last executing test programs: 16m47.175570944s ago: executing program 0 (id=283): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/cpu/events/branch-instructions\x00', 0x22b42, 0x0) sendfile$auto(r0, r0, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x3) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x400284, 0x0) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x10540, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) ioctl$auto(0xc8, 0x400454cb, 0xffffffffffffffff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 16m45.06400052s ago: executing program 0 (id=287): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto_proc_timers_operations_base(0xffffffffffffffff, &(0x7f0000000200)=""/8, 0x8) fanotify_init$auto(0x5, 0x0) io_uring_setup$auto(0xf00, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80402, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0xa, 0x801, 0x84) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/power/sync_on_suspend\x00', 0x8102, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\xc7k\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00j(=\xd1<\xf9\x96\x10>\xb9\x05\xbe\xc8v\x81-ILplM\x98\x88J\xfd\x17\xc8K\xdd\x89;T@d\xa3_\xfcb8\x7fA\x11\xba\xefL\xe1L\x8aE}\xa7\x05\b\xd7\xe2\xae\xfek\xbbw\x8c\x88\x1emW-\xf5\x94\xdak\x81\xe4\x1e\x1dS\xf2~>\xb1\xc6\xd1\xee\xc8\x19e\xc1w\xf05%\xd76]\x0f\v\x01\xa4(\xec\xd3\xca\a\x15&nv\xc1}\xfcD', 0x100000002) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0xffff, 0x4, 0xd, 0x1, 0x948b, 0x0, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9u\x00', 0x185400, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x200, 0xd7e, 0x1, 0x948b, 0x3, 0x95b45a07, 0x8000000000000003, 0xe05, 0x8000000000008001, 0x80000001, 0x7, 0x6d3f, 0x9, 0x800, 0x4]}, 0x0) 16m42.268684783s ago: executing program 0 (id=300): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) getsockopt$auto(0x4, 0x6, 0x1b, 0xfffffffffffffffc, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x123040, 0x1d4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000f40)={'batadv0\x00'}) close$auto(0xffffffffffffffff) io_uring_register$auto(0xffffffffffffffff, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x2) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(0x0, 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 16m40.293834072s ago: executing program 0 (id=303): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000900), 0x20000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8002) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000440), r2) sendmsg$auto_NBD_CMD_CONNECT(r3, 0x0, 0x4) fsconfig$auto(0xffffffffffffffff, 0x3, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f00000002c0)={{@inferred=0xffffffffffffffff, 0x4, 0x1, 0x0, "bfc956f7b829ea9bc64a831c54b927c5c84cdfcb6d840bf6034bbe162b339fcc0b9ad62f05f5e47256dc5c36", @raw=0x4}, 0x0, 0x5, 0xd77e, @inferred, @integer={0x5, 0x2, 0x5}, "ff0931dc5a3fb879791acf380abcfd7f9f393a68114cc9d69244416e96525a166b971aae562cbc70472d48eb5f54d36edf407701d0d1c4e40409e86cafa60765"}) msgctl$auto(0xfe000000, 0x6, 0x0) getpid() sendmsg$auto_IPVS_CMD_NEW_DEST(r1, 0x0, 0x4000) socket(0x11, 0x80003, 0x300) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vbi0\x00', 0x2aa01, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) close_range$auto(r0, r0, 0x9) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8004) 16m38.046891673s ago: executing program 0 (id=298): mmap$auto(0xfffffffffffffffe, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time_for_children\x00') mmap$auto(0x0, 0x80004, 0xe2, 0xeb1, 0x405, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket(0x15, 0x5, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event_pid\x00', 0x22b01, 0x0) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) keyctl$auto(0x6, 0xfffffffffffffffd, 0xee01, 0x0, 0xfff) mprotect$auto(0x110c230000, 0x41, 0xc) unshare$auto(0x40000080) mremap$auto(0x0, 0xbfffffffffffffff, 0x401, 0x0, 0x7fffffffb000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) unshare$auto(0x40000080) 16m35.564569808s ago: executing program 0 (id=305): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = epoll_create$auto(0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) ioctl$auto(0xffffffffffffffff, 0x2284, r1) r2 = socket(0x2, 0x5, 0x0) epoll_ctl$auto(r0, 0x1, r2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_TUNSETVNETLE2(r0, 0x400454dc, &(0x7f0000000000)=0x6) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x9, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20100, 0x0) read$auto(0x3, 0x0, 0x80) r3 = epoll_create$auto(0x3e) write$auto(0xca, &(0x7f00000002c0)='\x04>2\x1e!\xe2\x00\x94\xf2\xa2\x00\x00\x8d\xa9p\xcc\xccV\xf9ozi\xb2:\x19\x92r\xcc9\x99f\xc5\xed\x84fe\x8a\x8c\xd3*\xfe\x1dE\xa1W8\x03\xcb\tSK\xb4\x893\xf3Q\x7f\xd1|\xefp\xb1\xb3\xcer8\b=\xa4y\xd4\x88\xbc\xe0\xd1\x03\x108a\x90KG,\xf8\v\x88\xe2+\xcb\xf2v\x8bL\xa6\xaa}\x1b\xa5\xd8\x98\xc9\\f\xccT\xa1\x05\x14\x84\xbb\aF,\xc8\xc7u\x93\xe8?\x92\t\xa9`\xff\x93l\x93\xac\n\xdd\xa4\n\x8e\xec\x14\x02|\xf7\xc4\xa0\x06h\xc0\x8f\xf3g6\xb8\x1a\x18\xf2\x93\t\xe8ips\xa7\x9a\x1cFPi\x13\x89DRSO\x97\xb1\xc3\xb8Q\xa2\xb2\xa8\xc3\xd3\xf9\xd4Y\x8d\x8d\xad\x8f[\xbe\xe5\xf1\x9f\x01s\x8eg\x05\xe8\xf9\x8f\xa6g\v', 0x80) epoll_ctl$auto(r3, 0x1, r0, 0x0) 16m20.316627944s ago: executing program 32 (id=305): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = epoll_create$auto(0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) ioctl$auto(0xffffffffffffffff, 0x2284, r1) r2 = socket(0x2, 0x5, 0x0) epoll_ctl$auto(r0, 0x1, r2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) ioctl$auto_TUNSETVNETLE2(r0, 0x400454dc, &(0x7f0000000000)=0x6) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x9, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20100, 0x0) read$auto(0x3, 0x0, 0x80) r3 = epoll_create$auto(0x3e) write$auto(0xca, &(0x7f00000002c0)='\x04>2\x1e!\xe2\x00\x94\xf2\xa2\x00\x00\x8d\xa9p\xcc\xccV\xf9ozi\xb2:\x19\x92r\xcc9\x99f\xc5\xed\x84fe\x8a\x8c\xd3*\xfe\x1dE\xa1W8\x03\xcb\tSK\xb4\x893\xf3Q\x7f\xd1|\xefp\xb1\xb3\xcer8\b=\xa4y\xd4\x88\xbc\xe0\xd1\x03\x108a\x90KG,\xf8\v\x88\xe2+\xcb\xf2v\x8bL\xa6\xaa}\x1b\xa5\xd8\x98\xc9\\f\xccT\xa1\x05\x14\x84\xbb\aF,\xc8\xc7u\x93\xe8?\x92\t\xa9`\xff\x93l\x93\xac\n\xdd\xa4\n\x8e\xec\x14\x02|\xf7\xc4\xa0\x06h\xc0\x8f\xf3g6\xb8\x1a\x18\xf2\x93\t\xe8ips\xa7\x9a\x1cFPi\x13\x89DRSO\x97\xb1\xc3\xb8Q\xa2\xb2\xa8\xc3\xd3\xf9\xd4Y\x8d\x8d\xad\x8f[\xbe\xe5\xf1\x9f\x01s\x8eg\x05\xe8\xf9\x8f\xa6g\v', 0x80) epoll_ctl$auto(r3, 0x1, r0, 0x0) 2m39.857865397s ago: executing program 1 (id=1885): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xfffffffffffffff8, 0x2, 0x0, 0x7ffb, r0, 0xffffffffffffffff) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x2a) r1 = socket(0x2, 0x3, 0x2) setsockopt$auto(r1, 0x0, 0xd1, 0xfffffffffffffffc, 0x3) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r2, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) ioctl$auto(r3, 0xaf01, 0xe) socket(0x2a, 0x2, 0x1) ioctl$auto(0x3, 0x10, 0xfffffffffffff4e0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x140, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) 2m38.859997588s ago: executing program 1 (id=1887): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x22902, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socketcall$auto(0x3, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) signalfd$auto(0xffffffffffffffff, 0x0, 0x8) r3 = epoll_create$auto(0x3e) epoll_ctl$auto(r3, 0x1, 0x8000000000000000, 0x0) timer_create$auto(0x3, 0x0, 0x0) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x0, 0x400}, {0x0, 0x87}}, 0x0) sendmsg$auto_SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004000}, 0x4) ppoll$auto(&(0x7f0000000140)={0xffffffffffffffff, 0x3ff, 0x4}, 0x7f, 0x0, 0x0, 0x8) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) ioctl$auto(0x3, 0xae41, r0) 2m38.441480825s ago: executing program 1 (id=1888): openat$auto_nsim_pp_hold_fops_netdev(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim6/ports/2/pp_hold\x00', 0x8440, 0x0) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) pipe$auto(0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x4) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce418dc8d6e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14c6b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f82751faa389d59c48254397ff7b72325465d18b04acac619be83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f3eb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41c8e4d5018fca6b1643fc0000000000000000"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0x6, 0x9b73, 0xffffffffffffffff, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x3a) bind$auto(r1, &(0x7f0000000040)=@generic={0xa, "2c551d000000ff00"}, 0x66) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r0) sendmsg$auto_OVS_DP_CMD_NEW(r0, 0x0, 0x80) socket(0x2, 0x1, 0x0) r2 = socket(0x2b, 0x1, 0x1) socketpair$auto(0xfffffffe, 0x1, 0x8000000000000000, 0x0) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_FLUSH(0xffffffffffffffff, 0x0, 0x4040004) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) ioctl$auto(r2, 0x8982, 0x4) 2m37.642748888s ago: executing program 1 (id=1891): mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0xffffffffffffffff, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffff7ffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0xa, 0x3, 0xeb1, 0x3ff, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) getsockopt$auto(r0, 0x84, 0x1b, 0x0, &(0x7f0000000040)=0x400) r1 = epoll_create$auto(0x8) epoll_ctl$auto(r1, 0x1, 0x8000000000000000, 0x0) write$auto_rfkill_fops_core(r1, &(0x7f0000000180)="da1a7e624a10260ea1e4099494f84c088905e99c93a17dad106dc46366518f169e8c8d20adda9553c37074023717a6c5d6d932673d3eb05b4bc620f39ed7523f3738366479aa10f1f12bc8bdccb1962b71f6eccf14b3d8af177ae5fc0f2a1e5e2ad4fc4eec6e2543140afc8468cf892c60ae56441971408b42daa24217ea7b975ee0606e511d772b6d6d6db26b0cad1fa0c01f3d1cd3755c449be8305066a402e4cc02d2ee51b4b242db948b14343b8cb968e08cc0e925af507babd2cf54dc5efc77619c6976008875b0dccb0d5881a6d9329969215a11167bf72d3dbf7c7a2046a255caeed3af52981c4a32d5d55b76ef00ec2cc5c77ffd", 0xf8) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$auto(0x3, 0x404c534a, 0x38) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) clock_nanosleep$auto(0x1, 0x200, &(0x7f0000000140)={0x0, 0x2800000a}, 0x0) setfsgid$auto(0xee01) 2m36.549303183s ago: executing program 1 (id=1893): r0 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x18, r0, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) 2m36.265683688s ago: executing program 1 (id=1895): openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x7fffffff, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000440), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'vlan1\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'nicvf0\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000500)={'pim6reg1\x00'}) mmap$auto(0x0, 0xdb3, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) select$auto(0x9, 0x0, 0x0, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20a02, 0x0) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptyd0\x00', 0x460882, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty46\x00', 0x88a42, 0x0) write$auto(0x3, 0x0, 0xfdef) r1 = open(&(0x7f0000000000)='./file0\x00', 0x222c0, 0x0) ioctl$auto(0x3, 0x560a, r1) unshare$auto(0x8000000) shmget$auto(0x0, 0x7ffffffffffffffd, 0x3) 2m21.049294034s ago: executing program 33 (id=1895): openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x7fffffff, 0x1) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000440), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000480)={'vlan1\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'nicvf0\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000500)={'pim6reg1\x00'}) mmap$auto(0x0, 0xdb3, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) select$auto(0x9, 0x0, 0x0, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20a02, 0x0) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/ptyd0\x00', 0x460882, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty46\x00', 0x88a42, 0x0) write$auto(0x3, 0x0, 0xfdef) r1 = open(&(0x7f0000000000)='./file0\x00', 0x222c0, 0x0) ioctl$auto(0x3, 0x560a, r1) unshare$auto(0x8000000) shmget$auto(0x0, 0x7ffffffffffffffd, 0x3) 15.850415759s ago: executing program 3 (id=2165): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) ioctl$auto_RTC_WKALM_SET(0xffffffffffffffff, 0x4028700f, &(0x7f0000000000)={0x3, 0x3, {0x5, 0x8, 0x9, 0x7, 0x3b, 0x3a50, 0xfffffffd, 0xffff, 0xfd}}) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x42802, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x2, 0x0) write$auto_sg_fops_sg(r0, &(0x7f0000001380)="4a0200000000040000899edb615550fd8c44", 0x12) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) pivot_root$auto(&(0x7f0000000080)='..\x00', 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_CONTINUE(0xffffffffffffffff, 0x54a2, 0x0) 15.236201811s ago: executing program 2 (id=2168): socket$nl_generic(0x10, 0x3, 0x10) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/amidi2\x00', 0x2a0081, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/fib_multipath_hash_policy\x00', 0x2602, 0x0) socket(0x28, 0x1, 0x0) socket(0x22, 0x3, 0x0) socket(0x10, 0x2, 0xc) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) pipe$auto(0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x1, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) socket(0x2, 0x1, 0x106) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1a, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(r0, 0x40085500, 0xffffffffffffffff) 13.866486496s ago: executing program 2 (id=2171): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) setreuid$auto(0x0, 0xee00) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x2, 0x4, 0x3, 0x2, 0x8, 0x3, 0xe3, 0x400000000a, 0x200000003}, 0x6f1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) madvise$auto(0x0, 0x1010001, 0x100000003) madvise$auto(0x1000, 0x400050, 0x9) r1 = openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/error_log\x00', 0xb01, 0x0) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x34, r5, 0x1, 0x70bd29, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_MASTER_SLAVE_CFG={0x5, 0x7, 0x5}, @ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x11}, 0x24000802) lseek$auto(r1, 0x0, 0x1) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r3, &(0x7f0000003480)={0x0, 0x0, &(0x7f0000003440)={&(0x7f0000000a00)={0x20, 0x0, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x8, 0x1, 0x0, 0x1, [@nested={0x4, 0x2f}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40c4}, 0x0) ioctl$auto_PROCMAP_QUERY(r2, 0xc0686611, &(0x7f0000000080)={0x67, 0x3f, 0x7fff, 0x5, 0x80000000007, 0x1, 0x6, 0xff, 0x5, 0x7f, 0xfbfffffe, 0xfff, 0x7fb, 0x4, 0x9}) ioctl$auto_FIGETBSZ(r0, 0x2, 0x0) munmap$auto(0x8000, 0xffffffff) 11.746369541s ago: executing program 3 (id=2183): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendto$auto(0xffffffffffffffff, 0x0, 0xfdef, 0xfe80, 0x0, 0x1c) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x18, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0xe8) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0102, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x7, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x10001, 0x7, 0x8001, 0x7ffffff8, 0x5, 0x7, 0x5, 0x61, 0x103}) r4 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd0\x00', 0x60000, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 10.461759453s ago: executing program 2 (id=2176): syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x1c, r1, 0xb3eaee9e9ed11725, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x41000}, 0x64810) socketcall$auto_SYS_GETSOCKOPT(0xf, &(0x7f0000000040)) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x7, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) mmap$auto(0x0, 0x2, 0x80000000df, 0x14, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video48\x00', 0x18a041, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) ppoll$auto(&(0x7f0000000240)={0xffffffffffffffff, 0x3, 0x3}, 0x3, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) sendmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x4}, 0x1000000000028, 0x0, 0x1, 0x3e0}, 0x800}, 0x4, 0x4008) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) fallocate$auto(0x8000000000000003, 0x40, 0x9, 0x4cbd5d) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x509a40, 0x0) select$auto(0x8059, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x37, 0xa, 0x1, 0x5, 0x6, 0x15f4da0a, 0x7, 0x3, 0x800, 0x80000023, 0x200000000000007, 0x6d42, 0xa, 0x2495dae0, 0x52]}, 0x0) execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000600)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\x00\x00/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a(\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8L\x84j\x8c\xec\xdf\x1a\xbd\xc5\x94\xb9\xb7\xd5\xa4\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12\x16\xb8*\xa9\xc9\xe81\x9d\x06\xbbC\x17\xbb\xe6|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x874\xab?\xc8\x82\xe5\x8f\xb7\x91\xc2\xbe\xb2\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5') 10.461592099s ago: executing program 3 (id=2177): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x4, 0x6, 0x1b, 0xfffffffffffffffc, 0x0) r1 = open(&(0x7f0000000140)='./file0\x00', 0x123040, 0x1d4) execveat$auto(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f40)={'batadv0\x00'}) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r3 = socket(0xa, 0x3, 0x3a) close$auto(r3) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r3, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0x8, 0x8, 0x0) setfsuid$auto(0x0) write$auto(0xffffffffffffffff, 0x0, 0x2) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(0x0, 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 8.874507415s ago: executing program 5 (id=2179): close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4004ae8b, &(0x7f0000000040)={0x2}) 8.375828119s ago: executing program 5 (id=2181): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) setrlimit$auto(0x1000000007, 0x0) socket(0xf, 0x3, 0x2) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) umount2$auto(&(0x7f0000000000)='.\x00', 0x4) umount2$auto(&(0x7f0000000040)='.