth: hci4: command tx timeout
[ 1418.785215][T23294] vcan0: tx drop: invalid sa for name 0x00000000000000fd
[ 1419.054952][T23301] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030
[ 1419.832986][T22183] Bluetooth: hci4: command tx timeout
[ 1423.523456][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1423.530076][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1423.545868][T23365] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5172'.
[ 1423.565358][T23365] netlink: 'syz.4.5172': attribute type 1 has an invalid length.
[ 1423.592030][T23365] netlink: 'syz.4.5172': attribute type 6 has an invalid length.
[ 1424.336362][T22153] netdevsim netdevsim100 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1435.963651][T22140] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1436.002123][T22140] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1436.011669][T22140] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1436.037269][T22140] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1436.045861][T22140] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1437.172123][T23466] chnl_net:caif_netlink_parms(): no params data found
[ 1437.725485][T23466] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1437.740083][T23466] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1437.760788][T23466] bridge_slave_0: entered allmulticast mode
[ 1437.799606][T23466] bridge_slave_0: entered promiscuous mode
[ 1437.842039][T23466] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1437.868420][T23466] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1437.879945][T23466] bridge_slave_1: entered allmulticast mode
[ 1437.889293][T23495] netlink: 504 bytes leftover after parsing attributes in process `syz.4.5202'.
[ 1437.895201][T23466] bridge_slave_1: entered promiscuous mode
[ 1438.087237][T22140] Bluetooth: hci5: command tx timeout
[ 1438.138955][T23466] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1438.218434][T23466] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1438.304534][T23503] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5204'.
[ 1438.364417][T23505] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5204'.
[ 1438.431450][T23466] team0: Port device team_slave_0 added
[ 1438.458079][T23466] team0: Port device team_slave_1 added
[ 1438.681939][T23466] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1438.706859][T23466] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1438.798085][T23466] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1438.906330][T23466] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1438.918271][T23466] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1439.024776][T23466] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1439.383373][T23508] zswap: compressor � not available
[ 1439.735961][T23466] hsr_slave_0: entered promiscuous mode
[ 1439.748394][T23466] hsr_slave_1: entered promiscuous mode
[ 1439.758177][T23466] debugfs: 'hsr0' already exists in 'hsr'
[ 1439.772986][T23466] Cannot create hsr debugfs directory
[ 1440.152139][T22183] Bluetooth: hci5: command tx timeout
[ 1440.490202][T23534] net_ratelimit: 16 callbacks suppressed
[ 1440.490226][T23534] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1440.671374][T23466] netdevsim netdevsim5 netdevsim0: renamed from eth0
[ 1440.746274][T23466] netdevsim netdevsim5 netdevsim1: renamed from eth1
[ 1440.790618][T23466] netdevsim netdevsim5 netdevsim2: renamed from eth2
[ 1440.834374][T23466] netdevsim netdevsim5 netdevsim3: renamed from eth3
[ 1441.360458][T23466] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1441.403669][T23466] 8021q: adding VLAN 0 to HW filter on device team0
[ 1441.424556][T22153] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1441.431811][T22153] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1441.556990][T22153] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1441.564180][T22153] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1442.232604][T22140] Bluetooth: hci5: command tx timeout
[ 1442.370284][T23466] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1443.605052][T23466] veth0_vlan: entered promiscuous mode
[ 1443.628439][T23466] veth1_vlan: entered promiscuous mode
[ 1443.839900][T23466] veth0_macvtap: entered promiscuous mode
[ 1444.139129][T23466] veth1_macvtap: entered promiscuous mode
[ 1444.275732][T23466] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1444.313185][T22140] Bluetooth: hci5: command tx timeout
[ 1444.391219][T23466] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1444.435515][T22153] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1444.482363][T22153] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1444.491183][T22153] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1444.538291][T22153] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1444.821285][T22322] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1444.850856][T22322] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1444.971910][T23576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1445.007788][T23576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1448.300989][T22140] Bluetooth: hci4: unexpected event 0x10 length: 440 > 1
[ 1448.303157][T22140] Bluetooth: hci4: hardware error 0x00
[ 1450.474187][T22140] Bluetooth: hci4: Opcode 0x0c03 failed: -110
[ 1452.999324][T23722] netlink: 504 bytes leftover after parsing attributes in process `syz.1.5247'.
