last executing test programs: 8.785949754s ago: executing program 2 (id=6159): mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x7fff}, 0x5, 0x0, 0x2000000200002, 0x1000008}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) unshare$auto(0x40000080) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x1002, 0x9, 0x4, 0x200000eb0, 0x401, 0x701cf82a) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled\x00', 0x22b42, 0x0) read$auto_ptdump_fops_(0xffffffffffffffff, &(0x7f00000000c0)=""/32, 0x20) sendfile$auto(r2, r2, 0x0, 0x6) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x5, 0x0, 0x0, &(0x7f00000001c0)={[0x1ff, 0x0, 0x7, 0xfff, 0x948b, 0x0, 0x15f4da0a, 0x3, 0x402, 0x62, 0x80000000, 0x4, 0x6d41, 0x4, 0xa, 0xfffffffffffffdfa]}, 0x0) write$auto(r3, &(0x7f0000000400), 0x100000a3d9) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0003, 0x15) pread64$auto(0xffffffffffffffff, 0x0, 0x800003, 0x270) madvise$auto_MADV_SEQUENTIAL(0x8, 0x2, 0x2) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) 7.048515699s ago: executing program 0 (id=6169): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x321040, 0x0) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f0000000100)=""/147, 0x93) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x7, 0x2, 0x304) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x28, 0x0, 0x808) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), 0xffffffffffffffff) pipe2$auto(&(0x7f0000000040)=r0, 0xaf) 6.655227058s ago: executing program 0 (id=6171): r0 = prctl$auto(0x23, 0x2, 0x7fffffffefff, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000006640), 0x2, 0x0) read$auto(r1, &(0x7f0000000080)='/dev/cpu_dma_latency\x00', 0x86c1) r2 = bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, r1, 0x8201, 0x8, 0x0, 0xc, 0xe3, 0x4e, 0x3}, 0x6f4) r5 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000000), 0x480, 0x0) epoll_ctl$auto_EPOLL_CTL_ADD(r2, 0x1, r5, &(0x7f0000000040)={0xffff8000, 0x7}) r6 = socket(0x10, 0x3, 0x6) r7 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="06ff0000", @ANYRES16=r7, @ANYBLOB="01002dbd7000ffdbdf25050000000c00010007000000000000000c00010004000000000000000c00010040000000000000000c00010004000000000000000c0001000000000200000000"], 0x50}, 0x1, 0x0, 0x0, 0x4048081}, 0x0) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r9 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="c0090000", @ANYRES16=r8, @ANYBLOB="131f2cbd700023723ab36bf877ac08000300", @ANYRES32=r10], 0x9c0}, 0x1, 0x0, 0x0, 0x2400c884}, 0x20040894) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ip6_vti0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'bridge_slave_0\x00', 0x0}) sendmsg$auto_NETDEV_CMD_BIND_RX(r4, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x40200004}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="90000000", @ANYRES16=r7, @ANYBLOB="000026bd7000fddbdf250d0000003400028008000300080000000800030000000000080001000700000008000300020000000800010006000000080003000200000014000280080001000300000008000100ffffffff08000300", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="08000300", @ANYRES32=r5, @ANYBLOB="0c00028008000300b0b7000008000100", @ANYRES32=r11, @ANYBLOB="08000100", @ANYRES32=r12, @ANYBLOB="9d61e9ad080bd8a2759b73f154d604e096319df724f3650080dcf069e2841d07aff2aa1fe6121f52d675b19990390e8e52"], 0x90}, 0x1, 0x0, 0x0, 0x4}, 0x4010) mmap$auto(0x0, 0x40009, 0x80000000df, 0x9b72, 0x7, 0x28000) r13 = open(&(0x7f0000000040)='./file0\x00', 0x2041, 0xfa) write$auto(r13, 0x0, 0xfffffdf1) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={r3, 0x4, 0x200, 0xc, 0x24, 0x101, r13, 0x0, 0x5}, 0x4f4) r14 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) sendfile$auto(r14, r14, 0x0, 0x7fffe000) mprotect$auto(0x0, 0x8000000000000001, 0x8) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) r15 = socket$nl_generic(0x10, 0x3, 0x10) r16 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r15) ioctl$sock_SIOCGIFINDEX(r15, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) r17 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r17, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r16, @ANYBLOB="010026bd7000fcdbdf25210000000400bf0004007a8008005700060000008b0f5448d7e8905800f0b8686b1e2c7ea96f6fdad0bf05bc6a6cb1ecadf8d319b1d78d3ed79d58540fceaca76bec05fa60ce74175abd3b72ffa4e8cf6355287ccb5963b6ba19428e3473a7"], 0x24}, 0x1, 0x0, 0x0, 0x41}, 0x20020001) 5.72459043s ago: executing program 0 (id=6178): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0x8, 0x2, @_sigchld={0x0, 0x0, 0x401, 0x5, 0x3}}}) (async) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) (async) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/block/nbd14/sched/write1_fifo_list\x00', 0x19be42, 0x0) (async) unshare$auto(0x8) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/transparent_hugepage/khugepaged/pages_collapsed\x00', 0x109080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001540)=""/104, 0x68) (async) socket(0x10, 0x5, 0x0) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x108000) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) (async) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) (async) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0xb) madvise$auto(0xfffffffffffffffa, 0x9, 0x19) (async) madvise$auto(0x0, 0x2003f2, 0x15) (async) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), r3) (async) r4 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r4, 0x65, 0x6, 0xffffffffffffffff, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 5.513825298s ago: executing program 3 (id=6179): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) ioctl$auto_BLKRRPART(0xffffffffffffffff, 0x125f, 0x700000000000000) r0 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x6, 0x1, 0x9, 0x7, 0x3b, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb2, 0x9, 0x3, 0xfffc, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1000000001, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x9, 0x0, 0x0, 0x0, 0x7]}, 0x202, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) acct$auto(0x0) r1 = socket(0x10, 0x3, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4a4b01, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000a3d9) mmap$auto(0xf0, 0x400009, 0xdf, 0x9b72, r1, 0x8000) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES2(r3, 0x4008af25, &(0x7f0000000080)=0x2) socket(0xa, 0x5, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) close_range$auto(0x2, r4, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_GET_MSRS(r4, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x400000b5, 0x2, 0x6}]}) msync$auto(0x7, 0x8, 0x400000004) open(0x0, 0x163340, 0x2c) ioctl$auto_TIOCVHANGUP2(0xffffffffffffffff, 0x5437, &(0x7f0000000280)="34516f7276dfaacf46facb8323edc3f98472075577769a1f838e20ecf400bfb58bb5") prctl$auto(0x35, 0x0, 0x8, 0x0, 0x400) prctl$auto(0x34, 0x0, 0x0, 0x3999, 0x3ff) 4.802806402s ago: executing program 3 (id=6181): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/fs/nfs/net/nfs_client/identifier\x00', 0x82942, 0x0) alarm$auto(0xe4a) ioctl$auto_TUNGETIFF2(0xffffffffffffffff, 0x800454d2, &(0x7f0000000000)=0x1ff) mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x200000000008000) setitimer$auto(0x2, &(0x7f0000000040)={{0x0, 0x5}, {0x0, 0x8}}, 0x0) mbind$auto(0x7, 0x100000004, 0xfffffffd, 0x0, 0xa, 0x2) getitimer$auto_ITIMER_PROF(0x2, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0) unshare$auto(0x40000080) socket(0x23, 0x800, 0xfffff000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) setsockopt$auto(r0, 0x6, 0x1f, 0x0, 0x3a) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, 0x0, 0x24008000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x1) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) madvise$auto(0x0, 0x240007, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x43, 0x9, 0x5) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) 4.382387977s ago: executing program 2 (id=6183): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/binder/parameters/stop_on_user_error\x00', 0x2, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)='8', 0x1) ioperm$auto(0x52, 0x9, 0xe2e7) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) pselect6$auto(0x8, &(0x7f0000000100)={[0xe, 0x5, 0x6, 0x8000, 0x9, 0x8000, 0x1ff, 0x10, 0x10000, 0x5, 0x7f, 0x10, 0xff, 0x2, 0x0, 0x6]}, &(0x7f0000000180)={[0x6, 0xa0, 0x2, 0x9, 0x5cf, 0x8, 0x7, 0xbbdb, 0xfffffffffffffffe, 0x0, 0x8, 0x0, 0x10000, 0x5, 0x2, 0x5]}, &(0x7f0000000200)={[0x1, 0xfffffffffffffffc, 0x100000001, 0x1, 0x5, 0x6, 0x4, 0x8000000000000001, 0x6, 0x5, 0x0, 0x40, 0x1e6, 0x4000000000000000, 0xd211, 0xffffffffffffffff]}, &(0x7f0000000000)={0x8001, 0x9}, &(0x7f0000000280)="72d48164b6b13485a869ea9dd66c6445900fa6fa213654b65a51a841f0ea0d75a8ebef5cdf57b263db7c618aace7eee0982afe722868e699f8f6d4f232f728e967fb496092f821508d4e1397179689e4f51521a440e8b10aab51c1ed02555d2af870e0aa1d187dbbc6dcd12828cdf0162c5d7b") mmap$auto(0x0, 0x9, 0xffb, 0x8000000008012, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_ADDR_LEGACY_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000007a00)={0x14, r2, 0x1, 0x70bd29, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x24044081}, 0x24000800) 4.093296093s ago: executing program 0 (id=6184): syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xb, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x3, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000280)={0x9, 0xffffff93, 0x0}) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/bus/input/handlers\x00', 0x20400, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r3 = pidfd_open$auto(0x1, 0x0) setns(r3, 0x60020000) getcwd$auto(0x0, 0xffffffffffffffff) fsconfig$auto_XFS_DAX_ALWAYS(r2, 0x8, &(0x7f0000000580)='!%*(){\'^\'@(\x05^s%^$:\x00', &(0x7f00000005c0)="4c4d460fb5e00fd89f944644e15f39e8a38c5ac48bacf303827d32bf82637f101479f01975a366fc9c02d00a87798d32d458d2a0bb3c58c4072d0f8a01ad9d607afca875b56ef81cb81a9b4a0af699d7189b4d452da3e2bdf7b1301f06acd63fc2f5bffa3b91b0781ec1b53ee6beccfe72063845cca7a614afac441d9f11", 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/radio0\x00', 0x100, 0x0) bpf$auto_BPF_MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)=@bpf_attr_5={@target_fd=r4, r4, 0x9, 0x80, r5, @relative_id=0x4, 0x6}, 0x1) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xcfk', 0x81) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xdcfaeb3549df84fd, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) pread64$auto(r1, 0x0, 0x8, 0x8000) 3.954359694s ago: executing program 2 (id=6185): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0xa, 0x801, 0x84) r0 = io_uring_setup$auto(0x4, 0x0) r1 = getpgid(0x0) r2 = pidfd_open$auto(r1, 0xfffffffd) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000040), 0x119543, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x11, 0xffffffffffffffff, 0x7fff) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f00000000c0)='./file0\x00', 0x22240, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(r0, r2, 0x7ff) io_uring_setup$auto(0x20, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) mmap$auto(0xfffffffffffffffc, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x70, 0xdf, 0x9b72, 0x2, 0x80000000008000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x3, 0xff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x4f1, 0x1) fanotify_mark$auto(0x0, 0x80, 0x4, 0x3, 0x0) r3 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$auto(r3, 0x11, 0x64, 0x0, 0x7) socket(0x1e, 0x1, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) 3.359721128s ago: executing program 3 (id=6186): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) pidfd_send_signal$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, 0xffff, 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3) accept$auto(r2, 0x0, 0x0) mount$auto(&(0x7f0000000180)='pim6reg\x00', 0x0, &(0x7f0000000240)='/proc/thr^Id-3elf/fail-nth\x00', 0x4, &(0x7f0000000280)) read$auto(0xffffffffffffffff, 0x0, 0x4) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/cmdline\x00', 0x481, 0x0) setresuid$auto(0x0, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GET2(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, r4, 0x1, 0x70bd29, 0x25dfdbfc, {}, [@NET_SHAPER_A_IFINDEX={0x8, 0x8, r6}]}, 0x1c}, 0x1, 0x0, 0x0, 0x60040010}, 0x10) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x866d, 0x7fff, 0x9) timer_create$auto(0x7, 0x0, &(0x7f0000000140)=0x6) 3.070104859s ago: executing program 0 (id=6187): mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x7fff}, 0x5, 0x0, 0x2000000200002, 0x1000008}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) unshare$auto(0x40000080) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x1002, 0x9, 0x4, 0x200000eb0, 0x401, 0x701cf82a) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/enabled\x00', 0x22b42, 0x0) read$auto_ptdump_fops_(0xffffffffffffffff, &(0x7f00000000c0)=""/32, 0x20) sendfile$auto(r2, r2, 0x0, 0x6) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0x5, 0x0, 0x0, &(0x7f00000001c0)={[0x1ff, 0x0, 0x7, 0xfff, 0x948b, 0x0, 0x15f4da0a, 0x3, 0x402, 0x62, 0x80000000, 0x4, 0x6d41, 0x4, 0xa, 0xfffffffffffffdfa]}, 0x0) write$auto(r3, &(0x7f0000000400), 0x100000a3d9) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="010027bd7000fbdbdf2504000000080017000800000004001e"], 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) madvise$auto(0x0, 0xffffffffffff0003, 0x15) pread64$auto(0xffffffffffffffff, 0x0, 0x800003, 0x270) madvise$auto_MADV_SEQUENTIAL(0x8, 0x2, 0x2) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x2, 0x1000, 0x0, 0x0) 2.730360333s ago: executing program 2 (id=6190): unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8802, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x15, 0x5, 0x0) r2 = socket(0x1d, 0x2, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = getsockopt$auto(r2, 0x6a, 0x2, 0x0, 0x0) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC2\x00', 0x100, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) sendmsg$auto_NL80211_CMD_COLOR_CHANGE_REQUEST(r2, &(0x7f00000006c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000680)={&(0x7f0000000340)={0x32c, 0x0, 0x400, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_MAX_HW_TIMESTAMP_PEERS={0x6, 0x143, 0x8}, @NL80211_ATTR_SUPPORT_MESH_AUTH={0x4}, @NL80211_ATTR_CQM={0x230, 0x5e, 0x0, 0x1, [@typed={0x8, 0x69, 0x0, 0x0, @fd=r3}, @nested={0xb1, 0x92, 0x0, 0x1, [@generic="189b4d35f18065c9944e10231f595f3551a9fc3dcc19cd2383c31c33a25c121c440262f33912d7f7fe95b8a776adc8bfe6bb4f52f034613138b19e4626e267f9b07356e230f7e1407f6edbaa29680a47a67d1badb6a62900ece2282ea908a9668ef7076a40211ff791276e05c2694dc7fa41764597482eb818b7c8c29283ed44e3b158ef0a11a72ff5445b73740aab23c1", @typed={0x8, 0xd9, 0x0, 0x0, @fd=r1}, @typed={0x14, 0x140, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}]}, @generic, @nested={0x71, 0x122, 0x0, 0x1, [@nested={0x4, 0x3b}, @typed={0x18, 0x17, 0x0, 0x0, @binary="de4ae876f42ececc76bb4b8c007e05431936fa17"}, @typed={0x14, 0x15c, 0x0, 0x0, @ipv6=@private0}, @nested={0x4, 0x12a}, @generic="e53750b9581b9f3de439830f35b2a7f7173093f2e256ac9ac3e28dabe6d77ff935f3375b20066e8026", @nested={0x4, 0x5c}, @nested={0x4, 0x108}, @nested={0x4, 0x7}, @nested={0x4, 0x31}]}, @nested={0xf4, 0xf8, 0x0, 0x1, [@generic="1d1de14cad027f8f6eb65a8eec6eb6883539b460a5bfa7cf9265e566014e92d923c0d9e7aadc837d0185e773fa51d59ea4cbc0614a9fa0cf6e0f23e0fff908de41d3370b38be6025d2fef764fec0fc228c8a248f1dd23a3ab2ed9249ab87b993472deec67c2aab19567fc8f54dc1", @nested={0x4, 0x18}, @generic="abe7b8d580f01224e9f6d454734ddc470d263f8e0f1f4feb16855aba9469722f0922f7dd068313dfe9ffe704a0992c11707923ea80b4e390742d4fb29976c4302cde4240736f48e7f8d40d11af6ccd0a591391ba5558187c64920c0dd00444f994d1c2c5116f8bb46b6361d6042606d237bf7cb2321e", @typed={0x8, 0xf9, 0x0, 0x0, @uid}]}, @typed={0x8, 0x109, 0x0, 0x0, @pid}]}, @NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_MPATH_NEXT_HOP={0xcc, 0x1a, "71cc8f8d2593054c7f7184b88d2980083b88f018f5b5587410d2e1dde3e5e488070994285cded744236f39281a9d38ef3a863e372c783d562f8a391e68a416c1dfa45a1320927a8b5ca2c852f57e49cc2ac51787144c19539242da2f0b3d23f0179852700212dec067bf9c382a7fdc42ea9cf2ee552d79adbb1426b579ea65e4538ee7e5eb245b9a65a7394a036b1dcd0deabbed40d5b7100ef05fa38556a3f0843344f7195c368383a64964a7809f9b3e3b647ece1600ff2676fff0e3705ce18c306ab142d3dbe4"}, @NL80211_ATTR_AIRTIME_WEIGHT={0x6, 0x112, 0x4}, @NL80211_ATTR_DISABLE_EHT={0x4}]}, 0x32c}, 0x1, 0x0, 0x0, 0x4000040}, 0x20008000) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001a40), r5) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000001a80)={'wg2\x00'}) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(r5, &(0x7f0000002f40)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24040000}, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r7 = ioctl$auto_dma_heap_fops_dma_heap(r6, 0xffffffffffdffe00, &(0x7f0000000140)=';') openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001a80)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r4, 0x3) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r8 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec2\x00', 0x101000, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r8, 0xc05c6104, &(0x7f00000000c0)={"58f99464", 0x8, 0x6, 0x1, 0x3, 0x5, "4bb69ec4b3f4c14539898e4c5682f5", "347f00", "a630df9d", "a0ed9959", ["cd9196b8fe1a8a7eb90401a9", "2f9c30017721de33c560b95a", "d3fe6c55a78d6932211c9b69", "ea334f1f1e5e27a1320d6edb"]}) getdents64$auto(r8, &(0x7f0000000040)={0xfedd, 0x4, 0x3, 0x5a, "4a816c23b5830604fa7fc7769b97b2005f379620818d6683ea3bf44f34aaceb64edb59e1202fda8c70e6fd"}, 0x5) epoll_create$auto(0x8800001) epoll_ctl$auto(r0, 0x1, r7, 0x0) writev$auto(r0, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) 2.384154802s ago: executing program 3 (id=6191): unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x14, r1, 0x301, 0x70bd29, 0x25dfdc02}, 0x14}, 0x1, 0x60000000, 0x0, 0x40}, 0x8040) 1.858123739s ago: executing program 1 (id=6194): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card1/pcm1p/sub4/hw_params\x00', 0xc0000, 0x0) statx$auto(0x2, 0x0, 0xffd, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3, 0x1ff, 0x1001, 0x5, 0x717e, 0x0, 0x7, 0x200000000000003, 0xd, 0x2, 0x80001, 0x4, 0x1ffffffffffd, 0xb5, 0xfffffffffffffffe, 0x7, 0x10002, 0x7f, 0x2a2, 0x5, 0xa, 0x22000, 0x200, 0x4, 0x84, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, [0x56, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x46, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, 0x400, 0x0, 0x0, 0x200000000000000, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x8000000, 0x80000001, 0xffffffffffffffff, 0x3]}, 0x1fe, 0xd) r2 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$auto__ctl_fops_dm_ioctl(0xffffffffffffffff, 0xfffffffffffffd03, &(0x7f0000000480)="66c15b032d163cbabb3b7b9d78817eaf054a73730e10ac8f0e17ccf39afb31106959fe1d85488f1e288591080ac92f52dc60ec59ec0c27756bc9d6444c6ccdf2833bb4d3de04b62ef6c85c905598e286054801b00266ab142ec9f6acd61eeb19bdbb0aa317534bc9f60c28fec2f57839f0a0740e349f782ab2a48b056c2d8e896ca2676f33492b9137caff1c2a3da5062248895040e58b25de735f10b07a451281fe0d51afb627671cda0bab9e92") connect$auto(0x3, &(0x7f00000018c0)=@ethernet={0x1, @remote}, 0x8) mmap$auto(0x0, 0x400005, 0xe2, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xd, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000040), r1) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x800, 0x0) ioctl$auto_TIOCSWINSZ2(r4, 0x5414, &(0x7f0000000400)="36388d690040e3ad266fc1da89d4ba34678412137487940d200ad53908f1303e03c69b5d48dad8861869e24925eeddb95e6256d631666e8a4f92f37cbe5b71d9c633e0289609fc0e48daa66a15b239") ioctl$auto(0xffffffffffffffff, 