last executing test programs: 14m49.953050215s ago: executing program 1 (id=3636): mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) unlinkat$auto(0xffffffffffffffff, 0x0, 0x200) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) connect$auto(0xffffffffffffffff, &(0x7f0000000140)=@tipc=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x4, 0x3}}, 0x100) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) 14m48.52393541s ago: executing program 1 (id=3643): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xeab82, 0x0) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x3880, 0x70) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x802, 0x1) setsockopt$auto_SO_WIFI_STATUS(r0, 0x0, 0x29, &(0x7f0000000080)='\xef', 0x8000) 14m48.009147908s ago: executing program 1 (id=3647): openat$auto_userio_fops_userio(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) fadvise64$auto_POSIX_FADV_SEQUENTIAL(r0, 0x6, 0x8, 0x2) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x2004c0c4) r1 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x146205, 0x0) pread64$auto(r1, 0x0, 0xffffffff, 0x3) 14m47.505219024s ago: executing program 1 (id=3650): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) setreuid$auto(0x0, 0x0) sysfs$auto(0x2, 0x41, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) capset$auto(&(0x7f0000000180)={0x19980330}, 0x0) close_range$auto(0x0, 0x5, 0x0) 14m46.898462752s ago: executing program 1 (id=3653): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 14m46.501253454s ago: executing program 1 (id=3655): sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="e4280000", @ANYRES16, @ANYBLOB="00012bbd7000fcdbdf250300000008000300ff7f0000d213048052eea10fd4bec4631ddb826735cfabe9c936a7eeaab0e41d29a64ef268ef5f496f311ab4621eb41a0bdfa0d81a25d4a3b549c3f0d3e6e6eff28dc78956e3cf52c16d2b7ddbff24984567878eb56927cdc0837ddf1ce3dccc104b267542c92e9345cf89cf03c2c91eea934f6d77e0321b8ba65f95b4badb5399b3b029dab3baac082cb33d75335a9606d9990b3ae45848920bfb4f2e5bc27dad599de2541a92b20b13be2ed784aa8b5976c3a5f2f0d5288e6432bde55e0258bc11d0baa05ac8e65cef5d648a08009580040055800c0073006842033900000000f256d928d698a52564da05a9f62f0a00b645b668383976274d67f56e78d485c30111cf93d876511fccab6ff101ba0366c5dea5af7dd915e8b6006bfe1fe1db9092a5badc7803d943266d91ad0139ad9fd58dd46f98626f5980152c59b5cc12bad709a17f3186112f8008000b00ac1414aa0800040000000000fd7706448d03605f0229f3628a6b5e8c0206ad29856fdd10e1bc35ab6fb63b2d739076d7b38c09b4007bf65a63353d8e4f6c8ffe48b024d70d29e4bf0be51fd714002900fc020000000000000000000000000001fe001e00e11f3cfd3625a3232b9e8d8b1da742e7a0ae14d59271c13e991b01679c98d9513247a541e8988dbef86318ef07f499d70fbc7d6b2680981e91450c0b4748070d4af0471fa6a65fdf4f22b1bc0121ce48901aca7098abfc94a8d07d0ea381cb8eb325ec3e40b48517487b94e6b000b6f35c56fee2ca3b03caaff2c1a3929edef4138ea699419228b775075aac8c7c79372966c20d914a83d0e39843528e6abd5fec97f71c8504b831ac68fb132853fdf71963695c1db5d9f805288ece6834618d9602bdf3e0eda7178609099ca1dd2e10b2379288a7466580062047a2c95437f791b5316ea4f72efeecf5e0e52a0a0501b240b6835f9e441967d000004ac893fc9c35810292f39f8fcae8fcc30d9bf6469eb6577330bccb1bd90146cb5975507607018e8bd9e9f5ccd311294813cc29d17e5bfff91cdd2471a6d0366f56e5f59f81f336e7466e672885662a01b102bfe6341469d69e1abbdb1fccdda190556115bc947be902ca9d8b18f0f248160a79345d87ccb514addc28ead355961d2ec9cf520f1a8e2bb20c566d2ab574a52c5bb4ece6fdf120a0fe7f2ba6b1d184eda5d027d0d8c29be62806ef459938c0d160e8fbaa5c5e9d05b4c90b3751519d3f1cd5a5480903d24ccbcf48d17515cebd4779dfa06f23761a5ac8a8baf6af6d463fd4dd48f541f71b37f72dd425f06ed6ba434680f34d6cff9f34689e4a0378b8844386bffe47425b32f1da8a441fe7f8f2186b7a4662bfc89f0e45051570548373a9d2a86b58ee26172f50178f9537e87399262cd89cb5bea801b2f3e8d86cf072eb9e94e88c391d772f8d4d6c602dc5aebb872116d005bf0bf66f7c610b21edfff50cd73794742ba6d88262b47d50a52af3867ed3150504323923f1422590bc4b61cceb46c5182c9de31c83aa65529b9aef50ea2eacd438be539f74370065ed4b025b4cc54d13d15cffa1f9ef42ec4f5d3e7b2365819218f5cb88bad44c5dac10a09d81c2a5da32ec64cac12bada79b22e711a912b9f593ef5e6d27c589a47456890b0758e52bd0c6e74522f120153054d01e6118d8da3a6ec562eb34118866f34047ffb2a0b56713c88866956466e215a2f960b8036fd1299a253c18db22a4ebd2051392cd6bc86440eb7416c8a7e60c1af03728717836c8e183880e204b69561890542bc49295a4d30bb8f49b182374d18ae2ad505ca08ba2e7ab2db728c0c14bf10824a9c4a44fd5de6c3f6ea618349eac634b6751404680d9c92d0df2a11b32f51509adfefbd1054b4d3a55f1b98ecabdcce463a23d9e44b353f3014a473a1ce386d1741a3b6044b9c976e80224d37f16c4226468cfac7ccc7e9a7f974e641ad3f70d674c30a40ebc7b03eb56d7e16e286a36d653b65bd6371f5848dc706b75f62b373e6c02ea5d88239c6ab50028436f09f978852950f28df7f4760dbb007ba1f723b3bf02415d0bfb23f4e3e84eeeeaa35e4fa669311effd9b732a382b7bbea03638b4f3ba0726b9b51e698691dca72753608e7c6910dfae223830fe6baea63e5791f8daf2df6b6a8797df706ac9d9984a297c431c90c7156bb6d539d67fa91882af0ab8f92652d2ccb14af1ad82dc5386be37163b295dbf4dc94f219c2064617bc398d686f9797695f65f6663a425fcdb1be6ba7fd83f93425a64664a52c5fa6581e80196d2c9120b420c6f903c23ef957d7342631d0c01ad597d6021ae0564e5897900ea72fdf80fcea25c242eb98a60c126c7e6ac8fffea093a7a239ae596e2f4f03f09a7759e284abe47660bb5f24d70c762a568ad2bf2401580002838f35560d49e229f1ec7c39e1c56bfa7c9e0679b6ccb5ceca18df4781a1f388ec70ac49398192cefce02a875fcec669c964fdbc591f3f990d993124f65aeff329d2cb5b62d9aeaed62fec0239b463b7d94b7cbe535afb758fe1eaba01e3ea46f39c4b2557ffd7f9527206ba214f693f605a4a8b9ac1d42ab7a24507edb99aedde405805d7acd6a49e09f2bc837afe34b23e6e8835705649f31fa58aaace4c7eca978a9143540f7b093cedcf3ec9ba352f0e0cf6b5be0bbc55d7bfd7dce18744f5cb63a31c7b83fb103d00897baf0aa1c643a1b6a9d7d78e81f80d8eef8b40f53700a2530b0e3d84b5153a54924d356cf77a3ed1d28da1344ecb4de3cff31f9343423198f247d76e105448a726252c7f1948b29abfdcf65ff57086fcd12f2985cd74ab6ec5e671c38a451cca9d598362b056a6839cf0dc68061b397363cf393b5ff59c3b285b0a9d2231359bd9f683326232cc43e08c29a03bcd23630ff4b5df58d06f307e569b59808b04de9ee932d93097fb9acbc130f6f92c2a395ea407242a64bed5dbd561469652f32b9f57d7655f537761ed9e3de39f802d76cc6a35e89797b88d16e59d4c009c992281b07aea174f392156751e1ced5ff75b23dc31b5c7b739fda1445171ea81a2d487f7bab5092e374614802e18d70419947b957110e7dd00db4312466f26ea57728456c5825504b261bfb20bc17de93be09af6f362cb9dd25c51ecfacdc66e7f6eaac8f6e2d13d9a09cc1879a72f2b29e07d293f0cd667a1492acd84263e756d71219471151e7380beda445039c389e5b0723f9331bc1f85f6868d8a54c2e8a0e457da30f49b84cda8b253b2946fe15537f4daf907c29889d98dc3b51a8cb80704287aee327e5f4a26fc3324667260d2868091721e49dde1341c5d902cd723b38907250dd189282018f41a6f6fe0c777e9868e4a00382baeda3a9c4c14128c82662a30210e3413560ce8115a2d2dea569a066cf76e87627491212d6f708ff31a18aa8c1c91101142d3be766f08132f88908d22e498f562340ef3ea24cd21c9c19d0f7aca244f5666354b9a5c398fcb750240d1d5901ae096f6b5cf2d14fd6bb87aaa552b2271d893881b5da950a585465c50320cecae34e0b68550148ae52fb4a59087ca0550781e4b20025c061e4c035cfd628aa916c1c78bcd17c9064efddd77fda8ac8aacfaf1578427c2d82010cc70d7776e7436cd1cbff089c2c2e8b7897c5c205a124f753248b68322aa8a13b5d8345200bca62acd0f0c6df6afac8e2a70df03f42374f0607d24f9c696481096175940606dc625644973feb791a0166350e00ac1ad33046e8f66633c87e236ef925bdf107adfa444d462846bdbb932c8f4833846280682fd40535123689cba2d79bcb2b146f5cee71ea81fbd055b075b28e8658844ec6dc321ad31cec44d4f3f8e08446361bc07e47c1ae9e65cd628eef6b3bbbcece05302ec6cd3ec1a74f4c7db56db0af3daaad535cc6ccf93d14859ce540ae7161be57bf536b368eb8efec4303a0298b2e35054615d677182f076be88b3c3e5dfadc822873ed8d846ef8ade786ef00a78277f5643447ff58847a07e7738ce5a40b1d0d6e9d76a31f1ed119807a59c2d317af1be5d163aa96120f885d76da5671e3026e9a8545da7b938923f9cb07234b042fae7e70aae4e887fe9f5eef28a35fcf193ce169c26932773f54d572bd9118445bcdefb521b7ec940e93b170d4a118ed929ca400787eadd3b8bb84886f6579005e7b61a9de37efa8c5043349eca833b6e16e6dc38188f9dccd2f1e2b63365c06f9b47fdbdf946e150d0b669be295298751213cc8e741713462cc2f563aa29434f54e42319db447b0e8f0d7268726d1b051d7d94ac3c75e2c35ad9e7f038a3dd794ff46fe05b808ab5509cd3ab0426e8084a85a0fbb9a1004e6679ff5a8854ffbf43bfd8566bedd5b2a80488cd9a137b50bb0772a1edcf9a0e8dfccea945bb087592875b39ebf41621a1b6288f70a27da9983cdf5f7240c8ad24548339f74f7de0f7b2b6bf1d63f6b7160a3c445dfde1aa34526b0ecd876e994b59cc6660fe6cc90e52be9f5ee87bdefd71aa7885ec61f97704947f75c509ddf5c26f6a0d06b7b8a739d7aefe37966c65fc984c7b19cc806664db136479c70b22679d75ff374a60d25f5adbf0aa2fb32f23d1ec78e198c5de2aad61fa8128173f631149cea4323cb9e77650f950d0450f21462ea9d22fc54d9437743d44e0353b09ca2419b963eaec3b26b46941d0ea1e82c14c787d904a3c71a2a1ae1fced9f4dea4180e66e2efecc79f8ae21577293d5c2dba16753453c1302bac428662ca79835b64d88ded2526f1d4de7080a1e2685c51d9915cd6eef088bd0fa2d78315e5d2f12a272286cdfefa9947d1f5313f6bac08471fd6fc46037ef08f98645380958e782d4fd52460017896ea0355ce0f17c3929bc0a0b03ca0f72a29d150d58d77041746a5b76752b8d51ace28d6e50163cc2f15d12c36dea24f8d3555b87029ab02ac0b802b5cc7684d6f8961edf8b000115927abfc28dd2fe9fb806e171d2501874eabfdfc2655a3d97dc8dfc4c1115357705b5a5d7e5b07faeffd3bd78b5cfe57a83c853ad8177c67321af338d0307970a894a8542879d0c8733e43060ea2db0139f5b239ed2b923a2f9be78f6f9f8f5e9dce6aa7dcf503b85514a1f55ca4ec32c0d7e459c58937e44a06f0be95f2d7ebecced1f3920aa3ba9d10545343fbbc4f4c897d6ed526e3606818902c8cd4b2b97df6500f2ad0529ef652e8d24497b86b06909b1f964005dbd55c7d6e16fb851d5b1241ca26e067731983ba9e645c0be66dd856c91542c3fc31151de77177449f9387e92260008e97348d0ff1830956e70626644f0c2e90580faa984b6f8633e847090862d69019d35c3c11d0864409cd77ba2517c63630ed885a68eaf61b96abffd4975ff59e593759f28ee8a2b7d3c3c17d6212162595dea9ed35d244f15897a4235651ba3f7b577a9694ba43f29817e6a7ccf2b5fbd92ba364e872ba3dc6adedb1d64bffcb56409b2a1d0fa7af02a1a76c729de496dc79094f64723b6bc633606aaa141f121e6f59874ad0f4d1fca210068735dd7f45c96e0651243d627d7d9cc5070db91297850117375f0681b356d18c5c33ff1697f228d86860fb81f4e6261d06d0725770308717e2e039907fe082349f2ef04dd13b5289045b81ccb85cc0fe342db806ca810bd3eda1fc574936c9bba96fef5ffb27df06824030efb65e2e25fd61960fac81e7a80eeccc0414ab1696df2dc2d708b0be6092dfdf9d079b68385bd554662e5b165aaa3e786d1faef2a48bffb1ad73740681c974e9058403d893aa99f0b8752214fea5a5fbeff405a2254fb219228cebe1dc848d6a4404f23e91a4f5d0e4e4d5ac127b0697bcc41558ebadfda0a2a5d3097aeedf20fb0772fd02caf1f9eb90cb774427f0ce3ac36e6fe5a4832b9c79508a4dbf1b016e41a437b95ab0afae47b907b10d5fc71963b6734ffff4394c4dc621e8a6a7fe96df50253c33382902cfed07cacec405e7b3b4be0a77cb59aa3cba3777d678d2117c6bae5428323993076f4ca6dd47563d1c05e63d6d0a539c6733999c007975ae10c72c1acad44042fdf17ac8d8c7d8e95bbdefca4493a19beb82dd641725e8512270bd5761050d294b213478fef63cea847473be01701818625f7134411cb5bd0cb236dbc6ecff4045a80115734d7d3fec8a293de2b6c7811085cdad4a142b2ed83b0eab87254233f6e927f2ac0ad174117bad64a86a2c01d26d2f15fc71212e68c4e9f04aa39cfadafec697639196f4bec8f05f14e0168eca3ab9ac166be127d16792c6375fc2a7f4f4e71f07030e9a85284c03ac10ab88daeb1df024c89d8dc650684a9afec08f8ce9f13ff84e57013787bd98d917ce067bd83d6b3c0a30cb1a131f681f96dd771a96428248ca49cfb38d71368906b17f5d76759dcb1baad4bbb8caee4b271dea22684ad1fb07fa2805e253884ecaebd73526cae328d448cccf81daf59bb7eb12cc7299c04550b66731a4a45d865252df659eab39d380c3f4474473a8ecba77e3996e335ed63e73fef3d66de04bb64cfa6824ae8456a43d349d1bb0279e78c67402f82edc9916193fd9eed2eed849fd4be3b549bad28ba8d91079b3083afcd05a5ce9c7da5374df41dd5a6875effc50106ee1808f0c4c961af7965c9af904988cb1de385e52115bd52c748ce17850824f92d5d06bac7247128cc3b9f0f97cf5905d87fd98f7bb8462a21f3c15483ba165629664df1e18495e7335898789d3035fd1f31d645b0b44f33a8af9c357c8a4e3019d49388b73ea46cce638b5f938642883fd92340d8a04000f800000ea0021005a4eb14588802abedff92e82e0b33f56de16330a34d74ced84c51ff138b48bf849ece3ec874b2e8d98f18de5f5bb3f14b1f6e05d450281683baf974634f3e672496d182d48b00e762c4d8438b578531533bace1e09f60932ebf413362f62ee3c95b970f7f3dc8a8c83a521d33e51c085a9127e8b83737d3f33113b1f1306ba837838bac87c767de7588d3a28625a257ec8fe8d9cfa0a18eaec268c1087b8e4357b63282ec771b40d082764959d68a061cd998b9f33d03d33155acc503122aef2274cb0c3eb04abe4bdb3bfeef2dd91c18fe455554c4b9b20fb5ef279a2c7a3130054a283493f00000c007f800800", @ANYRES32, @ANYBLOB="0800cc0023272e000800c4000f6000000000c40001803a1307cf049e83fe8ea1012c13acd2eaf1452b136089e7adc982a4fd85fd1c1c705e4bbd71816dafe76fd3221f1601ef4c08cffec31b9b08c1de68087697b882a162892e6e0aeabe4dcca2ef4f3bb0670339e7cc33610964e3f61cf63520a210247c720d5aff0811fcbb893a77a7f8474da3d83888a9a08d00527c3cdcbd98517effd8abee1e86a069b7cf59286a614f6f43178f7ceba41d43750dcf1fe50eff"], 0x28e4}, 0x1, 0x0, 0x0, 0x881}, 0x20004804) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) 14m31.261539039s ago: executing program 32 (id=3655): sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000440)=ANY=[@ANYBLOB="e4280000", @ANYRES16, @ANYBLOB="00012bbd7000fcdbdf250300000008000300ff7f0000d213048052eea10fd4bec4631ddb826735cfabe9c936a7eeaab0e41d29a64ef268ef5f496f311ab4621eb41a0bdfa0d81a25d4a3b549c3f0d3e6e6eff28dc78956e3cf52c16d2b7ddbff24984567878eb56927cdc0837ddf1ce3dccc104b267542c92e9345cf89cf03c2c91eea934f6d77e0321b8ba65f95b4badb5399b3b029dab3baac082cb33d75335a9606d9990b3ae45848920bfb4f2e5bc27dad599de2541a92b20b13be2ed784aa8b5976c3a5f2f0d5288e6432bde55e0258bc11d0baa05ac8e65cef5d648a08009580040055800c0073006842033900000000f256d928d698a52564da05a9f62f0a00b645b668383976274d67f56e78d485c30111cf93d876511fccab6ff101ba0366c5dea5af7dd915e8b6006bfe1fe1db9092a5badc7803d943266d91ad0139ad9fd58dd46f98626f5980152c59b5cc12bad709a17f3186112f8008000b00ac1414aa0800040000000000fd7706448d03605f0229f3628a6b5e8c0206ad29856fdd10e1bc35ab6fb63b2d739076d7b38c09b4007bf65a63353d8e4f6c8ffe48b024d70d29e4bf0be51fd714002900fc020000000000000000000000000001fe001e00e11f3cfd3625a3232b9e8d8b1da742e7a0ae14d59271c13e991b01679c98d9513247a541e8988dbef86318ef07f499d70fbc7d6b2680981e91450c0b4748070d4af0471fa6a65fdf4f22b1bc0121ce48901aca7098abfc94a8d07d0ea381cb8eb325ec3e40b48517487b94e6b000b6f35c56fee2ca3b03caaff2c1a3929edef4138ea699419228b775075aac8c7c79372966c20d914a83d0e39843528e6abd5fec97f71c8504b831ac68fb132853fdf71963695c1db5d9f805288ece6834618d9602bdf3e0eda7178609099ca1dd2e10b2379288a7466580062047a2c95437f791b5316ea4f72efeecf5e0e52a0a0501b240b6835f9e441967d000004ac893fc9c35810292f39f8fcae8fcc30d9bf6469eb6577330bccb1bd90146cb5975507607018e8bd9e9f5ccd311294813cc29d17e5bfff91cdd2471a6d0366f56e5f59f81f336e7466e672885662a01b102bfe6341469d69e1abbdb1fccdda190556115bc947be902ca9d8b18f0f248160a79345d87ccb514addc28ead355961d2ec9cf520f1a8e2bb20c566d2ab574a52c5bb4ece6fdf120a0fe7f2ba6b1d184eda5d027d0d8c29be62806ef459938c0d160e8fbaa5c5e9d05b4c90b3751519d3f1cd5a5480903d24ccbcf48d17515cebd4779dfa06f23761a5ac8a8baf6af6d463fd4dd48f541f71b37f72dd425f06ed6ba434680f34d6cff9f34689e4a0378b8844386bffe47425b32f1da8a441fe7f8f2186b7a4662bfc89f0e45051570548373a9d2a86b58ee26172f50178f9537e87399262cd89cb5bea801b2f3e8d86cf072eb9e94e88c391d772f8d4d6c602dc5aebb872116d005bf0bf66f7c610b21edfff50cd73794742ba6d88262b47d50a52af3867ed3150504323923f1422590bc4b61cceb46c5182c9de31c83aa65529b9aef50ea2eacd438be539f74370065ed4b025b4cc54d13d15cffa1f9ef42ec4f5d3e7b2365819218f5cb88bad44c5dac10a09d81c2a5da32ec64cac12bada79b22e711a912b9f593ef5e6d27c589a47456890b0758e52bd0c6e74522f120153054d01e6118d8da3a6ec562eb34118866f34047ffb2a0b56713c88866956466e215a2f960b8036fd1299a253c18db22a4ebd2051392cd6bc86440eb7416c8a7e60c1af03728717836c8e183880e204b69561890542bc49295a4d30bb8f49b182374d18ae2ad505ca08ba2e7ab2db728c0c14bf10824a9c4a44fd5de6c3f6ea618349eac634b6751404680d9c92d0df2a11b32f51509adfefbd1054b4d3a55f1b98ecabdcce463a23d9e44b353f3014a473a1ce386d1741a3b6044b9c976e80224d37f16c4226468cfac7ccc7e9a7f974e641ad3f70d674c30a40ebc7b03eb56d7e16e286a36d653b65bd6371f5848dc706b75f62b373e6c02ea5d88239c6ab50028436f09f978852950f28df7f4760dbb007ba1f723b3bf02415d0bfb23f4e3e84eeeeaa35e4fa669311effd9b732a382b7bbea03638b4f3ba0726b9b51e698691dca72753608e7c6910dfae223830fe6baea63e5791f8daf2df6b6a8797df706ac9d9984a297c431c90c7156bb6d539d67fa91882af0ab8f92652d2ccb14af1ad82dc5386be37163b295dbf4dc94f219c2064617bc398d686f9797695f65f6663a425fcdb1be6ba7fd83f93425a64664a52c5fa6581e80196d2c9120b420c6f903c23ef957d7342631d0c01ad597d6021ae0564e5897900ea72fdf80fcea25c242eb98a60c126c7e6ac8fffea093a7a239ae596e2f4f03f09a7759e284abe47660bb5f24d70c762a568ad2bf2401580002838f35560d49e229f1ec7c39e1c56bfa7c9e0679b6ccb5ceca18df4781a1f388ec70ac49398192cefce02a875fcec669c964fdbc591f3f990d993124f65aeff329d2cb5b62d9aeaed62fec0239b463b7d94b7cbe535afb758fe1eaba01e3ea46f39c4b2557ffd7f9527206ba214f693f605a4a8b9ac1d42ab7a24507edb99aedde405805d7acd6a49e09f2bc837afe34b23e6e8835705649f31fa58aaace4c7eca978a9143540f7b093cedcf3ec9ba352f0e0cf6b5be0bbc55d7bfd7dce18744f5cb63a31c7b83fb103d00897baf0aa1c643a1b6a9d7d78e81f80d8eef8b40f53700a2530b0e3d84b5153a54924d356cf77a3ed1d28da1344ecb4de3cff31f9343423198f247d76e105448a726252c7f1948b29abfdcf65ff57086fcd12f2985cd74ab6ec5e671c38a451cca9d598362b056a6839cf0dc68061b397363cf393b5ff59c3b285b0a9d2231359bd9f683326232cc43e08c29a03bcd23630ff4b5df58d06f307e569b59808b04de9ee932d93097fb9acbc130f6f92c2a395ea407242a64bed5dbd561469652f32b9f57d7655f537761ed9e3de39f802d76cc6a35e89797b88d16e59d4c009c992281b07aea174f392156751e1ced5ff75b23dc31b5c7b739fda1445171ea81a2d487f7bab5092e374614802e18d70419947b957110e7dd00db4312466f26ea57728456c5825504b261bfb20bc17de93be09af6f362cb9dd25c51ecfacdc66e7f6eaac8f6e2d13d9a09cc1879a72f2b29e07d293f0cd667a1492acd84263e756d71219471151e7380beda445039c389e5b0723f9331bc1f85f6868d8a54c2e8a0e457da30f49b84cda8b253b2946fe15537f4daf907c29889d98dc3b51a8cb80704287aee327e5f4a26fc3324667260d2868091721e49dde1341c5d902cd723b38907250dd189282018f41a6f6fe0c777e9868e4a00382baeda3a9c4c14128c82662a30210e3413560ce8115a2d2dea569a066cf76e87627491212d6f708ff31a18aa8c1c91101142d3be766f08132f88908d22e498f562340ef3ea24cd21c9c19d0f7aca244f5666354b9a5c398fcb750240d1d5901ae096f6b5cf2d14fd6bb87aaa552b2271d893881b5da950a585465c50320cecae34e0b68550148ae52fb4a59087ca0550781e4b20025c061e4c035cfd628aa916c1c78bcd17c9064efddd77fda8ac8aacfaf1578427c2d82010cc70d7776e7436cd1cbff089c2c2e8b7897c5c205a124f753248b68322aa8a13b5d8345200bca62acd0f0c6df6afac8e2a70df03f42374f0607d24f9c696481096175940606dc625644973feb791a0166350e00ac1ad33046e8f66633c87e236ef925bdf107adfa444d462846bdbb932c8f4833846280682fd40535123689cba2d79bcb2b146f5cee71ea81fbd055b075b28e8658844ec6dc321ad31cec44d4f3f8e08446361bc07e47c1ae9e65cd628eef6b3bbbcece05302ec6cd3ec1a74f4c7db56db0af3daaad535cc6ccf93d14859ce540ae7161be57bf536b368eb8efec4303a0298b2e35054615d677182f076be88b3c3e5dfadc822873ed8d846ef8ade786ef00a78277f5643447ff58847a07e7738ce5a40b1d0d6e9d76a31f1ed119807a59c2d317af1be5d163aa96120f885d76da5671e3026e9a8545da7b938923f9cb07234b042fae7e70aae4e887fe9f5eef28a35fcf193ce169c26932773f54d572bd9118445bcdefb521b7ec940e93b170d4a118ed929ca400787eadd3b8bb84886f6579005e7b61a9de37efa8c5043349eca833b6e16e6dc38188f9dccd2f1e2b63365c06f9b47fdbdf946e150d0b669be295298751213cc8e741713462cc2f563aa29434f54e42319db447b0e8f0d7268726d1b051d7d94ac3c75e2c35ad9e7f038a3dd794ff46fe05b808ab5509cd3ab0426e8084a85a0fbb9a1004e6679ff5a8854ffbf43bfd8566bedd5b2a80488cd9a137b50bb0772a1edcf9a0e8dfccea945bb087592875b39ebf41621a1b6288f70a27da9983cdf5f7240c8ad24548339f74f7de0f7b2b6bf1d63f6b7160a3c445dfde1aa34526b0ecd876e994b59cc6660fe6cc90e52be9f5ee87bdefd71aa7885ec61f97704947f75c509ddf5c26f6a0d06b7b8a739d7aefe37966c65fc984c7b19cc806664db136479c70b22679d75ff374a60d25f5adbf0aa2fb32f23d1ec78e198c5de2aad61fa8128173f631149cea4323cb9e77650f950d0450f21462ea9d22fc54d9437743d44e0353b09ca2419b963eaec3b26b46941d0ea1e82c14c787d904a3c71a2a1ae1fced9f4dea4180e66e2efecc79f8ae21577293d5c2dba16753453c1302bac428662ca79835b64d88ded2526f1d4de7080a1e2685c51d9915cd6eef088bd0fa2d78315e5d2f12a272286cdfefa9947d1f5313f6bac08471fd6fc46037ef08f98645380958e782d4fd52460017896ea0355ce0f17c3929bc0a0b03ca0f72a29d150d58d77041746a5b76752b8d51ace28d6e50163cc2f15d12c36dea24f8d3555b87029ab02ac0b802b5cc7684d6f8961edf8b000115927abfc28dd2fe9fb806e171d2501874eabfdfc2655a3d97dc8dfc4c1115357705b5a5d7e5b07faeffd3bd78b5cfe57a83c853ad8177c67321af338d0307970a894a8542879d0c8733e43060ea2db0139f5b239ed2b923a2f9be78f6f9f8f5e9dce6aa7dcf503b85514a1f55ca4ec32c0d7e459c58937e44a06f0be95f2d7ebecced1f3920aa3ba9d10545343fbbc4f4c897d6ed526e3606818902c8cd4b2b97df6500f2ad0529ef652e8d24497b86b06909b1f964005dbd55c7d6e16fb851d5b1241ca26e067731983ba9e645c0be66dd856c91542c3fc31151de77177449f9387e92260008e97348d0ff1830956e70626644f0c2e90580faa984b6f8633e847090862d69019d35c3c11d0864409cd77ba2517c63630ed885a68eaf61b96abffd4975ff59e593759f28ee8a2b7d3c3c17d6212162595dea9ed35d244f15897a4235651ba3f7b577a9694ba43f29817e6a7ccf2b5fbd92ba364e872ba3dc6adedb1d64bffcb56409b2a1d0fa7af02a1a76c729de496dc79094f64723b6bc633606aaa141f121e6f59874ad0f4d1fca210068735dd7f45c96e0651243d627d7d9cc5070db91297850117375f0681b356d18c5c33ff1697f228d86860fb81f4e6261d06d0725770308717e2e039907fe082349f2ef04dd13b5289045b81ccb85cc0fe342db806ca810bd3eda1fc574936c9bba96fef5ffb27df06824030efb65e2e25fd61960fac81e7a80eeccc0414ab1696df2dc2d708b0be6092dfdf9d079b68385bd554662e5b165aaa3e786d1faef2a48bffb1ad73740681c974e9058403d893aa99f0b8752214fea5a5fbeff405a2254fb219228cebe1dc848d6a4404f23e91a4f5d0e4e4d5ac127b0697bcc41558ebadfda0a2a5d3097aeedf20fb0772fd02caf1f9eb90cb774427f0ce3ac36e6fe5a4832b9c79508a4dbf1b016e41a437b95ab0afae47b907b10d5fc71963b6734ffff4394c4dc621e8a6a7fe96df50253c33382902cfed07cacec405e7b3b4be0a77cb59aa3cba3777d678d2117c6bae5428323993076f4ca6dd47563d1c05e63d6d0a539c6733999c007975ae10c72c1acad44042fdf17ac8d8c7d8e95bbdefca4493a19beb82dd641725e8512270bd5761050d294b213478fef63cea847473be01701818625f7134411cb5bd0cb236dbc6ecff4045a80115734d7d3fec8a293de2b6c7811085cdad4a142b2ed83b0eab87254233f6e927f2ac0ad174117bad64a86a2c01d26d2f15fc71212e68c4e9f04aa39cfadafec697639196f4bec8f05f14e0168eca3ab9ac166be127d16792c6375fc2a7f4f4e71f07030e9a85284c03ac10ab88daeb1df024c89d8dc650684a9afec08f8ce9f13ff84e57013787bd98d917ce067bd83d6b3c0a30cb1a131f681f96dd771a96428248ca49cfb38d71368906b17f5d76759dcb1baad4bbb8caee4b271dea22684ad1fb07fa2805e253884ecaebd73526cae328d448cccf81daf59bb7eb12cc7299c04550b66731a4a45d865252df659eab39d380c3f4474473a8ecba77e3996e335ed63e73fef3d66de04bb64cfa6824ae8456a43d349d1bb0279e78c67402f82edc9916193fd9eed2eed849fd4be3b549bad28ba8d91079b3083afcd05a5ce9c7da5374df41dd5a6875effc50106ee1808f0c4c961af7965c9af904988cb1de385e52115bd52c748ce17850824f92d5d06bac7247128cc3b9f0f97cf5905d87fd98f7bb8462a21f3c15483ba165629664df1e18495e7335898789d3035fd1f31d645b0b44f33a8af9c357c8a4e3019d49388b73ea46cce638b5f938642883fd92340d8a04000f800000ea0021005a4eb14588802abedff92e82e0b33f56de16330a34d74ced84c51ff138b48bf849ece3ec874b2e8d98f18de5f5bb3f14b1f6e05d450281683baf974634f3e672496d182d48b00e762c4d8438b578531533bace1e09f60932ebf413362f62ee3c95b970f7f3dc8a8c83a521d33e51c085a9127e8b83737d3f33113b1f1306ba837838bac87c767de7588d3a28625a257ec8fe8d9cfa0a18eaec268c1087b8e4357b63282ec771b40d082764959d68a061cd998b9f33d03d33155acc503122aef2274cb0c3eb04abe4bdb3bfeef2dd91c18fe455554c4b9b20fb5ef279a2c7a3130054a283493f00000c007f800800", @ANYRES32, @ANYBLOB="0800cc0023272e000800c4000f6000000000c40001803a1307cf049e83fe8ea1012c13acd2eaf1452b136089e7adc982a4fd85fd1c1c705e4bbd71816dafe76fd3221f1601ef4c08cffec31b9b08c1de68087697b882a162892e6e0aeabe4dcca2ef4f3bb0670339e7cc33610964e3f61cf63520a210247c720d5aff0811fcbb893a77a7f8474da3d83888a9a08d00527c3cdcbd98517effd8abee1e86a069b7cf59286a614f6f43178f7ceba41d43750dcf1fe50eff"], 0x28e4}, 0x1, 0x0, 0x0, 0x881}, 0x20004804) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r2}, 0x6a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) 7m23.568420132s ago: executing program 0 (id=4779): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2200, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) listen$auto(0x3, 0x81) socket(0x2, 0x1, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 7m15.230123191s ago: executing program 0 (id=4791): getsockopt$auto_SO_PASSSEC(0xffffffffffffffff, 0x0, 0x22, &(0x7f0000000140)='\x00', 0x0) mmap$auto(0x5, 0x3, 0x3, 0xeb2, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0xfffffffffffffe00, 0x1010001, 0x100000003) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x92602, 0x0) openat$auto_evm_key_ops_evm_secfs(0xffffffffffffff9c, 0x0, 0x6000, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0) io_uring_setup$auto(0x58, 0x0) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/usb/usbmon/33u\x00', 0x20202, 0x0) pread64$auto(r0, 0x0, 0x0, 0x9) close_range$auto(0x2, 0xa, 0x0) 7m14.472418239s ago: executing program 0 (id=4792): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/core/rps_default_mask\x00', 0x82, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) write$auto(0x3, 0x0, 0xfdef) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000240)={0x14, r1, 0x1, 0x70bd2d, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x20000881}, 0x0) r2 = socket(0x2b, 0x1, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r2, 0x2, &(0x7f00000000c0), 0x1) io_uring_register$auto(0x2, 0x3, 0x0, 0x0) 7m13.970865652s ago: executing program 0 (id=4794): mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) r0 = socket(0xa, 0x3, 0x3a) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/disk\x00', 0x100, 0x0) mprotect$auto(0x1ffff000, 0x8000000000000001, 0xd) acct$auto(&(0x7f0000000000)='/sys/devices/platform/i8042/serio1/resync_time\x00') setsockopt$auto(r0, 0x8, 0xfffffffc, &(0x7f0000000040)=',%\x00', 0xfffffffc) add_key$auto(&(0x7f0000000740)='#)-\\&[}\x00', &(0x7f0000000780)='.