last executing test programs: 2m43.764888195s ago: executing program 0 (id=1617): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='T'], 0x1ac}}, 0x40000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)=ANY=[@ANYBLOB="08010080", @ANYRES16=r2, @ANYBLOB="010031bd7000fddbdf250c000000100003800c0003800800058004009f0018000180140002006e657464657673696d30000000000000"], 0x3c}}, 0x24048084) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0xb, 0xa505}, 0x800}, 0x7, 0x4008) symlink$auto(&(0x7f0000000140)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000240)='./file0\x00') mmap$auto(0x0, 0x40009, 0xe1, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x80003, 0x300) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20342, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x0, @my=0x1}, 0x55) listen$auto(0x3, 0x81) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/bpq2/statistics/rx_missed_errors\x00', 0x48500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f00000010c0)=""/4090, 0xffa) socket(0x2, 0x1, 0x106) r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/nbd11/hctx0/busy\x00', 0x60000, 0x0) read$auto(r4, 0x0, 0x1001fe000000) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000009c0), 0x0, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x0, 0x5, 0xfffffffc, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0xc, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0xa, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x200003, 0x15f4da0a, 0x2, 0x1000, 0x62, 0x4000008000001f, 0x5, 0x6d3e, 0x1, 0x2, 0x2c]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 2m42.620833973s ago: executing program 0 (id=1622): mmap$auto(0x20000, 0x40005, 0xdf, 0x1b, 0x7, 0x28000) (async) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) futex$auto(0x0, 0x3, 0x2, 0x0, &(0x7f0000002440)=0x8, 0x71a8dce0) (async) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0xffffffffffffffff, 0x8000) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) openat$auto_adf_ctl_ops_adf_ctl_drv(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) mmap$auto(0x0, 0x20008, 0x4, 0x3b, 0xffffffffffffffff, 0x8000) (async) socket(0x2a, 0x2, 0x0) (async) io_uring_setup$auto(0x6, 0x0) select$auto(0xd, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x4, 0x7fff, 0x400, 0x5, 0x8, 0x200000000008, 0x7f, 0x100000000003, 0x1000000009, 0x9, 0x3, 0x6, 0x400005, 0x6, 0x2]}, 0x0) (async) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r1, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c", 0x1a4) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000300), r2) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r2, &(0x7f0000000e80)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000200)=ANY=[@ANYBLOB="6d393ce86a769fecc9d38b3302069da420dc5c7d4dab3de4b567d787b93e", @ANYRES16=r3, @ANYBLOB="010027bd7000ffdbdf25070000000400038008000100", @ANYRES32=0x0, @ANYBLOB], 0x20}, 0x1, 0x0, 0x0, 0x4884}, 0x4008884) (async) socket(0x15, 0x3, 0x8000) (async) connect$auto(0x3, 0x0, 0x81) mmap$auto(0x0, 0x3, 0x20000000df, 0x19, 0x40000000000a5, 0x5) (async) close_range$auto(0x2, 0x8, 0x0) (async) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r4, 0x0, 0x6, 0x1ff) (async) readv$auto(0x3, 0x0, 0x4) r5 = open(0x0, 0x161342, 0x130) (async) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0xf22, 0x6, 0xfd5, 0x1e, r5, 0x0) (async) writev$auto(0xffffffffffffffff, &(0x7f0000004100)={0x0, 0x8}, 0x6) 2m41.657252477s ago: executing program 0 (id=1628): openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_SMC_PNETID_ADD(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbfc, {}, [@SMC_PNETID_NAME={0x8, 0x1, '\\+)\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24000000}, 0x20004000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_0/proxy_ndp\x00', 0x382, 0x0) mmap$auto(0x0, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) inotify_init1$auto(0x3000000000000) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x2d0303, 0x0) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x40000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x189002, 0x0) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x280, 0x0) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0x8243, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/net/rpc/auth.unix.gid/content\x00', 0x20000, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x20000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r3) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r3) sendmsg$auto_ETHTOOL_MSG_LINKMODES_GET(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x14, 0x0, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x2004d081}, 0x4010) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/events/vmalloc/purge_vmap_area_lazy/enable\x00', 0x880, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x1c8b40, 0x0) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2m41.418642003s ago: executing program 0 (id=1631): r0 = openat$auto_hwsim_fops_group_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy9/hwsim/group\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)={0x5c, r2, 0x1, 0x70bd2b, 0x25dfdbf9, {}, [@L2TP_ATTR_ENCAP_TYPE={0x6, 0x2, 0x1}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x57}, @L2TP_ATTR_CONN_ID={0x8, 0x9, 0x8}, @L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x8}, @L2TP_ATTR_IP6_SADDR={0x14}, @L2TP_ATTR_IP6_DADDR={0x14, 0x20, @mcast1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, r0, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setpgid$auto(0x0, 0x0) 2m39.948738478s ago: executing program 0 (id=1636): syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000002480), 0xffffffffffffffff) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x680, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x6, 0x2020009, 0x3, 0x9000000eb1, 0xffffffffffffffff, 0x2) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x202, 0x0) (async) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv6/conf/bond_slave_0/accept_ra_min_hop_limit\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) (async) getsockopt$auto(0xffffffffffffffff, 0x84, 0x6d, 0x0, &(0x7f00000002c0)=0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x8, 0x80000000000000df, 0x10004000eb1, 0x8, 0x8000008000) (async) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) fsopen$auto(0x0, 0x1) (async) kexec_load$auto(0x5, 0x2, 0x0, 0x4) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) syz_clone3(0x0, 0x0) (async) openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, 0x0, 0x401, 0x0) (async) prctl$auto(0x3e, 0x4000000000001, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) lremovexattr$auto(0x0, 0x0) (async) fsopen$auto(0x0, 0x1) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) (async) umount2$auto(&(0x7f0000000000)='.\x00', 0x4) (async) umount2$auto(&(0x7f0000000040)='.\x00', 0x8) (async) socket(0x10, 0x2, 0x0) (async) statmount$auto(0x0, &(0x7f0000000380)={0x8, 0x8, 0x3, 0x8, 0xd, 0x0, 0x81, 0xf, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x80000001, 0x8627, 0x9, 0x20000800001, 0x3, 0x5, 0x7, 0x6, 0x6, 0x0, 0xffffffee, 0x2a1b, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, [0x18, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0x0, 0x27, 0x4a3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2], "b95dce1ff5000000005f9557790e50863a915c8331d543fabbfad9dd1a20758e20b59a9068d99d5b88c165c56922e91dec3b0ff3ffd72bb21d9c0776d93e3cc6fcd400000db12af58e5eb2ea11e0278856a93f60f42b608ce78b"}, 0x9, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRESHEX=r0, @ANYRES64=r0], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x2000c894) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4000014}, 0x200400c1) 2m38.05323412s ago: executing program 0 (id=1648): mmap$auto(0x0, 0x10000000003, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(0x0, 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r1, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r1, 0x1, 0x0, 0x0) execve$auto(0x0, 0x0, 0x0) (async) execve$auto(0x0, 0x0, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x12, 0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x8, 0x5, 0x1000, 0x42, 0x8001, 0x1, 0x60, 0x40000102}) (async) lstat$auto(0x0, &(0x7f0000000180)={0x12, 0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x8, 0x5, 0x1000, 0x42, 0x8001, 0x1, 0x60, 0x40000102}) r2 = signalfd$auto(0xffffffffffffffff, 0x0, 0x8) socketpair$auto(0x1, 0xffffffff, 0x1, &(0x7f0000000000)=0x1) read$auto_proc_reg_file_ops_compat_inode(r2, 0x0, 0x0) (async) read$auto_proc_reg_file_ops_compat_inode(r2, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sysfs$auto(0x1, 0x4, 0x41) (async) sysfs$auto(0x1, 0x4, 0x41) sigaltstack$auto(&(0x7f0000000140)={0x0, 0x80000000, 0x800000000dd}, 0x0) (async) sigaltstack$auto(&(0x7f0000000140)={0x0, 0x80000000, 0x800000000dd}, 0x0) r3 = getpid() r4 = gettid() rt_tgsigqueueinfo$auto(r3, r4, 0x21, 0x0) 2m22.65094117s ago: executing program 32 (id=1648): mmap$auto(0x0, 0x10000000003, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0x400) clone$auto(0x100000020003b49, 0x80000000002, 0x0, 0x0, 0x4) close_range$auto(0x0, 0xfffffffffffff000, 0x2) open(0x0, 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r1, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400, 0x7}, 0x9, 0x0) landlock_add_rule$auto(r1, 0x1, 0x0, 0x0) execve$auto(0x0, 0x0, 0x0) (async) execve$auto(0x0, 0x0, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x12, 0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x8, 0x5, 0x1000, 0x42, 0x8001, 0x1, 0x60, 0x40000102}) (async) lstat$auto(0x0, &(0x7f0000000180)={0x12, 0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x8, 0x5, 0x1000, 0x42, 0x8001, 0x1, 0x60, 0x40000102}) r2 = signalfd$auto(0xffffffffffffffff, 0x0, 0x8) socketpair$auto(0x1, 0xffffffff, 0x1, &(0x7f0000000000)=0x1) read$auto_proc_reg_file_ops_compat_inode(r2, 0x0, 0x0) (async) read$auto_proc_reg_file_ops_compat_inode(r2, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sysfs$auto(0x1, 0x4, 0x41) (async) sysfs$auto(0x1, 0x4, 0x41) sigaltstack$auto(&(0x7f0000000140)={0x0, 0x80000000, 0x800000000dd}, 0x0) (async) sigaltstack$auto(&(0x7f0000000140)={0x0, 0x80000000, 0x800000000dd}, 0x0) r3 = getpid() r4 = gettid() rt_tgsigqueueinfo$auto(r3, r4, 0x21, 0x0) 13.083573443s ago: executing program 2 (id=2198): mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) (async) mmap$auto(0x0, 0x2, 0x80000000df, 0x14, 0x401, 0x8000) (async) r0 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x147) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) sendmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0x4}, 0x1000000000028, 0x0, 0x1, 0x3e0}, 0x800}, 0x4, 0x4008) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) socket(0x2, 0x1, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/cifs/SecurityFlags\x00', 0x48041, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/vxlan/parameters/udp_port\x00', 0x2400, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x1c03, 0x0, 0x6, 0x0, 0x0, 0x504}, 0x1}, 0x2, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) (async) setsockopt$auto(0x3, 0x6, 0x7, 0x0, 0x910) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) socket(0x23, 0x80805, 0x0) (async) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nbd1\x00', 0x8000, 0x0) ioctl$auto_BLKRRPART(r3, 0x125f, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000180), 0x509a40, 0x0) 13.074989237s ago: executing program 4 (id=2199): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd4\x00', 0x14f602, 0x0) read$auto_mon_fops_stat_usb_mon(0xffffffffffffffff, &(0x7f0000000840)=""/4096, 0x1000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) semtimedop$auto(0x0, 0x0, 0x1f4, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x9, 0x1, 0x1000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0x149182, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/workqueue/parameters/default_affinity_scope\x00', 0x1a9242, 0x0) sendfile$auto(r2, r2, 0x0, 0x5) readahead$auto(r0, 0x9, 0x7fffffffffffffff) 12.060563513s ago: executing program 2 (id=2202): mmap$auto_tracing_buffers_fops_trace(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x810, 0xffffffffffffffff, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pselect6$auto(0x9, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x10df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8842, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/ram1/queue/hw_sector_size\x00', 0x322002, 0x0) read$auto(r1, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) getpid() unshare$auto(0x20000080) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000001380), 0x0, 0x0) clock_settime$auto(0x1, &(0x7f0000000080)={0x9, 0x6}) io_uring_setup$auto(0x7, 0x0) read$auto(0x3, 0x0, 0x80) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r2 = socket(0x28, 0x5, 0x0) bind$auto(r2, &(0x7f0000000080)=@in={0x28}, 0x68) close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x103042, 0x0) msync$auto(0x1ffff000, 0x800, 0x10000004) r3 = socket(0x25, 0x1, 0x0) sendto$auto(r3, 0x0, 0x0, 0x0, 0x0, 0x3) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 11.327274257s ago: executing program 4 (id=2203): connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x7, @local}, 0x50) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:04.0/revision\x00', 0x8a080, 0x0) mmap$auto(0xfffffffffffffffd, 0x729, 0x9, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) mmap$auto(0x0, 0x7, 0xdf, 0x9b73, 0x7, 0x28000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x7, 0x3, 0x10001, 0x3, 0x5e, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x4e, 0x9, 0x0, 0x7f, 0x2) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nullb0/queue/scheduler\x00', 0xca002, 0x0) sendfile$auto(r1, r1, 0x0, 0x7ffff000) close_range$auto(0x2, 0x8, 0x0) readv$auto(0xffffffffffffffff, 0x0, 0x200000000080003) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0xffffffffffffffff, 0xfffffffffffefffb, 0x17) openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x8002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop2/integrity/write_generate\x00', 0x2b02, 0x0) sendfile$auto(r2, r2, 0x0, 0xb2d) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_show_traces_fops_trace(0xffffffffffffff9c, 0x0, 0x826c0, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) 11.015565096s ago: executing program 2 (id=2205): openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000100), 0x80080, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="00082fbd70e600fddbdf250c0000000c000380080003800400058418000180140002006e65746465618a707673696d300000000000"], 0x38}}, 0x24048084) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/013/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000000)={0x2, 0x80, 0x80, 0x5, &(0x7f0000000000), 0x9, 0x3, 0x2, @stream_id=0x2, 0x7, 0x476, 0x0}) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x2ab01, 