0x80a86f3d, r2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/tty/ptybd/dev\x00', 0x2440, 0x0) read$auto(r5, 0x0, 0x20) writev$auto(0x3, 0x0, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SUBDIVIDE(r6, 0xc0045009, &(0x7f0000000040)) mbind$auto(0x2000, 0x100000004, 0x2, 0x0, 0x1000, 0x2) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) 1.680635881s ago: executing program 3 (id=6195): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0x404002, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000040), r1) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='Z', 0x1) mmap$auto(0x0, 0x7ff, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0xfffffffffffffffe, 0x1400009, 0x8000e2, 0x9b72, r0, 0x8000) r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c5041, 0x0) write$auto_fuse_dev_operations_fuse_i(r2, &(0x7f0000000440)="1100000007f40000000600000000000001", 0x11) ioctl$auto_USBDEVFS_SUBMITURB32(r1, 0x802c550a, &(0x7f00000002c0)=ANY=[@ANYRESOCT=r0]) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = prctl$auto(0x23, 0xce, 0x7fffffffefff, 0x0, 0x205) mseal$auto(0x0, 0x7dda, 0x0) setsockopt$auto(0xffffffffffffffff, 0x110, 0xef, 0x0, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x8009b72, 0x2, 0x9000) close_range$auto(0x0, 0x5, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv4/neigh/vxcan1/retrans_time_ms\x00', 0x2000, 0x0) write$auto_fuse_dev_operations_fuse_i(r3, &(0x7f00000000c0)="737c49847cfef3aca89befe1", 0xc) read$auto(r5, 0x0, 0x1ff) close_range$auto(0xffffffffffffffff, r5, 0xffffffff) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x400000, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(r0, 0x85, r4) brk$auto(0x7fffffffafff) brk$auto(0x7fffffffefff) unshare$auto(0x40000080) unshare$auto(0x1) 1.668418488s ago: executing program 2 (id=6196): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8002) r1 = socket(0xf, 0x3, 0x3a) close$auto(r1) r2 = io_uring_setup$auto(0x6, 0x0) close_range$auto(r2, r0, 0x80000001) io_uring_register$auto(r1, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x1, 0x4, 0xfffffffffffffffb) prctl$auto(0x59616d61, 0xffffffffffffffff, 0x1, 0xfffffffffffffffb, 0xffffffffffffffe5) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r4, 0xc0045006, &(0x7f00000001c0)) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r5, 0x5001, 0x0) read$auto(r3, 0x0, 0x4) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) socket(0x22, 0x5, 0xf) sendfile$auto(r3, r6, 0x0, 0x1000200) mmap$auto(0x0, 0x5, 0x4000, 0xeb1, r6, 0x8001) mmap$auto(0xfffffffffffffff5, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) process_madvise$auto_PIDFD_SELF_THREAD(0xffffffffffffd8ef, 0x0, 0x0, 0xdec, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/cuse\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x2, 0x801, 0x106) 1.104448897s ago: executing program 1 (id=6197): syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xb, 0x940, 0x1ffde, 0x3, 0x6, 0x2, 0x9, 0x5, 0x3, 0x4, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x5]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000280)={0x9, 0xffffff93, 0x0}) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/bus/input/handlers\x00', 0x20400, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) r3 = pidfd_open$auto(0x1, 0x0) setns(r3, 0x60020000) getcwd$auto(0x0, 0xffffffffffffffff) fsconfig$auto_XFS_DAX_ALWAYS(r2, 0x8, &(0x7f0000000580)='!%*(){\'^\'@(\x05^s%^$:\x00', &(0x7f00000005c0)="4c4d460fb5e00fd89f944644e15f39e8a38c5ac48bacf303827d32bf82637f101479f01975a366fc9c02d00a87798d32d458d2a0bb3c58c4072d0f8a01ad9d607afca875b56ef81cb81a9b4a0af699d7189b4d452da3e2bdf7b1301f06acd63fc2f5bffa3b91b0781ec1b53ee6beccfe72063845cca7a614afac441d9f11", 0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r5 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/radio0\x00', 0x100, 0x0) bpf$auto_BPF_MAP_UPDATE_BATCH(0x1a, &(0x7f00000006c0)=@bpf_attr_5={@target_fd=r4, r4, 0x9, 0x80, r5, @relative_id=0x4, 0x6}, 0x1) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xcfk', 0x81) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xdcfaeb3549df84fd, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) pread64$auto(r1, 0x0, 0x8, 0x8000) 812.033926ms ago: executing program 1 (id=6198): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) bpf$auto_BPF_MAP_UPDATE_BATCH(0x1a, &(0x7f0000000100)=@link_create={@prog_fd=r0, @target_ifindex, 0x5, 0x7, @tracing={0x7fffffff, 0xa184}}, 0x400) r2 = epoll_create$auto(0x3e) epoll_ctl$auto(r2, 0x1, r1, 0x0) ioctl$auto_EVIOCREVOKE(r2, 0x40044591, &(0x7f00000001c0)=0x8001) read$auto_proc_pid_set_comm_operations_base(r2, &(0x7f0000000000)=""/250, 0xfa) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 602.727348ms ago: executing program 1 (id=6199): r0 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x440000, 0x0) epoll_create$auto(0x4) flistxattr$auto(0x3, 0x0, 0x3) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) rename$auto(&(0x7f0000000180)='.\x00', &(0x7f0000000300)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)') read$auto(r1, 0x0, 0x20) close_range$auto(r0, r1, 0xffffffc0) r2 = socket(0x2, 0x1, 0x106) setsockopt$auto(r2, 0x1, 0x21, 0x0, 0x9) r3 = syz_clone(0x80040000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r3, 0x4, 0x7ff) fcntl$auto_F_RDLCK(r0, 0x1, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x48, 0x80000000fffffffd, 0xfbc, 0x0, 0x0, 0x0, 0x6, 0x6, 0x8, 0x5, 0x7fffffff, 0x0, 0xffffffff80000000, 0x5, 0x61, 0x9}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) ptrace$auto_PTRACE_OLDSETOPTIONS(0x4212, r3, 0x7ffffffe, 0xf) 404.680178ms ago: executing program 1 (id=6200): epoll_create1$auto(0x8) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = socket(0x15, 0x5, 0x0) getsockopt$auto(r0, 0x114, 0x271c, 0xfffffffffffffffc, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x8402, 0x0) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000080)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x20000004}, 0x24000802) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) mmap$auto(0xfffffffffffffffe, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x7fffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x0, 0x0) getpid() socket$nl_generic(0x10, 0x3, 0x10) seccomp$auto(0x1, 0x9, &(0x7f0000000140)="aadce39496371c23d5863c56284ab2529ff3f10ed1c1449e5c80bcdd7b3cd46b833350e502652ac96608dc10ce2631a329d6d74b5027f34164d9e2d339982c392bf03975cb42ba56408ba57f460c114b0725f4c1271f8233ec66d23bb7dcd85b9d137e21422a48de6c84f07475fa0a08406ec690def7cf7f180592ae60522f3e0ee77f2ee7de010f72c0eb10e74509c0e872128d10861b76d0aee1bb95794d4cfe0e0baad1d1ea4b1c2f4b6fa6a9c8fc35bc3285aaeb37d9eb92f9a95afbd319ef939b2e32929170867f7a7351ae60234bb8be349f94950644b889f8977ea9371dc4e76d26162f00b79d43071e0314e4302634fea3d8b91edae2ad9d7316839b1889181f101992ecb4c9a6ff286e3e44703bd70f4e97b2ff886f02e5a7fa05c71d2e116537c878aa72bb1bcbc605d6654ad01a904c981bcbc2afa0052284cd7782db2a1f09b895f8cc728f35fab96b04f2d51a2c4e4bef021917f773fca837efc220c6e1e0d5bc1298fdc6f2252da52b26827a92c14b3a95e5ecd0c7bcdbc8c68b7d0fe30661261f523d2697ccf4bb044bb8d556489c0d156aaf1b588b193bb20e1c0903c36772e029198cfd2c32918c0a9e05e32ef4a336454c2036884cbd4f360a0411dfc3531b1fff4adf11a2d1fcced44152975647a1079bee00b5b22fa84762c9202ab992525cbba971e83bf943c400e9cd8fa2691eefe51417a53c46b1740ff4a48bfe189ef66b294808776ce09959c427ded3c49973322617b4a6adfe3cd4d2f3a3763254506a4b7ecc77fa23adba64b9634f4993a6c0eb2a5d966b4fd47c211059d24fb03cf638b1268f8ebb409f4f8e27e55ee9582e8229b4de1716e0d66ab1636a6fc489566d20bdaffbd7e2b42f98a32573199354da412ff999285e77687df8ec15a09ec2fc9feeed7ff19c62c85f0bfaa28af934105f30f92ee6f5852da19803f24da1102e61649d6443d702dd3123469a5e46fb5543d9048e2f9f89bf470d76d310bb35c095319254fdbefd9be309af426b20b1aeaa3140e1e0e44e0328319865ba62f2acd646be73181a5af0daa7463062003d763feb3588f752cfaabb9e7aee854d3b55bac16e397b6da6949f90c2d80330f0148344dc915c733487f7b970444b19eea578c515c9f8b6fa087287387d770cd962e2fc75ae17e795278bd0934f0031eac70a2d717a9c75087ac4e912f12a92e993acc8aa2aa74458be60a7bad112b3ff2eab98f2228851b8e5b948166af8338b3c141ac3761905f41966601bcfe5d5ae1fa147055fe4f97907b41513b7d74f3ec81e24bb6401cdc682d118a0f26efd896a0b199bfd20bc0fb17ced88060b6499842a0a9c8c26639ee4be06e058325b0dee7b717e2fb4b11a1b8193480bb9fc8cfd7c71f958e07bcde0a24430cf94a947487a9fed452d98b9a44cc43eaed0697d4b38ef81718134245eb4411926597c8c3aa3727dc2929557b3d8af42b033d16d71dd077ebd708672b87463e4ddf7037acf262615d95f31b5871e4d01114be707ef5a2af5bd115b7f1b332b1a8ad932b64a4b1ef5b97218d162b72d39b13fe545016c467423eeab6aad06c301b1e895bc329c24348bc40109809c336c534544d917e25145f05f5c24ac892f7b6aba637e09088c15e624d36aae7db5a9ae76a5c0d97d38b35433601a8a618665c3f3cd88f0eeaeb377a5a01c55aab7778a4b9d7fb31fe930b1def727c015e75c4c8f61d2b942d906736fda933687e379faeb86364f1d740aa78e2b1a97136da8e9aa7bf82beb6af1ebf543442deb9ce7bbc8c9b9a67874cdd33ab2c65b3d4fb68c4fe098deafd553c54984125581fadc776d55d2d014a800ac611c559fc14f82526c689203a2705c7c7c6d2255c224a64ffea9b125016708f5bdad34ddb8b7b2bb733e93dd35189d0ed86b4c59c2795b7d8a17a9f53580a6ed0b42c38c01311cbfff7a3affc3da80f0909540093dc99c05e2d8aa3f7679b591fff889003a0d77b76c33e951ddf71b3ea75a649634c1adf27793c561067d3a2dceb9fbf57e1105aae0606dca07efb24fca3cdbdf7374788f56dd6135b999d95abbfe5e7dfc6488893d4bcb2a4b110cb80397dde0092b51557f1a9de7d406501f7963f4f997a3b35fcf9aa6d89623d4efa00733cead26257f39e943174fa7cff2b8bcc616468c8e55b85233c4c01472ee904a644248c555c2f1e864c2e94b627a29e769d05b62520fd37b434d4193d7b55e7c37d633095b3c4ef8650f759cc83cf8494dc49af2f33af845f22cc5eeac358d775280a2f7658224f089cccdb7891f43fcc9009bdba0b5fa17524d68b242398363f59c3c43e24f916ceb18074298f076034db56d21a694095da8d0668b5214c2b47fa74d3b1ec39e7422437cd2b52c99277598c24e4c87252dde107ffc36ad45a01bb323b8c3448f2562da117b12a1fb34e9e1a375256025120ffe59ee259d5bc57efbb069b8cdce1762ad7c90026b152843661084950cb8fe24a573eaec74f2e31171af40522905907324104a78074fbb92945512e9184dc2d932c6021e7493d51170cdbd16d9f2370652adf0c650e5b70a7a29a511e524c3a1a69cefbfd154bc1df0b4d55c3e9509ca61c24c3a66e178134b44dcf205b7472351796687be803c77396181adbc04b2ec6ba192c2e7e854d28fd05984b463bccf39a1207cd2a455524bfa77530d0acce867f5685fa455d803b6ebbf964fb723708e8863be155d99580fd91371a53dba83a9376e810fc2f792385f00f6") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[@ANYBLOB="f8010000", @ANYRES16, @ANYBLOB="2f212cbd7000fcdbdf252100000008000300", @ANYBLOB], 0x1f8}, 0x1, 0x0, 0x0, 0x40051}, 0x20000000) r2 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x88e, 0xb8, 0x100000000, 0x5, 0x1b, 0x93c, 0x1ffdc, 0x7, 0x2000000000000006, 0x3, 0x9, 0x8, 0x2, 0x8001, 0xae, 0x5, 0x922, 0x7, 0x8005, 0x5, 0x3, 0xfffffffe, 0xfffffffc, 0x1fd, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, [0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x15a6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x4, 0x0, 0x0, 0x4, 0x0, 0x3, 0xfffffffffffffffb, 0x0, 0x1, 0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000, 0x400, 0x7ffffffffffffffc, 0x0, 0x10, 0x0, 0x0, 0x7]}, 0x8, 0x83) pwrite64$auto(0xffffffffffffffff, &(0x7f0000000040)=':\'*&\x04!\x00', 0x2001, 0x27) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0x10000}, 0x80000904}, 0xa, 0x400c) 243.078822ms ago: executing program 2 (id=6201): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) pidfd_send_signal$auto_PIDFD_SELF_THREAD(0xffffffffffffd8f0, 0xffff, 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x20000, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3) accept$auto(r2, 0x0, 0x0) mount$auto(&(0x7f0000000180)='pim6reg\x00', 0x0, &(0x7f0000000240)='/proc/thr^Id-3elf/fail-nth\x00', 0x4, &(0x7f0000000280)) read$auto(0xffffffffffffffff, 0x0, 0x4) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/cmdline\x00', 0x481, 0x0) setresuid$auto(0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x866d, 0x7fff, 0x9) timer_create$auto(0x7, 0x0, &(0x7f0000000140)=0x6) 235.272216ms ago: executing program 3 (id=6202): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/bus/mdio_bus/drivers/Microchip LAN937x TX/bind\x00', 0x4a000, 0x0) socket(0x6, 0x3, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x26, 0x5, 0x8c68) (async) r0 = socket(0x26, 0x5, 0x8c68) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x101e41, 0x0) ioperm$auto(0x4, 0x100000001, 0x4000005) (async) ioperm$auto(0x4, 0x100000001, 0x4000005) futex_waitv$auto(&(0x7f0000000040)={0x9, 0xffffffffffffffff, 0xc}, 0x7ff, 0x8, &(0x7f00000000c0)={0x1000000004, 0x10}, 0x4) (async) futex_waitv$auto(&(0x7f0000000040)={0x9, 0xffffffffffffffff, 0xc}, 0x7ff, 0x8, &(0x7f00000000c0)={0x1000000004, 0x10}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/tty56\x00', 0x74c40, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x800, 0x8000009, 0x1, 0x19, 0xffffffffffffffff, 0x100000000000008) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x7, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) (async) lsm_list_modules$auto(0x0, 0x0, 0x0) r4 = ioctl$auto_TUNATTACHFILTER(r0, 0x401054d5, &(0x7f0000000180)={0x1, &(0x7f0000000140)={0x7, 0x3e, 0x80, @raw=0x9}}) ioctl$auto_virtual_ncidev_fops_virtual_ncidev(r4, 0x6, &(0x7f00000001c0)="46a03e98c00d5dd3b483d34ba198d5e2a0677bf40564840c4f26027c") openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) (async) r5 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r5, 0x40146f2c, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x40146f2b, 0x0) (async) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x40146f2b, 0x0) r6 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x50ba82, 0x0) read$auto(r6, 0x0, 0xb4d3) (async) read$auto(r6, 0x0, 0xb4d3) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) setsockopt$auto(r1, 0xd0, 0x800000e4, 0x0, 0x569) write$auto(0xffffffffffffffff, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x03\x00\x00\x00\xc7\xd9\x88t?$\xe4W\x88Q\xe6e\xb2\xa5\xbbZ$\xc9\xa4@\xfb\xca|I\xb9\xdf\xb9\x81K\x02\xcb\t\x9f\x80\x187\xab\b\xd22\x14\xacj\x11\xd0\xa5E\x14\xc4n\xb7\xa4C\xb2C\x02\xb5L!\xc9_8\xe0r\xa8\a\x1d\x03/\xb0x\x83\xd8\x1d\xd3\x1e\xd0\xdd\x131\xca\x98\x96\xbc`\x06\a,\x88\x9dhT\xc6\x88\xa1\xd7\xe0\xb7\n\xbc\xbc\xf3\xd6\xf4g&\xed\xc2n\xee\x89\xfc\xf7F@\xf2\xddW;/%@\x185\x1ab\xf4*\xb8\x9a`D\xa3\xd0\xc3\x10\xff>\x87(\xba\xb4\xa0\x84\x89n9\x85\xa1\x8a\xce\x00'/176, 0x100081) 91.70172ms ago: executing program 0 (id=6203): sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000100000008000200", @ANYRES32=0x0, @ANYBLOB="04001a"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) r0 = socket(0x10, 0x2, 0x0) r1 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x502, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) adjtimex$auto(0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_TCP_METRICS_CMD_DEL(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x6c, r2, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [@TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @loopback}, @TCP_METRICS_ATTR_SADDR_IPV4={0x8, 0xb, @rand_addr=0x64010100}, @TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0x2c}}, @TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @dev={0xfe, 0x80, '\x00', 0xd}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x4000000}, 0x80) mmap$auto(0x0, 0x40009, 0xfffffffffffffffa, 0x11, r1, 0x28000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 0s ago: executing program 1 (id=6204): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@tipc=@name={0x1e, 0x2, 0x2, {{0x0, 0x1}}}, 0x66) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x6, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) close_range$auto(0x2, r0, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) sendmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x2, 0x0, 0x400, 0x1000000}, 0x4}, 0xfff, 0xb07e) kernel console output (not intermixed with test programs): ? find_held_lock+0x2b/0x80 [ 1291.167221][T31193] ? __fget_files+0x215/0x3d0 [ 1291.167234][T31193] ? __fget_files+0x215/0x3d0 [ 1291.167250][T31193] ? __fget_files+0x21f/0x3d0 [ 1291.167269][T31193] __x64_sys_pread64+0x1eb/0x250 [ 1291.167284][T31193] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1291.167304][T31193] do_syscall_64+0x106/0xf80 [ 1291.167322][T31193] ? clear_bhb_loop+0x40/0x90 [ 1291.167341][T31193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1291.167356][T31193] RIP: 0033:0x7f4949d9c799 [ 1291.167371][T31193] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1291.167390][T31193] RSP: 002b:00007f4947ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1291.167406][T31193] RAX: ffffffffffffffda RBX: 00007f494a015fa0 RCX: 00007f4949d9c799 [ 1291.167417][T31193] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 1291.167426][T31193] RBP: 00007f4949e32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1291.167437][T31193] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 1291.167446][T31193] R13: 00007f494a016038 R14: 00007f494a015fa0 R15: 00007fff6a8f4f28 [ 1291.167468][T31193] [ 1291.167529][T31192] alloc_pages_noprof+0x131/0x390 [ 1291.738461][T31192] brd_submit_bio+0x116a/0x20d0 [ 1291.743464][T31192] __submit_bio+0x419/0x6c0 [ 1291.773673][T31192] submit_bio_noacct_nocheck+0x74f/0xc10 [ 1291.783774][T31192] submit_bio_noacct+0xd17/0x2010 [ 1291.807277][T31192] submit_bh_wbc+0x59c/0x770 [ 1291.822078][T31192] __block_write_full_folio+0x77f/0xee0 [ 1291.830747][T31192] block_write_full_folio+0x3b5/0x4e0 [ 1291.843092][T31192] blkdev_writepages+0xc7/0x150 [ 1291.853193][T31192] do_writepages+0x278/0x600 [ 1291.862441][T31192] filemap_writeback+0x22d/0x2e0 [ 1291.874832][T31192] file_write_and_wait_range+0xcd/0x140 [ 1291.885016][T31192] page last free pid 23082 tgid 23072 stack trace: [ 1291.901919][T31192] free_unref_folios+0xaea/0x1790 [ 1291.912019][T31192] folios_put_refs+0x53c/0x840 [ 1291.922128][T31192] truncate_inode_pages_range+0x30c/0x1050 [ 1291.934603][T31192] blkdev_flush_mapping+0xfb/0x2e0 [ 1291.940161][T31192] blkdev_put_whole+0xc9/0xf0 [ 1291.945072][T31192] bdev_release+0x47f/0x6d0 [ 1291.949566][T31192] blkdev_release+0x15/0x20 [ 1291.954109][T31192] __fput+0x3ff/0xb40 [ 1291.958456][T31192] task_work_run+0x150/0x240 [ 1291.963044][T31192] get_signal+0x1bd/0x21e0 [ 1291.968411][T31192] arch_do_signal_or_restart+0x91/0x770 [ 1291.974107][T31192] exit_to_user_mode_loop+0x86/0x4a0 [ 1291.990333][T31192] do_syscall_64+0x668/0xf80 [ 1292.000430][T31192] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1292.618274][T25442] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1292.772883][T25442] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1292.976512][T25442] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1293.247011][T29006] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1293.258787][T29006] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1293.267049][T29006] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1293.275355][T29006] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1293.282749][T29006] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1293.306724][T25442] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1293.359359][T31239] vivid-001: ================= START STATUS ================= [ 1293.415569][T31239] vivid-001: Radio HW Seek Mode: Bounded [ 1293.421231][T31239] vivid-001: Radio Programmable HW Seek: false [ 1293.476151][T31243] netlink: 29 bytes leftover after parsing attributes in process `syz.2.5638'. [ 1293.530853][T31239] vivid-001: RDS Rx I/O Mode: Block I/O [ 1293.601934][T31239] vivid-001: Generate RBDS Instead of RDS: false [ 1293.686170][T16623] Bluetooth: hci4: unexpected event 0x02 length: 726 > 260 [ 1293.686420][T31239] vivid-001: RDS Reception: true [ 1293.731391][T31239] vivid-001: RDS Program Type: 0 inactive [ 1293.761421][T31239] vivid-001: RDS PS Name: inactive [ 1293.796584][T31239] vivid-001: RDS Radio Text: inactive [ 1293.823647][T31239] vivid-001: RDS Traffic Announcement: false inactive [ 1293.840231][T31239] vivid-001: RDS Traffic Program: false inactive [ 1293.871153][T31239] vivid-001: RDS Music: false inactive [ 1293.901852][T31239] vivid-001: ================== END STATUS ================== [ 1294.029510][T25442] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1294.049928][T25442] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1294.068990][T25442] bond0 (unregistering): Released all slaves [ 1294.136850][T25442] HfR: left promiscuous mode [ 1294.175865][T25442] ovs_: left promiscuous mode [ 1294.232617][T25442] tipc: Left network mode [ 1294.561481][T31236] chnl_net:caif_netlink_parms(): no params data found [ 1295.007750][T25442] hsr_slave_0: left promiscuous mode [ 1295.035240][T25442] hsr_slave_1: left promiscuous mode [ 1295.041454][T25442] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1295.075728][T25442] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1295.101577][T25442] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1295.123101][T25442] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1295.141573][T31284] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 1295.158570][T25442] veth1_macvtap: left promiscuous mode [ 1295.179396][T25442] veth0_macvtap: left promiscuous mode [ 1295.196207][T25442] veth1_vlan: left promiscuous mode [ 1295.215157][T25442] veth0_vlan: left promiscuous mode [ 1295.404746][T16623] Bluetooth: hci2: command tx timeout [ 1295.639874][T25442] team0 (unregistering): Port device team_slave_1 removed [ 1295.688337][T25442] team0 (unregistering): Port device team_slave_0 removed [ 1296.035874][T31236] bridge0: port 1(bridge_slave_0) entered blocking state [ 1296.084579][T31236] bridge0: port 1(bridge_slave_0) entered disabled state [ 1296.093069][T31236] bridge_slave_0: entered allmulticast mode [ 1296.151250][T31236] bridge_slave_0: entered promiscuous mode [ 1296.205106][T31236] bridge0: port 2(bridge_slave_1) entered blocking state [ 1296.249703][T31236] bridge0: port 2(bridge_slave_1) entered disabled state [ 1296.296261][T31236] bridge_slave_1: entered allmulticast mode [ 1296.329410][T31236] bridge_slave_1: entered promiscuous mode [ 1296.473402][T31236] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1296.557043][T31236] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1296.736734][T31236] team0: Port device team_slave_0 added [ 1297.058034][T31236] team0: Port device team_slave_1 added [ 1297.363288][T31236] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1297.394764][T31236] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1297.487728][T16623] Bluetooth: hci2: command tx timeout [ 1297.498958][T31236] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1297.549982][T31236] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1297.583561][T31236] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1297.675233][T31236] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1297.881183][T31236] hsr_slave_0: entered promiscuous mode [ 1297.914826][T31236] hsr_slave_1: entered promiscuous mode [ 1297.927278][T31338] FAULT_INJECTION: forcing a failure. [ 1297.927278][T31338] name failslab, interval 1, probability 0, space 0, times 0 [ 1297.947534][T31236] debugfs: 'hsr0' already exists in 'hsr' [ 1297.953261][T31236] Cannot create hsr debugfs directory [ 1298.036651][T31338] CPU: 0 UID: 0 PID: 31338 Comm: syz.0.5652 Tainted: G L syzkaller #0 PREEMPT(full) [ 1298.036679][T31338] Tainted: [L]=SOFTLOCKUP [ 1298.036685][T31338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1298.036694][T31338] Call Trace: [ 1298.036700][T31338] [ 1298.036707][T31338] dump_stack_lvl+0x100/0x190 [ 1298.036735][T31338] should_fail_ex.cold+0x5/0xa [ 1298.036753][T31338] should_failslab+0xc2/0x120 [ 1298.036769][T31338] __kvmalloc_node_noprof+0xfa/0xa00 [ 1298.036791][T31338] ? traverse.part.0.constprop.0+0x397/0x650 [ 1298.036820][T31338] traverse.part.0.constprop.0+0x397/0x650 [ 1298.036849][T31338] seq_read_iter+0x93f/0x1270 [ 1298.036872][T31338] ? aa_file_perm+0x7f3/0x14d0 [ 1298.036895][T31338] seq_read+0x33b/0x4c0 [ 1298.036917][T31338] ? __pfx_seq_read+0x10/0x10 [ 1298.036951][T31338] ? __pfx_seq_read+0x10/0x10 [ 1298.036972][T31338] proc_reg_read+0x240/0x330 [ 1298.036994][T31338] ? __pfx_proc_reg_read+0x10/0x10 [ 1298.037016][T31338] vfs_read+0x1e4/0xb30 [ 1298.037042][T31338] ? __pfx_vfs_read+0x10/0x10 [ 1298.037062][T31338] ? find_held_lock+0x2b/0x80 [ 1298.037077][T31338] ? __fget_files+0x215/0x3d0 [ 1298.037090][T31338] ? __fget_files+0x215/0x3d0 [ 1298.037107][T31338] ? __fget_files+0x21f/0x3d0 [ 1298.037126][T31338] __x64_sys_pread64+0x1eb/0x250 [ 1298.037141][T31338] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1298.037161][T31338] do_syscall_64+0x106/0xf80 [ 1298.037180][T31338] ? clear_bhb_loop+0x40/0x90 [ 1298.037198][T31338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1298.037214][T31338] RIP: 0033:0x7f64ead9c799 [ 1298.037228][T31338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1298.037243][T31338] RSP: 002b:00007f64ebd1b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1298.037258][T31338] RAX: ffffffffffffffda RBX: 00007f64eb015fa0 RCX: 00007f64ead9c799 [ 1298.037268][T31338] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 1298.037277][T31338] RBP: 00007f64eae32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1298.037286][T31338] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 1298.037296][T31338] R13: 00007f64eb016038 R14: 00007f64eb015fa0 R15: 00007fff13c8a8a8 [ 1298.037316][T31338] [ 1299.166939][T25442] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1299.422593][T25442] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1299.570871][T16623] Bluetooth: hci2: command tx timeout [ 1299.608049][T25442] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1299.928946][T25442] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1300.033007][T31236] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1300.097918][T31236] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1300.129522][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.137297][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.191003][T31236] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1300.215834][T29006] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1300.225293][T29006] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1300.248417][T29006] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1300.256187][T29006] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1300.264140][T29006] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1300.311477][T31236] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1300.635044][T25442] bridge_slave_1: left allmulticast mode [ 1300.655464][T25442] bridge_slave_1: left promiscuous mode [ 1300.661222][T25442] bridge0: port 2(bridge_slave_1) entered disabled state [ 1300.718213][T25442] bridge_slave_0: left allmulticast mode [ 1300.747645][T25442] bridge_slave_0: left promiscuous mode [ 1300.776025][T25442] bridge0: port 1(bridge_slave_0) entered disabled state [ 1301.289415][T25442] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1301.376069][T25442] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1301.429979][T25442] bond0 (unregistering): Released all slaves [ 1301.650220][T29006] Bluetooth: hci2: command tx timeout [ 1301.781658][T25442] hsr_slave_0: left promiscuous mode [ 1301.801556][T25442] hsr_slave_1: left promiscuous mode [ 1301.820809][T25442] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1301.841109][T25442] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1301.851212][T25442] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1301.858893][T25442] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1301.870414][T25442] veth1_macvtap: left promiscuous mode [ 1301.876192][T25442] veth0_macvtap: left promiscuous mode [ 1301.881775][T25442] veth1_vlan: left promiscuous mode [ 1301.888254][T25442] veth0_vlan: left promiscuous mode [ 1302.233462][T25442] team0 (unregistering): Port device team_slave_1 removed [ 1302.263803][T25442] team0 (unregistering): Port device team_slave_0 removed [ 1302.365018][T29006] Bluetooth: hci1: command tx timeout [ 1302.698386][T31236] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1302.812890][T31395] chnl_net:caif_netlink_parms(): no params data found [ 1302.907193][T31236] 8021q: adding VLAN 0 to HW filter on device team0 [ 1303.075406][T25438] bridge0: port 1(bridge_slave_0) entered blocking state [ 1303.082523][T25438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1303.180747][T26477] bridge0: port 2(bridge_slave_1) entered blocking state [ 1303.187887][T26477] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1303.357990][T31395] bridge0: port 1(bridge_slave_0) entered blocking state [ 1303.396142][T31395] bridge0: port 1(bridge_slave_0) entered disabled state [ 1303.403298][T31395] bridge_slave_0: entered allmulticast mode [ 1303.464501][T31395] bridge_slave_0: entered promiscuous mode [ 1303.504576][T31395] bridge0: port 2(bridge_slave_1) entered blocking state [ 1303.542544][T31395] bridge0: port 2(bridge_slave_1) entered disabled state [ 1303.576367][T31395] bridge_slave_1: entered allmulticast mode [ 1303.601906][T31395] bridge_slave_1: entered promiscuous mode [ 1303.761362][T31395] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1303.905270][T31395] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1304.347242][T31395] team0: Port device team_slave_0 added [ 1304.444801][T29006] Bluetooth: hci1: command tx timeout [ 1304.459034][T31395] team0: Port device team_slave_1 added [ 1304.566024][T31236] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1304.586358][T31395] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1304.599400][T31395] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1304.661728][T31395] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1304.718443][T31395] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1304.740020][T31395] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1304.847989][T31395] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1304.881797][T31507] mkiss: ax0: crc mode is auto. [ 1305.058538][T31395] hsr_slave_0: entered promiscuous mode [ 1305.089452][T31395] hsr_slave_1: entered promiscuous mode [ 1305.118912][T31395] debugfs: 'hsr0' already exists in 'hsr' [ 1305.146197][T29006] Bluetooth: hci0: Malformed LE Event: 0x1b [ 1305.172368][T31395] Cannot create hsr debugfs directory [ 1305.292162][T31236] veth0_vlan: entered promiscuous mode [ 1305.331525][T31236] veth1_vlan: entered promiscuous mode [ 1305.463127][T31236] veth0_macvtap: entered promiscuous mode [ 1305.522343][T31236] veth1_macvtap: entered promiscuous mode [ 1305.614516][T31236] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1305.718628][T31236] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1305.771609][T25442] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1305.809730][T25442] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1305.831266][T25442] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1305.952258][T25442] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1306.380419][T25442] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1306.412431][T25442] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1306.525348][T29006] Bluetooth: hci1: command tx timeout [ 1306.557069][T25446] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1306.624851][T25446] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1306.859438][T31395] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1306.882686][T31561] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1306.914603][T31395] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1306.969441][T31395] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1307.016196][T31395] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1307.690142][T31395] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1307.780437][T31395] 8021q: adding VLAN 0 to HW filter on device team0 [ 1307.828531][T25436] bridge0: port 1(bridge_slave_0) entered blocking state [ 1307.835664][T25436] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1307.921048][T25436] bridge0: port 2(bridge_slave_1) entered blocking state [ 1307.928181][T25436] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1308.614047][T29006] Bluetooth: hci1: command tx timeout [ 1308.736683][T31395] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1308.952433][T31395] veth0_vlan: entered promiscuous mode [ 1309.023108][T31395] veth1_vlan: entered promiscuous mode [ 1309.131471][T31395] veth0_macvtap: entered promiscuous mode [ 1309.288133][T31395] veth1_macvtap: entered promiscuous mode [ 1309.317407][T31617] vivid-007: ================= START STATUS ================= [ 1309.362147][T31617] vivid-007: Generate PTS: true [ 1309.391031][T31395] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1309.399710][T31617] vivid-007: Generate SCR: true [ 1309.404573][T31617] tpg source WxH: 320x240 (Y'CbCr) [ 1309.449372][T31395] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1309.459672][T31617] tpg field: 1 [ 1309.473427][T31617] tpg crop: (0,0)/320x240 [ 1309.496280][T31617] tpg compose: (0,0)/320x240 [ 1309.501028][T31617] tpg colorspace: 8 [ 1309.521952][T25438] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1309.544161][T25438] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1309.555286][T31617] tpg transfer function: 0/0 [ 1309.559884][T31617] tpg Y'CbCr encoding: 0/0 [ 1309.564280][T31617] tpg quantization: 0/0 [ 1309.605998][T25438] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1309.626225][T31617] tpg RGB range: 0/2 [ 1309.636547][T25438] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1309.650914][T31617] vivid-007: ================== END STATUS ================== [ 1310.006079][T25446] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1310.026064][T25446] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1311.502644][T26477] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1311.571158][T26477] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1316.402098][T31744] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1316.466416][T31744] FAULT_INJECTION: forcing a failure. [ 1316.466416][T31744] name failslab, interval 1, probability 0, space 0, times 0 [ 1316.524241][T31744] CPU: 0 UID: 0 PID: 31744 Comm: syz.0.5712 Tainted: G L syzkaller #0 PREEMPT(full) [ 1316.524276][T31744] Tainted: [L]=SOFTLOCKUP [ 1316.524281][T31744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1316.524291][T31744] Call Trace: [ 1316.524296][T31744] [ 1316.524302][T31744] dump_stack_lvl+0x100/0x190 [ 1316.524331][T31744] should_fail_ex.cold+0x5/0xa [ 1316.524350][T31744] should_failslab+0xc2/0x120 [ 1316.524367][T31744] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1316.524389][T31744] ? ptlock_alloc+0x1f/0x70 [ 1316.524410][T31744] ? __pfx_filemap_map_pages+0x10/0x10 [ 1316.524431][T31744] ptlock_alloc+0x1f/0x70 [ 1316.524449][T31744] pte_alloc_one+0x84/0x3e0 [ 1316.524467][T31744] __do_fault+0x359/0x550 [ 1316.524491][T31744] ? __pfx_filemap_map_pages+0x10/0x10 [ 1316.524510][T31744] do_fault+0xaf9/0x1950 [ 1316.524526][T31744] ? __pmd_alloc+0x6aa/0x9c0 [ 1316.524543][T31744] __handle_mm_fault+0x180f/0x2b60 [ 1316.524565][T31744] ? mt_find+0x45e/0x8e0 [ 1316.524587][T31744] ? __pfx___handle_mm_fault+0x10/0x10 [ 1316.524605][T31744] ? __pfx_mt_find+0x10/0x10 [ 1316.524633][T31744] ? find_vma+0xbf/0x140 [ 1316.524649][T31744] ? __pfx_find_vma+0x10/0x10 [ 1316.524664][T31744] handle_mm_fault+0x36d/0xa20 [ 1316.524687][T31744] do_user_addr_fault+0x74c/0x12f0 [ 1316.524715][T31744] exc_page_fault+0x6f/0xd0 [ 1316.524734][T31744] asm_exc_page_fault+0x26/0x30 [ 1316.524748][T31744] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 1316.524770][T31744] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 8f 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 1316.524784][T31744] RSP: 0018:ffffc9000350f7b8 EFLAGS: 00050206 [ 1316.524796][T31744] RAX: 0000000000000001 RBX: ffff888044201040 RCX: 00000000000000c4 [ 1316.524806][T31744] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888044201040 [ 1316.524815][T31744] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1008840220 [ 1316.524824][T31744] R10: ffff888044201103 R11: 0000000000000000 R12: ffffc9000350fd40 [ 1316.524833][T31744] R13: 0000000000000000 R14: 00000000000000c4 R15: 0000000000000000 [ 1316.524852][T31744] _copy_from_iter+0x355/0x1690 [ 1316.524870][T31744] ? __asan_memset+0x23/0x50 [ 1316.524891][T31744] ? __pfx__copy_from_iter+0x10/0x10 [ 1316.524914][T31744] ? __pfx___alloc_skb+0x10/0x10 [ 1316.524940][T31744] netlink_sendmsg+0x808/0xda0 [ 1316.524964][T31744] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1316.524981][T31744] ? __import_iovec+0x1d2/0x640 [ 1316.524996][T31744] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1316.525020][T31744] ____sys_sendmsg+0xa54/0xc30 [ 1316.525044][T31744] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1316.525069][T31744] ? __pfx__kstrtoull+0x10/0x10 [ 1316.525090][T31744] ___sys_sendmsg+0x190/0x1e0 [ 1316.525114][T31744] ? __pfx____sys_sendmsg+0x10/0x10 [ 1316.525145][T31744] ? find_held_lock+0x2b/0x80 [ 1316.525171][T31744] __sys_sendmmsg+0x205/0x430 [ 1316.525191][T31744] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1316.525214][T31744] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1316.525241][T31744] ? fput+0x79/0x100 [ 1316.525262][T31744] ? ksys_write+0x1ac/0x250 [ 1316.525284][T31744] ? __pfx_ksys_write+0x10/0x10 [ 1316.525309][T31744] __x64_sys_sendmmsg+0x9c/0x100 [ 1316.525326][T31744] ? lockdep_hardirqs_on+0x78/0x100 [ 1316.525342][T31744] do_syscall_64+0x106/0xf80 [ 1316.525358][T31744] ? clear_bhb_loop+0x40/0x90 [ 1316.525376][T31744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1316.525390][T31744] RIP: 0033:0x7fc79379c799 [ 1316.525403][T31744] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1316.525417][T31744] RSP: 002b:00007fc7945a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1316.525430][T31744] RAX: ffffffffffffffda RBX: 00007fc793a15fa0 RCX: 00007fc79379c799 [ 1316.525439][T31744] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1316.525448][T31744] RBP: 00007fc7945a7090 R08: 0000000000000000 R09: 0000000000000000 [ 1316.525457][T31744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1316.525465][T31744] R13: 00007fc793a16038 R14: 00007fc793a15fa0 R15: 00007ffcab142518 [ 1316.525484][T31744] [ 1318.173731][T31755] netlink: 29 bytes leftover after parsing attributes in process `syz.2.5715'. [ 1319.201994][T31784] netlink: 14 bytes leftover after parsing attributes in process `syz.0.5721'. [ 1322.693348][T31839] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5734'. [ 1328.395106][T31918] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5752'. [ 1329.381313][T31935] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5755'. [ 1333.754600][T31977] zswap: compressor not available [ 1334.489097][T32003] FAULT_INJECTION: forcing a failure. [ 1334.489097][T32003] name failslab, interval 1, probability 0, space 0, times 0 [ 