\x00', 0x0) r1 = fcntl$auto_F_GETOWN(r0, 0x9, 0x0) tkill$auto(r1, 0x0) ioctl$auto_TIOCGDEV2(r0, 0x80045432, &(0x7f0000000040)=0xddc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r2 = prctl$auto(0x4, 0xfffffffffffffffb, 0x0, 0x1, 0x1ffffffffffd) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r2, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x4a7) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xde, 0x9b72, 0x2, 0x800008000) 7.961513922s ago: executing program 3 (id=2182): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketcall$auto(0xffe, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0xe0300, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(r0, 0x0, 0x4) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000500)={0x40a, 0x9, 0x3aa, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bpf$auto_BPF_OBJ_GET_INFO_BY_FD(0xf, 0x0, 0x401) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r1, 0x0, 0xa3d9) r2 = socket$nl_generic(0x10, 0x3, 0x10) set_tid_address$auto(0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, 0x0, 0x4800) close_range$auto(0x2, 0x8, 0x0) 7.630789074s ago: executing program 4 (id=2184): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xfffffffffffffff8, 0x2, 0x0, 0x7ffb, r0, 0xffffffffffffffff) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x2a) r1 = socket(0x2, 0x3, 0x2) setsockopt$auto(r1, 0x0, 0xd1, 0xfffffffffffffffc, 0x3) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r2, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) ioctl$auto(r3, 0xaf01, 0xe) socket(0x2a, 0x2, 0x1) ioctl$auto(0x3, 0x10, 0xfffffffffffff4e0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x140, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) open(0x0, 0x161342, 0x100) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000001300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) 5.843182908s ago: executing program 3 (id=2185): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x73) sendto$auto(r1, 0x0, 0xfdef, 0xfe80, 0x0, 0x1c) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x18, r2, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0xe8) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0102, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x7, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x10001, 0x7, 0x8001, 0x7ffffff8, 0x5, 0x7, 0x5, 0x61, 0x103}) r5 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd0\x00', 0x60000, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 5.726983973s ago: executing program 4 (id=2186): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0) io_uring_setup$auto(0xc, 0x0) socket(0x2, 0x5, 0x0) pipe2$auto(0x0, 0x80) 5.415340798s ago: executing program 2 (id=2187): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x5, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4004ae8b, &(0x7f0000000040)={0x2}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0x40000000000df, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, 0x0, 0x100000002, 0x100000001) 5.173660719s ago: executing program 4 (id=2188): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/asound/modules\x00', 0x88400, 0x0) io_uring_setup$auto(0xc, 0x0) socket(0x2, 0x5, 0x0) pipe2$auto(0x0, 0x80) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1d, 0x2, 0x6) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/block/nbd6/sched/write0_fifo_list\x00', 0x400, 0x0) socket(0xa, 0x1, 0x84) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/loop15\x00', 0x6600, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0xc8e03, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0xa, 0x801, 0x84) ioctl$auto(0x3, 0x40106f52, r0) 5.170844252s ago: executing program 5 (id=2189): socket(0x1e, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), r0) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r2, 0x200, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 5.075379814s ago: executing program 3 (id=2190): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0xd561, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r1, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) open(0x0, 0x22240, 0x154) ioctl$auto_FIONREAD(r0, 0x541b, 0x7) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) mmap$auto(0x0, 0x20000a00006, 0x100, 0x91, 0xffffffffffffffff, 0x2ffffffffffe) mmap$auto(0x0, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) getitimer$auto(0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 4.381084241s ago: executing program 4 (id=2191): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket(0xa, 0x2, 0x73) sendto$auto(r0, 0x0, 0xfdef, 0xfe80, 0x0, 0x1c) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x18, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0xe8) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0102, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x7, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x10001, 0x7, 0x8001, 0x7ffffff8, 0x5, 0x7, 0x5, 0x61, 0x103}) r4 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd0\x00', 0x60000, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 3.397136085s ago: executing program 4 (id=2192): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = open(0x0, 0x10677d, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/pnp0/00:01/resources\x00', 0x424440, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/4096, 0x1000) r2 = socket(0xa, 0x2, 0x3a) bpf$auto(0x5, &(0x7f0000000100)=@bpf_attr_5={@target_fd=r2, r0, 0xa, 0xffffffff, r0, @relative_fd=r0, 0x1ff}, 0x100) r3 = socket(0x2, 0x4, 0x0) r4 = socket(0x2b, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x6600, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(0xffffffffffffffff, 0xc0045002, &(0x7f00000000c0)) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r4, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000) io_uring_setup$auto(0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty42\x00', 0x101e81, 0x0) syz_genetlink_get_family_id$auto_nfc(0x0, r4) setsockopt$auto(0x3, 0x1, 0x2f, 0x0, 0x9) setsockopt$auto(r3, 0x1, 0x21, 0x0, 0xa7) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x2020008, 0xffffffffffffffff, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) prctl$auto_PR_SCHED_CORE_CREATE(0x10, 0x1, 0x0, 0x401, 0x6) syz_genetlink_get_family_id$auto_l2tp(0x0, r4) 3.138145773s ago: executing program 2 (id=2193): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mprotect$auto(0x0, 0x806121, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) readahead$auto(0xffffffffffffffff, 0x10, 0xd8) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_ADD_TX_TS(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000001280)={&(0x7f0000000240)=ANY=[@ANYBLOB="0801", @ANYRES16=r0, @ANYBLOB="080027bd7000fddbdf2569000000060065000900000006004f01090000001700130013c366f9244357d432f6e44cc4bf4e5878fe5d00080002002f247b0005006000080000000500a3000200000045001f00ff8ddbe0dca3a0c40b31575a0fc89a052ad1070f85525f215dde201061c7ecbce4e876ab8d9dd571ee3b51789e3654f47243f6e34471afffdadef51ab57ef583e90000005c007580ba6aeb15a3f761572ca4eb336e5dfaa39a4e112524144c26d5a6468d0f3a3919ee7a2bf863f683c121bc3b2170c49b100b274baaf7e35af6d0f2356f99129b14dfb3c040f5"], 0x108}, 0x1, 0x0, 0x0, 0x91}, 0x10) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001ec0)='/sys/power/mem_sleep\x00', 0x2402, 0x0) write$auto(r1, &(0x7f0000000cc0)='\x00\xad\xe8\xc7.\xf0\xb0f\xd2\x02\x00>\x00\xae\x1a\x13I_{\xe8\n\xd4n\x9f\xae\xed\xcd6\x9f\xf6\x01\x00s\xa6\x03y\x97\x0eR\xb8\xb7\xcc\x83\xb8O\xe5\b_\xd0\xd7\xc0+:\x17\x8d\xf4\t\x00\x00\x00`\xdb\x80E|X\xc3\xa4H\xb9\xd8\x03*\x9c\x00\x00\x00\x00\x00\x00\x00[\x1a\fX[\xb8\x91M\xdb\xe7\xdc6w\xb1\x8b9\x9a\x9a\xf9c\x95)b\xff\x80\xd5\xbb\xc9+Ed\xa16?\xab<\xee\x8b\x18\xe6\xf3a]1OZ\x9e\xa9\xb2;H\xbcn}n\xca\x0e\x0e\xd8\xce_2\xe2\xb1@\x8dy\v\xc3\xacH\x9a\t\x8e\xa1g\xa2?\x89\x01\xb9\xf1\xbb%[\xf1L<\xd8\x8c\xd9\x1f\x9e\xfe\xbf\xb2\x95\xb6Y\xba\xaf\'a\xe2\xc3\x9a$c\xad\x82\x13\x1e\xbc\xf3\x1f.\xef\x1es\xb0\xf2I$\x02\x0e\xc8\xf0\x8b\xc7\xd8\x9c\x04\xa6[\xe2Q\xd6\x13\xa8[\xbcP,\xadS\x7f}/>\x13\xbe\\\x8cq(\x06\xdb4', 0x4) sendmsg$auto_NL80211_CMD_SET_TID_CONFIG(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0xc800}, 0x40000) sendmsg$auto_NL80211_CMD_SET_WOWLAN(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000001c0)={0x0, 0x8c}, 0x1, 0x0, 0x0, 0x48046}, 0x4000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) 2.625469419s ago: executing program 5 (id=2194): mmap$auto(0x2, 0x400008, 0xffd, 0x80000000009b71, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x121900, 0x0) ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000080)) syz_clone(0xba238800, 0x0, 0x34, 0x0, 0x0, 0x0) read$auto(0xffffffffffffffff, 0x0, 0xea) read$auto(0xffffffffffffffff, 0x0, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x20000002) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x804, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x6, 0x0, 0x2, 0xb}, 0x800008}, 0x1ff, 0x1ffffff8) semget$auto(0x0, 0x13c, 0x1ff) semtimedop$auto(0x0, &(0x7f00000000c0)={0xa, 0x81, 0x70}, 0x1f4, 0x0) semctl$auto(0x0, 0x3, 0x0, 0x2) 1.129040559s ago: executing program 5 (id=2195): socket(0x11, 0x2, 0x2) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/034/001\x00', 0x201, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) openat$auto_buffer_subbuf_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/buffer_subbuf_size_kb\x00', 0x2401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x73) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x161401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/tty/ptycd/power/control\x00', 0x200000, 0x0) socket(0x2b, 0x1, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x30d540, 0x0) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/consoles\x00', 0x800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pread64$auto(r0, 0x0, 0xd00, 0x2) 725.722234ms ago: executing program 5 (id=2196): syz_clone(0x20a08200, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x1c, r1, 0xb3eaee9e9ed11725, 0x70bd29, 0x25dfdbfe, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x41000}, 0x64810) socketcall$auto_SYS_GETSOCKOPT(0xf, &(0x7f0000000040)) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x7, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) mmap$auto(0x0, 0x2, 0x80000000df, 0x14, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video48\x00', 0x18a041, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) ppoll$auto(&(0x7f0000000240)={0xffffffffffffffff, 0x3, 0x3}, 0x3, 0x0, 0x0, 0x8) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) sendmmsg$auto(r2, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x4}, 0x1000000000028, 0x0, 0x1, 0x3e0}, 0x800}, 0x4, 0x4008) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) fallocate$auto(0x8000000000000003, 0x40, 0x9, 0x4cbd5d) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, 0x0, 0x509a40, 0x0) select$auto(0x8059, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x37, 0xa, 0x1, 0x5, 0x6, 0x15f4da0a, 0x7, 0x3, 0x800, 0x80000023, 0x200000000000007, 0x6d42, 0xa, 0x2495dae0, 0x52]}, 0x0) execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000600)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\x00\x00/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a(\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8L\x84j\x8c\xec\xdf\x1a\xbd\xc5\x94\xb9\xb7\xd5\xa4\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12\x16\xb8*\xa9\xc9\xe81\x9d\x06\xbbC\x17\xbb\xe6|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x874\xab?\xc8\x82\xe5\x8f\xb7\x91\xc2\xbe\xb2\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5') 1.4972ms ago: executing program 2 (id=2197): mmap$auto(0x0, 0x202000e, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) waitid$auto_P_PID(0x1, 0x0, 0x0, 0x0, &(0x7f0000000240)={{0x2, 0x34}, {0x9c, 0x3}, 0x779c, 0x3ff, 0x2, 0x0, 0x8, 0x8a, 0x3, 0x1, 0x100, 0x6, 0x5, 0x47, 0x80000000, 0x40000}) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$auto(r1, 0x4b71, 0x1) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r3 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) setgroups$auto(0xe32, 0x0) write$auto(0x3, 0x0, 0xffd8) connect$auto(r2, &(0x7f0000000000)=@xdp={0x2c, 0x4, 0x0, 0x8}, 0x58) pipe$auto(&(0x7f0000000000)=0xffffffffffffffff) splice$auto(r4, 0x0, 0xffffffffffffffff, 0x0, 0x3, 0xc) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 0s ago: executing program 4 (id=2205): r0 = socket(0x1d, 0x3, 0x1) r1 = socket(0x2, 0x1, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r2, 0xc0185500, &(0x7f0000001040)={0x80, 0x8, 0x304, 0xea, 0x101, 0x6, &(0x7f00000001c0)}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3}, 0x6a) setsockopt$auto(r0, 0x65, 0x1, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = fanotify_init$auto(0x5, 0x0) creat$auto(&(0x7f0000000000)='./file0\x00', 0x3ff) fanotify_mark$auto(r4, 0x205, 0xa, 0x4, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_GET(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r6, 0x1, 0x70bd27, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x2000c014}, 0x240480c0) read$auto(0x3, 0x0, 0x87f) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r7, 0x0) r8 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r8) ioctl$auto_KVM_CREATE_VM(r7, 0xc040aed5, 0x0) kernel console output (not intermixed with test programs): [ 666.465945][T11089] random: crng reseeded on system resumption [ 667.577266][T11094] random: crng reseeded on system resumption [ 670.497385][T11121] random: crng reseeded on system resumption [ 671.851483][T11129] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1116'. [ 672.720859][T11127] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1115'. [ 672.887814][T11127] ipvlan1: entered promiscuous mode [ 672.934710][T11127] ipvlan1: entered allmulticast mode [ 672.980774][T11127] veth0_vlan: entered allmulticast mode [ 674.208623][T11144] Process accounting resumed [ 681.441394][T11214] bonding: no command found in bonding_masters - use +ifname or -ifname [ 681.577524][T11218] random: crng reseeded on system resumption [ 685.656989][T11251] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1134'. [ 686.217363][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.224534][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 689.407979][ T50] Bluetooth: hci2: unexpected event 0x10 length: 11 > 1 [ 689.410152][ T50] Bluetooth: hci2: hardware error 0x00 [ 691.492976][ T50] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 694.518969][T11357] random: crng reseeded on system resumption [ 695.402904][T11371] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1158'. [ 695.588984][T11371] mac80211_hwsim hwsim10 ›: renamed from wlan0 (while UP) [ 696.860078][T11353] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1150'. [ 697.631089][T11389] random: crng reseeded on system resumption [ 699.841566][T11411] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1173'. [ 703.879148][T11438] futex_wake_op: syz.3.1170 tries to shift op by -2048; fix this program [ 703.924187][T11417] tipc: can't start tipc receive workqueue [ 704.008681][T11438] 0x000000000001-0x000000020000 : "" [ 704.263344][T11438] ftl_cs: FTL header corrupt! [ 708.229380][T11438] Process accounting paused [ 708.736465][T11474] netlink: 350 bytes leftover after parsing attributes in process `syz.3.1177'. [ 709.977763][T11488] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1182'. [ 710.117740][T11488] netlink: 354 bytes leftover after parsing attributes in process `syz.4.1182'. [ 713.854253][T11486] kexec: Could not allocate control_code_buffer [ 714.034835][T11526] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1187'. [ 720.274400][T11582] random: crng reseeded on system resumption [ 723.773476][T11587] kexec: Could not allocate control_code_buffer [ 725.856531][ T50] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 728.276582][T11635] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1212'. [ 731.496175][ T50] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 736.334170][T11693] random: crng reseeded on system resumption [ 737.142592][T11699] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1228'. [ 740.097905][T11716] random: crng reseeded on system resumption [ 740.122007][T11710] Process accounting resumed [ 740.919870][T11708] ubi: mtd0 is already attached to ubi31 [ 742.221338][T11741] ubi: mtd0 is already attached to ubi31 [ 745.895852][T11775] rnbd_client L213: map_device: Parameters missing [ 747.684375][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.698619][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.644643][T11813] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1256'. [ 751.025820][T11813] mac80211_hwsim hwsim7 ›: renamed from wlan0 (while UP) [ 752.858227][T11824] random: crng reseeded on system resumption [ 756.024159][T11848] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1264'. [ 757.701221][T11862] random: crng reseeded on system resumption [ 759.051443][T11866] ubi: mtd0 is already attached to ubi31 [ 761.406555][T11907] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1277'. [ 764.285502][T11917] loop6: detected capacity change from 0 to 8 [ 767.032667][T11936] bond0: invalid ARP target specified [ 767.264144][T11941] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1294'. [ 767.461119][T11940] nbd: socks must be embedded in a SOCK_ITEM attr [ 767.795991][T11940] block nbd0: shutting down sockets [ 767.858991][T11941] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 767.967399][T11941] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 768.161180][T11941] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 768.197459][T11930] FAULT_INJECTION: forcing a failure. [ 768.197459][T11930] name failslab, interval 1, probability 0, space 0, times 0 [ 768.280084][T11941] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 768.692668][T11930] CPU: 0 UID: 0 PID: 11930 Comm: syz.3.1284 Tainted: G L syzkaller #0 PREEMPT(full) [ 768.692704][T11930] Tainted: [L]=SOFTLOCKUP [ 768.692711][T11930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 768.692724][T11930] Call Trace: [ 768.692731][T11930] [ 768.692739][T11930] dump_stack_lvl+0x100/0x190 [ 768.692766][T11930] should_fail_ex.cold+0x5/0xa [ 768.692794][T11930] should_failslab+0xc2/0x120 [ 768.692816][T11930] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 768.692846][T11930] ? security_inode_alloc+0x3b/0x2c0 [ 768.692874][T11930] ? lockdep_init_map_type+0x5c/0x250 [ 768.692913][T11930] security_inode_alloc+0x3b/0x2c0 [ 768.692941][T11930] inode_init_always_gfp+0xcc0/0x1000 [ 768.692982][T11930] alloc_inode+0x8e/0x250 [ 768.693009][T11930] path_from_stashed+0x25b/0x750 [ 768.693032][T11930] ? do_raw_spin_unlock+0x145/0x1e0 [ 768.693060][T11930] ns_get_path+0x60/0x80 [ 768.693082][T11930] proc_ns_get_link+0x121/0x230 [ 768.693114][T11930] ? __pfx_proc_ns_get_link+0x10/0x10 [ 768.693150][T11930] ? atime_needs_update+0x8b/0x6b0 [ 768.693201][T11930] pick_link+0xd17/0x13c0 [ 768.693233][T11930] ? __pfx_proc_ns_get_link+0x10/0x10 [ 768.693270][T11930] step_into_slowpath+0x9ba/0xf90 [ 768.693309][T11930] ? __pfx_step_into_slowpath+0x10/0x10 [ 768.693357][T11930] ? find_held_lock+0x2b/0x80 [ 768.693399][T11930] path_openat+0xf95/0x31a0 [ 768.693449][T11930] ? __pfx_path_openat+0x10/0x10 [ 768.693484][T11930] do_file_open+0x20e/0x430 [ 768.693509][T11930] ? __pfx_do_file_open+0x10/0x10 [ 768.693553][T11930] ? alloc_fd+0x476/0x790 [ 768.693577][T11930] ? do_getname+0x191/0x390 [ 768.693608][T11930] do_sys_openat2+0x10d/0x1e0 [ 768.693639][T11930] ? __pfx_do_sys_openat2+0x10/0x10 [ 768.693671][T11930] ? __fget_files+0x21f/0x3d0 [ 768.693715][T11930] __x64_sys_openat+0x12d/0x210 [ 768.693746][T11930] ? __pfx___x64_sys_openat+0x10/0x10 [ 768.693783][T11930] ? rcu_is_watching+0x12/0xc0 [ 768.693813][T11930] do_syscall_64+0x10b/0xf80 [ 768.693847][T11930] ? clear_bhb_loop+0x40/0x90 [ 768.693876][T11930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.693900][T11930] RIP: 0033:0x7f404135d04e [ 768.693920][T11930] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 768.693944][T11930] RSP: 002b:00007f4042263ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 768.693966][T11930] RAX: ffffffffffffffda RBX: 00007f40422646c0 RCX: 00007f404135d04e [ 768.693982][T11930] RDX: 0000000000000002 RSI: 00007f4042263f90 RDI: ffffffffffffff9c [ 768.693997][T11930] RBP: 00007f4041432c91 R08: 0000000000000000 R09: 0000000000000000 [ 768.694012][T11930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 768.694027][T11930] R13: 00007f4041616038 R14: 00007f4041615fa0 R15: 00007ffc79fd5138 [ 768.694056][T11930] [ 773.044891][T11950] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 773.077961][T11950] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 773.335887][T11950] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 773.444849][T11950] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 773.546087][T11950] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 774.131056][T11945] Process accounting paused [ 775.054920][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 775.306538][T11973] random: crng reseeded on system resumption [ 775.374414][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 775.455387][ T50] Bluetooth: hci4: command 0x040f tx timeout [ 777.135447][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 777.535297][ T50] Bluetooth: hci4: command 0x040f tx timeout [ 780.458966][T12005] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1300'. [ 787.669202][T12056] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1318'. [ 791.206566][T12076] FAULT_INJECTION: forcing a failure. [ 791.206566][T12076] name failslab, interval 1, probability 0, space 0, times 0 [ 791.367642][T12076] CPU: 0 UID: 0 PID: 12076 Comm: syz.3.1314 Tainted: G L syzkaller #0 PREEMPT(full) [ 791.367678][T12076] Tainted: [L]=SOFTLOCKUP [ 791.367685][T12076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 791.367698][T12076] Call Trace: [ 791.367705][T12076] [ 791.367714][T12076] dump_stack_lvl+0x100/0x190 [ 791.367759][T12076] should_fail_ex.cold+0x5/0xa [ 791.367789][T12076] should_failslab+0xc2/0x120 [ 791.367813][T12076] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 791.367845][T12076] ? __kernfs_new_node+0xd2/0x9f0 [ 791.367881][T12076] ? kstrdup+0xb3/0xe0 [ 791.367919][T12076] __kernfs_new_node+0xd2/0x9f0 [ 791.367958][T12076] ? __pfx___kernfs_new_node+0x10/0x10 [ 791.367999][T12076] ? find_held_lock+0x2b/0x80 [ 791.368027][T12076] ? kernfs_root+0xee/0x2a0 [ 791.368060][T12076] ? kernfs_root+0xee/0x2a0 [ 791.368100][T12076] kernfs_new_node+0x11b/0x1a0 [ 791.368126][T12076] kernfs_create_dir_ns+0x4c/0x1a0 [ 791.368153][T12076] cgroup_mkdir+0x3d4/0x1310 [ 791.368192][T12076] ? __pfx_cgroup_mkdir+0x10/0x10 [ 791.368224][T12076] kernfs_iop_mkdir+0x111/0x190 [ 791.368244][T12076] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 791.368278][T12076] vfs_mkdir+0x361/0x850 [ 791.368312][T12076] filename_mkdirat+0x48b/0x5e0 [ 791.368340][T12076] ? __pfx_filename_mkdirat+0x10/0x10 [ 791.368364][T12076] ? strncpy_from_user+0x19d/0x2d0 [ 791.368405][T12076] ? do_getname+0x191/0x390 [ 791.368436][T12076] __x64_sys_mkdir+0x6b/0x90 [ 791.368462][T12076] do_syscall_64+0x10b/0xf80 [ 791.368495][T12076] ? clear_bhb_loop+0x40/0x90 [ 791.368524][T12076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 791.368548][T12076] RIP: 0033:0x7f404139c819 [ 791.368567][T12076] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 791.368590][T12076] RSP: 002b:00007f4042264028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 791.368612][T12076] RAX: ffffffffffffffda RBX: 00007f4041615fa0 RCX: 00007f404139c819 [ 791.368628][T12076] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000040 [ 791.368642][T12076] RBP: 00007f4041432c91 R08: 0000000000000000 R09: 0000000000000000 [ 791.368656][T12076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 791.368669][T12076] R13: 00007f4041616038 R14: 00007f4041615fa0 R15: 00007ffc79fd5138 [ 791.368699][T12076] [ 792.568637][T12087] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1317'. [ 793.150209][T12089] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 793.366667][T12089] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 793.538957][T12089] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 795.224255][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 795.384648][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 795.550122][ T50] Bluetooth: hci4: command 0x040f tx timeout [ 797.136137][T12122] __vm_enough_memory: pid: 12122, comm: syz.1.1325, bytes: 4398046511104 not enough memory for the allocation [ 798.088752][ T29] audit: type=1800 audit(4294967968.504:24): pid=12141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1328" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 798.373177][T12144] __vm_enough_memory: pid: 12144, comm: syz.2.1329, bytes: 4398046511104 not enough memory for the allocation [ 804.708116][T12188] netlink: 'syz.3.1339': attribute type 1 has an invalid length. [ 804.848137][T12188] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1339'. [ 805.359920][T12188] Process accounting resumed [ 809.154930][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.165799][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 812.608500][T12238] FAULT_INJECTION: forcing a failure. [ 812.608500][T12238] name failslab, interval 1, probability 0, space 0, times 0 [ 812.977753][T12238] CPU: 0 UID: 0 PID: 12238 Comm: syz.1.1350 Tainted: G L syzkaller #0 PREEMPT(full) [ 812.977788][T12238] Tainted: [L]=SOFTLOCKUP [ 812.977796][T12238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 812.977809][T12238] Call Trace: [ 812.977816][T12238] [ 812.977824][T12238] dump_stack_lvl+0x100/0x190 [ 812.977850][T12238] should_fail_ex.cold+0x5/0xa [ 812.977879][T12238] should_failslab+0xc2/0x120 [ 812.977900][T12238] __kmalloc_cache_noprof+0x7a/0x6f0 [ 812.977928][T12238] ? usbdev_open+0x9d/0x870 [ 812.977954][T12238] usbdev_open+0x9d/0x870 [ 812.977976][T12238] ? kobject_get_unless_zero+0x156/0x200 [ 812.978013][T12238] ? __pfx_usbdev_open+0x10/0x10 [ 812.978033][T12238] ? chrdev_open+0x10b/0x6a0 [ 812.978053][T12238] ? chrdev_open+0x10b/0x6a0 [ 812.978077][T12238] ? __pfx_usbdev_open+0x10/0x10 [ 812.978098][T12238] chrdev_open+0x234/0x6a0 [ 812.978118][T12238] ? __pfx_apparmor_file_open+0x10/0x10 [ 812.978145][T12238] ? __pfx_chrdev_open+0x10/0x10 [ 812.978168][T12238] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 812.978196][T12238] do_dentry_open+0x6d8/0x1660 [ 812.978232][T12238] ? __pfx_chrdev_open+0x10/0x10 [ 812.978259][T12238] vfs_open+0x82/0x3f0 [ 812.978287][T12238] path_openat+0x208c/0x31a0 [ 812.978317][T12238] ? __pfx_path_openat+0x10/0x10 [ 812.978348][T12238] do_file_open+0x20e/0x430 [ 812.978370][T12238] ? __pfx_do_file_open+0x10/0x10 [ 812.978409][T12238] ? alloc_fd+0x476/0x790 [ 812.978431][T12238] ? do_getname+0x191/0x390 [ 812.978459][T12238] do_sys_openat2+0x10d/0x1e0 [ 812.978486][T12238] ? __pfx_do_sys_openat2+0x10/0x10 [ 812.978515][T12238] ? __fget_files+0x21f/0x3d0 [ 812.978562][T12238] __x64_sys_openat+0x12d/0x210 [ 812.978590][T12238] ? __pfx___x64_sys_openat+0x10/0x10 [ 812.978623][T12238] ? rcu_is_watching+0x12/0xc0 [ 812.978651][T12238] do_syscall_64+0x10b/0xf80 [ 812.978682][T12238] ? clear_bhb_loop+0x40/0x90 [ 812.978708][T12238] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.978730][T12238] RIP: 0033:0x7f96e2d9c819 [ 812.978747][T12238] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 812.978768][T12238] RSP: 002b:00007f96e3bb9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 812.978788][T12238] RAX: ffffffffffffffda RBX: 00007f96e3016090 RCX: 00007f96e2d9c819 [ 812.978802][T12238] RDX: 0000000000040101 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 812.978816][T12238] RBP: 00007f96e2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 812.978829][T12238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 812.978842][T12238] R13: 00007f96e3016128 R14: 00007f96e3016090 R15: 00007ffef2f3d818 [ 812.978870][T12238] [ 816.143638][T12259] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1355'. [ 821.090933][T12284] netlink: 'syz.4.1360': attribute type 1 has an invalid length. [ 821.171847][T12284] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1360'. [ 827.208244][T12317] binder: 12315:12317 ioctl c00c620f 2000000001c0 returned -22 [ 828.422433][T12327] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1370'. [ 828.966401][T12337] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1372'. [ 829.423147][T12328] input input7: cannot allocate more than FF_MAX_EFFECTS effects [ 837.544451][T12387] Process accounting paused [ 838.461533][T12409] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1384'. [ 841.012299][T12424] process 'syz.1.1388' launched ':,' with NULL argv: empty string added [ 841.121913][T12424] FAULT_INJECTION: forcing a failure. [ 841.121913][T12424] name failslab, interval 1, probability 0, space 0, times 0 [ 841.268355][T12424] CPU: 0 UID: 0 PID: 12424 Comm: syz.1.1388 Tainted: G L syzkaller #0 PREEMPT(full) [ 841.268391][T12424] Tainted: [L]=SOFTLOCKUP [ 841.268398][T12424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 841.268411][T12424] Call Trace: [ 841.268418][T12424] [ 841.268426][T12424] dump_stack_lvl+0x100/0x190 [ 841.268454][T12424] should_fail_ex.cold+0x5/0xa [ 841.268482][T12424] should_failslab+0xc2/0x120 [ 841.268504][T12424] __kmalloc_cache_noprof+0x7a/0x6f0 [ 841.268532][T12424] ? qrtr_tun_open+0x47/0x220 [ 841.268558][T12424] ? __pfx_qrtr_tun_open+0x10/0x10 [ 841.268582][T12424] qrtr_tun_open+0x47/0x220 [ 841.268605][T12424] ? __pfx_qrtr_tun_open+0x10/0x10 [ 841.268628][T12424] misc_open+0x26d/0x450 [ 841.268662][T12424] ? __pfx_misc_open+0x10/0x10 [ 841.268696][T12424] chrdev_open+0x234/0x6a0 [ 841.268717][T12424] ? __pfx_apparmor_file_open+0x10/0x10 [ 841.268745][T12424] ? __pfx_chrdev_open+0x10/0x10 [ 841.268767][T12424] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 841.268795][T12424] do_dentry_open+0x6d8/0x1660 [ 841.268831][T12424] ? __pfx_chrdev_open+0x10/0x10 [ 841.268863][T12424] vfs_open+0x82/0x3f0 [ 841.268892][T12424] path_openat+0x208c/0x31a0 [ 841.268922][T12424] ? __pfx_path_openat+0x10/0x10 [ 841.268953][T12424] do_file_open+0x20e/0x430 [ 841.268977][T12424] ? __pfx_do_file_open+0x10/0x10 [ 841.269022][T12424] ? alloc_fd+0x476/0x790 [ 841.269044][T12424] ? do_getname+0x191/0x390 [ 841.269073][T12424] do_sys_openat2+0x10d/0x1e0 [ 841.269100][T12424] ? __pfx_do_sys_openat2+0x10/0x10 [ 841.269137][T12424] __x64_sys_openat+0x12d/0x210 [ 841.269166][T12424] ? __pfx___x64_sys_openat+0x10/0x10 [ 841.269199][T12424] ? rcu_is_watching+0x12/0xc0 [ 841.269226][T12424] do_syscall_64+0x10b/0xf80 [ 841.269256][T12424] ? clear_bhb_loop+0x40/0x90 [ 841.269283][T12424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.269306][T12424] RIP: 0033:0x7f96e2d9c819 [ 841.269323][T12424] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 841.269345][T12424] RSP: 002b:00007f96e3bda028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 841.269365][T12424] RAX: ffffffffffffffda RBX: 00007f96e3015fa0 RCX: 00007f96e2d9c819 [ 841.269380][T12424] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 841.269394][T12424] RBP: 00007f96e2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 841.269407][T12424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 841.269420][T12424] R13: 00007f96e3016038 R14: 00007f96e3015fa0 R15: 00007ffef2f3d818 [ 841.269447][T12424] [ 842.213077][T12428] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1389'. [ 842.262744][T12428] netlink: 354 bytes leftover after parsing attributes in process `syz.4.1389'. [ 850.536156][T12489] binder: 12466:12489 ioctl 40086602 e20 returned -22 [ 857.032871][T12529] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1408'. [ 864.189145][T12588] program syz.1.1423 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 864.342532][T12588] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 864.414981][T12581] FAULT_INJECTION: forcing a failure. [ 864.414981][T12581] name failslab, interval 1, probability 0, space 0, times 0 [ 864.535579][T12581] CPU: 0 UID: 0 PID: 12581 Comm: syz.2.1422 Tainted: G L syzkaller #0 PREEMPT(full) [ 864.535614][T12581] Tainted: [L]=SOFTLOCKUP [ 864.535622][T12581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 864.535635][T12581] Call Trace: [ 864.535642][T12581] [ 864.535650][T12581] dump_stack_lvl+0x100/0x190 [ 864.535677][T12581] should_fail_ex.cold+0x5/0xa [ 864.535705][T12581] should_failslab+0xc2/0x120 [ 864.535727][T12581] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 864.535757][T12581] ? vm_area_dup+0x27/0x8e0 [ 864.535784][T12581] ? mas_next_range+0x9b/0xf0 [ 864.535841][T12581] vm_area_dup+0x27/0x8e0 [ 864.535873][T12581] copy_vma+0x643/0xac0 [ 864.535910][T12581] ? __pfx_copy_vma+0x10/0x10 [ 864.535942][T12581] ? find_held_lock+0x2b/0x80 [ 864.535981][T12581] ? clockevents_program_event+0x23e/0x7e0 [ 864.536015][T12581] ? __lock_acquire+0x4a5/0x2630 [ 864.536071][T12581] copy_vma_and_data+0x1cf/0x7c0 [ 864.536109][T12581] ? __pfx_copy_vma_and_data+0x10/0x10 [ 864.536182][T12581] ? __vma_start_write+0x17f/0x280 [ 864.536209][T12581] ? __pfx___vma_start_write+0x10/0x10 [ 864.536243][T12581] move_vma+0x574/0x1920 [ 864.536278][T12581] ? __pfx_move_vma+0x10/0x10 [ 864.536312][T12581] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 864.536336][T12581] ? cap_mmap_addr+0x4b/0x120 [ 864.536359][T12581] ? bpf_lsm_mmap_addr+0x9/0x30 [ 864.536392][T12581] ? security_mmap_addr+0x71/0x1e0 [ 864.536424][T12581] ? __get_unmapped_area+0x255/0x3e0 [ 864.536451][T12581] ? vrm_set_new_addr+0x204/0x290 [ 864.536483][T12581] mremap_to+0x234/0x4c0 [ 864.536513][T12581] ? mas_walk+0x6ef/0x9b0 [ 864.536541][T12581] ? __pfx_mremap_to+0x10/0x10 [ 864.536571][T12581] ? check_prep_vma+0x878/0xdf0 [ 864.536607][T12581] __do_sys_mremap+0xa7a/0x1850 [ 864.536647][T12581] ? __pfx___do_sys_mremap+0x10/0x10 [ 864.536683][T12581] ? do_futex+0x192/0x350 [ 864.536703][T12581] ? __pfx_do_futex+0x10/0x10 [ 864.536731][T12581] ? __x64_sys_futex+0x34f/0x4d0 [ 864.536762][T12581] ? rcu_is_watching+0x12/0xc0 [ 864.536789][T12581] do_syscall_64+0x10b/0xf80 [ 864.536820][T12581] ? clear_bhb_loop+0x40/0x90 [ 864.536846][T12581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.536868][T12581] RIP: 0033:0x7ff378d9c819 [ 864.536886][T12581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 864.536907][T12581] RSP: 002b:00007ff379c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000019 [ 864.536927][T12581] RAX: ffffffffffffffda RBX: 00007ff379015fa0 RCX: 00007ff378d9c819 [ 864.536942][T12581] RDX: 0000000000000004 RSI: 0000000000000004 RDI: 0000200000000000 [ 864.536955][T12581] RBP: 00007ff378e32c91 R08: 0000000100000000 R09: 0000000000000000 [ 864.536973][T12581] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 864.536986][T12581] R13: 00007ff379016038 R14: 00007ff379015fa0 R15: 00007fffb988cd68 [ 864.537014][T12581] [ 870.627716][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.641788][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 873.270889][T12648] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1436'. [ 873.417725][T12651] netlink: 354 bytes leftover after parsing attributes in process `syz.4.1436'. [ 874.098972][T12657] FAULT_INJECTION: forcing a failure. [ 874.098972][T12657] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 874.217913][T12657] CPU: 0 UID: 0 PID: 12657 Comm: syz.2.1440 Tainted: G L syzkaller #0 PREEMPT(full) [ 874.217946][T12657] Tainted: [L]=SOFTLOCKUP [ 874.217954][T12657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 874.217966][T12657] Call Trace: [ 874.217973][T12657] [ 874.217980][T12657] dump_stack_lvl+0x100/0x190 [ 874.218006][T12657] should_fail_ex.cold+0x5/0xa [ 874.218028][T12657] ? prepare_alloc_pages+0x16d/0x5f0 [ 874.218053][T12657] should_fail_alloc_page+0xeb/0x140 [ 874.218075][T12657] prepare_alloc_pages+0x1f0/0x5f0 [ 874.218101][T12657] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 874.218140][T12657] ? stack_trace_save+0x8e/0xc0 [ 874.218167][T12657] ? __pfx_stack_trace_save+0x10/0x10 [ 874.218192][T12657] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 874.218223][T12657] ? stack_depot_save_flags+0x27/0x9d0 [ 874.218255][T12657] ? find_held_lock+0x2b/0x80 [ 874.218280][T12657] ? is_bpf_text_address+0x8a/0x1a0 [ 874.218309][T12657] ? kasan_save_stack+0x3f/0x50 [ 874.218339][T12657] ? kasan_save_stack+0x30/0x50 [ 874.218367][T12657] ? kasan_save_track+0x14/0x30 [ 874.218396][T12657] ? __kasan_slab_alloc+0x89/0x90 [ 874.218427][T12657] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 874.218456][T12657] ? __pmd_alloc+0xbf/0x950 [ 874.218477][T12657] ? walk_to_pmd+0x3a3/0x4c0 [ 874.218499][T12657] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 874.218529][T12657] ? kcov_mmap+0xca/0x130 [ 874.218553][T12657] ? __mmap_region+0x13e1/0x2dc0 [ 874.218579][T12657] ? mmap_region+0x527/0x620 [ 874.218607][T12657] ? vm_mmap_pgoff+0x29e/0x470 [ 874.218628][T12657] ? __x64_sys_mmap+0x125/0x190 [ 874.218649][T12657] ? do_syscall_64+0x10b/0xf80 [ 874.218677][T12657] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.218711][T12657] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 874.218740][T12657] ? policy_nodemask+0xed/0x4f0 [ 874.218761][T12657] alloc_pages_mpol+0x1fb/0x540 [ 874.218782][T12657] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 874.218803][T12657] ? do_raw_spin_lock+0x128/0x260 [ 874.218827][T12657] ? find_held_lock+0x2b/0x80 [ 874.218855][T12657] alloc_pages_noprof+0x1a/0x160 [ 874.218879][T12657] pte_alloc_one+0x1c/0x3d0 [ 874.218908][T12657] __pte_alloc+0x6d/0x3e0 [ 874.218927][T12657] ? __pfx___pte_alloc+0x10/0x10 [ 874.218947][T12657] ? walk_to_pmd+0x302/0x4c0 [ 874.218973][T12657] get_locked_pte+0xa1/0xc0 [ 874.218997][T12657] insert_page+0xcc/0x220 [ 874.219021][T12657] ? __pfx_insert_page+0x10/0x10 [ 874.219043][T12657] ? __pfx_down_read_trylock+0x10/0x10 [ 874.219071][T12657] vm_insert_page+0x2c0/0x400 [ 874.219097][T12657] kcov_mmap+0xca/0x130 [ 874.219124][T12657] __mmap_region+0x13e1/0x2dc0 [ 874.219162][T12657] ? __pfx___mmap_region+0x10/0x10 [ 874.219192][T12657] ? __lock_acquire+0x4a5/0x2630 [ 874.219243][T12657] ? find_held_lock+0x2b/0x80 [ 874.219267][T12657] ? ima_match_policy+0x8c4/0x2350 [ 874.219296][T12657] ? ima_match_policy+0x8c4/0x2350 [ 874.219348][T12657] ? process_measurement+0x4c8/0x2350 [ 874.219411][T12657] mmap_region+0x527/0x620 [ 874.219443][T12657] ? __pfx_mmap_region+0x10/0x10 [ 874.219474][T12657] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 874.219498][T12657] ? cap_mmap_addr+0x4b/0x120 [ 874.219520][T12657] ? bpf_lsm_mmap_addr+0x9/0x30 [ 874.219551][T12657] ? security_mmap_addr+0x71/0x1e0 [ 874.219581][T12657] ? __get_unmapped_area+0x255/0x3e0 [ 874.219606][T12657] do_mmap+0xc63/0x12f0 [ 874.219632][T12657] ? __pfx_do_mmap+0x10/0x10 [ 874.219653][T12657] ? __pfx_down_write_killable+0x10/0x10 [ 874.219693][T12657] vm_mmap_pgoff+0x29e/0x470 [ 874.219719][T12657] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 874.219740][T12657] ? __fget_files+0x215/0x3d0 [ 874.219776][T12657] ? __fget_files+0x21f/0x3d0 [ 874.219813][T12657] ksys_mmap_pgoff+0x3cb/0x610 [ 874.219835][T12657] ? __x64_sys_futex+0x358/0x4d0 [ 874.219855][T12657] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 874.219876][T12657] ? xfd_validate_state+0x129/0x190 [ 874.219896][T12657] ? ksys_write+0x1ac/0x250 [ 874.219932][T12657] __x64_sys_mmap+0x125/0x190 [ 874.219956][T12657] do_syscall_64+0x10b/0xf80 [ 874.219985][T12657] ? clear_bhb_loop+0x40/0x90 [ 874.220010][T12657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.220031][T12657] RIP: 0033:0x7ff378d9c819 [ 874.220048][T12657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.220068][T12657] RSP: 002b:00007ff379c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 874.220087][T12657] RAX: ffffffffffffffda RBX: 00007ff379015fa0 RCX: 00007ff378d9c819 [ 874.220100][T12657] RDX: 0000000000000007 RSI: 00000000003fffff RDI: 0000400000000000 [ 874.220113][T12657] RBP: 00007ff378e32c91 R08: 00000000000000dd R09: 0000000000000000 [ 874.220125][T12657] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 874.220143][T12657] R13: 00007ff379016038 R14: 00007ff379015fa0 R15: 00007fffb988cd68 [ 874.220169][T12657] [ 875.194145][T12657] kcov: kcov: vm_insert_page() failed [ 880.907472][T12675] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1453'. [ 880.927170][T12698] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1450'. [ 885.109346][T12723] ubi: mtd0 is already attached to ubi31 [ 886.683175][ T7449] Process accounting resumed [ 890.495486][ T50] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 891.746079][ T59] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 892.490280][ T59] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 892.912152][ T59] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 893.367038][ T59] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 894.925630][ T59] bridge_slave_1: left allmulticast mode [ 894.962336][ T59] bridge_slave_1: left promiscuous mode [ 895.008476][ T59] bridge0: port 2(bridge_slave_1) entered disabled state [ 895.173960][ T59] bridge_slave_0: left allmulticast mode [ 895.225565][ T59] bridge_slave_0: left promiscuous mode [ 895.262718][ T59] bridge0: port 1(bridge_slave_0) entered disabled state [ 896.773786][ T59] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 896.880697][ T59] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 896.948530][ T59] bond0 (unregistering): Released all slaves [ 898.058837][T12837] FAULT_INJECTION: forcing a failure. [ 898.058837][T12837] name failslab, interval 1, probability 0, space 0, times 0 [ 898.251029][T12837] CPU: 0 UID: 0 PID: 12837 Comm: syz.1.1479 Tainted: G L syzkaller #0 PREEMPT(full) [ 898.251069][T12837] Tainted: [L]=SOFTLOCKUP [ 898.251078][T12837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 898.251093][T12837] Call Trace: [ 898.251107][T12837] [ 898.251116][T12837] dump_stack_lvl+0x100/0x190 [ 898.251145][T12837] should_fail_ex.cold+0x5/0xa [ 898.251176][T12837] should_failslab+0xc2/0x120 [ 898.251200][T12837] __kmalloc_cache_noprof+0x7a/0x6f0 [ 898.251231][T12837] ? alloc_fdtable+0xbd/0x2d0 [ 898.251266][T12837] ? find_held_lock+0x2b/0x80 [ 898.251295][T12837] ? dup_fd+0x924/0xd10 [ 898.251320][T12837] alloc_fdtable+0xbd/0x2d0 [ 898.251359][T12837] dup_fd+0x995/0xd10 [ 898.251384][T12837] ? apparmor_task_alloc+0x2c1/0x3b0 [ 898.251416][T12837] copy_process+0x2965/0x7f50 [ 898.251448][T12837] ? preempt_schedule_common+0x42/0xc0 [ 898.251496][T12837] ? __pfx_copy_process+0x10/0x10 [ 898.251528][T12837] ? find_held_lock+0x2b/0x80 [ 898.251561][T12837] ? futex_private_hash_put+0x107/0x1c0 [ 898.251605][T12837] kernel_clone+0x12e/0x9c0 [ 898.251639][T12837] ? __pfx_kernel_clone+0x10/0x10 [ 898.251693][T12837] __do_sys_clone+0xd9/0x120 [ 898.251725][T12837] ? __pfx___do_sys_clone+0x10/0x10 [ 898.251768][T12837] ? ksys_write+0x1ac/0x250 [ 898.251810][T12837] ? rcu_is_watching+0x12/0xc0 [ 898.251846][T12837] do_syscall_64+0x10b/0xf80 [ 898.251880][T12837] ? clear_bhb_loop+0x40/0x90 [ 898.251910][T12837] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.251935][T12837] RIP: 0033:0x7f96e2d9c819 [ 898.251955][T12837] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 898.251979][T12837] RSP: 002b:00007f96e3bd9fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 898.252005][T12837] RAX: ffffffffffffffda RBX: 00007f96e3015fa0 RCX: 00007f96e2d9c819 [ 898.252021][T12837] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020011 [ 898.252036][T12837] RBP: 00007f96e2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 898.252050][T12837] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 898.252065][T12837] R13: 00007f96e3016038 R14: 00007f96e3015fa0 R15: 00007ffef2f3d818 [ 898.252095][T12837] [ 901.398881][ T59] hsr_slave_0: left promiscuous mode [ 901.424358][ T59] hsr_slave_1: left promiscuous mode [ 901.444008][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 901.484314][ T59] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 901.527691][ T59] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 901.558663][ T59] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 901.759674][ T59] veth1_macvtap: left promiscuous mode [ 901.782204][ T59] veth0_macvtap: left promiscuous mode [ 901.810184][ T59] veth1_vlan: left promiscuous mode [ 901.836336][ T59] veth0_vlan: left promiscuous mode [ 903.135231][ T59] team0 (unregistering): Port device team_slave_1 removed [ 903.220689][ T59] team0 (unregistering): Port device team_slave_0 removed [ 903.736816][ T5491] 8021q: adding VLAN 0 to HW filter on device eth1 [ 904.371876][T12879] misc userio: Invalid payload size [ 906.098533][ T5491] 8021q: adding VLAN 0 to HW filter on device eth2 [ 908.615919][ T5491] 8021q: adding VLAN 0 to HW filter on device eth4 [ 911.541160][ T5491] 8021q: adding VLAN 0 to HW filter on device eth3 [ 913.102269][T12997] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1504'. [ 913.947930][T13011] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 915.461225][T13026] bridge0: port 3(gretap0) entered blocking state [ 915.534776][T13026] bridge0: port 3(gretap0) entered disabled state [ 915.574465][T13026] gretap0: entered allmulticast mode [ 915.594270][T13031] block2mtd: illegal erase size [ 915.616696][T13026] gretap0: entered promiscuous mode [ 915.641084][T13026] FAULT_INJECTION: forcing a failure. [ 915.641084][T13026] name failslab, interval 1, probability 0, space 0, times 0 [ 915.699428][T13026] CPU: 0 UID: 0 PID: 13026 Comm: syz.1.1509 Tainted: G L syzkaller #0 PREEMPT(full) [ 915.699467][T13026] Tainted: [L]=SOFTLOCKUP [ 915.699475][T13026] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 915.699493][T13026] Call Trace: [ 915.699501][T13026] [ 915.699510][T13026] dump_stack_lvl+0x100/0x190 [ 915.699545][T13026] should_fail_ex.cold+0x5/0xa [ 915.699576][T13026] should_failslab+0xc2/0x120 [ 915.699600][T13026] __kmalloc_cache_noprof+0x7a/0x6f0 [ 915.699631][T13026] ? nbp_vlan_add+0x1eb/0x3e0 [ 915.699669][T13026] nbp_vlan_add+0x1eb/0x3e0 [ 915.699704][T13026] nbp_vlan_init+0x373/0x500 [ 915.699737][T13026] ? __pfx_nbp_vlan_init+0x10/0x10 [ 915.699775][T13026] ? __local_bh_enable_ip+0x9e/0x120 [ 915.699805][T13026] ? lockdep_hardirqs_on+0x78/0x100 [ 915.699840][T13026] ? br_fdb_add_local+0x43/0x60 [ 915.699867][T13026] ? __local_bh_enable_ip+0x9e/0x120 [ 915.699900][T13026] br_add_if+0xf79/0x1b40 [ 915.699934][T13026] ? veth_get_iflink+0x263/0x2c0 [ 915.699972][T13026] add_del_if+0x114/0x160 [ 915.700009][T13026] br_dev_siocdevprivate+0x8ac/0x1650 [ 915.700049][T13026] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 915.700093][T13026] ? do_raw_spin_lock+0x128/0x260 [ 915.700120][T13026] ? find_held_lock+0x2b/0x80 [ 915.700148][T13026] ? debug_mutex_remove_waiter+0xa8/0x320 [ 915.700178][T13026] ? debug_mutex_remove_waiter+0xa8/0x320 [ 915.700217][T13026] ? netdev_name_node_lookup+0x107/0x150 [ 915.700251][T13026] ? __mutex_lock+0x838/0x1b10 [ 915.700291][T13026] dev_ifsioc+0xc1e/0x1e90 [ 915.700330][T13026] ? __pfx_dev_ifsioc+0x10/0x10 [ 915.700364][T13026] ? __pfx___mutex_lock+0x10/0x10 [ 915.700410][T13026] ? dev_load+0x8e/0x240 [ 915.700443][T13026] ? dev_load+0x8e/0x240 [ 915.700499][T13026] dev_ioctl+0x70e/0x1070 [ 915.700543][T13026] sock_ioctl+0x494/0x6b0 [ 915.700576][T13026] ? __pfx_sock_ioctl+0x10/0x10 [ 915.700606][T13026] ? hook_file_ioctl_common+0x149/0x410 [ 915.700647][T13026] ? __fget_files+0x21f/0x3d0 [ 915.700689][T13026] ? __pfx_sock_ioctl+0x10/0x10 [ 915.700722][T13026] __x64_sys_ioctl+0x18e/0x210 [ 915.700758][T13026] do_syscall_64+0x10b/0xf80 [ 915.700792][T13026] ? clear_bhb_loop+0x40/0x90 [ 915.700821][T13026] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 915.700846][T13026] RIP: 0033:0x7f96e2d9c819 [ 915.700866][T13026] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 915.700890][T13026] RSP: 002b:00007f96e3bb9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 915.700913][T13026] RAX: ffffffffffffffda RBX: 00007f96e3016090 RCX: 00007f96e2d9c819 [ 915.700929][T13026] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 915.700944][T13026] RBP: 00007f96e2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 915.700959][T13026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 915.700973][T13026] R13: 00007f96e3016128 R14: 00007f96e3016090 R15: 00007ffef2f3d818 [ 915.701003][T13026] [ 916.146370][T13026] gretap0: failed to initialize vlan filtering on this port [ 916.196691][T13026] gretap0: left allmulticast mode [ 916.307546][T13034] can: request_module (can-proto-5) failed. [ 920.002548][T13088] netlink: 350 bytes leftover after parsing attributes in process `syz.4.1523'. [ 921.102603][T13094] bridge0: port 3(gretap0) entered blocking state [ 921.146589][T13094] bridge0: port 3(gretap0) entered disabled state [ 921.172311][T13094] gretap0: entered allmulticast mode [ 921.196525][T13094] gretap0: entered promiscuous mode [ 921.235892][T13094] bridge0: port 3(gretap0) entered blocking state [ 921.244032][T13094] bridge0: port 3(gretap0) entered listening state [ 921.450252][T13107] ======================================================= [ 921.450252][T13107] WARNING: The mand mount option has been deprecated and [ 921.450252][T13107] and is ignored by this kernel. Remove the mand [ 921.450252][T13107] option from the mount to silence this warning. [ 921.450252][T13107] ======================================================= [ 923.064031][T13128] __vm_enough_memory: pid: 13128, comm: syz.3.1533, bytes: 4398046511104 not enough memory for the allocation [ 924.613887][T13165] misc userio: Invalid payload size [ 926.654492][T13199] __vm_enough_memory: pid: 13199, comm: syz.4.1546, bytes: 4398046511104 not enough memory for the allocation [ 932.097747][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.108955][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 936.570558][T13327] FAULT_INJECTION: forcing a failure. [ 936.570558][T13327] name failslab, interval 1, probability 0, space 0, times 0 [ 936.584236][ C0] bridge0: port 3(gretap0) entered learning state [ 936.960042][T13327] CPU: 0 UID: 0 PID: 13327 Comm: syz.4.1571 Tainted: G L syzkaller #0 PREEMPT(full) [ 936.960082][T13327] Tainted: [L]=SOFTLOCKUP [ 936.960090][T13327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 936.960105][T13327] Call Trace: [ 936.960113][T13327] [ 936.960122][T13327] dump_stack_lvl+0x100/0x190 [ 936.960150][T13327] should_fail_ex.cold+0x5/0xa [ 936.960181][T13327] should_failslab+0xc2/0x120 [ 936.960205][T13327] __kmalloc_cache_noprof+0x7a/0x6f0 [ 936.960235][T13327] ? usbdev_open+0x9d/0x870 [ 936.960265][T13327] usbdev_open+0x9d/0x870 [ 936.960289][T13327] ? kobject_get_unless_zero+0x156/0x200 [ 936.960331][T13327] ? __pfx_usbdev_open+0x10/0x10 [ 936.960353][T13327] ? chrdev_open+0x10b/0x6a0 [ 936.960375][T13327] ? chrdev_open+0x10b/0x6a0 [ 936.960401][T13327] ? __pfx_usbdev_open+0x10/0x10 [ 936.960424][T13327] chrdev_open+0x234/0x6a0 [ 936.960447][T13327] ? __pfx_apparmor_file_open+0x10/0x10 [ 936.960477][T13327] ? __pfx_chrdev_open+0x10/0x10 [ 936.960502][T13327] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 936.960533][T13327] do_dentry_open+0x6d8/0x1660 [ 936.960573][T13327] ? __pfx_chrdev_open+0x10/0x10 [ 936.960604][T13327] vfs_open+0x82/0x3f0 [ 936.960636][T13327] path_openat+0x208c/0x31a0 [ 936.960681][T13327] ? __pfx_path_openat+0x10/0x10 [ 936.960715][T13327] do_file_open+0x20e/0x430 [ 936.960740][T13327] ? __pfx_do_file_open+0x10/0x10 [ 936.960784][T13327] ? alloc_fd+0x476/0x790 [ 936.960808][T13327] ? do_getname+0x191/0x390 [ 936.960841][T13327] do_sys_openat2+0x10d/0x1e0 [ 936.960872][T13327] ? __pfx_do_sys_openat2+0x10/0x10 [ 936.960904][T13327] ? __fget_files+0x21f/0x3d0 [ 936.960948][T13327] __x64_sys_openat+0x12d/0x210 [ 936.960979][T13327] ? __pfx___x64_sys_openat+0x10/0x10 [ 936.961015][T13327] ? rcu_is_watching+0x12/0xc0 [ 936.961046][T13327] do_syscall_64+0x10b/0xf80 [ 936.961080][T13327] ? clear_bhb_loop+0x40/0x90 [ 936.961109][T13327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.961134][T13327] RIP: 0033:0x7f2766b9c819 [ 936.961154][T13327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 936.961181][T13327] RSP: 002b:00007f2764dd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 936.961203][T13327] RAX: ffffffffffffffda RBX: 00007f2766e16090 RCX: 00007f2766b9c819 [ 936.961219][T13327] RDX: 0000000000040101 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 936.961234][T13327] RBP: 00007f2766c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 936.961249][T13327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.961263][T13327] R13: 00007f2766e16128 R14: 00007f2766e16090 R15: 00007ffe0c93cfa8 [ 936.961293][T13327] [ 938.508817][T13336] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 938.620831][T13336] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 940.576838][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 940.656779][ T50] Bluetooth: hci4: command 0x040f tx timeout [ 942.190882][T13363] FAULT_INJECTION: forcing a failure. [ 942.190882][T13363] name failslab, interval 1, probability 0, space 0, times 0 [ 942.456033][T13363] CPU: 0 UID: 0 PID: 13363 Comm: syz.1.1581 Tainted: G L syzkaller #0 PREEMPT(full) [ 942.456072][T13363] Tainted: [L]=SOFTLOCKUP [ 942.456081][T13363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 942.456114][T13363] Call Trace: [ 942.456122][T13363] [ 942.456130][T13363] dump_stack_lvl+0x100/0x190 [ 942.456178][T13363] should_fail_ex.cold+0x5/0xa [ 942.456209][T13363] should_failslab+0xc2/0x120 [ 942.456233][T13363] __kmalloc_cache_noprof+0x7a/0x6f0 [ 942.456264][T13363] ? percpu_ref_init+0xec/0x3f0 [ 942.456293][T13363] ? __pfx_css_release+0x10/0x10 [ 942.456319][T13363] percpu_ref_init+0xec/0x3f0 [ 942.456348][T13363] cgroup_mkdir+0x2a7/0x1310 [ 942.456384][T13363] ? __pfx_cgroup_mkdir+0x10/0x10 [ 942.456417][T13363] kernfs_iop_mkdir+0x111/0x190 [ 942.456439][T13363] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 942.456473][T13363] vfs_mkdir+0x361/0x850 [ 942.456509][T13363] filename_mkdirat+0x48b/0x5e0 [ 942.456537][T13363] ? __pfx_filename_mkdirat+0x10/0x10 [ 942.456562][T13363] ? strncpy_from_user+0x19d/0x2d0 [ 942.456598][T13363] ? do_getname+0x191/0x390 [ 942.456630][T13363] __x64_sys_mkdir+0x6b/0x90 [ 942.456655][T13363] do_syscall_64+0x10b/0xf80 [ 942.456689][T13363] ? clear_bhb_loop+0x40/0x90 [ 942.456719][T13363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 942.456743][T13363] RIP: 0033:0x7f96e2d9c819 [ 942.456762][T13363] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 942.456786][T13363] RSP: 002b:00007f96e3bda028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 942.456809][T13363] RAX: ffffffffffffffda RBX: 00007f96e3015fa0 RCX: 00007f96e2d9c819 [ 942.456825][T13363] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000040 [ 942.456839][T13363] RBP: 00007f96e2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 942.456854][T13363] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 942.456868][T13363] R13: 00007f96e3016038 R14: 00007f96e3015fa0 R15: 00007ffef2f3d818 [ 942.456899][T13363] [ 943.283350][T13382] FAULT_INJECTION: forcing a failure. [ 943.283350][T13382] name failslab, interval 1, probability 0, space 0, times 0 [ 943.344097][T13382] CPU: 0 UID: 0 PID: 13382 Comm: syz.3.1584 Tainted: G L syzkaller #0 PREEMPT(full) [ 943.344136][T13382] Tainted: [L]=SOFTLOCKUP [ 943.344144][T13382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 943.344158][T13382] Call Trace: [ 943.344166][T13382] [ 943.344175][T13382] dump_stack_lvl+0x100/0x190 [ 943.344203][T13382] should_fail_ex.cold+0x5/0xa [ 943.344235][T13382] should_failslab+0xc2/0x120 [ 943.344258][T13382] __kmalloc_cache_noprof+0x7a/0x6f0 [ 943.344289][T13382] ? usbdev_open+0x9d/0x870 [ 943.344317][T13382] usbdev_open+0x9d/0x870 [ 943.344341][T13382] ? kobject_get_unless_zero+0x156/0x200 [ 943.344382][T13382] ? __pfx_usbdev_open+0x10/0x10 [ 943.344404][T13382] ? chrdev_open+0x10b/0x6a0 [ 943.344426][T13382] ? chrdev_open+0x10b/0x6a0 [ 943.344453][T13382] ? __pfx_usbdev_open+0x10/0x10 [ 943.344476][T13382] chrdev_open+0x234/0x6a0 [ 943.344498][T13382] ? __pfx_apparmor_file_open+0x10/0x10 [ 943.344529][T13382] ? __pfx_chrdev_open+0x10/0x10 [ 943.344554][T13382] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 943.344585][T13382] do_dentry_open+0x6d8/0x1660 [ 943.344624][T13382] ? __pfx_chrdev_open+0x10/0x10 [ 943.344654][T13382] vfs_open+0x82/0x3f0 [ 