last executing test programs: 4m1.05840515s ago: executing program 3 (id=754): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x106) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x700) 4m0.748850124s ago: executing program 3 (id=756): shmget$auto(0x8, 0x10565, 0x7ff) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) openat$auto_hwsim_simulate_radar_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy6/hwsim/dfs_simulate_radar\x00', 0x41c840, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x200000000000, 0x40000000004, 0x4, 0x3, 0x100000000) 4m0.484672815s ago: executing program 3 (id=758): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = ioctl$auto_TUNGETVNETLE2(0xffffffffffffffff, 0x800454dd, &(0x7f0000000000)=0x1) setsockopt$auto_SO_ATTACH_BPF(r0, 0x1, 0x32, &(0x7f0000000040)='\x00', 0x6) socket(0x2, 0x1, 0x106) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4m0.210686263s ago: executing program 3 (id=759): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x106) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(0xffffffffffffffff, 0x7af, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x2c, 0x3, 0xff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m59.984086836s ago: executing program 3 (id=760): sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x2, &(0x7f0000000100)={0x0, 0x3}, 0x1, 0x0, 0x3, 0xab}, 0x80670}, 0x3f7ffffe, 0xd9) (async) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x2, &(0x7f0000000100)={0x0, 0x3}, 0x1, 0x0, 0x3, 0xab}, 0x80670}, 0x3f7ffffe, 0xd9) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) socket(0x1e, 0x4, 0x0) setsockopt$auto(r1, 0x10f, 0x88, 0x0, 0x14) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x80000000, 0x20001, 0x1, 0x7ffffbfffffffffe, r0, 0x7ffe) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0xa, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x218d81be7cf34a49, 0x1, 0x100009) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x14) (async) setsockopt$auto(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) mmap$auto(0xb3a, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0xb3a, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) pipe$auto(0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0x2000000000eb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) clock_nanosleep$auto(0x1, 0x200, 0x0, 0x0) (async) clock_nanosleep$auto(0x1, 0x200, 0x0, 0x0) io_getevents$auto(0x24, 0xffffffff, 0x4, 0x0, 0xfffffffffffffffd) (async) io_getevents$auto(0x24, 0xffffffff, 0x4, 0x0, 0xfffffffffffffffd) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) 3m59.582288521s ago: executing program 3 (id=762): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYRES8, @ANYRES16, @ANYBLOB="df250c0000000000000000"], 0x14}}, 0x24048004) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x82000, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/i8042/serio1/resolution\x00', 0x183902, 0x0) write$auto(r4, 0x0, 0x4) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002cbd7000fddbdf250200000008000300850000000800010002000000"], 0x24}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) 3m43.315868446s ago: executing program 32 (id=762): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYRES8, @ANYRES16, @ANYBLOB="df250c0000000000000000"], 0x14}}, 0x24048004) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x82000, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/platform/i8042/serio1/resolution\x00', 0x183902, 0x0) write$auto(r4, 0x0, 0x4) r5 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002cbd7000fddbdf250200000008000300850000000800010002000000"], 0x24}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x14, r5, 0x100, 0x70bd2d, 0x25dfdbfd, {}, ["", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) 3m42.321389906s ago: executing program 2 (id=790): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x28442, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/net/bond0/queues/tx-6/tx_timeout\x00', 0x2440, 0x0) read$auto(r0, 0x0, 0x20) write$auto(0x3, 0x0, 0x100082) 3m42.117600028s ago: executing program 2 (id=792): mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) set_mempolicy$auto(0x5, &(0x7f00000010c0)=0x80000001, 0x7) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ptmx\x00', 0x80502, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/fs/netfs/cookies\x00', 0xd00, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) getsockopt$auto(r1, 0x84, 0x6c, 0x0, &(0x7f0000000280)=0x1000c0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8000, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x8b, 0x7fc, 0x0, 0x0) mmap$auto(0x0, 0x8, 0x3, 0xa2fc, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0xd, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) fsconfig$auto_FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f0000000300)='\v\'\bn\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x1e7\xbb\xedO#\x14mC\x97\x06\xd9bZ\xddL\'\x03\x00\xff\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\xc6\xc0\x8b\xc0CL\"\x01\x0e#\xae\xa9i8W\xe5Iq\xf0\xcdr\xfa\xed<\x86[c4%\xa3\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6\b\xe5\xaaJ+\x02\x9b#\xa9\x9b\x17\x82\xd7\xee\xd1\xbf2\x03\x00\x00\x00\x00\x00\x00\x00B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\x00\x00\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\xb2\x1d\xb3\xef#\xcb}b\x90\xafR\xf5\x8cg\x95A\x89\x8d\x9a\xfcV\x9bm\xd4\x82\x7f9\x12\x98\x1c\x8e\x1f\xdc\xe5Y\x7f\xe8\xe1g%\xb8\xf9b!