1334.579539][T32003] CPU: 0 UID: 0 PID: 32003 Comm: syz.2.5761 Tainted: G L syzkaller #0 PREEMPT(full) [ 1334.579565][T32003] Tainted: [L]=SOFTLOCKUP [ 1334.579570][T32003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1334.579579][T32003] Call Trace: [ 1334.579585][T32003] [ 1334.579592][T32003] dump_stack_lvl+0x100/0x190 [ 1334.579618][T32003] should_fail_ex.cold+0x5/0xa [ 1334.579636][T32003] ? tomoyo_encode2+0xfb/0x3c0 [ 1334.579651][T32003] should_failslab+0xc2/0x120 [ 1334.579667][T32003] __kmalloc_noprof+0xe0/0x850 [ 1334.579687][T32003] ? d_absolute_path+0x136/0x1b0 [ 1334.579710][T32003] tomoyo_encode2+0xfb/0x3c0 [ 1334.579728][T32003] tomoyo_encode+0x29/0x50 [ 1334.579751][T32003] tomoyo_realpath_from_path+0x18c/0x690 [ 1334.579771][T32003] tomoyo_path_number_perm+0x23c/0x580 [ 1334.579793][T32003] ? tomoyo_path_number_perm+0x22e/0x580 [ 1334.579816][T32003] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1334.579857][T32003] ? find_held_lock+0x2b/0x80 [ 1334.579869][T32003] ? __fget_files+0x215/0x3d0 [ 1334.579882][T32003] ? hook_file_ioctl_common+0x146/0x410 [ 1334.579909][T32003] ? __fget_files+0x21f/0x3d0 [ 1334.579925][T32003] security_file_ioctl+0xd3/0x230 [ 1334.579950][T32003] __x64_sys_ioctl+0xb7/0x210 [ 1334.579972][T32003] do_syscall_64+0x106/0xf80 [ 1334.579988][T32003] ? clear_bhb_loop+0x40/0x90 [ 1334.580007][T32003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1334.580022][T32003] RIP: 0033:0x7fdbd8f9c799 [ 1334.580035][T32003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1334.580049][T32003] RSP: 002b:00007fdbd9dad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1334.580063][T32003] RAX: ffffffffffffffda RBX: 00007fdbd9215fa0 RCX: 00007fdbd8f9c799 [ 1334.580073][T32003] RDX: 0000000000000000 RSI: 0000000000005412 RDI: 0000000000000003 [ 1334.580082][T32003] RBP: 00007fdbd9dad090 R08: 0000000000000000 R09: 0000000000000000 [ 1334.580090][T32003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1334.580099][T32003] R13: 00007fdbd9216038 R14: 00007fdbd9215fa0 R15: 00007ffe3a083938 [ 1334.580118][T32003] [ 1334.580133][T32003] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1336.113854][T32027] netlink: 338 bytes leftover after parsing attributes in process `syz.1.5776'. [ 1338.545745][T32071] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1338.755975][T32071] FAULT_INJECTION: forcing a failure. [ 1338.755975][T32071] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1338.965318][T32071] CPU: 0 UID: 0 PID: 32071 Comm: syz.3.5787 Tainted: G L syzkaller #0 PREEMPT(full) [ 1338.965346][T32071] Tainted: [L]=SOFTLOCKUP [ 1338.965351][T32071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1338.965361][T32071] Call Trace: [ 1338.965366][T32071] [ 1338.965373][T32071] dump_stack_lvl+0x100/0x190 [ 1338.965410][T32071] should_fail_ex.cold+0x5/0xa [ 1338.965429][T32071] get_futex_key+0x295/0x1620 [ 1338.965451][T32071] ? __pfx_get_futex_key+0x10/0x10 [ 1338.965469][T32071] ? get_futex_key+0x507/0x1620 [ 1338.965491][T32071] futex_wait_setup+0x81/0x500 [ 1338.965518][T32071] futex_wait_requeue_pi+0x240/0x870 [ 1338.965542][T32071] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 1338.965566][T32071] ? __pfx___futex_wait+0x10/0x10 [ 1338.965587][T32071] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1338.965604][T32071] ? lockdep_hardirqs_on+0x78/0x100 [ 1338.965637][T32071] ? __pfx_futex_wake_mark+0x10/0x10 [ 1338.965664][T32071] ? ksys_write+0x190/0x250 [ 1338.965686][T32071] ? ksys_write+0x190/0x250 [ 1338.965712][T32071] do_futex+0x24f/0x350 [ 1338.965731][T32071] ? __pfx_do_futex+0x10/0x10 [ 1338.965754][T32071] __x64_sys_futex+0x34f/0x4d0 [ 1338.965775][T32071] ? __pfx___x64_sys_futex+0x10/0x10 [ 1338.965802][T32071] do_syscall_64+0x106/0xf80 [ 1338.965822][T32071] ? clear_bhb_loop+0x40/0x90 [ 1338.965840][T32071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1338.965856][T32071] RIP: 0033:0x7f954399c799 [ 1338.965870][T32071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1338.965886][T32071] RSP: 002b:00007f9544820028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1338.965901][T32071] RAX: ffffffffffffffda RBX: 00007f9543c15fa0 RCX: 00007f954399c799 [ 1338.965911][T32071] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 1338.965921][T32071] RBP: 00007f9543a32bd9 R08: 0000000000000000 R09: 00000000fffffffa [ 1338.965930][T32071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1338.965939][T32071] R13: 00007f9543c16038 R14: 00007f9543c15fa0 R15: 00007ffdddab1b58 [ 1338.965959][T32071] [ 1340.093456][T32081] tipc: Started in network mode [ 1340.187831][T32081] tipc: Node identity ee, cluster identity 4711 [ 1340.283519][T32069] FAULT_INJECTION: forcing a failure. [ 1340.283519][T32069] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1340.384242][T32081] tipc: Node number set to 238 [ 1340.594339][T32069] CPU: 0 UID: 0 PID: 32069 Comm: syz.0.5786 Tainted: G L syzkaller #0 PREEMPT(full) [ 1340.594364][T32069] Tainted: [L]=SOFTLOCKUP [ 1340.594369][T32069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1340.594379][T32069] Call Trace: [ 1340.594384][T32069] [ 1340.594391][T32069] dump_stack_lvl+0x100/0x190 [ 1340.594417][T32069] should_fail_ex.cold+0x5/0xa [ 1340.594435][T32069] _copy_from_user+0x2e/0xd0 [ 1340.594459][T32069] copy_msghdr_from_user+0x9f/0x4f0 [ 1340.594483][T32069] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1340.594514][T32069] ___sys_sendmsg+0x106/0x1e0 [ 1340.594537][T32069] ? __pfx____sys_sendmsg+0x10/0x10 [ 1340.594581][T32069] __sys_sendmsg+0x170/0x220 [ 1340.594599][T32069] ? __pfx___sys_sendmsg+0x10/0x10 [ 1340.594631][T32069] do_syscall_64+0x106/0xf80 [ 1340.594649][T32069] ? clear_bhb_loop+0x40/0x90 [ 1340.594667][T32069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1340.594682][T32069] RIP: 0033:0x7fc79379c799 [ 1340.594695][T32069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1340.594710][T32069] RSP: 002b:00007fc794586028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1340.594724][T32069] RAX: ffffffffffffffda RBX: 00007fc793a16090 RCX: 00007fc79379c799 [ 1340.594734][T32069] RDX: 0000000000080000 RSI: 0000200000001dc0 RDI: 0000000000000003 [ 1340.594743][T32069] RBP: 00007fc794586090 R08: 0000000000000000 R09: 0000000000000000 [ 1340.594752][T32069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1340.594760][T32069] R13: 00007fc793a16128 R14: 00007fc793a16090 R15: 00007ffcab142518 [ 1340.594779][T32069] [ 1347.415679][T32125] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1349.689804][T32184] netlink: 12 bytes leftover after parsing attributes in process `syz.1.5810'. [ 1349.814554][T32188] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5809'. [ 1350.098355][T32188] mac80211_hwsim hwsim62 ›: renamed from wlan0 (while UP) [ 1355.167860][T32244] vhci_hcd vhci_hcd.2: SetHubDepth req not supported for USB 2.0 roothub [ 1356.437294][T32262] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5822'. [ 1358.249252][T32281] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5828'. [ 1359.999969][T32316] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5835'. [ 1360.532463][T32327] sg_write: data in/out 4060/39 bytes for SCSI command 0x0-- guessing data in; [ 1360.532463][T32327] program syz.3.5840 not setting count and/or reply_len properly [ 1361.226409][T32345] netlink: 'syz.1.5844': attribute type 5 has an invalid length. [ 1361.234144][T32345] netlink: 4158 bytes leftover after parsing attributes in process `syz.1.5844'. [ 1361.575491][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.581777][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.292467][T32362] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5848'. [ 1362.560303][T32367] usb usb16: usbfs: process 32367 (syz.3.5849) did not claim interface 0 before use [ 1362.641824][T32367] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input34 [ 1363.413634][T32382] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5850'. [ 1364.850633][T32419] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5860'. [ 1365.969561][T25438] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1366.266709][T25438] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1366.583358][T32444] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5864'. [ 1366.833637][T25438] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1366.892475][T16623] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1366.902528][T16623] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1366.911569][T16623] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1366.919188][T16623] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1366.927770][T16623] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1367.123962][T25438] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1368.116120][T32460] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5867'. [ 1368.135478][T25438] bridge_slave_1: left allmulticast mode [ 1368.141119][T25438] bridge_slave_1: left promiscuous mode [ 1368.199624][T25438] bridge0: port 2(bridge_slave_1) entered disabled state [ 1368.250980][T25438] bridge_slave_0: left allmulticast mode [ 1368.301484][T25438] bridge_slave_0: left promiscuous mode [ 1368.360446][T25438] bridge0: port 1(bridge_slave_0) entered disabled state [ 1369.010136][T16623] Bluetooth: hci1: command tx timeout [ 1369.180075][T25438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1369.221868][T25438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1369.257923][T25438] bond0 (unregistering): Released all slaves [ 1369.581810][T25438] tipc: Left network mode [ 1369.880828][T32446] chnl_net:caif_netlink_parms(): no params data found [ 1370.453319][T25438] hsr_slave_0: left promiscuous mode [ 1370.484124][T25438] hsr_slave_1: left promiscuous mode [ 1370.519581][T25438] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1370.556857][T25438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1370.599251][T25438] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1370.649496][T25438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1370.721555][T25438] veth1_macvtap: left promiscuous mode [ 1370.752517][T25438] veth0_macvtap: left promiscuous mode [ 1370.784319][T25438] veth1_vlan: left promiscuous mode [ 1370.811883][T25438] veth0_vlan: left promiscuous mode [ 1371.086525][T16623] Bluetooth: hci1: command tx timeout [ 1371.292855][T29006] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1371.303523][T29006] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1371.311186][T29006] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1371.322743][T29006] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1371.332172][T29006] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1371.611558][T25438] team0 (unregistering): Port device team_slave_1 removed [ 1371.686477][T25438] team0 (unregistering): Port device team_slave_0 removed [ 1372.231246][T32446] bridge0: port 1(bridge_slave_0) entered blocking state [ 1372.267085][T32446] bridge0: port 1(bridge_slave_0) entered disabled state [ 1372.306802][T32446] bridge_slave_0: entered allmulticast mode [ 1372.334065][T32446] bridge_slave_0: entered promiscuous mode [ 1372.514948][T32446] bridge0: port 2(bridge_slave_1) entered blocking state [ 1372.543974][T32446] bridge0: port 2(bridge_slave_1) entered disabled state [ 1372.578584][T32446] bridge_slave_1: entered allmulticast mode [ 1372.595892][T32446] bridge_slave_1: entered promiscuous mode [ 1372.732712][T32446] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1372.825931][T32446] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1373.047615][T32446] team0: Port device team_slave_0 added [ 1373.078470][T32446] team0: Port device team_slave_1 added [ 1373.169039][T16623] Bluetooth: hci1: command tx timeout [ 1373.321418][T32446] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1373.344209][T32446] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1373.403075][T32446] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1373.413850][T16623] Bluetooth: hci2: command tx timeout [ 1373.456374][T32446] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1373.472427][T32446] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1373.526201][T32446] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1373.857383][T25438] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1374.075771][T32446] hsr_slave_0: entered promiscuous mode [ 1374.097114][T32446] hsr_slave_1: entered promiscuous mode [ 1374.132332][T32446] debugfs: 'hsr0' already exists in 'hsr' [ 1374.157310][T32446] Cannot create hsr debugfs directory [ 1374.168875][T32524] chnl_net:caif_netlink_parms(): no params data found [ 1374.575805][T25438] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1374.730279][T25438] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1374.830025][T25438] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1375.035877][T32524] bridge0: port 1(bridge_slave_0) entered blocking state [ 1375.053099][T32524] bridge0: port 1(bridge_slave_0) entered disabled state [ 1375.068768][T32524] bridge_slave_0: entered allmulticast mode [ 1375.083644][T32524] bridge_slave_0: entered promiscuous mode [ 1375.110514][T32524] bridge0: port 2(bridge_slave_1) entered blocking state [ 1375.134346][T32524] bridge0: port 2(bridge_slave_1) entered disabled state [ 1375.154362][T32524] bridge_slave_1: entered allmulticast mode [ 1375.170679][T32524] bridge_slave_1: entered promiscuous mode [ 1375.245709][T16623] Bluetooth: hci1: command tx timeout [ 1375.303550][T32524] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1375.403639][T32524] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1375.485392][T16623] Bluetooth: hci2: command tx timeout [ 1375.617082][T32524] team0: Port device team_slave_0 added [ 1375.678733][T32524] team0: Port device team_slave_1 added [ 1375.707281][T25438] bridge_slave_1: left allmulticast mode [ 1375.729700][T25438] bridge_slave_1: left promiscuous mode [ 1375.754498][T25438] bridge0: port 2(bridge_slave_1) entered disabled state [ 1375.823577][T25438] bridge_slave_0: left allmulticast mode [ 1375.852626][T25438] bridge_slave_0: left promiscuous mode [ 1375.871620][T32607] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5891'. [ 1375.885662][T25438] bridge0: port 1(bridge_slave_0) entered disabled state [ 1376.359675][T25438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1376.408301][T25438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1376.441034][T25438] bond0 (unregistering): Released all slaves [ 1376.661352][T32524] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1376.674839][T32524] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1376.760722][T32524] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1376.873783][T32524] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1376.905524][T32524] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1376.994995][T32524] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1377.387518][T32524] hsr_slave_0: entered promiscuous mode [ 1377.414571][T32524] hsr_slave_1: entered promiscuous mode [ 1377.435383][T32524] debugfs: 'hsr0' already exists in 'hsr' [ 1377.441115][T32524] Cannot create hsr debugfs directory [ 1377.566535][T16623] Bluetooth: hci2: command tx timeout [ 1377.683081][T25438] hsr_slave_0: left promiscuous mode [ 1377.719907][T25438] hsr_slave_1: left promiscuous mode [ 1377.745883][T25438] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1377.753263][T25438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1377.801571][T25438] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1377.836282][T25438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1378.040269][T25438] veth1_macvtap: left promiscuous mode [ 1378.056482][T25438] veth0_macvtap: left promiscuous mode [ 1378.074713][T25438] veth1_vlan: left promiscuous mode [ 1378.079963][T25438] veth0_vlan: left promiscuous mode [ 1378.697818][T25438] team0 (unregistering): Port device team_slave_1 removed [ 1378.738614][T25438] team0 (unregistering): Port device team_slave_0 removed [ 1379.253427][T32446] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1379.393642][T32446] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1379.436243][T32446] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1379.467365][T32446] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1379.645695][T16623] Bluetooth: hci2: command tx timeout [ 1380.437609][T32446] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1380.653206][T32446] 8021q: adding VLAN 0 to HW filter on device team0 [ 1380.713391][T32424] bridge0: port 1(bridge_slave_0) entered blocking state [ 1380.720558][T32424] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1380.775453][T32424] bridge0: port 2(bridge_slave_1) entered blocking state [ 1380.782564][T32424] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1381.027959][T32524] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1381.091322][T32524] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1381.120199][T32524] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1381.171993][T32524] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1381.305725][T32695] vhci_hcd vhci_hcd.2: SetHubDepth req not supported for USB 2.0 roothub [ 1381.496466][T32524] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1381.571225][T32524] 8021q: adding VLAN 0 to HW filter on device team0 [ 1381.631525][T26476] bridge0: port 1(bridge_slave_0) entered blocking state [ 1381.638652][T26476] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1381.709324][T32446] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1381.745257][T26476] bridge0: port 2(bridge_slave_1) entered blocking state [ 1381.752371][T26476] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1381.927437][T32524] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1381.974907][T32524] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1381.989888][T32721] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5892'. [ 1382.039221][T32446] veth0_vlan: entered promiscuous mode [ 1382.142516][T32446] veth1_vlan: entered promiscuous mode [ 1382.372548][T32446] veth0_macvtap: entered promiscuous mode [ 1382.497135][T32446] veth1_macvtap: entered promiscuous mode [ 1382.634101][T32446] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1382.699645][T32446] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1382.812250][T32424] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1382.852549][T32424] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1382.874405][T32746] netlink: 342 bytes leftover after parsing attributes in process `syz.2.5894'. [ 1382.897366][T32524] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1382.948170][T32424] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1382.985489][T32424] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1383.307531][T25432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1383.318155][T32524] veth0_vlan: entered promiscuous mode [ 1383.343827][T25432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1383.497926][T32524] veth1_vlan: entered promiscuous mode [ 1383.551889][T26476] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1383.596635][T26476] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1383.693049][T32524] veth0_macvtap: entered promiscuous mode [ 1383.751542][T32751] bond0: option slaves: interface -Âô does not exist! [ 1383.797280][T32524] veth1_macvtap: entered promiscuous mode [ 