\\@&\x00', 0x0, 0x5, 0x9) acct$auto(0x0) getsockopt$auto(r0, 0x29, 0xcf, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) clone$auto(0x7, 0x7fffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) r1 = socket(0x29, 0x2, 0x0) getsockopt$auto(r1, 0x119, 0x1, 0x0, 0x0) epoll_create1$auto(0x4) 7m12.661331369s ago: executing program 0 (id=4798): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x30, 0x0, 0x8, 0x0, 0x1e, 0x2}, 0x800009}, 0x7, 0x20000000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2f, 0x0, 0x9) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0xffffffffffffffff, 0x340000000000) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8002, 0x0) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) read$auto(0x3, 0x0, 0x8080) 7m9.430960654s ago: executing program 0 (id=4801): r0 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000040), 0x22b80, 0x0) ioctl$auto_IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(r0, 0x40096100, &(0x7f0000000000)={@padding, 0xbb}) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r1, 0x4, 0x7ff) ptrace$auto_PTRACE_GETFPREGS(0xe, r1, 0x8001, 0x9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/i915/parameters/mitigations\x00', 0x80302, 0x0) write$auto(r2, &(0x7f0000000180)='!h\x8b\xaeE\xc5\xf3\xec@\xdbS\xcc\x04', 0x1) r3 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a882, 0x0) r4 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r4, 0x1, 0x803a, r4, 0x0) r5 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer1\x00', 0x8180, 0x0) ioctl$auto_OSS_ALSAEMULVER(r5, 0x40086602, &(0x7f0000000100)) read$auto_stat_fops_per_vm_kvm_main(r4, &(0x7f0000000140)=""/4096, 0x1000) write$auto_split_huge_pages_fops_huge_memory(r3, &(0x7f0000000100)='1', 0x1) 6m54.109106155s ago: executing program 33 (id=4801): r0 = openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000040), 0x22b80, 0x0) ioctl$auto_IOCTL_CONFIG_SYS_RESOURCE_PARAMETERS(r0, 0x40096100, &(0x7f0000000000)={@padding, 0xbb}) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r1, 0x4, 0x7ff) ptrace$auto_PTRACE_GETFPREGS(0xe, r1, 0x8001, 0x9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/i915/parameters/mitigations\x00', 0x80302, 0x0) write$auto(r2, &(0x7f0000000180)='!h\x8b\xaeE\xc5\xf3\xec@\xdbS\xcc\x04', 0x1) r3 = openat$auto_split_huge_pages_fops_huge_memory(0xffffffffffffff9c, &(0x7f0000000040), 0x12a882, 0x0) r4 = fanotify_init$auto(0x5, 0x2000000000002) fanotify_mark$auto(r4, 0x1, 0x803a, r4, 0x0) r5 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer1\x00', 0x8180, 0x0) ioctl$auto_OSS_ALSAEMULVER(r5, 0x40086602, &(0x7f0000000100)) read$auto_stat_fops_per_vm_kvm_main(r4, &(0x7f0000000140)=""/4096, 0x1000) write$auto_split_huge_pages_fops_huge_memory(r3, &(0x7f0000000100)='1', 0x1) 2m23.390231275s ago: executing program 5 (id=5305): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8) r0 = socket(0x2, 0x801, 0x84) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto(0x3, 0x541b, 0x38) bind$auto(0x3, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x41}}, 0x5) getsockopt$auto(r0, 0x84, 0x76, 0x0, &(0x7f00000002c0)=0x1000c0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x800, 0x0) shmctl$auto(0x0, 0x1, 0x0) ioctl$auto_VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/003/001\x00', 0x42082, 0x0) write$auto(0xca, &(0x7f0000000500)='\x04>\xce\v<\xe1\x00\x00\x01p!]\xcfR\xcc\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c%\xb6\x9a\\S\xa2(Q\xcc1\x19HY\x9c\x97i\xec^\xbc\xb3`\x10+}\xd0\xfd\xf0\xa5\x0e\a\xabU\xb9\x93\xebq@1\x1a`pgQ\a\x87-\xa9\x03\x8eF\x138\x9a\xd7\x8c~w\x9a\x13\xe3\xa7\xc6k\xef1Tb\xf2\xc1FT|\xa1\xc3SD8\xc0bj\x11\xcc\b\"\xb3X\xae\xfapM\x97\xdc\x95\x13T\x7f\'K\x05\xe8\x9f\xf3=b\xa5\xbd1\xb1\xcb\xd8\x90\xd5\xdf\xd1\xd2\xd7_\b\xc0\x94', 0x7f) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x6e642, 0x0) write$auto(r1, &(0x7f0000000400)='odev/audio1\x00', 0x100000a3d9) bpf$auto(0x6, &(0x7f0000000140)=@batch={0x9, 0x100000000, 0xe00000000, 0x8, 0xa86, 0xffffffffffffffff, 0x9, 0x5}, 0x500) r2 = socket(0x23, 0x80805, 0x0) setsockopt$auto(r2, 0x113, 0x9, 0x0, 0x79ad2269) close_range$auto(0x2, 0x8, 0x0) 2m22.577113976s ago: executing program 5 (id=5309): unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x1, 0x84) open_tree_attr$auto(0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000180)={0x40, 0x0, 0x3}, 0x4) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x5, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4000000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0x100085) 2m19.968683031s ago: executing program 5 (id=5319): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x540881, 0x0) ioctl$auto_SNDCTL_SEQ_GETTIME(r0, 0x80045113, &(0x7f00000002c0)="86cf3227a42f1e6acc578ccf0a0d657aca4e1ed5af5cc0a1b0f4e5157d3ff0da7dc68f1ea5b1ba0cfa6e70c8dca8d190fff0ee2529b30bccd7003bfb12fc09fbeab52346ece167820b1c3e63ca5ec18ff11b5289c9920d78c9ed8870c0c9396f6d58d8e4c9a8f714fcb6e522f8ae9a8231b2e49b14aad49fb32b5b486954e0dd33b44d7918c01fae4492774b985b923c181b83239dceff39be9c99566cd528af16032477a3f39742c03532235d68fa1e165c12a4e18ebe649394fcdff5f74d47c17448420733a3e28896c4b68b262f86b00247e2206bb52dd5fffb1249876427175c3d234f3d11b56652b15a201a1bf55cf22de1434fbc166c5c") openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/tracing/trace_marker\x00', 0x43, 0x0) socket(0x29, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/block/nbd3/queue/iosched/front_merges\x00', 0x2041, 0x0) mmap$auto(0x0, 0x10005, 0xdd, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x15, 0x5, 0x0) socket(0x2, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) dup3$auto(0x8000000000000001, 0x5, 0x800080000) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000000000300", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) 2m17.775264432s ago: executing program 5 (id=5322): r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x8, 0x10565, 0x7ff) shmat$auto(0x0, 0x0, 0xfffffffa) sync_file_range$auto(r0, 0xfffbfffffffffe8e, 0x10009, 0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, 0x0, 0x80100, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r1 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) connect$auto(0x3, 0x0, 0x18) move_pages$auto(r1, 0x1002, 0x0, 0x0, 0x0, 0x2) ptrace$auto(0x30, r1, 0x4, 0x7ff) socket(0x2, 0x1, 0x106) 2m14.165981845s ago: executing program 5 (id=5340): socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) userfaultfd$auto(0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) timerfd_create$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_map_fd=r1, 0x4, @old_map_fd=r0}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x0, 0xc, 0xb, 0x9}, 0x7) 2m13.508225657s ago: executing program 5 (id=5343): socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) waitid$auto(0xf739, 0xffffffffffffffff, &(0x7f00000001c0)={@siginfo_0_0={0xe, 0xdf, 0x200, @_timer={0xffffffffffffffff, 0x97fe, @sival_int=0x7, 0x80000001}}}, 0xa8, &(0x7f0000000280)={{0xa59, 0x1fffe00000000}, {0x2, 0x5}, 0x2, 0x9f88, 0xe87, 0x81, 0x0, 0x80, 0x6, 0x1ff, 0x2, 0x70000000, 0x9, 0xb7, 0xf2c, 0x4}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x1a1842, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x2) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48442, 0x0) read$auto(r2, 0x0, 0x9a28) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r3, &(0x7f0000000140)={0x0, 0x7}, 0x3) write$auto_snd_pcm_f_ops_pcm(0xffffffffffffffff, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) 1m58.300353971s ago: executing program 34 (id=5343): socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) waitid$auto(0xf739, 0xffffffffffffffff, &(0x7f00000001c0)={@siginfo_0_0={0xe, 0xdf, 0x200, @_timer={0xffffffffffffffff, 0x97fe, @sival_int=0x7, 0x80000001}}}, 0xa8, &(0x7f0000000280)={{0xa59, 0x1fffe00000000}, {0x2, 0x5}, 0x2, 0x9f88, 0xe87, 0x81, 0x0, 0x80, 0x6, 0x1ff, 0x2, 0x70000000, 0x9, 0xb7, 0xf2c, 0x4}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/mm/transparent_hugepage/shrink_underused\x00', 0x1a1842, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x2) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48442, 0x0) read$auto(r2, 0x0, 0x9a28) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r3, &(0x7f0000000140)={0x0, 0x7}, 0x3) write$auto_snd_pcm_f_ops_pcm(0xffffffffffffffff, 0x0, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) syz_genetlink_get_family_id$auto_nl802154(0x0, 0xffffffffffffffff) unshare$auto(0x40000080) 7.80301684s ago: executing program 3 (id=5688): close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000001c0)='./file0\x00', 0x60142, 0x130) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x101101, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/swradio0\x00', 0x1600, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev0\x00', 0x8002, 0x0) openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/netdevsim/netdevsim1/ports/3/pp_hold\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x0, 0x0) write$auto(0x3, 0x0, 0x7fffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) fcntl$auto(0xffffffffffffffff, 0x400, 0x1) read$auto(r1, 0x0, 0x24) write$auto(0x1, 0x0, 0x80000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x4, 0x3, 0x5, 0x10001, 0x400000000003, 0x5, 0x800, 0xfffffffffffffffe, 0x6, 0x9, 0xffffffffffffff81, 0x4]}, 0x0) 6.035922092s ago: executing program 2 (id=5693): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x400) ioctl$auto_FBIOPUT_VSCREENINFO(r1, 0x4601, &(0x7f0000000080)) r2 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) 5.417832399s ago: executing program 6 (id=5694): socket(0xa, 0x3, 0x3b) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) quotactl$auto(0x9, 0x0, 0x62a0, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0xe31, 0x40000000000a5, 0x8000) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000100), 0xffffffffffffffff) socketpair$auto(0x2, 0x80, 0xfffffffc, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_SG_NEXT_CMD_LEN(0xffffffffffffffff, 0x2283, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) epoll_create$auto(0x3ff) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0x2003f0, 0x17) 5.417343731s ago: executing program 2 (id=5696): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) r1 = io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x2, 0x0, 0x3) read$auto_stats_fops_(r1, &(0x7f0000000840)=""/4096, 0x1000) write$auto(r0, &(0x7f0000000000)='/dev/loop6\x00', 0x6) write$auto_fops_init_pkru_pkeys(r1, &(0x7f0000000280)="e7c2da8ba23469d9b78d2e257333bedaec957355b8c2c4c78f4a98e7180a2dfeddb935038a6350c625940925fc61f1b8b51df8f60e61c078ff39654003ba", 0x3e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x18dd01, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) open_by_handle_at$auto(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x9}, 0x3) r2 = socket(0x11, 0x3, 0x9) sendmmsg$auto(r2, &(0x7f0000000400)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000440)="661b0cbd4a", 0x49}, 0x1, &(0x7f0000000200), 0x5, 0x3}, 0x5}, 0x2, 0x100) mmap$auto(0x0, 0x40009, 0x6, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) listen$auto(r2, 0xff) 5.385768996s ago: executing program 3 (id=5697): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xfffffffd, 0x9, 0x3, 0x16, 0x940, 0x1ffe0, 0x3, 0x800000000000006, 0x2, 0x9, 0x5, 0x2, 0x7, 0xb0, 0x9, 0x5, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x1fe, 0x81) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r0 = io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) io_uring_enter$auto(0x3, 0xa84, 0x80000001, 0xa, 0x0, 0x46) io_uring_enter$auto(r0, 0x7, 0x7ffffffb, 0x3, 0x0, 0x3) move_pages$auto(0x0, 0xa, 0x0, 0x0, 0x0, 0x2) io_uring_enter$auto(0x3, 0x5, 0x5f3, 0x3, 0x0, 0x2) 5.315924214s ago: executing program 4 (id=5698): mmap$auto(0x0, 0xe97f, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x60020000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$auto_SNDCTL_MIDI_PRETIME(r1, 0xc0046d00, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) eventfd$auto(0x3) 5.16228339s ago: executing program 4 (id=5699): socket(0x2, 0x801, 0x106) openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/smaps\x00', 0x100, 0x0) unshare$auto(0x40000080) rseq$auto(0x0, 0x8000, 0x0, 0x6) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, 0x0, 0x54) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pwritev$auto(0xffffffffffffffff, 0x0, 0x2, 0xfffffffffffff274, 0x6) msgget$auto(0xc, 0x77d9) msgrcv$auto(0x0, 0x0, 0xff9, 0x0, 0x3) r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/vkms_config\x00', 0x200100, 0x0) connect$auto(r0, 0x0, 0x80) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x0, 0x33, 0x0, 0x4) 4.218141198s ago: executing program 6 (id=5700): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) 4.035159979s ago: executing program 6 (id=5701): fanotify_init$auto(0x5, 0x2000000000002) r0 = open(0x0, 0xc00, 0x409) preadv$auto(r0, 0x0, 0x4, 0x8001, 0x6) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) setuid$auto(0x0) r1 = signalfd$auto(0xffffffffffffffff, 0x0, 0x8) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000001a40)=""/4100, 0x1004) setreuid$auto(0x0, 0x0) shmctl$auto_SHM_LOCK(0x1, 0xb, 0x0) timer_create$auto(0x3, 0x0, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{}, {0x0, 0x83}}, 0x0) ioctl$auto_IOC_PR_PREEMPT_ABORT(0xffffffffffffffff, 0x401870cc, &(0x7f0000000000)={0x2, 0x10000003, 0x5}) r2 = getpid() r3 = gettid() rt_tgsigqueueinfo$auto(r2, r3, 0x21, 0x0) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) r4 = gettid() rt_sigtimedwait$auto(&(0x7f0000000040)={0xffeffffffffff402}, 0x0, 0x0, 0x8) kill$auto(r4, 0x11) 3.679005109s ago: executing program 6 (id=5702): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r0, 0x1276, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) mmap$auto(0x1002, 0xc, 0x4, 0x200000eb0, 0x401, 0x705cf82a) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r1, 0x0, 0xfffffdf1) linkat$auto(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mknod$auto(&(0x7f0000000040)='&&\x00', 0xcb, 0x6862) utimes$auto(&(0x7f00000000c0)=':,\x00', 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x8) 3.678850819s ago: executing program 2 (id=5703): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x29, 0x2, 0x0) r0 = socket(0x11, 0x3, 0x9) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) socket(0xa, 0x3, 0x6) clone$auto(0x21003b46, 0x2, 0x0, 0x0, 0x6) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, 0xffffffffffffffff, 0x99, 0x8, 0x1, @relative_id=0x4, 0x9}, 0x8a4) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x3}, 0x6) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x3}, 0xc) 3.592522562s ago: executing program 3 (id=5704): select$auto(0x9, 0x0, 0x0, &(0x7f0000000140)={[0x9, 0x5, 0xb, 0xa63f, 0x7fffffff, 0x6, 0x9, 0x5f, 0x7d2ee4e8, 0x6a7, 0x1, 0x5, 0x2, 0x0, 0x7, 0x5]}, 0x0) 3.374532458s ago: executing program 3 (id=5705): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x2480c0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000700), r3) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x20000, 0x0) sendmsg$auto_NL80211_CMD_SET_CHANNEL(r3, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4080}, 0x20000000) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x50040010}, 0x801) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) syz_genetlink_get_family_id$auto_ioam6(&(0x7f00000001c0), r2) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r1, 0x0, 0x8001) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0xbc3, 0x800, 0x3, 0x8, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x6, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) 3.220826962s ago: executing program 4 (id=5706): migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_regulator_summary_fops_(0xffffffffffffff9c, &(0x7f0000001680), 0x40, 0x0) read$auto_regulator_summary_fops_(r1, &(0x7f00000016c0)=""/213, 0xd5) setsockopt$auto(r0, 0xe4, 0x6, 0x0, 0x4) open(0x0, 0x14927f, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f0000000140)={[0x9, 0x5, 0xb, 0xa63f, 0x7fffffff, 0x6, 0x9, 0x5f, 0x7d2ee4e8, 0x6a7, 0x1, 0x5, 0x2, 0x0, 0x7, 0x5]}, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) mmap$auto(0x0, 0x20009, 0x4000000000de, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xf3, 0x4, 0x8000000000000000, 0x0) getsockopt$auto(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000000)=0x9000c) 3.099622061s ago: executing program 2 (id=5707): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x14) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x40, 0x0) socket(0x2, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) memfd_create$auto(0x0, 0x6) socketpair$auto(0x3, 0x5, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid}) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, 0x0}, 0x80) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000000c0)={{0x0, 0x6, 0x0, 0xa7, &(0x7f0000000040), 0x8001, 0x9}, 0x8}, 0x1, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0xff, 0x0, 0x1, 0x3}, 0xed7138c}, 0xb, 0x0) 2.763322154s ago: executing program 4 (id=5708): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) mmap$auto(0x6, 0x4, 0x4000000000dd, 0x40eb1, 0xffffffffffffffff, 0x300000000000) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r1, 0xc0185500, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r2 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(r2, 0x8, 0x0) clone$auto(0x3fff, 0xad3, 0x0, 0x0, 0x8000002) mmap$auto(0xfffffffffffffffb, 0x400008, 0x400df, 0x19, r2, 0x2a7d) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) acct$auto(0x0) mlock$auto(0xfbea, 0x7fffffffffffffff) 2.5126594s ago: executing program 2 (id=5709): socket(0x28, 0x5, 0x0) connect$auto(0x3, 0x0, 0x55) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x4a, 0x0) kexec_load$auto(0x1ff, 0x1000000, 0x0, 0x1000000ff) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x6, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x101002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) open(&(0x7f0000001bc0)='./file0\x00', 0x4142, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty57\x00', 0x40741, 0x0) ioctl$auto(0x3, 0x402c542d, r1) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x541b, 0x74) 1.618313069s ago: executing program 3 (id=5710): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10000, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) mmap$auto(0x0, 0x20009, 0x7, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0xe8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) newfstatat$auto(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x5) openat$auto_ecryptfs_dir_fops_ecryptfs_kernel(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/bluetooth/hci4/hci4:201\x00', 0x40, 0x0) capget$auto(0x0, 0xfffffffffffffffe) unshare$auto(0x40000080) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xb01, 0x0) write$auto(r2, 0x0, 0x1) poll$auto(0x0, 0x5, 0x400) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000000740)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x4004000) ioctl$auto_XFS_IOC_ERROR_CLEARALL(0xffffffffffffffff, 0x40085875, 0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) 1.44959482s ago: executing program 6 (id=5711): mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000002c0)={0x9, &(0x7f0000000000)={0x1d, 0xf2, 