943.344686][T13382] path_openat+0x208c/0x31a0 [ 943.344718][T13382] ? __pfx_path_openat+0x10/0x10 [ 943.344752][T13382] do_file_open+0x20e/0x430 [ 943.344777][T13382] ? __pfx_do_file_open+0x10/0x10 [ 943.344819][T13382] ? alloc_fd+0x476/0x790 [ 943.344843][T13382] ? do_getname+0x191/0x390 [ 943.344878][T13382] do_sys_openat2+0x10d/0x1e0 [ 943.344908][T13382] ? __pfx_do_sys_openat2+0x10/0x10 [ 943.344941][T13382] ? __fget_files+0x21f/0x3d0 [ 943.344985][T13382] __x64_sys_openat+0x12d/0x210 [ 943.345016][T13382] ? __pfx___x64_sys_openat+0x10/0x10 [ 943.345059][T13382] ? rcu_is_watching+0x12/0xc0 [ 943.345091][T13382] do_syscall_64+0x10b/0xf80 [ 943.345124][T13382] ? clear_bhb_loop+0x40/0x90 [ 943.345154][T13382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.345179][T13382] RIP: 0033:0x7f404139c819 [ 943.345198][T13382] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.345221][T13382] RSP: 002b:00007f4042243028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 943.345243][T13382] RAX: ffffffffffffffda RBX: 00007f4041616090 RCX: 00007f404139c819 [ 943.345259][T13382] RDX: 0000000000040101 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 943.345274][T13382] RBP: 00007f4041432c91 R08: 0000000000000000 R09: 0000000000000000 [ 943.345287][T13382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.345301][T13382] R13: 00007f4041616128 R14: 00007f4041616090 R15: 00007ffc79fd5138 [ 943.345331][T13382] [ 944.732926][T13392] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 944.820731][T13392] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 945.518310][T13398] bridge0: port 3(gretap0) entered blocking state [ 945.581644][T13398] bridge0: port 3(gretap0) entered disabled state [ 945.614478][T13398] gretap0: entered allmulticast mode [ 945.658876][T13398] gretap0: entered promiscuous mode [ 945.694316][T13398] FAULT_INJECTION: forcing a failure. [ 945.694316][T13398] name failslab, interval 1, probability 0, space 0, times 0 [ 945.708618][T13398] CPU: 0 UID: 0 PID: 13398 Comm: syz.3.1589 Tainted: G L syzkaller #0 PREEMPT(full) [ 945.708657][T13398] Tainted: [L]=SOFTLOCKUP [ 945.708665][T13398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 945.708679][T13398] Call Trace: [ 945.708688][T13398] [ 945.708697][T13398] dump_stack_lvl+0x100/0x190 [ 945.708726][T13398] should_fail_ex.cold+0x5/0xa [ 945.708752][T13398] ? __lock_acquire+0x4a5/0x2630 [ 945.708795][T13398] should_failslab+0xc2/0x120 [ 945.708819][T13398] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 945.708872][T13398] ? fdb_create+0x22f/0x1960 [ 945.708921][T13398] fdb_create+0x22f/0x1960 [ 945.708950][T13398] ? lock_acquire+0x1b1/0x370 [ 945.708990][T13398] ? __pfx_fdb_create+0x10/0x10 [ 945.709025][T13398] fdb_add_local+0x155/0x1c0 [ 945.709054][T13398] br_fdb_add_local+0x39/0x60 [ 945.709085][T13398] br_add_if+0xe89/0x1b40 [ 945.709119][T13398] ? __pfx_veth_set_rx_headroom+0x10/0x10 [ 945.709159][T13398] add_del_if+0x114/0x160 [ 945.709195][T13398] br_dev_siocdevprivate+0x8ac/0x1650 [ 945.709235][T13398] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 945.709283][T13398] ? __lock_acquire+0x4a5/0x2630 [ 945.709330][T13398] ? lock_acquire+0x1b1/0x370 [ 945.709373][T13398] ? netdev_name_node_lookup+0x107/0x150 [ 945.709412][T13398] dev_ifsioc+0xc1e/0x1e90 [ 945.709450][T13398] ? __pfx_dev_ifsioc+0x10/0x10 [ 945.709484][T13398] ? __pfx___mutex_lock+0x10/0x10 [ 945.709529][T13398] ? dev_load+0x8e/0x240 [ 945.709560][T13398] ? dev_load+0x8e/0x240 [ 945.709600][T13398] dev_ioctl+0x70e/0x1070 [ 945.709638][T13398] sock_ioctl+0x494/0x6b0 [ 945.709670][T13398] ? __pfx_sock_ioctl+0x10/0x10 [ 945.709699][T13398] ? hook_file_ioctl_common+0x149/0x410 [ 945.709738][T13398] ? __fget_files+0x21f/0x3d0 [ 945.709779][T13398] ? __pfx_sock_ioctl+0x10/0x10 [ 945.709810][T13398] __x64_sys_ioctl+0x18e/0x210 [ 945.709882][T13398] do_syscall_64+0x10b/0xf80 [ 945.709915][T13398] ? clear_bhb_loop+0x40/0x90 [ 945.709944][T13398] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.709968][T13398] RIP: 0033:0x7f404139c819 [ 945.709987][T13398] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 945.710010][T13398] RSP: 002b:00007f4042264028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 945.710032][T13398] RAX: ffffffffffffffda RBX: 00007f4041615fa0 RCX: 00007f404139c819 [ 945.710048][T13398] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 945.710062][T13398] RBP: 00007f4041432c91 R08: 0000000000000000 R09: 0000000000000000 [ 945.710078][T13398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.710156][T13398] R13: 00007f4041616038 R14: 00007f4041615fa0 R15: 00007ffc79fd5138 [ 945.710187][T13398] [ 946.684119][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 946.970704][ T50] Bluetooth: hci4: command 0x040f tx timeout [ 947.558024][T13398] gretap0: failed insert local address bridge forwarding table [ 947.606782][T13398] bridge0: port 3(gretap0) entered blocking state [ 947.613385][T13398] bridge0: port 3(gretap0) entered forwarding state [ 951.943731][ C0] bridge0: port 3(gretap0) entered forwarding state [ 951.951197][ C0] bridge0: topology change detected, propagating [ 955.749033][T13520] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1616'. [ 962.068104][T13560] binder: 13557:13560 ioctl c00c620f 2000000001c0 returned -22 [ 968.575135][T13673] sp0: Synchronizing with TNC [ 969.646079][T13685] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1652'. [ 971.464481][T13696] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1654'. [ 973.794749][T13731] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1663'. [ 976.488738][T13770] FAULT_INJECTION: forcing a failure. [ 976.488738][T13770] name failslab, interval 1, probability 0, space 0, times 0 [ 976.820047][T13770] CPU: 0 UID: 0 PID: 13770 Comm: syz.4.1669 Tainted: G L syzkaller #0 PREEMPT(full) [ 976.820084][T13770] Tainted: [L]=SOFTLOCKUP [ 976.820092][T13770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 976.820106][T13770] Call Trace: [ 976.820113][T13770] [ 976.820127][T13770] dump_stack_lvl+0x100/0x190 [ 976.820156][T13770] should_fail_ex.cold+0x5/0xa [ 976.820186][T13770] should_failslab+0xc2/0x120 [ 976.820209][T13770] __kmalloc_cache_noprof+0x7a/0x6f0 [ 976.820240][T13770] ? percpu_ref_init+0xec/0x3f0 [ 976.820269][T13770] ? __pfx_css_release+0x10/0x10 [ 976.820294][T13770] percpu_ref_init+0xec/0x3f0 [ 976.820322][T13770] cgroup_mkdir+0x2a7/0x1310 [ 976.820356][T13770] ? __pfx_cgroup_mkdir+0x10/0x10 [ 976.820388][T13770] kernfs_iop_mkdir+0x111/0x190 [ 976.820410][T13770] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 976.820454][T13770] vfs_mkdir+0x361/0x850 [ 976.820487][T13770] filename_mkdirat+0x48b/0x5e0 [ 976.820512][T13770] ? __pfx_filename_mkdirat+0x10/0x10 [ 976.820535][T13770] ? strncpy_from_user+0x19d/0x2d0 [ 976.820568][T13770] ? do_getname+0x191/0x390 [ 976.820596][T13770] __x64_sys_mkdir+0x6b/0x90 [ 976.820619][T13770] do_syscall_64+0x10b/0xf80 [ 976.820649][T13770] ? clear_bhb_loop+0x40/0x90 [ 976.820676][T13770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 976.820699][T13770] RIP: 0033:0x7f2766b9c819 [ 976.820717][T13770] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 976.820738][T13770] RSP: 002b:00007f2764df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 976.820758][T13770] RAX: ffffffffffffffda RBX: 00007f2766e15fa0 RCX: 00007f2766b9c819 [ 976.820772][T13770] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000040 [ 976.820785][T13770] RBP: 00007f2766c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 976.820798][T13770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 976.820811][T13770] R13: 00007f2766e16038 R14: 00007f2766e15fa0 R15: 00007ffe0c93cfa8 [ 976.820838][T13770] [ 977.778133][T13793] FAULT_INJECTION: forcing a failure. [ 977.778133][T13793] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 977.823116][T13793] CPU: 0 UID: 0 PID: 13793 Comm: syz.3.1680 Tainted: G L syzkaller #0 PREEMPT(full) [ 977.823154][T13793] Tainted: [L]=SOFTLOCKUP [ 977.823163][T13793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 977.823177][T13793] Call Trace: [ 977.823185][T13793] [ 977.823194][T13793] dump_stack_lvl+0x100/0x190 [ 977.823223][T13793] should_fail_ex.cold+0x5/0xa [ 977.823249][T13793] ? prepare_alloc_pages+0x16d/0x5f0 [ 977.823282][T13793] should_fail_alloc_page+0xeb/0x140 [ 977.823308][T13793] prepare_alloc_pages+0x1f0/0x5f0 [ 977.823340][T13793] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 977.823377][T13793] ? stack_trace_save+0x8e/0xc0 [ 977.823407][T13793] ? __pfx_stack_trace_save+0x10/0x10 [ 977.823437][T13793] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 977.823474][T13793] ? stack_depot_save_flags+0x27/0x9d0 [ 977.823510][T13793] ? find_held_lock+0x2b/0x80 [ 977.823539][T13793] ? is_bpf_text_address+0x8a/0x1a0 [ 977.823574][T13793] ? kasan_save_stack+0x3f/0x50 [ 977.823609][T13793] ? kasan_save_stack+0x30/0x50 [ 977.823643][T13793] ? kasan_save_track+0x14/0x30 [ 977.823677][T13793] ? __kasan_slab_alloc+0x89/0x90 [ 977.823714][T13793] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 977.823747][T13793] ? __pmd_alloc+0xbf/0x950 [ 977.823772][T13793] ? walk_to_pmd+0x3a3/0x4c0 [ 977.823798][T13793] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 977.823834][T13793] ? kcov_mmap+0xca/0x130 [ 977.823861][T13793] ? __mmap_region+0x13e1/0x2dc0 [ 977.823892][T13793] ? mmap_region+0x527/0x620 [ 977.823926][T13793] ? vm_mmap_pgoff+0x29e/0x470 [ 977.823951][T13793] ? __x64_sys_mmap+0x125/0x190 [ 977.823974][T13793] ? do_syscall_64+0x10b/0xf80 [ 977.824007][T13793] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 977.824054][T13793] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 977.824089][T13793] ? policy_nodemask+0xed/0x4f0 [ 977.824114][T13793] alloc_pages_mpol+0x1fb/0x540 [ 977.824139][T13793] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 977.824164][T13793] ? do_raw_spin_lock+0x128/0x260 [ 977.824189][T13793] ? find_held_lock+0x2b/0x80 [ 977.824221][T13793] alloc_pages_noprof+0x1a/0x160 [ 977.824250][T13793] pte_alloc_one+0x1c/0x3d0 [ 977.824284][T13793] __pte_alloc+0x6d/0x3e0 [ 977.824306][T13793] ? __pfx___pte_alloc+0x10/0x10 [ 977.824330][T13793] ? walk_to_pmd+0x302/0x4c0 [ 977.824360][T13793] get_locked_pte+0xa1/0xc0 [ 977.824388][T13793] insert_page+0xcc/0x220 [ 977.824416][T13793] ? __pfx_insert_page+0x10/0x10 [ 977.824442][T13793] ? __pfx_down_read_trylock+0x10/0x10 [ 977.824474][T13793] vm_insert_page+0x2c0/0x400 [ 977.824505][T13793] kcov_mmap+0xca/0x130 [ 977.824537][T13793] __mmap_region+0x13e1/0x2dc0 [ 977.824576][T13793] ? __pfx___mmap_region+0x10/0x10 [ 977.824611][T13793] ? __lock_acquire+0x4a5/0x2630 [ 977.824671][T13793] ? find_held_lock+0x2b/0x80 [ 977.824698][T13793] ? ima_match_policy+0x8c4/0x2350 [ 977.824732][T13793] ? ima_match_policy+0x8c4/0x2350 [ 977.824794][T13793] ? process_measurement+0x4c8/0x2350 [ 977.824868][T13793] mmap_region+0x527/0x620 [ 977.824905][T13793] ? __pfx_mmap_region+0x10/0x10 [ 977.824942][T13793] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 977.824970][T13793] ? cap_mmap_addr+0x4b/0x120 [ 977.824995][T13793] ? bpf_lsm_mmap_addr+0x9/0x30 [ 977.825037][T13793] ? security_mmap_addr+0x71/0x1e0 [ 977.825074][T13793] ? __get_unmapped_area+0x255/0x3e0 [ 977.825104][T13793] do_mmap+0xc63/0x12f0 [ 977.825134][T13793] ? __pfx_do_mmap+0x10/0x10 [ 977.825160][T13793] ? __pfx_down_write_killable+0x10/0x10 [ 977.825206][T13793] vm_mmap_pgoff+0x29e/0x470 [ 977.825237][T13793] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 977.825262][T13793] ? __fget_files+0x215/0x3d0 [ 977.825305][T13793] ? __fget_files+0x21f/0x3d0 [ 977.825348][T13793] ksys_mmap_pgoff+0x3cb/0x610 [ 977.825374][T13793] ? __x64_sys_futex+0x358/0x4d0 [ 977.825398][T13793] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 977.825423][T13793] ? xfd_validate_state+0x129/0x190 [ 977.825445][T13793] ? ksys_write+0x1ac/0x250 [ 977.825487][T13793] __x64_sys_mmap+0x125/0x190 [ 977.825515][T13793] do_syscall_64+0x10b/0xf80 [ 977.825549][T13793] ? clear_bhb_loop+0x40/0x90 [ 977.825578][T13793] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 977.825603][T13793] RIP: 0033:0x7f404139c819 [ 977.825623][T13793] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 977.825647][T13793] RSP: 002b:00007f4042264028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 977.825669][T13793] RAX: ffffffffffffffda RBX: 00007f4041615fa0 RCX: 00007f404139c819 [ 977.825685][T13793] RDX: 0000000000000007 RSI: 00000000003fffff RDI: 0000400000000000 [ 977.825699][T13793] RBP: 00007f4041432c91 R08: 00000000000000dd R09: 0000000000000000 [ 977.825714][T13793] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000 [ 977.825728][T13793] R13: 00007f4041616038 R14: 00007f4041615fa0 R15: 00007ffc79fd5138 [ 977.825758][T13793] [ 979.952621][T13786] binder: 13785:13786 ioctl 40086602 e20 returned -22 [ 982.209165][T13825] binder: 13818:13825 ioctl c00c620f 2000000001c0 returned -22 [ 983.929793][T13859] FAULT_INJECTION: forcing a failure. [ 983.929793][T13859] name failslab, interval 1, probability 0, space 0, times 0 [ 984.129157][T13859] CPU: 0 UID: 0 PID: 13859 Comm: syz.2.1692 Tainted: G L syzkaller #0 PREEMPT(full) [ 984.129193][T13859] Tainted: [L]=SOFTLOCKUP [ 984.129200][T13859] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 984.129213][T13859] Call Trace: [ 984.129221][T13859] [ 984.129229][T13859] dump_stack_lvl+0x100/0x190 [ 984.129256][T13859] should_fail_ex.cold+0x5/0xa [ 984.129284][T13859] should_failslab+0xc2/0x120 [ 984.129305][T13859] __kmalloc_cache_noprof+0x7a/0x6f0 [ 984.129333][T13859] ? percpu_ref_init+0xec/0x3f0 [ 984.129360][T13859] ? __pfx_css_release+0x10/0x10 [ 984.129384][T13859] percpu_ref_init+0xec/0x3f0 [ 984.129409][T13859] cgroup_mkdir+0x2a7/0x1310 [ 984.129442][T13859] ? __pfx_cgroup_mkdir+0x10/0x10 [ 984.129472][T13859] kernfs_iop_mkdir+0x111/0x190 [ 984.129492][T13859] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 984.129523][T13859] vfs_mkdir+0x361/0x850 [ 984.129556][T13859] filename_mkdirat+0x48b/0x5e0 [ 984.129582][T13859] ? __pfx_filename_mkdirat+0x10/0x10 [ 984.129604][T13859] ? strncpy_from_user+0x19d/0x2d0 [ 984.129638][T13859] ? do_getname+0x191/0x390 [ 984.129666][T13859] __x64_sys_mkdir+0x6b/0x90 [ 984.129689][T13859] do_syscall_64+0x10b/0xf80 [ 984.129721][T13859] ? clear_bhb_loop+0x40/0x90 [ 984.129747][T13859] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 984.129770][T13859] RIP: 0033:0x7ff378d9c819 [ 984.129787][T13859] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 984.129816][T13859] RSP: 002b:00007ff379c46028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 984.129837][T13859] RAX: ffffffffffffffda RBX: 00007ff379015fa0 RCX: 00007ff378d9c819 [ 984.129852][T13859] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000040 [ 984.129865][T13859] RBP: 00007ff378e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 984.129878][T13859] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 984.129891][T13859] R13: 00007ff379016038 R14: 00007ff379015fa0 R15: 00007fffb988cd68 [ 984.129922][T13859] [ 987.622958][T13904] binder: 13884:13904 ioctl 40086602 e20 returned -22 [ 990.957134][T13935] binder: 13928:13935 ioctl c00c620f 2000000001c0 returned -22 [ 992.939696][T13958] FAULT_INJECTION: forcing a failure. [ 992.939696][T13958] name failslab, interval 1, probability 0, space 0, times 0 [ 992.995508][T13958] CPU: 0 UID: 0 PID: 13958 Comm: syz.2.1706 Tainted: G L syzkaller #0 PREEMPT(full) [ 992.995546][T13958] Tainted: [L]=SOFTLOCKUP [ 992.995554][T13958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 992.995568][T13958] Call Trace: [ 992.995576][T13958] [ 992.995585][T13958] dump_stack_lvl+0x100/0x190 [ 992.995613][T13958] should_fail_ex.cold+0x5/0xa [ 992.995643][T13958] ? lsm_blob_alloc+0x68/0x90 [ 992.995665][T13958] should_failslab+0xc2/0x120 [ 992.995688][T13958] __kmalloc_noprof+0xe0/0x850 [ 992.995728][T13958] ? audit_alloc+0xa2/0x7b0 [ 992.995769][T13958] lsm_blob_alloc+0x68/0x90 [ 992.995793][T13958] security_task_alloc+0x2a/0x260 [ 992.995831][T13958] copy_process+0x2865/0x7f50 [ 992.995878][T13958] ? __pfx_copy_process+0x10/0x10 [ 992.995926][T13958] ? futex_hash+0x141/0x370 [ 992.995968][T13958] kernel_clone+0x12e/0x9c0 [ 992.995997][T13958] ? __pfx_futex_wait+0x10/0x10 [ 992.996027][T13958] ? __pfx_kernel_clone+0x10/0x10 [ 992.996084][T13958] __do_sys_clone+0xd9/0x120 [ 992.996113][T13958] ? __pfx___do_sys_clone+0x10/0x10 [ 992.996152][T13958] ? ksys_write+0x1ac/0x250 [ 992.996190][T13958] ? rcu_is_watching+0x12/0xc0 [ 992.996217][T13958] do_syscall_64+0x10b/0xf80 [ 992.996248][T13958] ? clear_bhb_loop+0x40/0x90 [ 992.996274][T13958] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 992.996297][T13958] RIP: 0033:0x7ff378d9c819 [ 992.996314][T13958] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 992.996336][T13958] RSP: 002b:00007ff379c45fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 992.996356][T13958] RAX: ffffffffffffffda RBX: 00007ff379015fa0 RCX: 00007ff378d9c819 [ 992.996370][T13958] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020011 [ 992.996383][T13958] RBP: 00007ff378e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 992.996396][T13958] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 992.996409][T13958] R13: 00007ff379016038 R14: 00007ff379015fa0 R15: 00007fffb988cd68 [ 992.996436][T13958] [ 993.567333][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.574597][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 997.003165][T13998] binder: 13985:13998 ioctl c00c620f 2000000001c0 returned -22 [ 998.861517][T14032] ubi: mtd0 is already attached to ubi31 [ 1001.534054][T14073] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1732'. [ 1011.183883][T14166] can: request_module (can-proto-0) failed. [ 1015.236813][T14199] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1762'. [ 1017.082036][T14212] netlink: 'syz.2.1765': attribute type 1 has an invalid length. [ 1017.132209][T14212] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1765'. [ 1017.413797][T14214] FAULT_INJECTION: forcing a failure. [ 1017.413797][T14214] name failslab, interval 1, probability 0, space 0, times 0 [ 1017.474531][T14214] CPU: 0 UID: 0 PID: 14214 Comm: syz.1.1764 Tainted: G L syzkaller #0 PREEMPT(full) [ 1017.474577][T14214] Tainted: [L]=SOFTLOCKUP [ 1017.474585][T14214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1017.474600][T14214] Call Trace: [ 1017.474607][T14214] [ 1017.474615][T14214] dump_stack_lvl+0x100/0x190 [ 1017.474644][T14214] should_fail_ex.cold+0x5/0xa [ 1017.474675][T14214] should_failslab+0xc2/0x120 [ 1017.474698][T14214] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1017.474732][T14214] ? security_inode_alloc+0x3b/0x2c0 [ 1017.474763][T14214] ? lockdep_init_map_type+0x5c/0x250 [ 1017.474807][T14214] security_inode_alloc+0x3b/0x2c0 [ 1017.474838][T14214] inode_init_always_gfp+0xcc0/0x1000 [ 1017.474884][T14214] alloc_inode+0x8e/0x250 [ 1017.474914][T14214] path_from_stashed+0x25b/0x750 [ 1017.474939][T14214] ? do_raw_spin_unlock+0x145/0x1e0 [ 1017.474970][T14214] ns_get_path+0x60/0x80 [ 1017.474999][T14214] proc_ns_get_link+0x121/0x230 [ 1017.475035][T14214] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1017.475074][T14214] ? atime_needs_update+0x8b/0x6b0 [ 1017.475109][T14214] pick_link+0xd17/0x13c0 [ 1017.475142][T14214] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1017.475181][T14214] step_into_slowpath+0x9ba/0xf90 [ 1017.475222][T14214] ? __pfx_step_into_slowpath+0x10/0x10 [ 1017.475257][T14214] ? find_held_lock+0x2b/0x80 [ 1017.475295][T14214] path_openat+0xf95/0x31a0 [ 1017.475326][T14214] ? __pfx_path_openat+0x10/0x10 [ 1017.475360][T14214] do_file_open+0x20e/0x430 [ 1017.475385][T14214] ? __pfx_do_file_open+0x10/0x10 [ 1017.475428][T14214] ? alloc_fd+0x476/0x790 [ 1017.475452][T14214] ? do_getname+0x191/0x390 [ 1017.475483][T14214] do_sys_openat2+0x10d/0x1e0 [ 1017.475513][T14214] ? __pfx_do_sys_openat2+0x10/0x10 [ 1017.475545][T14214] ? __fget_files+0x21f/0x3d0 [ 1017.475594][T14214] __x64_sys_openat+0x12d/0x210 [ 1017.475638][T14214] ? __pfx___x64_sys_openat+0x10/0x10 [ 1017.475673][T14214] ? rcu_is_watching+0x12/0xc0 [ 1017.475703][T14214] do_syscall_64+0x10b/0xf80 [ 1017.475735][T14214] ? clear_bhb_loop+0x40/0x90 [ 1017.475764][T14214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1017.475788][T14214] RIP: 0033:0x7f96e2d5d04e [ 1017.475807][T14214] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1017.475830][T14214] RSP: 002b:00007f96e3bd9ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1017.475852][T14214] RAX: ffffffffffffffda RBX: 00007f96e3bda6c0 RCX: 00007f96e2d5d04e [ 1017.475868][T14214] RDX: 0000000000000002 RSI: 00007f96e3bd9f90 RDI: ffffffffffffff9c [ 1017.475883][T14214] RBP: 00007f96e2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1017.475897][T14214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1017.475911][T14214] R13: 00007f96e3016038 R14: 00007f96e3015fa0 R15: 00007ffef2f3d818 [ 1017.475940][T14214] [ 1018.141694][T14225] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1767'. [ 1018.201764][T14224] bridge0: port 3(gretap0) entered blocking state [ 1018.245865][T14224] bridge0: port 3(gretap0) entered disabled state [ 1018.302450][T14224] gretap0: entered allmulticast mode [ 1018.361988][T14224] gretap0: entered promiscuous mode [ 1018.426358][T14224] FAULT_INJECTION: forcing a failure. [ 1018.426358][T14224] name failslab, interval 1, probability 0, space 0, times 0 [ 1018.439099][T14224] CPU: 0 UID: 0 PID: 14224 Comm: syz.4.1763 Tainted: G L syzkaller #0 PREEMPT(full) [ 1018.439133][T14224] Tainted: [L]=SOFTLOCKUP [ 1018.439142][T14224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1018.439155][T14224] Call Trace: [ 1018.439163][T14224] [ 1018.439172][T14224] dump_stack_lvl+0x100/0x190 [ 1018.439199][T14224] should_fail_ex.cold+0x5/0xa [ 1018.439229][T14224] should_failslab+0xc2/0x120 [ 1018.439252][T14224] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1018.439285][T14224] ? fdb_create+0x22f/0x1960 [ 1018.439315][T14224] fdb_create+0x22f/0x1960 [ 1018.439343][T14224] ? lock_acquire+0x1b1/0x370 [ 1018.439382][T14224] ? __pfx_fdb_create+0x10/0x10 [ 1018.439415][T14224] fdb_add_local+0x155/0x1c0 [ 1018.439443][T14224] br_fdb_add_local+0x39/0x60 [ 1018.439473][T14224] __vlan_add+0x1824/0x2e50 [ 1018.439520][T14224] ? __pfx___vlan_add+0x10/0x10 [ 1018.439558][T14224] nbp_vlan_add+0x258/0x3e0 [ 1018.439592][T14224] nbp_vlan_init+0x373/0x500 [ 1018.439624][T14224] ? __pfx_nbp_vlan_init+0x10/0x10 [ 1018.439661][T14224] ? __local_bh_enable_ip+0x9e/0x120 [ 1018.439689][T14224] ? lockdep_hardirqs_on+0x78/0x100 [ 1018.439722][T14224] ? br_fdb_add_local+0x43/0x60 [ 1018.439748][T14224] ? __local_bh_enable_ip+0x9e/0x120 [ 1018.439780][T14224] br_add_if+0xf79/0x1b40 [ 1018.439813][T14224] ? veth_get_iflink+0x263/0x2c0 [ 1018.439849][T14224] add_del_if+0x114/0x160 [ 1018.439884][T14224] br_dev_siocdevprivate+0x8ac/0x1650 [ 1018.439922][T14224] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1018.439964][T14224] ? do_raw_spin_lock+0x128/0x260 [ 1018.439989][T14224] ? find_held_lock+0x2b/0x80 [ 1018.440017][T14224] ? debug_mutex_remove_waiter+0xa8/0x320 [ 1018.440045][T14224] ? debug_mutex_remove_waiter+0xa8/0x320 [ 1018.440083][T14224] ? netdev_name_node_lookup+0x107/0x150 [ 1018.440116][T14224] ? __mutex_lock+0x838/0x1b10 [ 1018.440153][T14224] dev_ifsioc+0xc1e/0x1e90 [ 1018.440191][T14224] ? __pfx_dev_ifsioc+0x10/0x10 [ 1018.440224][T14224] ? __pfx___mutex_lock+0x10/0x10 [ 1018.440269][T14224] ? dev_load+0x8e/0x240 [ 1018.440301][T14224] ? dev_load+0x8e/0x240 [ 1018.440340][T14224] dev_ioctl+0x70e/0x1070 [ 1018.440378][T14224] sock_ioctl+0x494/0x6b0 [ 1018.440409][T14224] ? __pfx_sock_ioctl+0x10/0x10 [ 1018.440438][T14224] ? hook_file_ioctl_common+0x149/0x410 [ 1018.440477][T14224] ? __fget_files+0x21f/0x3d0 [ 1018.440524][T14224] ? __pfx_sock_ioctl+0x10/0x10 [ 1018.440560][T14224] __x64_sys_ioctl+0x18e/0x210 [ 1018.440596][T14224] do_syscall_64+0x10b/0xf80 [ 1018.440628][T14224] ? clear_bhb_loop+0x40/0x90 [ 1018.440657][T14224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1018.440682][T14224] RIP: 0033:0x7f2766b9c819 [ 1018.440701][T14224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1018.440725][T14224] RSP: 002b:00007f2764dd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1018.440747][T14224] RAX: ffffffffffffffda RBX: 00007f2766e16090 RCX: 00007f2766b9c819 [ 1018.440762][T14224] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 1018.440776][T14224] RBP: 00007f2766c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1018.440790][T14224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1018.440803][T14224] R13: 00007f2766e16128 R14: 00007f2766e16090 R15: 00007ffe0c93cfa8 [ 1018.440832][T14224] [ 1019.136939][T14224] bridge0: failed insert local address into bridge forwarding table [ 1019.232872][T14224] gretap0: failed to initialize vlan filtering on this port [ 1019.247367][T14224] gretap0: left allmulticast mode [ 1019.440361][T14228] sp0: Synchronizing with TNC [ 1020.403289][T14253] FAULT_INJECTION: forcing a failure. [ 1020.403289][T14253] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1020.603130][T14253] CPU: 0 UID: 0 PID: 14253 Comm: syz.4.1775 Tainted: G L syzkaller #0 PREEMPT(full) [ 1020.603164][T14253] Tainted: [L]=SOFTLOCKUP [ 1020.603171][T14253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1020.603184][T14253] Call Trace: [ 1020.603190][T14253] [ 1020.603197][T14253] dump_stack_lvl+0x100/0x190 [ 1020.603223][T14253] should_fail_ex.cold+0x5/0xa [ 1020.603250][T14253] get_futex_key+0x1d2/0x1510 [ 1020.603292][T14253] ? __pfx_get_futex_key+0x10/0x10 [ 1020.603344][T14253] ? __pfx_core_sys_select+0x10/0x10 [ 1020.603390][T14253] futex_wake+0xea/0x530 [ 1020.603419][T14253] ? __pfx_futex_wake+0x10/0x10 [ 1020.603448][T14253] ? poll_select_finish+0x36e/0x670 [ 1020.603483][T14253] ? __pfx_poll_select_finish+0x10/0x10 [ 1020.603519][T14253] do_futex+0x32b/0x350 [ 1020.603540][T14253] ? __pfx_do_futex+0x10/0x10 [ 1020.603568][T14253] __x64_sys_futex+0x34f/0x4d0 [ 1020.603593][T14253] ? __pfx___x64_sys_futex+0x10/0x10 [ 1020.603619][T14253] ? rcu_is_watching+0x12/0xc0 [ 1020.603646][T14253] do_syscall_64+0x10b/0xf80 [ 1020.603677][T14253] ? clear_bhb_loop+0x40/0x90 [ 1020.603703][T14253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1020.603725][T14253] RIP: 0033:0x7f2766b9c819 [ 1020.603742][T14253] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1020.603763][T14253] RSP: 002b:00007f2764db40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1020.603783][T14253] RAX: ffffffffffffffda RBX: 00007f2766e16188 RCX: 00007f2766b9c819 [ 1020.603797][T14253] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2766e1618c [ 1020.603811][T14253] RBP: 00007f2766e16180 R08: 0000000000000001 R09: 0000000000000000 [ 1020.603823][T14253] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1020.603836][T14253] R13: 00007f2766e16218 R14: 00007ffe0c93cec0 R15: 00007ffe0c93cfa8 [ 1020.603863][T14253] [ 1023.736886][T14280] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.1.1779: 7 [ 1025.141879][T14292] FAULT_INJECTION: forcing a failure. [ 1025.141879][T14292] name failslab, interval 1, probability 0, space 0, times 0 [ 1025.206711][T14292] CPU: 0 UID: 0 PID: 14292 Comm: syz.3.1783 Tainted: G L syzkaller #0 PREEMPT(full) [ 1025.206747][T14292] Tainted: [L]=SOFTLOCKUP [ 1025.206755][T14292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1025.206768][T14292] Call Trace: [ 1025.206775][T14292] [ 1025.206783][T14292] dump_stack_lvl+0x100/0x190 [ 1025.206810][T14292] should_fail_ex.cold+0x5/0xa [ 1025.206838][T14292] should_failslab+0xc2/0x120 [ 1025.206859][T14292] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1025.206890][T14292] ? security_inode_alloc+0x3b/0x2c0 [ 1025.206917][T14292] ? lockdep_init_map_type+0x5c/0x250 [ 1025.206957][T14292] security_inode_alloc+0x3b/0x2c0 [ 1025.206993][T14292] inode_init_always_gfp+0xcc0/0x1000 [ 1025.207035][T14292] alloc_inode+0x8e/0x250 [ 1025.207062][T14292] path_from_stashed+0x25b/0x750 [ 1025.207086][T14292] ? do_raw_spin_unlock+0x145/0x1e0 [ 1025.207114][T14292] ns_get_path+0x60/0x80 [ 1025.207136][T14292] proc_ns_get_link+0x121/0x230 [ 1025.207169][T14292] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1025.207204][T14292] ? atime_needs_update+0x8b/0x6b0 [ 1025.207235][T14292] pick_link+0xd17/0x13c0 [ 1025.207265][T14292] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1025.207301][T14292] step_into_slowpath+0x9ba/0xf90 [ 1025.207347][T14292] ? __pfx_step_into_slowpath+0x10/0x10 [ 1025.207376][T14292] ? find_held_lock+0x2b/0x80 [ 1025.207409][T14292] path_openat+0xf95/0x31a0 [ 1025.207436][T14292] ? __pfx_path_openat+0x10/0x10 [ 1025.207465][T14292] do_file_open+0x20e/0x430 [ 1025.207504][T14292] ? __pfx_do_file_open+0x10/0x10 [ 1025.207543][T14292] ? alloc_fd+0x476/0x790 [ 1025.207564][T14292] ? do_getname+0x191/0x390 [ 1025.207592][T14292] do_sys_openat2+0x10d/0x1e0 [ 1025.207619][T14292] ? __pfx_do_sys_openat2+0x10/0x10 [ 1025.207648][T14292] ? __fget_files+0x21f/0x3d0 [ 1025.207686][T14292] __x64_sys_openat+0x12d/0x210 [ 1025.207714][T14292] ? __pfx___x64_sys_openat+0x10/0x10 [ 1025.207746][T14292] ? rcu_is_watching+0x12/0xc0 [ 1025.207773][T14292] do_syscall_64+0x10b/0xf80 [ 1025.207804][T14292] ? clear_bhb_loop+0x40/0x90 [ 1025.207830][T14292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1025.207852][T14292] RIP: 0033:0x7f404135d04e [ 1025.207870][T14292] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1025.207891][T14292] RSP: 002b:00007f4042263ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1025.207912][T14292] RAX: ffffffffffffffda RBX: 00007f40422646c0 RCX: 00007f404135d04e [ 1025.207926][T14292] RDX: 0000000000000002 RSI: 00007f4042263f90 RDI: ffffffffffffff9c [ 1025.207940][T14292] RBP: 00007f4041432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1025.207954][T14292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1025.207966][T14292] R13: 00007f4041616038 R14: 00007f4041615fa0 R15: 00007ffc79fd5138 [ 1025.207999][T14292] [ 1031.763789][T14363] sp0: Synchronizing with TNC [ 1032.258679][T14375] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1801'. [ 1032.396363][T14379] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.2.1802: 7 [ 1037.872730][T14437] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(18) [ 1038.780624][T14444] sp0: Synchronizing with TNC [ 1041.125438][ T29] audit: type=1800 audit(4294968211.442:25): pid=14477 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1825" name="sr0" dev="devtmpfs" ino=2794 res=0 errno=0 [ 1042.256753][T14495] netlink: 'syz.4.1831': attribute type 1 has an invalid length. [ 1042.312072][T14495] netlink: 9 bytes leftover after parsing attributes in process `syz.4.1831'. [ 1042.718759][T14501] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1833'. [ 1042.779990][T14501] veth1_macvtap: left promiscuous mode [ 1042.822601][T14501] macsec0: entered promiscuous mode [ 1042.861586][T14501] macsec0: entered allmulticast mode [ 1047.899206][T14575] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.4.1851: 7 [ 1051.521107][T14617] netlink: 'syz.1.1863': attribute type 1 has an invalid length. [ 1051.575688][T14617] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1863'. [ 1053.854246][T14650] can: request_module (can-proto-0) failed. [ 1054.741367][T14660] netlink: 'syz.2.1872': attribute type 1 has an invalid length. [ 1054.788729][T14660] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1872'. [ 1055.036478][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1055.043099][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.841686][T14684] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1878'. [ 1056.909934][T14686] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1879'. [ 1056.936205][T14686] veth0_macvtap: left promiscuous mode [ 1056.937164][T14686] macvtap0: entered promiscuous mode [ 1056.937184][T14686] macvtap0: entered allmulticast mode [ 1058.073897][T14704] FAULT_INJECTION: forcing a failure. [ 1058.073897][T14704] name failslab, interval 1, probability 0, space 0, times 0 [ 1058.228466][T14702] bridge0: port 3(gretap0) entered blocking state [ 1058.240461][T14704] CPU: 0 UID: 0 PID: 14704 Comm: syz.2.1882 Tainted: G L syzkaller #0 PREEMPT(full) [ 1058.240496][T14704] Tainted: [L]=SOFTLOCKUP [ 1058.240504][T14704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1058.240517][T14704] Call Trace: [ 1058.240524][T14704] [ 1058.240532][T14704] dump_stack_lvl+0x100/0x190 [ 1058.240560][T14704] should_fail_ex.cold+0x5/0xa [ 1058.240608][T14704] should_failslab+0xc2/0x120 [ 1058.240632][T14704] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1058.240668][T14704] ? anon_vma_clone+0x2ba/0xcd0 [ 1058.240702][T14704] anon_vma_clone+0x2ba/0xcd0 [ 1058.240737][T14704] __split_vma+0x51f/0xd90 [ 1058.240772][T14704] ? __pfx___split_vma+0x10/0x10 [ 1058.240819][T14704] vma_modify+0x12ad/0x25c0 [ 1058.240852][T14704] ? finish_task_switch.isra.0+0x210/0x1010 [ 1058.240889][T14704] ? __pfx_vma_modify+0x10/0x10 [ 1058.240920][T14704] ? rcu_is_watching+0x12/0xc0 [ 1058.240945][T14704] ? trace_sched_exit_tp+0x11c/0x160 [ 1058.240992][T14704] vma_modify_flags+0x257/0x3d0 [ 1058.241026][T14704] ? __pfx_vma_modify_flags+0x10/0x10 [ 1058.241082][T14704] mlock_fixup+0x46e/0xb10 [ 1058.241124][T14704] ? __pfx_mlock_fixup+0x10/0x10 [ 1058.241172][T14704] apply_vma_lock_flags+0x256/0x370 [ 1058.241209][T14704] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 1058.241243][T14704] ? __pfx___might_resched+0x10/0x10 [ 1058.241275][T14704] ? __pfx_down_write_killable+0x10/0x10 [ 1058.241317][T14704] ? do_futex+0x192/0x350 [ 1058.241342][T14704] do_mlock+0x261/0x7f0 [ 1058.241379][T14704] ? __pfx_do_mlock+0x10/0x10 [ 1058.241410][T14704] ? __x64_sys_futex+0x34f/0x4d0 [ 1058.241432][T14704] ? __x64_sys_futex+0x358/0x4d0 [ 1058.241457][T14704] ? xfd_validate_state+0x129/0x190 [ 1058.241489][T14704] __x64_sys_mlock+0x59/0x80 [ 1058.241541][T14704] do_syscall_64+0x10b/0xf80 [ 1058.241575][T14704] ? clear_bhb_loop+0x40/0x90 [ 1058.241605][T14704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1058.241629][T14704] RIP: 0033:0x7ff378d9c819 [ 1058.241649][T14704] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1058.241672][T14704] RSP: 002b:00007ff379be3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 1058.241695][T14704] RAX: ffffffffffffffda RBX: 00007ff379016270 RCX: 00007ff378d9c819 [ 1058.241710][T14704] RDX: 0000000000000000 RSI: 0000000000007fff RDI: 0000000000007c88 [ 1058.241725][T14704] RBP: 00007ff378e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1058.241740][T14704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1058.241753][T14704] R13: 00007ff379016308 R14: 00007ff379016270 R15: 00007fffb988cd68 [ 1058.241784][T14704] [ 1058.825771][T14702] bridge0: port 3(gretap0) entered disabled state [ 1058.845881][T14702] gretap0: entered allmulticast mode [ 1058.869496][T14702] FAULT_INJECTION: forcing a failure. [ 1058.869496][T14702] name failslab, interval 1, probability 0, space 0, times 0 [ 1058.912044][T14702] CPU: 0 UID: 0 PID: 14702 Comm: syz.1.1883 Tainted: G L syzkaller #0 PREEMPT(full) [ 1058.912083][T14702] Tainted: [L]=SOFTLOCKUP [ 1058.912092][T14702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1058.912106][T14702] Call Trace: [ 1058.912113][T14702] [ 1058.912122][T14702] dump_stack_lvl+0x100/0x190 [ 1058.912150][T14702] should_fail_ex.cold+0x5/0xa [ 1058.912181][T14702] should_failslab+0xc2/0x120 [ 1058.912204][T14702] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1058.912241][T14702] ? __alloc_skb+0x140/0x710 [ 1058.912282][T14702] __alloc_skb+0x140/0x710 [ 1058.912335][T14702] ? __alloc_skb+0x5b7/0x710 [ 1058.912372][T14702] ? __pfx___alloc_skb+0x10/0x10 [ 1058.912417][T14702] br_vlan_notify+0x15d/0x8a0 [ 1058.912450][T14702] ? nbp_vlan_add+0x2a4/0x3e0 [ 1058.912485][T14702] nbp_vlan_init+0x3f6/0x500 [ 1058.912518][T14702] ? __pfx_nbp_vlan_init+0x10/0x10 [ 1058.912556][T14702] ? __local_bh_enable_ip+0x9e/0x120 [ 1058.912586][T14702] ? lockdep_hardirqs_on+0x78/0x100 [ 1058.912634][T14702] ? br_fdb_add_local+0x43/0x60 [ 1058.912660][T14702] ? __local_bh_enable_ip+0x9e/0x120 [ 1058.912693][T14702] br_add_if+0xf79/0x1b40 [ 1058.912734][T14702] add_del_if+0x114/0x160 [ 1058.912770][T14702] br_dev_siocdevprivate+0x8ac/0x1650 [ 1058.912808][T14702] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1058.912850][T14702] ? do_raw_spin_lock+0x128/0x260 [ 1058.912876][T14702] ? find_held_lock+0x2b/0x80 [ 1058.912904][T14702] ? debug_mutex_remove_waiter+0xa8/0x320 [ 1058.912951][T14702] ? debug_mutex_remove_waiter+0xa8/0x320 [ 1058.912998][T14702] ? netdev_name_node_lookup+0x107/0x150 [ 1058.913033][T14702] ? __mutex_lock+0x838/0x1b10 [ 1058.913073][T14702] dev_ifsioc+0xc1e/0x1e90 [ 1058.913112][T14702] ? __pfx_dev_ifsioc+0x10/0x10 [ 1058.913147][T14702] ? __pfx___mutex_lock+0x10/0x10 [ 1058.913193][T14702] ? dev_load+0x8e/0x240 [ 1058.913226][T14702] ? dev_load+0x8e/0x240 [ 1058.913269][T14702] dev_ioctl+0x70e/0x1070 [ 1058.913308][T14702] sock_ioctl+0x494/0x6b0 [ 1058.913341][T14702] ? __pfx_sock_ioctl+0x10/0x10 [ 1058.913371][T14702] ? hook_file_ioctl_common+0x149/0x410 [ 1058.913411][T14702] ? __fget_files+0x21f/0x3d0 [ 1058.913454][T14702] ? __pfx_sock_ioctl+0x10/0x10 [ 1058.913487][T14702] __x64_sys_ioctl+0x18e/0x210 [ 1058.913523][T14702] do_syscall_64+0x10b/0xf80 [ 