[ 1455.650499][ T29] audit: type=1804 audit(2147492148.436:26): pid=23771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.5258" name="file0" dev="tmpfs" ino=7068 res=1 errno=0
[ 1455.712017][ T29] audit: type=1804 audit(2147492148.476:27): pid=23772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.5258" name="file0" dev="tmpfs" ino=7068 res=1 errno=0
[ 1455.885124][T23754] hub 1-0:1.0: USB hub found
[ 1455.891317][T23754] hub 1-0:1.0: 1 port detected
[ 1456.495445][T23780] netlink: 504 bytes leftover after parsing attributes in process `syz.3.5259'.
[ 1460.014576][T23832] netlink: 504 bytes leftover after parsing attributes in process `syz.5.5270'.
[ 1461.578926][T23867] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5280'.
[ 1461.599891][T23867] netlink: 'syz.5.5280': attribute type 1 has an invalid length.
[ 1461.635261][T23867] netlink: 342 bytes leftover after parsing attributes in process `syz.5.5280'.
[ 1462.559749][T23889] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable
[ 1474.313731][T24084] netlink: 338 bytes leftover after parsing attributes in process `syz.3.5325'.
[ 1476.508760][T24115] FAULT_INJECTION: forcing a failure.
[ 1476.508760][T24115] name failslab, interval 1, probability 0, space 0, times 0
[ 1476.561964][T24115] CPU: 0 UID: 0 PID: 24115 Comm: syz.5.5331 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1476.562004][T24115] Tainted: [L]=SOFTLOCKUP
[ 1476.562013][T24115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1476.562029][T24115] Call Trace:
[ 1476.562037][T24115]
[ 1476.562046][T24115] dump_stack_lvl+0x100/0x190
[ 1476.562091][T24115] should_fail_ex.cold+0x5/0xa
[ 1476.562120][T24115] should_failslab+0xc2/0x120
[ 1476.562147][T24115] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1476.562185][T24115] ? security_inode_alloc+0x3b/0x2c0
[ 1476.562212][T24115] ? lockdep_init_map_type+0x5c/0x250
[ 1476.562250][T24115] security_inode_alloc+0x3b/0x2c0
[ 1476.562275][T24115] inode_init_always_gfp+0xced/0x1040
[ 1476.562304][T24115] alloc_inode+0x8e/0x250
[ 1476.562335][T24115] new_inode+0x22/0x1c0
[ 1476.562369][T24115] hugetlbfs_get_inode+0x313/0x750
[ 1476.562400][T24115] hugetlb_file_setup+0x3cc/0x5b0
[ 1476.562430][T24115] newseg+0xabb/0xed0
[ 1476.562466][T24115] ? __pfx_newseg+0x10/0x10
[ 1476.562494][T24115] ? down_write+0x146/0x1f0
[ 1476.562535][T24115] ? ksys_write+0x190/0x250
[ 1476.562555][T24115] ? ksys_write+0x190/0x250
[ 1476.562581][T24115] ipcget+0xee/0xf50
[ 1476.562611][T24115] ? do_futex+0x192/0x350
[ 1476.562653][T24115] ? __pfx_do_futex+0x10/0x10
[ 1476.562690][T24115] ? __pfx_ipcget+0x10/0x10
[ 1476.562722][T24115] ? __x64_sys_futex+0x34f/0x4d0
[ 1476.562751][T24115] ? __x64_sys_futex+0x358/0x4d0
[ 1476.562788][T24115] __x64_sys_shmget+0x13b/0x1b0
[ 1476.562820][T24115] ? __pfx___x64_sys_shmget+0x10/0x10
[ 1476.562860][T24115] do_syscall_64+0x106/0xf80
[ 1476.562893][T24115] ? clear_bhb_loop+0x40/0x90
[ 1476.562922][T24115] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1476.562947][T24115] RIP: 0033:0x7f6a7fb9c799
[ 1476.562966][T24115] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1476.562990][T24115] RSP: 002b:00007f6a80ad7028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[ 1476.563013][T24115] RAX: ffffffffffffffda RBX: 00007f6a7fe16180 RCX: 00007f6a7fb9c799
[ 1476.563028][T24115] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[ 1476.563043][T24115] RBP: 00007f6a7fc32c99 R08: 0000000000000000 R09: 0000000000000000
[ 1476.563057][T24115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1476.563071][T24115] R13: 00007f6a7fe16218 R14: 00007f6a7fe16180 R15: 00007ffff2b686c8
[ 1476.563103][T24115]
[ 1479.040791][T24145] zswap: compressor not available