0x9, @raw=0x9}}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/event0\x00', 0x2, 0x0) ioctl$auto_EVIOCGMASK(r1, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x9}) write$auto(0x3, 0x0, 0x4fffffdf2) r2 = socket(0x2, 0x1, 0x0) setrlimit$auto(0xc, &(0x7f0000000040)={0x29, 0x5}) getsockopt$auto(r2, 0x1, 0x8, 0xfffffffffffffffc, 0x0) ioctl$auto(0x3, 0x6f2d, 0x2000) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r3, 0x8000) open_tree$auto(0xffffffffffffffff, 0x0, 0x2) 733.067144ms ago: executing program 2 (id=5712): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x2, 0x0) socket(0x28, 0x5, 0x0) socket(0x2, 0x5, 0x0) sysfs$auto(0x2, 0x0, 0x0) epoll_create$auto(0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r0, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) epoll_ctl$auto(0x5, 0x3, r0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/sound/ctl-led/speaker/mode\x00', 0x182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x2000007) 732.897095ms ago: executing program 3 (id=5713): unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd3/queue/iostats\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x2) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r1 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) kill$auto(0x0, 0x11) madvise$auto(0x0, 0xffffffffffff0005, 0x19) fanotify_mark$auto(r1, 0x4, 0x4, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) syslog$auto_SYSLOG_ACTION_CLEAR(0x9, &(0x7f0000000040)='/dev/input/event2\x00', 0x4) memfd_create$auto(0x0, 0xe) shmctl$auto_IPC_SET(0x8, 0x1, &(0x7f00000000c0)={{0x1ff, 0xee00, 0xee01, 0xe, 0x2, 0x2, 0x3}, 0x4, 0x7, 0x2, 0x6, @raw=0x7, @raw=0x7fff, 0x7, 0x0, &(0x7f0000000180)="126d289da8d3b217a0f1779dd34170dda041017970990579761b076012962b196b874a7cbd589af88c8122b51b13b49f780885337c7ce1ef8723a12cf409fc3ee743a7f0dcfd7d42d8dc03bb488f8de24b1108bd160be8268d97d496d5886c76cb951c5dfae47b43ac806ff37563471c5a69e4903b2b17e57a12a3d56b844000c608a568440d905c9f4d969f4fb37bd99e7ebb1fed3747dc254d2000724a7972ed39b0c091ddc60734183cd3470b58f37e8e4b0bc95935786c84469f94952d9c97d1e80cf1177aef402918ec4bf9f3b0", &(0x7f0000000080)="4fc0a77e5cb9b9ed1319ed152b180a0183a745647de1ebf26ecbc95dc56eda89"}) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) pkey_free$auto(0xfffffffd) 602.541294ms ago: executing program 4 (id=5714): select$auto(0x9, 0x0, 0x0, &(0x7f0000000140)={[0x9, 0x5, 0xb, 0xa63f, 0x7fffffff, 0x6, 0x9, 0x5f, 0x7d2ee4e8, 0x6a7, 0x1, 0x5, 0x2, 0x0, 0x7, 0x5]}, 0x0) 262.3438ms ago: executing program 4 (id=5715): r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r0, 0x1, 0x19, 0x0, 0x8001) fcntl$auto(0xffffffffffffffff, 0x400, 0x1) unshare$auto(0x40000080) preadv2$auto(0xffffffffffffffff, 0x0, 0x6, 0x200, 0x8000000000000, 0x2f) prctl$auto(0x3e, 0x1, 0x0, 0x3, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0xfffffff8) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) setitimer$auto(0x94e, 0x0, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r1, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x1000c0) setsockopt$auto(0x3, 0x10000000084, 0x85, 0x0, 0x90) madvise$auto(0x0, 0x6, 0x7) 0s ago: executing program 6 (id=5716): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x3, 0x6) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x0, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/miimon\x00', 0x143b42, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) socketpair$auto(0x5b, 0x1, 0x420000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) kernel console output (not intermixed with test programs): .543906][T20448] name failslab, interval 1, probability 0, space 0, times 0 [ 1367.543970][T20448] CPU: 0 UID: 0 PID: 20448 Comm: syz.4.4831 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1367.544009][T20448] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1367.544017][T20448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1367.544029][T20448] Call Trace: [ 1367.544036][T20448] [ 1367.544045][T20448] dump_stack_lvl+0x100/0x190 [ 1367.544077][T20448] should_fail_ex.cold+0x5/0xa [ 1367.544100][T20448] should_failslab+0xc2/0x120 [ 1367.544120][T20448] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1367.544150][T20448] ? __alloc_skb+0x140/0x710 [ 1367.544182][T20448] __alloc_skb+0x140/0x710 [ 1367.544202][T20448] ? __alloc_skb+0x5b7/0x710 [ 1367.544223][T20448] ? __pfx___alloc_skb+0x10/0x10 [ 1367.544247][T20448] ? sk_page_frag_refill+0x6c/0x340 [ 1367.544279][T20448] kcm_sendmsg+0x1154/0x32e0 [ 1367.544322][T20448] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1367.544350][T20448] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1367.544381][T20448] sock_sendmsg+0x35b/0x3d0 [ 1367.544409][T20448] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1367.544428][T20448] ? __pfx_sock_sendmsg+0x10/0x10 [ 1367.544471][T20448] splice_to_socket+0xb4c/0x11b0 [ 1367.544489][T20448] ? touch_atime+0xa5/0x7a0 [ 1367.544525][T20448] ? __pfx_splice_to_socket+0x10/0x10 [ 1367.544571][T20448] ? trace_kmalloc+0x101/0x130 [ 1367.544590][T20448] ? lockdep_init_map_type+0x5c/0x250 [ 1367.544616][T20448] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1367.544645][T20448] ? __pfx_splice_to_socket+0x10/0x10 [ 1367.544665][T20448] direct_splice_actor+0x192/0x6c0 [ 1367.544698][T20448] splice_direct_to_actor+0x345/0xa30 [ 1367.544718][T20448] ? __pfx_direct_splice_actor+0x10/0x10 [ 1367.544753][T20448] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1367.544779][T20448] do_splice_direct+0x174/0x240 [ 1367.544798][T20448] ? __pfx_do_splice_direct+0x10/0x10 [ 1367.544817][T20448] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1367.544847][T20448] ? bpf_lsm_file_permission+0x9/0x10 [ 1367.544876][T20448] ? security_file_permission+0x76/0x210 [ 1367.544897][T20448] ? rw_verify_area+0xce/0x6d0 [ 1367.544926][T20448] do_sendfile+0xadc/0xe20 [ 1367.544958][T20448] ? __pfx_do_sendfile+0x10/0x10 [ 1367.544999][T20448] ? __x64_sys_futex+0x34f/0x4d0 [ 1367.545022][T20448] ? __x64_sys_futex+0x358/0x4d0 [ 1367.545048][T20448] __x64_sys_sendfile64+0x1d8/0x220 [ 1367.545070][T20448] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1367.545099][T20448] do_syscall_64+0x106/0xf80 [ 1367.545120][T20448] ? clear_bhb_loop+0x40/0x90 [ 1367.545144][T20448] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1367.545164][T20448] RIP: 0033:0x7fd782f9c799 [ 1367.545181][T20448] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1367.545199][T20448] RSP: 002b:00007fd783ec5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1367.545218][T20448] RAX: ffffffffffffffda RBX: 00007fd783215fa0 RCX: 00007fd782f9c799 [ 1367.545230][T20448] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 1367.545245][T20448] RBP: 00007fd783032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1367.545258][T20448] R10: 000000007ffff011 R11: 0000000000000246 R12: 0000000000000000 [ 1367.545272][T20448] R13: 00007fd783216038 R14: 00007fd783215fa0 R15: 00007ffce203c088 [ 1367.545299][T20448] [ 1368.828062][T20444] chnl_net:caif_netlink_parms(): no params data found [ 1369.347431][T20446] Bluetooth: hci0: command tx timeout [ 1370.623671][T20444] bridge0: port 1(bridge_slave_0) entered blocking state [ 1370.631384][T20444] bridge0: port 1(bridge_slave_0) entered disabled state [ 1370.631547][T20444] bridge_slave_0: entered allmulticast mode [ 1370.635878][T20444] bridge_slave_0: entered promiscuous mode [ 1370.886175][T20444] bridge0: port 2(bridge_slave_1) entered blocking state [ 1370.886247][T20444] bridge0: port 2(bridge_slave_1) entered disabled state [ 1370.886405][T20444] bridge_slave_1: entered allmulticast mode [ 1370.887630][T20444] bridge_slave_1: entered promiscuous mode [ 1371.420305][T20446] Bluetooth: hci0: command tx timeout [ 1371.734079][T20444] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1371.766699][T20444] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1372.192252][T20444] team0: Port device team_slave_0 added [ 1372.266018][T20444] team0: Port device team_slave_1 added [ 1372.486828][T20444] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1372.486847][T20444] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1372.486872][T20444] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1372.510099][T20444] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1372.510120][T20444] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1372.510145][T20444] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1372.965386][T20444] hsr_slave_0: entered promiscuous mode [ 1372.983615][T20444] hsr_slave_1: entered promiscuous mode [ 1372.989362][T20444] debugfs: 'hsr0' already exists in 'hsr' [ 1372.989385][T20444] Cannot create hsr debugfs directory [ 1373.252208][T20489] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4841'. [ 1373.350191][T20489] : renamed from bond_slave_0 (while UP) [ 1373.392386][T20489] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4841'. [ 1373.507841][T14267] Bluetooth: hci0: command tx timeout [ 1374.474772][T20499] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4846'. [ 1374.652611][T20444] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1374.680500][T20444] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1374.841170][T20444] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1374.908263][T20444] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1375.173129][T20511] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4848'. [ 1375.209428][T14267] Bluetooth: hci3: ACL packet for unknown connection handle 0 [ 1375.579947][T14267] Bluetooth: hci0: command tx timeout [ 1375.649552][T20508] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1375.649728][T20508] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1375.649842][T20508] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1375.649888][T20508] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1375.738542][T20508] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1375.739229][T20508] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1375.784027][T20508] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1376.144161][T20444] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1376.264845][T20444] 8021q: adding VLAN 0 to HW filter on device team0 [ 1376.513309][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1376.513413][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1376.514899][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 1376.514971][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1377.380097][T20446] Bluetooth: hci2: command 0x0406 tx timeout [ 1377.660200][T20446] Bluetooth: hci4: command 0x0406 tx timeout [ 1377.660260][T20446] Bluetooth: hci3: command 0x0406 tx timeout [ 1377.819672][T14267] Bluetooth: hci0: command 0x0c1a tx timeout [ 1378.503870][T20444] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1379.742871][T14267] Bluetooth: hci4: command 0x0406 tx timeout [ 1379.897956][T14267] Bluetooth: hci0: command 0x0c1a tx timeout [ 1380.501071][T20444] veth0_vlan: entered promiscuous mode [ 1380.505852][T20444] veth1_vlan: entered promiscuous mode [ 1380.897679][T20444] veth0_macvtap: entered promiscuous mode [ 1381.010902][T20444] veth1_macvtap: entered promiscuous mode [ 1381.242690][T20444] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1381.319986][T20545] cougar: G6 mapped to space [ 1381.477507][T20444] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1381.780433][ T144] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.862770][ T144] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1381.981723][T14267] Bluetooth: hci0: command 0x0c1a tx timeout [ 1382.249498][ T144] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1382.365206][ T144] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1382.862581][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1382.988547][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1383.018477][T20551] random: crng reseeded on system resumption [ 1383.194975][T14267] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 1383.254729][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1383.301548][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1383.337362][T20553] netlink: 306 bytes leftover after parsing attributes in process `syz.2.4857'. [ 1383.950530][T20563] netlink: 'syz.3.4859': attribute type 27 has an invalid length. [ 1384.038884][T20563] netlink: 'syz.3.4859': attribute type 28 has an invalid length. [ 1384.130010][T20563] netlink: 'syz.3.4859': attribute type 29 has an invalid length. [ 1384.218536][T20563] netlink: 'syz.3.4859': attribute type 30 has an invalid length. [ 1384.318655][T20563] netlink: 'syz.3.4859': attribute type 31 has an invalid length. [ 1384.438806][T20563] netlink: 'syz.3.4859': attribute type 32 has an invalid length. [ 1384.545264][T20563] netlink: 'syz.3.4859': attribute type 33 has an invalid length. [ 1384.678098][T20563] netlink: 'syz.3.4859': attribute type 35 has an invalid length. [ 1384.708552][T20574] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4861'. [ 1384.788687][T20563] netlink: 'syz.3.4859': attribute type 37 has an invalid length. [ 1384.844534][T20563] netlink: 'syz.3.4859': attribute type 39 has an invalid length. [ 1384.938026][T20563] netlink: 14 bytes leftover after parsing attributes in process `syz.3.4859'. [ 1387.276886][T20591] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4865'. [ 1387.389384][T20593] netlink: 314 bytes leftover after parsing attributes in process `syz.2.4865'. [ 1387.509615][T20592] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4865'. [ 1387.739202][T20597] FAULT_INJECTION: forcing a failure. [ 1387.739202][T20597] name failslab, interval 1, probability 0, space 0, times 0 [ 1387.786238][T20592] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4865'. [ 1387.840054][T20592] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4865'. [ 1387.857861][T20597] CPU: 0 UID: 0 PID: 20597 Comm: syz.3.4867 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1387.857896][T20597] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1387.857903][T20597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1387.857923][T20597] Call Trace: [ 1387.857930][T20597] [ 1387.857939][T20597] dump_stack_lvl+0x100/0x190 [ 1387.857979][T20597] should_fail_ex.cold+0x5/0xa [ 1387.858003][T20597] should_failslab+0xc2/0x120 [ 1387.858023][T20597] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1387.858051][T20597] ? alloc_empty_file+0x55/0x1c0 [ 1387.858074][T20597] ? __pfx_stack_trace_save+0x10/0x10 [ 1387.858096][T20597] alloc_empty_file+0x55/0x1c0 [ 1387.858120][T20597] path_openat+0xe8/0x31a0 [ 1387.858138][T20597] ? kasan_save_stack+0x3f/0x50 [ 1387.858165][T20597] ? kasan_save_stack+0x30/0x50 [ 1387.858192][T20597] ? kasan_save_track+0x14/0x30 [ 1387.858219][T20597] ? __kasan_slab_alloc+0x89/0x90 [ 1387.858235][T20597] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 1387.858262][T20597] ? do_getname+0x35/0x390 [ 1387.858284][T20597] ? do_sys_openat2+0xc5/0x1e0 [ 1387.858308][T20597] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1387.858331][T20597] ? __pfx_path_openat+0x10/0x10 [ 1387.858358][T20597] do_file_open+0x20e/0x430 [ 1387.858379][T20597] ? __pfx_do_file_open+0x10/0x10 [ 1387.858414][T20597] ? alloc_fd+0x476/0x790 [ 1387.858434][T20597] ? do_getname+0x191/0x390 [ 1387.858460][T20597] do_sys_openat2+0x10d/0x1e0 [ 1387.858484][T20597] ? __pfx_do_sys_openat2+0x10/0x10 [ 1387.858516][T20597] __x64_sys_openat+0x12d/0x210 [ 1387.858542][T20597] ? __pfx___x64_sys_openat+0x10/0x10 [ 1387.858575][T20597] do_syscall_64+0x106/0xf80 [ 1387.858598][T20597] ? clear_bhb_loop+0x40/0x90 [ 1387.858620][T20597] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1387.858640][T20597] RIP: 0033:0x7f2914d9c799 [ 1387.858657][T20597] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1387.858674][T20597] RSP: 002b:00007f2915b7b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1387.858693][T20597] RAX: ffffffffffffffda RBX: 00007f2915015fa0 RCX: 00007f2914d9c799 [ 1387.858705][T20597] RDX: 0000000000080201 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 1387.858717][T20597] RBP: 00007f2914e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1387.858728][T20597] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1387.858739][T20597] R13: 00007f2915016038 R14: 00007f2915015fa0 R15: 00007ffd6a45a028 [ 1387.858763][T20597] [ 1388.781427][T20592] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4865'. [ 1388.818101][T20592] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4865'. [ 1388.881433][T20592] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4865'. [ 1388.989340][T20595] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 1389.017990][T20592] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4865'. [ 1389.093412][T20595] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 1389.203677][T20595] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1390.010152][T20604] Process accounting resumed [ 1393.556039][T20648] validate_nla: 1 callbacks suppressed [ 1393.556059][T20648] netlink: 'syz.3.4880': attribute type 4 has an invalid length. [ 1393.681968][T20648] netlink: 'syz.3.4880': attribute type 5 has an invalid length. [ 1393.777974][T20648] netlink: 10 bytes leftover after parsing attributes in process `syz.3.4880'. [ 1394.700379][T14267] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1399.690771][T20688] netlink: 4 bytes leftover after parsing attributes in process `syz.5.4890'. [ 1399.826792][T20688] netlink: 354 bytes leftover after parsing attributes in process `syz.5.4890'. [ 1404.692895][T20722] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4900'. [ 1407.253509][T20745] futex_wake_op: syz.5.4904 tries to shift op by -2048; fix this program [ 1407.360375][T20745] futex_wake_op: syz.5.4904 tries to shift op by -2048; fix this program [ 1408.475048][T20746] MTRR 2 not used [ 1409.739803][T20759] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1409.936212][T20761] FAULT_INJECTION: forcing a failure. [ 1409.936212][T20761] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1410.070780][T20761] CPU: 0 UID: 0 PID: 20761 Comm: syz.5.4908 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1410.070815][T20761] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1410.070823][T20761] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1410.070835][T20761] Call Trace: [ 1410.070842][T20761] [ 1410.070850][T20761] dump_stack_lvl+0x100/0x190 [ 1410.070882][T20761] should_fail_ex.cold+0x5/0xa [ 1410.070904][T20761] get_futex_key+0x1d2/0x1620 [ 1410.070930][T20761] ? __pfx_get_futex_key+0x10/0x10 [ 1410.070960][T20761] futex_wake+0xea/0x530 [ 1410.070991][T20761] ? __pfx_futex_wake+0x10/0x10 [ 1410.071019][T20761] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 1410.071052][T20761] do_futex+0x32b/0x350 [ 1410.071076][T20761] ? __pfx_do_futex+0x10/0x10 [ 1410.071100][T20761] ? __pfx___might_resched+0x10/0x10 [ 1410.071135][T20761] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 1410.071164][T20761] __x64_sys_futex+0x34f/0x4d0 [ 1410.071190][T20761] ? __pfx_task_work_run+0x10/0x10 [ 1410.071217][T20761] ? __pfx___x64_sys_futex+0x10/0x10 [ 1410.071243][T20761] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 1410.071276][T20761] do_syscall_64+0x106/0xf80 [ 1410.071298][T20761] ? clear_bhb_loop+0x40/0x90 [ 1410.071322][T20761] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1410.071341][T20761] RIP: 0033:0x7f232c59c799 [ 1410.071357][T20761] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1410.071375][T20761] RSP: 002b:00007f232d4e70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1410.071393][T20761] RAX: ffffffffffffffda RBX: 00007f232c816098 RCX: 00007f232c59c799 [ 1410.071405][T20761] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f232c81609c [ 1410.071417][T20761] RBP: 00007f232c816090 R08: 0000000000000000 R09: 0000000000000000 [ 1410.071428][T20761] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1410.071439][T20761] R13: 00007f232c816128 R14: 00007ffef7d778c0 R15: 00007ffef7d779a8 [ 1410.071462][T20761] [ 1413.568804][T20779] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4913'. [ 1413.825114][T20779] bond0: (slave bond_slave_0): Releasing backup interface [ 1416.027992][T20794] netlink: 326 bytes leftover after parsing attributes in process `syz.3.4917'. [ 1417.290410][T20796] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1417.591138][ T13] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 1417.728350][T20796] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1417.829053][T20796] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1418.205534][T20796] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1419.347895][T14267] Bluetooth: hci2: command 0x0406 tx timeout [ 1419.738044][T14267] Bluetooth: hci3: command 0x0406 tx timeout [ 1419.905029][T14267] Bluetooth: hci4: command 0x0406 tx timeout [ 1420.218058][T14267] Bluetooth: hci0: command 0x0c1a tx timeout [ 1421.233051][T20820] netlink: 2468 bytes leftover after parsing attributes in process `syz.4.4924'. [ 1423.168100][T20806] Process accounting paused [ 1423.680713][T20834] FAULT_INJECTION: forcing a failure. [ 1423.680713][T20834] name failslab, interval 1, probability 0, space 0, times 0 [ 1423.810137][T20834] CPU: 0 UID: 0 PID: 20834 Comm: syz.3.4927 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1423.810171][T20834] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1423.810179][T20834] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1423.810191][T20834] Call Trace: [ 1423.810198][T20834] [ 1423.810207][T20834] dump_stack_lvl+0x100/0x190 [ 1423.810241][T20834] should_fail_ex.cold+0x5/0xa [ 1423.810263][T20834] should_failslab+0xc2/0x120 [ 1423.810284][T20834] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1423.810310][T20834] ? pkcs7_parse_message+0x15f/0x870 [ 1423.810338][T20834] pkcs7_parse_message+0x15f/0x870 [ 1423.810366][T20834] verify_pkcs7_signature+0x30/0xa0 [ 1423.810399][T20834] valid_regdb+0x211/0x590 [ 1423.810423][T20834] ? __pfx___nla_validate_parse+0x10/0x10 [ 1423.810451][T20834] ? __pfx_valid_regdb+0x10/0x10 [ 1423.810472][T20834] ? rcu_is_watching+0x12/0xc0 [ 