\xc8\xa0\xf7\x06\xbb\xdf\x1d\xfb\x00\x979\x8e\xd0AP\xbf\x1fM\x1fd~\xeeS^8v\x80\x1b\xb1I\xb1\xa4\x89\xc7\x9d\xf2P\x04\x99N{\x9a\xfa\xf3\xcb\xc3Bx\xb5\xb8*\xa0-\xda\x84\xc5S\xe2\xc6\x92/\xed\xc2\xceK\xad\x00\x00*)Hh\x8d\x06cQ\xf1\x9d\xad\r}\x15e\x18\x06\xe3\xd2\xe4Q', &(0x7f0000000280), 0x5) read$auto_udf_dir_operations_udfdecl(r2, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x18, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ptrace$auto(0xfffffffffffffff3, 0x0, 0x7, 0xfff) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_CREATE_VM(r3, 0x4048aecb, 0x0) 3m41.763142421s ago: executing program 2 (id=794): symlink$auto(&(0x7f00000020c0)='./file1\x00', &(0x7f0000000040)='./file0\x00') utime$auto(&(0x7f0000000000)='./file0\x00', 0x0) 3m41.430152618s ago: executing program 2 (id=795): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x106) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0xb000000) 3m40.799949332s ago: executing program 2 (id=798): fanotify_init$auto(0x5, 0x2000000000002) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4242, 0x0) fanotify_mark$auto(0x0, 0x1, 0x3a, r0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22200, 0x154) close_range$auto(0x2, 0x8, 0x0) 3m40.622067395s ago: executing program 2 (id=799): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) mmap$auto(0x0, 0x40000000001, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x1, 0x1, 0x106) io_uring_setup$auto(0x3, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x5411, 0x38) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x0, @multicast2}, 0x6b) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x13}}, 0x54) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) socket(0x2, 0x1, 0x0) 3m25.171617824s ago: executing program 33 (id=799): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) mmap$auto(0x0, 0x40000000001, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x1, 0x1, 0x106) io_uring_setup$auto(0x3, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x5411, 0x38) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x0, @multicast2}, 0x6b) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x13}}, 0x54) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) socket(0x2, 0x1, 0x0) 2m52.838752955s ago: executing program 1 (id=904): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x6, 0x8) setsockopt$auto_SO_DETACH_REUSEPORT_BPF(r0, 0x8, 0x44, &(0x7f0000000000)='\\%,v\x00', 0x1) getsockopt$auto(r0, 0x84, 0x3, 0x0, &(0x7f0000000040)=0x400) 2m51.810994786s ago: executing program 1 (id=906): r0 = open(&(0x7f0000000800)='./file0\x00', 0x442482, 0x154) prctl$auto(0x26, 0x1, 0x0, 0x1, 0x0) execveat$auto(r0, &(0x7f0000000040)='\x00', 0x0, 0x0, 0x11000) 2m51.503079483s ago: executing program 1 (id=908): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) clock_gettime$auto(0x1, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x16}}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) 2m50.587569427s ago: executing program 1 (id=909): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) r0 = open(&(0x7f00000001c0)='./file0\x00', 0x4242, 0x0) fanotify_mark$auto(0x0, 0x1, 0x3a, r0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22200, 0x154) close_range$auto(0x2, 0x8, 0x1f00) 2m50.352819023s ago: executing program 1 (id=912): bpf$auto_BPF_TOKEN_CREATE(0x24, &(0x7f0000000340)=@task_fd_query={0x0, 0xffffffffffffffff, 0xb3, 0x1, 0x5, 0x4, 0xffffffffffffffff, 0x7, 0xe}, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0xf1, 0x2, 0x8000) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) ioctl$auto_UBI_IOCATT(r0, 0x40186f40, &(0x7f0000000080)={0x80000000, 0x3, 0xa63e, 0x8, 0x0, 0x3}) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x5, 0xffffffffffffffff, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/net/rose15/address\x00', 0x0, 0x0) mincore$auto(0x1000, 0x8001, 0x0) ioctl$auto(0xc8, 0x400454cd, 0xfffffffffffffffe) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/v4l-subdev1\x00', 0xe0800, 0x0) ioctl$auto(r1, 0xc0205648, r1) 2m48.242391997s ago: executing program 1 (id=916): mmap$auto(0x0, 0x4, 0x4000000000dd, 0x10, 0xffffffffffffffff, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) r1 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r1, &(0x7f0000000700)='!dev_vhc&\x00', 0x9) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x5, 0x4000000000df, 0x4000eb1, 0x401, 0xfffffffffffffffa) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x10101, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = fcntl$getown(r2, 0x9) r4 = prctl$auto(0x37, 0x8, r3, 0x5, 0x7) flock$auto(r2, 0x2) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/tunl0/accept_ra_rtr_pref\x00', 0x470900, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x2, 0x40009, 0xdf, 0x9b72, 0x7, 0xffffffffffff81a7) socket(0x1d, 0x2, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) read$auto(0x3, 0x0, 0x10) write$auto(0x3, 0x0, 0xffd8) semctl$auto(0xa, 0x2, 0x12, 0xda) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0xfffffffe, 