[ 1484.962958][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[ 1484.972835][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[ 1486.805593][T24252] vivid-007: ================= START STATUS =================
[ 1486.837694][T24252] vivid-007: Enable Output Cropping: true
[ 1486.857420][T24255] sd 0:0:1:0: PR command failed: 1026
[ 1486.902836][T24252] vivid-007: Enable Output Composing: true
[ 1486.906979][T24255] sd 0:0:1:0: Sense Key : Illegal Request [current]
[ 1486.928068][T24252] vivid-007: Enable Output Scaler: true
[ 1486.942000][T24255] sd 0:0:1:0: Add. Sense: Invalid command operation code
[ 1486.973790][T24252] vivid-007: Tx RGB Quantization Range: Automatic
[ 1486.999628][T24252] vivid-007: Transmit Mode: HDMI
[ 1487.028984][T24252] vivid-007: Hotplug Present: 0x00000000
[ 1487.061207][T24252] vivid-007: RxSense Present: 0x00000000
[ 1487.101514][T24252] vivid-007: EDID Present: 0x00000000
[ 1487.137693][T24252] vivid-007: ================== END STATUS ==================
[ 1489.355838][T24271] FAULT_INJECTION: forcing a failure.
[ 1489.355838][T24271] name failslab, interval 1, probability 0, space 0, times 0
[ 1489.439944][T24271] CPU: 1 UID: 0 PID: 24271 Comm: syz.4.5363 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1489.440008][T24271] Tainted: [L]=SOFTLOCKUP
[ 1489.440020][T24271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1489.440040][T24271] Call Trace:
[ 1489.440051][T24271]
[ 1489.440063][T24271] dump_stack_lvl+0x100/0x190
[ 1489.440121][T24271] should_fail_ex.cold+0x5/0xa
[ 1489.440163][T24271] should_failslab+0xc2/0x120
[ 1489.440197][T24271] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1489.440249][T24271] ? security_inode_alloc+0x3b/0x2c0
[ 1489.440284][T24271] ? lockdep_init_map_type+0x5c/0x250
[ 1489.440335][T24271] security_inode_alloc+0x3b/0x2c0
[ 1489.440371][T24271] inode_init_always_gfp+0xced/0x1040
[ 1489.440411][T24271] alloc_inode+0x8e/0x250
[ 1489.440457][T24271] new_inode+0x22/0x1c0
[ 1489.440506][T24271] hugetlbfs_get_inode+0x313/0x750
[ 1489.440548][T24271] hugetlb_file_setup+0x3cc/0x5b0
[ 1489.440591][T24271] newseg+0xabb/0xed0
[ 1489.440641][T24271] ? __pfx_newseg+0x10/0x10
[ 1489.440682][T24271] ? down_write+0x146/0x1f0
[ 1489.440735][T24271] ? ksys_write+0x190/0x250
[ 1489.440764][T24271] ? ksys_write+0x190/0x250
[ 1489.440801][T24271] ipcget+0xee/0xf50
[ 1489.440843][T24271] ? do_futex+0x192/0x350
[ 1489.440888][T24271] ? __pfx_do_futex+0x10/0x10
[ 1489.440939][T24271] ? __pfx_ipcget+0x10/0x10
[ 1489.440992][T24271] ? __x64_sys_futex+0x34f/0x4d0
[ 1489.441035][T24271] ? __x64_sys_futex+0x358/0x4d0
[ 1489.441088][T24271] __x64_sys_shmget+0x13b/0x1b0
[ 1489.441132][T24271] ? __pfx___x64_sys_shmget+0x10/0x10
[ 1489.441195][T24271] do_syscall_64+0x106/0xf80
[ 1489.441240][T24271] ? clear_bhb_loop+0x40/0x90
[ 1489.441282][T24271] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1489.441317][T24271] RIP: 0033:0x7f465a19c799
[ 1489.441346][T24271] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1489.441380][T24271] RSP: 002b:00007f465b030028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d
[ 1489.441413][T24271] RAX: ffffffffffffffda RBX: 00007f465a415fa0 RCX: 00007f465a19c799
[ 1489.441436][T24271] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000
[ 1489.441457][T24271] RBP: 00007f465a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1489.441477][T24271] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1489.441496][T24271] R13: 00007f465a416038 R14: 00007f465a415fa0 R15: 00007ffde9c18d88
[ 1489.441541][T24271]
[ 1494.849514][T22597] netdevsim netdevsim1335 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1497.949804][T24391] Invalid ELF header magic: != ELF
[ 1499.211334][T24401] FAULT_INJECTION: forcing a failure.