1383.901683][T32524] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1383.943665][T32524] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1384.273243][T12460] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.352332][T25438] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.617421][T25438] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.688716][T25438] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1385.064519][T26476] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1385.127438][T26476] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1385.302417][T32424] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1385.339035][T32424] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1387.447325][ T394] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1388.662257][ T424] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5912'. [ 1388.818773][ T424] mac80211_hwsim hwsim70 ›: renamed from wlan0 (while UP) [ 1388.951763][ T428] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5913'. [ 1390.160942][ T458] random: crng reseeded on system resumption [ 1390.284781][ T462] sd 0:0:1:0: PR command failed: 1026 [ 1390.306470][ T462] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1390.337369][ T462] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1391.022169][ T469] FAULT_INJECTION: forcing a failure. [ 1391.022169][ T469] name failslab, interval 1, probability 0, space 0, times 0 [ 1391.084945][ T469] CPU: 0 UID: 0 PID: 469 Comm: syz.3.5917 Tainted: G L syzkaller #0 PREEMPT(full) [ 1391.084973][ T469] Tainted: [L]=SOFTLOCKUP [ 1391.084980][ T469] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1391.084990][ T469] Call Trace: [ 1391.084996][ T469] [ 1391.085003][ T469] dump_stack_lvl+0x100/0x190 [ 1391.085032][ T469] should_fail_ex.cold+0x5/0xa [ 1391.085050][ T469] should_failslab+0xc2/0x120 [ 1391.085067][ T469] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1391.085089][ T469] ? __d_alloc+0x34/0xa80 [ 1391.085109][ T469] __d_alloc+0x34/0xa80 [ 1391.085128][ T469] d_alloc+0x4a/0x1e0 [ 1391.085144][ T469] lookup_one_qstr_excl+0x175/0x250 [ 1391.085165][ T469] start_dirop+0x59/0xb0 [ 1391.085188][ T469] simple_start_creating+0xf9/0x110 [ 1391.085211][ T469] ? __pfx_simple_start_creating+0x10/0x10 [ 1391.085234][ T469] ? mntput+0x70/0xa0 [ 1391.085255][ T469] ? simple_pin_fs+0xa3/0x190 [ 1391.085276][ T469] debugfs_start_creating.part.0+0x82/0x170 [ 1391.085302][ T469] __debugfs_create_file+0xb3/0x4f0 [ 1391.085327][ T469] debugfs_create_file_full+0x41/0x60 [ 1391.085351][ T469] mac80211_hwsim_new_radio+0x2a80/0x57d0 [ 1391.085475][ T469] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1391.085502][ T469] hwsim_new_radio_nl+0xc1f/0x1340 [ 1391.085525][ T469] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1391.085551][ T469] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 1391.085575][ T469] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 1391.085601][ T469] genl_family_rcv_msg_doit+0x214/0x300 [ 1391.085625][ T469] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1391.085646][ T469] ? genl_get_cmd+0x3ef/0x720 [ 1391.085671][ T469] ? bpf_lsm_capable+0x9/0x10 [ 1391.085693][ T469] ? security_capable+0x80/0x260 [ 1391.085714][ T469] ? ns_capable+0xd2/0xf0 [ 1391.085731][ T469] genl_rcv_msg+0x560/0x800 [ 1391.085754][ T469] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1391.085777][ T469] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1391.085804][ T469] netlink_rcv_skb+0x159/0x420 [ 1391.085823][ T469] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1391.085845][ T469] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1391.085872][ T469] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1391.085893][ T469] genl_rcv+0x28/0x40 [ 1391.085911][ T469] netlink_unicast+0x5aa/0x870 [ 1391.085933][ T469] ? __pfx_netlink_unicast+0x10/0x10 [ 1391.085963][ T469] netlink_sendmsg+0x8b0/0xda0 [ 1391.085986][ T469] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1391.086004][ T469] ? __import_iovec+0x1d2/0x640 [ 1391.086021][ T469] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1391.086045][ T469] ____sys_sendmsg+0xa54/0xc30 [ 1391.086070][ T469] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1391.086096][ T469] ? __pfx_futex_wake_mark+0x10/0x10 [ 1391.086121][ T469] ___sys_sendmsg+0x190/0x1e0 [ 1391.086145][ T469] ? __pfx____sys_sendmsg+0x10/0x10 [ 1391.086191][ T469] __sys_sendmsg+0x170/0x220 [ 1391.086210][ T469] ? __pfx___sys_sendmsg+0x10/0x10 [ 1391.086227][ T469] ? __x64_sys_futex+0x34f/0x4d0 [ 1391.086258][ T469] do_syscall_64+0x106/0xf80 [ 1391.086276][ T469] ? clear_bhb_loop+0x40/0x90 [ 1391.086295][ T469] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1391.086310][ T469] RIP: 0033:0x7fb22a79c799 [ 1391.086324][ T469] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1391.086339][ T469] RSP: 002b:00007fb22b657028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1391.086355][ T469] RAX: ffffffffffffffda RBX: 00007fb22aa15fa0 RCX: 00007fb22a79c799 [ 1391.086365][ T469] RDX: 0000000000040004 RSI: 0000200000001400 RDI: 0000000000000008 [ 1391.086374][ T469] RBP: 00007fb22a832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1391.086383][ T469] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1391.086392][ T469] R13: 00007fb22aa16038 R14: 00007fb22aa15fa0 R15: 00007ffca86dc758 [ 1391.086412][ T469] [ 1393.272376][T25438] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1393.535591][T25438] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1393.902528][T29006] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1393.913008][T29006] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1393.920950][T29006] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1393.928961][T29006] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1393.936544][T29006] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1394.063712][ T524] FAULT_INJECTION: forcing a failure. [ 1394.063712][ T524] name failslab, interval 1, probability 0, space 0, times 0 [ 1394.122602][ T524] CPU: 0 UID: 0 PID: 524 Comm: syz.0.5927 Tainted: G L syzkaller #0 PREEMPT(full) [ 1394.122628][ T524] Tainted: [L]=SOFTLOCKUP [ 1394.122634][ T524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1394.122644][ T524] Call Trace: [ 1394.122650][ T524] [ 1394.122656][ T524] dump_stack_lvl+0x100/0x190 [ 1394.122685][ T524] should_fail_ex.cold+0x5/0xa [ 1394.122703][ T524] should_failslab+0xc2/0x120 [ 1394.122721][ T524] __kvmalloc_node_noprof+0xfa/0xa00 [ 1394.122743][ T524] ? traverse.part.0.constprop.0+0x397/0x650 [ 1394.122781][ T524] traverse.part.0.constprop.0+0x397/0x650 [ 1394.122811][ T524] seq_read_iter+0x93f/0x1270 [ 1394.122838][ T524] ? aa_file_perm+0x7f3/0x14d0 [ 1394.122866][ T524] seq_read+0x33b/0x4c0 [ 1394.122888][ T524] ? __pfx_seq_read+0x10/0x10 [ 1394.122923][ T524] ? __pfx_seq_read+0x10/0x10 [ 1394.122945][ T524] proc_reg_read+0x240/0x330 [ 1394.122969][ T524] ? __pfx_proc_reg_read+0x10/0x10 [ 1394.122991][ T524] vfs_read+0x1e4/0xb30 [ 1394.123015][ T524] ? __pfx_vfs_read+0x10/0x10 [ 1394.123036][ T524] ? find_held_lock+0x2b/0x80 [ 1394.123049][ T524] ? __fget_files+0x215/0x3d0 [ 1394.123062][ T524] ? __fget_files+0x215/0x3d0 [ 1394.123079][ T524] ? __fget_files+0x21f/0x3d0 [ 1394.123098][ T524] __x64_sys_pread64+0x1eb/0x250 [ 1394.123113][ T524] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1394.123133][ T524] do_syscall_64+0x106/0xf80 [ 1394.123152][ T524] ? clear_bhb_loop+0x40/0x90 [ 1394.123171][ T524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1394.123186][ T524] RIP: 0033:0x7f0b6e99c799 [ 1394.123201][ T524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1394.123216][ T524] RSP: 002b:00007f0b6f8a6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1394.123231][ T524] RAX: ffffffffffffffda RBX: 00007f0b6ec15fa0 RCX: 00007f0b6e99c799 [ 1394.123241][ T524] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 1394.123250][ T524] RBP: 00007f0b6ea32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1394.123260][ T524] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 1394.123269][ T524] R13: 00007f0b6ec16038 R14: 00007f0b6ec15fa0 R15: 00007ffe4df95f58 [ 1394.123289][ T524] [ 1395.160378][T25438] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1395.287633][ T527] FAULT_INJECTION: forcing a failure. [ 1395.287633][ T527] name failslab, interval 1, probability 0, space 0, times 0 [ 1395.398068][ T527] CPU: 0 UID: 0 PID: 527 Comm: syz.2.5928 Tainted: G L syzkaller #0 PREEMPT(full) [ 1395.398097][ T527] Tainted: [L]=SOFTLOCKUP [ 1395.398103][ T527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1395.398112][ T527] Call Trace: [ 1395.398118][ T527] [ 1395.398124][ T527] dump_stack_lvl+0x100/0x190 [ 1395.398152][ T527] should_fail_ex.cold+0x5/0xa [ 1395.398171][ T527] should_failslab+0xc2/0x120 [ 1395.398188][ T527] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1395.398209][ T527] ? __kernfs_new_node+0xd2/0x960 [ 1395.398229][ T527] ? kstrdup+0xb3/0xe0 [ 1395.398254][ T527] __kernfs_new_node+0xd2/0x960 [ 1395.398276][ T527] ? __pfx___kernfs_new_node+0x10/0x10 [ 1395.398302][ T527] ? find_held_lock+0x2b/0x80 [ 1395.398316][ T527] ? kernfs_root+0xee/0x2a0 [ 1395.398334][ T527] ? kernfs_root+0xee/0x2a0 [ 1395.398359][ T527] kernfs_new_node+0x11b/0x1a0 [ 1395.398390][ T527] kernfs_create_dir_ns+0x4c/0x1a0 [ 1395.398415][ T527] sysfs_create_dir_ns+0x13a/0x2b0 [ 1395.398435][ T527] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1395.398455][ T527] ? find_held_lock+0x2b/0x80 [ 1395.398469][ T527] ? kobject_add_internal+0x25f/0x930 [ 1395.398562][ T527] ? kobject_add_internal+0x25f/0x930 [ 1395.398584][ T527] ? wiphy_namespace+0x12/0x50 [ 1395.398660][ T527] ? device_namespace+0x76/0xa0 [ 1395.398688][ T527] kobject_add_internal+0x2c8/0x930 [ 1395.398713][ T527] kobject_add+0x16a/0x1e0 [ 1395.398734][ T527] ? __pfx_kobject_add+0x10/0x10 [ 1395.398758][ T527] ? kobject_put+0xb9/0x640 [ 1395.398783][ T527] device_add+0x294/0x1950 [ 1395.398808][ T527] ? __pfx_device_add+0x10/0x10 [ 1395.398831][ T527] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1395.398857][ T527] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 1395.398878][ T527] wiphy_register+0x1e5b/0x2d30 [ 1395.398898][ T527] ? __rtnl_unlock+0xb9/0xf0 [ 1395.398918][ T527] ? netdev_run_todo+0x820/0x12c0 [ 1395.398942][ T527] ? __pfx_wiphy_register+0x10/0x10 [ 1395.398962][ T527] ? __asan_memset+0x23/0x50 [ 1395.398983][ T527] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 1395.399012][ T527] ieee80211_register_hw+0x2cfd/0x4140 [ 1395.399102][ T527] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1395.399123][ T527] ? __pfx___debug_object_init+0x10/0x10 [ 1395.399149][ T527] ? find_held_lock+0x2b/0x80 [ 1395.399164][ T527] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1395.399189][ T527] ? __hrtimer_setup+0x178/0x280 [ 1395.399211][ T527] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 1395.399245][ T527] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1395.399272][ T527] hwsim_new_radio_nl+0xc1f/0x1340 [ 1395.399294][ T527] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1395.399321][ T527] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 1395.399343][ T527] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 1395.399369][ T527] genl_family_rcv_msg_doit+0x214/0x300 [ 1395.399401][ T527] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1395.399423][ T527] ? genl_get_cmd+0x3ef/0x720 [ 1395.399450][ T527] ? bpf_lsm_capable+0x9/0x10 [ 1395.399466][ T527] ? security_capable+0x80/0x260 [ 1395.399487][ T527] ? ns_capable+0xd2/0xf0 [ 1395.399503][ T527] genl_rcv_msg+0x560/0x800 [ 1395.399527][ T527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1395.399549][ T527] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1395.399577][ T527] netlink_rcv_skb+0x159/0x420 [ 1395.399596][ T527] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1395.399618][ T527] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1395.399646][ T527] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1395.399668][ T527] genl_rcv+0x28/0x40 [ 1395.399686][ T527] netlink_unicast+0x5aa/0x870 [ 1395.399709][ T527] ? __pfx_netlink_unicast+0x10/0x10 [ 1395.399736][ T527] netlink_sendmsg+0x8b0/0xda0 [ 1395.399759][ T527] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1395.399777][ T527] ? __import_iovec+0x1d2/0x640 [ 1395.399794][ T527] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1395.399817][ T527] ____sys_sendmsg+0xa54/0xc30 [ 1395.399841][ T527] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1395.399867][ T527] ? __pfx_futex_wake_mark+0x10/0x10 [ 1395.399893][ T527] ___sys_sendmsg+0x190/0x1e0 [ 1395.399916][ T527] ? __pfx____sys_sendmsg+0x10/0x10 [ 1395.399963][ T527] __sys_sendmsg+0x170/0x220 [ 1395.399981][ T527] ? __pfx___sys_sendmsg+0x10/0x10 [ 1395.399999][ T527] ? __x64_sys_futex+0x34f/0x4d0 [ 1395.400029][ T527] do_syscall_64+0x106/0xf80 [ 1395.400047][ T527] ? clear_bhb_loop+0x40/0x90 [ 1395.400067][ T527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1395.400083][ T527] RIP: 0033:0x7fdbd8f9c799 [ 1395.400097][ T527] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1395.400112][ T527] RSP: 002b:00007fdbd9dad028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1395.400128][ T527] RAX: ffffffffffffffda RBX: 00007fdbd9215fa0 RCX: 00007fdbd8f9c799 [ 1395.400139][ T527] RDX: 0000000000040004 RSI: 0000200000001400 RDI: 0000000000000008 [ 1395.400149][ T527] RBP: 00007fdbd9032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1395.400158][ T527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1395.400167][ T527] R13: 00007fdbd9216038 R14: 00007fdbd9215fa0 R15: 00007ffe3a083938 [ 1395.400188][ T527] [ 1395.400216][ T527] kobject: kobject_add_internal failed for phy77 (error: -12 parent: ieee80211) [ 1396.054812][T29006] Bluetooth: hci2: command tx timeout [ 1397.238497][T25438] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1397.323844][ T563] FAULT_INJECTION: forcing a failure. [ 1397.323844][ T563] name failslab, interval 1, probability 0, space 0, times 0 [ 1397.384913][ T563] CPU: 0 UID: 0 PID: 563 Comm: syz.2.5930 Tainted: G L syzkaller #0 PREEMPT(full) [ 1397.384941][ T563] Tainted: [L]=SOFTLOCKUP [ 1397.384947][ T563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1397.384956][ T563] Call Trace: [ 1397.384963][ T563] [ 1397.384969][ T563] dump_stack_lvl+0x100/0x190 [ 1397.384998][ T563] should_fail_ex.cold+0x5/0xa [ 1397.385016][ T563] should_failslab+0xc2/0x120 [ 1397.385032][ T563] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1397.385051][ T563] ? alloc_mnt_ns+0xce/0x520 [ 1397.385076][ T563] alloc_mnt_ns+0xce/0x520 [ 1397.385098][ T563] copy_mnt_ns+0x220/0xc30 [ 1397.385115][ T563] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 1397.385136][ T563] ? create_new_namespaces+0x30/0xac0 [ 1397.385152][ T563] ? rcu_is_watching+0x12/0xc0 [ 1397.385176][ T563] create_new_namespaces+0xd3/0xac0 [ 1397.385191][ T563] ? bpf_lsm_capable+0x9/0x10 [ 1397.385206][ T563] ? security_capable+0x80/0x260 [ 1397.385238][ T563] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1397.385257][ T563] ksys_unshare+0x473/0xad0 [ 1397.385277][ T563] ? __pfx_ksys_unshare+0x10/0x10 [ 1397.385303][ T563] __x64_sys_unshare+0x31/0x40 [ 1397.385322][ T563] do_syscall_64+0x106/0xf80 [ 1397.385339][ T563] ? clear_bhb_loop+0x40/0x90 [ 1397.385357][ T563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1397.385373][ T563] RIP: 0033:0x7fdbd8f9c799 [ 1397.385388][ T563] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1397.385403][ T563] RSP: 002b:00007fdbd9dad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1397.385419][ T563] RAX: ffffffffffffffda RBX: 00007fdbd9215fa0 RCX: 00007fdbd8f9c799 [ 1397.385429][ T563] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 1397.385438][ T563] RBP: 00007fdbd9032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1397.385448][ T563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1397.385457][ T563] R13: 00007fdbd9216038 R14: 00007fdbd9215fa0 R15: 00007ffe3a083938 [ 1397.385477][ T563] [ 1397.653780][ T29] audit: type=1804 audit(4294967380.720:106): pid=565 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.5930" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 1397.887882][ T533] chnl_net:caif_netlink_parms(): no params data found [ 1398.075938][T25438] bridge_slave_1: left allmulticast mode [ 1398.082391][T25438] bridge_slave_1: left promiscuous mode [ 1398.103085][T25438] bridge0: port 2(bridge_slave_1) entered disabled state [ 1398.125479][T29006] Bluetooth: hci2: command tx timeout [ 1398.152600][T25438] bridge_slave_0: left allmulticast mode [ 1398.174840][T25438] bridge_slave_0: left promiscuous mode [ 1398.180673][T25438] bridge0: port 1(bridge_slave_0) entered disabled state [ 1398.703816][T16623] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1398.724257][T16623] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1398.732157][T16623] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1398.739772][T16623] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1398.754977][T16623] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1398.933682][T25438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1398.983396][T25438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1399.016030][T25438] bond0 (unregistering): Released all slaves [ 1399.367457][ T533] bridge0: port 1(bridge_slave_0) entered blocking state [ 1399.388950][ T533] bridge0: port 1(bridge_slave_0) entered disabled state [ 1399.409187][ T533] bridge_slave_0: entered allmulticast mode [ 1399.429440][ T533] bridge_slave_0: entered promiscuous mode [ 1399.444366][ T533] bridge0: port 2(bridge_slave_1) entered blocking state [ 1399.452935][ T533] bridge0: port 2(bridge_slave_1) entered disabled state [ 1399.460320][ T533] bridge_slave_1: entered allmulticast mode [ 1399.467985][ T533] bridge_slave_1: entered promiscuous mode [ 1399.632711][ T533] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1399.679084][T25438] hsr_slave_0: left promiscuous mode [ 1399.687446][T25438] hsr_slave_1: left promiscuous mode [ 1399.703354][T25438] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1399.719976][T25438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1399.734393][T25438] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1399.755068][T25438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1399.782756][T25438] veth1_macvtap: left promiscuous mode [ 1399.803171][T25438] veth0_macvtap: left promiscuous mode [ 1399.821451][T25438] veth1_vlan: left promiscuous mode [ 1399.831502][T25438] veth0_vlan: left promiscuous mode [ 1400.189513][T25438] team0 (unregistering): Port device team_slave_1 removed [ 1400.207908][T16623] Bluetooth: hci2: command tx timeout [ 1400.223423][T25438] team0 (unregistering): Port device team_slave_0 removed [ 1400.331760][ T533] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1400.490496][ T533] team0: Port device team_slave_0 added [ 1400.523946][ T533] team0: Port device team_slave_1 added [ 1400.765150][ T533] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1400.772100][ T533] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1400.847443][T16623] Bluetooth: hci1: command tx timeout [ 1400.921271][ T533] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1400.973629][ T533] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1401.002250][ T533] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1401.078850][ T533] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1401.362732][ T594] chnl_net:caif_netlink_parms(): no params data found [ 1401.440135][ T533] hsr_slave_0: entered promiscuous mode [ 1401.463208][ T533] hsr_slave_1: entered promiscuous mode [ 1401.497204][ T533] debugfs: 'hsr0' already exists in 'hsr' [ 1401.530819][ T533] Cannot create hsr debugfs directory [ 1401.858208][T25438] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1401.976306][T25438] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1402.186549][T25438] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1402.288340][T16623] Bluetooth: hci2: command tx timeout [ 1402.355263][T25438] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1402.430343][ T594] bridge0: port 1(bridge_slave_0) entered blocking state [ 1402.457051][ T594] bridge0: port 1(bridge_slave_0) entered disabled state [ 1402.485809][ T594] bridge_slave_0: entered allmulticast mode [ 1402.513521][ T594] bridge_slave_0: entered promiscuous mode [ 1402.618899][ T594] bridge0: port 2(bridge_slave_1) entered blocking state [ 1402.643710][ T594] bridge0: port 2(bridge_slave_1) entered disabled state [ 1402.672502][ T594] bridge_slave_1: entered allmulticast mode [ 1402.699961][ T594] bridge_slave_1: entered promiscuous mode [ 1402.927779][T16623] Bluetooth: hci1: command tx timeout [ 1402.997283][ T682] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5942'. [ 1403.033482][ T594] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1403.085330][ T594] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1403.285791][ T594] team0: Port device team_slave_0 added [ 1403.410112][T25438] bridge_slave_1: left allmulticast mode [ 1403.428885][T25438] bridge_slave_1: left promiscuous mode [ 1403.434585][T25438] bridge0: port 2(bridge_slave_1) entered disabled state [ 1403.470271][T25438] bridge_slave_0: left allmulticast mode [ 1403.495699][T25438] bridge_slave_0: left promiscuous mode [ 1403.524877][T25438] bridge0: port 1(bridge_slave_0) entered disabled state [ 1403.921605][T25438] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1403.947361][T25438] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1403.974789][T25438] bond0 (unregistering): Released all slaves [ 1404.004211][ T594] team0: Port device team_slave_1 added [ 1404.197518][ T594] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1404.204553][ T594] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1404.316748][ T594] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1404.435651][ T706] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 1404.673323][ T594] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1404.695413][ T594] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1404.773276][ T594] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1404.935600][ T594] hsr_slave_0: entered promiscuous mode [ 1404.965407][ T594] hsr_slave_1: entered promiscuous mode [ 1404.971388][ T594] debugfs: 'hsr0' already exists in 'hsr' [ 1405.007813][T16623] Bluetooth: hci1: command tx timeout [ 1405.041893][ T594] Cannot create hsr debugfs directory [ 1405.545150][T25438] hsr_slave_0: left promiscuous mode [ 1405.571246][T25438] hsr_slave_1: left promiscuous mode [ 1405.601571][T25438] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1405.645769][T25438] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1405.673642][T25438] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1405.716477][T25438] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1405.893316][T25438] veth1_macvtap: left promiscuous mode [ 1405.899575][T25438] veth0_macvtap: left promiscuous mode [ 1405.921806][T25438] veth1_vlan: left promiscuous mode [ 1405.937982][T25438] veth0_vlan: left promiscuous mode [ 1405.998897][ T737] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1406.607486][T25438] team0 (unregistering): Port device team_slave_1 removed [ 1406.716230][T25438] team0 (unregistering): Port device team_slave_0 removed [ 1407.092964][T16623] Bluetooth: hci1: command tx timeout [ 1407.286219][ T533] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1407.333698][ T533] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1407.392590][ T533] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1407.549111][ T533] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1407.766757][ T740] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5950'. [ 1408.532558][ T769] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5952'. [ 1408.980063][ T533] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1409.061816][ T533] 8021q: adding VLAN 0 to HW filter on device team0 [ 1409.146988][T32424] bridge0: port 1(bridge_slave_0) entered blocking state [ 1409.154107][T32424] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1409.305772][T32424] bridge0: port 2(bridge_slave_1) entered blocking state [ 1409.312866][T32424] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1409.412375][ T533] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1409.493675][ T594] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1409.667993][ T594] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1409.701220][ T594] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1409.761751][ T594] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1409.899386][ T533] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1410.079815][ T533] veth0_vlan: entered promiscuous mode [ 1410.119974][ T533] veth1_vlan: entered promiscuous mode [ 1410.170248][ T594] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1410.240180][ T594] 8021q: adding VLAN 0 to HW filter on device team0 [ 1410.306466][T25436] bridge0: port 1(bridge_slave_0) entered blocking state [ 1410.313579][T25436] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1410.378526][T25436] bridge0: port 2(bridge_slave_1) entered blocking state [ 1410.385647][T25436] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1410.463436][ T533] veth0_macvtap: entered promiscuous mode [ 1410.516668][ T533] veth1_macvtap: entered promiscuous mode [ 1410.633118][ T533] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1410.718899][ T594] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1410.776314][ T533] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1410.897930][T32424] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1410.926234][T32424] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1411.033647][T32424] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1411.065018][T32424] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1411.260380][T25438] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1411.304123][T25438] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1411.352729][T25436] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1411.414705][T25436] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1411.563741][ T835] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5956'. [ 1411.592671][ T594] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1411.799328][ T594] veth0_vlan: entered promiscuous mode [ 1411.803392][ T594] veth1_vlan: entered promiscuous mode [ 1411.906782][ T594] veth0_macvtap: entered promiscuous mode [ 1411.920904][ T594] veth1_macvtap: entered promiscuous mode [ 1411.968050][ T849] netlink: 330 bytes leftover after parsing attributes in process `syz.3.5925'. [ 1411.982852][ T849] mac80211_hwsim hwsim79 ›: renamed from wlan0 (while UP) [ 1412.098036][ T594] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1412.118540][ T594] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1412.140353][T26476] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.140419][T26476] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.140445][T26476] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.140470][T26476] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1412.352983][T26476] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1412.353008][T26476] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1412.443515][T25432] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1412.443533][T25432] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1416.987190][ T977] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5968'. [ 1417.094122][ T977] mac80211_hwsim hwsim81 ›: renamed from wlan0 (while UP) [ 1417.132327][ T981] block nbd2: not configured, cannot reconfigure [ 1418.318712][ T1014] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5974'. [ 1422.333600][ T1111] FAULT_INJECTION: forcing a failure. [ 1422.333600][ T1111] name failslab, interval 1, probability 0, space 0, times 0 [ 1422.384762][ T1111] CPU: 0 UID: 0 PID: 1111 Comm: syz.2.5997 Tainted: G L syzkaller #0 PREEMPT(full) [ 1422.384789][ T1111] Tainted: [L]=SOFTLOCKUP [ 1422.384796][ T1111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1422.384806][ T1111] Call Trace: [ 1422.384812][ T1111] [ 1422.384819][ T1111] dump_stack_lvl+0x100/0x190 [ 1422.384847][ T1111] should_fail_ex.cold+0x5/0xa [ 1422.384866][ T1111] should_failslab+0xc2/0x120 [ 1422.384882][ T1111] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1422.384903][ T1111] ? copy_process+0x27a4/0x7a10 [ 1422.384924][ T1111] copy_process+0x27a4/0x7a10 [ 1422.384950][ T1111] ? __pfx_copy_process+0x10/0x10 [ 1422.384967][ T1111] ? find_held_lock+0x2b/0x80 [ 1422.384989][ T1111] kernel_clone+0xfc/0x9a0 [ 1422.385004][ T1111] ? __pfx_futex_wait+0x10/0x10 [ 1422.385028][ T1111] ? __pfx_kernel_clone+0x10/0x10 [ 1422.385055][ T1111] __do_sys_clone+0xd9/0x120 [ 1422.385073][ T1111] ? __pfx___do_sys_clone+0x10/0x10 [ 1422.385105][ T1111] do_syscall_64+0x106/0xf80 [ 1422.385123][ T1111] ? clear_bhb_loop+0x40/0x90 [ 1422.385141][ T1111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1422.385157][ T1111] RIP: 0033:0x7fdbd8f9c799 [ 1422.385170][ T1111] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1422.385185][ T1111] RSP: 002b:00007fdbd9dacfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1422.385200][ T1111] RAX: ffffffffffffffda RBX: 00007fdbd9215fa0 RCX: 00007fdbd8f9c799 [ 1422.385211][ T1111] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000600 [ 1422.385220][ T1111] RBP: 00007fdbd9032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1422.385229][ T1111] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1422.385238][ T1111] R13: 00007fdbd9216038 R14: 00007fdbd9215fa0 R15: 00007ffe3a083938 [ 1422.385258][ T1111] [ 1423.047525][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.053868][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1424.003064][ T1127] FAULT_INJECTION: forcing a failure. [ 1424.003064][ T1127] name failslab, interval 1, probability 0, space 0, times 0 [ 1424.068063][ T1127] CPU: 0 UID: 0 PID: 1127 Comm: syz.2.5999 Tainted: G L syzkaller #0 PREEMPT(full) [ 1424.068088][ T1127] Tainted: [L]=SOFTLOCKUP [ 1424.068094][ T1127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1424.068103][ T1127] Call Trace: [ 1424.068109][ T1127] [ 1424.068115][ T1127] dump_stack_lvl+0x100/0x190 [ 1424.068142][ T1127] should_fail_ex.cold+0x5/0xa [ 1424.068159][ T1127] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1424.068175][ T1127] should_failslab+0xc2/0x120 [ 1424.068190][ T1127] __kmalloc_noprof+0xe0/0x850 [ 1424.068216][ T1127] tomoyo_realpath_from_path+0xb6/0x690 [ 1424.068236][ T1127] tomoyo_path_number_perm+0x23c/0x580 [ 1424.068258][ T1127] ? tomoyo_path_number_perm+0x22e/0x580 [ 1424.068281][ T1127] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1424.068343][ T1127] ? find_held_lock+0x2b/0x80 [ 1424.068357][ T1127] ? __fget_files+0x215/0x3d0 [ 1424.068370][ T1127] ? hook_file_ioctl_common+0x146/0x410 [ 1424.068396][ T1127] ? __fget_files+0x21f/0x3d0 [ 1424.068412][ T1127] security_file_ioctl+0xd3/0x230 [ 1424.068436][ T1127] __x64_sys_ioctl+0xb7/0x210 [ 1424.068458][ T1127] do_syscall_64+0x106/0xf80 [ 1424.068474][ T1127] ? clear_bhb_loop+0x40/0x90 [ 1424.068493][ T1127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1424.068507][ T1127] RIP: 0033:0x7fdbd8f9c799 [ 1424.068520][ T1127] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1424.068534][ T1127] RSP: 002b:00007fdbd9d8c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1424.068549][ T1127] RAX: ffffffffffffffda RBX: 00007fdbd9216090 RCX: 00007fdbd8f9c799 [ 1424.068559][ T1127] RDX: 0000000000000008 RSI: 0000000000008941 RDI: 0000000000000003 [ 1424.068567][ T1127] RBP: 00007fdbd9d8c090 R08: 0000000000000000 R09: 0000000000000000 [ 1424.068576][ T1127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1424.068585][ T1127] R13: 00007fdbd9216128 R14: 00007fdbd9216090 R15: 00007ffe3a083938 [ 1424.068604][ T1127] [ 1424.068610][ T1127] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1424.642781][ T1134] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6002'. [ 1424.852530][ T1139] Invalid ELF header magic: != ELF [ 1425.376295][ T1151] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1426.019281][ T1160] netlink: 330 bytes leftover after parsing attributes in process `syz.3.6007'. [ 1426.473079][ T1174] netlink: 'syz.1.6008': attribute type 10 has an invalid length. [ 1426.534595][ T1178] FAULT_INJECTION: forcing a failure. [ 1426.534595][ T1178] name failslab, interval 1, probability 0, space 0, times 0 [ 1426.540855][ T1174] netlink: 230 bytes leftover after parsing attributes in process `syz.1.6008'. [ 1426.563099][ T1178] CPU: 0 UID: 0 PID: 1178 Comm: syz.3.6011 Tainted: G L syzkaller #0 PREEMPT(full) [ 1426.563122][ T1178] Tainted: [L]=SOFTLOCKUP [ 1426.563128][ T1178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1426.563142][ T1178] Call Trace: [ 1426.563148][ T1178] [ 1426.563153][ T1178] dump_stack_lvl+0x100/0x190 [ 1426.563180][ T1178] should_fail_ex.cold+0x5/0xa [ 1426.563197][ T1178] ? vb2_core_allocated_buffers_storage+0x184/0x220 [ 1426.563221][ T1178] should_failslab+0xc2/0x120 [ 1426.563236][ T1178] __kmalloc_noprof+0xe0/0x850 [ 1426.563262][ T1178] vb2_core_allocated_buffers_storage+0x184/0x220 [ 1426.563285][ T1178] vb2_core_reqbufs+0x382/0xf30 [ 1426.563310][ T1178] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 1426.563342][ T1178] __vb2_init_fileio+0x32d/0x1000 [ 1426.563363][ T1178] ? vb2_fop_write+0xe5/0x550 [ 1426.563383][ T1178] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1426.563410][ T1178] __vb2_perform_fileio+0x91e/0x1380 [ 1426.563437][ T1178] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 1426.563465][ T1178] vb2_fop_write+0x1f8/0x550 [ 1426.563487][ T1178] v4l2_write+0x229/0x2c0 [ 1426.563508][ T1178] vfs_write+0x2aa/0x1070 [ 1426.563531][ T1178] ? __pfx_v4l2_write+0x10/0x10 [ 1426.563551][ T1178] ? __pfx_vfs_write+0x10/0x10 [ 1426.563571][ T1178] ? find_held_lock+0x2b/0x80 [ 1426.563585][ T1178] ? __fget_files+0x215/0x3d0 [ 1426.563597][ T1178] ? __fget_files+0x215/0x3d0 [ 1426.563614][ T1178] ? __fget_files+0x21f/0x3d0 [ 1426.563632][ T1178] ksys_write+0x12a/0x250 [ 1426.563653][ T1178] ? __pfx_ksys_write+0x10/0x10 [ 1426.563681][ T1178] do_syscall_64+0x106/0xf80 [ 1426.563698][ T1178] ? clear_bhb_loop+0x40/0x90 [ 1426.563717][ T1178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1426.563731][ T1178] RIP: 0033:0x7f9a4f99c799 [ 1426.563744][ T1178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1426.563758][ T1178] RSP: 002b:00007f9a50905028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1426.563772][ T1178] RAX: ffffffffffffffda RBX: 00007f9a4fc15fa0 RCX: 00007f9a4f99c799 [ 1426.563782][ T1178] RDX: 00000000ffffffff RSI: 0000200000000340 RDI: 0000000000000003 [ 1426.563791][ T1178] RBP: 00007f9a4fa32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1426.563800][ T1178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1426.563809][ T1178] R13: 00007f9a4fc16038 R14: 00007f9a4fc15fa0 R15: 00007ffc4625f918 [ 1426.563828][ T1178] [ 1427.377243][ T1183] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888000000000 pfn:0x7fe0a [ 1427.405504][ T1183] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1427.420712][ T1183] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1427.438350][ T1183] raw: ffff888000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 1427.464775][ T1183] page dumped because: unmovable page [ 1427.494717][ T1183] page_owner tracks the page as allocated [ 1427.500897][ T1183] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 27447, tgid 27447 (syz-executor), ts 1418145065745, free_ts 1418124890959 [ 1427.556448][ T1183] post_alloc_hook+0x153/0x170 [ 1427.571501][ T1183] get_page_from_freelist+0x111d/0x3140 [ 1427.584830][ T1183] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1427.603143][ T1183] alloc_pages_bulk_noprof+0x782/0x1490 [ 1427.627269][ T1183] __kasan_populate_vmalloc+0xf0/0x210 [ 1427.642955][ T1183] alloc_vmap_area+0x95d/0x2bd0 [ 1427.650851][ T1183] __get_vm_area_node+0x1ca/0x330 [ 1427.664852][ T1183] __vmalloc_node_range_noprof+0x213/0x1530 [ 1427.759277][ T1183] __vmalloc_node_noprof+0xad/0xf0 [ 1427.807685][ T1183] copy_process+0x5ec/0x7a10 [ 1427.847224][ T1183] kernel_clone+0xfc/0x9a0 [ 1427.887894][ T1183] __do_sys_clone+0xd9/0x120 [ 1427.932687][ T1183] do_syscall_64+0x106/0xf80 [ 1427.946185][ T1206] FAULT_INJECTION: forcing a failure. [ 1427.946185][ T1206] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1428.022504][ T1206] CPU: 0 UID: 0 PID: 1206 Comm: syz.0.6017 Tainted: G L syzkaller #0 PREEMPT(full) [ 1428.022531][ T1206] Tainted: [L]=SOFTLOCKUP [ 1428.022536][ T1206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1428.022546][ T1206] Call Trace: [ 1428.022552][ T1206] [ 1428.022559][ T1206] dump_stack_lvl+0x100/0x190 [ 1428.022587][ T1206] should_fail_ex.cold+0x5/0xa [ 1428.022606][ T1206] _copy_from_user+0x2e/0xd0 [ 1428.022631][ T1206] copy_mount_options+0x76/0x190 [ 1428.022653][ T1206] __x64_sys_mount+0x1ab/0x310 [ 1428.022671][ T1206] ? __pfx___x64_sys_mount+0x10/0x10 [ 1428.022693][ T1206] do_syscall_64+0x106/0xf80 [ 1428.022711][ T1206] ? clear_bhb_loop+0x40/0x90 [ 1428.022729][ T1206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1428.022745][ T1206] RIP: 0033:0x7f8b0f39c799 [ 1428.022758][ T1206] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1428.022774][ T1206] RSP: 002b:00007f8b10191028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1428.022789][ T1206] RAX: ffffffffffffffda RBX: 00007f8b0f616090 RCX: 00007f8b0f39c799 [ 1428.022800][ T1206] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 1428.022809][ T1206] RBP: 00007f8b0f432bd9 R08: 0000200000000280 R09: 0000000000000000 [ 1428.022819][ T1206] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1428.022828][ T1206] R13: 00007f8b0f616128 R14: 00007f8b0f616090 R15: 00007ffd79b86468 [ 1428.022848][ T1206] [ 1428.181609][ T1183] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1428.188065][ T1183] page last free pid 1003 tgid 997 stack trace: [ 1428.194368][ T1183] __free_frozen_pages+0x7e1/0x10d0 [ 1428.199647][ T1183] tlb_remove_table_rcu+0x2b2/0x390 [ 1428.204903][ T1183] rcu_core+0x5a2/0x10d0 [ 1428.209153][ T1183] handle_softirqs+0x1eb/0x9e0 [ 1428.213949][ T1183] __irq_exit_rcu+0xef/0x150 [ 1428.218559][ T1183] irq_exit_rcu+0x9/0x30 [ 1428.222787][ T1183] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 1428.228473][ T1183] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1428.643186][ T1215] Invalid ELF header magic: != ELF [ 1429.139709][ T1221] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 1429.286965][ T1221] FAULT_INJECTION: forcing a failure. [ 1429.286965][ T1221] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1429.347032][ T1221] CPU: 0 UID: 0 PID: 1221 Comm: syz.0.6022 Tainted: G L