0x0) ioctl$auto_USBDEVFS_DROP_PRIVILEGES(r3, 0x4004551e, &(0x7f00000000c0)=0x7) mmap$auto(0x1, 0x7, 0x3, 0x212, r3, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x5, 0x4) fsconfig$auto(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/cgroup/delegate\x00', 0x80, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty6\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) ioctl$auto(0x3, 0x5407, 0x38) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x4, 0x8000000040000000, 0x14) madvise$auto(0x2, 0x2000000080000001, 0xffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, r3, 0xfffffff9) socket(0xa, 0x1, 0x84) r4 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x40080, 0x0) ioctl$auto_UI_DEV_SETUP(r4, 0x405c5503, &(0x7f0000000400)={{0xc, 0x23, 0xa6, 0x83}, "66ac010005000000000068d190eb0d4a4cada7272464294b9183349eef4c1f028fdcc8ecc66fdd02316f064ebd893007abb4c0bbc3b822f66eaf240963110d61771552c03de65800", 0x2}) ioctl$auto_UI_DEV_CREATE(r4, 0x5501, 0x0) mmap$auto(0x7f, 0x40004022009, 0x3, 0x6dc4b6fc, 0x401, 0x9) io_uring_setup$auto(0xa, 0x0) 10.484861322s ago: executing program 2 (id=2207): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x4, 0x9, 0x4, 0xffffffffffffffff, 0x2, 0x8}, 0x100000cf) r0 = socket(0xa, 0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r1, 0x5453, 0x0) setsockopt$auto(r0, 0x29, 0x2, 0x0, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) mlock$auto(0xfbea, 0x10004) madvise$auto(0x8000, 0x87fff, 0xc) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) mmap$auto(0x0, 0x8, 0x1000000004, 0x9b72, 0x2, 0x8000) memfd_create$auto(0x0, 0x80000004) recvmmsg$auto(r3, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) rseq$auto(0x0, 0x8000, 0x0, 0x6) ioctl$auto(r2, 0x89f1, 0x24) 8.51797763s ago: executing program 2 (id=2208): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/kernel/yama/ptrace_scope\x00', 0x88c42, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r1, 0x0, 0x0) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f00000001c0)={0x14, r2, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x0) ioctl$auto_BCH_IOCTL_DEV_USAGE(r0, 0xc118bc0b, &(0x7f0000000000)={0x4, 0x4, 0x0, '\x00', 0x4, 0x4, 0xd4, [{0x7, 0x8}, {0x1000000000000, 0x0, 0x5}, {0x0, 0x5, 0x6}, {0x9, 0xf619, 0x5}, {0x3, 0x2, 0x21be}, {0xa, 0x2, 0xffffffff00000000}, {0x3ff, 0x76, 0x9}, {0x0, 0xf53, 0x6}, {0x1, 0x8001, 0x1a8437b7}, {0xd6e, 0x4, 0x7ff}]}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000340)={0x14, r2, 0x1, 0x70bd27, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x400c000) 8.286983393s ago: executing program 2 (id=2209): unshare$auto(0x40000080) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x101901, 0x0) mremap$auto(0x110c230000, 0x0, 0x101, 0x3, 0x7fffffffe000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r1, 0x0) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000440)=ANY=[@ANYBLOB="200000005393ba822b4e9238421bd604ed63e241af89a5c2fb9a382d95d6ad89686d8bbd2fe073c3df9c10b94daf6da5928d3288a6d6f2002ad7739abeb3bde6ced59b2de66f277e7105b442be1d21c6dcb926250f", @ANYRESHEX=r0, @ANYRES64, @ANYRES32=0x0, @ANYRESHEX=r1], 0x20}, 0x1, 0x0, 0x0, 0x40090}, 0x80000) close_range$auto(0x2, 0x8, 0x0) socket(0x1e, 0x3, 0xc) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000000c0)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x60008805}, 0x4040050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) madvise$auto(0x0, 0x7ff7ffffffffffff, 0x3) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r5 = prctl$auto(0x3e, 0x7, 0x0, 0x1, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, 0x0) write$auto(r4, &(0x7f0000000300)='/devdio1\x00\xb6\xf1+3d\xd5\xe6\xafh\xb30\x19\xa9T\x89\xdc\xc7\xf0=N\x1b\xb5\xea\xeeA\xb2N\xc2\x99\x06E;f\xff\xd94,\a\xe3S\xb2\xa4@\xb3\x9ez\xd5Tc {\x9d\xadp#\x1c\xc8\xcdO\xcc\xd2\x99\xce\x119\xec\xc3w\xe9\x95t\xeb\xb0\xe4\'o\xc8\b\x00\x00\x00\x00\x00\x00\x00\xadj\xa3\xado\xcc\x8f\xfe\x82iNl\xb3\x8d\xa1\xd2j\x05\xe2\xaf\xcd@\xbb\x17>\xfbM\x83\x99\\sAtO\t]\x19;\xb6\xd6\xc5J>\x96\x80\t,\x1e\x84\x9fZ,\xca', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r6 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r6, &(0x7f00000000c0)={{&(0x7f00000001c0)="62f2f9565c31d32871df2bf2c669d570777447b897d21dd68d55e8870b006cd6d19fd381f87c6343fbe64c61c4307264a69d1af5d90b6acd943f3a7e90a9387add00"/81, 0xffff8002, 0x0, 0xc, 0x0, 0x21, 0xb}, 0xdd3c}, 0x3, 0x21000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) ioctl$auto(0xffffffffffffffff, 0x541b, 0x24) recvmmsg$auto(0x3, 0x0, 0xfffe, 0x83, 0x0) 7.95489377s ago: executing program 4 (id=2210): mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) madvise$auto(0x7, 0x4a7, 0x2) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_SET_MESH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="060000009b6ca310a7b66454ed6a0e25b538a6e5e4fa6e25d60576805b11cd057fbd648f7a4a59be351ce63ef8d362ed", @ANYRES16=r4, @ANYBLOB="010025bd7000fbdbdf250f000000080039000700000008000300", @ANYRES32=r5, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="01002dbd0900fedbdf257e"], 0x14}, 0x1, 0x68, 0x0, 0x24000000}, 0xd0) r6 = gettid() rt_sigqueueinfo$auto(r6, 0x1, 0x0) 7.060371434s ago: executing program 1 (id=2212): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1e, 0x4, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendfile$auto(r0, r1, &(0x7f0000000280)=0x125, 0x100) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000180), 0xffffffffffffffff) get_robust_list$auto(0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/usb/drivers/usbip-host/rebind\x00', 0x121681, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) r3 = openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/error_log\x00', 0x2, 0x0) writev$auto(r3, &(0x7f0000000240)={0x0, 0x80}, 0x7f) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r2, 0x40107447, &(0x7f00000000c0)={0x2415, &(0x7f0000000000)={0x28, 0xf3, 0xb0, @inferred=r2}}) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) r4 = socket(0x1e, 0x4, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0x4, 0x8000, 0x16, 0x2000000001001, 0xfffffffffffffffd, 0xf, 0x9, 0x59f, 0x1, 0x5, 0x2e3, 0x1, 0x0, 0x2000000000000001, 0xc]}, 0x0, 0x0) r5 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_FIOCLEX(r5, 0x5451, 0x8) r6 = socket(0x10, 0x80002, 0x100) getpeername$auto(r6, 0x0, 0x0) r7 = ioctl$auto_dma_heap_fops_dma_heap(0xffffffffffffffff, 0x1a, &(0x7f00000001c0)="d09f0d6974b105acc137a37a63b622b507e162b9b09be179e4f64a302fb56e8abd7a8aaac49cdfbf89c700fdf651b6cfe8501a7c81aa6a1203adc987d4f642149d9898126e030d113eb77945ae9d4dbfdce64effc4f60b1fb58c66cd3e364a0db8710a39c694e5677725cfc38ed6d285e95184") ioctl$auto_MON_IOCG_STATS(r7, 0x80089203, &(0x7f0000000240)={0xf3d6, 0x96d}) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x400001, 0x0) setsockopt$auto(r4, 0x10f, 0x87, 0x0, 0x14) 6.085421662s ago: executing program 1 (id=2214): write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x0) (async) socket(0x11, 0x80007, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r0 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) (async) r1 = getpid() openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/bInterfaceClass\x00', 0x44, 0x0) (async) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/vkms/clients\x00', 0x2100, 0x0) (async) pipe2$auto(&(0x7f00000000c0), 0x0) (async) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) (async) ioctl$auto(r0, 0x40246f4c, 0x38) 5.56450824s ago: executing program 1 (id=2215): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd4\x00', 0x14f602, 0x0) read$auto_mon_fops_stat_usb_mon(0xffffffffffffffff, &(0x7f0000000840)=""/4096, 0x1000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) semtimedop$auto(0x0, 0x0, 0x1f4, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x9, 0x1, 0x1000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0x149182, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/module/workqueue/parameters/default_affinity_scope\x00', 0x1a9242, 0x0) sendfile$auto(r2, r2, 0x0, 0x5) readahead$auto(r0, 0x9, 0x7fffffffffffffff) 4.41688449s ago: executing program 1 (id=2216): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r1 = socket(0x10, 0x2, 0x4) write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80800, 0x0) name_to_handle_at$auto(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.bfq.dequeue\x00', &(0x7f0000001100)={0x8, 0xd, "2e5710c910109d7e"}, &(0x7f0000001180), 0x2) sendfile$auto(0x1, r3, 0x0, 0x400007ffff000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket(0x2, 0x3, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_0={0xa, 0x200000b8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2a3ce63f0000f8ffffff00", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000480), r1) 4.377472537s ago: executing program 4 (id=2217): r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(r0, 0xc0104d08, r0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty42\x00', 0x40741, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/uapsd_queues\x00', 0x2, 0x0) (async) mmap$auto(0x0, 0x2021009, 0x1fd, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) read$auto(0x3, 0x0, 0x7) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/mtd/mtd0/type\x00', 0x82500, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000280)=""/106, 0x6a) (async) mknod$auto(0x0, 0xea3, 0x2) (async) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0x402c542d, r1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/card1/cable#0\x00', 0x8f3b7a51b80ebd01, 0x0) (async) waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000340)={@siginfo_0_0={0x101, 0x2, 0x8000, @_sigsys={&(0x7f0000000240)="b089237097b88e40064c533331bb0ef0f3871bb6271d7c7ebbe31d346d27fcd831cda35f211ad5adaa038e646c925d67cb31086631f969ce129b0382463779415e39b70fdf797cdb0eca20afbf1e054a9d1bf9b9fa44a34ce03f43ec9f1a78f74d9ccfca985bd58f840af3597c60703d4620907775a0081ef431f8be10d6c7e35ff52ec27aa3d1eadd29fe6529475538b872e0ee7197cf928e9dff0c41514b651f787dcf714aff7f2ec83d8412b0ad30a25b00075552903ebc130811936d5bd79f1741067769d3a50baa767782d8d0426cfc", 0x9, 0x2}}}, 0x3ff, &(0x7f00000003c0)={{0x3, 0x1000000007}, {0xc, 0x4}, 0xc4, 0x5, 0x7f, 0xffffffffff000002, 0x9, 0x5, 0x400, 0x6, 0xa511, 0x100, 0x1, 0x6, 0xbdf6, 0x819b}) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x80000000000000a, 0x2, 0x0) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop7/trace/act_mask\x00', 0x402, 0x0) ioctl$auto(r0, 0x1, r3) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r4 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) ioctl$auto_FUSE_DEV_IOC_CLONE(r4, 0x8004e500, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0xc01) (async) write$auto(0x3, 0x0, 0xfffffdef) 3.713487721s ago: executing program 4 (id=2219): mmap$auto(0x800000, 0x202000b, 0x4, 0x15, 0xfffffffffffffffa, 0x0) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x4000, 0x0) mmap$auto(0x3, 0x3, 0x4000000000e0, 0x18, r0, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sysfs$auto(0x2, 0x23, 0x0) r1 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r1, 0x0, 0x3) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa}, 0x58) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/platform/i8042/serio0/softrepeat\x00', 0xb02, 0x0) sendfile$auto(r2, r2, 0x0, 0x3) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x1, 0x2020009, 0x3, 0xebe, 0xfffffffffffffffa, 0x8000) shmctl$auto_IPC_SET(0xc, 0x1, &(0x7f0000000300)={{0xffffffff, 0xffffffffffffffff, 0xee01, 0x1000, 0xae, 0x9, 0x6}, 0x1, 0x7, 0x2, 0x280, @raw, @raw=0x5, 0x3, 0x0, &(0x7f0000000140)="4666def67af41b4f051e39fd6511fd6cfab11faa93fdd757f3a42ab52c0db46c7c57737a54cb9ad1fccd9f47e3400debebecee8c4b3ab4b0ecd15cb89799d7a8a423d738e2914ff98f43b494873650cfa841ca9b379cdbceb067f222f9852e4e248e519e6e2d25bc83b3fb9ec16cbc5fe503b9662d19861c9bb377749418140efde7024c7215d323a6c79c5be94bc04ed0d9afbb9c9574ff829522a54b91ef7bcef85e226564639c87b944203a6814a00eea8134d42bc137511ab276827b7ee17d85c2722c34b6d9cd3c095bd1094df859fd44defb05f086d48e42b8cfe4f20b057126cfb78738004716a5e21149cc372c89149624db4102", &(0x7f0000000240)="41b431f15aa64d11716c2908cc9f948827ddb702f4ae4ad578a4d9e2fa81507ca870d066e25696b0b2ac35abb53a8fc6e9df9fdbbc11fe705ab85e88111e5684e28f8599bc486b93eea020ee76a340a548c82e805e2d182d741e51d53c799f7bb722a591e8ac4c48f3317ac8926b8b"}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nullb0/queue/virt_boundary_mask\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000380)=""/265, 0x109) mmap$auto(0x0, 0x100, 0x4000000000df, 0x80000000eb1, 0x401, 0x8000) r4 = socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x408, 0x3, 0x10101, 0x6fb7, 0x8a, 0x4, r4, [0x100, 0x5, 0x7f], {0x2, 0x7, 0x3034, 0xc, 0x7, 0x1, 0x5, 0xfffffff9, 0x6}, {0x6, 0x3, 0x0, 0xbffff000, 0x8, 0x20b85, 0x5, 0x837, 0x8}}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB='_\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0xb, 0xa, 0xd9) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r5 = socket(0xa, 0x1, 0x84) bind$auto(r5, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) 3.046423894s ago: executing program 3 (id=2220): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/netfilter/nf_conntrack_log_invalid\x00', 0x101202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) (async) setsockopt$auto_SO_RCVPRIORITY(r0, 0x8, 0x52, &(0x7f0000000040)='{)-]:{\x00', 0x3ff) write$auto(0x3, 0x0, 0x7) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$auto_batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_VLAN(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x7c, r2, 0x4, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_BLA_ADDRESS={0xa, 0x1f, @multicast}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x10000}, @BATADV_ATTR_TT_ADDRESS={0xa, 0x10, @random="48d0eed7fdb8"}, @BATADV_ATTR_ALGO_NAME={0x35, 0x2, '/proc/sys/net/netfilter/nf_conntrack_log_invalid\x00'}, @BATADV_ATTR_DAT_CACHE_VID={0x6, 0x25, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}]}, 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) 2.793065379s ago: executing program 3 (id=2221): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r1 = socket(0x10, 0x2, 0x4) write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80800, 0x0) name_to_handle_at$auto(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.bfq.dequeue\x00', &(0x7f0000001100)={0x8, 0xd, "2e5710c910109d7e"}, &(0x7f0000001180), 0x2) sendfile$auto(0x1, r3, 0x0, 0x400007ffff000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket(0x2, 0x3, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_0={0xa, 0x200000b8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2a3ce63f0000f8ffffff00", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000480), r1) 2.475279985s ago: executing program 1 (id=2222): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00'}) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c7"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) r1 = socket(0x10, 0x2, 0x4) write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80800, 0x0) name_to_handle_at$auto(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.bfq.dequeue\x00', &(0x7f0000001100)={0x8, 0xd, "2e5710c910109d7e"}, &(0x7f0000001180), 0x2) sendfile$auto(0x1, r3, 0x0, 0x400007ffff000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) socket(0x2, 0x3, 0xa) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f0000000280)=@bpf_attr_0={0xa, 0x200000b8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2a3ce63f0000f8ffffff00", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6}, 0xf) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000480), r1) 2.193329273s ago: executing program 4 (id=2223): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x1, 0x2020009, 0x3, 0x800000000000eb5, 0xfffffffffffffffa, 0x7fffffffffffffff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x40802, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000002180)='/dev/tty1\x00', 0x101000, 0x0) r1 = epoll_create1$auto(0x1) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000040), r2) sendmsg$auto_OVS_VPORT_CMD_GET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYRES32=0x0, @ANYRES32=r2, @ANYBLOB="010027b57100fedbdf250300000004000a326724d88d9b264a78d1c46919b9fa9a06b34279af42e72bc5bc5d5a15226b49cca8ca715e9a36f4bfe4a9d4cba2db92b113110bd92c8c876554ae9c3f574db9ad58895d97fd9d48eb603b026f2e270c2b5406a0fbd1a76b0c19111d94fe213116bbcc7f7fccd8d5ed958b191d6771776d18cb56a064d8c992148aa94c6ddff9742fcf3cc8439c6c4fae96fe576d3192e342b74b03a51dde5c2e378c0f98647e4c41549628023fbf43d455327ad51abf6b80016fef81a3fe7b"], 0x20}, 0x1, 0x0, 0x0, 0x20000080}, 0x0) ioctl$auto_XFS_IOC_FD_TO_HANDLE(r1, 0xc038586a, &(0x7f0000002140)={r2, 0x0, 0x7fff, 0x0, 0x1, &(0x7f00000020c0)="473fa849773c", &(0x7f0000002100)=0x7}) unshare$auto(0x40000080) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r0, r3, 0x0, 0x1) madvise$auto(0x4, 0xfffffffffffb0005, 0x17) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="0f000000f06901f455520d52000066df371047ec4ad8afc8b1224e7cc137a44d7028bdd9938a344497fa6e9094e131495d63612ef075e2ab579e27f5477ccba363416b03c05a5ccb369438bb2c1da0b6c6b802958eae926acc9be16ad20e85d969717ee6fe8d1c9f3a8e994e8e15b902b6e41a156281e6d941f5256ac2e9c575a28b070ccdf065a671565093fcf94c3364d2a592ff4be911da65166f4e425181af431c31b7f929d3f9e3bc5caafee0cc22417ede7a330f430f13bc8988fdf55e006dcdb4ea16e03ad967dd741a24fcf77efdd1e4936b727ba5cf0803c6a628c0dd3668289595ff6ce49ff7b6d1a7ccd6ab9cc85b2dddce3babf10634932e2d93916f4380b4584106a60e61c04ccde4d9600849"], 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r4, 0x0, 0x1800) madvise$auto(0x80000001, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x9, 0x1, 0x80e3, 0xeb1, 0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x2, 0xffffffffffff0003, 0x101) memfd_secret$auto(0x0) 1.76798878s ago: executing program 3 (id=2224): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rpc/auth.unix.gid/flush\x00', 0x1abf01, 0x0) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) getrlimit$auto(0x3, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x3, 0x2, 0x3, 0x1) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x8, 0xb, 0x8000a, 0x400000004) keyctl$auto_KEYCTL_SESSION_TO_PARENT(0x12, 0x401, 0x200000000000000, 0xfffffffffffffff8, 0x0) setrlimit$auto(0xc, &(0x7f0000000040)={0x5, 0x2}) socket(0xf, 0x800, 0x4) mmap$auto(0x1, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) ioctl$auto(0x3, 0xae41, r1) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/admmidi2\x00', 0x88042, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/loop4\x00', 0x119a02, 0x0) ioprio_set$auto(0x1, 0x0, 0x0) sendfile$auto(r0, r0, 0x0, 0x170000000000) read$auto(r2, 0x0, 0x20) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x244002, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x20800, 0x0) close_range$auto(r3, 0x8, 0x3) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/bond0/queues/tx-0/xps_cpus\x00', 0x10b062, 0x0) write$auto(r4, &(0x7f00000001c0)=',\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x10000000000081) pwrite64$auto(r0, 0x0, 0xfdf3, 0x3) prctl$auto(0x6, 0x771c, 0xffffffffffffffff, 0x7, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptyv2\x00', 0xf29c0, 0x0) prctl$auto(0x35, 0x1, 0x2, 0x0, 0x0) 615.03052ms ago: executing program 3 (id=2225): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/kvm_amd/parameters/pause_filter_thresh\x00', 0x200, 0x0) bpf$auto_BPF_PROG_LOAD(0x5, &(0x7f0000000000)=@raw_tracepoint={0x4, 0xffffffffffffffff, 0x0, 0x5}, 0x40) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) mremap$auto(0x0, 0x2, 0x8, 0x3, 0x7effffffb000) brk$auto(0x7fffffffefff) 571.178464ms ago: executing program 1 (id=2226): mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x404, 0x8000) read$auto_show_traces_fops_trace(0xffffffffffffffff, &(0x7f0000000140)=""/126, 0x7e) read$auto(0xffffffffffffffff, 0x0, 0x20) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$auto_TUNSETSNDBUF2(0xffffffffffffffff, 0x400454d4, &(0x7f0000000000)=0x8) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000100), 0x60423, 0x0) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) madvise$auto(0x0, 0xfffffffbf7ff0005, 0x200419) madvise$auto(0xfffffffffffffffd, 0x9, 0x4) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SCHED_CORE_CREATE(0x10, 0x1, 0x0, 0x7, 0x1831) r0 = prctl$auto(0x1000000003b, 0x8, 0x0, 0x5, 0x80000000000006) unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) semtimedop$auto(0x0, 0x0, 0x1, 0x0) sysfs$auto(0x2, 0x16, 0x0) rseq$auto(0x0, 0x8000, 0x0, 0x6) shmdt$auto(0x0) unshare$auto(0x7) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) fallocate$auto(0xffffffffffffffff, 0x0, 0x7, 0x4cbd5d) mincore$auto(0x1000, 0x4000000, 0x0) listen$auto(0x3, 0x81) mremap$auto(0x8, 0x8000000000000001, 0x0, 0x3, 0x2) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x8000000) mmap$auto(0xfffffffffffffffd, 0x7, 0x3, 0xeb1, r0, 0x8000) r2 = socket(0x5, 0x1, 0xffffffff) getsockopt$auto(r2, 0x6, 0x9, 0x0, 0x0) 233.559841ms ago: executing program 3 (id=2227): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) (async) ioctl$auto_XFS_IOC_GETPARENTS_BY_HANDLE(0xffffffffffffffff, 0xc040583f, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x400000eb1, 0xffffffffffffffff, 0x8000) (async) socket(0x1e, 0x3, 0x2fc) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000400)={{0x0, 0x5aa, 0x0, 0x1, 0x0, 0x5, 0x3}, 0x5}, 0x2, 0x100) (async) r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) readv$auto(r0, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) sendmsg$auto_TIPC_NL_PUBL_GET(0xffffffffffffffff, 0x0, 0x840) (async) io_uring_setup$auto(0x6, 0x0) (async) socket(0x2, 0x5, 0x0) ustat$auto(0x7fd, 0x0) (async) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x20004080) setsockopt$auto(0x3, 0x10000000084, 0x79, 0x0, 0x8) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/maps\x00', 0x100, 0x0) 0s ago: executing program 3 (id=2228): connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x7, @local}, 0x50) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:04.0/revision\x00', 0x8a080, 0x0) mmap$auto(0xfffffffffffffffd, 0x729, 0x9, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev0\x00', 0x0, 0x0) mmap$auto(0x0, 0x7, 0xdf, 0x9b73, 0x7, 0x28000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x7, 0x3, 0x10001, 0x3, 0x5e, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) prctl$auto(0x4e, 0x9, 0x0, 0x7f, 0x2) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x62, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nullb0/queue/scheduler\x00', 0xca002, 0x0) sendfile$auto(r1, r1, 0x0, 0x7ffff000) close_range$auto(0x2, 0x8, 0x0) readv$auto(0xffffffffffffffff, 0x0, 0x200000000080003) getrandom$auto(0x0, 0x6000000, 0x3) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0xffffffffffffffff, 0xfffffffffffefffb, 0x17) openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x8002, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop2/integrity/write_generate\x00', 0x2b02, 0x0) sendfile$auto(r2, r2, 0x0, 0xb2d) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_show_traces_fops_trace(0xffffffffffffff9c, 0x0, 0x826c0, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) kernel console output (not intermixed with test programs):                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              syzkaller syzkaller login: [ 448.417140][T13372] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1759'. [ 449.430122][T13407] FAULT_INJECTION: forcing a failure. [ 449.430122][T13407] name failslab, interval 1, probability 0, space 0, times 0 [ 449.490883][T13407] CPU: 1 UID: 0 PID: 13407 Comm: syz.4.1768 Tainted: G L syzkaller #0 PREEMPT(full) [ 449.490911][T13407] Tainted: [L]=SOFTLOCKUP [ 449.490916][T13407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 449.490926][T13407] Call Trace: [ 449.490931][T13407] [ 449.490938][T13407] dump_stack_lvl+0x16c/0x1f0 [ 449.490964][T13407] should_fail_ex+0x512/0x640 [ 449.490981][T13407] ? __kmalloc_cache_noprof+0x5f/0x800 [ 449.491000][T13407] should_failslab+0xc2/0x120 [ 449.491025][T13407] __kmalloc_cache_noprof+0x80/0x800 [ 449.491043][T13407] ? kobject_uevent_env+0x265/0x1920 [ 449.491063][T13407] ? kobject_uevent_env+0x265/0x1920 [ 449.491079][T13407] kobject_uevent_env+0x265/0x1920 [ 449.491095][T13407] ? __pfx_dev_uevent_name+0x10/0x10 [ 449.491110][T13407] ? __pfx_dentry_path_raw+0x10/0x10 [ 449.491127][T13407] ? kvm_uevent_notify_change.part.0+0x32d/0x450 [ 449.491155][T13407] kvm_uevent_notify_change.part.0+0x3ae/0x450 [ 449.491179][T13407] ? __pfx_kvm_vm_release+0x10/0x10 [ 449.491197][T13407] kvm_put_kvm+0xe3/0xb00 [ 449.491215][T13407] ? lockdep_hardirqs_on+0x7c/0x110 [ 449.491237][T13407] ? _raw_spin_unlock_irq+0x2e/0x50 [ 449.491259][T13407] ? __pfx_kvm_vm_release+0x10/0x10 [ 449.491276][T13407] kvm_vm_release+0x3c/0x50 [ 449.491294][T13407] __fput+0x402/0xb70 [ 449.491312][T13407] task_work_run+0x150/0x240 [ 449.491329][T13407] ? __pfx_task_work_run+0x10/0x10 [ 449.491344][T13407] ? __do_sys_close_range+0x278/0x730 [ 449.491371][T13407] exit_to_user_mode_loop+0xfb/0x540 [ 449.491392][T13407] do_syscall_64+0x4ee/0xf80 [ 449.491415][T13407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.491430][T13407] RIP: 0033:0x7f582138f7c9 [ 449.491443][T13407] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 449.491457][T13407] RSP: 002b:00007f5822211038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 449.491472][T13407] RAX: 0000000000000000 RBX: 00007f58215e5fa0 RCX: 00007f582138f7c9 [ 449.491481][T13407] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 449.491490][T13407] RBP: 00007f5821413f91 R08: 0000000000000000 R09: 0000000000000000 [ 449.491498][T13407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 449.491507][T13407] R13: 00007f58215e6038 R14: 00007f58215e5fa0 R15: 00007fff9eba9a18 [ 449.491527][T13407] [ 450.268089][ T30] audit: type=1804 audit(20599.940:11): pid=13413 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1770" name="file0" dev="tmpfs" ino=2581 res=1 errno=0 [ 451.823723][T13443] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1776'. [ 453.032567][T13469] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1783'. [ 453.751119][T13481] Console: switching to colour VGA+ 80x25 [ 453.799758][T13482] openvswitch: netlink: IPv6 tunnel dst address is zero [ 454.562732][ T5964] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 456.534265][T13542] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1803'. [ 456.853921][T13546] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1804'. [ 458.944507][T13586] FAULT_INJECTION: forcing a failure. [ 458.944507][T13586] name failslab, interval 1, probability 0, space 0, times 0 [ 459.027449][T13586] CPU: 1 UID: 0 PID: 13586 Comm: syz.1.1812 Tainted: G L syzkaller #0 PREEMPT(full) [ 459.027476][T13586] Tainted: [L]=SOFTLOCKUP [ 459.027482][T13586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 459.027491][T13586] Call Trace: [ 459.027496][T13586] [ 459.027502][T13586] dump_stack_lvl+0x16c/0x1f0 [ 459.027529][T13586] should_fail_ex+0x512/0x640 [ 459.027546][T13586] ? __kmalloc_cache_noprof+0x5f/0x800 [ 459.027565][T13586] should_failslab+0xc2/0x120 [ 459.027588][T13586] __kmalloc_cache_noprof+0x80/0x800 [ 459.027605][T13586] ? kobject_uevent_env+0x265/0x1920 [ 459.027623][T13586] ? kobject_uevent_env+0x265/0x1920 [ 459.027639][T13586] kobject_uevent_env+0x265/0x1920 [ 459.027654][T13586] ? __pfx_dev_uevent_name+0x10/0x10 [ 459.027669][T13586] ? __pfx_dentry_path_raw+0x10/0x10 [ 459.027686][T13586] ? kvm_uevent_notify_change.part.0+0x32d/0x450 [ 459.027712][T13586] kvm_uevent_notify_change.part.0+0x3ae/0x450 [ 459.027736][T13586] ? __pfx_kvm_vm_release+0x10/0x10 [ 459.027758][T13586] kvm_put_kvm+0xe3/0xb00 [ 459.027776][T13586] ? lockdep_hardirqs_on+0x7c/0x110 [ 459.027798][T13586] ? _raw_spin_unlock_irq+0x2e/0x50 [ 459.027820][T13586] ? __pfx_kvm_vm_release+0x10/0x10 [ 459.027837][T13586] kvm_vm_release+0x3c/0x50 [ 459.027855][T13586] __fput+0x402/0xb70 [ 459.027874][T13586] task_work_run+0x150/0x240 [ 459.027894][T13586] ? __pfx_task_work_run+0x10/0x10 [ 459.027918][T13586] ? __do_sys_close_range+0x278/0x730 [ 459.027946][T13586] exit_to_user_mode_loop+0xfb/0x540 [ 459.027967][T13586] do_syscall_64+0x4ee/0xf80 [ 459.027991][T13586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.028007][T13586] RIP: 0033:0x7fbf6bf8f7c9 [ 459.028019][T13586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.028033][T13586] RSP: 002b:00007fbf6ceec038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 459.028047][T13586] RAX: 0000000000000000 RBX: 00007fbf6c1e5fa0 RCX: 00007fbf6bf8f7c9 [ 459.028056][T13586] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 459.028065][T13586] RBP: 00007fbf6c013f91 R08: 0000000000000000 R09: 0000000000000000 [ 459.028073][T13586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 459.028082][T13586] R13: 00007fbf6c1e6038 R14: 00007fbf6c1e5fa0 R15: 00007fff75180088 [ 459.028101][T13586] [ 460.476158][T13613] openvswitch: netlink: Missing valid actions attribute. [ 462.451496][T13662] netlink: 290 bytes leftover after parsing attributes in process `syz.2.1830'. [ 462.670225][T13670] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1833'. [ 464.577816][T13713] FAULT_INJECTION: forcing a failure. [ 464.577816][T13713] name failslab, interval 1, probability 0, space 0, times 0 [ 464.737212][T13713] CPU: 1 UID: 0 PID: 13713 Comm: syz.4.1847 Tainted: G L syzkaller #0 PREEMPT(full) [ 464.737239][T13713] Tainted: [L]=SOFTLOCKUP [ 464.737245][T13713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 464.737254][T13713] Call Trace: [ 464.737260][T13713] [ 464.737267][T13713] dump_stack_lvl+0x16c/0x1f0 [ 464.737294][T13713] should_fail_ex+0x512/0x640 [ 464.737318][T13713] ? __kmalloc_cache_node_noprof+0x62/0x830 [ 464.737344][T13713] should_failslab+0xc2/0x120 [ 464.737368][T13713] __kmalloc_cache_node_noprof+0x83/0x830 [ 464.737389][T13713] ? __get_vm_area_node+0x101/0x330 [ 464.737413][T13713] ? register_lock_class+0x41/0x4b0 [ 464.737430][T13713] ? __get_vm_area_node+0x101/0x330 [ 464.737451][T13713] __get_vm_area_node+0x101/0x330 [ 464.737477][T13713] __vmalloc_node_range_noprof+0x247/0x16b0 [ 464.737492][T13713] ? n_tty_open+0x1a/0x170 [ 464.737505][T13713] ? do_raw_spin_lock+0x12c/0x2b0 [ 464.737526][T13713] ? n_tty_open+0x1a/0x170 [ 464.737544][T13713] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 464.737559][T13713] ? __ldsem_down_write_nested+0xfd/0x850 [ 464.737572][T13713] ? __ldsem_down_write_nested+0x10e/0x850 [ 464.737585][T13713] ? lockdep_init_map_type+0x5c/0x270 [ 464.737602][T13713] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 464.737620][T13713] ? n_tty_open+0x1a/0x170 [ 464.737632][T13713] __vmalloc_node_noprof+0xad/0xf0 [ 464.737646][T13713] ? n_tty_open+0x1a/0x170 [ 464.737658][T13713] ? __pfx_n_tty_open+0x10/0x10 [ 464.737672][T13713] n_tty_open+0x1a/0x170 [ 464.737685][T13713] ? __pfx_n_tty_open+0x10/0x10 [ 464.737697][T13713] tty_ldisc_open+0x9f/0x120 [ 464.737716][T13713] tty_ldisc_setup+0x40/0x100 [ 464.737735][T13713] tty_init_dev.part.0+0x1ec/0x500 [ 464.737759][T13713] tty_init_dev+0x60/0x80 [ 464.737781][T13713] ptmx_open+0x15e/0x3c0 [ 464.737798][T13713] ? __pfx_ptmx_open+0x10/0x10 [ 464.737815][T13713] chrdev_open+0x234/0x6a0 [ 464.737837][T13713] ? __pfx_apparmor_file_open+0x10/0x10 [ 464.737852][T13713] ? __pfx_chrdev_open+0x10/0x10 [ 464.737875][T13713] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 464.737902][T13713] do_dentry_open+0x748/0x1590 [ 464.737923][T13713] ? __pfx_chrdev_open+0x10/0x10 [ 464.737951][T13713] vfs_open+0x82/0x3f0 [ 464.737969][T13713] path_openat+0x2078/0x3140 [ 464.737998][T13713] ? __pfx_path_openat+0x10/0x10 [ 464.738027][T13713] do_filp_open+0x20b/0x470 [ 464.738049][T13713] ? __pfx_do_filp_open+0x10/0x10 [ 464.738085][T13713] ? alloc_fd+0x471/0x7d0 [ 464.738111][T13713] do_sys_openat2+0x121/0x290 [ 464.738131][T13713] ? __pfx_do_sys_openat2+0x10/0x10 [ 464.738148][T13713] ? find_held_lock+0x2b/0x80 [ 464.738172][T13713] __x64_sys_openat+0x174/0x210 [ 464.738189][T13713] ? __pfx___x64_sys_openat+0x10/0x10 [ 464.738214][T13713] do_syscall_64+0xcd/0xf80 [ 464.738239][T13713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.738254][T13713] RIP: 0033:0x7f582138f7c9 [ 464.738268][T13713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.738283][T13713] RSP: 002b:00007f58221cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 464.738303][T13713] RAX: ffffffffffffffda RBX: 00007f58215e6180 RCX: 00007f582138f7c9 [ 464.738314][T13713] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 464.738323][T13713] RBP: 00007f5821413f91 R08: 0000000000000000 R09: 0000000000000000 [ 464.738332][T13713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.738341][T13713] R13: 00007f58215e6218 R14: 00007f58215e6180 R15: 00007fff9eba9a18 [ 464.738362][T13713] [ 465.525505][T13713] syz.4.1847: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 465.585608][T13713] CPU: 1 UID: 0 PID: 13713 Comm: syz.4.1847 Tainted: G L syzkaller #0 PREEMPT(full) [ 465.585636][T13713] Tainted: [L]=SOFTLOCKUP [ 465.585642][T13713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 465.585652][T13713] Call Trace: [ 465.585657][T13713] [ 465.585664][T13713] dump_stack_lvl+0x16c/0x1f0 [ 465.585691][T13713] warn_alloc+0x248/0x3a0 [ 465.585711][T13713] ? __pfx_warn_alloc+0x10/0x10 [ 465.585728][T13713] ? trace_kmalloc+0x2b/0xb0 [ 465.585751][T13713] ? __get_vm_area_node+0x101/0x330 [ 465.585777][T13713] ? __kasan_kmalloc+0x8a/0xb0 [ 465.585797][T13713] ? __get_vm_area_node+0x208/0x330 [ 465.585824][T13713] __vmalloc_node_range_noprof+0xbe0/0x16b0 [ 465.585845][T13713] ? n_tty_open+0x1a/0x170 [ 465.585865][T13713] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 465.585880][T13713] ? __ldsem_down_write_nested+0xfd/0x850 [ 465.585893][T13713] ? __ldsem_down_write_nested+0x10e/0x850 [ 465.585906][T13713] ? lockdep_init_map_type+0x5c/0x270 [ 465.585925][T13713] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 465.585942][T13713] ? n_tty_open+0x1a/0x170 [ 465.585955][T13713] __vmalloc_node_noprof+0xad/0xf0 [ 465.585969][T13713] ? n_tty_open+0x1a/0x170 [ 465.585981][T13713] ? __pfx_n_tty_open+0x10/0x10 [ 465.585995][T13713] n_tty_open+0x1a/0x170 [ 465.586008][T13713] ? __pfx_n_tty_open+0x10/0x10 [ 465.586021][T13713] tty_ldisc_open+0x9f/0x120 [ 465.586040][T13713] tty_ldisc_setup+0x40/0x100 [ 465.586060][T13713] tty_init_dev.part.0+0x1ec/0x500 [ 465.586084][T13713] tty_init_dev+0x60/0x80 [ 465.586106][T13713] ptmx_open+0x15e/0x3c0 [ 465.586123][T13713] ? __pfx_ptmx_open+0x10/0x10 [ 465.586139][T13713] chrdev_open+0x234/0x6a0 [ 465.586161][T13713] ? __pfx_apparmor_file_open+0x10/0x10 [ 465.586177][T13713] ? __pfx_chrdev_open+0x10/0x10 [ 465.586200][T13713] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 465.586227][T13713] do_dentry_open+0x748/0x1590 [ 465.586248][T13713] ? __pfx_chrdev_open+0x10/0x10 [ 465.586275][T13713] vfs_open+0x82/0x3f0 [ 465.586293][T13713] path_openat+0x2078/0x3140 [ 465.586331][T13713] ? __pfx_path_openat+0x10/0x10 [ 465.586361][T13713] do_filp_open+0x20b/0x470 [ 465.586383][T13713] ? __pfx_do_filp_open+0x10/0x10 [ 465.586421][T13713] ? alloc_fd+0x471/0x7d0 [ 465.586449][T13713] do_sys_openat2+0x121/0x290 [ 465.586466][T13713] ? __pfx_do_sys_openat2+0x10/0x10 [ 465.586483][T13713] ? find_held_lock+0x2b/0x80 [ 465.586507][T13713] __x64_sys_openat+0x174/0x210 [ 465.586524][T13713] ? __pfx___x64_sys_openat+0x10/0x10 [ 465.586548][T13713] do_syscall_64+0xcd/0xf80 [ 465.586573][T13713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 465.586589][T13713] RIP: 0033:0x7f582138f7c9 [ 465.586603][T13713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 465.586617][T13713] RSP: 002b:00007f58221cf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 465.586632][T13713] RAX: ffffffffffffffda RBX: 00007f58215e6180 RCX: 00007f582138f7c9 [ 465.586642][T13713] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 465.586652][T13713] RBP: 00007f5821413f91 R08: 0000000000000000 R09: 0000000000000000 [ 465.586661][T13713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 465.586670][T13713] R13: 00007f58215e6218 R14: 00007f58215e6180 R15: 00007fff9eba9a18 [ 465.586690][T13713] [ 465.586696][T13713] Mem-Info: [ 466.095437][ T30] audit: type=1800 audit(20615.640:12): pid=13719 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1849" name="dbroot" dev="configfs" ino=60015 res=0 errno=0 [ 467.516577][T13713] active_anon:64534 inactive_anon:9 isolated_anon:0 [ 467.516577][T13713] active_file:17845 inactive_file:45579 isolated_file:0 [ 467.516577][T13713] unevictable:768 dirty:585 writeback:0 [ 467.516577][T13713] slab_reclaimable:13086 slab_unreclaimable:103018 [ 467.516577][T13713] mapped:53306 shmem:56336 pagetables:1564 [ 467.516577][T13713] sec_pagetables:0 bounce:0 [ 467.516577][T13713] kernel_misc_reclaimable:0 [ 467.516577][T13713] free:1240085 free_pcp:5227 free_cma:0 [ 467.712800][T13713] Node 0 active_anon:267288kB inactive_anon:36kB active_file:71376kB inactive_file:182184kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:213896kB dirty:2340kB writeback:0kB shmem:229716kB shmem_thp:4096kB shmem_pmdmapped:2048kB anon_thp:0kB kernel_stack:14112kB pagetables:6268kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 467.855499][T13713] Node 1 active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:4kB dirty:0kB writeback:0kB shmem:1972kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 467.975489][T13713] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 468.105531][T13713] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 468.142768][T13713] Node 0 DMA32 free:1015584kB boost:0kB min:34092kB low:42612kB high:51132kB reserved_highatomic:0KB free_highatomic:0KB active_anon:265176kB inactive_anon:36kB active_file:71376kB inactive_file:182184kB unevictable:1536kB writepending:2364kB zspages:0kB present:3129332kB managed:2541020kB mlocked:0kB bounce:0kB free_pcp:25368kB local_pcp:25368kB free_cma:0kB [ 468.279888][T13713] lowmem_reserve[]: 0 0 1 1 1 [ 468.305152][T13713] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 468.478244][T13713] lowmem_reserve[]: 0 0 0 0 0 [ 468.530641][T13713] Node 1 Normal free:3910304kB boost:0kB min:55784kB low:69728kB high:83672kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:4kB inactive_file:132kB unevictable:1536kB writepending:4kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:500kB local_pcp:500kB free_cma:0kB [ 468.758734][T13713] lowmem_reserve[]: 0 0 0 0 0 [ 468.780065][T13713] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 468.865525][T13713] Node 0 DMA32: 1336*4kB (U) 2862*8kB (UME) 1567*16kB (U) 57*32kB (UME) 18*64kB (UE) 225*128kB (UME) 261*256kB (UM) 140*512kB (UM) 125*1024kB (UM) 6*2048kB (UM) 159*4096kB (M) = 1015136kB [ 468.955701][T13713] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 469.018185][T13713] Node 1 Normal: 68*4kB (UME) 56*8kB (UME) 37*16kB (UME) 214*32kB (UME) 99*64kB (UME) 30*128kB (UME) 17*256kB (UME) 9*512kB (UM) 2*1024kB (ME) 1*2048kB (E) 947*4096kB (M) = 3910304kB [ 469.112531][T13713] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 469.161297][T13713] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 469.226992][T13713] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 469.287890][T13713] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 469.329007][T13713] 115389 total pagecache pages [ 469.349397][T13713] 97 pages in swap cache [ 469.387693][T13713] Free swap = 122632kB [ 469.406379][T13713] Total swap = 124996kB [ 469.422885][T13713] 2097051 pages RAM [ 469.435502][T13713] 0 pages HighMem/MovableOnly [ 469.485788][T13713] 429770 pages reserved [ 469.507985][T13713] 0 pages cma reserved [ 469.533808][T13713] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 469.786653][T13754] netlink: 346 bytes leftover after parsing attributes in process `syz.3.1858'. [ 470.146167][T13751] can: request_module (can-proto-0) failed. [ 470.808622][T13770] FAULT_INJECTION: forcing a failure. [ 470.808622][T13770] name failslab, interval 1, probability 0, space 0, times 0 [ 470.896083][T13770] CPU: 1 UID: 0 PID: 13770 Comm: syz.1.1863 Tainted: G L syzkaller #0 PREEMPT(full) [ 470.896111][T13770] Tainted: [L]=SOFTLOCKUP [ 470.896116][T13770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 470.896126][T13770] Call Trace: [ 470.896132][T13770] [ 470.896138][T13770] dump_stack_lvl+0x16c/0x1f0 [ 470.896174][T13770] should_fail_ex+0x512/0x640 [ 470.896191][T13770] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 470.896216][T13770] should_failslab+0xc2/0x120 [ 470.896238][T13770] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 470.896259][T13770] ? __kthread_create_on_node+0x186/0x3f0 [ 470.896286][T13770] ? kvasprintf+0xbc/0x150 [ 470.896301][T13770] kvasprintf+0xbc/0x150 [ 470.896318][T13770] ? __pfx_kvasprintf+0x10/0x10 [ 470.896340][T13770] ? __pfx_rxrpc_io_thread+0x10/0x10 [ 470.896354][T13770] __kthread_create_on_node+0x186/0x3f0 [ 470.896377][T13770] ? __pfx___kthread_create_on_node+0x10/0x10 [ 470.896409][T13770] ? __pfx_rxrpc_io_thread+0x10/0x10 [ 470.896423][T13770] kthread_create_on_node+0xc7/0x100 [ 470.896445][T13770] ? __pfx_kthread_create_on_node+0x10/0x10 [ 470.896466][T13770] ? find_held_lock+0x2b/0x80 [ 470.896486][T13770] ? setup_udp_tunnel_sock+0x565/0x680 [ 470.896511][T13770] ? do_raw_spin_unlock+0x172/0x230 [ 470.896532][T13770] rxrpc_open_socket+0x3db/0x6b0 [ 470.896549][T13770] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 470.896565][T13770] ? __pfx_rxrpc_encap_rcv+0x10/0x10 [ 470.896578][T13770] ? __pfx_rxrpc_encap_err_rcv+0x10/0x10 [ 470.896600][T13770] ? rcu_is_watching+0x12/0xc0 [ 470.896623][T13770] rxrpc_lookup_local+0xa01/0x1220 [ 470.896643][T13770] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 470.896661][T13770] ? __local_bh_enable_ip+0xa4/0x120 [ 470.896684][T13770] rxrpc_sendmsg+0x37e/0x680 [ 470.896705][T13770] sock_write_iter+0x566/0x610 [ 470.896729][T13770] ? __pfx_sock_write_iter+0x10/0x10 [ 470.896766][T13770] ? bpf_lsm_file_permission+0x9/0x10 [ 470.896784][T13770] ? security_file_permission+0x71/0x210 [ 470.896804][T13770] ? rw_verify_area+0xcf/0x6c0 [ 470.896825][T13770] vfs_write+0x7d3/0x11d0 [ 470.896846][T13770] ? __pfx_sock_write_iter+0x10/0x10 [ 470.896870][T13770] ? __pfx_vfs_write+0x10/0x10 [ 470.896889][T13770] ? find_held_lock+0x2b/0x80 [ 470.896919][T13770] ksys_write+0x1f8/0x250 [ 470.896939][T13770] ? __pfx_ksys_write+0x10/0x10 [ 470.896965][T13770] do_syscall_64+0xcd/0xf80 [ 470.896989][T13770] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.897004][T13770] RIP: 0033:0x7fbf6bf8f7c9 [ 470.897018][T13770] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 470.897034][T13770] RSP: 002b:00007fbf6ceec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 470.897049][T13770] RAX: ffffffffffffffda RBX: 00007fbf6c1e5fa0 RCX: 00007fbf6bf8f7c9 [ 470.897060][T13770] RDX: 0000000000000081 RSI: 0000000000000000 RDI: 0000000000000003 [ 470.897069][T13770] RBP: 00007fbf6c013f91 R08: 0000000000000000 R09: 0000000000000000 [ 470.897078][T13770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 470.897087][T13770] R13: 00007fbf6c1e6038 R14: 00007fbf6c1e5fa0 R15: 00007fff75180088 [ 470.897108][T13770] [ 471.737086][T13773] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 472.985103][T13801] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1869'. [ 474.674594][T13828] FAULT_INJECTION: forcing a failure. [ 474.674594][T13828] name failslab, interval 1, probability 0, space 0, times 0 [ 474.751825][T13828] CPU: 1 UID: 0 PID: 13828 Comm: syz.1.1876 Tainted: G L syzkaller #0 PREEMPT(full) [ 474.751852][T13828] Tainted: [L]=SOFTLOCKUP [ 474.751858][T13828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 474.751867][T13828] Call Trace: [ 474.751872][T13828] [ 474.751878][T13828] dump_stack_lvl+0x16c/0x1f0 [ 474.751905][T13828] should_fail_ex+0x512/0x640 [ 474.751923][T13828] ? __kmalloc_cache_noprof+0x5f/0x800 [ 474.751941][T13828] should_failslab+0xc2/0x120 [ 474.751965][T13828] __kmalloc_cache_noprof+0x80/0x800 [ 474.751982][T13828] ? kvm_uevent_notify_change.part.0+0x93/0x450 [ 474.752007][T13828] ? kvm_uevent_notify_change.part.0+0x93/0x450 [ 474.752028][T13828] kvm_uevent_notify_change.part.0+0x93/0x450 [ 474.752050][T13828] ? __pfx_kvm_vm_release+0x10/0x10 [ 474.752068][T13828] kvm_put_kvm+0xe3/0xb00 [ 474.752085][T13828] ? lockdep_hardirqs_on+0x7c/0x110 [ 474.752107][T13828] ? _raw_spin_unlock_irq+0x2e/0x50 [ 474.752129][T13828] ? __pfx_kvm_vm_release+0x10/0x10 [ 474.752146][T13828] kvm_vm_release+0x3c/0x50 [ 474.752163][T13828] __fput+0x402/0xb70 [ 