1423.810506][T20834] reg_reload_regdb+0x11a/0x460 [ 1423.810533][T20834] ? __pfx_reg_reload_regdb+0x10/0x10 [ 1423.810562][T20834] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1423.810579][T20834] ? nl80211_pre_doit+0x19a/0xae0 [ 1423.810601][T20834] genl_family_rcv_msg_doit+0x214/0x300 [ 1423.810634][T20834] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1423.810662][T20834] ? genl_get_cmd+0x3ef/0x720 [ 1423.810694][T20834] ? bpf_lsm_capable+0x9/0x10 [ 1423.810713][T20834] ? security_capable+0x80/0x260 [ 1423.810743][T20834] genl_rcv_msg+0x560/0x800 [ 1423.810775][T20834] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1423.810812][T20834] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1423.810830][T20834] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 1423.810855][T20834] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1423.810883][T20834] netlink_rcv_skb+0x159/0x420 [ 1423.810910][T20834] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1423.810939][T20834] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1423.810974][T20834] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1423.811003][T20834] genl_rcv+0x28/0x40 [ 1423.811028][T20834] netlink_unicast+0x5aa/0x870 [ 1423.811057][T20834] ? __pfx_netlink_unicast+0x10/0x10 [ 1423.811083][T20834] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 1423.811116][T20834] netlink_sendmsg+0x8b0/0xda0 [ 1423.811147][T20834] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1423.811171][T20834] ? __import_iovec+0x1d2/0x640 [ 1423.811192][T20834] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1423.811223][T20834] ____sys_sendmsg+0x9e1/0xb70 [ 1423.811250][T20834] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1423.811277][T20834] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1423.811310][T20834] ? __pfx_futex_wake_mark+0x10/0x10 [ 1423.811343][T20834] ___sys_sendmsg+0x190/0x1e0 [ 1423.811374][T20834] ? __pfx____sys_sendmsg+0x10/0x10 [ 1423.811431][T20834] __sys_sendmsg+0x170/0x220 [ 1423.811454][T20834] ? __pfx___sys_sendmsg+0x10/0x10 [ 1423.811476][T20834] ? __x64_sys_futex+0x34f/0x4d0 [ 1423.811514][T20834] do_syscall_64+0x106/0xf80 [ 1423.811535][T20834] ? clear_bhb_loop+0x40/0x90 [ 1423.811558][T20834] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1423.811578][T20834] RIP: 0033:0x7f2914d9c799 [ 1423.811595][T20834] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1423.811613][T20834] RSP: 002b:00007f2915b7b028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1423.811631][T20834] RAX: ffffffffffffffda RBX: 00007f2915015fa0 RCX: 00007f2914d9c799 [ 1423.811643][T20834] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000005 [ 1423.811655][T20834] RBP: 00007f2914e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1423.811665][T20834] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1423.811677][T20834] R13: 00007f2915016038 R14: 00007f2915015fa0 R15: 00007ffd6a45a028 [ 1423.811700][T20834] [ 1424.830099][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1424.836449][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1425.112774][T20839] netlink: 28 bytes leftover after parsing attributes in process `syz.5.4928'. [ 1426.950664][T20839] veth1_macvtap: left promiscuous mode [ 1428.189217][T20849] zswap: compressor not available [ 1432.937363][T20874] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4937'. [ 1433.183464][T20877] netlink: 'syz.2.4937': attribute type 1 has an invalid length. [ 1433.287852][T20877] netlink: 'syz.2.4937': attribute type 6 has an invalid length. [ 1434.065680][T20879] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4939'. [ 1434.538050][T20879] vlan1: entered promiscuous mode [ 1434.711603][T20879] vlan1: entered allmulticast mode [ 1434.856787][T20889] FAULT_INJECTION: forcing a failure. [ 1434.856787][T20889] name failslab, interval 1, probability 0, space 0, times 0 [ 1435.110209][T20895] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4942'. [ 1435.272127][T20889] CPU: 0 UID: 0 PID: 20889 Comm: syz.2.4941 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1435.272164][T20889] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1435.272171][T20889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1435.272182][T20889] Call Trace: [ 1435.272190][T20889] [ 1435.272199][T20889] dump_stack_lvl+0x100/0x190 [ 1435.272234][T20889] should_fail_ex.cold+0x5/0xa [ 1435.272256][T20889] should_failslab+0xc2/0x120 [ 1435.272277][T20889] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1435.272302][T20889] ? kvm_set_irq_routing+0x24f/0x960 [ 1435.272329][T20889] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1435.272363][T20889] kvm_set_irq_routing+0x24f/0x960 [ 1435.272404][T20889] kvm_arch_vm_ioctl+0xf08/0x18d0 [ 1435.272431][T20889] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 1435.272460][T20889] ? __lock_acquire+0x4a5/0x2630 [ 1435.272487][T20889] ? __lock_acquire+0x4a5/0x2630 [ 1435.272515][T20889] ? __lock_acquire+0x4a5/0x2630 [ 1435.272543][T20889] ? __lock_acquire+0x4a5/0x2630 [ 1435.272579][T20889] ? is_bpf_text_address+0x8a/0x1a0 [ 1435.272607][T20889] ? bpf_ksym_find+0x124/0x1c0 [ 1435.272630][T20889] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1435.272651][T20889] ? is_bpf_text_address+0x94/0x1a0 [ 1435.272679][T20889] ? kernel_text_address+0x8d/0x100 [ 1435.272706][T20889] ? __kernel_text_address+0xd/0x30 [ 1435.272732][T20889] ? unwind_get_return_address+0x59/0xa0 [ 1435.272752][T20889] ? arch_stack_walk+0xa6/0xf0 [ 1435.272777][T20889] ? tomoyo_path_number_perm+0x46d/0x580 [ 1435.272815][T20889] ? stack_trace_save+0x8e/0xc0 [ 1435.272833][T20889] ? __pfx_stack_trace_save+0x10/0x10 [ 1435.272853][T20889] ? stack_depot_save_flags+0x27/0x9d0 [ 1435.272873][T20889] ? __lock_acquire+0x4a5/0x2630 [ 1435.272897][T20889] ? tomoyo_path_number_perm+0x46d/0x580 [ 1435.272926][T20889] ? kasan_save_stack+0x3f/0x50 [ 1435.272953][T20889] ? kasan_save_stack+0x30/0x50 [ 1435.272980][T20889] ? kasan_save_track+0x14/0x30 [ 1435.273007][T20889] ? kasan_save_free_info+0x3b/0x70 [ 1435.273030][T20889] ? __kasan_slab_free+0x5f/0x80 [ 1435.273050][T20889] kvm_vm_ioctl+0x1564/0x4080 [ 1435.273079][T20889] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1435.273113][T20889] ? tomoyo_path_number_perm+0x46d/0x580 [ 1435.273145][T20889] ? kasan_quarantine_put+0x104/0x240 [ 1435.273172][T20889] ? lockdep_hardirqs_on+0x78/0x100 [ 1435.273197][T20889] ? find_held_lock+0x2b/0x80 [ 1435.273213][T20889] ? tomoyo_path_number_perm+0x28f/0x580 [ 1435.273243][T20889] ? tomoyo_path_number_perm+0x28f/0x580 [ 1435.273276][T20889] ? tomoyo_path_number_perm+0x188/0x580 [ 1435.273308][T20889] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1435.273338][T20889] ? futex_wait+0x125/0x380 [ 1435.273372][T20889] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1435.273403][T20889] ? do_vfs_ioctl+0x226/0x13e0 [ 1435.273430][T20889] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1435.273463][T20889] ? find_held_lock+0x2b/0x80 [ 1435.273479][T20889] ? __fget_files+0x215/0x3d0 [ 1435.273496][T20889] ? hook_file_ioctl_common+0x146/0x410 [ 1435.273530][T20889] ? __fget_files+0x21f/0x3d0 [ 1435.273551][T20889] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1435.273572][T20889] __x64_sys_ioctl+0x18e/0x210 [ 1435.273600][T20889] do_syscall_64+0x106/0xf80 [ 1435.273622][T20889] ? clear_bhb_loop+0x40/0x90 [ 1435.273645][T20889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1435.273665][T20889] RIP: 0033:0x7f09edd9c799 [ 1435.273682][T20889] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1435.273699][T20889] RSP: 002b:00007f09eeba2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1435.273719][T20889] RAX: ffffffffffffffda RBX: 00007f09ee015fa0 RCX: 00007f09edd9c799 [ 1435.273731][T20889] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 1435.273742][T20889] RBP: 00007f09ede32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1435.273753][T20889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1435.273764][T20889] R13: 00007f09ee016038 R14: 00007f09ee015fa0 R15: 00007ffdaacda488 [ 1435.273789][T20889] [ 1438.789117][T14267] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1439.629653][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1439.754859][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1439.835605][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1439.934112][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1440.030606][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1440.130686][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1440.268640][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1440.433197][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1440.559158][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1440.642693][T20906] Dead loop on virtual device ip6_vti0, fix it urgently! [ 1440.703741][ T3534] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1441.330765][T20914] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4948'. [ 1448.216545][T20968] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4962'. [ 1448.568815][T20968] team0 (unregistering): Port device team_slave_0 removed [ 1448.625858][T20968] team0 (unregistering): Port device team_slave_1 removed [ 1449.340101][T20980] FAULT_INJECTION: forcing a failure. [ 1449.340101][T20980] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1449.465328][T20980] CPU: 0 UID: 0 PID: 20980 Comm: syz.3.4966 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1449.465364][T20980] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1449.465371][T20980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1449.465383][T20980] Call Trace: [ 1449.465390][T20980] [ 1449.465398][T20980] dump_stack_lvl+0x100/0x190 [ 1449.465433][T20980] should_fail_ex.cold+0x5/0xa [ 1449.465452][T20980] ? prepare_alloc_pages+0x16d/0x5f0 [ 1449.465476][T20980] should_fail_alloc_page+0xeb/0x140 [ 1449.465499][T20980] prepare_alloc_pages+0x1f0/0x5f0 [ 1449.465524][T20980] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1449.465559][T20980] ? mas_next_slot+0x1003/0x18b0 [ 1449.465590][T20980] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1449.465617][T20980] ? validate_mm+0x261/0x4e0 [ 1449.465645][T20980] ? mas_prev_slot+0x67b/0x1c10 [ 1449.465679][T20980] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1449.465711][T20980] ? policy_nodemask+0xed/0x4f0 [ 1449.465733][T20980] alloc_pages_mpol+0x1fb/0x550 [ 1449.465755][T20980] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1449.465781][T20980] alloc_pages_noprof+0x131/0x390 [ 1449.465801][T20980] __pmd_alloc+0x3b/0x950 [ 1449.465825][T20980] __handle_mm_fault+0xa99/0x2b60 [ 1449.465854][T20980] ? mt_find+0x45e/0x8e0 [ 1449.465878][T20980] ? __pfx___handle_mm_fault+0x10/0x10 [ 1449.465902][T20980] ? __pfx_mt_find+0x10/0x10 [ 1449.465945][T20980] handle_mm_fault+0x36d/0xa20 [ 1449.465983][T20980] __get_user_pages+0xf9c/0x34d0 [ 1449.466012][T20980] ? __pfx___get_user_pages+0x10/0x10 [ 1449.466039][T20980] populate_vma_page_range+0x267/0x3f0 [ 1449.466064][T20980] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1449.466085][T20980] ? __pfx_find_vma_intersection+0x10/0x10 [ 1449.466106][T20980] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 1449.466137][T20980] __mm_populate+0x107/0x3a0 [ 1449.466160][T20980] ? __pfx___mm_populate+0x10/0x10 [ 1449.466183][T20980] ? up_write+0x290/0x4f0 [ 1449.466212][T20980] do_mlock+0x3f0/0x7f0 [ 1449.466242][T20980] ? __pfx_do_mlock+0x10/0x10 [ 1449.466267][T20980] ? __x64_sys_futex+0x34f/0x4d0 [ 1449.466289][T20980] ? __x64_sys_futex+0x358/0x4d0 [ 1449.466316][T20980] ? xfd_validate_state+0x129/0x190 [ 1449.466350][T20980] __x64_sys_mlock+0x59/0x80 [ 1449.466377][T20980] do_syscall_64+0x106/0xf80 [ 1449.466399][T20980] ? clear_bhb_loop+0x40/0x90 [ 1449.466422][T20980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1449.466442][T20980] RIP: 0033:0x7f2914d9c799 [ 1449.466458][T20980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1449.466476][T20980] RSP: 002b:00007f2915b7b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 1449.466495][T20980] RAX: ffffffffffffffda RBX: 00007f2915015fa0 RCX: 00007f2914d9c799 [ 1449.466531][T20980] RDX: 0000000000000000 RSI: 0000000000080006 RDI: 0000000000000112 [ 1449.466543][T20980] RBP: 00007f2914e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1449.466554][T20980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1449.466565][T20980] R13: 00007f2915016038 R14: 00007f2915015fa0 R15: 00007ffd6a45a028 [ 1449.466590][T20980] [ 1450.442616][T20987] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4968'. [ 1450.492253][T20987] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1450.537916][T20987] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1453.608776][T20987] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1453.616348][T20987] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1453.666245][T20973] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1453.674397][T20973] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1453.728225][T20973] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1453.960361][T20973] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1454.008724][T20987] bridge0: port 3(batadv0) entered disabled state [ 1454.125486][T20987] batadv0 (unregistering): left allmulticast mode [ 1454.175977][T20987] batadv0 (unregistering): left promiscuous mode [ 1454.241581][T20987] bridge0: port 3(batadv0) entered disabled state [ 1454.684766][T20987] Process accounting resumed [ 1454.799678][T21000] net_ratelimit: 5 callbacks suppressed [ 1454.799698][T21000] netlink: Unknown conntrack attr (type=257, max=9) [ 1455.741763][T17750] Bluetooth: hci3: command 0x0406 tx timeout [ 1455.752275][T14267] Bluetooth: hci2: command 0x0406 tx timeout [ 1455.818102][T17750] Bluetooth: hci4: command 0x0406 tx timeout [ 1455.898989][ T30] audit: type=1326 audit(2147491517.885:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20994 comm="syz.5.4970" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f232c59c799 code=0x0 [ 1455.988475][T17750] Bluetooth: hci0: command 0x0c1a tx timeout [ 1458.098420][T21018] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4975'. [ 1460.842584][T21018] bond0: (slave bond_slave_1): Releasing backup interface [ 1463.610942][T21040] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967104 (549755789312 ns) > initial count (26496 ns). Using initial count to start timer. [ 1466.968032][T21074] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 1468.343886][T21093] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4993'. [ 1468.463484][T21093] netlink: 13 bytes leftover after parsing attributes in process `syz.3.4993'. [ 1470.581525][T21105] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4997'. [ 1470.583832][T21105] netlink: 'syz.3.4997': attribute type 1 has an invalid length. [ 1470.583854][T21105] netlink: 13 bytes leftover after parsing attributes in process `syz.3.4997'. [ 1470.583934][T21105] netlink: 'syz.3.4997': attribute type 1 has an invalid length. [ 1474.728558][T21141] netlink: 'syz.4.5006': attribute type 2 has an invalid length. [ 1474.736382][T21141] netlink: 'syz.4.5006': attribute type 3 has an invalid length. [ 1474.866033][T21141] netlink: 158 bytes leftover after parsing attributes in process `syz.4.5006'. [ 1474.933056][T21141] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5006'. [ 1478.523550][T21171] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5013'. [ 1478.672287][T21171] i: entered promiscuous mode [ 1478.813652][T21174] HfR: entered promiscuous mode [ 1479.230665][T21183] FAULT_INJECTION: forcing a failure. [ 1479.230665][T21183] name failslab, interval 1, probability 0, space 0, times 0 [ 1479.376852][T21183] CPU: 0 UID: 8 PID: 21183 Comm: syz.2.5016 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1479.376894][T21183] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1479.376902][T21183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1479.376913][T21183] Call Trace: [ 1479.376920][T21183] [ 1479.376929][T21183] dump_stack_lvl+0x100/0x190 [ 1479.376962][T21183] should_fail_ex.cold+0x5/0xa [ 1479.376984][T21183] should_failslab+0xc2/0x120 [ 1479.377006][T21183] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1479.377034][T21183] ? cred_alloc_blank+0x1c/0xa0 [ 1479.377062][T21183] ? __x64_sys_futex+0x34f/0x4d0 [ 1479.377085][T21183] ? __x64_sys_futex+0x358/0x4d0 [ 1479.377112][T21183] cred_alloc_blank+0x1c/0xa0 [ 1479.377141][T21183] keyctl_session_to_parent+0x55/0xae0 [ 1479.377175][T21183] __do_sys_keyctl+0x2b1/0x5a0 [ 1479.377204][T21183] do_syscall_64+0x106/0xf80 [ 1479.377227][T21183] ? clear_bhb_loop+0x40/0x90 [ 1479.377250][T21183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1479.377270][T21183] RIP: 0033:0x7f09edd9c799 [ 1479.377287][T21183] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1479.377305][T21183] RSP: 002b:00007f09eeba2028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1479.377324][T21183] RAX: ffffffffffffffda RBX: 00007f09ee015fa0 RCX: 00007f09edd9c799 [ 1479.377336][T21183] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 1479.377348][T21183] RBP: 00007f09ede32c99 R08: 0000000000000001 R09: 0000000000000000 [ 1479.377359][T21183] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 1479.377370][T21183] R13: 00007f09ee016038 R14: 00007f09ee015fa0 R15: 00007ffdaacda488 [ 1479.377394][T21183] [ 1481.949676][T21203] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=538976288 (1077952576 ns) > initial count (3830 ns). Using initial count to start timer. [ 1483.952782][T21215] FAULT_INJECTION: forcing a failure. [ 1483.952782][T21215] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1484.070327][T21215] CPU: 0 UID: 0 PID: 21215 Comm: syz.4.5024 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1484.070361][T21215] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1484.070368][T21215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1484.070380][T21215] Call Trace: [ 1484.070386][T21215] [ 1484.070394][T21215] dump_stack_lvl+0x100/0x190 [ 1484.070427][T21215] should_fail_ex.cold+0x5/0xa [ 1484.070449][T21215] get_futex_key+0x1d2/0x1620 [ 1484.070475][T21215] ? __pfx_get_futex_key+0x10/0x10 [ 1484.070498][T21215] ? cmp_ex_search+0x8b/0xb0 [ 1484.070521][T21215] ? bsearch+0x9e/0xd0 [ 1484.070539][T21215] ? __pfx_cmp_ex_search+0x10/0x10 [ 1484.070576][T21215] futex_wait_setup+0x83/0x510 [ 1484.070611][T21215] __futex_wait+0x19f/0x300 [ 1484.070642][T21215] ? __pfx___futex_wait+0x10/0x10 [ 1484.070674][T21215] ? __pfx_futex_wake_mark+0x10/0x10 [ 1484.070705][T21215] ? futex_hash+0x2c5/0x380 [ 1484.070734][T21215] futex_wait+0xed/0x380 [ 1484.070763][T21215] ? __pfx_futex_wait+0x10/0x10 [ 1484.070796][T21215] ? __get_user_nocheck_8+0x20/0x20 [ 1484.070816][T21215] ? do_vfs_ioctl+0x226/0x13e0 [ 1484.070844][T21215] do_futex+0x1ef/0x350 [ 1484.070868][T21215] ? __pfx_do_futex+0x10/0x10 [ 1484.070893][T21215] ? find_held_lock+0x2b/0x80 [ 1484.070914][T21215] __x64_sys_futex+0x34f/0x4d0 [ 1484.070939][T21215] ? __fget_files+0x21f/0x3d0 [ 1484.070956][T21215] ? __pfx___x64_sys_futex+0x10/0x10 [ 1484.070989][T21215] do_syscall_64+0x106/0xf80 [ 1484.071011][T21215] ? clear_bhb_loop+0x40/0x90 [ 1484.071033][T21215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1484.071053][T21215] RIP: 0033:0x7fd782f9c799 [ 1484.071069][T21215] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1484.071086][T21215] RSP: 002b:00007fd783ea40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1484.071105][T21215] RAX: ffffffffffffffda RBX: 00007fd783216098 RCX: 00007fd782f9c799 [ 1484.071117][T21215] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fd783216098 [ 1484.071128][T21215] RBP: 00007fd783216090 R08: 0000000000000000 R09: 0000000000000000 [ 1484.071139][T21215] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1484.071150][T21215] R13: 00007fd783216128 R14: 00007ffce203bfa0 R15: 00007ffce203c088 [ 1484.071173][T21215] [ 1485.332548][T21219] Process accounting paused [ 1485.458467][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1485.464901][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1486.781856][ T30] audit: type=1800 audit(2147491548.765:15): pid=21244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5031" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1487.236530][T21239] HSR: entered promiscuous mode [ 1488.447938][T21259] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5036'. [ 1489.783299][T21269] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input16 [ 1491.638400][T21282] netlink: 350 bytes leftover after parsing attributes in process `syz.2.5042'. [ 1492.538421][T21299] syz.2.5046 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1495.432003][T21333] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 1495.824497][T17750] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1499.912021][T21365] FAULT_INJECTION: forcing a failure. [ 1499.912021][T21365] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1500.067845][T21365] CPU: 0 UID: 0 PID: 21365 Comm: syz.4.5061 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1500.067882][T21365] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1500.067889][T21365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1500.067900][T21365] Call Trace: [ 1500.067908][T21365] [ 1500.067916][T21365] dump_stack_lvl+0x100/0x190 [ 1500.067948][T21365] should_fail_ex.cold+0x5/0xa [ 1500.067972][T21365] _copy_from_user+0x2e/0xd0 [ 1500.067993][T21365] snd_pcm_oss_write2+0x1c2/0x400 [ 1500.068030][T21365] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 1500.068068][T21365] snd_pcm_oss_write+0x729/0xa30 [ 1500.068088][T21365] ? security_file_permission+0x76/0x210 [ 1500.068115][T21365] vfs_write+0x2aa/0x1070 [ 1500.068147][T21365] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 1500.068168][T21365] ? __pfx_vfs_write+0x10/0x10 [ 1500.068195][T21365] ? find_held_lock+0x2b/0x80 [ 1500.068213][T21365] ? __fget_files+0x215/0x3d0 [ 1500.068230][T21365] ? __fget_files+0x215/0x3d0 [ 1500.068251][T21365] ? __fget_files+0x21f/0x3d0 [ 1500.068274][T21365] ksys_write+0x12a/0x250 [ 