0x4c, 0x0, 0x7) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) r5 = socket(0x11, 0xa, 0x9) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000080), r4) bind$auto(r5, 0x0, 0x9) 2m32.853477894s ago: executing program 34 (id=916): mmap$auto(0x0, 0x4, 0x4000000000dd, 0x10, 0xffffffffffffffff, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) r1 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r1, &(0x7f0000000700)='!dev_vhc&\x00', 0x9) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x5, 0x4000000000df, 0x4000eb1, 0x401, 0xfffffffffffffffa) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x10101, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = fcntl$getown(r2, 0x9) r4 = prctl$auto(0x37, 0x8, r3, 0x5, 0x7) flock$auto(r2, 0x2) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/tunl0/accept_ra_rtr_pref\x00', 0x470900, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x2, 0x40009, 0xdf, 0x9b72, 0x7, 0xffffffffffff81a7) socket(0x1d, 0x2, 0x2) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) read$auto(0x3, 0x0, 0x10) write$auto(0x3, 0x0, 0xffd8) semctl$auto(0xa, 0x2, 0x12, 0xda) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0xfffffffe, 0x4c, 0x0, 0x7) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) r5 = socket(0x11, 0xa, 0x9) syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000080), r4) bind$auto(r5, 0x0, 0x9) 11.338920516s ago: executing program 4 (id=1342): r0 = prctl$auto(0x5, 0x80000000, 0x0, 0x78, 0x8) (async) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, 0x0, 0x40002, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mremap$auto(0x0, 0xffffffffffffffff, 0x3fd6, 0x3, 0x7fffffffb000) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x4000804) (async) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x10, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x40000000000f, 0x1000, 0xfffffffffffffffd, 0x7ffffffb, 0x9, 0xffffffff7ffffffc, 0x9, 0x7, 0x200000100103}) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) (async) r3 = prctl$auto(0x23, 0x200000000000009, 0x7fffffffefff, 0x0, 0x0) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/cmdline\x00', 0x60502, 0x0) read$auto_proc_pid_cmdline_ops_base(r3, &(0x7f00000002c0)=""/162, 0xa2) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/misc/rdma_cm/uevent\x00', 0x10b142, 0x0) (async) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) umount2$auto(&(0x7f0000000180)='/proc/bus/pci/00/01.3\x00', 0x1) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp6\x00', 0x0, 0x0) pread64$auto(r4, 0x0, 0x100000000008, 0x8000) (async) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/asound/card1/timer_source\x00', 0x400601, 0x0) preadv2$auto(r1, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0x800, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) (async) fsconfig$auto_JFFS2_COMPR_MODE_FORCEZLIB(r5, 0x77e237c7, &(0x7f0000000240)='@\x00', &(0x7f0000000280)="11ca59451c260b3f8e41d59654deb35b3f11ab259d23a1", 0x5) (async) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) (async) syz_clone(0x21000000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) shmdt$auto(0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/fs/cifs/smbd_receive_credit_max\x00', 0x149041, 0x0) getsockopt$auto_SO_REUSEADDR(r0, 0x8000, 0x2, &(0x7f0000000040)='^\x92[\x00', &(0x7f00000000c0)=0x6) (async) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/failslab/probability\x00', 0x22042, 0x0) (async) write$auto(0xffffffffffffffff, &(0x7f0000000100)='!}*[\\@:[\xd5\xe5\xc5/\xa5', 0xc) 11.226084949s ago: executing program 0 (id=1343): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0xfffffffb) shutdown$auto(0x200000003, 0x2) userfaultfd$auto(0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8000, 0x0) mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) capset$auto(0x0, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x6) mmap$auto(0x0, 0x2, 0x800000df, 0x9b72, 0xffffffffffffffff, 0x8000) adjtimex$auto(0x0) setsockopt$auto(0xffffffffffffffff, 0x1, 0xc, 0x0, 0x7fffffff) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe$auto(&(0x7f0000001480)=0xffffffffffffffff) read$auto_console_fops_tty_io(r0, &(0x7f00000001c0)=""/142, 0x8e) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x101181, 0x0) readv$auto(0x3, 0x0, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) io_submit$auto(0x9, 0xfffffffffffffffa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) 9.936725901s ago: executing program 4 (id=1345): madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) madvise$auto(0x0, 0x8000000000000000, 0x15) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r0 = socket(0x2, 0x1, 0x106) getsockopt$auto_SO_NOFCS(r0, 0x6, 0x2b, 0x0, 0x0) (async) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r2 = fcntl$auto(0xffffffffffffffff, 0xf, 0x2) (async) read$auto(r1, 0x0, 0x20) (async) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000180), r4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto_SO_WIFI_STATUS(r2, 0x4, 0x29, &(0x7f00000000c0)='HSR\x00', 0xe7a2) (async) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)={0x20, 0x0, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@ETHTOOL_A_COALESCE_HEADER={0x4}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8, 