474.752182][T13828] task_work_run+0x150/0x240 [ 474.752199][T13828] ? __pfx_task_work_run+0x10/0x10 [ 474.752213][T13828] ? __do_sys_close_range+0x278/0x730 [ 474.752240][T13828] exit_to_user_mode_loop+0xfb/0x540 [ 474.752261][T13828] do_syscall_64+0x4ee/0xf80 [ 474.752285][T13828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.752299][T13828] RIP: 0033:0x7fbf6bf8f7c9 [ 474.752312][T13828] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.752326][T13828] RSP: 002b:00007fbf6ceec038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 474.752340][T13828] RAX: 0000000000000000 RBX: 00007fbf6c1e5fa0 RCX: 00007fbf6bf8f7c9 [ 474.752350][T13828] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 474.752359][T13828] RBP: 00007fbf6c013f91 R08: 0000000000000000 R09: 0000000000000000 [ 474.752367][T13828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 474.752375][T13828] R13: 00007fbf6c1e6038 R14: 00007fbf6c1e5fa0 R15: 00007fff75180088 [ 474.752407][T13828] [ 476.284634][T13843] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1879'. [ 476.703613][T13856] ima: Unable to open file: /suritRy/integrity?iqa/policy (-2) [ 476.917121][T13855] ima: policy update failed [ 476.987849][ T30] audit: type=1802 audit(20626.690:13): pid=13855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.1883" res=0 errno=0 [ 477.732239][T13876] netlink: 252 bytes leftover after parsing attributes in process `syz.4.1888'. [ 477.786274][T13879] netlink: 252 bytes leftover after parsing attributes in process `syz.4.1888'. [ 479.436823][T13898] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 479.486404][T13898] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 479.529786][T13898] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 479.546901][T13898] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 479.594758][T13898] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 479.632635][T13898] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 479.656551][ T5964] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 479.678832][T13898] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 479.716136][T13898] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 479.736428][T13898] CPU0 is offline. [ 480.173735][T13925] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1899'. [ 480.755484][ T5964] Bluetooth: hci0: command 0x0406 tx timeout [ 480.912977][T13940] netlink: 346 bytes leftover after parsing attributes in process `syz.2.1905'. [ 481.555730][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 481.561819][ T5964] Bluetooth: hci2: command 0x0406 tx timeout [ 481.638554][ T5841] Bluetooth: hci3: command 0x2016 tx timeout [ 481.644696][ T5964] Bluetooth: hci4: command 0x0c1a tx timeout [ 483.506869][T13985] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1915'. [ 483.635770][ T5964] Bluetooth: hci2: command 0x0406 tx timeout [ 483.718457][ T5841] Bluetooth: hci3: command 0x2016 tx timeout [ 483.724541][ T5964] Bluetooth: hci4: command 0x0c1a tx timeout [ 485.798371][ T5964] Bluetooth: hci3: command 0x2016 tx timeout [ 485.804453][ T5842] Bluetooth: hci4: command 0x0c1a tx timeout [ 488.820904][T14040] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1928'. [ 491.814915][T14087] FAULT_INJECTION: forcing a failure. [ 491.814915][T14087] name failslab, interval 1, probability 0, space 0, times 0 [ 491.885114][T14087] CPU: 1 UID: 0 PID: 14087 Comm: syz.1.1939 Tainted: G L syzkaller #0 PREEMPT(full) [ 491.885141][T14087] Tainted: [L]=SOFTLOCKUP [ 491.885146][T14087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 491.885155][T14087] Call Trace: [ 491.885161][T14087] [ 491.885167][T14087] dump_stack_lvl+0x16c/0x1f0 [ 491.885194][T14087] should_fail_ex+0x512/0x640 [ 491.885211][T14087] ? kmem_cache_alloc_noprof+0x62/0x770 [ 491.885231][T14087] should_failslab+0xc2/0x120 [ 491.885254][T14087] kmem_cache_alloc_noprof+0x83/0x770 [ 491.885271][T14087] ? seq_open+0x55/0x170 [ 491.885291][T14087] ? seq_open+0x55/0x170 [ 491.885304][T14087] seq_open+0x55/0x170 [ 491.885321][T14087] proc_seq_open+0x9f/0x100 [ 491.885340][T14087] ? __pfx_proc_seq_open+0x10/0x10 [ 491.885361][T14087] proc_reg_open+0x2ab/0x5f0 [ 491.885380][T14087] do_dentry_open+0x748/0x1590 [ 491.885401][T14087] ? __pfx_proc_reg_open+0x10/0x10 [ 491.885423][T14087] vfs_open+0x82/0x3f0 [ 491.885441][T14087] path_openat+0x2078/0x3140 [ 491.885468][T14087] ? __pfx_path_openat+0x10/0x10 [ 491.885496][T14087] do_filp_open+0x20b/0x470 [ 491.885518][T14087] ? __pfx_do_filp_open+0x10/0x10 [ 491.885552][T14087] ? alloc_fd+0x471/0x7d0 [ 491.885578][T14087] do_sys_openat2+0x121/0x290 [ 491.885594][T14087] ? __pfx_do_sys_openat2+0x10/0x10 [ 491.885611][T14087] ? find_held_lock+0x2b/0x80 [ 491.885635][T14087] __x64_sys_openat+0x174/0x210 [ 491.885672][T14087] ? __pfx___x64_sys_openat+0x10/0x10 [ 491.885698][T14087] do_syscall_64+0xcd/0xf80 [ 491.885722][T14087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.885737][T14087] RIP: 0033:0x7fbf6bf8f7c9 [ 491.885749][T14087] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.885764][T14087] RSP: 002b:00007fbf6ceec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 491.885778][T14087] RAX: ffffffffffffffda RBX: 00007fbf6c1e5fa0 RCX: 00007fbf6bf8f7c9 [ 491.885788][T14087] RDX: 0000000000060400 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 491.885797][T14087] RBP: 00007fbf6c013f91 R08: 0000000000000000 R09: 0000000000000000 [ 491.885805][T14087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 491.885814][T14087] R13: 00007fbf6c1e6038 R14: 00007fbf6c1e5fa0 R15: 00007fff75180088 [ 491.885832][T14087] [ 494.998423][T14133] FAULT_INJECTION: forcing a failure. [ 494.998423][T14133] name failslab, interval 1, probability 0, space 0, times 0 [ 495.096047][T14133] CPU: 1 UID: 0 PID: 14133 Comm: syz.1.1946 Tainted: G L syzkaller #0 PREEMPT(full) [ 495.096076][T14133] Tainted: [L]=SOFTLOCKUP [ 495.096081][T14133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 495.096090][T14133] Call Trace: [ 495.096095][T14133] [ 495.096101][T14133] dump_stack_lvl+0x16c/0x1f0 [ 495.096129][T14133] should_fail_ex+0x512/0x640 [ 495.096146][T14133] ? kmem_cache_alloc_noprof+0x62/0x770 [ 495.096167][T14133] should_failslab+0xc2/0x120 [ 495.096190][T14133] kmem_cache_alloc_noprof+0x83/0x770 [ 495.096207][T14133] ? security_file_alloc+0x34/0x2b0 [ 495.096229][T14133] ? security_file_alloc+0x34/0x2b0 [ 495.096246][T14133] security_file_alloc+0x34/0x2b0 [ 495.096265][T14133] init_file+0x93/0x4c0 [ 495.096280][T14133] alloc_empty_file+0x73/0x1e0 [ 495.096297][T14133] path_openat+0xde/0x3140 [ 495.096317][T14133] ? do_syscall_64+0xcd/0xf80 [ 495.096338][T14133] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.096358][T14133] ? __pfx_path_openat+0x10/0x10 [ 495.096386][T14133] do_filp_open+0x20b/0x470 [ 495.096408][T14133] ? __pfx_do_filp_open+0x10/0x10 [ 495.096443][T14133] ? alloc_fd+0x471/0x7d0 [ 495.096469][T14133] do_sys_openat2+0x121/0x290 [ 495.096485][T14133] ? __pfx_do_sys_openat2+0x10/0x10 [ 495.096502][T14133] ? find_held_lock+0x2b/0x80 [ 495.096526][T14133] __x64_sys_openat+0x174/0x210 [ 495.096543][T14133] ? __pfx___x64_sys_openat+0x10/0x10 [ 495.096567][T14133] do_syscall_64+0xcd/0xf80 [ 495.096590][T14133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 495.096604][T14133] RIP: 0033:0x7fbf6bf8f7c9 [ 495.096617][T14133] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 495.096631][T14133] RSP: 002b:00007fbf6cecb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 495.096646][T14133] RAX: ffffffffffffffda RBX: 00007fbf6c1e6090 RCX: 00007fbf6bf8f7c9 [ 495.096663][T14133] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 495.096673][T14133] RBP: 00007fbf6c013f91 R08: 0000000000000000 R09: 0000000000000000 [ 495.096682][T14133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 495.096691][T14133] R13: 00007fbf6c1e6128 R14: 00007fbf6c1e6090 R15: 00007fff75180088 [ 495.096711][T14133] [ 495.953669][T14142] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1950'. [ 496.430714][T14156] futex_wake_op: syz.3.1954 tries to shift op by -2048; fix this program [ 496.480963][T14155] futex_wake_op: syz.3.1954 tries to shift op by -2048; fix this program [ 496.542820][T14156] futex_wake_op: syz.3.1954 tries to shift op by -2048; fix this program [ 496.584438][T14155] futex_wake_op: syz.3.1954 tries to shift op by -2048; fix this program [ 496.961878][T14171] netlink: 322 bytes leftover after parsing attributes in process `syz.3.1956'. [ 497.187935][T14174] Invalid ELF header magic: != ELF [ 497.487380][T14185] FAULT_INJECTION: forcing a failure. [ 497.487380][T14185] name failslab, interval 1, probability 0, space 0, times 0 [ 497.577452][T14185] CPU: 1 UID: 0 PID: 14185 Comm: syz.1.1958 Tainted: G L syzkaller #0 PREEMPT(full) [ 497.577479][T14185] Tainted: [L]=SOFTLOCKUP [ 497.577484][T14185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 497.577493][T14185] Call Trace: [ 497.577499][T14185] [ 497.577505][T14185] dump_stack_lvl+0x16c/0x1f0 [ 497.577533][T14185] should_fail_ex+0x512/0x640 [ 497.577549][T14185] ? __kmalloc_noprof+0xca/0x910 [ 497.577568][T14185] should_failslab+0xc2/0x120 [ 497.577590][T14185] __kmalloc_noprof+0xeb/0x910 [ 497.577606][T14185] ? lsm_blob_alloc+0x68/0x90 [ 497.577630][T14185] ? lsm_blob_alloc+0x68/0x90 [ 497.577659][T14185] lsm_blob_alloc+0x68/0x90 [ 497.577680][T14185] security_prepare_creds+0x2f/0x270 [ 497.577702][T14185] prepare_creds+0x5d6/0x940 [ 497.577721][T14185] copy_creds+0xa7/0xa50 [ 497.577740][T14185] copy_process+0x130f/0x7430 [ 497.577761][T14185] ? preempt_schedule_thunk+0x16/0x30 [ 497.577779][T14185] ? try_to_wake_up+0xa67/0x1860 [ 497.577800][T14185] ? __pfx_copy_process+0x10/0x10 [ 497.577821][T14185] ? find_held_lock+0x2b/0x80 [ 497.577843][T14185] ? futex_private_hash_put+0x160/0x1b0 [ 497.577868][T14185] kernel_clone+0xfc/0x910 [ 497.577890][T14185] ? __pfx_futex_wake+0x10/0x10 [ 497.577910][T14185] ? __pfx_kernel_clone+0x10/0x10 [ 497.577943][T14185] __do_sys_clone+0xce/0x120 [ 497.577964][T14185] ? __pfx___do_sys_clone+0x10/0x10 [ 497.577985][T14185] ? blkcg_maybe_throttle_current+0x650/0xf30 [ 497.578004][T14185] ? _raw_spin_unlock_irq+0x23/0x50 [ 497.578032][T14185] ? xfd_validate_state+0x61/0x180 [ 497.578051][T14185] do_syscall_64+0xcd/0xf80 [ 497.578075][T14185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.578090][T14185] RIP: 0033:0x7fbf6bf8f7c9 [ 497.578103][T14185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 497.578117][T14185] RSP: 002b:00007fbf6cecb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 497.578136][T14185] RAX: ffffffffffffffda RBX: 00007fbf6c1e6090 RCX: 00007fbf6bf8f7c9 [ 497.578146][T14185] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 497.578155][T14185] RBP: 00007fbf6c013f91 R08: 0000000000000002 R09: 0000000000000000 [ 497.578171][T14185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 497.578180][T14185] R13: 00007fbf6c1e6128 R14: 00007fbf6c1e6090 R15: 00007fff75180088 [ 497.578200][T14185] [ 498.388998][T14191] Invalid ELF header magic: != ELF [ 499.504706][T14216] virtio-pci 0000:00:04.0: [Firmware Bug]: Overriding NUMA node to 0. Contact your vendor for updates. [ 500.017217][T14235] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1969'. [ 501.840703][T14275] usbcore.quirks: string doesn't fit in 127 chars. [ 502.114256][T14281] tipc: Withdrawal distribution failure [ 502.160404][T14286] netlink: 346 bytes leftover after parsing attributes in process `syz.1.1984'. [ 502.898297][T14304] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1987'. [ 503.022171][T14304] Invalid ELF header magic: != ELF [ 503.139339][T14302] FAULT_INJECTION: forcing a failure. [ 503.139339][T14302] name fail_futex, interval 1, probability 0, space 0, times 0 [ 503.285333][T14302] CPU: 1 UID: 0 PID: 14302 Comm: syz.4.1986 Tainted: G I L syzkaller #0 PREEMPT(full) [ 503.285366][T14302] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 503.285373][T14302] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 503.285382][T14302] Call Trace: [ 503.285388][T14302] [ 503.285394][T14302] dump_stack_lvl+0x16c/0x1f0 [ 503.285421][T14302] should_fail_ex+0x512/0x640 [ 503.285441][T14302] get_futex_key+0x1d0/0x15f0 [ 503.285459][T14302] ? __pfx_get_futex_key+0x10/0x10 [ 503.285477][T14302] ? import_iovec+0x86/0xb0 [ 503.285497][T14302] futex_wake+0xea/0x530 [ 503.285517][T14302] ? __lock_acquire+0x436/0x2890 [ 503.285530][T14302] ? __pfx_futex_wake+0x10/0x10 [ 503.285549][T14302] ? __pfx_vfs_writev+0x10/0x10 [ 503.285576][T14302] do_futex+0x1e3/0x350 [ 503.285592][T14302] ? __pfx_do_futex+0x10/0x10 [ 503.285613][T14302] __x64_sys_futex+0x1e0/0x4c0 [ 503.285630][T14302] ? fput+0x70/0xf0 [ 503.285643][T14302] ? __pfx___x64_sys_futex+0x10/0x10 [ 503.285660][T14302] ? __pfx_do_writev+0x10/0x10 [ 503.285684][T14302] do_syscall_64+0xcd/0xf80 [ 503.285708][T14302] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.285723][T14302] RIP: 0033:0x7f582138f7c9 [ 503.285735][T14302] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.285749][T14302] RSP: 002b:00007f58222110e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 503.285763][T14302] RAX: ffffffffffffffda RBX: 00007f58215e5fa8 RCX: 00007f582138f7c9 [ 503.285773][T14302] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f58215e5fac [ 503.285781][T14302] RBP: 00007f58215e5fa0 R08: 00007f5822212000 R09: 0000000000000000 [ 503.285790][T14302] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 503.285799][T14302] R13: 00007f58215e6038 R14: 00007fff9eba9930 R15: 00007fff9eba9a18 [ 503.285818][T14302] [ 503.962877][T14317] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1990'. [ 504.014280][T14320] ovs_: entered promiscuous mode [ 504.182190][T14323] vivid-007: ================= START STATUS ================= [ 504.271610][T14323] vivid-007: Generate PTS: true [ 504.359415][T14323] vivid-007: Generate SCR: true [ 504.420704][T14323] tpg source WxH: 320x240 (Y'CbCr) [ 504.492602][T14323] tpg field: 1 [ 504.539248][T14323] tpg crop: (0,0)/320x240 [ 504.633872][T14323] tpg compose: (0,0)/320x240 [ 504.692319][T14323] tpg colorspace: 8 [ 504.779148][T14323] tpg transfer function: 0/0 [ 504.897829][T14323] tpg Y'CbCr encoding: 0/0 [ 504.902262][T14323] tpg quantization: 0/0 [ 505.076072][T14323] tpg RGB range: 0/2 [ 505.079986][T14323] vivid-007: ================== END STATUS ================== [ 505.305584][T14335] bridge0: port 3(batadv0) entered blocking state [ 505.345614][T14335] bridge0: port 3(batadv0) entered disabled state [ 505.352188][T14335] batadv0: entered allmulticast mode [ 505.466672][T14335] batadv0: entered promiscuous mode [ 505.526734][T14335] bridge0: port 3(batadv0) entered blocking state [ 505.533272][T14335] bridge0: port 3(batadv0) entered forwarding state [ 505.766311][ T36] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 505.775886][ T36] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 