1500.068291][T21365] ? __pfx_ksys_write+0x10/0x10 [ 1500.068315][T21365] do_syscall_64+0x106/0xf80 [ 1500.068337][T21365] ? clear_bhb_loop+0x40/0x90 [ 1500.068361][T21365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1500.068380][T21365] RIP: 0033:0x7fd782f9c799 [ 1500.068397][T21365] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1500.068415][T21365] RSP: 002b:00007fd783ea4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1500.068434][T21365] RAX: ffffffffffffffda RBX: 00007fd783216090 RCX: 00007fd782f9c799 [ 1500.068446][T21365] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1500.068457][T21365] RBP: 00007fd783032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1500.068468][T21365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1500.068480][T21365] R13: 00007fd783216128 R14: 00007fd783216090 R15: 00007ffce203c088 [ 1500.068503][T21365] [ 1503.619362][T21387] netlink: 62 bytes leftover after parsing attributes in process `syz.2.5066'. [ 1505.344051][T21401] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5071'. [ 1505.498236][T21401] netlink: 28905 bytes leftover after parsing attributes in process `syz.4.5071'. [ 1507.411641][T21425] netlink: 25 bytes leftover after parsing attributes in process `syz.5.5079'. [ 1513.660864][T21473] block nbd0: shutting down sockets [ 1515.501356][T21483] Process accounting resumed [ 1517.591908][T21501] netlink: 93 bytes leftover after parsing attributes in process `syz.2.5097'. [ 1517.646667][ T30] audit: type=1800 audit(2147491579.605:16): pid=21502 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5098" name="dbroot" dev="configfs" ino=1243235 res=0 errno=0 [ 1517.737257][T21502] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5098'. [ 1518.249090][T21491] kexec: Could not allocate control_code_buffer [ 1518.321512][T21502] team0: Port device team_slave_1 removed [ 1518.769103][T21508] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 1519.069960][T21511] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 1523.999953][T21540] netlink: 5 bytes leftover after parsing attributes in process `syz.5.5107'. [ 1524.118013][T21540] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5107'. [ 1524.730603][T21545] FAULT_INJECTION: forcing a failure. [ 1524.730603][T21545] name failslab, interval 1, probability 0, space 0, times 0 [ 1524.869923][T21545] CPU: 0 UID: 0 PID: 21545 Comm: syz.5.5108 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1524.869959][T21545] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1524.869967][T21545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1524.869978][T21545] Call Trace: [ 1524.869985][T21545] [ 1524.869994][T21545] dump_stack_lvl+0x100/0x190 [ 1524.870027][T21545] should_fail_ex.cold+0x5/0xa [ 1524.870050][T21545] should_failslab+0xc2/0x120 [ 1524.870071][T21545] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1524.870099][T21545] ? sock_alloc_inode+0x25/0x1c0 [ 1524.870128][T21545] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1524.870156][T21545] sock_alloc_inode+0x25/0x1c0 [ 1524.870182][T21545] alloc_inode+0x68/0x250 [ 1524.870207][T21545] sock_alloc+0x44/0x280 [ 1524.870229][T21545] ? security_socket_create+0x7f/0x250 [ 1524.870258][T21545] sock_create_lite+0x82/0x120 [ 1524.870286][T21545] __netlink_kernel_create+0xbd/0x750 [ 1524.870314][T21545] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1524.870346][T21545] fib_net_init+0x26d/0x3f0 [ 1524.870369][T21545] ? is_module_address+0x69/0xf0 [ 1524.870393][T21545] ? __pfx_fib_net_init+0x10/0x10 [ 1524.870424][T21545] ? timer_init_key+0x150/0x340 [ 1524.870445][T21545] ? __pfx_nl_fib_input+0x10/0x10 [ 1524.870471][T21545] ? devinet_init_net+0x56c/0x8d0 [ 1524.870500][T21545] ? __pfx_fib_net_init+0x10/0x10 [ 1524.870523][T21545] ops_init+0x1e2/0x5f0 [ 1524.870550][T21545] setup_net+0x118/0x3a0 [ 1524.870575][T21545] ? __pfx_setup_net+0x10/0x10 [ 1524.870598][T21545] ? lockdep_init_map_type+0x5c/0x250 [ 1524.870624][T21545] ? mutex_init_lockep+0x110/0x150 [ 1524.870653][T21545] copy_net_ns+0x46f/0x7c0 [ 1524.870684][T21545] create_new_namespaces+0x3ea/0xac0 [ 1524.870710][T21545] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1524.870732][T21545] ksys_unshare+0x473/0xad0 [ 1524.870757][T21545] ? __pfx_ksys_unshare+0x10/0x10 [ 1524.870789][T21545] __x64_sys_unshare+0x31/0x40 [ 1524.870811][T21545] do_syscall_64+0x106/0xf80 [ 1524.870834][T21545] ? clear_bhb_loop+0x40/0x90 [ 1524.870856][T21545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1524.870876][T21545] RIP: 0033:0x7f232c59c799 [ 1524.870893][T21545] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1524.870910][T21545] RSP: 002b:00007f232d508028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1524.870929][T21545] RAX: ffffffffffffffda RBX: 00007f232c815fa0 RCX: 00007f232c59c799 [ 1524.870941][T21545] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1524.870952][T21545] RBP: 00007f232c632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1524.870963][T21545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1524.870974][T21545] R13: 00007f232c816038 R14: 00007f232c815fa0 R15: 00007ffef7d779a8 [ 1524.870997][T21545] [ 1529.700226][T21587] [U] [ 1529.703003][T21587] [U] [ 1529.705723][T21587] [U] [ 1529.708510][T21587] [U] [ 1529.916412][T21587] [U] [ 1529.919209][T21587] [U] [ 1529.921908][T21587] [U] [ 1529.924623][T21587] [U] [ 1530.335282][T21584] [U] [ 1533.104673][T21609] FAULT_INJECTION: forcing a failure. [ 1533.104673][T21609] name failslab, interval 1, probability 0, space 0, times 0 [ 1533.244987][T21609] CPU: 0 UID: 0 PID: 21609 Comm: syz.3.5124 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1533.245022][T21609] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1533.245029][T21609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1533.245041][T21609] Call Trace: [ 1533.245048][T21609] [ 1533.245057][T21609] dump_stack_lvl+0x100/0x190 [ 1533.245093][T21609] should_fail_ex.cold+0x5/0xa [ 1533.245114][T21609] ? __register_sysctl_table+0xbe4/0x1650 [ 1533.245145][T21609] should_failslab+0xc2/0x120 [ 1533.245165][T21609] __kmalloc_noprof+0xe0/0x850 [ 1533.245198][T21609] __register_sysctl_table+0xbe4/0x1650 [ 1533.245236][T21609] ? __pfx___register_sysctl_table+0x10/0x10 [ 1533.245266][T21609] ? is_module_address+0x69/0xf0 [ 1533.245290][T21609] ? register_net_sysctl_sz+0x222/0x430 [ 1533.245321][T21609] __devinet_sysctl_register+0x1b9/0x360 [ 1533.245349][T21609] ? trace_kmalloc+0x101/0x130 [ 1533.245369][T21609] ? __pfx___devinet_sysctl_register+0x10/0x10 [ 1533.245400][T21609] ? __asan_memcpy+0x3c/0x60 [ 1533.245436][T21609] devinet_init_net+0x334/0x8d0 [ 1533.245465][T21609] ? __pfx_devinet_init_net+0x10/0x10 [ 1533.245490][T21609] ops_init+0x1e2/0x5f0 [ 1533.245517][T21609] setup_net+0x118/0x3a0 [ 1533.245542][T21609] ? __pfx_setup_net+0x10/0x10 [ 1533.245567][T21609] ? lockdep_init_map_type+0x5c/0x250 [ 1533.245593][T21609] ? mutex_init_lockep+0x110/0x150 [ 1533.245621][T21609] copy_net_ns+0x46f/0x7c0 [ 1533.245649][T21609] create_new_namespaces+0x3ea/0xac0 [ 1533.245674][T21609] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1533.245697][T21609] ksys_unshare+0x473/0xad0 [ 1533.245721][T21609] ? __pfx_ksys_unshare+0x10/0x10 [ 1533.245753][T21609] __x64_sys_unshare+0x31/0x40 [ 1533.245776][T21609] do_syscall_64+0x106/0xf80 [ 1533.245799][T21609] ? clear_bhb_loop+0x40/0x90 [ 1533.245821][T21609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1533.245841][T21609] RIP: 0033:0x7f2914d9c799 [ 1533.245858][T21609] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1533.245875][T21609] RSP: 002b:00007f2915b7b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1533.245895][T21609] RAX: ffffffffffffffda RBX: 00007f2915015fa0 RCX: 00007f2914d9c799 [ 1533.245907][T21609] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1533.245918][T21609] RBP: 00007f2914e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1533.245929][T21609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1533.245940][T21609] R13: 00007f2915016038 R14: 00007f2915015fa0 R15: 00007ffd6a45a028 [ 1533.245964][T21609] [ 1533.245974][T21609] sysctl could not get directory: /net/ipv4/conf/default -12 [ 1537.324535][T21630] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5130'. [ 1541.717049][T21666] FAULT_INJECTION: forcing a failure. [ 1541.717049][T21666] name failslab, interval 1, probability 0, space 0, times 0 [ 1541.887776][T21666] CPU: 0 UID: 0 PID: 21666 Comm: syz.2.5137 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1541.887812][T21666] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1541.887820][T21666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1541.887831][T21666] Call Trace: [ 1541.887838][T21666] [ 1541.887847][T21666] dump_stack_lvl+0x100/0x190 [ 1541.887880][T21666] should_fail_ex.cold+0x5/0xa [ 1541.887903][T21666] should_failslab+0xc2/0x120 [ 1541.887923][T21666] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1541.887956][T21666] ? fib_rules_register+0x30/0x500 [ 1541.887985][T21666] kmemdup_noprof+0x29/0x60 [ 1541.888022][T21666] fib_rules_register+0x30/0x500 [ 1541.888050][T21666] fib4_rules_init+0x1f/0x1c0 [ 1541.888081][T21666] fib_net_init+0x1dc/0x3f0 [ 1541.888105][T21666] ? is_module_address+0x69/0xf0 [ 1541.888130][T21666] ? __pfx_fib_net_init+0x10/0x10 [ 1541.888154][T21666] ? timer_init_key+0x150/0x340 [ 1541.888178][T21666] ? devinet_init_net+0x56c/0x8d0 [ 1541.888206][T21666] ? __pfx_fib_net_init+0x10/0x10 [ 1541.888229][T21666] ops_init+0x1e2/0x5f0 [ 1541.888256][T21666] setup_net+0x118/0x3a0 [ 1541.888281][T21666] ? __pfx_setup_net+0x10/0x10 [ 1541.888316][T21666] ? lockdep_init_map_type+0x5c/0x250 [ 1541.888342][T21666] ? mutex_init_lockep+0x110/0x150 [ 1541.888372][T21666] copy_net_ns+0x46f/0x7c0 [ 1541.888401][T21666] create_new_namespaces+0x3ea/0xac0 [ 1541.888429][T21666] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1541.888452][T21666] ksys_unshare+0x473/0xad0 [ 1541.888478][T21666] ? __pfx_ksys_unshare+0x10/0x10 [ 1541.888511][T21666] __x64_sys_unshare+0x31/0x40 [ 1541.888534][T21666] do_syscall_64+0x106/0xf80 [ 1541.888557][T21666] ? clear_bhb_loop+0x40/0x90 [ 1541.888580][T21666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1541.888600][T21666] RIP: 0033:0x7f09edd9c799 [ 1541.888616][T21666] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1541.888635][T21666] RSP: 002b:00007f09eeba2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1541.888653][T21666] RAX: ffffffffffffffda RBX: 00007f09ee015fa0 RCX: 00007f09edd9c799 [ 1541.888666][T21666] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1541.888677][T21666] RBP: 00007f09ede32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1541.888688][T21666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1541.888699][T21666] R13: 00007f09ee016038 R14: 00007f09ee015fa0 R15: 00007ffdaacda488 [ 1541.888723][T21666] [ 1546.149548][T21664] Process accounting paused [ 1546.780159][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.787179][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1549.488100][T21720] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 1549.847485][T21720] File: /dev/nullb0 PID: 21720 Comm: syz.3.5150 [ 1551.738093][T14267] Bluetooth: hci1: command 0x1003 tx timeout [ 1551.745796][T17750] Bluetooth: hci1: Opcode 0x1003 failed: -110 [ 1552.288433][T21732] ecryptfs_miscdev_write: Acceptable packet size range is [6-531], but amount of data written is [1]. [ 1552.674279][T21735] vivid-007: ================= START STATUS ================= [ 1552.835096][T21735] vivid-007: Generate PTS: true [ 1552.917743][T21735] vivid-007: Generate SCR: true [ 1552.922657][T21735] tpg source WxH: 320x240 (Y'CbCr) [ 1553.136460][T21735] tpg field: 1 [ 1553.241941][T21735] tpg crop: (0,0)/320x240 [ 1553.327387][T21735] tpg compose: (0,0)/320x240 [ 1553.384888][T21735] tpg colorspace: 8 [ 1553.392380][T21735] tpg transfer function: 0/0 [ 1553.397003][T21735] tpg Y'CbCr encoding: 0/0 [ 1553.498219][T21735] tpg quantization: 0/0 [ 1553.616329][T21735] tpg RGB range: 0/2 [ 1553.733108][T21735] vivid-007: ================== END STATUS ================== [ 1555.590753][T21758] netlink: 'syz.4.5160': attribute type 2 has an invalid length. [ 1555.677880][T21758] netlink: 'syz.4.5160': attribute type 3 has an invalid length. [ 1555.768987][T21758] netlink: 'syz.4.5160': attribute type 2 has an invalid length. [ 1555.815091][T21758] netlink: 'syz.4.5160': attribute type 3 has an invalid length. [ 1555.867939][T21758] netlink: 30 bytes leftover after parsing attributes in process `syz.4.5160'. [ 1556.615425][T21765] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1557.278929][T21777] sd 0:0:1:0: PR command failed: 1026 [ 1557.334980][T21777] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1557.523224][T21777] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1560.564087][T21808] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5172'. [ 1563.250762][T21831] FAULT_INJECTION: forcing a failure. [ 1563.250762][T21831] name failslab, interval 1, probability 0, space 0, times 0 [ 1563.678355][T21831] CPU: 0 UID: 0 PID: 21831 Comm: syz.5.5178 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1563.678391][T21831] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1563.678398][T21831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1563.678409][T21831] Call Trace: [ 1563.678416][T21831] [ 1563.678424][T21831] dump_stack_lvl+0x100/0x190 [ 1563.678456][T21831] should_fail_ex.cold+0x5/0xa [ 1563.678478][T21831] should_failslab+0xc2/0x120 [ 1563.678499][T21831] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1563.678534][T21831] ? vhost_net_open+0x128/0x8b0 [ 1563.678563][T21831] vhost_net_open+0x128/0x8b0 [ 1563.678585][T21831] ? __pfx_vhost_net_open+0x10/0x10 [ 1563.678609][T21831] misc_open+0x26d/0x450 [ 1563.678627][T21831] ? __pfx_misc_open+0x10/0x10 [ 1563.678645][T21831] chrdev_open+0x234/0x6a0 [ 1563.678664][T21831] ? __pfx_apparmor_file_open+0x10/0x10 [ 1563.678692][T21831] ? __pfx_chrdev_open+0x10/0x10 [ 1563.678713][T21831] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1563.678737][T21831] do_dentry_open+0x6d8/0x1660 [ 1563.678756][T21831] ? __pfx_chrdev_open+0x10/0x10 [ 1563.678780][T21831] vfs_open+0x82/0x3f0 [ 1563.678806][T21831] path_openat+0x208c/0x31a0 [ 1563.678833][T21831] ? __pfx_path_openat+0x10/0x10 [ 1563.678861][T21831] do_file_open+0x20e/0x430 [ 1563.678883][T21831] ? __pfx_do_file_open+0x10/0x10 [ 1563.678919][T21831] ? alloc_fd+0x476/0x790 [ 1563.678944][T21831] ? do_getname+0x191/0x390 [ 1563.678970][T21831] do_sys_openat2+0x10d/0x1e0 [ 1563.678994][T21831] ? __pfx_do_sys_openat2+0x10/0x10 [ 1563.679027][T21831] __x64_sys_openat+0x12d/0x210 [ 1563.679052][T21831] ? __pfx___x64_sys_openat+0x10/0x10 [ 1563.679086][T21831] do_syscall_64+0x106/0xf80 [ 1563.679109][T21831] ? clear_bhb_loop+0x40/0x90 [ 1563.679132][T21831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1563.679151][T21831] RIP: 0033:0x7f232c59c799 [ 1563.679167][T21831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1563.679185][T21831] RSP: 002b:00007f232d4e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1563.679204][T21831] RAX: ffffffffffffffda RBX: 00007f232c816090 RCX: 00007f232c59c799 [ 1563.679217][T21831] RDX: 0000000000000000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1563.679228][T21831] RBP: 00007f232c632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1563.679240][T21831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1563.679250][T21831] R13: 00007f232c816128 R14: 00007f232c816090 R15: 00007ffef7d779a8 [ 1563.679274][T21831] [ 1569.939707][ T30] audit: type=1806 audit(2147491631.925:17): xattr="." res=0 [ 1571.896947][T21872] FAULT_INJECTION: forcing a failure. [ 1571.896947][T21872] name failslab, interval 1, probability 0, space 0, times 0 [ 1572.194702][T21873] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1572.339464][T21872] CPU: 0 UID: 0 PID: 21872 Comm: syz.3.5187 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1572.339500][T21872] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1572.339509][T21872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1572.339520][T21872] Call Trace: [ 1572.339527][T21872] [ 1572.339536][T21872] dump_stack_lvl+0x100/0x190 [ 1572.339569][T21872] should_fail_ex.cold+0x5/0xa [ 1572.339592][T21872] should_failslab+0xc2/0x120 [ 1572.339613][T21872] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1572.339642][T21872] ? shmem_alloc_inode+0x25/0x50 [ 1572.339665][T21872] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 1572.339688][T21872] shmem_alloc_inode+0x25/0x50 [ 1572.339709][T21872] alloc_inode+0x68/0x250 [ 1572.339733][T21872] new_inode+0x22/0x1c0 [ 1572.339760][T21872] shmem_get_inode+0x212/0x1040 [ 1572.339787][T21872] ? __pfx_shmem_get_inode+0x10/0x10 [ 1572.339811][T21872] ? d_add+0x443/0x850 [ 1572.339835][T21872] ? do_raw_spin_unlock+0x145/0x1e0 [ 1572.339868][T21872] shmem_mknod+0x20c/0x470 [ 1572.339895][T21872] ? __pfx_shmem_mknod+0x10/0x10 [ 1572.339917][T21872] ? bpf_lsm_inode_create+0x9/0x10 [ 1572.339948][T21872] ? __pfx_shmem_create+0x10/0x10 [ 1572.339972][T21872] lookup_open.isra.0+0xc47/0x11b0 [ 1572.340005][T21872] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1572.340037][T21872] ? __pfx___might_resched+0x10/0x10 [ 1572.340064][T21872] ? mnt_get_write_access+0x52/0x2f0 [ 1572.340094][T21872] ? __pfx_down_write+0x10/0x10 [ 1572.340118][T21872] ? mnt_get_write_access+0x1e9/0x2f0 [ 1572.340147][T21872] path_openat+0x2291/0x31a0 [ 1572.340174][T21872] ? __pfx_path_openat+0x10/0x10 [ 1572.340201][T21872] do_file_open+0x20e/0x430 [ 1572.340223][T21872] ? __pfx_do_file_open+0x10/0x10 [ 1572.340259][T21872] ? alloc_fd+0x476/0x790 [ 1572.340279][T21872] ? do_getname+0x191/0x390 [ 1572.340316][T21872] do_sys_openat2+0x10d/0x1e0 [ 1572.340342][T21872] ? __pfx_do_sys_openat2+0x10/0x10 [ 1572.340374][T21872] ? __fget_files+0x21f/0x3d0 [ 1572.340399][T21872] __x64_sys_openat+0x12d/0x210 [ 1572.340424][T21872] ? __pfx___x64_sys_openat+0x10/0x10 [ 1572.340458][T21872] do_syscall_64+0x106/0xf80 [ 1572.340480][T21872] ? clear_bhb_loop+0x40/0x90 [ 1572.340504][T21872] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1572.340523][T21872] RIP: 0033:0x7f2914d9c799 [ 1572.340541][T21872] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1572.340558][T21872] RSP: 002b:00007f2915b7b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1572.340577][T21872] RAX: ffffffffffffffda RBX: 00007f2915015fa0 RCX: 00007f2914d9c799 [ 1572.340593][T21872] RDX: 00000000000861c2 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 1572.340606][T21872] RBP: 00007f2914e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1572.340617][T21872] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1572.340629][T21872] R13: 00007f2915016038 R14: 00007f2915015fa0 R15: 00007ffd6a45a028 [ 1572.340653][T21872] [ 1578.387326][T21871] Process accounting resumed [ 1581.191632][T21934] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5202'. [ 1588.156652][T21987] FAULT_INJECTION: forcing a failure. [ 1588.156652][T21987] name failslab, interval 1, probability 0, space 0, times 0 [ 1588.703393][T21987] CPU: 0 UID: 0 PID: 21987 Comm: syz.4.5211 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1588.703429][T21987] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1588.703436][T21987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1588.703448][T21987] Call Trace: [ 1588.703454][T21987] [ 1588.703462][T21987] dump_stack_lvl+0x100/0x190 [ 1588.703496][T21987] should_fail_ex.cold+0x5/0xa [ 1588.703518][T21987] should_failslab+0xc2/0x120 [ 1588.703539][T21987] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1588.703563][T21987] ? refill_pi_state_cache+0x91/0x260 [ 1588.703595][T21987] refill_pi_state_cache+0x91/0x260 [ 1588.703624][T21987] futex_lock_pi+0x177/0x7b0 [ 1588.703654][T21987] ? __pfx_futex_lock_pi+0x10/0x10 [ 1588.703684][T21987] ? __pfx___futex_wait+0x10/0x10 [ 1588.703711][T21987] ? lockdep_hardirqs_on+0x78/0x100 [ 1588.703753][T21987] ? __pfx_futex_wake_mark+0x10/0x10 [ 1588.703787][T21987] ? __get_user_nocheck_8+0x20/0x20 [ 1588.703806][T21987] ? do_vfs_ioctl+0x226/0x13e0 [ 1588.703836][T21987] do_futex+0x18a/0x350 [ 1588.703860][T21987] ? __pfx_do_futex+0x10/0x10 [ 1588.703886][T21987] ? find_held_lock+0x2b/0x80 [ 1588.703906][T21987] __x64_sys_futex+0x34f/0x4d0 [ 1588.703933][T21987] ? __pfx___x64_sys_futex+0x10/0x10 [ 1588.703966][T21987] do_syscall_64+0x106/0xf80 [ 1588.703988][T21987] ? clear_bhb_loop+0x40/0x90 [ 1588.704010][T21987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1588.704030][T21987] RIP: 0033:0x7fd782f9c799 [ 1588.704046][T21987] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1588.704064][T21987] RSP: 002b:00007fd783ea4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1588.704082][T21987] RAX: ffffffffffffffda RBX: 00007fd783216090 RCX: 00007fd782f9c799 [ 1588.704094][T21987] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1588.704105][T21987] RBP: 00007fd783032c99 R08: 0000000000000000 R09: 000000008000fff5 [ 1588.704116][T21987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1588.704127][T21987] R13: 00007fd783216128 R14: 00007fd783216090 R15: 00007ffce203c088 [ 1588.704150][T21987] [ 1590.530150][T22006] kAFS: Invalid Command on /proc/fs/afs/cells file [ 1593.918414][T22023] binder: 22022:22023 ioctl c018620c 200000000040 returned -22 [ 1595.022093][T22039] netlink: 9 bytes leftover after parsing attributes in process `syz.2.5225'. [ 1595.155355][ T30] audit: type=1807 audit(2147491657.133:18): UNKNOWN=0"]$|1j0B|dӉO+/xWӦ^gq%ḦrO res=0 [ 1595.304928][ T30] audit: type=1802 audit(2147491657.273:19): pid=22044 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.5.5222" res=0 errno=0 [ 1596.480680][T22034] ima: policy update failed [ 1596.485373][ T30] audit: type=1802 audit(2147491658.463:20): pid=22034 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.5222" res=0 errno=0 [ 1604.096267][T22111] [U] [ 1608.090748][T22156] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5244'. [ 1608.220605][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1608.227352][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.571983][T22151] Process