0x3, 0xfffffffa}]}, 0x20}, 0x1, 0x0, 0x0, 0x44845}, 0x0) (async) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r5 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 9.053897936s ago: executing program 4 (id=1346): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x68140, 0x0) ioctl$auto(r0, 0x5457, 0xd8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x9, 0x1000000000000009, 0x203, 0x15, 0xffffffffffffffff, 0x8000) socket(0x11, 0x80003, 0x1d12) mmap$auto(0x0, 0x42, 0x0, 0x17, 0x2, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x400000000000003, 0x29, 0xd3, 0x0, 0x567) fcntl$auto(0x3, 0x400, 0x9ec0000000000000) r1 = socket(0x2, 0x1, 0x0) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x6, 0x20000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(0x3, 0x0, 0x100082) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0xffffffffffffffff, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80000, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000180), 0x8c00, 0x0) read$auto(r2, 0x0, 0x800) write$auto(0xffffffffffffffff, 0x0, 0xfdef) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), r3) 8.353313266s ago: executing program 0 (id=1350): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) (async) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x4, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x4b7, 0x4, 0x15f4da0e, 0x8, 0xd, 0x100000000000000c, 0x8, 0x1, 0x4, 0x9, 0x2, 0x4000000000000d]}, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) (async) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) bind$auto(r0, &(0x7f0000000240)=@sco, 0xfffffffb) (async) bind$auto(r0, &(0x7f0000000240)=@sco, 0xfffffffb) r3 = socket(0x2, 0x1, 0x106) setsockopt$auto_SO_PEEK_OFF(r0, 0xfffffff2, 0x2a, &(0x7f0000000280)='}\'.^\x00', 0xc72) (async) setsockopt$auto_SO_PEEK_OFF(r0, 0xfffffff2, 0x2a, &(0x7f0000000280)='}\'.^\x00', 0xc72) setsockopt$auto(r3, 0x6, 0xd, 0x0, 0x0) r4 = openat$auto_deferred_devs_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0xe00, 0x0) read$auto(r4, 0x0, 0x4) getsockopt$auto_SO_RCVMARK(r2, 0x0, 0x4b, &(0x7f0000000000)='}\'.^\x00', &(0x7f00000000c0)=0x7) socket(0x2c, 0x1, 0x3) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x48000, 0x0) ioctl$auto_KVM_GET_MSR_INDEX_LIST(r5, 0xc004ae02, &(0x7f00000002c0)={0x80000000}) (async) ioctl$auto_KVM_GET_MSR_INDEX_LIST(r5, 0xc004ae02, &(0x7f00000002c0)={0x80000000}) mmap$auto(0x4, 0x2, 0x5, 0xeb1, r5, 0x0) (async) mmap$auto(0x4, 0x2, 0x5, 0xeb1, r5, 0x0) setsockopt$auto(0x3, 0x0, 0xa, 0x0, 0x10000) ioctl$auto_NS_GET_OWNER_UID(r1, 0xb704, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r6) bind$auto(r6, &(0x7f0000000040)=@sco, 0x6a) 8.093412896s ago: executing program 4 (id=1352): mmap$auto(0x4, 0x80000000020009, 0x4000000000df, 0x17, 0x401, 0x6) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@nfc={0x27, 0x0, 0x0, 0x4}, 0x6a) connect$auto(0x3, &(0x7f0000000200)=@nfc={0x27, 0x0, 0x0, 0x4}, 0x50) r1 = socketpair$auto(0x1, 0x6f, 0x8000000000000000, 0x0) recvmmsg$auto(r0, 0x0, 0x2000000e, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty1\x00', 0xa0000, 0x0) mmap$auto(0x98b, 0x1000, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000001380)={0xfffffffffffffffc}, 0x1, 0x0, 0x0, 0x1}, 0x20000820) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/vhci_hcd.1/usb11/11-0:1.0/usb11-port2/over_current_count\x00', 0x1000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/64, 0x40) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800bffd, 0x800c000}, 0x1) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) rt_sigsuspend$auto(0x0, 0x8) mmap$auto(0x0, 0xffff, 0x6, 0xeb1, r1, 0x8000) r3 = openat$auto_ptdump_curusr_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) r4 = bpf$auto_BPF_LINK_CREATE(0x1c, &(0x7f0000000100)=@query={@target_fd=r3, 0x4, 0x0, 0x3, 0x4, @count=0x8, 0x0, 0x80, 0x8000, 0x40, 0x2}, 0x2) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_HW_TIMESTAMP(r4, &(0x7f0000000480)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000440)={0x0}, 0x1, 0x0, 0x0, 0x20048000}, 0x0) read$auto_seq_oss_f_ops_seq_oss(r3, &(0x7f0000003dc0)=""/167, 0xa7) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x88, 0x9, 0x2, 0x1d2c, 0x2, 0x4, 0x2, 0x6, 0x9, 0x100000000000000c, 0x8, 0x100000004, 0xfc6, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x100) unshare$auto(0x40000080) mmap$auto(0xffffffffffffffff, 0x89, 0x8000000000000000, 0x9b7a, 0x7, 0x28000) 6.803483004s ago: executing program 0 (id=1356): socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x9, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103280, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) r0 = io_uring_setup$auto(0x14f, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x301800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/conf/bridge_slave_1/proxy_arp_pvlan\x00', 0x2000, 0x0) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/current_tracer\x00', 0x0, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) read$auto(r1, 0x0, 0x1ff) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000500)='/proc/sys/fs/xfs/stats_clear\x00', 0x1, 0x0) write$auto(r2, 0x0, 0x3) clone$auto(0x20003b42, 