1058.913557][T14702] ? clear_bhb_loop+0x40/0x90 [ 1058.913590][T14702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1058.913615][T14702] RIP: 0033:0x7f96e2d9c819 [ 1058.913634][T14702] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1058.913657][T14702] RSP: 002b:00007f96e3bb9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1058.913680][T14702] RAX: ffffffffffffffda RBX: 00007f96e3016090 RCX: 00007f96e2d9c819 [ 1058.913696][T14702] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000009 [ 1058.913711][T14702] RBP: 00007f96e2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1058.913725][T14702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1058.913739][T14702] R13: 00007f96e3016128 R14: 00007f96e3016090 R15: 00007ffef2f3d818 [ 1058.913770][T14702] [ 1059.299159][T14702] bridge0: port 3(gretap0) entered blocking state [ 1059.305736][T14702] bridge0: port 3(gretap0) entered listening state [ 1060.302297][T14718] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1884'. [ 1062.357984][T14739] can: request_module (can-proto-0) failed. [ 1063.560575][T14760] __vm_enough_memory: pid: 14760, comm: syz.1.1895, bytes: 9223372036854775808 not enough memory for the allocation [ 1064.956627][T14769] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1898'. [ 1066.700534][T14794] FAULT_INJECTION: forcing a failure. [ 1066.700534][T14794] name failslab, interval 1, probability 0, space 0, times 0 [ 1066.813549][T14794] CPU: 0 UID: 0 PID: 14794 Comm: syz.4.1905 Tainted: G L syzkaller #0 PREEMPT(full) [ 1066.813599][T14794] Tainted: [L]=SOFTLOCKUP [ 1066.813607][T14794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1066.813622][T14794] Call Trace: [ 1066.813629][T14794] [ 1066.813638][T14794] dump_stack_lvl+0x100/0x190 [ 1066.813666][T14794] should_fail_ex.cold+0x5/0xa [ 1066.813697][T14794] should_failslab+0xc2/0x120 [ 1066.813721][T14794] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1066.813753][T14794] ? single_open+0x4d/0x1d0 [ 1066.813782][T14794] ? __pfx___debugfs_file_get+0x10/0x10 [ 1066.813826][T14794] ? __pfx_edid_show+0x10/0x10 [ 1066.813848][T14794] ? __pfx_edid_open+0x10/0x10 [ 1066.813885][T14794] single_open+0x4d/0x1d0 [ 1066.813918][T14794] full_proxy_open_regular+0x1b6/0x370 [ 1066.813947][T14794] do_dentry_open+0x6d8/0x1660 [ 1066.813987][T14794] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 1066.814021][T14794] vfs_open+0x82/0x3f0 [ 1066.814053][T14794] path_openat+0x208c/0x31a0 [ 1066.814086][T14794] ? __pfx_path_openat+0x10/0x10 [ 1066.814120][T14794] do_file_open+0x20e/0x430 [ 1066.814145][T14794] ? __pfx_do_file_open+0x10/0x10 [ 1066.814189][T14794] ? alloc_fd+0x476/0x790 [ 1066.814213][T14794] ? do_getname+0x191/0x390 [ 1066.814244][T14794] do_sys_openat2+0x10d/0x1e0 [ 1066.814275][T14794] ? __pfx_do_sys_openat2+0x10/0x10 [ 1066.814308][T14794] ? __fget_files+0x21f/0x3d0 [ 1066.814359][T14794] __x64_sys_openat+0x12d/0x210 [ 1066.814391][T14794] ? __pfx___x64_sys_openat+0x10/0x10 [ 1066.814427][T14794] ? rcu_is_watching+0x12/0xc0 [ 1066.814458][T14794] do_syscall_64+0x10b/0xf80 [ 1066.814493][T14794] ? clear_bhb_loop+0x40/0x90 [ 1066.814523][T14794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1066.814547][T14794] RIP: 0033:0x7f2766b9c819 [ 1066.814572][T14794] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1066.814596][T14794] RSP: 002b:00007f2764df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1066.814618][T14794] RAX: ffffffffffffffda RBX: 00007f2766e15fa0 RCX: 00007f2766b9c819 [ 1066.814634][T14794] RDX: 0000000000000400 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1066.814649][T14794] RBP: 00007f2766c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1066.814664][T14794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1066.814678][T14794] R13: 00007f2766e16038 R14: 00007f2766e15fa0 R15: 00007ffe0c93cfa8 [ 1066.814709][T14794] [ 1068.169775][T14805] can: request_module (can-proto-0) failed. [ 1074.883812][ C0] bridge0: port 3(gretap0) entered learning state [ 1077.837690][T14897] netlink: 'syz.3.1928': attribute type 1 has an invalid length. [ 1077.891427][T14897] netlink: 9 bytes leftover after parsing attributes in process `syz.3.1928'. [ 1078.329500][ T50] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 1078.673954][T14908] netlink: 'syz.2.1933': attribute type 4 has an invalid length. [ 1079.410634][T14922] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1079.431588][T14922] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1079.444356][T14922] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1079.459376][T14922] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1079.468668][T14922] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1081.013799][T14913] chnl_net:caif_netlink_parms(): no params data found [ 1081.607320][T14922] Bluetooth: hci1: command tx timeout [ 1081.982981][T14913] bridge0: port 1(bridge_slave_0) entered blocking state [ 1082.039196][T14913] bridge0: port 1(bridge_slave_0) entered disabled state [ 1082.093338][T14913] bridge_slave_0: entered allmulticast mode [ 1082.141484][T14913] bridge_slave_0: entered promiscuous mode [ 1082.211754][T14913] bridge0: port 2(bridge_slave_1) entered blocking state [ 1082.268783][T14913] bridge0: port 2(bridge_slave_1) entered disabled state [ 1082.322103][T14913] bridge_slave_1: entered allmulticast mode [ 1082.412110][T14913] bridge_slave_1: entered promiscuous mode [ 1082.670403][T14913] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1082.768793][T14913] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1083.271151][T14913] team0: Port device team_slave_0 added [ 1083.346133][T14913] team0: Port device team_slave_1 added [ 1083.597383][T14913] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1083.655235][T14913] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1083.706296][T14922] Bluetooth: hci1: command tx timeout [ 1083.863293][T14913] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1083.968899][T14913] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1084.013981][T14913] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1084.186594][T14989] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1943'. [ 1084.197374][T14913] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1084.365201][T14992] binder: 14988:14992 ioctl c018620c 200000000300 returned -22 [ 1084.988325][T14913] hsr_slave_0: entered promiscuous mode [ 1085.033794][T14913] hsr_slave_1: entered promiscuous mode [ 1085.769434][T14922] Bluetooth: hci1: command tx timeout [ 1086.902352][T14913] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1086.978087][T14913] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1087.025552][T14913] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1087.086841][T14913] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1087.185922][T14913] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1087.256194][T14913] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1087.299700][T14913] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1087.366118][T14913] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1087.850295][T14922] Bluetooth: hci1: command tx timeout [ 1088.672066][T14913] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1088.790488][T14913] 8021q: adding VLAN 0 to HW filter on device team0 [ 1088.871879][ T3565] bridge0: port 1(bridge_slave_0) entered blocking state [ 1088.879238][ T3565] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1088.987540][ T3565] bridge0: port 2(bridge_slave_1) entered blocking state [ 1088.994822][ T3565] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1090.125821][T14913] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1090.251652][ C0] bridge0: port 3(gretap0) entered forwarding state [ 1090.258407][ C0] bridge0: topology change detected, propagating [ 1091.585502][T14913] veth0_vlan: entered promiscuous mode [ 1091.950204][T14913] veth1_vlan: entered promiscuous mode [ 1092.267952][T14913] veth0_macvtap: entered promiscuous mode [ 1092.332096][T14913] veth1_macvtap: entered promiscuous mode [ 1092.459208][T14913] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1092.534642][T14913] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1092.665918][ T129] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1092.725366][ T129] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1092.819333][ T129] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1092.878580][ T129] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1093.490877][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1093.548388][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1093.700085][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1093.753907][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1094.012315][T14913] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1097.425940][T15118] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1961'. [ 1101.699802][T15164] tipc: Started in network mode [ 1101.774885][T15164] tipc: Node identity ffffffff, cluster identity 4711 [ 1101.837078][T15164] tipc: Node number set to 4294967295 [ 1105.611303][T15195] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1105.797115][T15195] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1105.939963][T15195] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1106.095443][T15195] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1106.334605][T15195] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1106.981558][T14922] Bluetooth: hci0: command 0x0406 tx timeout [ 1107.860238][T14922] Bluetooth: hci4: command 0x040f tx timeout [ 1108.020527][T14922] Bluetooth: hci1: command 0x0c1a tx timeout [ 1108.098837][T15226] tipc: Started in network mode [ 1108.144739][T15226] tipc: Node identity ffffffff, cluster identity 4711 [ 1108.194783][T15226] tipc: Node number set to 4294967295 [ 1108.775078][T15240] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1988'. [ 1109.055477][T15240] team0: Port device team_slave_0 removed [ 1109.611150][T15247] FAULT_INJECTION: forcing a failure. [ 1109.611150][T15247] name failslab, interval 1, probability 0, space 0, times 0 [ 1109.689542][T15247] CPU: 0 UID: 0 PID: 15247 Comm: syz.4.1989 Tainted: G L syzkaller #0 PREEMPT(full) [ 1109.689588][T15247] Tainted: [L]=SOFTLOCKUP [ 1109.689596][T15247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1109.689611][T15247] Call Trace: [ 1109.689619][T15247] [ 1109.689628][T15247] dump_stack_lvl+0x100/0x190 [ 1109.689659][T15247] should_fail_ex.cold+0x5/0xa [ 1109.689690][T15247] should_failslab+0xc2/0x120 [ 1109.689713][T15247] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1109.689748][T15247] ? security_inode_alloc+0x3b/0x2c0 [ 1109.689779][T15247] ? lockdep_init_map_type+0x5c/0x250 [ 1109.689823][T15247] security_inode_alloc+0x3b/0x2c0 [ 1109.689858][T15247] inode_init_always_gfp+0xcc0/0x1000 [ 1109.689904][T15247] alloc_inode+0x8e/0x250 [ 1109.689934][T15247] alloc_anon_inode+0x2a/0x3e0 [ 1109.689960][T15247] ioctx_alloc+0x4dc/0x21a0 [ 1109.689996][T15247] ? find_held_lock+0x2b/0x80 [ 1109.690026][T15247] ? __pfx_ioctx_alloc+0x10/0x10 [ 1109.690060][T15247] __x64_sys_io_setup+0xc9/0x220 [ 1109.690090][T15247] do_syscall_64+0x10b/0xf80 [ 1109.690124][T15247] ? clear_bhb_loop+0x40/0x90 [ 1109.690154][T15247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1109.690178][T15247] RIP: 0033:0x7f2766b9c819 [ 1109.690198][T15247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1109.690222][T15247] RSP: 002b:00007f2764df6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 1109.690245][T15247] RAX: ffffffffffffffda RBX: 00007f2766e15fa0 RCX: 00007f2766b9c819 [ 1109.690261][T15247] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000007ffe [ 1109.690275][T15247] RBP: 00007f2766c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1109.690290][T15247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1109.690304][T15247] R13: 00007f2766e16038 R14: 00007f2766e15fa0 R15: 00007ffe0c93cfa8 [ 1109.690335][T15247] [ 1110.150297][T15247] FAULT_INJECTION: forcing a failure. [ 1110.150297][T15247] name failslab, interval 1, probability 0, space 0, times 0 [ 1110.228730][T14922] Bluetooth: hci1: command 0x0c1a tx timeout [ 1110.275602][T15247] CPU: 0 UID: 0 PID: 15247 Comm: syz.4.1989 Tainted: G L syzkaller #0 PREEMPT(full) [ 1110.275641][T15247] Tainted: [L]=SOFTLOCKUP [ 1110.275650][T15247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1110.275664][T15247] Call Trace: [ 1110.275672][T15247] [ 1110.275681][T15247] dump_stack_lvl+0x100/0x190 [ 1110.275710][T15247] should_fail_ex.cold+0x5/0xa [ 1110.275742][T15247] should_failslab+0xc2/0x120 [ 1110.275765][T15247] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1110.275802][T15247] ? __alloc_skb+0x140/0x710 [ 1110.275845][T15247] __alloc_skb+0x140/0x710 [ 1110.275880][T15247] ? __alloc_skb+0x5b7/0x710 [ 1110.275916][T15247] ? __pfx___alloc_skb+0x10/0x10 [ 1110.275955][T15247] ? if_nlmsg_size+0x5f6/0xd20 [ 1110.275983][T15247] rtmsg_ifinfo_build_skb+0x81/0x260 [ 1110.276016][T15247] rtmsg_ifinfo+0xa4/0x1b0 [ 1110.276047][T15247] __dev_notify_flags+0x24c/0x2e0 [ 1110.276086][T15247] ? __pfx___dev_notify_flags+0x10/0x10 [ 1110.276121][T15247] ? __dev_change_flags+0x505/0x6f0 [ 1110.276169][T15247] ? __pfx___dev_change_flags+0x10/0x10 [ 1110.276217][T15247] netif_change_flags+0x108/0x160 [ 1110.276259][T15247] dev_change_flags+0xba/0x250 [ 1110.276288][T15247] flags_store+0x187/0x1e0 [ 1110.276325][T15247] ? __pfx_flags_store+0x10/0x10 [ 1110.276361][T15247] ? find_held_lock+0x2b/0x80 [ 1110.276390][T15247] ? sysfs_file_kobj+0xe4/0x290 [ 1110.276420][T15247] ? sysfs_file_kobj+0xe4/0x290 [ 1110.276461][T15247] ? __pfx_flags_store+0x10/0x10 [ 1110.276497][T15247] dev_attr_store+0x58/0x80 [ 1110.276535][T15247] ? __pfx_dev_attr_store+0x10/0x10 [ 1110.276572][T15247] sysfs_kf_write+0xf2/0x150 [ 1110.276605][T15247] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1110.276634][T15247] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1110.276669][T15247] vfs_write+0x6ac/0x1070 [ 1110.276708][T15247] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1110.276738][T15247] ? __pfx_vfs_write+0x10/0x10 [ 1110.276794][T15247] ksys_write+0x12a/0x250 [ 1110.276831][T15247] ? __pfx_ksys_write+0x10/0x10 [ 1110.276871][T15247] ? rcu_is_watching+0x12/0xc0 [ 1110.276906][T15247] do_syscall_64+0x10b/0xf80 [ 1110.276946][T15247] ? clear_bhb_loop+0x40/0x90 [ 1110.276976][T15247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1110.277002][T15247] RIP: 0033:0x7f2766b9c819 [ 1110.277021][T15247] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1110.277045][T15247] RSP: 002b:00007f2764df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1110.277068][T15247] RAX: ffffffffffffffda RBX: 00007f2766e15fa0 RCX: 00007f2766b9c819 [ 1110.277084][T15247] RDX: 0000000000000081 RSI: 0000200000000140 RDI: 0000000000000002 [ 1110.277099][T15247] RBP: 00007f2766c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1110.277113][T15247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1110.277127][T15247] R13: 00007f2766e16038 R14: 00007f2766e15fa0 R15: 00007ffe0c93cfa8 [ 1110.277158][T15247] [ 1112.263072][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 1114.749579][T15285] tipc: Started in network mode [ 1114.797542][T15285] tipc: Node identity ffffffff, cluster identity 4711 [ 1114.867568][T15285] tipc: Node number set to 4294967295 [ 1116.511441][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.520914][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.928688][T15310] zswap: compressor û not available [ 1116.977648][T15316] bridge0: port 3(gretap0) entered blocking state [ 1117.012986][T15316] bridge0: port 3(gretap0) entered disabled state [ 1117.057764][T15316] gretap0: entered allmulticast mode [ 1117.103007][T15316] bridge0: port 3(gretap0) entered blocking state [ 1117.109605][T15316] bridge0: port 3(gretap0) entered listening state [ 1120.035384][T15353] bridge0: port 3(gretap0) entered blocking state [ 1120.132358][T15353] bridge0: port 3(gretap0) entered disabled state [ 1120.177310][T15353] gretap0: entered allmulticast mode [ 1120.216472][T15353] gretap0: entered promiscuous mode [ 1120.251987][T15353] bridge0: port 3(gretap0) entered blocking state [ 1120.258614][T15353] bridge0: port 3(gretap0) entered forwarding state [ 1128.736997][T15457] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2028'. [ 1128.867577][T15459] netlink: 'syz.2.2028': attribute type 1 has an invalid length. [ 1128.975151][T15459] netlink: 51465 bytes leftover after parsing attributes in process `syz.2.2028'. [ 1132.512614][ C0] bridge0: port 3(gretap0) entered learning state [ 1135.245449][T15520] FAULT_INJECTION: forcing a failure. [ 1135.245449][T15520] name failslab, interval 1, probability 0, space 0, times 0 [ 1135.344848][T15520] CPU: 0 UID: 0 PID: 15520 Comm: syz.3.2040 Tainted: G L syzkaller #0 PREEMPT(full) [ 1135.344887][T15520] Tainted: [L]=SOFTLOCKUP [ 1135.344896][T15520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1135.344910][T15520] Call Trace: [ 1135.344918][T15520] [ 1135.344926][T15520] dump_stack_lvl+0x100/0x190 [ 1135.344959][T15520] should_fail_ex.cold+0x5/0xa [ 1135.344990][T15520] ? tomoyo_encode2+0xfb/0x3c0 [ 1135.345027][T15520] should_failslab+0xc2/0x120 [ 1135.345050][T15520] __kmalloc_noprof+0xe0/0x850 [ 1135.345084][T15520] ? d_absolute_path+0x136/0x1b0 [ 1135.345123][T15520] tomoyo_encode2+0xfb/0x3c0 [ 1135.345165][T15520] tomoyo_encode+0x29/0x50 [ 1135.345201][T15520] tomoyo_realpath_from_path+0x18c/0x690 [ 1135.345248][T15520] tomoyo_check_open_permission+0x2af/0x3c0 [ 1135.345283][T15520] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1135.345342][T15520] ? hook_file_open+0x24e/0x7a0 [ 1135.345397][T15520] ? path_get+0x61/0x80 [ 1135.345425][T15520] tomoyo_file_open+0x6b/0x90 [ 1135.345453][T15520] security_file_open+0xb5/0x1e0 [ 1135.345490][T15520] do_dentry_open+0x5aa/0x1660 [ 1135.345531][T15520] ? security_inode_permission+0xbf/0x250 [ 1135.345569][T15520] vfs_open+0x82/0x3f0 [ 1135.345600][T15520] path_openat+0x208c/0x31a0 [ 1135.345633][T15520] ? __pfx_path_openat+0x10/0x10 [ 1135.345667][T15520] do_file_open+0x20e/0x430 [ 1135.345692][T15520] ? __pfx_do_file_open+0x10/0x10 [ 1135.345736][T15520] ? alloc_fd+0x476/0x790 [ 1135.345761][T15520] ? do_getname+0x191/0x390 [ 1135.345792][T15520] do_sys_openat2+0x10d/0x1e0 [ 1135.345822][T15520] ? __pfx_do_sys_openat2+0x10/0x10 [ 1135.345863][T15520] __x64_sys_openat+0x12d/0x210 [ 1135.345899][T15520] ? __pfx___x64_sys_openat+0x10/0x10 [ 1135.345936][T15520] ? rcu_is_watching+0x12/0xc0 [ 1135.345967][T15520] do_syscall_64+0x10b/0xf80 [ 1135.346002][T15520] ? clear_bhb_loop+0x40/0x90 [ 