accounting paused [ 1609.337545][T22168] FAULT_INJECTION: forcing a failure. [ 1609.337545][T22168] name failslab, interval 1, probability 0, space 0, times 0 [ 1609.503528][T22168] CPU: 0 UID: 0 PID: 22168 Comm: syz.2.5248 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1609.503563][T22168] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1609.503570][T22168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1609.503583][T22168] Call Trace: [ 1609.503590][T22168] [ 1609.503598][T22168] dump_stack_lvl+0x100/0x190 [ 1609.503630][T22168] should_fail_ex.cold+0x5/0xa [ 1609.503653][T22168] should_failslab+0xc2/0x120 [ 1609.503673][T22168] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1609.503703][T22168] ? do_kmem_cache_create+0x18c/0x540 [ 1609.503727][T22168] do_kmem_cache_create+0x18c/0x540 [ 1609.503750][T22168] __kmem_cache_create_args+0x386/0x420 [ 1609.503779][T22168] mon_text_open+0x333/0x510 [ 1609.503807][T22168] ? __pfx_mon_text_open+0x10/0x10 [ 1609.503836][T22168] ? __pfx_mon_text_ctor+0x10/0x10 [ 1609.503860][T22168] ? find_held_lock+0x2b/0x80 [ 1609.503879][T22168] ? __pfx_apparmor_file_open+0x10/0x10 [ 1609.503904][T22168] ? lockdown_is_locked_down+0x3d/0x140 [ 1609.503928][T22168] ? bpf_lsm_locked_down+0x9/0x10 [ 1609.503952][T22168] ? __pfx_mon_text_open+0x10/0x10 [ 1609.503977][T22168] full_proxy_open_regular+0x1b6/0x370 [ 1609.504006][T22168] do_dentry_open+0x6d8/0x1660 [ 1609.504024][T22168] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 1609.504056][T22168] vfs_open+0x82/0x3f0 [ 1609.504083][T22168] path_openat+0x208c/0x31a0 [ 1609.504110][T22168] ? __pfx_path_openat+0x10/0x10 [ 1609.504139][T22168] do_file_open+0x20e/0x430 [ 1609.504168][T22168] ? __pfx_do_file_open+0x10/0x10 [ 1609.504204][T22168] ? alloc_fd+0x476/0x790 [ 1609.504225][T22168] ? do_getname+0x191/0x390 [ 1609.504250][T22168] do_sys_openat2+0x10d/0x1e0 [ 1609.504275][T22168] ? __pfx_do_sys_openat2+0x10/0x10 [ 1609.504302][T22168] ? __sys_sendmsg+0x18f/0x220 [ 1609.504331][T22168] __x64_sys_openat+0x12d/0x210 [ 1609.504357][T22168] ? __pfx___x64_sys_openat+0x10/0x10 [ 1609.504392][T22168] do_syscall_64+0x106/0xf80 [ 1609.504414][T22168] ? clear_bhb_loop+0x40/0x90 [ 1609.504438][T22168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1609.504458][T22168] RIP: 0033:0x7f09edd9c799 [ 1609.504474][T22168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1609.504492][T22168] RSP: 002b:00007f09eeba2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1609.504511][T22168] RAX: ffffffffffffffda RBX: 00007f09ee015fa0 RCX: 00007f09edd9c799 [ 1609.504524][T22168] RDX: 0000000000022202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1609.504535][T22168] RBP: 00007f09ede32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1609.504547][T22168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1609.504558][T22168] R13: 00007f09ee016038 R14: 00007f09ee015fa0 R15: 00007ffdaacda488 [ 1609.504582][T22168] [ 1609.504697][T22168] __kmem_cache_create_args(mon_text_ffff888079646400) failed with error -22 [ 1610.594663][T22174] netlink: 25 bytes leftover after parsing attributes in process `syz.5.5250'. [ 1612.708534][T22168] CPU: 0 UID: 0 PID: 22168 Comm: syz.2.5248 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1612.708570][T22168] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1612.708578][T22168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1612.708590][T22168] Call Trace: [ 1612.708597][T22168] [ 1612.708605][T22168] dump_stack_lvl+0x100/0x190 [ 1612.708638][T22168] __kmem_cache_create_args.cold+0x33/0x6e [ 1612.708667][T22168] mon_text_open+0x333/0x510 [ 1612.708696][T22168] ? __pfx_mon_text_open+0x10/0x10 [ 1612.708725][T22168] ? __pfx_mon_text_ctor+0x10/0x10 [ 1612.708752][T22168] ? find_held_lock+0x2b/0x80 [ 1612.708770][T22168] ? __pfx_apparmor_file_open+0x10/0x10 [ 1612.708798][T22168] ? lockdown_is_locked_down+0x3d/0x140 [ 1612.708823][T22168] ? bpf_lsm_locked_down+0x9/0x10 [ 1612.708846][T22168] ? __pfx_mon_text_open+0x10/0x10 [ 1612.708872][T22168] full_proxy_open_regular+0x1b6/0x370 [ 1612.708901][T22168] do_dentry_open+0x6d8/0x1660 [ 1612.708920][T22168] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 1612.708953][T22168] vfs_open+0x82/0x3f0 [ 1612.708979][T22168] path_openat+0x208c/0x31a0 [ 1612.709007][T22168] ? __pfx_path_openat+0x10/0x10 [ 1612.709035][T22168] do_file_open+0x20e/0x430 [ 1612.709057][T22168] ? __pfx_do_file_open+0x10/0x10 [ 1612.709100][T22168] ? alloc_fd+0x476/0x790 [ 1612.709121][T22168] ? do_getname+0x191/0x390 [ 1612.709147][T22168] do_sys_openat2+0x10d/0x1e0 [ 1612.709172][T22168] ? __pfx_do_sys_openat2+0x10/0x10 [ 1612.709199][T22168] ? __sys_sendmsg+0x18f/0x220 [ 1612.709227][T22168] __x64_sys_openat+0x12d/0x210 [ 1612.709253][T22168] ? __pfx___x64_sys_openat+0x10/0x10 [ 1612.709288][T22168] do_syscall_64+0x106/0xf80 [ 1612.709311][T22168] ? clear_bhb_loop+0x40/0x90 [ 1612.709336][T22168] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1612.709355][T22168] RIP: 0033:0x7f09edd9c799 [ 1612.709372][T22168] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1612.709395][T22168] RSP: 002b:00007f09eeba2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1612.709414][T22168] RAX: ffffffffffffffda RBX: 00007f09ee015fa0 RCX: 00007f09edd9c799 [ 1612.709426][T22168] RDX: 0000000000022202 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1612.709438][T22168] RBP: 00007f09ede32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1612.709449][T22168] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1612.709460][T22168] R13: 00007f09ee016038 R14: 00007f09ee015fa0 R15: 00007ffdaacda488 [ 1612.709485][T22168] [ 1612.968042][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802ad63000: rx timeout, send abort [ 1613.476261][ C0] vcan0: j1939_tp_rxtimer: 0xffff88802ad63000: abort rx timeout. Force session deactivation [ 1615.074381][T22197] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5257'. [ 1615.370230][T22197] bridge_slave_1 (unregistering): left allmulticast mode [ 1615.567753][T22197] bridge_slave_1 (unregistering): left promiscuous mode [ 1615.668087][T22197] bridge0: port 2(bridge_slave_1) entered disabled state [ 1616.415927][T22208] FAULT_INJECTION: forcing a failure. [ 1616.415927][T22208] name failslab, interval 1, probability 0, space 0, times 0 [ 1616.599031][T22208] CPU: 0 UID: 0 PID: 22208 Comm: syz.4.5259 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1616.599074][T22208] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1616.599082][T22208] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1616.599094][T22208] Call Trace: [ 1616.599101][T22208] [ 1616.599109][T22208] dump_stack_lvl+0x100/0x190 [ 1616.599142][T22208] should_fail_ex.cold+0x5/0xa [ 1616.599164][T22208] should_failslab+0xc2/0x120 [ 1616.599185][T22208] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1616.599210][T22208] ? snd_seq_port_connect+0x61/0x560 [ 1616.599237][T22208] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 1616.599263][T22208] ? snd_seq_port_use_ptr+0x14d/0x1b0 [ 1616.599293][T22208] snd_seq_port_connect+0x61/0x560 [ 1616.599320][T22208] ? _raw_read_unlock+0x28/0x50 [ 1616.599341][T22208] ? check_subscription_permission.isra.0+0x146/0x240 [ 1616.599373][T22208] snd_seq_ioctl_subscribe_port+0x219/0x490 [ 1616.599405][T22208] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 1616.599445][T22208] call_seq_client_ctl+0xa3/0x130 [ 1616.599473][T22208] snd_seq_kernel_client_ctl+0x77/0xd0 [ 1616.599501][T22208] snd_seq_oss_midi_open+0x48b/0x6b0 [ 1616.599524][T22208] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 1616.599545][T22208] ? find_held_lock+0x2b/0x80 [ 1616.599568][T22208] ? lockdep_hardirqs_on+0x78/0x100 [ 1616.599590][T22208] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1616.599612][T22208] ? get_mididev+0x115/0x160 [ 1616.599632][T22208] snd_seq_oss_synth_setup_midi+0x131/0x590 [ 1616.599659][T22208] snd_seq_oss_open+0x82e/0xa10 [ 1616.599692][T22208] odev_open+0x79/0xc0 [ 1616.599716][T22208] ? __pfx_odev_open+0x10/0x10 [ 1616.599741][T22208] soundcore_open+0x2e3/0x5a0 [ 1616.599771][T22208] ? __pfx_soundcore_open+0x10/0x10 [ 1616.599798][T22208] chrdev_open+0x234/0x6a0 [ 1616.599817][T22208] ? __pfx_apparmor_file_open+0x10/0x10 [ 1616.599845][T22208] ? __pfx_chrdev_open+0x10/0x10 [ 1616.599865][T22208] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1616.599890][T22208] do_dentry_open+0x6d8/0x1660 [ 1616.599909][T22208] ? __pfx_chrdev_open+0x10/0x10 [ 1616.599933][T22208] vfs_open+0x82/0x3f0 [ 1616.599960][T22208] path_openat+0x208c/0x31a0 [ 1616.599987][T22208] ? __pfx_path_openat+0x10/0x10 [ 1616.600015][T22208] do_file_open+0x20e/0x430 [ 1616.600036][T22208] ? __pfx_do_file_open+0x10/0x10 [ 1616.600079][T22208] ? alloc_fd+0x476/0x790 [ 1616.600099][T22208] ? do_getname+0x191/0x390 [ 1616.600125][T22208] do_sys_openat2+0x10d/0x1e0 [ 1616.600149][T22208] ? __pfx_do_sys_openat2+0x10/0x10 [ 1616.600183][T22208] __x64_sys_openat+0x12d/0x210 [ 1616.600208][T22208] ? __pfx___x64_sys_openat+0x10/0x10 [ 1616.600242][T22208] do_syscall_64+0x106/0xf80 [ 1616.600265][T22208] ? clear_bhb_loop+0x40/0x90 [ 1616.600289][T22208] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1616.600309][T22208] RIP: 0033:0x7fd782f9c799 [ 1616.600325][T22208] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1616.600343][T22208] RSP: 002b:00007fd783ec5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1616.600362][T22208] RAX: ffffffffffffffda RBX: 00007fd783215fa0 RCX: 00007fd782f9c799 [ 1616.600374][T22208] RDX: 0000000000000002 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1616.600386][T22208] RBP: 00007fd783032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1616.600397][T22208] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1616.600408][T22208] R13: 00007fd783216038 R14: 00007fd783215fa0 R15: 00007ffce203c088 [ 1616.600432][T22208] [ 1624.967019][T22244] ptrace attach of "./syz-executor exec"[5823] was attempted by "xdA1ӟpU\x1bڼ,yV8>yCm,hti/T\x1b{vȉz%,ڄ.dnQd2lHyIbϤD'SptqFB{?>TN\x0d9IdOqFS@7SY++[Rr>{V´@h+-Zۡ'\x07sc7*v/Vð[zUȁ45Y>ӧp#|΅&o@}#vVG@``&xS09[¥65gdzk24p።V'{{cm^6|OIǹv쐭x\x09ǞfO,A(#ʗ^ָ]?,P_8m9\x0cZ+ssÎN&Wd.NOT)H\x5c %mb 7sfצרޞ3;;Y+x_HScKәZK߯(SUY;wE6B\x0cI&sTǹ%ILRc鬾VuyBqhs9ro\x22^D<<ΊsC<Ӵ)Wbɽ%6m-\x0d9 \x5cҥqY.W\x0d~3\x07'06:#'5SwG8mP=c;){0c}ZFL\x07߳1qUuk{xpǃ:(Ȼ!\x5cT۲֤bѮ4J;.\x09[ʳ5\x22ADr]I\x09+e]p@x\x0dc8f\x0d9Φt wש4b뇔\x0bFU#H..6 [ 1627.790611][T22274] netlink: 17 bytes leftover after parsing attributes in process `syz.4.5275'. [ 1629.949477][T22296] ubi0: attaching mtd0 [ 1630.018914][T22296] ubi0: scanning is finished [ 1630.026194][T22261] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1630.064022][T22296] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1630.673050][T22296] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1632.058532][T22261] Bluetooth: hci2: command 0x0406 tx timeout [ 1632.240866][T22304] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1632.250503][T22304] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 1632.260909][T22304] CPU: 0 UID: 0 PID: 22304 Comm: kworker/u11:2 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1632.260941][T22304] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1632.260948][T22304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1632.260962][T22304] Workqueue: hci2 hci_rx_work [ 1632.260985][T22304] Call Trace: [ 1632.260992][T22304] [ 1632.261000][T22304] dump_stack_lvl+0x100/0x190 [ 1632.261030][T22304] sysfs_warn_dup.cold+0x1c/0x28 [ 1632.261062][T22304] sysfs_create_dir_ns+0x24b/0x2b0 [ 1632.261088][T22304] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1632.261115][T22304] ? find_held_lock+0x2b/0x80 [ 1632.261133][T22304] ? kobject_add_internal+0x25f/0x930 [ 1632.261160][T22304] ? kobject_add_internal+0x25f/0x930 [ 1632.261189][T22304] ? do_raw_spin_unlock+0x145/0x1e0 [ 1632.261218][T22304] kobject_add_internal+0x2c8/0x930 [ 1632.261248][T22304] kobject_add+0x16a/0x1e0 [ 1632.261275][T22304] ? __pfx_kobject_add+0x10/0x10 [ 1632.261312][T22304] ? class_to_subsys+0x10f/0x150 [ 1632.261336][T22304] ? kobject_put+0xb9/0x640 [ 1632.261359][T22304] ? _raw_spin_unlock+0x28/0x50 [ 1632.261386][T22304] device_add+0x294/0x1950 [ 1632.261405][T22304] ? __pfx_dev_set_name+0x10/0x10 [ 1632.261428][T22304] ? __pfx_device_add+0x10/0x10 [ 1632.261447][T22304] ? mgmt_send_event_skb+0x2fb/0x460 [ 1632.261474][T22304] hci_conn_add_sysfs+0x1a3/0x260 [ 1632.261498][T22304] le_conn_complete_evt+0x11cb/0x1f40 [ 1632.261523][T22304] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1632.261540][T22304] ? __pfx_bt_warn+0x10/0x10 [ 1632.261568][T22304] hci_le_conn_complete_evt+0x23c/0x3a0 [ 1632.261588][T22304] ? skb_pull_data+0x15f/0x1e0 [ 1632.261620][T22304] hci_le_meta_evt+0x34a/0x5f0 [ 1632.261641][T22304] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1632.261664][T22304] hci_event_packet+0x682/0x11c0 [ 1632.261683][T22304] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1632.261705][T22304] ? __pfx_hci_event_packet+0x10/0x10 [ 1632.261727][T22304] ? kcov_remote_start+0x374/0x660 [ 1632.261745][T22304] ? lockdep_hardirqs_on+0x78/0x100 [ 1632.261773][T22304] hci_rx_work+0x451/0xfc0 [ 1632.261797][T22304] process_one_work+0x9d7/0x1920 [ 1632.261833][T22304] ? __pfx_process_one_work+0x10/0x10 [ 1632.261867][T22304] ? __pfx_hci_rx_work+0x10/0x10 [ 1632.261887][T22304] worker_thread+0x5da/0xe40 [ 1632.261927][T22304] ? __pfx_worker_thread+0x10/0x10 [ 1632.261954][T22304] ? kthread+0x13a/0x450 [ 1632.261976][T22304] ? __pfx_worker_thread+0x10/0x10 [ 1632.262001][T22304] kthread+0x370/0x450 [ 1632.262025][T22304] ? __pfx_kthread+0x10/0x10 [ 1632.262053][T22304] ret_from_fork+0x754/0xd80 [ 1632.262082][T22304] ? __pfx_ret_from_fork+0x10/0x10 [ 1632.262109][T22304] ? rcu_is_watching+0x12/0xc0 [ 1632.262137][T22304] ? __switch_to+0x7b4/0x1120 [ 1632.262157][T22304] ? __pfx_kthread+0x10/0x10 [ 1632.262183][T22304] ret_from_fork_asm+0x1a/0x30 [ 1632.262221][T22304] [ 1632.262245][T22304] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1632.588522][T22304] Bluetooth: hci2: failed to register connection device [ 1634.138079][T22304] Bluetooth: hci2: command 0x0406 tx timeout [ 1634.157670][T22369] nbd: must specify at least one socket [ 1636.676887][T22261] Bluetooth: hci0: Malformed LE Event: 0x0b [ 1638.730982][T22404] Process accounting resumed [ 1639.148391][T22414] netlink: 'syz.4.5314': attribute type 2 has an invalid length. [ 1642.132258][T22447] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5323'. [ 1642.158651][T22449] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5324'. [ 1642.679346][T22462] FAULT_INJECTION: forcing a failure. [ 1642.679346][T22462] name failslab, interval 1, probability 0, space 0, times 0 [ 1642.766166][T22462] CPU: 0 UID: 0 PID: 22462 Comm: syz.4.5328 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1642.766202][T22462] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1642.766215][T22462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1642.766227][T22462] Call Trace: [ 1642.766234][T22462] [ 1642.766243][T22462] dump_stack_lvl+0x100/0x190 [ 1642.766276][T22462] should_fail_ex.cold+0x5/0xa [ 1642.766299][T22462] should_failslab+0xc2/0x120 [ 1642.766319][T22462] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1642.766348][T22462] ? __d_alloc+0x34/0xa80 [ 1642.766373][T22462] __d_alloc+0x34/0xa80 [ 1642.766396][T22462] d_alloc+0x4a/0x1e0 [ 1642.766418][T22462] lookup_one_qstr_excl+0x175/0x250 [ 1642.766446][T22462] start_dirop+0x59/0xb0 [ 1642.766477][T22462] simple_start_creating+0xf9/0x110 [ 1642.766507][T22462] ? __pfx_simple_start_creating+0x10/0x10 [ 1642.766543][T22462] nfsd_mkdir+0xf6/0x460 [ 1642.766560][T22462] ? dput.part.0+0xdd/0x570 [ 1642.766585][T22462] nfsd_fill_super+0x3f9/0x560 [ 1642.766605][T22462] ? __pfx_nfsd_fill_super+0x10/0x10 [ 1642.766622][T22462] get_tree_keyed+0x10e/0x1d0 [ 1642.766652][T22462] vfs_get_tree+0x92/0x320 [ 1642.766678][T22462] path_mount+0x7d0/0x23d0 [ 1642.766704][T22462] ? __pfx_path_mount+0x10/0x10 [ 1642.766724][T22462] ? lockdep_hardirqs_on+0x78/0x100 [ 1642.766750][T22462] ? putname+0xb1/0x110 [ 1642.766767][T22462] ? kmem_cache_free+0x124/0x6a0 [ 1642.766800][T22462] ? __x64_sys_mount+0x293/0x310 [ 1642.766821][T22462] __x64_sys_mount+0x293/0x310 [ 1642.766843][T22462] ? __pfx___x64_sys_mount+0x10/0x10 [ 1642.766872][T22462] do_syscall_64+0x106/0xf80 [ 1642.766894][T22462] ? clear_bhb_loop+0x40/0x90 [ 1642.766917][T22462] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1642.766936][T22462] RIP: 0033:0x7fd782f9c799 [ 1642.766953][T22462] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1642.766972][T22462] RSP: 002b:00007fd783ec5028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1642.766992][T22462] RAX: ffffffffffffffda RBX: 00007fd783215fa0 RCX: 00007fd782f9c799 [ 1642.767004][T22462] RDX: 00002000000001c0 RSI: 00002000000000c0 RDI: 0000000000000000 [ 1642.767015][T22462] RBP: 00007fd783032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1642.767034][T22462] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1642.767045][T22462] R13: 00007fd783216038 R14: 00007fd783215fa0 R15: 00007ffce203c088 [ 1642.767069][T22462] [ 1644.635284][T22487] netlink: 5 bytes leftover after parsing attributes in process `syz.2.5336'. [ 1644.682686][T22487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5336'. [ 1645.006391][T22491] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5337'. [ 1645.152346][T22484] misc userio: Invalid payload size [ 1646.877865][T22494] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1646.917868][T22494] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1647.006102][T22494] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1647.026353][T22494] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1647.044395][T22494] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1647.338204][T22261] Bluetooth: hci2: command 0x0406 tx timeout [ 1647.408633][T22528] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1647.463426][T22528] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1647.489590][T22528] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1647.531262][T22528] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1647.620003][T22520] FAULT_INJECTION: forcing a failure. [ 1647.620003][T22520] name failslab, interval 1, probability 0, space 0, times 0 [ 1647.939788][T22520] CPU: 0 UID: 0 PID: 22520 Comm: syz.5.5343 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1647.939823][T22520] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1647.939831][T22520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1647.939841][T22520] Call Trace: [ 1647.939848][T22520] [ 1647.939861][T22520] dump_stack_lvl+0x100/0x190 [ 1647.939893][T22520] should_fail_ex.cold+0x5/0xa [ 1647.939916][T22520] should_failslab+0xc2/0x120 [ 1647.939943][T22520] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1647.939975][T22520] ? __alloc_workqueue+0x711/0x1880 [ 1647.939997][T22520] ? lockdep_init_map_type+0x5c/0x250 [ 1647.940026][T22520] __alloc_workqueue+0x711/0x1880 [ 1647.940052][T22520] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1647.940076][T22520] alloc_workqueue_noprof+0xd2/0x200 [ 1647.940100][T22520] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1647.940128][T22520] ? __pfx___debug_object_init+0x10/0x10 [ 1647.940162][T22520] nci_register_device+0x511/0xb80 [ 1647.940194][T22520] ? __pfx_nci_register_device+0x10/0x10 [ 1647.940227][T22520] ? lockdep_init_map_type+0x5c/0x250 [ 1647.940256][T22520] virtual_ncidev_open+0x141/0x220 [ 1647.940279][T22520] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1647.940300][T22520] misc_open+0x26d/0x450 [ 1647.940319][T22520] ? __pfx_misc_open+0x10/0x10 [ 1647.940336][T22520] chrdev_open+0x234/0x6a0 [ 1647.940355][T22520] ? __pfx_apparmor_file_open+0x10/0x10 [ 1647.940383][T22520] ? __pfx_chrdev_open+0x10/0x10 [ 1647.940403][T22520] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1647.940429][T22520] do_dentry_open+0x6d8/0x1660 [ 1647.940447][T22520] ? __pfx_chrdev_open+0x10/0x10 [ 1647.940472][T22520] vfs_open+0x82/0x3f0 [ 1647.940498][T22520] path_openat+0x208c/0x31a0 [ 1647.940525][T22520] ? __pfx_path_openat+0x10/0x10 [ 1647.940552][T22520] do_file_open+0x20e/0x430 [ 1647.940573][T22520] ? __pfx_do_file_open+0x10/0x10 [ 1647.940610][T22520] ? alloc_fd+0x476/0x790 [ 1647.940630][T22520] ? do_getname+0x191/0x390 [ 1647.940655][T22520] do_sys_openat2+0x10d/0x1e0 [ 1647.940680][T22520] ? __pfx_do_sys_openat2+0x10/0x10 [ 1647.940713][T22520] __x64_sys_openat+0x12d/0x210 [ 1647.940738][T22520] ? __pfx___x64_sys_openat+0x10/0x10 [ 1647.940772][T22520] do_syscall_64+0x106/0xf80 [ 1647.940794][T22520] ? clear_bhb_loop+0x40/0x90 [ 1647.940817][T22520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1647.940837][T22520] RIP: 0033:0x7f232c59c799 [ 1647.940853][T22520] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1647.940871][T22520] RSP: 002b:00007f232d508028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1647.940889][T22520] RAX: ffffffffffffffda RBX: 00007f232c815fa0 RCX: 00007f232c59c799 [ 1647.940902][T22520] RDX: 0000000000000002 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1647.940913][T22520] RBP: 00007f232c632c99 R08: 0000000000000000 R09: 0000000000000000 [ 1647.940931][T22520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1647.940942][T22520] R13: 00007f232c816038 R14: 00007f232c815fa0 R15: 00007ffef7d779a8 [ 1647.940966][T22520] [ 1649.418182][T22261] Bluetooth: hci2: command 0x0406 tx timeout [ 1649.501716][T22261] Bluetooth: hci4: command 0x0406 tx timeout [ 1649.507864][T22304] Bluetooth: hci3: command 0x0406 tx timeout [ 1649.577800][T22261] Bluetooth: hci0: command 0x0c1a tx timeout [ 1649.903799][T22557] input: jJǸ-9%vJ86 as /devices/virtual/input/input19 [ 1650.093119][T22562] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5354'. [ 1650.242673][T22564] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5355'. [ 1652.250188][ T30] audit: type=1804 audit(2147491714.233:21): pid=22591 