0x2, 0x0, 0x0, 0x4000002) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x84) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x80402, 0x0) ioctl$auto_SNDCTL_DSP_GETOPTR(r3, 0x800c5012, &(0x7f00000000c0)) getsockopt$auto_SO_PEERNAME(r3, 0x40, 0x1c, &(0x7f00000000c0)='^\x00', &(0x7f0000000240)=0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101840, 0x0) r4 = syz_genetlink_get_family_id$auto_nfc(&(0x7f0000000080), r0) sendmsg$auto_NFC_CMD_GET_SE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='t\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="000325bd7000fbdbdf251a000000a540af26cdedf3a42f"], 0x74}}, 0x40800) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) 6.060413622s ago: executing program 6 (id=1359): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x6, 0x20020000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x1, 0x106) setuid$auto(0xe) setsockopt$auto(r0, 0x6, 0xd, 0x0, 0x6) (async) setsockopt$auto(r0, 0x6, 0xd, 0x0, 0x6) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b30, 0x9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/slab/kmalloc-64/min_partial\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) (async) socket(0x2, 0x80002, 0x73) openat$auto_dfs_sched_itmt_fops_itmt(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/fail_futex/ignore-private\x00', 0x101202, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20004050}, 0x4000084) lstat$auto(0x0, &(0x7f0000000180)={0x5, 0x1f, 0x9, 0x62, 0x0, 0x0, 0x0, 0xffc, 0x2, 0x80000000400000a, 0xfffffffffffffffd, 0x9, 0x9, 0xffffffff80000000, 0x11, 0x20000000001, 0x7}) (async) lstat$auto(0x0, &(0x7f0000000180)={0x5, 0x1f, 0x9, 0x62, 0x0, 0x0, 0x0, 0xffc, 0x2, 0x80000000400000a, 0xfffffffffffffffd, 0x9, 0x9, 0xffffffff80000000, 0x11, 0x20000000001, 0x7}) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x5) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x5) 5.53265324s ago: executing program 0 (id=1361): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/cpu0/cache/index2/coherency_line_size\x00', 0x80880, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4105, 0x1009) r1 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x10a00, 0x0) write$auto(r1, &(0x7f0000000140)='\x00', 0xec) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0) ioctl$auto(r3, 0xc0305602, r2) mmap$auto(0x0, 0xe7a, 0x34f, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r5}, 0x6a) sendto$auto(r4, 0x0, 0x6fffff9, 0xfffffff8, &(0x7f0000000440)=@can={0x1d, r6, 0x3f}, 0x36) syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000040), r2) close_range$auto(0x0, 0x5, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/midiC2D2\x00', 0x2081, 0x0) r7 = openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0p\x00', 0x100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_LINK(r7, 0x40044160, 0x0) clone$auto(0x4, 0x8000000000000000, &(0x7f00000001c0)=0x1, &(0x7f00000002c0)=0xd9bb, 0x83) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/ieee80211/phy18/statistics/dot11RTSSuccessCount\x00', 0x181a80, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x400) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x29, 0x2, 0x0) r8 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r8, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xffffbff9, 0x10, 0x0) 4.870494606s ago: executing program 6 (id=1362): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) (async) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3f, 0x1, 0x0, 0x1, 0x4) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) (async) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) (async) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, 0x0) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) (async) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r3 = memfd_create$auto(&(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x6) setsockopt$auto(r3, 0x1, 0x4, 0x0, 0x9) 4.160734798s ago: executing program 5 (id=1364): unshare$auto(0x40000080) (async, rerun: 32) setrlimit$auto(0xb, 0x0) (rerun: 32) r0 = getpid() (async, rerun: 32) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) (rerun: 32) ioctl$auto(r1, 0x4b65, 0x1) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/devices/platform/dummy_hcd.0/usb1/devpath\x00', 0x20000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000540)=""/68, 0x44) (async, rerun: 64) rt_tgsigqueueinfo$auto(r0, 0x0, 0x21, 0x0) (async, rerun: 64) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) (async) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000400), 0x189d82, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0xc0000, 0x0) (async) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) (async, rerun: 32) writev$auto(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x80000000000007}, 0x9) (rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) r5 = socketcall$auto(0x4, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) (async) ioctl$auto(0x3, 0xae41, r5) (async) ioctl$auto_KVM_GET_MSRS(r4, 0x4040aea0, &(0x7f00000000c0)={0xdd}) (async, rerun: 64) ioctl$auto_KVM_CREATE_VM(r3, 0xae80, 0x0) (rerun: 64) r7 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r7, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async, rerun: 32) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) (async, rerun: 32) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000340)='/dev/sg1\x00', 0x84803, 0x0) 3.516471093s ago: executing program 0 (id=1365): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x3, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) r0 = socket(0xa, 0x1, 0x84) close_range$auto(0x2, 0x8000, 0x0) r1 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/block/nbd9/sched/write1_next_rq\x00', 0x169100, 0x0) pread64$auto(r1, 0x0, 0x7, 0x2ef7b428) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) getsockopt$auto(r0, 0x84, 0x81, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) sendmsg$auto_NL80211_CMD_FLUSH_PMKSA(r2, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x14c, r3, 0x4, 0x70bd28, 0x25dfdbfb, {}, [@NL80211_ATTR_LOCAL_STATE_CHANGE={0x4}, @NL80211_ATTR_TIMEOUT={0x8, 0x110, 0x2}, @NL80211_ATTR_PMKID={0xff, 0x55, "ee88a13346c1f95263940d6631b4ef313e897aef9b221ecd140193969a244f7413aefa693537ed26ffd45a41139b81c3ca2f1de98442c30ace01dcc78192e1d36c0973f0b017b2c3f3ae15d97ab9e64097f5b561a78cb575e103a1e57feefeb6d7f7608be5db310b24bf879d242165560548c0174e22c8bf1887fd57e77aa5b00c7bcc94bfc8bb0fb24c5287a5541fb10bb98a00a0785cb99effca911e9ed23aeb5e526595280d8c971230802937e023ac9fc4b5582abf1512ce52e71eb8076c6cbbb62e85dbccc841a849ed5d6cd673573ecefba227a14bb62c1b7bdad8f52f428da2b62b3fbd4e53ea8688a6fcf05b6d006c7f7bf9aa265c40c0"}, @NL80211_ATTR_P2P_OPPPS={0x5, 0xa3, 0x40}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x80}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x9}, @NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x80000000}, @NL80211_ATTR_BSS_SHORT_PREAMBLE={0x5, 0x1d, 0xac}]}, 0x14c}, 0x1, 0x0, 0x0, 0x1}, 0x800) open(&(0x7f0000000000)='./file0\x00', 0x4402, 0x99) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) close_range$auto(0x0, 0x5, 0x0) write$auto(0x6, 0x0, 0x100000001) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) get_mempolicy$auto(0x0, 0x0, 0x80, 0x1000, 0x2) 3.202243556s ago: executing program 6 (id=1366): r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x40102, 0x0) ioctl$auto_TUNSETFILTEREBPF(r0, 0x800454e1, &(0x7f0000000180)=0xd) socket(0x10, 0x2, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0x6, 0x8000) mmap$auto(0x0, 0x20009, 0xe, 0xeb1, 0x403, 0x8000) capset$auto(0x0, 0x0) sendmsg$auto_MACSEC_CMD_DEL_TXSA(0xffffffffffffffff, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16, @ANYBLOB="2bb22bbd7000fcdbfa2506"], 0x28}, 0x1, 0x0, 0x0, 0x20000050}, 0x40094) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0xa, 0x2, 0x0) r2 = socket(0x2, 0x3, 0x9) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0xa22c0, 0x155) r3 = socket(0x11, 0x80003, 0x3ff) setsockopt$auto(r3, 0x107, 0xf, 0x0, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x48080}, 0x4004) sendmmsg$auto(r2, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x3) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x13, 0x0, 0x25, 0x70bd25, 0x25dfdbfe, {}, [@CGROUPSTATS_CMD_ATTR_FD={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x400c9d0}, 0x4080) r5 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r5, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xffffffffffffff14, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r4], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x200440c0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(r5, &(0x7f0000000080)={{0x0, 0x8001c01, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x1}, 0x7}, 0x3d55, 0x0) 2.900463078s ago: executing program 6 (id=1367): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3a8453d3, 0x80, 0x8, 0x4, 0x1, 0x200, 0x8, 0x401, 0x2, 0x2, 0x2, 0xc28}, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r1, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x39) mmap$auto(0x0, 0x1, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) epoll_create$auto(0x5a) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x4cac03, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r3, &(0x7f0000000000)="c80d1b5d399b3f", 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd7\x00', 0x80000, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) prctl$auto(0x39, 0x1, 0x4, 0x5, 0x7) sendmsg$auto_NBD_CMD_CONNECT(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010025bd7000fddbdf2503000000040007800c00020005000000000000000800010007"], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x8880) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0", 0x848) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x202003, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) io_uring_register$auto(0x2, 0xe, 0x0, 0x20) mmap$auto(0x4066, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8005) io_uring_setup$auto(0x8008, 0x0) close_range$auto(0x2, 0x8, 0x0) clock_nanosleep$auto(0x2, 0x6, 0x0, 0x0) 1.774333408s ago: executing program 5 (id=1368): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001340)='/sys/module/l1oip/parameters/limit\x00', 0x80302, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r1, 0x104000000000010e, 0xb, 0x0, 0x400) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRESHEX=r0, @ANYBLOB="010a00"/14], 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ustat$auto(0x801, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) write$auto(r1, &(0x7f00000000c0)='\x00\xff\xe3\'B\xcd\xbe\xe8(z\x13\x06\xab\xef\xfa\x9f\x98\xb6\xf6\x84\x06\xc7\x9e\n\x93nG\xcc\x12\x8d\xd5\xa3\xd9\\\x04n\xd5\'x\'\x03^Y \x0e\xe0\xdfZ\x89\xae\x86|\x96\xc5\bi\x1a\x81`\x18\xd4\x98\xf6\b\x83\x8aX\x06\xb5\xc6v\'\xd5+\x19:\x02\'C\x9f\x91.E\xcb\x06\x02\x80.