[ 1499.211334][T24401] name failslab, interval 1, probability 0, space 0, times 0
[ 1499.230248][T24401] CPU: 1 UID: 0 PID: 24401 Comm: syz.4.5386 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1499.230302][T24401] Tainted: [L]=SOFTLOCKUP
[ 1499.230314][T24401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1499.230333][T24401] Call Trace:
[ 1499.230345][T24401]
[ 1499.230356][T24401] dump_stack_lvl+0x100/0x190
[ 1499.230416][T24401] should_fail_ex.cold+0x5/0xa
[ 1499.230456][T24401] should_failslab+0xc2/0x120
[ 1499.230491][T24401] __kmalloc_cache_noprof+0x7a/0x6f0
[ 1499.230538][T24401] ? alloc_fs_context+0x57/0xf40
[ 1499.230585][T24401] alloc_fs_context+0x57/0xf40
[ 1499.230632][T24401] mq_init_ns+0x16e/0x820
[ 1499.230670][T24401] copy_ipcs+0x3dd/0x7e0
[ 1499.230717][T24401] create_new_namespaces+0x20a/0xac0
[ 1499.230754][T24401] ? security_capable+0x80/0x260
[ 1499.230812][T24401] unshare_nsproxy_namespaces+0xc3/0x1f0
[ 1499.230854][T24401] ksys_unshare+0x473/0xad0
[ 1499.230900][T24401] ? __pfx_ksys_unshare+0x10/0x10
[ 1499.230959][T24401] __x64_sys_unshare+0x31/0x40
[ 1499.231000][T24401] do_syscall_64+0x106/0xf80
[ 1499.231046][T24401] ? clear_bhb_loop+0x40/0x90
[ 1499.231088][T24401] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1499.231123][T24401] RIP: 0033:0x7f465a19c799
[ 1499.231151][T24401] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[ 1499.231187][T24401] RSP: 002b:00007f465b030028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110
[ 1499.231220][T24401] RAX: ffffffffffffffda RBX: 00007f465a415fa0 RCX: 00007f465a19c799
[ 1499.231243][T24401] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000
[ 1499.231263][T24401] RBP: 00007f465a232c99 R08: 0000000000000000 R09: 0000000000000000
[ 1499.231283][T24401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1499.231303][T24401] R13: 00007f465a416038 R14: 00007f465a415fa0 R15: 00007ffde9c18d88
[ 1499.231347][T24401]
[ 1499.496605][T24401] FAULT_INJECTION: forcing a failure.
[ 1499.496605][T24401] name failslab, interval 1, probability 0, space 0, times 0
[ 1499.509406][T24401] CPU: 1 UID: 0 PID: 24401 Comm: syz.4.5386 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1499.509462][T24401] Tainted: [L]=SOFTLOCKUP
[ 1499.509474][T24401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1499.509495][T24401] Call Trace:
[ 1499.509505][T24401]
[ 1499.509518][T24401] dump_stack_lvl+0x100/0x190
[ 1499.509576][T24401] should_fail_ex.cold+0x5/0xa
[ 1499.509615][T24401] should_failslab+0xc2/0x120
[ 1499.509651][T24401] kmem_cache_alloc_noprof+0x7b/0x6e0
[ 1499.509702][T24401] ? skb_clone+0x190/0x400
[ 1499.509760][T24401] skb_clone+0x190/0x400
[ 1499.509810][T24401] netlink_deliver_tap+0xaed/0xcc0
[ 1499.509871][T24401] netlink_unicast+0x650/0x870
[ 1499.509930][T24401] ? __pfx_netlink_unicast+0x10/0x10
[ 1499.509998][T24401] netlink_sendmsg+0x8b0/0xda0
[ 1499.510058][T24401] ? __pfx_netlink_sendmsg+0x10/0x10
[ 1499.510114][T24401] ? aa_sock_msg_perm.isra.0+0x100/0x1b0
[ 1499.510176][T24401] __sys_sendto+0x468/0x4b0
[ 1499.510225][T24401] ? __pfx_netlink_sendmsg+0x10/0x10
[ 1499.510281][T24401] ? __pfx___sys_sendto+0x10/0x10
[ 1499.510339][T24401] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0
[ 1499.510398][T24401] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0
[ 1499.510485][T24401] __x64_sys_sendto+0xe0/0x1c0
[ 1499.510527][T24401] ? do_syscall_64+0x95/0xf80
[ 1499.510572][T24401] ? lockdep_hardirqs_on+0x78/0x100
[ 1499.510618][T24401] do_syscall_64+0x106/0xf80
[ 1499.510664][T24401] ? clear_bhb_loop+0x40/0x90
[ 1499.510707][T24401] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1499.510743][T24401] RIP: 0033:0x7f465a15cfce
[ 1499.510771][T24401] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08
[ 1499.510804][T24401] RSP: 002b:00007f465b02ee88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[ 1499.510838][T24401] RAX: ffffffffffffffda RBX: 00007f465b0306c0 RCX: 00007f465a15cfce
[ 1499.510861][T24401] RDX: 000000000000001c RSI: 00007f465b02f000 RDI: 0000000000000005
[ 1499.510881][T24401] RBP: 0000000000000000 R08: 00007f465b02ef04 R09: 000000000000000c
[ 1499.510902][T24401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[ 1499.510921][T24401] R13: 00007f465b02ef58 R14: 00007f465b02f000 R15: 0000000000000000
[ 1499.510965][T24401]