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.5361" name="/newroot/1345/file0" dev="tmpfs" ino=6928 res=1 errno=0 [ 1652.397734][ T30] audit: type=1804 audit(2147491714.293:22): pid=22595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.5361" name="/newroot/1345/file0" dev="tmpfs" ino=6928 res=1 errno=0 [ 1653.233865][T22607] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5365'. [ 1653.298384][T22609] netlink: 'syz.4.5365': attribute type 1 has an invalid length. [ 1653.356205][T22609] netlink: 51505 bytes leftover after parsing attributes in process `syz.4.5365'. [ 1653.554863][T22612] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5366'. [ 1653.577503][T22612] netlink: 354 bytes leftover after parsing attributes in process `syz.2.5366'. [ 1653.676569][T22614] input: f as /devices/virtual/input/input20 [ 1653.716280][T22614] FAULT_INJECTION: forcing a failure. [ 1653.716280][T22614] name failslab, interval 1, probability 0, space 0, times 0 [ 1653.777429][T22614] CPU: 0 UID: 0 PID: 22614 Comm: syz.4.5367 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1653.777464][T22614] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1653.777472][T22614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1653.777484][T22614] Call Trace: [ 1653.777491][T22614] [ 1653.777499][T22614] dump_stack_lvl+0x100/0x190 [ 1653.777533][T22614] should_fail_ex.cold+0x5/0xa [ 1653.777555][T22614] should_failslab+0xc2/0x120 [ 1653.777580][T22614] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1653.777608][T22614] ? __kernfs_new_node+0xd2/0x960 [ 1653.777639][T22614] __kernfs_new_node+0xd2/0x960 [ 1653.777668][T22614] ? __pfx___kernfs_new_node+0x10/0x10 [ 1653.777701][T22614] ? find_held_lock+0x2b/0x80 [ 1653.777719][T22614] ? kernfs_root+0xee/0x2a0 [ 1653.777744][T22614] ? kernfs_root+0xee/0x2a0 [ 1653.777775][T22614] kernfs_new_node+0x11b/0x1a0 [ 1653.777807][T22614] kernfs_create_dir_ns+0x4c/0x1a0 [ 1653.777840][T22614] internal_create_group+0x36f/0xf40 [ 1653.777873][T22614] ? kernfs_add_one+0x214/0x850 [ 1653.777904][T22614] ? __pfx_internal_create_group+0x10/0x10 [ 1653.777934][T22614] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1653.777966][T22614] ? bus_to_subsys+0x114/0x150 [ 1653.777997][T22614] dpm_sysfs_add+0x80/0x280 [ 1653.778027][T22614] device_add+0x9ef/0x1950 [ 1653.778047][T22614] ? __pfx_device_add+0x10/0x10 [ 1653.778072][T22614] ? kobject_get+0xbb/0x150 [ 1653.778099][T22614] cdev_device_add+0x12b/0x270 [ 1653.778121][T22614] evdev_connect+0x3a8/0x4b0 [ 1653.778149][T22614] input_attach_handler.isra.0+0x177/0x1e0 [ 1653.778178][T22614] input_register_device.cold+0x139/0x375 [ 1653.778205][T22614] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 1653.778237][T22614] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1653.778263][T22614] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1653.778300][T22614] ? find_held_lock+0x2b/0x80 [ 1653.778317][T22614] ? __fget_files+0x215/0x3d0 [ 1653.778345][T22614] ? __pfx_uinput_ioctl+0x10/0x10 [ 1653.778364][T22614] __x64_sys_ioctl+0x18e/0x210 [ 1653.778392][T22614] do_syscall_64+0x106/0xf80 [ 1653.778414][T22614] ? clear_bhb_loop+0x40/0x90 [ 1653.778436][T22614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1653.778455][T22614] RIP: 0033:0x7fd782f9c799 [ 1653.778472][T22614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1653.778490][T22614] RSP: 002b:00007fd783ec5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1653.778510][T22614] RAX: ffffffffffffffda RBX: 00007fd783215fa0 RCX: 00007fd782f9c799 [ 1653.778522][T22614] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000009 [ 1653.778533][T22614] RBP: 00007fd783032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1653.778544][T22614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1653.778555][T22614] R13: 00007fd783216038 R14: 00007fd783215fa0 R15: 00007ffce203c088 [ 1653.778580][T22614] [ 1654.393334][T22626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5371'. [ 1654.410653][T22618] can: request_module (can-proto-5) failed. [ 1654.420408][T22626] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5371'. [ 1655.790089][T22614] input: failed to attach handler evdev to device input20, error: -12 [ 1656.400018][T22652] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5378'. [ 1658.045421][T22672] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5382'. [ 1658.095888][T22672] netlink: 'syz.2.5382': attribute type 1 has an invalid length. [ 1658.139812][T22672] netlink: 'syz.2.5382': attribute type 6 has an invalid length. [ 1658.402898][T22674] can0: slcan on ttyS2. [ 1658.518475][T22674] can0 (unregistered): slcan off ttyS2. [ 1660.145594][T22710] Trying to write to read-only block-device sda1 [ 1660.667496][T22261] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 1661.612376][T22740] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1661.889169][T22304] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1661.899874][T22304] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1661.908289][T22304] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1661.916566][T22304] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1661.928198][T22304] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1662.575052][T22742] chnl_net:caif_netlink_parms(): no params data found [ 1662.945804][T22742] bridge0: port 1(bridge_slave_0) entered blocking state [ 1662.984789][T22742] bridge0: port 1(bridge_slave_0) entered disabled state [ 1663.017534][T22742] bridge_slave_0: entered allmulticast mode [ 1663.035355][T22742] bridge_slave_0: entered promiscuous mode [ 1663.063563][T22742] bridge0: port 2(bridge_slave_1) entered blocking state [ 1663.110302][T22742] bridge0: port 2(bridge_slave_1) entered disabled state [ 1663.146733][T22742] bridge_slave_1: entered allmulticast mode [ 1663.182129][T22742] bridge_slave_1: entered promiscuous mode [ 1663.350371][T22742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1663.418667][T22742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1663.539509][T22742] team0: Port device team_slave_0 added [ 1663.547285][T22742] team0: Port device team_slave_1 added [ 1663.690145][T22742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1663.727290][T22742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1663.797444][T22769] netlink: 354 bytes leftover after parsing attributes in process `syz.4.5401'. [ 1663.843463][T22742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1663.890964][T22742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1663.925022][T22742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1663.977993][T22304] Bluetooth: hci1: command tx timeout [ 1664.052885][T22742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1664.075328][T22777] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5404'. [ 1664.111838][T22777] netlink: 354 bytes leftover after parsing attributes in process `syz.2.5404'. [ 1664.244555][T22742] hsr_slave_0: entered promiscuous mode [ 1664.284542][T22742] hsr_slave_1: entered promiscuous mode [ 1664.313097][T22742] debugfs: 'hsr0' already exists in 'hsr' [ 1664.336920][T22742] Cannot create hsr debugfs directory [ 1664.388988][T22785] FAULT_INJECTION: forcing a failure. [ 1664.388988][T22785] name failslab, interval 1, probability 0, space 0, times 0 [ 1664.440273][T22785] CPU: 0 UID: 0 PID: 22785 Comm: syz.2.5407 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1664.440308][T22785] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1664.440316][T22785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1664.440327][T22785] Call Trace: [ 1664.440334][T22785] [ 1664.440342][T22785] dump_stack_lvl+0x100/0x190 [ 1664.440375][T22785] should_fail_ex.cold+0x5/0xa [ 1664.440397][T22785] ? __netlink_kernel_create+0x181/0x750 [ 1664.440423][T22785] should_failslab+0xc2/0x120 [ 1664.440442][T22785] __kmalloc_noprof+0xe0/0x850 [ 1664.440475][T22785] __netlink_kernel_create+0x181/0x750 [ 1664.440503][T22785] ? __pfx___netlink_kernel_create+0x10/0x10 [ 1664.440528][T22785] ? find_held_lock+0x2b/0x80 [ 1664.440545][T22785] ? audit_net_init+0x190/0x440 [ 1664.440569][T22785] ? audit_net_init+0x190/0x440 [ 1664.440598][T22785] audit_net_init+0x1ae/0x440 [ 1664.440622][T22785] ? __pfx_audit_net_init+0x10/0x10 [ 1664.440646][T22785] ? rcu_is_watching+0x12/0xc0 [ 1664.440673][T22785] ? __pfx_audit_receive+0x10/0x10 [ 1664.440701][T22785] ? __pfx_audit_multicast_bind+0x10/0x10 [ 1664.440728][T22785] ? __pfx_audit_multicast_unbind+0x10/0x10 [ 1664.440757][T22785] ? __kmalloc_noprof+0x320/0x850 [ 1664.440788][T22785] ? __pfx_audit_net_init+0x10/0x10 [ 1664.440812][T22785] ops_init+0x1e2/0x5f0 [ 1664.440838][T22785] setup_net+0x118/0x3a0 [ 1664.440862][T22785] ? __pfx_setup_net+0x10/0x10 [ 1664.440884][T22785] ? lockdep_init_map_type+0x5c/0x250 [ 1664.440909][T22785] ? mutex_init_lockep+0x110/0x150 [ 1664.440966][T22785] copy_net_ns+0x46f/0x7c0 [ 1664.440997][T22785] create_new_namespaces+0x3ea/0xac0 [ 1664.441022][T22785] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1664.441045][T22785] ksys_unshare+0x473/0xad0 [ 1664.441069][T22785] ? __pfx_ksys_unshare+0x10/0x10 [ 1664.441102][T22785] __x64_sys_unshare+0x31/0x40 [ 1664.441125][T22785] do_syscall_64+0x106/0xf80 [ 1664.441148][T22785] ? clear_bhb_loop+0x40/0x90 [ 1664.441171][T22785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1664.441190][T22785] RIP: 0033:0x7f09edd9c799 [ 1664.441207][T22785] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1664.441225][T22785] RSP: 002b:00007f09eeba2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1664.441244][T22785] RAX: ffffffffffffffda RBX: 00007f09ee015fa0 RCX: 00007f09edd9c799 [ 1664.441257][T22785] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1664.441271][T22785] RBP: 00007f09ede32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1664.441282][T22785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1664.441293][T22785] R13: 00007f09ee016038 R14: 00007f09ee015fa0 R15: 00007ffdaacda488 [ 1664.441318][T22785] [ 1664.441396][T22785] audit: cannot initialize netlink socket in namespace [ 1665.208833][T22742] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1665.235137][T22742] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1665.266041][T22742] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1665.293329][T22742] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1665.641954][T22742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1665.726355][T22742] 8021q: adding VLAN 0 to HW filter on device team0 [ 1665.792512][T22801] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5409'. [ 1665.865050][T22803] FAULT_INJECTION: forcing a failure. [ 1665.865050][T22803] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1665.928333][T22268] bridge0: port 1(bridge_slave_0) entered blocking state [ 1665.935580][T22268] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1666.000580][T22334] bridge0: port 2(bridge_slave_1) entered blocking state [ 1666.007765][T22334] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1666.015531][T22803] CPU: 0 UID: 0 PID: 22803 Comm: syz.2.5409 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1666.015562][T22803] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1666.015570][T22803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1666.015580][T22803] Call Trace: [ 1666.015594][T22803] [ 1666.015602][T22803] dump_stack_lvl+0x100/0x190 [ 1666.015636][T22803] should_fail_ex.cold+0x5/0xa [ 1666.015659][T22803] core_sys_select+0x9b9/0xbb0 [ 1666.015694][T22803] ? __pfx_core_sys_select+0x10/0x10 [ 1666.015760][T22803] ? ktime_get_ts64+0x2d2/0x3f0 [ 1666.015781][T22803] ? read_tsc+0x9/0x20 [ 1666.015801][T22803] ? ktime_get_ts64+0x256/0x3f0 [ 1666.015823][T22803] kern_select+0x20c/0x270 [ 1666.015854][T22803] ? __pfx_kern_select+0x10/0x10 [ 1666.015891][T22803] __x64_sys_select+0xbd/0x160 [ 1666.015919][T22803] ? do_syscall_64+0x95/0xf80 [ 1666.015942][T22803] ? lockdep_hardirqs_on+0x78/0x100 [ 1666.015966][T22803] do_syscall_64+0x106/0xf80 [ 1666.015988][T22803] ? clear_bhb_loop+0x40/0x90 [ 1666.016011][T22803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1666.016031][T22803] RIP: 0033:0x7f09edd9c799 [ 1666.016047][T22803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1666.016065][T22803] RSP: 002b:00007f09eeb81028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 1666.016084][T22803] RAX: ffffffffffffffda RBX: 00007f09ee016090 RCX: 00007f09edd9c799 [ 1666.016097][T22803] RDX: 00002000000000c0 RSI: 0000200000000040 RDI: 0000000000000001 [ 1666.016108][T22803] RBP: 00007f09ede32c99 R08: 00002000000001c0 R09: 0000000000000000 [ 1666.016120][T22803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1666.016130][T22803] R13: 00007f09ee016128 R14: 00007f09ee016090 R15: 00007ffdaacda488 [ 1666.016153][T22803] [ 1666.497033][T22304] Bluetooth: hci1: command tx timeout [ 1666.508711][T22807] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5410'. [ 1666.534594][T22742] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1666.601296][T22742] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1667.399335][T22742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1668.538568][T22304] Bluetooth: hci1: command tx timeout [ 1668.635114][T22742] veth0_vlan: entered promiscuous mode [ 1668.759859][T22742] veth1_vlan: entered promiscuous mode [ 1669.163449][T22742] veth0_macvtap: entered promiscuous mode [ 1669.230586][T22742] veth1_macvtap: entered promiscuous mode [ 1669.380463][T22742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1669.450855][T22742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1669.527114][T22258] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1669.563234][T22258] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1669.585970][T22836] Process accounting paused [ 1669.606351][T22258] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1669.686750][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.693162][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.707985][T22258] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1670.006774][T22258] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1670.053435][T22258] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1670.159465][T22258] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1670.211684][T22258] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1670.618316][T22304] Bluetooth: hci1: command tx timeout [ 1671.148005][T22877] Invalid ELF header magic: != ELF [ 1676.297807][T22304] Bluetooth: hci5: Entering manufacturer mode failed (-110) [ 1676.306141][T22261] Bluetooth: hci5: command 0xfc11 tx timeout [ 1684.412854][T23010] ======================================================= [ 1684.412854][T23010] WARNING: The mand mount option has been deprecated and [ 1684.412854][T23010] and is ignored by this kernel. Remove the mand [ 1684.412854][T23010] option from the mount to silence this warning. [ 1684.412854][T23010] ======================================================= [ 1687.536419][T23058] netlink: 'syz.6.5460': attribute type 2 has an invalid length. [ 1690.897532][T23053] FAULT_INJECTION: forcing a failure. [ 1690.897532][T23053] name failslab, interval 1, probability 0, space 0, times 0 [ 1691.113577][T23053] CPU: 0 UID: 0 PID: 23053 Comm: syz.4.5458 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1691.113615][T23053] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1691.113623][T23053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1691.113635][T23053] Call Trace: [ 1691.113642][T23053] [ 1691.113651][T23053] dump_stack_lvl+0x100/0x190 [ 1691.113685][T23053] should_fail_ex.cold+0x5/0xa [ 1691.113708][T23053] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1691.113735][T23053] should_failslab+0xc2/0x120 [ 1691.113757][T23053] __kmalloc_noprof+0xe0/0x850 [ 1691.113785][T23053] ? ipcget+0xee/0xf50 [ 1691.113809][T23053] memcg_list_lru_alloc+0x4ec/0x740 [ 1691.113851][T23053] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1691.113878][T23053] ? rcu_read_unlock+0x17/0x60 [ 1691.113906][T23053] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 1691.113936][T23053] __memcg_slab_post_alloc_hook+0x130/0x990 [ 1691.113962][T23053] ? kasan_save_track+0x14/0x30 [ 1691.113993][T23053] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1691.114022][T23053] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1691.114048][T23053] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1691.114066][T23053] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 1691.114086][T23053] alloc_inode+0x68/0x250 [ 1691.114111][T23053] new_inode+0x22/0x1c0 [ 1691.114138][T23053] hugetlbfs_get_inode+0x313/0x750 [ 1691.114160][T23053] hugetlb_file_setup+0x3cc/0x5b0 [ 1691.114184][T23053] newseg+0xabb/0xed0 [ 1691.114208][T23053] ? __pfx_newseg+0x10/0x10 [ 1691.114227][T23053] ? down_write+0x146/0x1f0 [ 1691.114254][T23053] ? ksys_write+0x190/0x250 [ 1691.114270][T23053] ? ksys_write+0x190/0x250 [ 1691.114290][T23053] ipcget+0xee/0xf50 [ 1691.114309][T23053] ? do_futex+0x192/0x350 [ 1691.114333][T23053] ? __pfx_do_futex+0x10/0x10 [ 1691.114361][T23053] ? __pfx_ipcget+0x10/0x10 [ 1691.114382][T23053] ? __x64_sys_futex+0x34f/0x4d0 [ 1691.114405][T23053] ? __x64_sys_futex+0x358/0x4d0 [ 1691.114432][T23053] __x64_sys_shmget+0x13b/0x1b0 [ 1691.114454][T23053] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1691.114482][T23053] do_syscall_64+0x106/0xf80 [ 1691.114504][T23053] ? clear_bhb_loop+0x40/0x90 [ 1691.114527][T23053] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1691.114546][T23053] RIP: 0033:0x7fd782f9c799 [ 1691.114563][T23053] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1691.114581][T23053] RSP: 002b:00007fd783ec5028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1691.114599][T23053] RAX: ffffffffffffffda RBX: 00007fd783215fa0 RCX: 00007fd782f9c799 [ 1691.114612][T23053] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1691.114623][T23053] RBP: 00007fd783032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1691.114635][T23053] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1691.114646][T23053] R13: 00007fd783216038 R14: 00007fd783215fa0 R15: 00007ffce203c088 [ 1691.114669][T23053] [ 1693.862051][T23104] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1695.158864][T23117] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5473'. [ 1695.844289][T23126] hub 1-0:1.0: USB hub found [ 1695.870999][T23126] hub 1-0:1.0: 1 port detected [ 1699.777895][T23162] Process accounting resumed [ 1703.040884][T23213] can0: slcan on ttyS2. [ 1703.128529][T23212] can0 (unregistered): slcan off ttyS2. [ 1703.595676][T23225] netlink: 9 bytes leftover after parsing attributes in process `syz.2.5497'. [ 1704.280393][T23239] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5499'. [ 1704.355487][T23242] netlink: 'syz.2.5499': attribute type 1 has an invalid length. [ 1704.486892][T23242] netlink: 5 bytes leftover after parsing attributes in process `syz.2.5499'. [ 1706.096941][T23276] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5506'. [ 1706.168317][T23276] bridge0: port 2(bridge_slave_1) entered disabled state [ 1706.249378][T23276] bridge_slave_1 (unregistering): left allmulticast mode [ 1706.289643][T23276] bridge_slave_1 (unregistering): left promiscuous mode [ 1706.331591][T23276] bridge0: port 2(bridge_slave_1) entered disabled state [ 1708.375589][T23306] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5512'. [ 1708.460323][T23306] netlink: 'syz.4.5512': attribute type 1 has an invalid length. [ 1708.513339][T23306] netlink: 5 bytes leftover after parsing attributes in process `syz.4.5512'. [ 1709.538154][T23322] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5517'. [ 1713.206503][T23337] FAULT_INJECTION: forcing a failure. [ 1713.206503][T23337] name failslab, interval 1, probability 0, space 0, times 0 [ 1713.269992][T23337] CPU: 0 UID: 0 PID: 23337 Comm: syz.3.5521 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1713.270028][T23337] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1713.270036][T23337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1713.270047][T23337] Call Trace: [ 1713.270054][T23337] [ 1713.270063][T23337] dump_stack_lvl+0x100/0x190 [ 1713.270096][T23337] should_fail_ex.cold+0x5/0xa [ 1713.270119][T23337] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1713.270148][T23337] should_failslab+0xc2/0x120 [ 1713.270169][T23337] __kmalloc_noprof+0xe0/0x850 [ 1713.270198][T23337] ? ipcget+0xee/0xf50 [ 1713.270222][T23337] memcg_list_lru_alloc+0x4ec/0x740 [ 1713.270256][T23337] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1713.270284][T23337] ? rcu_read_unlock+0x17/0x60 [ 1713.270311][T23337] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 1713.270341][T23337] __memcg_slab_post_alloc_hook+0x130/0x990 [ 1713.270368][T23337] ? kasan_save_track+0x14/0x30 [ 1713.270399][T23337] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1713.270428][T23337] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1713.270454][T23337] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1713.270472][T23337] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 1713.270492][T23337] alloc_inode+0x68/0x250 [ 1713.270518][T23337] new_inode+0x22/0x1c0 [ 1713.270544][T23337] hugetlbfs_get_inode+0x313/0x750 [ 1713.270567][T23337] hugetlb_file_setup+0x3cc/0x5b0 [ 1713.270590][T23337] newseg+0xabb/0xed0 [ 1713.270614][T23337] ? __pfx_newseg+0x10/0x10 [ 1713.270635][T23337] ? down_write+0x146/0x1f0 [ 1713.270660][T23337] ? ksys_write+0x190/0x250 [ 1713.270676][T23337] ? ksys_write+0x190/0x250 [ 1713.270696][T23337] ipcget+0xee/0xf50 [ 1713.270716][T23337] ? do_futex+0x192/0x350 [ 1713.270749][T23337] ? __pfx_do_futex+0x10/0x10 [ 1713.270777][T23337] ? __pfx_ipcget+0x10/0x10 [ 1713.270798][T23337] ? __x64_sys_futex+0x34f/0x4d0 [ 1713.270821][T23337] ? __x64_sys_futex+0x358/0x4d0 [ 1713.270848][T23337] __x64_sys_shmget+0x13b/0x1b0 [ 1713.270870][T23337] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1713.270898][T23337] do_syscall_64+0x106/0xf80 [ 1713.270921][T23337] ? clear_bhb_loop+0x40/0x90 [ 1713.270944][T23337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1713.270964][T23337] RIP: 