1135.346032][T15520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1135.346057][T15520] RIP: 0033:0x7f404139c819 [ 1135.346077][T15520] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1135.346101][T15520] RSP: 002b:00007f4042264028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1135.346124][T15520] RAX: ffffffffffffffda RBX: 00007f4041615fa0 RCX: 00007f404139c819 [ 1135.346140][T15520] RDX: 0000000000000040 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1135.346155][T15520] RBP: 00007f4041432c91 R08: 0000000000000000 R09: 0000000000000000 [ 1135.346170][T15520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1135.346185][T15520] R13: 00007f4041616038 R14: 00007f4041615fa0 R15: 00007ffc79fd5138 [ 1135.346215][T15520] [ 1135.346247][T15520] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1141.443829][T15590] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 1141.502268][T15590] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 1142.731293][T15598] FAULT_INJECTION: forcing a failure. [ 1142.731293][T15598] name failslab, interval 1, probability 0, space 0, times 0 [ 1142.837149][T15604] random: crng reseeded on system resumption [ 1142.844095][T15598] CPU: 0 UID: 0 PID: 15598 Comm: syz.3.2057 Tainted: G L syzkaller #0 PREEMPT(full) [ 1142.844131][T15598] Tainted: [L]=SOFTLOCKUP [ 1142.844140][T15598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1142.844155][T15598] Call Trace: [ 1142.844163][T15598] [ 1142.844171][T15598] dump_stack_lvl+0x100/0x190 [ 1142.844200][T15598] should_fail_ex.cold+0x5/0xa [ 1142.844232][T15598] should_failslab+0xc2/0x120 [ 1142.844255][T15598] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1142.844295][T15598] ? alloc_empty_file+0x5b/0x1c0 [ 1142.844330][T15598] alloc_empty_file+0x5b/0x1c0 [ 1142.844360][T15598] alloc_file_pseudo+0x13a/0x230 [ 1142.844393][T15598] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1142.844431][T15598] __shmem_file_setup+0x205/0x460 [ 1142.844464][T15598] ? __pfx___shmem_file_setup+0x10/0x10 [ 1142.844497][T15598] ? vm_area_alloc+0x1f/0x160 [ 1142.844532][T15598] shmem_zero_setup+0x96/0x1b0 [ 1142.844571][T15598] __mmap_region+0x2590/0x2dc0 [ 1142.844610][T15598] ? __pfx___mmap_region+0x10/0x10 [ 1142.844656][T15598] ? rcu_is_watching+0x12/0xc0 [ 1142.844683][T15598] ? trace_pelt_se_tp+0x13b/0x190 [ 1142.844734][T15598] ? __lock_acquire+0x4a5/0x2630 [ 1142.844772][T15598] ? do_raw_spin_unlock+0x145/0x1e0 [ 1142.844799][T15598] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1142.844843][T15598] ? find_held_lock+0x2b/0x80 [ 1142.844873][T15598] ? rcu_is_watching+0x12/0xc0 [ 1142.844911][T15598] ? rcu_is_watching+0x12/0xc0 [ 1142.844938][T15598] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 1142.844969][T15598] ? lockdep_hardirqs_on+0x78/0x100 [ 1142.845047][T15598] mmap_region+0x35d/0x620 [ 1142.845083][T15598] ? rcu_is_watching+0x12/0xc0 [ 1142.845109][T15598] ? __pfx_mmap_region+0x10/0x10 [ 1142.845148][T15598] ? cap_mmap_addr+0x4b/0x120 [ 1142.845174][T15598] ? bpf_lsm_mmap_addr+0x9/0x30 [ 1142.845210][T15598] ? security_mmap_addr+0x71/0x1e0 [ 1142.845246][T15598] ? __get_unmapped_area+0x255/0x3e0 [ 1142.845275][T15598] do_mmap+0xc63/0x12f0 [ 1142.845305][T15598] ? __pfx_do_mmap+0x10/0x10 [ 1142.845330][T15598] ? __pfx_down_write_killable+0x10/0x10 [ 1142.845376][T15598] vm_mmap_pgoff+0x29e/0x470 [ 1142.845407][T15598] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1142.845435][T15598] ? do_futex+0x192/0x350 [ 1142.845459][T15598] ? __pfx_do_futex+0x10/0x10 [ 1142.845481][T15598] ? __fget_files+0x21f/0x3d0 [ 1142.845524][T15598] ksys_mmap_pgoff+0xe4/0x610 [ 1142.845549][T15598] ? __x64_sys_futex+0x358/0x4d0 [ 1142.845573][T15598] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1142.845598][T15598] ? xfd_validate_state+0x129/0x190 [ 1142.845634][T15598] __x64_sys_mmap+0x125/0x190 [ 1142.845664][T15598] do_syscall_64+0x10b/0xf80 [ 1142.845697][T15598] ? clear_bhb_loop+0x40/0x90 [ 1142.845728][T15598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1142.845753][T15598] RIP: 0033:0x7f404139c819 [ 1142.845773][T15598] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1142.845812][T15598] RSP: 002b:00007f4042264028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1142.845834][T15598] RAX: ffffffffffffffda RBX: 00007f4041615fa0 RCX: 00007f404139c819 [ 1142.845850][T15598] RDX: 00004000000000df RSI: 0000000000020009 RDI: 0000000000000000 [ 1142.845865][T15598] RBP: 00007f4041432c91 R08: 0000000000000401 R09: 0000000000008000 [ 1142.845879][T15598] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1142.845892][T15598] R13: 00007f4041616038 R14: 00007f4041615fa0 R15: 00007ffc79fd5138 [ 1142.845921][T15598] [ 1144.179214][T15612] futex_wake_op: syz.4.2067 tries to shift op by -2048; fix this program [ 1144.744015][T15626] FAULT_INJECTION: forcing a failure. [ 1144.744015][T15626] name failslab, interval 1, probability 0, space 0, times 0 [ 1144.829873][T15626] CPU: 0 UID: 0 PID: 15626 Comm: syz.4.2061 Tainted: G L syzkaller #0 PREEMPT(full) [ 1144.829912][T15626] Tainted: [L]=SOFTLOCKUP [ 1144.829920][T15626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1144.829933][T15626] Call Trace: [ 1144.829941][T15626] [ 1144.829950][T15626] dump_stack_lvl+0x100/0x190 [ 1144.829981][T15626] should_fail_ex.cold+0x5/0xa [ 1144.830011][T15626] should_failslab+0xc2/0x120 [ 1144.830053][T15626] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1144.830084][T15626] ? trace_pid_list_alloc+0x2fe/0x480 [ 1144.830122][T15626] trace_pid_list_alloc+0x2fe/0x480 [ 1144.830157][T15626] trace_pid_write+0x110/0x460 [ 1144.830190][T15626] ? __pfx_trace_pid_write+0x10/0x10 [ 1144.830238][T15626] event_pid_write.isra.0+0x1e4/0x7d0 [ 1144.830274][T15626] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 1144.830317][T15626] vfs_write+0x2aa/0x1070 [ 1144.830356][T15626] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 1144.830406][T15626] ? __pfx_vfs_write+0x10/0x10 [ 1144.830449][T15626] ? __fget_files+0x215/0x3d0 [ 1144.830494][T15626] ? __fget_files+0x21f/0x3d0 [ 1144.830541][T15626] ksys_write+0x12a/0x250 [ 1144.830579][T15626] ? __pfx_ksys_write+0x10/0x10 [ 1144.830619][T15626] ? rcu_is_watching+0x12/0xc0 [ 1144.830650][T15626] do_syscall_64+0x10b/0xf80 [ 1144.830687][T15626] ? clear_bhb_loop+0x40/0x90 [ 1144.830717][T15626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1144.830742][T15626] RIP: 0033:0x7f2766b9c819 [ 1144.830762][T15626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1144.830785][T15626] RSP: 002b:00007f2764df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1144.830808][T15626] RAX: ffffffffffffffda RBX: 00007f2766e15fa0 RCX: 00007f2766b9c819 [ 1144.830824][T15626] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1144.830839][T15626] RBP: 00007f2766c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1144.830853][T15626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1144.830867][T15626] R13: 00007f2766e16038 R14: 00007f2766e15fa0 R15: 00007ffe0c93cfa8 [ 1144.830898][T15626] [ 1145.796359][T15638] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2062'. [ 1145.844675][T15638] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2062'. [ 1147.535362][T15667] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2068'. [ 1147.633272][T15667] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2068'. [ 1147.880464][ C0] bridge0: port 3(gretap0) entered forwarding state [ 1147.887137][ C0] bridge0: topology change detected, propagating [ 1149.748142][T15693] net_ratelimit: 2 callbacks suppressed [ 1149.748164][T15693] netlink: zone id is out of range [ 1149.808723][T15693] netlink: zone id is out of range [ 1149.836328][T15693] netlink: zone id is out of range [ 1149.953394][T15693] netlink: zone id is out of range [ 1150.222522][T15693] netlink: set zone limit has 8 unknown bytes [ 1150.459785][T15693] netlink: zone id is out of range [ 1150.518787][T15693] netlink: zone id is out of range [ 1150.587667][T15693] netlink: zone id is out of range [ 1150.672093][T15693] netlink: zone id is out of range [ 1150.966987][T15693] netlink: set zone limit has 8 unknown bytes [ 1156.845106][ T50] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 1159.263419][T15751] synth uevent: /devices/virtual/thermal/cooling_device0: unknown uevent action string [ 1159.394713][T15751] thermal cooling_device0: uevent: failed to send synthetic uevent: -22 [ 1159.529271][T15760] synth uevent: /devices/virtual/thermal/cooling_device0: unknown uevent action string [ 1159.683771][T15760] thermal cooling_device0: uevent: failed to send synthetic uevent: -22 [ 1162.047465][ T50] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1163.650811][T15791] netlink: 'syz.4.2088': attribute type 1 has an invalid length. [ 1163.692995][T15791] netlink: 33 bytes leftover after parsing attributes in process `syz.4.2088'. [ 1166.690133][ T50] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1166.753414][T15816] ptrace attach of "./syz-executor exec"[5832] was attempted by ""[15816] [ 1167.951687][T15830] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(16) [ 1168.844244][T15842] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2098'. [ 1173.039978][T15900] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1174.462328][T15914] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input8 [ 1175.521784][T15914] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input9 [ 1176.359074][ T50] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1176.622746][T15935] futex_wake_op: syz.5.2113 tries to shift op by -2048; fix this program [ 1176.687263][T15935] futex_wake_op: syz.5.2113 tries to shift op by -2048; fix this program [ 1177.979329][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.986435][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.779077][T15952] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 1185.611276][T16010] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 1186.305330][T15095] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 1186.539338][T16005] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 1191.022501][ T50] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1197.558235][T16122] sysfs_service_op_show: Client not running :-5: [ 1197.743870][T16133] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2152'. [ 1199.141399][T16141] futex_wake_op: syz.3.2154 tries to shift op by -2048; fix this program [ 1199.281620][T16141] futex_wake_op: syz.3.2154 tries to shift op by -2048; fix this program [ 1201.279728][T16162] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 1201.566295][T16168] zswap: compressor û not available [ 1202.224723][T16158] ACPI Error: Could not disable RealTimeClock events (20251212/evxfevnt-243) [ 1212.670782][T16278] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1212.794809][T16278] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1212.884827][T16278] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1212.948590][T16278] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1213.993531][ T50] Bluetooth: hci0: command 0x0406 tx timeout [ 1214.662232][T16303] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1214.873833][ T50] Bluetooth: hci4: command 0x040f tx timeout [ 1214.954917][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 1217.035770][ T50] Bluetooth: hci1: command 0x0c1a tx timeout [ 1220.236488][ T30] INFO: task syz.1.1895:14758 blocked for more than 143 seconds. [ 1220.259383][ T30] Tainted: G L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1220.293229][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1220.353534][ T30] task:syz.1.1895 state:D stack:26808 pid:14758 tgid:14753 ppid:5838 task_flags:0x400040 flags:0x00080002 [ 1220.440672][ T30] Call Trace: [ 1220.462669][ T30] [ 1220.484598][ T30] __schedule+0x10e9/0x6820 [ 1220.514935][ T30] ? __pfx___schedule+0x10/0x10 [ 1220.551701][ T30] ? find_held_lock+0x2b/0x80 [ 1220.580104][ T30] ? schedule+0x2bf/0x390 [ 1220.609599][ T30] schedule+0xdd/0x390 [ 1220.631221][ T30] schedule_preempt_disabled+0x13/0x30 [ 1220.660941][ T30] __mutex_lock+0xced/0x1b10 [ 1220.689633][ T30] ? fdget_pos+0x2aa/0x380 [ 1220.710078][ T30] ? putname+0xb1/0x110 [ 1220.734571][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 1220.759413][ T30] ? __fget_files+0x215/0x3d0 [ 1220.786385][ T30] ? __fget_files+0x21f/0x3d0 [ 1220.822843][ T30] ? fdget_pos+0x2aa/0x380 [ 1220.845630][ T30] fdget_pos+0x2aa/0x380 [ 1220.868339][ T30] ksys_write+0x71/0x250 [ 1220.931061][ T30] ? __pfx_ksys_write+0x10/0x10 [ 1220.990356][ T30] ? rcu_is_watching+0x12/0xc0 [ 1221.048242][ T30] do_syscall_64+0x10b/0xf80 [ 1221.086777][ T30] ? clear_bhb_loop+0x40/0x90 [ 1221.129141][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1221.178397][ T30] RIP: 0033:0x7f96e2d9c819 [ 1221.207574][ T30] RSP: 002b:00007f96e3b98028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1221.273584][ T30] RAX: ffffffffffffffda RBX: 00007f96e3016180 RCX: 00007f96e2d9c819 [ 1221.323470][ T30] RDX: 000000000000fdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1221.370160][ T30] RBP: 00007f96e2e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 1221.425312][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1221.474139][ T30] R13: 00007f96e3016218 R14: 00007f96e3016180 R15: 00007ffef2f3d818 [ 1221.561676][ T30] [ 1221.586637][ T30] [ 1221.586637][ T30] Showing all locks held in the system: [ 1221.627084][ T30] 1 lock held by khungtaskd/30: [ 1221.709637][ T30] #0: ffffffff8e7e6ce0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1221.809617][ T30] 5 locks held by kworker/u8:13/3565: [ 1221.859975][ T30] #0: ffff8880212d9140 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 1221.942050][ T30] #1: ffffc90007b37d08 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 1222.024198][ T30] #2: ffff8880b8426358 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x124/0x1d0 [ 1222.083314][ T30] #3: ffffffff8e7e6ce0 (rcu_read_lock){....}-{1:3}, at: ieee80211_sta_active_ibss+0xdc/0x420 [ 1222.126564][ T30] #4: ffffffff8e7e6ce0 (rcu_read_lock){....}-{1:3}, at: unwind_next_frame+0xbd/0x2090 [ 1222.174215][ T30] 1 lock held by syz-executor/5837: [ 1222.192175][ T30] #0: ffffffff90628ae0 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1222.229105][ T30] 2 locks held by getty/14461: [ 1222.253522][ T30] #0: ffff8880343960a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1222.307396][ T30] #1: ffffc900032672e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 [ 1222.339900][ T30] 2 locks held by syz.1.1895/14757: [ 1222.363256][ T30] 1 lock held by syz.1.1895/14758: [ 1222.383269][ T30] #0: ffff888079442d30 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 1222.411081][ T30] 2 locks held by syz-executor/14913: [ 1222.428648][ T30] #0: ffffffff90628ae0 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1222.468855][ T30] #1: ffffffff8e7f2828 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1222.492803][ T30] 3 locks held by kworker/0:2/15093: [ 1222.509070][ T30] #0: ffff88813fe6b140 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 1222.542514][ T30] #1: ffffc900042b7d08 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 1222.579543][ T30] #2: ffffffff8e7f26f8 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1222.611138][ T30] 3 locks held by kworker/0:8/15095: [ 1222.638005][ T30] #0: ffff88813fe6b140 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 1222.667794][ T30] #1: ffffc900040d7d08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 1222.699672][ T30] #2: ffffffff8e7f2828 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 1222.738260][ T30] 1 lock held by dhcpcd/16349: [ 1222.744630][ T30] #0: ffff8880893c6260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf50 [ 1222.822403][ T30] [ 1222.839353][ T30] ============================================= [ 1222.839353][ T30] [ 1222.909376][ T30] NMI backtrace for cpu 0 [ 1222.909400][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1222.909431][ T30] Tainted: [L]=SOFTLOCKUP [ 1222.909439][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1222.909452][ T30] Call Trace: [ 1222.909459][ T30] [ 1222.909468][ T30] dump_stack_lvl+0x100/0x190 [ 1222.909497][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1222.909525][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1222.909551][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1222.909587][ T30] sys_info+0x141/0x190 [ 1222.909608][ T30] watchdog+0xd18/0x1040 [ 1222.909647][ T30] ? __pfx_watchdog+0x10/0x10 [ 1222.909678][ T30] ? __kthread_parkme+0x18c/0x230 [ 1222.909712][ T30] ? kthread+0x13a/0x450 [ 1222.909744][ T30] ? __pfx_watchdog+0x10/0x10 [ 1222.909773][ T30] kthread+0x370/0x450 [ 1222.909806][ T30] ? __pfx_kthread+0x10/0x10 [ 1222.909842][ T30] ret_from_fork+0x72b/0xd50 [ 1222.909866][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1222.909892][ T30] ? __switch_to+0x800/0x1100 [ 1222.909923][ T30] ? __switch_to_asm+0x39/0x70 [ 1222.909952][ T30] ? __pfx_kthread+0x10/0x10 [ 1222.909988][ T30] ret_from_fork_asm+0x1a/0x30 [ 1222.910031][ T30] [ 1223.544524][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 1223.551424][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1223.562119][ T30] Tainted: [L]=SOFTLOCKUP [ 1223.566446][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1223.576509][ T30] Call Trace: [ 1223.579801][ T30] [ 1223.582742][ T30] dump_stack_lvl+0x100/0x190 [ 1223.587445][ T30] vpanic+0x552/0x970 [ 1223.591441][ T30] ? __pfx_vpanic+0x10/0x10 [ 1223.595968][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1223.602160][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1223.608332][ T30] panic+0xd1/0xe0 [ 1223.612071][ T30] ? __pfx_panic+0x10/0x10 [ 1223.616596][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1223.622765][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1223.628971][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1223.635144][ T30] ? watchdog.cold+0x1a0/0x1d2 [ 1223.639927][ T30] ? watchdog+0xd28/0x1040 [ 1223.644382][ T30] watchdog.cold+0x1b1/0x1d2 [ 1223.648996][ T30] ? __pfx_watchdog+0x10/0x10 [ 1223.653688][ T30] ? __kthread_parkme+0x18c/0x230 [ 1223.658748][ T30] ? kthread+0x13a/0x450 [ 1223.663013][ T30] ? __pfx_watchdog+0x10/0x10 [ 1223.667708][ T30] kthread+0x370/0x450 [ 1223.671796][ T30] ? __pfx_kthread+0x10/0x10 [ 1223.676407][ T30] ret_from_fork+0x72b/0xd50 [ 1223.681010][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 1223.686136][ T30] ? __switch_to+0x800/0x1100 [ 1223.690833][ T30] ? __switch_to_asm+0x39/0x70 [ 1223.695636][ T30] ? __pfx_kthread+0x10/0x10 [ 1223.700262][ T30] ret_from_fork_asm+0x1a/0x30 [ 1223.705061][ T30] [ 1223.708154][ T30] Kernel Offset: disabled [ 1223.712494][ T30] Rebooting in 86400 seconds..