[ 1499.988203][T22183] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[ 1499.998263][T22183] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[ 1500.006614][T22183] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[ 1500.015915][T22183] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[ 1500.025644][T22183] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[ 1500.216813][T24408] chnl_net:caif_netlink_parms(): no params data found
[ 1500.315741][T24408] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1500.323003][T24408] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1500.330381][T24408] bridge_slave_0: entered allmulticast mode
[ 1500.338281][T24408] bridge_slave_0: entered promiscuous mode
[ 1500.347384][T24408] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1500.355601][T24408] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1500.363398][T24408] bridge_slave_1: entered allmulticast mode
[ 1500.371139][T24408] bridge_slave_1: entered promiscuous mode
[ 1500.410502][T24408] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1500.423793][T24408] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1500.460704][T24408] team0: Port device team_slave_0 added
[ 1500.469452][T24408] team0: Port device team_slave_1 added
[ 1500.505096][T24408] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1500.512541][T24408] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1500.538611][T24408] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1500.551283][T24408] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1500.559852][T24408] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[ 1500.586252][T24408] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1500.640178][T24408] hsr_slave_0: entered promiscuous mode
[ 1500.647043][T24408] hsr_slave_1: entered promiscuous mode
[ 1500.653743][T24408] debugfs: 'hsr0' already exists in 'hsr'
[ 1500.659864][T24408] Cannot create hsr debugfs directory
[ 1500.853873][T24408] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1500.865681][T24408] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1500.877067][T24408] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1500.888544][T24408] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1500.923226][T24408] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1500.930457][T24408] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1500.938092][T24408] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1500.945405][T24408] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1501.017994][T24408] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1501.037261][T22322] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1501.046150][T22322] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1501.063851][T24408] 8021q: adding VLAN 0 to HW filter on device team0
[ 1501.079714][T22144] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1501.086949][T22144] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1501.105563][T22143] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1501.112865][T22143] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1501.366066][T24408] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1501.646681][T24408] veth0_vlan: entered promiscuous mode
[ 1501.659895][T24408] veth1_vlan: entered promiscuous mode
[ 1501.694547][T24408] veth0_macvtap: entered promiscuous mode
[ 1501.705430][T24408] veth1_macvtap: entered promiscuous mode
[ 1501.727726][T24408] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1501.746705][T24408] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1501.763375][T22153] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1501.772845][T22153] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1501.785689][T22153] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1501.795416][T22153] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1501.889304][T22322] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1501.898026][T22322] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1501.944418][T22322] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1501.954313][T22322] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1502.073694][T22183] Bluetooth: hci6: command tx timeout
[ 1504.166618][T22183] Bluetooth: hci6: command tx timeout
[ 1504.791997][ T30] INFO: task kworker/u8:9:1148 blocked for more than 143 seconds.