0033:0x7f2914d9c799 [ 1713.270980][T23337] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1713.270998][T23337] RSP: 002b:00007f2915b7b028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1713.271017][T23337] RAX: ffffffffffffffda RBX: 00007f2915015fa0 RCX: 00007f2914d9c799 [ 1713.271029][T23337] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1713.271040][T23337] RBP: 00007f2914e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1713.271051][T23337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1713.271062][T23337] R13: 00007f2915016038 R14: 00007f2915015fa0 R15: 00007ffd6a45a028 [ 1713.271086][T23337] [ 1714.626907][T23363] FAULT_INJECTION: forcing a failure. [ 1714.626907][T23363] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1714.666404][T23363] CPU: 0 UID: 0 PID: 23363 Comm: syz.6.5527 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1714.666440][T23363] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1714.666448][T23363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1714.666460][T23363] Call Trace: [ 1714.666467][T23363] [ 1714.666475][T23363] dump_stack_lvl+0x100/0x190 [ 1714.666508][T23363] should_fail_ex.cold+0x5/0xa [ 1714.666526][T23363] ? prepare_alloc_pages+0x16d/0x5f0 [ 1714.666551][T23363] should_fail_alloc_page+0xeb/0x140 [ 1714.666574][T23363] prepare_alloc_pages+0x1f0/0x5f0 [ 1714.666599][T23363] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1714.666630][T23363] ? __pfx_stack_trace_save+0x10/0x10 [ 1714.666650][T23363] ? stack_depot_save_flags+0x27/0x9d0 [ 1714.666678][T23363] ? __pfx_mt_destroy_walk+0x10/0x10 [ 1714.666706][T23363] ? kasan_save_stack+0x3f/0x50 [ 1714.666739][T23363] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1714.666771][T23363] ? __lock_acquire+0x4a5/0x2630 [ 1714.666801][T23363] ? lock_acquire+0x1cf/0x380 [ 1714.666826][T23363] ? find_held_lock+0x2b/0x80 [ 1714.666843][T23363] ? page_table_check_set+0x49a/0xa10 [ 1714.666873][T23363] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1714.666906][T23363] ? policy_nodemask+0xed/0x4f0 [ 1714.666927][T23363] alloc_pages_mpol+0x1fb/0x550 [ 1714.666948][T23363] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1714.666974][T23363] folio_alloc_mpol_noprof+0x36/0x340 [ 1714.666998][T23363] vma_alloc_folio_noprof+0xed/0x1d0 [ 1714.667021][T23363] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1714.667051][T23363] do_anonymous_page+0xb3a/0x1fb0 [ 1714.667084][T23363] __handle_mm_fault+0x1d42/0x2b60 [ 1714.667116][T23363] ? __pfx___handle_mm_fault+0x10/0x10 [ 1714.667143][T23363] ? pte_offset_map_lock+0x174/0x320 [ 1714.667162][T23363] ? find_held_lock+0x2b/0x80 [ 1714.667186][T23363] ? follow_page_pte+0x5b3/0x1400 [ 1714.667211][T23363] handle_mm_fault+0x36d/0xa20 [ 1714.667240][T23363] __get_user_pages+0xf9c/0x34d0 [ 1714.667269][T23363] ? __pfx___get_user_pages+0x10/0x10 [ 1714.667296][T23363] populate_vma_page_range+0x267/0x3f0 [ 1714.667321][T23363] ? __pfx_populate_vma_page_range+0x10/0x10 [ 1714.667343][T23363] ? __pfx_find_vma_intersection+0x10/0x10 [ 1714.667364][T23363] ? do_mmap+0x93f/0x12f0 [ 1714.667392][T23363] __mm_populate+0x107/0x3a0 [ 1714.667415][T23363] ? __pfx___mm_populate+0x10/0x10 [ 1714.667438][T23363] ? up_write+0x290/0x4f0 [ 1714.667466][T23363] vm_mmap_pgoff+0x37f/0x470 [ 1714.667490][T23363] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1714.667513][T23363] ? do_futex+0x192/0x350 [ 1714.667536][T23363] ? __pfx_do_futex+0x10/0x10 [ 1714.667559][T23363] ? __pfx_do_sys_openat2+0x10/0x10 [ 1714.667587][T23363] ksys_mmap_pgoff+0xe1/0x650 [ 1714.667607][T23363] ? __x64_sys_futex+0x34f/0x4d0 [ 1714.667629][T23363] ? __x64_sys_futex+0x358/0x4d0 [ 1714.667653][T23363] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1714.667679][T23363] ? xfd_validate_state+0x129/0x190 [ 1714.667710][T23363] __x64_sys_mmap+0x125/0x190 [ 1714.667740][T23363] do_syscall_64+0x106/0xf80 [ 1714.667763][T23363] ? clear_bhb_loop+0x40/0x90 [ 1714.667786][T23363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1714.667807][T23363] RIP: 0033:0x7f6d0219c799 [ 1714.667825][T23363] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1714.667842][T23363] RSP: 002b:00007f6d030d8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1714.667862][T23363] RAX: ffffffffffffffda RBX: 00007f6d02415fa0 RCX: 00007f6d0219c799 [ 1714.667874][T23363] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000 [ 1714.667886][T23363] RBP: 00007f6d02232c99 R08: 0000000000000007 R09: 0000000000028000 [ 1714.667897][T23363] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 1714.667908][T23363] R13: 00007f6d02416038 R14: 00007f6d02415fa0 R15: 00007ffd4c18cad8 [ 1714.667933][T23363] [ 1720.327453][T23438] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5543'. [ 1723.706910][T23469] FAULT_INJECTION: forcing a failure. [ 1723.706910][T23469] name failslab, interval 1, probability 0, space 0, times 0 [ 1723.769461][T23469] CPU: 0 UID: 0 PID: 23469 Comm: syz.2.5547 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1723.769497][T23469] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1723.769505][T23469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1723.769516][T23469] Call Trace: [ 1723.769523][T23469] [ 1723.769532][T23469] dump_stack_lvl+0x100/0x190 [ 1723.769564][T23469] should_fail_ex.cold+0x5/0xa [ 1723.769586][T23469] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1723.769614][T23469] should_failslab+0xc2/0x120 [ 1723.769635][T23469] __kmalloc_noprof+0xe0/0x850 [ 1723.769663][T23469] ? ipcget+0xee/0xf50 [ 1723.769687][T23469] memcg_list_lru_alloc+0x4ec/0x740 [ 1723.769732][T23469] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1723.769759][T23469] ? rcu_read_unlock+0x17/0x60 [ 1723.769786][T23469] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 1723.769817][T23469] __memcg_slab_post_alloc_hook+0x130/0x990 [ 1723.769843][T23469] ? kasan_save_track+0x14/0x30 [ 1723.769875][T23469] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1723.769904][T23469] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1723.769929][T23469] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1723.769947][T23469] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 1723.769967][T23469] alloc_inode+0x68/0x250 [ 1723.769992][T23469] new_inode+0x22/0x1c0 [ 1723.770018][T23469] hugetlbfs_get_inode+0x313/0x750 [ 1723.770041][T23469] hugetlb_file_setup+0x3cc/0x5b0 [ 1723.770065][T23469] newseg+0xabb/0xed0 [ 1723.770090][T23469] ? __pfx_newseg+0x10/0x10 [ 1723.770109][T23469] ? down_write+0x146/0x1f0 [ 1723.770134][T23469] ? ksys_write+0x190/0x250 [ 1723.770151][T23469] ? ksys_write+0x190/0x250 [ 1723.770170][T23469] ipcget+0xee/0xf50 [ 1723.770190][T23469] ? do_futex+0x192/0x350 [ 1723.770215][T23469] ? __pfx_do_futex+0x10/0x10 [ 1723.770242][T23469] ? __pfx_ipcget+0x10/0x10 [ 1723.770264][T23469] ? __x64_sys_futex+0x34f/0x4d0 [ 1723.770287][T23469] ? __x64_sys_futex+0x358/0x4d0 [ 1723.770315][T23469] __x64_sys_shmget+0x13b/0x1b0 [ 1723.770336][T23469] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1723.770364][T23469] do_syscall_64+0x106/0xf80 [ 1723.770386][T23469] ? clear_bhb_loop+0x40/0x90 [ 1723.770409][T23469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1723.770430][T23469] RIP: 0033:0x7f09edd9c799 [ 1723.770447][T23469] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1723.770464][T23469] RSP: 002b:00007f09eeba2028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1723.770483][T23469] RAX: ffffffffffffffda RBX: 00007f09ee015fa0 RCX: 00007f09edd9c799 [ 1723.770495][T23469] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 1723.770507][T23469] RBP: 00007f09ede32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1723.770518][T23469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1723.770528][T23469] R13: 00007f09ee016038 R14: 00007f09ee015fa0 R15: 00007ffdaacda488 [ 1723.770552][T23469] [ 1724.681446][T22304] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 1725.406432][T23495] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5553'. [ 1730.360697][T23545] Process accounting paused [ 1730.528678][T22304] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1731.102198][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1731.109555][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1732.618457][T22304] Bluetooth: hci1: command 0x2016 tx timeout [ 1734.700320][T22304] Bluetooth: hci1: command 0x2016 tx timeout [ 1737.089033][T23659] nbd: must specify at least one socket [ 1744.104979][T23741] ubi0: attaching mtd0 [ 1744.131574][T23741] ubi0: scanning is finished [ 1744.158416][T23741] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1744.281394][T23741] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1744.968527][T23750] ubi0: attaching mtd0 [ 1744.987263][T23750] ubi0: scanning is finished [ 1745.006592][T23750] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1745.110878][T23750] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1746.425408][T23761] nbd: must specify at least one socket [ 1749.801409][T23810] netlink: 'syz.2.5620': attribute type 2 has an invalid length. [ 1754.513124][T23877] netlink: 5 bytes leftover after parsing attributes in process `syz.4.5640'. [ 1754.550729][T23877] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5640'. [ 1754.808004][T23883] FAULT_INJECTION: forcing a failure. [ 1754.808004][T23883] name failslab, interval 1, probability 0, space 0, times 0 [ 1754.942152][T23883] CPU: 0 UID: 0 PID: 23883 Comm: syz.4.5642 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1754.942187][T23883] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1754.942195][T23883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1754.942207][T23883] Call Trace: [ 1754.942215][T23883] [ 1754.942224][T23883] dump_stack_lvl+0x100/0x190 [ 1754.942257][T23883] should_fail_ex.cold+0x5/0xa [ 1754.942279][T23883] ? memcg_list_lru_alloc+0x4ec/0x740 [ 1754.942307][T23883] should_failslab+0xc2/0x120 [ 1754.942332][T23883] __kmalloc_noprof+0xe0/0x850 [ 1754.942360][T23883] ? do_syscall_64+0x106/0xf80 [ 1754.942386][T23883] memcg_list_lru_alloc+0x4ec/0x740 [ 1754.942420][T23883] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 1754.942448][T23883] ? rcu_read_unlock+0x17/0x60 [ 1754.942474][T23883] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 1754.942505][T23883] __memcg_slab_post_alloc_hook+0x130/0x990 [ 1754.942531][T23883] ? kasan_save_track+0x14/0x30 [ 1754.942561][T23883] kmem_cache_alloc_lru_noprof+0x592/0x6e0 [ 1754.942596][T23883] ? alloc_inode+0x183/0x250 [ 1754.942625][T23883] alloc_inode+0x183/0x250 [ 1754.942651][T23883] alloc_anon_inode+0x2a/0x3e0 [ 1754.942671][T23883] dma_buf_export+0x267/0xcb0 [ 1754.942698][T23883] ? sg_alloc_table+0x4c/0x1c0 [ 1754.942725][T23883] system_heap_allocate+0xb5e/0x1170 [ 1754.942757][T23883] ? __pfx_system_heap_allocate+0x10/0x10 [ 1754.942791][T23883] ? rep_movs_alternative+0x4a/0x90 [ 1754.942823][T23883] dma_heap_ioctl+0x37f/0x5e0 [ 1754.942851][T23883] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 1754.942874][T23883] ? __x64_sys_close_range+0x2d9/0x5d0 [ 1754.942901][T23883] ? xfd_validate_state+0x129/0x190 [ 1754.942930][T23883] ? __pfx_dma_heap_ioctl+0x10/0x10 [ 1754.942956][T23883] __x64_sys_ioctl+0x18e/0x210 [ 1754.942985][T23883] do_syscall_64+0x106/0xf80 [ 1754.943006][T23883] ? clear_bhb_loop+0x40/0x90 [ 1754.943029][T23883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1754.943049][T23883] RIP: 0033:0x7fd782f9c799 [ 1754.943066][T23883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1754.943084][T23883] RSP: 002b:00007fd783ec5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1754.943102][T23883] RAX: ffffffffffffffda RBX: 00007fd783215fa0 RCX: 00007fd782f9c799 [ 1754.943115][T23883] RDX: 0000200000000140 RSI: ffffffffffdffe00 RDI: 0000000000000000 [ 1754.943126][T23883] RBP: 00007fd783032c99 R08: 0000000000000000 R09: 0000000000000000 [ 1754.943136][T23883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1754.943147][T23883] R13: 00007fd783216038 R14: 00007fd783215fa0 R15: 00007ffce203c088 [ 1754.943171][T23883] [ 1761.398812][T23940] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5657'. [ 1762.858045][T22261] Bluetooth: hci2: command 0x0406 tx timeout [ 1762.869597][T23929] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 1763.528744][T23929] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1763.636025][T23929] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1763.723676][T23929] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1763.816083][T23929] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1763.905712][T23929] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1764.039426][T23929] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1764.196224][T23848] Process accounting resumed [ 1764.524066][T23974] netlink: 4 bytes leftover after parsing attributes in process `syz.6.5668'. [ 1765.022498][T22261] Bluetooth: hci3: command 0x0406 tx timeout [ 1765.658788][T22261] Bluetooth: hci4: command 0x0406 tx timeout [ 1765.738058][T22304] Bluetooth: hci0: command 0x0c1a tx timeout [ 1765.820368][T22304] Bluetooth: hci1: command 0x2016 tx timeout [ 1767.559945][T24007] netlink: 25 bytes leftover after parsing attributes in process `syz.6.5676'. [ 1767.899742][T22304] Bluetooth: hci1: command 0x2016 tx timeout [ 1769.977699][T22304] Bluetooth: hci1: command 0x2016 tx timeout [ 1772.051443][T24049] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1777.114053][T24125] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 1779.738113][ T31] INFO: task kworker/u10:2:22262 blocked for more than 143 seconds. [ 1779.757627][ T31] Tainted: G U L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1779.782187][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1779.842914][ T31] task:kworker/u10:2 state:D stack:26888 pid:22262 tgid:22262 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1779.922324][ T31] Workqueue: netns cleanup_net [ 1779.927263][ T31] Call Trace: [ 1779.969569][ T31] [ 1779.972587][ T31] __schedule+0xfee/0x6120 [ 1779.977188][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1780.035045][ T31] ? __pfx___schedule+0x10/0x10 [ 1780.081976][T24161] can0: slcan on ttyS2. [ 1780.090404][ T31] ? find_held_lock+0x2b/0x80 [ 1780.122767][ T31] ? schedule+0x2bf/0x390 [ 1780.160046][ T31] schedule+0xdd/0x390 [ 1780.164213][ T31] schedule_timeout+0x1b2/0x280 [ 1780.210895][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1780.244927][ T31] ? mark_held_locks+0x40/0x70 [ 1780.274834][ T31] __wait_for_common+0x2e7/0x4c0 [ 1780.303927][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1780.335189][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1780.368940][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1780.399465][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 1780.431193][ T31] __flush_workqueue+0x3f7/0x1200 [ 1780.462107][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1780.493258][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1780.519297][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 1780.551607][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 1780.584731][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1780.623101][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1780.667870][ T31] rds_tcp_listen_stop+0x104/0x160 [ 1780.689712][ T31] rds_tcp_exit_net+0xe0/0x870 [ 1780.717102][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1780.745771][ T31] ? __pfx___might_resched+0x10/0x10 [ 1780.771514][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1780.806668][ T31] ops_undo_list+0x2ee/0xab0 [ 1780.861514][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 1780.910899][ T31] ? cleanup_net+0x332/0x920 [ 1780.969449][ T31] ? idr_destroy+0x62/0x2e0 [ 1780.974196][ T31] cleanup_net+0x499/0x920 [ 1781.026552][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1781.050453][ T31] ? rcu_is_watching+0x12/0xc0 [ 1781.055304][ T31] process_one_work+0x9d7/0x1920 [ 1781.097775][ T31] ? __pfx_process_one_work+0x10/0x10 [ 1781.103213][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1781.141328][ T31] worker_thread+0x5da/0xe40 [ 1781.146242][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1781.181720][ T31] ? kthread+0x13a/0x450 [ 1781.186048][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1781.230706][ T31] kthread+0x370/0x450 [ 1781.234929][ T31] ? __pfx_kthread+0x10/0x10 [ 1781.279015][ T31] ret_from_fork+0x754/0xd80 [ 1781.284765][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1781.317659][ T31] ? __switch_to+0x7b4/0x1120 [ 1781.322408][ T31] ? __pfx_kthread+0x10/0x10 [ 1781.327055][ T31] ret_from_fork_asm+0x1a/0x30 [ 1781.377751][ T31] [ 1781.384904][ T31] [ 1781.384904][ T31] Showing all locks held in the system: [ 1781.418171][ T31] 1 lock held by khungtaskd/31: [ 1781.423082][ T31] #0: ffffffff8e7e7460 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1781.508226][ T31] 2 locks held by dhcpcd/5487: [ 1781.513033][ T31] #0: ffffffff905e37e8 (vlan_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x5ca/0x6b0 [ 1781.555368][ T31] #1: ffffffff906134a8 (rtnl_mutex){+.+.}-{4:4}, at: vlan_ioctl_handler+0xcf/0xa70 [ 1781.587626][ T31] 1 lock held by syz.2.2584/13155: [ 1781.597873][ T31] 2 locks held by getty/19010: [ 1781.602655][ T31] #0: ffff888034e4b0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1781.650451][ T31] #1: ffffc900044b72f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 1781.697598][ T31] 3 locks held by kworker/u10:2/22262: [ 1781.703199][ T31] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1781.752835][ T31] #1: ffffc90004277d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1781.787672][ T31] #2: ffffffff905fac50 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 1781.828278][ T31] 1 lock held by syz.5.5343/22536: [ 1781.833432][ T31] #0: ffffffff905fac50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1781.887637][ T31] 1 lock held by syz.2.5703/24112: [ 1781.892860][ T31] #0: ffffffff8e7f3078 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1781.933349][ T31] 2 locks held by syz.3.5713/24149: [ 1781.948414][ T31] #0: ffffffff905fac50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1781.969496][ T31] #1: ffffffff906134a8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x1b/0x70 [ 1781.986626][ T31] 2 locks held by syz.4.5715/24158: [ 1781.992223][ T31] #0: ffffffff905fac50 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1782.002806][ T31] #1: ffffffff906134a8 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x21e/0x780 [ 1782.012648][ T31] 1 lock held by syz.6.5716/24160: [ 1782.018035][ T31] #0: ffff888094b961c0 (&tty->legacy_mutex){+.+.}-{4:4}, at: tty_release+0x86/0x1300 [ 1782.029346][ T31] 4 locks held by syz.6.5716/24164: [ 1782.034555][ T31] #0: ffff888094b961c0 (&tty->legacy_mutex){+.+.}-{4:4}, at: __tty_hangup.part.0+0xd9/0x7f0 [ 1782.045678][ T31] #1: ffff888094b960a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_lock+0x65/0xb0 [ 1782.056613][ T31] #2: ffffffff906134a8 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_net_dev_lock+0x146/0x360 [ 1782.068157][ T31] #3: ffffffff8e7f3078 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1782.109802][T24164] can0 (unregistered): slcan off ttyS2. [ 1782.147993][ T31] [ 1782.150363][ T31] ============================================= [ 1782.150363][ T31] [ 1782.199972][ T31] NMI backtrace for cpu 0 [ 1782.199993][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1782.200022][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1782.200029][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1782.200041][ T31] Call Trace: [ 1782.200047][ T31] [ 1782.200055][ T31] dump_stack_lvl+0x100/0x190 [ 1782.200088][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1782.200119][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1782.200147][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1782.200180][ T31] sys_info+0x141/0x190 [ 1782.200205][ T31] watchdog+0xd25/0x1050 [ 1782.200230][ T31] ? __pfx_watchdog+0x10/0x10 [ 1782.200248][ T31] ? __kthread_parkme+0x18c/0x230 [ 1782.200272][ T31] ? kthread+0x13a/0x450 [ 1782.200295][ T31] ? __pfx_watchdog+0x10/0x10 [ 1782.200311][ T31] kthread+0x370/0x450 [ 1782.200335][ T31] ? __pfx_kthread+0x10/0x10 [ 1782.200361][ T31] ret_from_fork+0x754/0xd80 [ 1782.200389][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1782.200419][ T31] ? __switch_to+0x7b4/0x1120 [ 1782.200439][ T31] ? __pfx_kthread+0x10/0x10 [ 1782.200465][ T31] ret_from_fork_asm+0x1a/0x30 [ 1782.200496][ T31] [ 1782.747170][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1782.754073][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1782.764762][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1782.769968][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/27/2026 [ 1782.780138][ T31] Call Trace: [ 1782.783610][ T31] [ 1782.786745][ T31] dump_stack_lvl+0x100/0x190 [ 1782.791545][ T31] vpanic+0x552/0x970 [ 1782.795540][ T31] ? __pfx_vpanic+0x10/0x10 [ 1782.800056][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1782.806316][ T31] panic+0xd1/0xe0 [ 1782.810056][ T31] ? __pfx_panic+0x10/0x10 [ 1782.814501][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1782.820670][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1782.826854][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1782.833042][ T31] ? watchdog.cold+0x198/0x1ca [ 1782.837849][ T31] ? watchdog+0xd35/0x1050 [ 1782.842277][ T31] watchdog.cold+0x1a9/0x1ca [ 1782.846968][ T31] ? __pfx_watchdog+0x10/0x10 [ 1782.851662][ T31] ? __kthread_parkme+0x18c/0x230 [ 1782.856782][ T31] ? kthread+0x13a/0x450 [ 1782.861055][ T31] ? __pfx_watchdog+0x10/0x10 [ 1782.865817][ T31] kthread+0x370/0x450 [ 1782.869917][ T31] ? __pfx_kthread+0x10/0x10 [ 1782.874694][ T31] ret_from_fork+0x754/0xd80 [ 1782.879321][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1782.884460][ T31] ? __switch_to+0x7b4/0x1120 [ 1782.889145][ T31] ? __pfx_kthread+0x10/0x10 [ 1782.893749][ T31] ret_from_fork_asm+0x1a/0x30 [ 1782.898904][ T31] [ 1782.901989][ T31] Kernel Offset: disabled [ 1782.906528][ T31] Rebooting in 86400 seconds..