506.201243][T14366] FAULT_INJECTION: forcing a failure. [ 506.201243][T14366] name failslab, interval 1, probability 0, space 0, times 0 [ 506.265605][T14366] CPU: 1 UID: 0 PID: 14366 Comm: syz.1.1998 Tainted: G I L syzkaller #0 PREEMPT(full) [ 506.265633][T14366] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 506.265642][T14366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 506.265650][T14366] Call Trace: [ 506.265656][T14366] [ 506.265661][T14366] dump_stack_lvl+0x16c/0x1f0 [ 506.265688][T14366] should_fail_ex+0x512/0x640 [ 506.265708][T14366] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 506.265729][T14366] should_failslab+0xc2/0x120 [ 506.265750][T14366] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 506.265767][T14366] ? __lock_acquire+0x436/0x2890 [ 506.265782][T14366] ? shmem_alloc_inode+0x25/0x50 [ 506.265805][T14366] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 506.265824][T14366] ? shmem_alloc_inode+0x25/0x50 [ 506.265842][T14366] shmem_alloc_inode+0x25/0x50 [ 506.265861][T14366] alloc_inode+0x64/0x240 [ 506.265877][T14366] new_inode+0x22/0x1c0 [ 506.265894][T14366] shmem_get_inode+0x19a/0xfb0 [ 506.265920][T14366] shmem_tmpfile+0x58/0x180 [ 506.265941][T14366] vfs_tmpfile+0x2be/0x9b0 [ 506.265968][T14366] path_openat+0x1936/0x3140 [ 506.265994][T14366] ? do_syscall_64+0xcd/0xf80 [ 506.266015][T14366] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.266035][T14366] ? __pfx_path_openat+0x10/0x10 [ 506.266059][T14366] ? __lock_acquire+0x436/0x2890 [ 506.266074][T14366] do_filp_open+0x20b/0x470 [ 506.266096][T14366] ? __pfx_do_filp_open+0x10/0x10 [ 506.266129][T14366] ? _raw_spin_unlock+0x28/0x50 [ 506.266148][T14366] ? alloc_fd+0x471/0x7d0 [ 506.266174][T14366] do_sys_openat2+0x121/0x290 [ 506.266190][T14366] ? __pfx_do_sys_openat2+0x10/0x10 [ 506.266206][T14366] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 506.266233][T14366] __x64_sys_open+0x153/0x1e0 [ 506.266249][T14366] ? __pfx___x64_sys_open+0x10/0x10 [ 506.266269][T14366] ? rcu_is_watching+0x12/0xc0 [ 506.266291][T14366] do_syscall_64+0xcd/0xf80 [ 506.266318][T14366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.266333][T14366] RIP: 0033:0x7fbf6bf8f7c9 [ 506.266344][T14366] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 506.266358][T14366] RSP: 002b:00007fbf6ceec038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 506.266372][T14366] RAX: ffffffffffffffda RBX: 00007fbf6c1e5fa0 RCX: 00007fbf6bf8f7c9 [ 506.266382][T14366] RDX: 0000000000000408 RSI: 0000000000591002 RDI: 0000200000000100 [ 506.266391][T14366] RBP: 00007fbf6c013f91 R08: 0000000000000000 R09: 0000000000000000 [ 506.266400][T14366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 506.266408][T14366] R13: 00007fbf6c1e6038 R14: 00007fbf6c1e5fa0 R15: 00007fff75180088 [ 506.266428][T14366] [ 506.678966][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.685271][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 509.615693][T14420] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 510.192528][T14435] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2012'. [ 510.598514][T14447] ICMPv6: process `syz.1.2015' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 510.696910][ T30] audit: type=1804 audit(39004.404:14): pid=14447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2015" name=2F6E6577726F6F742F3439372F22050820 dev="tmpfs" ino=2624 res=1 errno=0 [ 510.817063][ T30] audit: type=1800 audit(39004.424:15): pid=14447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2015" name=22050820 dev="tmpfs" ino=2624 res=0 errno=0 [ 511.744568][T14472] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2021'. [ 511.965661][ T30] audit: type=1800 audit(39005.654:16): pid=14474 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2022" name="sr0" dev="devtmpfs" ino=2918 res=0 errno=0 [ 513.130997][T14507] FAULT_INJECTION: forcing a failure. [ 513.130997][T14507] name failslab, interval 1, probability 0, space 0, times 0 [ 513.216933][T14507] CPU: 1 UID: 0 PID: 14507 Comm: syz.1.2030 Tainted: G I L syzkaller #0 PREEMPT(full) [ 513.216962][T14507] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 513.216968][T14507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 513.216978][T14507] Call Trace: [ 513.216983][T14507] [ 513.216990][T14507] dump_stack_lvl+0x16c/0x1f0 [ 513.217018][T14507] should_fail_ex+0x512/0x640 [ 513.217035][T14507] ? __kmalloc_cache_noprof+0x5f/0x800 [ 513.217054][T14507] should_failslab+0xc2/0x120 [ 513.217077][T14507] __kmalloc_cache_noprof+0x80/0x800 [ 513.217094][T14507] ? pty_common_install+0x10e/0xb30 [ 513.217116][T14507] ? pty_common_install+0x10e/0xb30 [ 513.217132][T14507] pty_common_install+0x10e/0xb30 [ 513.217149][T14507] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 513.217175][T14507] ? __pfx_pty_unix98_install+0x10/0x10 [ 513.217194][T14507] tty_init_dev.part.0+0x9c/0x500 [ 513.217218][T14507] tty_init_dev+0x60/0x80 [ 513.217240][T14507] ptmx_open+0x15e/0x3c0 [ 513.217257][T14507] ? __pfx_ptmx_open+0x10/0x10 [ 513.217273][T14507] chrdev_open+0x234/0x6a0 [ 513.217295][T14507] ? __pfx_apparmor_file_open+0x10/0x10 [ 513.217310][T14507] ? __pfx_chrdev_open+0x10/0x10 [ 513.217334][T14507] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 513.217361][T14507] do_dentry_open+0x748/0x1590 [ 513.217382][T14507] ? __pfx_chrdev_open+0x10/0x10 [ 513.217409][T14507] vfs_open+0x82/0x3f0 [ 513.217426][T14507] path_openat+0x2078/0x3140 [ 513.217454][T14507] ? __pfx_path_openat+0x10/0x10 [ 513.217483][T14507] do_filp_open+0x20b/0x470 [ 513.217505][T14507] ? __pfx_do_filp_open+0x10/0x10 [ 513.217540][T14507] ? alloc_fd+0x471/0x7d0 [ 513.217567][T14507] do_sys_openat2+0x121/0x290 [ 513.217583][T14507] ? __pfx_do_sys_openat2+0x10/0x10 [ 513.217600][T14507] ? find_held_lock+0x2b/0x80 [ 513.217624][T14507] __x64_sys_openat+0x174/0x210 [ 513.217641][T14507] ? __pfx___x64_sys_openat+0x10/0x10 [ 513.217665][T14507] do_syscall_64+0xcd/0xf80 [ 513.217688][T14507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.217704][T14507] RIP: 0033:0x7fbf6bf8f7c9 [ 513.217718][T14507] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 513.217733][T14507] RSP: 002b:00007fbf6cecb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 513.217748][T14507] RAX: ffffffffffffffda RBX: 00007fbf6c1e6090 RCX: 00007fbf6bf8f7c9 [ 513.217758][T14507] RDX: 0000000000848c80 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 513.217767][T14507] RBP: 00007fbf6c013f91 R08: 0000000000000000 R09: 0000000000000000 [ 513.217776][T14507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.217784][T14507] R13: 00007fbf6c1e6128 R14: 00007fbf6c1e6090 R15: 00007fff75180088 [ 513.217804][T14507] [ 514.036409][T14512] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2031'. [ 515.116238][T14517] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 516.009258][T14552] FAULT_INJECTION: forcing a failure. [ 516.009258][T14552] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 516.101597][T14552] CPU: 1 UID: 0 PID: 14552 Comm: syz.1.2040 Tainted: G I L syzkaller #0 PREEMPT(full) [ 516.101625][T14552] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 516.101632][T14552] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 516.101641][T14552] Call Trace: [ 516.101647][T14552] [ 516.101653][T14552] dump_stack_lvl+0x16c/0x1f0 [ 516.101680][T14552] should_fail_ex+0x512/0x640 [ 516.101701][T14552] should_fail_alloc_page+0xe7/0x130 [ 516.101725][T14552] prepare_alloc_pages+0x401/0x670 [ 516.101748][T14552] ? rcu_is_watching+0x12/0xc0 [ 516.101771][T14552] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 516.101793][T14552] ? kasan_save_stack+0x42/0x60 [ 516.101818][T14552] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 516.101837][T14552] ? __lock_acquire+0x436/0x2890 [ 516.101856][T14552] ? __lock_acquire+0x436/0x2890 [ 516.101871][T14552] ? __lock_acquire+0x436/0x2890 [ 516.101884][T14552] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 516.101907][T14552] ? policy_nodemask+0xea/0x4e0 [ 516.101931][T14552] alloc_pages_mpol+0x1fb/0x550 [ 516.101953][T14552] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 516.101980][T14552] folio_alloc_mpol_noprof+0x36/0x2f0 [ 516.101996][T14552] vma_alloc_folio_noprof+0xed/0x1e0 [ 516.102011][T14552] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 516.102031][T14552] do_anonymous_page+0xc81/0x2190 [ 516.102054][T14552] __handle_mm_fault+0x1ecf/0x2bb0 [ 516.102074][T14552] ? __pfx___handle_mm_fault+0x10/0x10 [ 516.102090][T14552] ? __pte_offset_map_lock+0x174/0x310 [ 516.102112][T14552] ? find_held_lock+0x2b/0x80 [ 516.102136][T14552] ? follow_page_pte+0x5cf/0x1390 [ 516.102162][T14552] handle_mm_fault+0x3fe/0xad0 [ 516.102181][T14552] __get_user_pages+0x54e/0x3590 [ 516.102209][T14552] ? __pfx___get_user_pages+0x10/0x10 [ 516.102236][T14552] populate_vma_page_range+0x267/0x3f0 [ 516.102260][T14552] ? __pfx_populate_vma_page_range+0x10/0x10 [ 516.102282][T14552] ? __pfx_find_vma_intersection+0x10/0x10 [ 516.102304][T14552] ? do_mmap+0x69c/0x1210 [ 516.102327][T14552] __mm_populate+0x1d8/0x380 [ 516.102350][T14552] ? __pfx___mm_populate+0x10/0x10 [ 516.102382][T14552] ? up_write+0x282/0x4e0 [ 516.102400][T14552] vm_mmap_pgoff+0x37f/0x470 [ 516.102424][T14552] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 516.102448][T14552] ? __x64_sys_futex+0x1e0/0x4c0 [ 516.102464][T14552] ? __x64_sys_futex+0x1e9/0x4c0 [ 516.102483][T14552] ksys_mmap_pgoff+0x7d/0x5c0 [ 516.102503][T14552] ? xfd_validate_state+0x61/0x180 [ 516.102516][T14552] ? __pfx_do_writev+0x10/0x10 [ 516.102537][T14552] __x64_sys_mmap+0x125/0x190 [ 516.102554][T14552] do_syscall_64+0xcd/0xf80 [ 516.102581][T14552] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.102597][T14552] RIP: 0033:0x7fbf6bf8f7c9 [ 516.102610][T14552] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 516.102625][T14552] RSP: 002b:00007fbf6cecb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 516.102640][T14552] RAX: ffffffffffffffda RBX: 00007fbf6c1e6090 RCX: 00007fbf6bf8f7c9 [ 516.102649][T14552] RDX: 00000000000000df RSI: 0000000000040009 RDI: 0000000000000000 [ 516.102658][T14552] RBP: 00007fbf6c013f91 R08: 0000000000000007 R09: 0000000000028000 [ 516.102668][T14552] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 516.102676][T14552] R13: 00007fbf6c1e6128 R14: 00007fbf6c1e6090 R15: 00007fff75180088 [ 516.102697][T14552] [ 517.400979][T14557] Console: switching to colour frame buffer device 128x48 [ 519.204818][T14578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2047'. [ 519.707459][ T5842] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 521.065616][ T5964] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 521.073144][ T5964] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 521.925603][T14626] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2062'. [ 521.977483][T14626] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2062'. [ 522.050219][T14632] netlink: 'syz.3.2063': attribute type 11 has an invalid length. [ 522.661810][T14642] FAULT_INJECTION: forcing a failure. [ 522.661810][T14642] name failslab, interval 1, probability 0, space 0, times 0 [ 522.735454][T14642] CPU: 1 UID: 0 PID: 14642 Comm: syz.1.2066 Tainted: G I L syzkaller #0 PREEMPT(full) [ 522.735483][T14642] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 522.735490][T14642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 522.735499][T14642] Call Trace: [ 522.735505][T14642] [ 522.735512][T14642] dump_stack_lvl+0x16c/0x1f0 [ 522.735539][T14642] should_fail_ex+0x512/0x640 [ 522.735556][T14642] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 522.735577][T14642] should_failslab+0xc2/0x120 [ 522.735601][T14642] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 522.735618][T14642] ? __pfx___might_resched+0x10/0x10 [ 522.735639][T14642] ? sock_alloc_inode+0x25/0x1c0 [ 522.735663][T14642] ? __pfx_sock_alloc_inode+0x10/0x10 [ 522.735684][T14642] ? sock_alloc_inode+0x25/0x1c0 [ 522.735704][T14642] sock_alloc_inode+0x25/0x1c0 [ 522.735725][T14642] alloc_inode+0x64/0x240 [ 522.735742][T14642] sock_alloc+0x40/0x280 [ 522.735761][T14642] __sock_create+0xc2/0x8a0 [ 522.735786][T14642] __sys_socket+0x14d/0x260 [ 522.735801][T14642] ? __pfx___sys_socket+0x10/0x10 [ 522.735817][T14642] ? do_user_addr_fault+0x843/0x1370 [ 522.735839][T14642] __x64_sys_socket+0x72/0xb0 [ 522.735852][T14642] ? lockdep_hardirqs_on+0x7c/0x110 [ 522.735875][T14642] do_syscall_64+0xcd/0xf80 [ 522.735898][T14642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.735913][T14642] RIP: 0033:0x7fbf6bf916e7 [ 522.735926][T14642] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.735940][T14642] RSP: 002b:00007fbf6ceeafa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 522.735954][T14642] RAX: ffffffffffffffda RBX: 00007fbf6c1e5fa0 RCX: 00007fbf6bf916e7 [ 522.735964][T14642] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 522.735973][T14642] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 522.735981][T14642] R10: 0000200000001940 R11: 0000000000000286 R12: 0000000000000000 [ 522.735990][T14642] R13: 00007fbf6c1e6038 R14: 00007fbf6c1e5fa0 R15: 00007fff75180088 [ 522.736010][T14642] [ 522.736019][T14642] socket: no more sockets [ 523.714984][T14650] tipc: Started in network mode [ 523.720297][T14650] tipc: Node identity ffffffff, cluster identity 4711 [ 523.735020][T14650] tipc: Node number set to 4294967295 [ 524.261013][T14668] FAULT_INJECTION: forcing a failure. [ 524.261013][T14668] name failslab, interval 1, probability 0, space 0, times 0 [ 524.325619][T14668] CPU: 1 UID: 0 PID: 14668 Comm: syz.1.2075 Tainted: G I L syzkaller #0 PREEMPT(full) [ 524.325648][T14668] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 524.325655][T14668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 524.325663][T14668] Call Trace: [ 524.325668][T14668] [ 524.325675][T14668] dump_stack_lvl+0x16c/0x1f0 [ 524.325702][T14668] should_fail_ex+0x512/0x640 [ 524.325719][T14668] ? __kmalloc_cache_noprof+0x5f/0x800 [ 524.325738][T14668] should_failslab+0xc2/0x120 [ 524.325762][T14668] __kmalloc_cache_noprof+0x80/0x800 [ 524.325779][T14668] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 524.325804][T14668] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 524.325825][T14668] kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 524.325848][T14668] ? __pfx_kvm_vm_release+0x10/0x10 [ 524.325865][T14668] kvm_put_kvm+0xe3/0xb00 [ 524.325882][T14668] ? lockdep_hardirqs_on+0x7c/0x110 [ 524.325904][T14668] ? _raw_spin_unlock_irq+0x2e/0x50 [ 524.325926][T14668] ? __pfx_kvm_vm_release+0x10/0x10 [ 524.325943][T14668] kvm_vm_release+0x3c/0x50 [ 524.325961][T14668] __fput+0x402/0xb70 [ 524.325980][T14668] task_work_run+0x150/0x240 [ 524.325997][T14668] ? __pfx_task_work_run+0x10/0x10 [ 524.326011][T14668] ? __do_sys_close_range+0x278/0x730 [ 524.326039][T14668] exit_to_user_mode_loop+0xfb/0x540 [ 