[ 1504.800630][ T30] Tainted: G L syzkaller #0
[ 1504.821245][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1504.855075][ T30] task:kworker/u8:9 state:D stack:23512 pid:1148 tgid:1148 ppid:2 task_flags:0x4208060 flags:0x00080000
[ 1504.881820][ T30] Workqueue: netns cleanup_net
[ 1504.894471][ T30] Call Trace:
[ 1504.902008][ T30]
[ 1504.909604][ T30] __schedule+0xfee/0x6120
[ 1504.919972][ T30] ? __lock_acquire+0x4a5/0x2630
[ 1504.936921][ T30] ? __pfx___schedule+0x10/0x10
[ 1505.001549][ T30] ? find_held_lock+0x2b/0x80
[ 1505.018492][ T30] ? schedule+0x2bf/0x390
[ 1505.033469][ T30] schedule+0xdd/0x390
[ 1505.044117][ T30] schedule_timeout+0x1b2/0x280
[ 1505.060423][ T30] ? __pfx_schedule_timeout+0x10/0x10
[ 1505.071901][ T30] ? mark_held_locks+0x40/0x70
[ 1505.084088][ T30] __wait_for_common+0x2e7/0x4c0
[ 1505.096998][ T30] ? __pfx_schedule_timeout+0x10/0x10
[ 1505.115855][ T30] ? __pfx___wait_for_common+0x10/0x10
[ 1505.129307][ T30] ? _raw_spin_unlock_irq+0x23/0x50
[ 1505.140503][ T30] ? flush_workqueue_prep_pwqs+0x2e9/0x510
[ 1505.153501][ T30] __flush_workqueue+0x3f7/0x1200
[ 1505.172271][ T30] ? __lock_acquire+0x4a5/0x2630
[ 1505.178801][ T30] ? __lock_acquire+0x4a5/0x2630
[ 1505.195343][ T30] ? __pfx___flush_workqueue+0x10/0x10
[ 1505.203963][ T30] ? reacquire_held_locks+0xce/0x1e0
[ 1505.219032][ T30] ? __pfx_sock_def_readable+0x10/0x10
[ 1505.225250][ T30] ? __pfx_sock_def_readable+0x10/0x10
[ 1505.232237][ T30] rds_tcp_listen_stop+0x104/0x160
[ 1505.237663][ T30] rds_tcp_exit_net+0xe0/0x870
[ 1505.298726][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10
[ 1505.320405][ T30] ? __pfx___might_resched+0x10/0x10
[ 1505.326107][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10
[ 1505.346245][ T30] ops_undo_list+0x2ee/0xab0
[ 1505.351067][ T30] ? __pfx_ops_undo_list+0x10/0x10
[ 1505.362738][ T30] ? cleanup_net+0x332/0x920
[ 1505.367613][ T30] ? idr_destroy+0x62/0x2e0
[ 1505.373243][ T30] cleanup_net+0x499/0x920
[ 1505.377859][ T30] ? __pfx_cleanup_net+0x10/0x10
[ 1505.385257][ T30] ? rcu_is_watching+0x12/0xc0
[ 1505.390217][ T30] process_one_work+0x9d7/0x1920
[ 1505.396639][ T30] ? __pfx_process_one_work+0x10/0x10
[ 1505.405421][ T30] ? __pfx_cleanup_net+0x10/0x10
[ 1505.410722][ T30] worker_thread+0x5da/0xe40
[ 1505.415836][ T30] ? kthread+0x13a/0x450
[ 1505.420251][ T30] ? __pfx_worker_thread+0x10/0x10
[ 1505.425647][ T30] kthread+0x370/0x450
[ 1505.429889][ T30] ? __pfx_kthread+0x10/0x10
[ 1505.454975][ T30] ret_from_fork+0x754/0xd80
[ 1505.459780][ T30] ? __pfx_ret_from_fork+0x10/0x10
[ 1505.467816][ T30] ? __switch_to+0x7b4/0x1120
[ 1505.473970][ T30] ? __pfx_kthread+0x10/0x10
[ 1505.478667][ T30] ret_from_fork_asm+0x1a/0x30
[ 1505.483810][ T30]
[ 1505.487652][ T30]
[ 1505.487652][ T30] Showing all locks held in the system:
[ 1505.498580][ T30] 1 lock held by ksoftirqd/1/23:
[ 1505.506610][ T30] 1 lock held by khungtaskd/30:
[ 1505.511524][ T30] #0: ffffffff8e7e73e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184
[ 1505.523783][ T30] 2 locks held by kworker/1:1/42:
[ 1505.534802][ T30] 3 locks held by kworker/u8:9/1148:
[ 1505.544051][ T30] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920
[ 1505.621760][ T30] #1: ffffc90004f0fd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920
[ 1505.637664][ T30] #2: ffffffff905fb550 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920
[ 1505.647290][ T30] 1 lock held by syz-executor/5812:
[ 1505.652589][ T30] 2 locks held by kworker/1:3/5883:
[ 1505.657841][ T30] 1 lock held by syz.2.5082/22943:
[ 1505.663050][ T30] #0: ffffffff905fb550 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0
[ 1505.680107][ T30] 1 lock held by syz.0.5169/23320:
[ 1505.688803][ T30] #0: ffffffff905fb550 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0
[ 1505.703765][ T30] 1 lock held by syz.1.5353/24227:
[ 1505.712161][ T30] #0: ffffffff905fb550 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0
[ 1505.723425][ T30] 1 lock held by syz.5.5367/24306:
[ 1505.729071][ T30] #0: ffffffff905fb550 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0
[ 1505.761769][ T30]
[ 1505.764183][ T30] =============================================
[ 1505.764183][ T30]
[ 1505.795403][ T30] NMI backtrace for cpu 0
[ 1505.795433][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
[ 1505.795479][ T30] Tainted: [L]=SOFTLOCKUP
[ 1505.795490][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1505.795508][ T30] Call Trace:
[ 1505.795518][ T30]
[ 1505.795530][ T30] dump_stack_lvl+0x100/0x190
[ 1505.795585][ T30] nmi_cpu_backtrace.cold+0x12d/0x151
[ 1505.795637][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[ 1505.795726][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230
[ 1505.795768][ T30] sys_info+0x141/0x190
[ 1505.795817][ T30] watchdog+0xd25/0x1050
[ 1505.795860][ T30] ? __pfx_watchdog+0x10/0x10
[ 1505.795893][ T30] ? __kthread_parkme+0x18c/0x230
[ 1505.795934][ T30] ? kthread+0x13a/0x450
[ 1505.795973][ T30] ? __pfx_watchdog+0x10/0x10
[ 1505.796001][ T30] kthread+0x370/0x450
[ 1505.796042][ T30] ? __pfx_kthread+0x10/0x10
[ 1505.796092][ T30] ret_from_fork+0x754/0xd80
[ 1505.796143][ T30] ? __pfx_ret_from_fork+0x10/0x10
[ 1505.796194][ T30] ? __switch_to+0x7b4/0x1120
[ 1505.796228][ T30] ? __pfx_kthread+0x10/0x10
[ 1505.796272][ T30] ret_from_fork_asm+0x1a/0x30
[ 1505.796327][ T30]
[ 1505.796338][ T30] Sending NMI from CPU 0 to CPUs 1:
[ 1505.929806][ C1] NMI backtrace for cpu 1
[ 1505.929830][ C1] CPU: 1 UID: 0 PID: 42 Comm: kworker/1:1 Tainted: G L syzkaller #0 PREEMPT(full)
[ 1505.929867][ C1] Tainted: [L]=SOFTLOCKUP
[ 1505.929876][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1505.929893][ C1] Workqueue: events_power_efficient gc_worker
[ 1505.930001][ C1] RIP: 0010:mark_lock+0x35/0xa20
[ 1505.930035][ C1] Code: 89 fd 41 54 49 89 f4 53 48 83 e4 f0 48 83 ec 70 65 48 8b 1d d5 17 29 12 48 89 5c 24 68 89 d3 83 fa 08 74 6d 41 be 01 00 00 00 <89> d9 41 d3 e6 4d 63 f6 41 0f b7 44 24 20 66 25 ff 1f 0f b7 c0 48
[ 1505.930060][ C1] RSP: 0018:ffffc90000b27a50 EFLAGS: 00000097
[ 1505.930080][ C1] RAX: 0000000000000004 RBX: 0000000000000002 RCX: 0000000000000004
[ 1505.930095][ C1] RDX: 0000000000000002 RSI: ffff88801eefc880 RDI: ffff88801eefbd00
[ 1505.930112][ C1] RBP: ffffc90000b27af0 R08: 0000000000000000 R09: 0000000000000000