\xeb\xf9s\'h\xd1\xa4\x00\x99.3>\x14\x0e\xea\x9bu\xbf\x97\xae\xbc\x86\"\xefB?x$\x7fXW\xe7L\xc5\xee\xed\x8dp4M\xae\xdc\xcf\x8eI\xbd\xcek\v\x96{\xbb\x95', 0x3) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(r2, 0x7ab, 0x0) ioperm$auto(0x3, 0xe, 0x2000000000000149) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty46\x00', 0x101000, 0x0) ioctl$auto_TIOCMSET2(r3, 0x5418, &(0x7f00000001c0)="6ab1") io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) listen$auto(0x3, 0x83) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x7, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup/cpu.weight.nice\x00', 0x10b142, 0x0) write$auto(r4, 0x0, 0x3) 1.327264041s ago: executing program 5 (id=1369): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000a80), 0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0xe2e4c6) close_range$auto(0x2, 0xa, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/uapsd_queues\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x9, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8000, 0x0) r1 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'wg0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r3, r2, 0x8, 0x401, r1, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f0000000500)=@query={@target_ifindex=r3, 0x3, 0x2, 0xffffffff, 0x1, @prog_cnt=0x2, 0x0, 0x6, 0x7, 0x9, 0xcf}, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto(0x3, 0x0, 0x7) ioctl$auto(0xffffffffffffffff, 0x5, 0x38) r4 = fanotify_init$auto(0x26, 0x100001) socket(0x2, 0x801, 0x100) ioctl$auto_TUNGETVNETHDRSZ(r4, 0x800454d7, &(0x7f0000000180)=0x1) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@in={0x2, 0x3, @empty}, 0x6a) fsopen$auto(0x0, 0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:04.0/broken_parity_status\x00', 0xc3002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1b, 0x1efff, 0x1000008, 0x0) 1.116520379s ago: executing program 4 (id=1370): r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x20200, 0x0) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x14, 0x0, 0x221, 0x70bd2c, 0x25dfdbeb}, 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x9) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x2, 0x0) writev$auto(r2, &(0x7f00000000c0)={0x0, 0x7}, 0x2) write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb) r3 = prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_ON(0xc58f, 0x1, 0xffffffffffffffff, 0x5, 0x6) sendmsg$auto_VDPA_CMD_DEV_GET(r3, &(0x7f0000000040)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x840}, 0x4000) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000280)={{0x3, 0x10000, 0x0, 0x7, 0x4}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) 959.199501ms ago: executing program 6 (id=1371): openat$dir(0xffffffffffffff9c, &(0x7f00000004c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)\x00', 0x40140, 0x12d) rename$auto(&(0x7f00000003c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)', &(0x7f0000000000)=':-.\x00') r0 = getsockopt$auto(0xffffffffffffffff, 0x2, 0x7cc1bb3b, &(0x7f0000000100)='/o2Wb\'/m$\xf2\xc7lz\xddnv\n\x00b\x1fq\xa5\x9a\x99\x89\x1d\xf70\x00\xb0]M\"\xaai\xc5\xd2&xz\xbf\xb0\xd8\x10te%\xc8\x9f\xb18h\x0e\x02\xfa\x966\x91\n:\xb4\xd8\x95u;p+\xa2\xfb\xcd,PI\xe9T\x0fn9\xbb\xe0S\xf5\x82,1\x819qb~\xd0\xf6\xff\xf36\xf9\xcd;\xdf\xe9S(\xdbm\x06-@g\xb0CN\xce\xce\x1b\xca\xdc\xed\xfe(p\x04=s\xa6\x13K\x15\x14\x12\xb6%\xb2\x8f\x19\xaf\n\x95td\x87$\x16\xbc\xb0m(\x95\x13fDB\xa5\xa6\xff\xeb/\t\xb9\n[\xb1\xd5%\xedMU\xf8\xaf\xf3\xfb\x90v\a\xd6\xa1G\xf4\xe0\xab@o~\x83\xa6&I\xdb~\x93\xf7\xa9\x7f\x1f\xca\x96\xf8$\xd6\xc7\xa85\x05R\"\xca\x95;\xaf\xf3D\v\xb7^\xd7\x18$6\x02\xba\'\xa5\xad\xc8P&\xa2?\x87\x87Q\xd4\x05\xb0\x17bd\xac\x01\xb7\xac\x9a\x05\x84t\xe6', &(0x7f0000000200)=0x80000001) getdents$auto(r0, &(0x7f0000000580)={0x2, 0x7fffffffffffffff, 0x6, "37f22a05ab478f6781581085c4f99e079248279e2ef13e8776cf4cf707282cf0720467829ece281c46da71887d3bc36fa835abde4ede8a65fb3bc01a2b6d7319a91035330d40ee27b64775777ad69e4e8f75583d9f6e126aae71c75a37805371dbe76531aadbf86de1b2104b23a1ea9e786230ef0cd05963f8f16725d72295c2a760b36837f2941ec0b4"}, 0x0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000140)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r2, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="c79f25bd7000ffdbdf250ee4000008000300", @ANYRES32=r4, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x44) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'bridge0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'veth1_vlan\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'netdevsim0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r6, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r7, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@ETHTOOL_A_COALESCE_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}]}, @ETHTOOL_A_COALESCE_USE_CQE_MODE_RX={0x5, 0x19, 