524.326059][T14668] do_syscall_64+0x4ee/0xf80 [ 524.326082][T14668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.326097][T14668] RIP: 0033:0x7fbf6bf8f7c9 [ 524.326110][T14668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 524.326124][T14668] RSP: 002b:00007fbf6ceec038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 524.326138][T14668] RAX: 0000000000000000 RBX: 00007fbf6c1e5fa0 RCX: 00007fbf6bf8f7c9 [ 524.326147][T14668] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 524.326156][T14668] RBP: 00007fbf6c013f91 R08: 0000000000000000 R09: 0000000000000000 [ 524.326164][T14668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 524.326172][T14668] R13: 00007fbf6c1e6038 R14: 00007fbf6c1e5fa0 R15: 00007fff75180088 [ 524.326191][T14668] [ 525.227062][T14677] FAULT_INJECTION: forcing a failure. [ 525.227062][T14677] name failslab, interval 1, probability 0, space 0, times 0 [ 525.356122][T14677] CPU: 1 UID: 0 PID: 14677 Comm: syz.4.2077 Tainted: G I L syzkaller #0 PREEMPT(full) [ 525.356150][T14677] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 525.356157][T14677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 525.356166][T14677] Call Trace: [ 525.356171][T14677] [ 525.356178][T14677] dump_stack_lvl+0x16c/0x1f0 [ 525.356206][T14677] should_fail_ex+0x512/0x640 [ 525.356225][T14677] ? __kmalloc_cache_noprof+0x5f/0x800 [ 525.356244][T14677] should_failslab+0xc2/0x120 [ 525.356268][T14677] __kmalloc_cache_noprof+0x80/0x800 [ 525.356287][T14677] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 525.356313][T14677] ? kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 525.356334][T14677] kvm_uevent_notify_change.part.0+0x2b2/0x450 [ 525.356357][T14677] ? __pfx_kvm_vm_release+0x10/0x10 [ 525.356375][T14677] kvm_put_kvm+0xe3/0xb00 [ 525.356394][T14677] ? lockdep_hardirqs_on+0x7c/0x110 [ 525.356417][T14677] ? _raw_spin_unlock_irq+0x2e/0x50 [ 525.356438][T14677] ? __pfx_kvm_vm_release+0x10/0x10 [ 525.356464][T14677] kvm_vm_release+0x3c/0x50 [ 525.356482][T14677] __fput+0x402/0xb70 [ 525.356503][T14677] task_work_run+0x150/0x240 [ 525.356520][T14677] ? __pfx_task_work_run+0x10/0x10 [ 525.356535][T14677] ? __do_sys_close_range+0x278/0x730 [ 525.356562][T14677] exit_to_user_mode_loop+0xfb/0x540 [ 525.356583][T14677] do_syscall_64+0x4ee/0xf80 [ 525.356606][T14677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 525.356621][T14677] RIP: 0033:0x7f582138f7c9 [ 525.356634][T14677] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 525.356649][T14677] RSP: 002b:00007f5822211038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 525.356663][T14677] RAX: 0000000000000000 RBX: 00007f58215e5fa0 RCX: 00007f582138f7c9 [ 525.356672][T14677] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 525.356681][T14677] RBP: 00007f5821413f91 R08: 0000000000000000 R09: 0000000000000000 [ 525.356689][T14677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 525.356697][T14677] R13: 00007f58215e6038 R14: 00007f58215e5fa0 R15: 00007fff9eba9a18 [ 525.356716][T14677] [ 525.845833][T14684] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2079'. [ 527.607176][T14721] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2088'. [ 527.994255][T14728] FAULT_INJECTION: forcing a failure. [ 527.994255][T14728] name failslab, interval 1, probability 0, space 0, times 0 [ 528.133676][T14728] CPU: 1 UID: 0 PID: 14728 Comm: syz.4.2089 Tainted: G I L syzkaller #0 PREEMPT(full) [ 528.133706][T14728] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 528.133713][T14728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 528.133722][T14728] Call Trace: [ 528.133727][T14728] [ 528.133734][T14728] dump_stack_lvl+0x16c/0x1f0 [ 528.133763][T14728] should_fail_ex+0x512/0x640 [ 528.133781][T14728] ? __kmalloc_cache_noprof+0x5f/0x800 [ 528.133800][T14728] should_failslab+0xc2/0x120 [ 528.133822][T14728] __kmalloc_cache_noprof+0x80/0x800 [ 528.133839][T14728] ? kobject_uevent_env+0x265/0x1920 [ 528.133859][T14728] ? kobject_uevent_env+0x265/0x1920 [ 528.133874][T14728] kobject_uevent_env+0x265/0x1920 [ 528.133890][T14728] ? __pfx_dev_uevent_name+0x10/0x10 [ 528.133905][T14728] ? __pfx_dentry_path_raw+0x10/0x10 [ 528.133922][T14728] ? kvm_uevent_notify_change.part.0+0x32d/0x450 [ 528.133949][T14728] kvm_uevent_notify_change.part.0+0x3ae/0x450 [ 528.133972][T14728] ? __pfx_kvm_vm_release+0x10/0x10 [ 528.133990][T14728] kvm_put_kvm+0xe3/0xb00 [ 528.134008][T14728] ? lockdep_hardirqs_on+0x7c/0x110 [ 528.134029][T14728] ? _raw_spin_unlock_irq+0x2e/0x50 [ 528.134051][T14728] ? __pfx_kvm_vm_release+0x10/0x10 [ 528.134069][T14728] kvm_vm_release+0x3c/0x50 [ 528.134086][T14728] __fput+0x402/0xb70 [ 528.134105][T14728] task_work_run+0x150/0x240 [ 528.134122][T14728] ? __pfx_task_work_run+0x10/0x10 [ 528.134136][T14728] ? __do_sys_close_range+0x278/0x730 [ 528.134164][T14728] exit_to_user_mode_loop+0xfb/0x540 [ 528.134185][T14728] do_syscall_64+0x4ee/0xf80 [ 528.134208][T14728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 528.134284][T14728] RIP: 0033:0x7f582138f7c9 [ 528.134298][T14728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 528.134314][T14728] RSP: 002b:00007f5822211038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 528.134328][T14728] RAX: 0000000000000000 RBX: 00007f58215e5fa0 RCX: 00007f582138f7c9 [ 528.134338][T14728] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 528.134347][T14728] RBP: 00007f5821413f91 R08: 0000000000000000 R09: 0000000000000000 [ 528.134357][T14728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 528.134366][T14728] R13: 00007f58215e6038 R14: 00007f58215e5fa0 R15: 00007fff9eba9a18 [ 528.134388][T14728] [ 528.985778][T14736] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 530.586257][T14768] netlink: 346 bytes leftover after parsing attributes in process `syz.4.2099'. [ 533.110735][T14805] snd_dummy snd_dummy.0: control 1:-5:4718600:1Յ:-2 is already present [ 533.926565][T14831] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2112'. [ 535.206608][T14857] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 535.795110][T14870] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2121'. [ 535.837066][T14870] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 535.890639][T14870] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2121'. [ 536.586314][T14885] FAULT_INJECTION: forcing a failure. [ 536.586314][T14885] name failslab, interval 1, probability 0, space 0, times 0 [ 536.687262][T14885] CPU: 1 UID: 0 PID: 14885 Comm: syz.1.2125 Tainted: G I L syzkaller #0 PREEMPT(full) [ 536.687290][T14885] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 536.687297][T14885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 536.687307][T14885] Call Trace: [ 536.687313][T14885] [ 536.687318][T14885] dump_stack_lvl+0x16c/0x1f0 [ 536.687358][T14885] should_fail_ex+0x512/0x640 [ 536.687376][T14885] ? __kmalloc_cache_noprof+0x5f/0x800 [ 536.687395][T14885] should_failslab+0xc2/0x120 [ 536.687418][T14885] __kmalloc_cache_noprof+0x80/0x800 [ 536.687435][T14885] ? kvm_uevent_notify_change.part.0+0x93/0x450 [ 536.687461][T14885] ? kvm_uevent_notify_change.part.0+0x93/0x450 [ 536.687482][T14885] kvm_uevent_notify_change.part.0+0x93/0x450 [ 536.687504][T14885] ? __pfx_kvm_vm_release+0x10/0x10 [ 536.687522][T14885] kvm_put_kvm+0xe3/0xb00 [ 536.687540][T14885] ? lockdep_hardirqs_on+0x7c/0x110 [ 536.687561][T14885] ? _raw_spin_unlock_irq+0x2e/0x50 [ 536.687583][T14885] ? __pfx_kvm_vm_release+0x10/0x10 [ 536.687601][T14885] kvm_vm_release+0x3c/0x50 [ 536.687618][T14885] __fput+0x402/0xb70 [ 536.687637][T14885] task_work_run+0x150/0x240 [ 536.687654][T14885] ? __pfx_task_work_run+0x10/0x10 [ 536.687668][T14885] ? __do_sys_close_range+0x278/0x730 [ 536.687696][T14885] exit_to_user_mode_loop+0xfb/0x540 [ 536.687716][T14885] do_syscall_64+0x4ee/0xf80 [ 536.687740][T14885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.687755][T14885] RIP: 0033:0x7fbf6bf8f7c9 [ 536.687767][T14885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 536.687782][T14885] RSP: 002b:00007fbf6ceec038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 536.687797][T14885] RAX: 0000000000000000 RBX: 00007fbf6c1e5fa0 RCX: 00007fbf6bf8f7c9 [ 536.687806][T14885] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000002 [ 536.687814][T14885] RBP: 00007fbf6c013f91 R08: 0000000000000000 R09: 0000000000000000 [ 536.687823][T14885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 536.687833][T14885] R13: 00007fbf6c1e6038 R14: 00007fbf6c1e5fa0 R15: 00007fff75180088 [ 536.687852][T14885] [ 537.590889][T14890] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2126'. [ 540.861432][ T7337] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 542.186793][T14947] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input16 [ 544.707577][T14982] netlink: 346 bytes leftover after parsing attributes in process `syz.3.2146'. [ 546.445011][T15027] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2158'. [ 548.341826][T15051] netlink: 206 bytes leftover after parsing attributes in process `syz.3.2163'. [ 549.162906][T15070] netlink: 346 bytes leftover after parsing attributes in process `syz.2.2168'. [ 550.561612][T15098] Invalid ELF header magic: != ELF [ 550.608244][T15096] random: crng reseeded on system resumption [ 552.253291][ T5842] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 552.262705][ T5842] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 552.273741][ T5842] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 552.281526][ T5842] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 552.289807][ T5842] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 552.437065][T15120] netlink: 346 bytes leftover after parsing attributes in process `syz.2.2179'. [ 552.693578][T15125] netlink: 146 bytes leftover after parsing attributes in process `syz.2.2180'. [ 553.853088][T15121] chnl_net:caif_netlink_parms(): no params data found [ 554.032033][ T5842] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19 [ 554.043058][ T5842] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 554.355493][ T5842] Bluetooth: hci5: command tx timeout [ 554.425513][T15121] bridge0: port 1(bridge_slave_0) entered blocking state [ 554.469529][T15121] bridge0: port 1(bridge_slave_0) entered disabled state [ 554.515832][T15121] bridge_slave_0: entered allmulticast mode [ 554.550143][T15121] bridge_slave_0: entered promiscuous mode [ 554.607777][T15121] bridge0: port 2(bridge_slave_1) entered blocking state [ 554.615005][T15121] bridge0: port 2(bridge_slave_1) entered disabled state [ 554.647526][T15121] bridge_slave_1: entered allmulticast mode [ 554.703310][T15121] bridge_slave_1: entered promiscuous mode [ 555.057644][T15121] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 555.136924][T15121] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 555.233715][T15153] netlink: 346 bytes leftover after parsing attributes in process `syz.4.2187'. [ 555.499162][T15121] team0: Port device team_slave_0 added [ 555.557990][T15121] team0: Port device team_slave_1 added [ 555.769616][T15121] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 555.806369][T15121] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 555.910917][T15121] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 556.030117][T15121] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 556.051289][T15121] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 556.190590][T15121] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 556.435631][ T5842] Bluetooth: hci5: command tx timeout [ 556.474797][ T30] audit: type=1800 audit(39050.174:17): pid=15158 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=67214 res=0 errno=0 [ 556.528401][T15121] hsr_slave_0: entered promiscuous mode [ 556.574437][T15121] hsr_slave_1: entered promiscuous mode [ 556.601101][T15121] debugfs: 'hsr0' already exists in 'hsr' [ 556.638777][T15121] Cannot create hsr debugfs directory [ 557.787712][T15121] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.249823][T15121] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.516906][ T5842] Bluetooth: hci5: command tx timeout [ 558.746759][T15121] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.052364][T15121] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.201614][T15206] netlink: 346 bytes leftover after parsing attributes in process `syz.1.2196'. [ 560.093329][T15121] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 560.238569][T15121] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 560.311406][T15121] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 560.336597][ T30] audit: type=1800 audit(39054.044:18): pid=15232 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2201" name="dbroot" dev="configfs" ino=67572 res=0 errno=0 [ 560.409570][T15121] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 560.595579][ T5842] Bluetooth: hci5: command tx timeout [ 560.822923][T15121] 8021q: adding VLAN 0 to HW filter on device bond0 [ 560.937026][T15121] 8021q: adding VLAN 0 to HW filter on device team0 [ 561.009342][ T3847] bridge0: port 1(bridge_slave_0) entered blocking state [ 561.016512][ T3847] bridge0: port 1(bridge_slave_0) entered forwarding state [ 561.131704][ T3847] bridge0: port 2(bridge_slave_1) entered blocking state [ 561.138867][ T3847] bridge0: port 2(bridge_slave_1) entered forwarding state [ 562.107658][T15121] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 562.396554][T15121] veth0_vlan: entered promiscuous mode [ 562.473681][T15121] veth1_vlan: entered promiscuous mode [ 562.694928][T15121] veth0_macvtap: entered promiscuous mode [ 562.772345][T15121] veth1_macvtap: entered promiscuous mode [ 562.884321][T15121] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 562.944428][T15121] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 563.171411][ T7543] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.404645][ T7543] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.465986][T15283] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 563.608673][ T7543] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.806936][ T7543] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 563.870719][ T6941] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 563.914696][ T6941] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 564.701755][ T76] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 564.765842][ T76] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 565.896221][ T5964] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 565.906143][ T5964] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 565.914925][ T5964] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 565.922722][ T5964] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 565.930274][ T5964] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 566.906853][T15344] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 