[ 1505.930127][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801eefc880
[ 1505.930143][ C1] R13: ffff88801eefbd00 R14: 0000000000000001 R15: 0000000000001770
[ 1505.930159][ C1] FS: 0000000000000000(0000) GS:ffff88812444c000(0000) knlGS:0000000000000000
[ 1505.930183][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1505.930200][ C1] CR2: 00007f4834de92f8 CR3: 0000000033a5a000 CR4: 00000000003526f0
[ 1505.930216][ C1] Call Trace:
[ 1505.930224][ C1]
[ 1505.930234][ C1] ? look_up_lock_class+0x55/0x120
[ 1505.930276][ C1] ? find_held_lock+0x2b/0x80
[ 1505.930300][ C1] mark_held_locks+0x40/0x70
[ 1505.930331][ C1] lockdep_hardirqs_on_prepare+0xb4/0x1b0
[ 1505.930366][ C1] trace_hardirqs_on+0x36/0x40
[ 1505.930392][ C1] gc_worker+0xd44/0x1630
[ 1505.930417][ C1] ? process_one_work+0x9d7/0x1920
[ 1505.930459][ C1] ? __pfx_gc_worker+0x10/0x10
[ 1505.930486][ C1] ? rcu_is_watching+0x12/0xc0
[ 1505.930526][ C1] process_one_work+0x9d7/0x1920
[ 1505.930576][ C1] ? __pfx_process_one_work+0x10/0x10
[ 1505.930618][ C1] ? __pfx_gc_worker+0x10/0x10
[ 1505.930646][ C1] worker_thread+0x5da/0xe40
[ 1505.930688][ C1] ? kthread+0x13a/0x450
[ 1505.930719][ C1] ? __pfx_worker_thread+0x10/0x10
[ 1505.930754][ C1] kthread+0x370/0x450
[ 1505.930786][ C1] ? __pfx_kthread+0x10/0x10
[ 1505.930820][ C1] ret_from_fork+0x754/0xd80
[ 1505.930859][ C1] ? __pfx_ret_from_fork+0x10/0x10
[ 1505.930898][ C1] ? __switch_to+0x7b4/0x1120
[ 1505.930926][ C1] ? __pfx_kthread+0x10/0x10
[ 1505.930960][ C1] ret_from_fork_asm+0x1a/0x30
[ 1505.930997][ C1]
[ 1506.196921][ T30] Kernel panic - not syncing: hung_task: blocked tasks
[ 1506.203877][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full)
[ 1506.214617][ T30] Tainted: [L]=SOFTLOCKUP
[ 1506.218968][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026
[ 1506.229059][ T30] Call Trace:
[ 1506.232375][ T30]
[ 1506.235332][ T30] dump_stack_lvl+0x100/0x190
[ 1506.240150][ T30] vpanic+0x552/0x970
[ 1506.244169][ T30] ? __pfx_vpanic+0x10/0x10
[ 1506.248711][ T30] ? rcu_is_watching+0x12/0xc0
[ 1506.253557][ T30] panic+0xd1/0xe0
[ 1506.257311][ T30] ? __pfx_panic+0x10/0x10
[ 1506.261769][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230
[ 1506.267963][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230
[ 1506.274162][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230
[ 1506.280374][ T30] ? watchdog.cold+0x198/0x1ca
[ 1506.285183][ T30] ? watchdog+0xd35/0x1050
[ 1506.289639][ T30] watchdog.cold+0x1a9/0x1ca
[ 1506.294311][ T30] ? __pfx_watchdog+0x10/0x10
[ 1506.299062][ T30] ? __kthread_parkme+0x18c/0x230
[ 1506.304136][ T30] ? kthread+0x13a/0x450
[ 1506.308450][ T30] ? __pfx_watchdog+0x10/0x10
[ 1506.313159][ T30] kthread+0x370/0x450
[ 1506.317278][ T30] ? __pfx_kthread+0x10/0x10
[ 1506.321947][ T30] ret_from_fork+0x754/0xd80
[ 1506.326597][ T30] ? __pfx_ret_from_fork+0x10/0x10
[ 1506.331766][ T30] ? __switch_to+0x7b4/0x1120
[ 1506.336516][ T30] ? __pfx_kthread+0x10/0x10
[ 1506.341157][ T30] ret_from_fork_asm+0x1a/0x30
[ 1506.345970][ T30]
[ 1506.349644][ T30] Kernel Offset: disabled
[ 1506.353991][ T30] Rebooting in 86400 seconds..