syzkaller #0 PREEMPT(full) [ 1429.347057][ T1221] Tainted: [L]=SOFTLOCKUP [ 1429.347066][ T1221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1429.347075][ T1221] Call Trace: [ 1429.347081][ T1221] [ 1429.347087][ T1221] dump_stack_lvl+0x100/0x190 [ 1429.347114][ T1221] should_fail_ex.cold+0x5/0xa [ 1429.347132][ T1221] _copy_from_iter+0x1f4/0x1690 [ 1429.347152][ T1221] ? __pfx__copy_from_iter+0x10/0x10 [ 1429.347180][ T1221] ? __pfx___might_resched+0x10/0x10 [ 1429.347206][ T1221] file_tty_write.isra.0+0x45b/0x890 [ 1429.347232][ T1221] redirected_tty_write+0xd4/0x120 [ 1429.347251][ T1221] vfs_write+0x6ac/0x1070 [ 1429.347275][ T1221] ? __pfx_redirected_tty_write+0x10/0x10 [ 1429.347295][ T1221] ? __pfx_vfs_write+0x10/0x10 [ 1429.347316][ T1221] ? find_held_lock+0x2b/0x80 [ 1429.347342][ T1221] ksys_write+0x12a/0x250 [ 1429.347364][ T1221] ? __pfx_ksys_write+0x10/0x10 [ 1429.347391][ T1221] do_syscall_64+0x106/0xf80 [ 1429.347409][ T1221] ? clear_bhb_loop+0x40/0x90 [ 1429.347428][ T1221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1429.347443][ T1221] RIP: 0033:0x7f8b0f39c799 [ 1429.347456][ T1221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1429.347470][ T1221] RSP: 002b:00007f8b101b2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1429.347485][ T1221] RAX: ffffffffffffffda RBX: 00007f8b0f615fa0 RCX: 00007f8b0f39c799 [ 1429.347495][ T1221] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 000000000000000b [ 1429.347505][ T1221] RBP: 00007f8b0f432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1429.347514][ T1221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1429.347523][ T1221] R13: 00007f8b0f616038 R14: 00007f8b0f615fa0 R15: 00007ffd79b86468 [ 1429.347543][ T1221] [ 1429.877446][T25432] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u11:1: bg 4: bad block bitmap checksum [ 1429.925761][T25432] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 0 with max blocks 1 with error 74 [ 1429.973420][T25432] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1429.973420][T25432] [ 1430.092517][T25432] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm kworker/u11:1: bg 5: bad block bitmap checksum [ 1430.120574][T25432] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 4692 with max blocks 1 with error 74 [ 1430.228827][T25432] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1430.228827][T25432] [ 1430.646763][ T1265] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6029'. [ 1431.809694][ T1293] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6034'. [ 1433.348269][ T1328] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6041'. [ 1433.671890][T26476] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 0 with max blocks 1 with error 117 [ 1433.781577][T26476] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1433.781577][T26476] [ 1433.846730][T26476] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 4694 with max blocks 1 with error 117 [ 1433.957744][T26476] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1433.957744][T26476] [ 1434.079307][T26476] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 0 with max blocks 1 with error 117 [ 1434.139017][T26476] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1434.139017][T26476] [ 1434.472550][ T1345] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6044'. [ 1435.615810][ T1376] FAULT_INJECTION: forcing a failure. [ 1435.615810][ T1376] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1435.862268][ T1376] CPU: 0 UID: 0 PID: 1376 Comm: syz.3.6052 Tainted: G L syzkaller #0 PREEMPT(full) [ 1435.862296][ T1376] Tainted: [L]=SOFTLOCKUP [ 1435.862302][ T1376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1435.862311][ T1376] Call Trace: [ 1435.862317][ T1376] [ 1435.862324][ T1376] dump_stack_lvl+0x100/0x190 [ 1435.862353][ T1376] should_fail_ex.cold+0x5/0xa [ 1435.862372][ T1376] _copy_from_user+0x2e/0xd0 [ 1435.862398][ T1376] copy_mount_options+0x76/0x190 [ 1435.862421][ T1376] __x64_sys_mount+0x1ab/0x310 [ 1435.862439][ T1376] ? __pfx___x64_sys_mount+0x10/0x10 [ 1435.862462][ T1376] do_syscall_64+0x106/0xf80 [ 1435.862482][ T1376] ? clear_bhb_loop+0x40/0x90 [ 1435.862506][ T1376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1435.862522][ T1376] RIP: 0033:0x7f9a4f99c799 [ 1435.862535][ T1376] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1435.862551][ T1376] RSP: 002b:00007f9a508e4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1435.862566][ T1376] RAX: ffffffffffffffda RBX: 00007f9a4fc16090 RCX: 00007f9a4f99c799 [ 1435.862577][ T1376] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 1435.862586][ T1376] RBP: 00007f9a4fa32bd9 R08: 0000200000000280 R09: 0000000000000000 [ 1435.862596][ T1376] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1435.862606][ T1376] R13: 00007f9a4fc16128 R14: 00007f9a4fc16090 R15: 00007ffc4625f918 [ 1435.862626][ T1376] [ 1436.393322][ T1385] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6053'. [ 1436.439026][ T1388] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6054'. [ 1436.455112][ T1385] unsupported nlmsg_type 40 [ 1436.843923][ T1404] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6058'. [ 1437.375142][ T1416] netlink: 62 bytes leftover after parsing attributes in process `syz.2.6060'. [ 1437.628374][ T1421] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6061'. [ 1437.819801][ T1424] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6062'. [ 1437.896270][ T1431] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6064'. [ 1437.963353][ T1431] [U] ^\ [ 1438.137708][ T1435] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6065'. [ 1439.865002][ T1486] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1439.898159][ T1486] netlink: zone id is out of range [ 1439.943385][ T1486] netlink: zone id is out of range [ 1439.968473][ T1486] netlink: zone id is out of range [ 1439.973614][ T1486] netlink: zone id is out of range [ 1440.037496][ T1486] netlink: zone id is out of range [ 1440.081417][ T1486] netlink: zone id is out of range [ 1440.174409][ T1486] netlink: set zone limit has 8 unknown bytes [ 1440.424276][ T1499] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6077'. [ 1441.449602][ T1515] FAULT_INJECTION: forcing a failure. [ 1441.449602][ T1515] name failslab, interval 1, probability 0, space 0, times 0 [ 1441.497854][ T1515] CPU: 0 UID: 0 PID: 1515 Comm: syz.2.6082 Tainted: G L syzkaller #0 PREEMPT(full) [ 1441.497881][ T1515] Tainted: [L]=SOFTLOCKUP [ 1441.497887][ T1515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1441.497897][ T1515] Call Trace: [ 1441.497903][ T1515] [ 1441.497910][ T1515] dump_stack_lvl+0x100/0x190 [ 1441.497938][ T1515] should_fail_ex.cold+0x5/0xa [ 1441.497957][ T1515] should_failslab+0xc2/0x120 [ 1441.497974][ T1515] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1441.497997][ T1515] ? __mpol_dup+0x74/0x370 [ 1441.498017][ T1515] __mpol_dup+0x74/0x370 [ 1441.498033][ T1515] ? __pfx___mpol_dup+0x10/0x10 [ 1441.498055][ T1515] mbind_range+0x2ad/0x550 [ 1441.498085][ T1515] do_mbind+0x7de/0xfd0 [ 1441.498107][ T1515] ? __might_fault+0xc5/0x140 [ 1441.498129][ T1515] ? __pfx_do_mbind+0x10/0x10 [ 1441.498151][ T1515] ? _copy_from_user+0x59/0xd0 [ 1441.498179][ T1515] ? __pfx_get_nodes+0x10/0x10 [ 1441.498207][ T1515] kernel_mbind+0x1b7/0x200 [ 1441.498226][ T1515] ? __pfx_kernel_mbind+0x10/0x10 [ 1441.498243][ T1515] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1441.498264][ T1515] ? syscall_user_dispatch+0x76/0x130 [ 1441.498289][ T1515] do_syscall_64+0x106/0xf80 [ 1441.498306][ T1515] ? clear_bhb_loop+0x40/0x90 [ 1441.498325][ T1515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1441.498340][ T1515] RIP: 0033:0x7fdbd8f9c799 [ 1441.498354][ T1515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1441.498369][ T1515] RSP: 002b:00007fdbd9d8c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 1441.498384][ T1515] RAX: ffffffffffffffda RBX: 00007fdbd9216090 RCX: 00007fdbd8f9c799 [ 1441.498394][ T1515] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 1441.498404][ T1515] RBP: 00007fdbd9032bd9 R08: 0000000000000003 R09: 0000000000000003 [ 1441.498413][ T1515] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 1441.498422][ T1515] R13: 00007fdbd9216128 R14: 00007fdbd9216090 R15: 00007ffe3a083938 [ 1441.498442][ T1515] [ 1442.879476][ T1549] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6088'. [ 1443.340351][ T1564] FAULT_INJECTION: forcing a failure. [ 1443.340351][ T1564] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1443.437038][ T1564] CPU: 0 UID: 0 PID: 1564 Comm: syz.0.6091 Tainted: G L syzkaller #0 PREEMPT(full) [ 1443.437064][ T1564] Tainted: [L]=SOFTLOCKUP [ 1443.437069][ T1564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1443.437079][ T1564] Call Trace: [ 1443.437085][ T1564] [ 1443.437091][ T1564] dump_stack_lvl+0x100/0x190 [ 1443.437120][ T1564] should_fail_ex.cold+0x5/0xa [ 1443.437138][ T1564] _copy_from_user+0x2e/0xd0 [ 1443.437163][ T1564] copy_mount_options+0x76/0x190 [ 1443.437184][ T1564] __x64_sys_mount+0x1ab/0x310 [ 1443.437202][ T1564] ? __pfx___x64_sys_mount+0x10/0x10 [ 1443.437225][ T1564] do_syscall_64+0x106/0xf80 [ 1443.437243][ T1564] ? clear_bhb_loop+0x40/0x90 [ 1443.437261][ T1564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1443.437276][ T1564] RIP: 0033:0x7f8b0f39c799 [ 1443.437289][ T1564] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1443.437304][ T1564] RSP: 002b:00007f8b10191028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1443.437319][ T1564] RAX: ffffffffffffffda RBX: 00007f8b0f616090 RCX: 00007f8b0f39c799 [ 1443.437329][ T1564] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 1443.437338][ T1564] RBP: 00007f8b0f432bd9 R08: 0000200000000280 R09: 0000000000000000 [ 1443.437348][ T1564] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1443.437357][ T1564] R13: 00007f8b0f616128 R14: 00007f8b0f616090 R15: 00007ffd79b86468 [ 1443.437377][ T1564] [ 1443.596829][ T1570] FAULT_INJECTION: forcing a failure. [ 1443.596829][ T1570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1443.610286][ T1570] CPU: 0 UID: 0 PID: 1570 Comm: syz.3.6093 Tainted: G L syzkaller #0 PREEMPT(full) [ 1443.610313][ T1570] Tainted: [L]=SOFTLOCKUP [ 1443.610318][ T1570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1443.610327][ T1570] Call Trace: [ 1443.610333][ T1570] [ 1443.610339][ T1570] dump_stack_lvl+0x100/0x190 [ 1443.610367][ T1570] should_fail_ex.cold+0x5/0xa [ 1443.610386][ T1570] _copy_from_user+0x2e/0xd0 [ 1443.610410][ T1570] copy_mount_options+0x76/0x190 [ 1443.610432][ T1570] __x64_sys_mount+0x1ab/0x310 [ 1443.610450][ T1570] ? __pfx___x64_sys_mount+0x10/0x10 [ 1443.610474][ T1570] do_syscall_64+0x106/0xf80 [ 1443.610491][ T1570] ? clear_bhb_loop+0x40/0x90 [ 1443.610510][ T1570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1443.610525][ T1570] RIP: 0033:0x7f9a4f99c799 [ 1443.610539][ T1570] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1443.610555][ T1570] RSP: 002b:00007f9a508e4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1443.610570][ T1570] RAX: ffffffffffffffda RBX: 00007f9a4fc16090 RCX: 00007f9a4f99c799 [ 1443.610580][ T1570] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 1443.610590][ T1570] RBP: 00007f9a4fa32bd9 R08: 0000200000000280 R09: 0000000000000000 [ 1443.610599][ T1570] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1443.610608][ T1570] R13: 00007f9a4fc16128 R14: 00007f9a4fc16090 R15: 00007ffc4625f918 [ 1443.610628][ T1570] [ 1444.402029][ T1589] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6099'. [ 1444.769437][ T1600] netlink: 'syz.2.6102': attribute type 5 has an invalid length. [ 1444.814196][ T1600] netlink: 4158 bytes leftover after parsing attributes in process `syz.2.6102'. [ 1445.329717][ T1617] random: crng reseeded on system resumption [ 1445.735198][ T1627] FAULT_INJECTION: forcing a failure. [ 1445.735198][ T1627] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1445.792818][ T1627] CPU: 0 UID: 0 PID: 1627 Comm: syz.3.6106 Tainted: G L syzkaller #0 PREEMPT(full) [ 1445.792845][ T1627] Tainted: [L]=SOFTLOCKUP [ 1445.792851][ T1627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1445.792860][ T1627] Call Trace: [ 1445.792866][ T1627] [ 1445.792873][ T1627] dump_stack_lvl+0x100/0x190 [ 1445.792901][ T1627] should_fail_ex.cold+0x5/0xa [ 1445.792920][ T1627] _copy_from_user+0x2e/0xd0 [ 1445.792944][ T1627] copy_mount_options+0x76/0x190 [ 1445.792967][ T1627] __x64_sys_mount+0x1ab/0x310 [ 1445.792985][ T1627] ? __pfx___x64_sys_mount+0x10/0x10 [ 1445.793008][ T1627] do_syscall_64+0x106/0xf80 [ 1445.793025][ T1627] ? clear_bhb_loop+0x40/0x90 [ 1445.793043][ T1627] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1445.793059][ T1627] RIP: 0033:0x7f9a4f99c799 [ 1445.793072][ T1627] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1445.793088][ T1627] RSP: 002b:00007f9a508e4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1445.793103][ T1627] RAX: ffffffffffffffda RBX: 00007f9a4fc16090 RCX: 00007f9a4f99c799 [ 1445.793114][ T1627] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 1445.793123][ T1627] RBP: 00007f9a4fa32bd9 R08: 0000200000000280 R09: 0000000000000000 [ 1445.793133][ T1627] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1445.793142][ T1627] R13: 00007f9a4fc16128 R14: 00007f9a4fc16090 R15: 00007ffc4625f918 [ 1445.793161][ T1627] [ 1446.454953][ T1641] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6110'. [ 1446.746037][ T1650] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6113'. [ 1447.323860][ T1669] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1448.290391][ T1692] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6122'. [ 1448.467518][ T1700] FAULT_INJECTION: forcing a failure. [ 1448.467518][ T1700] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1448.662446][ T1700] CPU: 0 UID: 0 PID: 1700 Comm: syz.0.6123 Tainted: G L syzkaller #0 PREEMPT(full) [ 1448.662473][ T1700] Tainted: [L]=SOFTLOCKUP [ 1448.662479][ T1700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1448.662488][ T1700] Call Trace: [ 1448.662494][ T1700] [ 1448.662501][ T1700] dump_stack_lvl+0x100/0x190 [ 1448.662528][ T1700] should_fail_ex.cold+0x5/0xa [ 1448.662547][ T1700] _copy_from_user+0x2e/0xd0 [ 1448.662579][ T1700] copy_mount_options+0x76/0x190 [ 1448.662601][ T1700] __x64_sys_mount+0x1ab/0x310 [ 1448.662618][ T1700] ? __pfx___x64_sys_mount+0x10/0x10 [ 1448.662641][ T1700] do_syscall_64+0x106/0xf80 [ 1448.662659][ T1700] ? clear_bhb_loop+0x40/0x90 [ 1448.662677][ T1700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1448.662693][ T1700] RIP: 0033:0x7f8b0f39c799 [ 1448.662706][ T1700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1448.662721][ T1700] RSP: 002b:00007f8b10191028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1448.662737][ T1700] RAX: ffffffffffffffda RBX: 00007f8b0f616090 RCX: 00007f8b0f39c799 [ 1448.662747][ T1700] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 1448.662757][ T1700] RBP: 00007f8b0f432bd9 R08: 0000200000000280 R09: 0000000000000000 [ 1448.662766][ T1700] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1448.662776][ T1700] R13: 00007f8b0f616128 R14: 00007f8b0f616090 R15: 00007ffd79b86468 [ 1448.662795][ T1700] [ 1449.492172][ T1722] FAULT_INJECTION: forcing a failure. [ 1449.492172][ T1722] name failslab, interval 1, probability 0, space 0, times 0 [ 1449.543634][ T1723] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6129'. [ 1449.565493][ T1722] CPU: 0 UID: 0 PID: 1722 Comm: syz.3.6130 Tainted: G L syzkaller #0 PREEMPT(full) [ 1449.565520][ T1722] Tainted: [L]=SOFTLOCKUP [ 1449.565526][ T1722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1449.565535][ T1722] Call Trace: [ 1449.565541][ T1722] [ 1449.565548][ T1722] dump_stack_lvl+0x100/0x190 [ 1449.565576][ T1722] should_fail_ex.cold+0x5/0xa [ 1449.565595][ T1722] should_failslab+0xc2/0x120 [ 1449.565611][ T1722] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1449.565632][ T1722] ? do_getname+0x35/0x390 [ 1449.565654][ T1722] do_getname+0x35/0x390 [ 1449.565675][ T1722] user_path_at+0x26/0x60 [ 1449.565698][ T1722] __x64_sys_mount+0x1fb/0x310 [ 1449.565716][ T1722] ? __pfx___x64_sys_mount+0x10/0x10 [ 1449.565738][ T1722] do_syscall_64+0x106/0xf80 [ 1449.565756][ T1722] ? clear_bhb_loop+0x40/0x90 [ 1449.565774][ T1722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1449.565790][ T1722] RIP: 0033:0x7f9a4f99c799 [ 1449.565804][ T1722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1449.565819][ T1722] RSP: 002b:00007f9a508e4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1449.565834][ T1722] RAX: ffffffffffffffda RBX: 00007f9a4fc16090 RCX: 00007f9a4f99c799 [ 1449.565844][ T1722] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 1449.565854][ T1722] RBP: 00007f9a4fa32bd9 R08: 0000200000000280 R09: 0000000000000000 [ 1449.565863][ T1722] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1449.565873][ T1722] R13: 00007f9a4fc16128 R14: 00007f9a4fc16090 R15: 00007ffc4625f918 [ 1449.565892][ T1722] [ 1449.767396][ T1725] FAULT_INJECTION: forcing a failure. [ 1449.767396][ T1725] name failslab, interval 1, probability 0, space 0, times 0 [ 1449.780154][ T1725] CPU: 0 UID: 0 PID: 1725 Comm: syz.2.6131 Tainted: G L syzkaller #0 PREEMPT(full) [ 1449.780179][ T1725] Tainted: [L]=SOFTLOCKUP [ 1449.780184][ T1725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1449.780194][ T1725] Call Trace: [ 1449.780199][ T1725] [ 1449.780205][ T1725] dump_stack_lvl+0x100/0x190 [ 1449.780232][ T1725] should_fail_ex.cold+0x5/0xa [ 1449.780250][ T1725] should_failslab+0xc2/0x120 [ 1449.780266][ T1725] __kvmalloc_node_noprof+0xfa/0xa00 [ 1449.780287][ T1725] ? traverse.part.0.constprop.0+0x397/0x650 [ 1449.780315][ T1725] traverse.part.0.constprop.0+0x397/0x650 [ 1449.780344][ T1725] seq_read_iter+0x93f/0x1270 [ 1449.780367][ T1725] ? aa_file_perm+0x7f3/0x14d0 [ 1449.780390][ T1725] seq_read+0x33b/0x4c0 [ 1449.780411][ T1725] ? __pfx_seq_read+0x10/0x10 [ 1449.780444][ T1725] ? __pfx_seq_read+0x10/0x10 [ 1449.780465][ T1725] proc_reg_read+0x240/0x330 [ 1449.780494][ T1725] ? __pfx_proc_reg_read+0x10/0x10 [ 1449.780516][ T1725] vfs_read+0x1e4/0xb30 [ 1449.780540][ T1725] ? __pfx_vfs_read+0x10/0x10 [ 1449.780561][ T1725] ? find_held_lock+0x2b/0x80 [ 1449.780576][ T1725] ? __fget_files+0x215/0x3d0 [ 1449.780589][ T1725] ? __fget_files+0x215/0x3d0 [ 1449.780605][ T1725] ? __fget_files+0x21f/0x3d0 [ 1449.780625][ T1725] __x64_sys_pread64+0x1eb/0x250 [ 1449.780639][ T1725] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1449.780659][ T1725] do_syscall_64+0x106/0xf80 [ 1449.780677][ T1725] ? clear_bhb_loop+0x40/0x90 [ 1449.780695][ T1725] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1449.780710][ T1725] RIP: 0033:0x7fdbd8f9c799 [ 1449.780724][ T1725] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1449.780740][ T1725] RSP: 002b:00007fdbd9dad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1449.780755][ T1725] RAX: ffffffffffffffda RBX: 00007fdbd9215fa0 RCX: 00007fdbd8f9c799 [ 1449.780765][ T1725] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 1449.780774][ T1725] RBP: 00007fdbd9032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1449.780783][ T1725] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 1449.780793][ T1725] R13: 00007fdbd9216038 R14: 00007fdbd9215fa0 R15: 00007ffe3a083938 [ 1449.780813][ T1725] [ 1450.995542][ T1743] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6136'. [ 1451.373934][ T1753] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6140'. [ 1451.451919][ T1760] vivid-001: ================= START STATUS ================= [ 1451.477216][ T1760] vivid-001: Radio HW Seek Mode: Bounded [ 1451.499285][ T1760] vivid-001: Radio Programmable HW Seek: false [ 1451.521893][ T1760] vivid-001: RDS Rx I/O Mode: Block I/O [ 1451.561038][ T1764] netlink: 29 bytes leftover after parsing attributes in process `syz.3.6142'. [ 1451.592571][ T1760] vivid-001: Generate RBDS Instead of RDS: false [ 1451.620980][ T1760] vivid-001: RDS Reception: true [ 1451.641938][T16623] Bluetooth: hci2: unexpected event 0x02 length: 726 > 260 [ 1451.642439][ T1760] vivid-001: RDS Program Type: 0 inactive [ 1451.683716][ T1760] vivid-001: RDS PS Name: inactive [ 1451.703731][ T1760] vivid-001: RDS Radio Text: inactive [ 1451.724688][ T1760] vivid-001: RDS Traffic Announcement: false inactive [ 1451.742367][ T1760] vivid-001: RDS Traffic Program: false inactive [ 1451.771886][ T1760] vivid-001: RDS Music: false inactive [ 1451.808291][ T1760] vivid-001: ================== END STATUS ================== [ 1452.931321][ T1806] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1453.265032][ T1809] FAULT_INJECTION: forcing a failure. [ 1453.265032][ T1809] name failslab, interval 1, probability 0, space 0, times 0 [ 1453.359148][ T1812] binder: BINDER_SET_CONTEXT_MGR already set [ 1453.414810][ T1812] binder: 1811:1812 ioctl 4018620d 9 returned -16 [ 1453.429756][ T1809] CPU: 0 UID: 0 PID: 1809 Comm: syz.0.6148 Tainted: G L syzkaller #0 PREEMPT(full) [ 1453.429781][ T1809] Tainted: [L]=SOFTLOCKUP [ 1453.429787][ T1809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1453.429796][ T1809] Call Trace: [ 1453.429802][ T1809] [ 1453.429809][ T1809] dump_stack_lvl+0x100/0x190 [ 1453.429836][ T1809] should_fail_ex.cold+0x5/0xa [ 1453.429854][ T1809] should_failslab+0xc2/0x120 [ 1453.429871][ T1809] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1453.429893][ T1809] ? __d_alloc+0x34/0xa80 [ 1453.429913][ T1809] __d_alloc+0x34/0xa80 [ 1453.429931][ T1809] d_alloc+0x4a/0x1e0 [ 1453.429948][ T1809] lookup_one_qstr_excl+0x175/0x250 [ 1453.429970][ T1809] start_dirop+0x59/0xb0 [ 1453.429993][ T1809] simple_start_creating+0xf9/0x110 [ 1453.430016][ T1809] ? __pfx_simple_start_creating+0x10/0x10 [ 1453.430040][ T1809] ? mntput+0x70/0xa0 [ 1453.430061][ T1809] ? simple_pin_fs+0xa3/0x190 [ 1453.430082][ T1809] debugfs_start_creating.part.0+0x82/0x170 [ 1453.430107][ T1809] __debugfs_create_file+0xb3/0x4f0 [ 1453.430132][ T1809] debugfs_create_file_short+0x41/0x60 [ 1453.430156][ T1809] debugfs_hw_add+0xe6/0x3a0 [ 1453.430276][ T1809] ieee80211_register_hw+0x2d1d/0x4140 [ 1453.430308][ T1809] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 1453.430327][ T1809] ? __pfx___debug_object_init+0x10/0x10 [ 1453.430352][ T1809] ? find_held_lock+0x2b/0x80 [ 1453.430369][ T1809] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1453.430396][ T1809] ? __hrtimer_setup+0x178/0x280 [ 1453.430418][ T1809] mac80211_hwsim_new_radio+0x2847/0x57d0 [ 1453.430463][ T1809] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1453.430490][ T1809] hwsim_new_radio_nl+0xc1f/0x1340 [ 1453.430512][ T1809] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1453.430538][ T1809] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 1453.430562][ T1809] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 1453.430589][ T1809] genl_family_rcv_msg_doit+0x214/0x300 [ 1453.430613][ T1809] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1453.430634][ T1809] ? genl_get_cmd+0x3ef/0x720 [ 1453.430659][ T1809] ? bpf_lsm_capable+0x9/0x10 [ 1453.430675][ T1809] ? security_capable+0x80/0x260 [ 1453.430695][ T1809] ? ns_capable+0xd2/0xf0 [ 1453.430712][ T1809] genl_rcv_msg+0x560/0x800 [ 1453.430736][ T1809] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1453.430757][ T1809] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1453.430788][ T1809] netlink_rcv_skb+0x159/0x420 [ 1453.430807][ T1809] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1453.430829][ T1809] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1453.430857][ T1809] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1453.430878][ T1809] genl_rcv+0x28/0x40 [ 1453.430897][ T1809] netlink_unicast+0x5aa/0x870 [ 1453.430919][ T1809] ? __pfx_netlink_unicast+0x10/0x10 [ 1453.430945][ T1809] netlink_sendmsg+0x8b0/0xda0 [ 1453.430968][ T1809] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1453.430987][ T1809] ? __import_iovec+0x1d2/0x640 [ 1453.431003][ T1809] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1453.431026][ T1809] ____sys_sendmsg+0xa54/0xc30 [ 1453.431051][ T1809] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1453.431076][ T1809] ? try_to_wake_up+0x644/0x1a80 [ 1453.431095][ T1809] ___sys_sendmsg+0x190/0x1e0 [ 1453.431118][ T1809] ? __pfx____sys_sendmsg+0x10/0x10 [ 1453.431141][ T1809] ? futex_private_hash_put+0x107/0x1c0 [ 1453.431182][ T1809] __sys_sendmsg+0x170/0x220 [ 1453.431200][ T1809] ? __pfx___sys_sendmsg+0x10/0x10 [ 1453.431217][ T1809] ? __x64_sys_futex+0x34f/0x4d0 [ 1453.431248][ T1809] do_syscall_64+0x106/0xf80 [ 1453.431265][ T1809] ? clear_bhb_loop+0x40/0x90 [ 1453.431284][ T1809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1453.431300][ T1809] RIP: 0033:0x7f8b0f39c799 [ 1453.431314][ T1809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1453.431328][ T1809] RSP: 002b:00007f8b101b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1453.431343][ T1809] RAX: ffffffffffffffda RBX: 00007f8b0f615fa0 RCX: 00007f8b0f39c799 [ 1453.431353][ T1809] RDX: 0000000000040004 RSI: 0000200000001400 RDI: 0000000000000008 [ 1453.431363][ T1809] RBP: 00007f8b0f432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1453.431372][ T1809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1453.431381][ T1809] R13: 00007f8b0f616038 R14: 00007f8b0f615fa0 R15: 00007ffd79b86468 [ 1453.431401][ T1809] [ 1456.556791][ T1874] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6163'. [ 1456.675536][T16623] Bluetooth: hci1: Malformed LE Event: 0x1b [ 1458.017822][ T1913] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.6171'. [ 1458.101614][ T1915] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6173'. [ 1458.527610][ T1928] RDS: rds_bind could not find a transport for ::ffff:172.30.1.4, load rds_tcp or rds_rdma? [ 1458.846700][ T1934] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 1459.074078][ T1944] EXT4-fs: 2 callbacks suppressed [ 1459.074094][ T1944] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 4692 with max blocks 3 with error 117 [ 1459.158266][ T1944] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1459.158266][ T1944] [ 1459.241113][ T1944] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6179'. [ 1459.311032][ T1944] ipvlan0: entered promiscuous mode [ 1459.425104][ T1944] ipvlan0: entered allmulticast mode [ 1459.448954][ T1944] veth0_vlan: entered allmulticast mode [ 1460.686077][ T1974] FAULT_INJECTION: forcing a failure. [ 1460.686077][ T1974] name failslab, interval 1, probability 0, space 0, times 0 [ 1460.851460][ T1974] CPU: 0 UID: 0 PID: 1974 Comm: syz.0.6184 Tainted: G L syzkaller #0 PREEMPT(full) [ 1460.851488][ T1974] Tainted: [L]=SOFTLOCKUP [ 1460.851494][ T1974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1460.851504][ T1974] Call Trace: [ 1460.851510][ T1974] [ 1460.851516][ T1974] dump_stack_lvl+0x100/0x190 [ 1460.851543][ T1974] should_fail_ex.cold+0x5/0xa [ 1460.851562][ T1974] should_failslab+0xc2/0x120 [ 1460.851579][ T1974] __kvmalloc_node_noprof+0xfa/0xa00 [ 1460.851601][ T1974] ? traverse.part.0.constprop.0+0x397/0x650 [ 1460.851629][ T1974] traverse.part.0.constprop.0+0x397/0x650 [ 1460.851658][ T1974] seq_read_iter+0x93f/0x1270 [ 1460.851690][ T1974] ? aa_file_perm+0x7f3/0x14d0 [ 1460.851714][ T1974] seq_read+0x33b/0x4c0 [ 1460.851737][ T1974] ? __pfx_seq_read+0x10/0x10 [ 1460.851772][ T1974] ? __pfx_seq_read+0x10/0x10 [ 1460.851794][ T1974] proc_reg_read+0x240/0x330 [ 1460.851816][ T1974] ? __pfx_proc_reg_read+0x10/0x10 [ 1460.851838][ T1974] vfs_read+0x1e4/0xb30 [ 1460.851863][ T1974] ? __pfx_vfs_read+0x10/0x10 [ 1460.851884][ T1974] ? find_held_lock+0x2b/0x80 [ 1460.851897][ T1974] ? __fget_files+0x215/0x3d0 [ 1460.851911][ T1974] ? __fget_files+0x215/0x3d0 [ 1460.851927][ T1974] ? __fget_files+0x21f/0x3d0 [ 1460.851946][ T1974] __x64_sys_pread64+0x1eb/0x250 [ 1460.851961][ T1974] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1460.851982][ T1974] do_syscall_64+0x106/0xf80 [ 1460.852000][ T1974] ? clear_bhb_loop+0x40/0x90 [ 1460.852019][ T1974] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1460.852035][ T1974] RIP: 0033:0x7f8b0f39c799 [ 1460.852049][ T1974] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1460.852068][ T1974] RSP: 002b:00007f8b101b2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1460.852083][ T1974] RAX: ffffffffffffffda RBX: 00007f8b0f615fa0 RCX: 00007f8b0f39c799 [ 1460.852095][ T1974] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000005 [ 1460.852104][ T1974] RBP: 00007f8b0f432bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1460.852114][ T1974] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000000 [ 1460.852123][ T1974] R13: 00007f8b0f616038 R14: 00007f8b0f615fa0 R15: 00007ffd79b86468 [ 1460.852144][ T1974] [ 1462.298628][ T2014] netlink: 'syz.1.6193': attribute type 15 has an invalid length. [ 1462.346358][ T2014] netlink: 'syz.1.6193': attribute type 16 has an invalid length. [ 1462.380003][ T2014] netlink: 194 bytes leftover after parsing attributes in process `syz.1.6193'. [ 1462.965416][ T2030] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 4699 with max blocks 1 with error 117 [ 1463.090609][ T2031] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1463.142797][ T2030] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1463.142797][ T2030] [ 1463.363184][ T2030] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1464.212503][ T2046] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6200'. [ 1464.223722][T25437] EXT4-fs (sda1): Delayed block allocation failed for inode 2027 at logical offset 0 with max blocks 1 with error 117 [ 1464.309382][T25437] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1464.309382][T25437] [ 1464.375789][ T2049] FAULT_INJECTION: forcing a failure. [ 1464.375789][ T2049] name failslab, interval 1, probability 0, space 0, times 0 [ 1464.396781][ T2052] FAULT_INJECTION: forcing a failure. [ 1464.396781][ T2052] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1464.418277][T25437] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 4702 with max blocks 2 with error 117 [ 1464.477259][T25437] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1464.477259][T25437] [ 1464.487263][ T2052] CPU: 0 UID: 0 PID: 2052 Comm: syz.2.6201 Tainted: G L syzkaller #0 PREEMPT(full) [ 1464.487289][ T2052] Tainted: [L]=SOFTLOCKUP [ 1464.487295][ T2052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1464.487304][ T2052] Call Trace: [ 1464.487310][ T2052] [ 1464.487316][ T2052] dump_stack_lvl+0x100/0x190 [ 1464.487343][ T2052] should_fail_ex.cold+0x5/0xa [ 1464.487362][ T2052] _copy_from_user+0x2e/0xd0 [ 1464.487387][ T2052] copy_mount_options+0x76/0x190 [ 1464.487409][ T2052] __x64_sys_mount+0x1ab/0x310 [ 1464.487427][ T2052] ? __pfx___x64_sys_mount+0x10/0x10 [ 1464.487449][ T2052] do_syscall_64+0x106/0xf80 [ 1464.487475][ T2052] ? clear_bhb_loop+0x40/0x90 [ 1464.487496][ T2052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.487512][ T2052] RIP: 0033:0x7fdbd8f9c799 [ 1464.487526][ T2052] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1464.487541][ T2052] RSP: 002b:00007fdbd9d8c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1464.487556][ T2052] RAX: ffffffffffffffda RBX: 00007fdbd9216090 RCX: 00007fdbd8f9c799 [ 1464.487566][ T2052] RDX: 0000200000000240 RSI: 0000000000000000 RDI: 0000200000000180 [ 1464.487576][ T2052] RBP: 00007fdbd9032bd9 R08: 0000200000000280 R09: 0000000000000000 [ 1464.487585][ T2052] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 1464.487595][ T2052] R13: 00007fdbd9216128 R14: 00007fdbd9216090 R15: 00007ffe3a083938 [ 1464.487615][ T2052] [ 1464.491804][ T2049] CPU: 0 UID: 0 PID: 2049 Comm: syz.3.6202 Tainted: G L syzkaller #0 PREEMPT(full) [ 1464.491826][ T2049] Tainted: [L]=SOFTLOCKUP [ 1464.491831][ T2049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1464.491840][ T2049] Call Trace: [ 1464.491845][ T2049] [ 1464.491851][ T2049] dump_stack_lvl+0x100/0x190 [ 1464.491877][ T2049] should_fail_ex.cold+0x5/0xa [ 1464.491895][ T2049] should_failslab+0xc2/0x120 [ 1464.491910][ T2049] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1464.491929][ T2049] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 1464.492057][ T2049] ? vidtv_psi_pmt_table_init+0x363/0x430 [ 1464.492076][ T2049] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 1464.492093][ T2049] vidtv_channel_si_init+0x1289/0x18d0 [ 1464.492117][ T2049] vidtv_mux_init+0x526/0xbf0 [ 1464.492138][ T2049] vidtv_start_feed+0x33e/0x4c0 [ 1464.492183][ T2049] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1464.492206][ T2049] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 1464.492232][ T2049] ? mark_held_locks+0x40/0x70 [ 1464.492254][ T2049] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1464.492275][ T2049] dmx_ts_feed_start_filtering+0xf6/0x220 [ 1464.492304][ T2049] dvb_dmxdev_start_feed+0x273/0x3f0 [ 1464.492327][ T2049] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 1464.492350][ T2049] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 1464.492373][ T2049] dvb_demux_do_ioctl+0xe64/0x1200 [ 1464.492401][ T2049] dvb_usercopy+0x167/0x340 [ 1464.492419][ T2049] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 1464.492442][ T2049] ? __pfx_dvb_usercopy+0x10/0x10 [ 1464.492475][ T2049] ? __fget_files+0x21f/0x3d0 [ 1464.492493][ T2049] dvb_demux_ioctl+0x29/0x40 [ 1464.492511][ T2049] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 1464.492530][ T2049] __x64_sys_ioctl+0x18e/0x210 [ 1464.492552][ T2049] do_syscall_64+0x106/0xf80 [ 1464.492569][ T2049] ? clear_bhb_loop+0x40/0x90 [ 1464.492588][ T2049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.492602][ T2049] RIP: 0033:0x7f9a4f99c799 [ 1464.492615][ T2049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1464.492629][ T2049] RSP: 002b:00007f9a50905028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1464.492643][ T2049] RAX: ffffffffffffffda RBX: 00007f9a4fc15fa0 RCX: 00007f9a4f99c799 [ 1464.492653][ T2049] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000003 [ 1464.492662][ T2049] RBP: 00007f9a4fa32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1464.492671][ T2049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1464.492679][ T2049] R13: 00007f9a4fc16038 R14: 00007f9a4fc15fa0 R15: 00007ffc4625f918 [ 1464.492699][ T2049] [ 1464.492752][ T2049] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 1464.910156][ T2049] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 1464.918554][ T2049] CPU: 0 UID: 0 PID: 2049 Comm: syz.3.6202 Tainted: G L syzkaller #0 PREEMPT(full) [ 1464.929382][ T2049] Tainted: [L]=SOFTLOCKUP [ 1464.933713][ T2049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1464.943750][ T2049] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 1464.949627][ T2049] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 ed 3b dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 c9 3b dc f9 4d 85 e4 [ 1464.969222][ T2049] RSP: 0018:ffffc90003b87a10 EFLAGS: 00010247 [ 1464.975270][ T2049] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000000 [ 1464.983222][ T2049] RDX: 0000000000000000 RSI: ffffffff882bbeb3 RDI: 0000000000000005 [ 1464.991178][ T2049] RBP: ffff888060e96180 R08: 0000000000000000 R09: 4453534204050000 [ 1464.999160][ T2049] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 1465.007115][ T2049] R13: ffff888077dd87c0 R14: ffff8880212dd200 R15: ffff888077dd8b00 [ 1465.015068][ T2049] FS: 00007f9a509056c0(0000) GS:ffff88812434c000(0000) knlGS:0000000000000000 [ 1465.023980][ T2049] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1465.030549][ T2049] CR2: 0000001b2d724000 CR3: 00000000607f0000 CR4: 00000000003526f0 [ 1465.038503][ T2049] Call Trace: [ 1465.041767][ T2049] [ 1465.044687][ T2049] vidtv_channel_si_init+0x12fc/0x18d0 [ 1465.050137][ T2049] vidtv_mux_init+0x526/0xbf0 [ 1465.054801][ T2049] vidtv_start_feed+0x33e/0x4c0 [ 1465.059640][ T2049] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1465.065006][ T2049] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 1465.071584][ T2049] ? mark_held_locks+0x40/0x70 [ 1465.076336][ T2049] ? __pfx_vidtv_start_feed+0x10/0x10 [ 1465.081696][ T2049] dmx_ts_feed_start_filtering+0xf6/0x220 [ 1465.087408][ T2049] dvb_dmxdev_start_feed+0x273/0x3f0 [ 1465.092680][ T2049] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 1465.098128][ T2049] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 1465.103321][ T2049] dvb_demux_do_ioctl+0xe64/0x1200 [ 1465.108424][ T2049] dvb_usercopy+0x167/0x340 [ 1465.112912][ T2049] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 1465.118446][ T2049] ? __pfx_dvb_usercopy+0x10/0x10 [ 1465.123460][ T2049] ? __fget_files+0x21f/0x3d0 [ 1465.128205][ T2049] dvb_demux_ioctl+0x29/0x40 [ 1465.132782][ T2049] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 1465.138055][ T2049] __x64_sys_ioctl+0x18e/0x210 [ 1465.142806][ T2049] do_syscall_64+0x106/0xf80 [ 1465.147380][ T2049] ? clear_bhb_loop+0x40/0x90 [ 1465.152041][ T2049] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1465.157917][ T2049] RIP: 0033:0x7f9a4f99c799 [ 1465.162313][ T2049] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1465.181903][ T2049] RSP: 002b:00007f9a50905028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1465.190304][ T2049] RAX: ffffffffffffffda RBX: 00007f9a4fc15fa0 RCX: 00007f9a4f99c799 [ 1465.198261][ T2049] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000003 [ 1465.206212][ T2049] RBP: 00007f9a4fa32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1465.214166][ T2049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1465.222118][ T2049] R13: 00007f9a4fc16038 R14: 00007f9a4fc15fa0 R15: 00007ffc4625f918 [ 1465.230076][ T2049] [ 1465.233082][ T2049] Modules linked in: [ 1465.238159][ T2049] ---[ end trace 0000000000000000 ]--- [ 1465.749251][ T2049] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 1465.755402][ T2049] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 ed 3b dc f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 c9 3b dc f9 4d 85 e4 [ 1465.775642][ T2049] RSP: 0018:ffffc90003b87a10 EFLAGS: 00010247 [ 1465.781765][ T2049] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: 0000000000000000 [ 1465.789977][ T2049] RDX: 0000000000000000 RSI: ffffffff882bbeb3 RDI: 0000000000000005 [ 1465.798081][ T2049] RBP: ffff888060e96180 R08: 0000000000000000 R09: 4453534204050000 [ 1465.806276][ T2049] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 1465.814320][ T2049] R13: ffff888077dd87c0 R14: ffff8880212dd200 R15: ffff888077dd8b00 [ 1465.822612][ T2049] FS: 00007f9a509056c0(0000) GS:ffff88812434c000(0000) knlGS:0000000000000000 [ 1465.831735][ T2049] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1465.838527][ T2049] CR2: 00007f9a4f9e9e80 CR3: 00000000607f0000 CR4: 00000000003526f0 [ 1465.848333][ T2049] Kernel panic - not syncing: Fatal exception [ 1465.854450][ T2049] Kernel Offset: disabled [ 1465.858756][ T2049] Rebooting in 86400 seconds..