567.000591][T15328] chnl_net:caif_netlink_parms(): no params data found [ 567.279401][ T7337] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.620419][ T7337] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 567.906926][ T7337] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.035940][ T5964] Bluetooth: hci3: command tx timeout [ 568.124626][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.131087][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.209975][ T7337] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 568.282850][T15328] bridge0: port 1(bridge_slave_0) entered blocking state [ 568.315558][T15328] bridge0: port 1(bridge_slave_0) entered disabled state [ 568.322787][T15328] bridge_slave_0: entered allmulticast mode [ 568.380733][T15328] bridge_slave_0: entered promiscuous mode [ 568.418811][T15328] bridge0: port 2(bridge_slave_1) entered blocking state [ 568.471468][T15328] bridge0: port 2(bridge_slave_1) entered disabled state [ 568.511346][T15328] bridge_slave_1: entered allmulticast mode [ 568.561300][T15328] bridge_slave_1: entered promiscuous mode [ 568.927296][T15365] FAULT_INJECTION: forcing a failure. [ 568.927296][T15365] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 568.945898][T15328] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 569.014067][T15328] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 569.029419][T15365] CPU: 1 UID: 0 PID: 15365 Comm: syz.3.2218 Tainted: G I L syzkaller #0 PREEMPT(full) [ 569.029450][T15365] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 569.029456][T15365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 569.029465][T15365] Call Trace: [ 569.029470][T15365] [ 569.029477][T15365] dump_stack_lvl+0x16c/0x1f0 [ 569.029505][T15365] should_fail_ex+0x512/0x640 [ 569.029525][T15365] _copy_to_iter+0x463/0x1710 [ 569.029545][T15365] ? __pfx__copy_to_iter+0x10/0x10 [ 569.029569][T15365] ? seq_read_iter+0x830/0x12d0 [ 569.029589][T15365] ? find_held_lock+0x2b/0x80 [ 569.029612][T15365] seq_read_iter+0xd02/0x12d0 [ 569.029639][T15365] seq_read+0x3a3/0x570 [ 569.029658][T15365] ? __pfx_seq_read+0x10/0x10 [ 569.029680][T15365] ? lock_acquire+0x179/0x330 [ 569.029702][T15365] full_proxy_read+0x131/0x1a0 [ 569.029722][T15365] ? __pfx_full_proxy_read+0x10/0x10 [ 569.029742][T15365] vfs_read+0x1e4/0xcf0 [ 569.029764][T15365] ? __pfx___mutex_lock+0x10/0x10 [ 569.029789][T15365] ? __pfx_vfs_read+0x10/0x10 [ 569.029814][T15365] ? __fget_files+0x20e/0x3c0 [ 569.029839][T15365] ksys_read+0x12a/0x250 [ 569.029859][T15365] ? __pfx_ksys_read+0x10/0x10 [ 569.029884][T15365] do_syscall_64+0xcd/0xf80 [ 569.029907][T15365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.029922][T15365] RIP: 0033:0x7f90c5b8f7c9 [ 569.029935][T15365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 569.029949][T15365] RSP: 002b:00007f90c6aaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 569.029963][T15365] RAX: ffffffffffffffda RBX: 00007f90c5de5fa0 RCX: 00007f90c5b8f7c9 [ 569.029973][T15365] RDX: 00000000000000d5 RSI: 00002000000016c0 RDI: 0000000000000003 [ 569.029981][T15365] RBP: 00007f90c5c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 569.029990][T15365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 569.029998][T15365] R13: 00007f90c5de6038 R14: 00007f90c5de5fa0 R15: 00007ffe34ff3c88 [ 569.030017][T15365] [ 569.698898][T15328] team0: Port device team_slave_0 added [ 569.761595][T15328] team0: Port device team_slave_1 added [ 569.870550][T15328] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 569.915435][T15328] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 570.041461][T15328] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 570.142843][ T5964] Bluetooth: hci3: command tx timeout [ 570.501876][T15328] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 570.510820][T15328] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 570.682996][T15328] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 570.743513][T15388] Console: switching to colour VGA+ 80x25 [ 570.763004][ T7337] bridge_slave_1: left allmulticast mode [ 570.763077][ T7337] bridge_slave_1: left promiscuous mode [ 570.764667][ T7337] bridge0: port 2(bridge_slave_1) entered disabled state [ 570.838084][ T7337] bridge_slave_0: left allmulticast mode [ 570.838107][ T7337] bridge_slave_0: left promiscuous mode [ 570.838251][ T7337] bridge0: port 1(bridge_slave_0) entered disabled state [ 571.149627][T15390] Console: switching to colour frame buffer device 128x48 [ 572.020346][ T7337] erspan0 (unregistering): left allmulticast mode [ 572.195546][ T5964] Bluetooth: hci3: command tx timeout [ 572.512209][ T7337] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 572.543689][ T7337] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 572.578986][ T7337] bond0 (unregistering): Released all slaves [ 572.596437][ T31] INFO: task syz.0.1648:12907 blocked for more than 143 seconds. [ 572.606720][ T31] Tainted: G I L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 572.625684][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 572.669905][ T31] task:syz.0.1648 state:D stack:26680 pid:12907 tgid:12901 ppid:5833 task_flags:0x400740 flags:0x00080002 [ 572.721295][ T31] Call Trace: [ 572.735452][ T31] [ 572.748188][ T31] ? __schedule+0x10b9/0x6150 [ 572.772288][ T31] __schedule+0x1139/0x6150 [ 572.795425][ T31] ? __lock_acquire+0x436/0x2890 [ 572.815913][ T31] ? vfs_coredump+0x39d/0x55e0 [ 572.840357][ T31] ? __pfx___schedule+0x10/0x10 [ 572.860938][ T31] ? find_held_lock+0x2b/0x80 [ 572.883007][ T31] ? schedule+0x2d7/0x3a0 [ 572.900942][ T31] schedule+0xe7/0x3a0 [ 572.918575][ T31] schedule_timeout+0x257/0x290 [ 572.974599][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 573.044923][ T31] ? rcu_is_watching+0x12/0xc0 [ 573.065393][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 573.070629][ T31] __wait_for_common+0x2fc/0x4e0 [ 573.117765][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 573.123231][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 573.162509][ T31] ? __pfx_try_to_wake_up+0x10/0x10 [ 573.185423][ T31] ? rcu_is_watching+0x12/0xc0 [ 573.190249][ T31] wait_for_completion_state+0x1c/0x40 [ 573.215396][ T31] vfs_coredump+0x848/0x55e0 [ 573.230856][ T31] ? __pfx_vfs_coredump+0x10/0x10 [ 573.255381][ T31] ? __lock_acquire+0x436/0x2890 [ 573.260353][ T31] ? __lock_acquire+0x436/0x2890 [ 573.284207][ T31] ? lock_acquire+0x179/0x330 [ 573.289194][ T31] ? lock_acquire+0x179/0x330 [ 573.293878][ T31] ? find_held_lock+0x2b/0x80 [ 573.305636][ T31] ? is_bpf_text_address+0x8a/0x1a0 [ 573.310880][ T31] ? bpf_ksym_find+0x124/0x1c0 [ 573.337119][ T31] ? arch_stack_walk+0xa6/0x100 [ 573.342007][ T31] ? stack_trace_save+0x8e/0xc0 [ 573.355603][ T31] ? __pfx_stack_trace_save+0x10/0x10 [ 573.360993][ T31] ? stack_depot_save_flags+0x29/0x9b0 [ 573.375603][ T31] ? __lock_acquire+0x436/0x2890 [ 573.380651][ T31] ? kasan_save_stack+0x42/0x60 [ 573.397245][ T31] ? proc_coredump_connector+0x2d1/0x4f0 [ 573.402902][ T31] ? __pfx_proc_coredump_connector+0x10/0x10 [ 573.424780][ T31] ? rcu_is_watching+0x12/0xc0 [ 573.430068][ T31] get_signal+0x22e1/0x26d0 [ 573.434578][ T31] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 573.455395][ T31] ? __pfx_get_signal+0x10/0x10 [ 573.460291][ T31] ? do_send_specific+0x15c/0x370 [ 573.465308][ T31] ? __pfx_do_send_specific+0x10/0x10 [ 573.501342][ T31] ? __task_pid_nr_ns+0x1f5/0x500 [ 573.519270][ T31] arch_do_signal_or_restart+0x8f/0x7a0 [ 573.524854][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 573.545406][ T31] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 573.551768][ T31] exit_to_user_mode_loop+0x8c/0x540 [ 573.572267][ T31] do_syscall_64+0x4ee/0xf80 [ 573.585594][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.592116][ T31] RIP: 0033:0x7f983938f7c9 [ 573.605614][ T31] RSP: 002b:00007f983a2cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 573.614041][ T31] RAX: 0000000000000000 RBX: 00007f98395e6180 RCX: 00007f983938f7c9 [ 573.635448][ T31] RDX: 0000000000000021 RSI: 000000000000058b RDI: 0000000000000588 [ 573.643446][ T31] RBP: 00007f9839413f91 R08: 0000000000000000 R09: 0000000000000000 [ 573.674632][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 573.693912][ T31] R13: 00007f98395e6218 R14: 00007f98395e6180 R15: 00007fff979667e8 [ 573.705378][ T31] [ 573.737413][ T31] [ 573.737413][ T31] Showing all locks held in the system: [ 573.745160][ T31] 1 lock held by khungtaskd/31: [ 573.832724][ T7337] HfR: left promiscuous mode [ 573.884236][ T31] #0: ffffffff8e3c9520 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 573.925427][ T31] 2 locks held by dhcpcd/5497: [ 573.930203][ T31] #0: ffffffff90118ea8 (vlan_ioctl_mutex){+.+.}-{4:4}, at: sock_ioctl+0x49c/0x6b0 [ 573.965787][ T31] #1: ffffffff901454a8 (rtnl_mutex){+.+.}-{4:4}, at: vlan_ioctl_handler+0xce/0xa70 [ 573.975236][ T31] 3 locks held by kworker/1:5/5897: [ 574.035446][ T31] #0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 [ 574.065414][ T31] #1: ffffc9000444fc90 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 [ 574.075098][ T31] #2: ffffffff8e3d4c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x284/0x3c0 [ 574.126296][ T31] 3 locks held by kworker/1:7/5919: [ 574.131525][ T31] #0: ffff88813ff55948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 [ 574.186471][ T31] #1: ffffc90004cffc90 ((work_completion)(&(&ovs_net->masks_rebalance)->work)){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 [ 574.216136][ T31] #2: ffffffff90677ca8 (ovs_mutex){+.+.}-{4:4}, at: ovs_dp_masks_rebalance+0x24/0xf0 [ 574.235976][ T31] 5 locks held by kworker/u8:30/7337: [ 574.241361][ T31] #0: ffff88801badf148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x128d/0x1b20 [ 574.265398][ T31] #1: ffffc9000b877c90 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x914/0x1b20 [ 574.275615][ T5964] Bluetooth: hci3: command tx timeout [ 574.288916][ T31] #2: ffffffff9012ecd0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x830 [ 574.308192][ T31] #3: ffffffff90677ca8 (ovs_mutex){+.+.}-{4:4}, at: ovs_exit_net+0xa3/0x9b0 [ 574.335963][ T31] #4: ffffffff901454a8 (rtnl_mutex){+.+.}-{4:4}, at: internal_dev_destroy+0x105/0x1c0 [ 574.355399][ T31] 1 lock held by syz.0.1648/12903: [ 574.360523][ T31] 2 locks held by getty/13361: [ 574.365267][ T31] #0: ffff8880314670a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 574.385085][ T31] #1: ffffc900036372f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x1510 [ 574.415408][ T31] 2 locks held by syz.4.2223/15389: [ 574.420621][ T31] #0: ffffffff9012ecd0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x333/0x7c0 [ 574.445936][ T31] #1: ffffffff901454a8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x1b/0x70 [ 574.465556][ T31] 2 locks held by syz.1.2226/15408: [ 574.470772][ T31] #0: ffffffff9012ecd0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x333/0x7c0 [ 574.495402][ T31] #1: ffffffff901454a8 (rtnl_mutex){+.+.}-{4:4}, at: register_nexthop_notifier+0x1b/0x70 [ 574.519439][ T31] 4 locks held by syz.3.2228/15420: [ 574.535570][ T31] #0: ffff888085ed8ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xc0 [ 574.545163][ T31] #1: ffff888085ed80c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3af/0x1260 [ 574.575427][ T31] #2: ffffffff903c2788 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x290 [ 574.598260][ T31] #3: ffff888027c3cb38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x760 [ 574.615518][ T31] 2 locks held by dhcpcd/15422: [ 574.620377][ T31] #0: ffff88802a35e260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf60 [ 574.645393][ T31] #1: ffffffff8e3d4c78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 574.692769][ T31] [ 574.695121][ T31] ============================================= [ 574.695121][ T31] [ 574.757875][ T7337] ovs_: left promiscuous mode [ 574.772532][ T31] NMI backtrace for cpu 1 [ 574.772551][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G I L syzkaller #0 PREEMPT(full) [ 574.772575][ T31] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 574.772582][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 574.772591][ T31] Call Trace: [ 574.772596][ T31] [ 574.772602][ T31] dump_stack_lvl+0x116/0x1f0 [ 574.772629][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 574.772647][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 574.772664][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 574.772683][ T31] sys_info+0x133/0x180 [ 574.772705][ T31] watchdog+0xe66/0x1180 [ 574.772730][ T31] ? rcu_is_watching+0x12/0xc0 [ 574.772751][ T31] ? __pfx_watchdog+0x10/0x10 [ 574.772771][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 574.772794][ T31] ? __kthread_parkme+0x19e/0x250 [ 574.772817][ T31] ? __pfx_watchdog+0x10/0x10 [ 574.772838][ T31] kthread+0x3c5/0x780 [ 574.772852][ T31] ? __pfx_kthread+0x10/0x10 [ 574.772867][ T31] ? rcu_is_watching+0x12/0xc0 [ 574.772887][ T31] ? __pfx_kthread+0x10/0x10 [ 574.772902][ T31] ret_from_fork+0x983/0xb10 [ 574.772917][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 574.772933][ T31] ? __switch_to+0x7af/0x10d0 [ 574.772952][ T31] ? __pfx_kthread+0x10/0x10 [ 574.772967][ T31] ret_from_fork_asm+0x1a/0x30 [ 574.772997][ T31] [ 575.262535][ T7337] ovs_: left promiscuous mode [ 575.545455][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 575.552348][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G I L syzkaller #0 PREEMPT(full) [ 575.563018][ T31] Tainted: [I]=FIRMWARE_WORKAROUND, [L]=SOFTLOCKUP [ 575.569501][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 575.579629][ T31] Call Trace: [ 575.582898][ T31] [ 575.585816][ T31] dump_stack_lvl+0x3d/0x1f0 [ 575.590428][ T31] vpanic+0x640/0x6f0 [ 575.594405][ T31] panic+0xca/0xd0 [ 575.598115][ T31] ? __pfx_panic+0x10/0x10 [ 575.602702][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 575.608684][ T31] ? nmi_trigger_cpumask_backtrace+0x1b1/0x300 [ 575.614863][ T31] ? nmi_trigger_cpumask_backtrace+0x2be/0x300 [ 575.621016][ T31] ? watchdog+0xe83/0x1180 [ 575.625475][ T31] ? watchdog+0xe76/0x1180 [ 575.630006][ T31] watchdog+0xe94/0x1180 [ 575.634268][ T31] ? rcu_is_watching+0x12/0xc0 [ 575.639060][ T31] ? __pfx_watchdog+0x10/0x10 [ 575.643733][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 575.648929][ T31] ? __kthread_parkme+0x19e/0x250 [ 575.653947][ T31] ? __pfx_watchdog+0x10/0x10 [ 575.658615][ T31] kthread+0x3c5/0x780 [ 575.662674][ T31] ? __pfx_kthread+0x10/0x10 [ 575.667248][ T31] ? rcu_is_watching+0x12/0xc0 [ 575.672003][ T31] ? __pfx_kthread+0x10/0x10 [ 575.676589][ T31] ret_from_fork+0x983/0xb10 [ 575.681229][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 575.686341][ T31] ? __switch_to+0x7af/0x10d0 [ 575.691009][ T31] ? __pfx_kthread+0x10/0x10 [ 575.695593][ T31] ret_from_fork_asm+0x1a/0x30 [ 575.700366][ T31] [ 575.703414][ T31] Kernel Offset: disabled [ 575.707726][ T31] Rebooting in 86400 seconds..