0x1}, @ETHTOOL_A_COALESCE_TX_USECS={0x8, 0x6, 0x9}]}, 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x800) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000000440)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000400)={&(0x7f0000000900)={0xac, r1, 0x20, 0x70bd26, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5358}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bridge_slave_1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7fff}]}, @ETHTOOL_A_DEBUG_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x5}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}]}, 0xac}, 0x1, 0x0, 0x0, 0x10}, 0x2000c000) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$auto_nfc(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_NFC_CMD_DEP_LINK_UP(r9, &(0x7f0000000340)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000d00)=ANY=[@ANYBLOB="28030000813f487d09e0553b827586be7e60bfee98ab39b9d5ce678c7b2b7d755cac5014c05912a884b565dace9620485d330ec88fb300adea865788d9eb57484ea24adc791fec96c0ecf2db7614a12d9c6bf59c85c342b7baa9c9f151cfc96f603ff57157949b4e246283065a7ab8b050c62c55610a518991f2fdcb8882175c5d41556c7f85d3a7cf8610b505327aadfb7bda628a0666f49d154b000c64db8d", @ANYRES16=r10, @ANYBLOB="01002bbd7000fddbdf2504000000140313800800830050ffffffe7019880b053909d71d92301c0407dee6b5083f8d4d28ac20519cda8c7a42b12535083e73dfbe4c69d3d2b0e871b503927adffec4c82fdd3b3caee08a7ff81eba0f28a5776c222709acd38d4682a03c8002b8066a92485ed3a85edb2211688de333a2a9bd621f8fce928e353d2e4f7cb0d1382b9aba021a036e1af762eca4215b96106e0b6ea2605e39c922380401212791b070547f882224825cac656d3e38247d22e8ea64ed3963b07295187078507b0798255635610ccd502f37efdc982a39fd24b3a65ac65520acee1b5aee4dd0cdcc2ba3b14919d4ad5e702a6086baec6486bf93a52f8eb3133ad599c763b5bf801f2a1fb874db2793db7db4904344761b06ca543f5cac8559765e485e1ebcdc685bb9d1877a8293e55518304001f800400e28004005d8004002180050053000000000004001980af003100ff48c2eab60b924649bbeb40132804acc06a855e372773d26766f124ae0a7b16565ea2a723a07625f16ca8e27092ecd7ef7ad416a883fbb77c95549bab89952b1792db6c52f3b40f1543654f2037592336a9ee74896a835520a5bda78671fdb51612a12c74ba08b4dbea180416efcb307d25bb91c39c615654590dbbe398cd798a1f01c90d4c17e8fe4dcf3bc62a521cf2cf1c0087d5b7e73f0255aeab7cdc87b720079bac2afb9009b68000001400a200fe880000000000000000000000000001918dc7eddcec426accd82d82a5bbd5d0d58c37db0531e5628a8efa164faaa9a08588351a8ddf558cefcf23675040981c553fbd1788a4aaff77fb1b1cfae202865d3bf7fbc07abb4414634c028f7cd498d99186db4afcdaebd5d1e5d8e33bef02ead5cb2ad0a6dc0d1e6a053e9a81f8da2004dfd712327f1b89d526e3bc551635b7e2f48f090213b803471c8950e077d612a1f9726c5e3d0d1826be8b504d1629c869622414b1b5ec7b792744139e0a1c69a5d3ba7e101e5e2a0824fcc38b974f642a128b20840f3958991b080f2e5556e295a4234c9c0e87d880c3c241b8801adc09a36ddbecc0c838563d99f047151ae2c12ec11f52f275c137962ebe8e65f23207425211559aee74c90aca"], 0x328}, 0x1, 0x0, 0x0, 0x4000080}, 0x8801) sendmsg$auto_NFC_CMD_ENABLE_SE(r2, &(0x7f0000000540)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x24, r10, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@NFC_ATTR_COMM_MODE={0x5, 0xa, 0x4}, @NFC_ATTR_DEVICE_POWERED={0x5, 0xc, 0xe7}]}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) acct$auto(&(0x7f0000000000)='/o2Wb\'/m$\xf2\xc7lz\xddnv\n\x00b\x1fq\xa5\x9a\x99\x89\x1d\xf70\x00\xb0]M\"\xaai\xc5\xd2&xz\xbf\xb0\xd8\x10te%\xc8\x9f\xb18h\x0e\x02\xfa\x966\x91\n:\xb4\xd8\x95u;p+\xa2\xfb\xcd,PI\xe9T\x0fn9\xbb\xe0S\xf5\x82,1\x819qb~\xd0\xf6\xff\xf36\xf9\xcd;\xdf\xe9S(\xdbm\x06-@g\xb0CN\xce\xce\x1b\xca\xdc\xed\xfe(p\x04=s\xa6\x13K\x15\x14\x12\xb6%\xb2\x8f\x19\xaf\n\x95td\x87$\x16\xbc\xb0m(\x95\x13fDB\xa5\xa6\xff\xeb/\t\xb9\n[\xb1\xd5%\xedMU\xf8\xaf\xf3\xfb\x90v\a\xd6\xa1G\xf4\xe0\xab@o~\x83\xa6&I\xdb~\x93\xf7\xa9\x7f\x1f\xca\x96\xf8$\xd6\xc7\xa85\x05R\"\xca\x95;\xaf\xf3D\v\xb7^\xd7\x18$6\x02\xba\'\xa5\xad\xc8P&\xa2?\x87\x87Q\xd4\x05\xb0\x17bd\xac\x01\xb7\xac\x9a\x05\x84t\xe6') 919.363753ms ago: executing program 5 (id=1372): r0 = socket(0x2f, 0x2, 0x1) write$auto(r0, 0x0, 0x2fb) openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/config/target/version\x00', 0x46340, 0x0) 604.093588ms ago: executing program 5 (id=1373): r0 = openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/current_tracer\x00', 0x20000, 0x0) getsockopt$auto_SO_PASSSEC(r0, 0x2, 0x22, &(0x7f0000000040)='),\xd3,)\x00', &(0x7f0000000080)=0xfffff2c9) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fb0\x00', 0x8201, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000140), r2) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000280)={&(0x7f0000000180)={0xf4, r3, 0x20, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_TDLS_EXTERNAL_SETUP={0x4}, @NL80211_ATTR_TIMED_OUT={0x4}, @NL80211_ATTR_BSS_DUMP_INCLUDE_USE_DATA={0x4}, @NL80211_ATTR_MPATH_NEXT_HOP={0xc3, 0x1a, "7504c118d0c912c2db0a6fabe08b0252df2b4a9c2dcf21ced4a76a496cb347b13b07fc38e0898bdd3daa5e9d6fda2e6c94e3f0e6f92f6870cc81978ac4543345ecced8b297b9c7ea007a13cd2ba325caa55e9dff4097c47da59560fde833850d57167d8cf938c188808376e7c2a72b3be5157b3ac1ce229dc128a6900c6c0ca5cf8f82586162c15b4a9d24103f5c1058fe5391282f592983fd27e7f79e9f5711a4a0a39aaf2e5f53511fb041807b1141f274bbee02630a39cf8392cdae144a"}, @NL80211_ATTR_BSS_CTS_PROT={0x5}, @NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x1}]}, 0xf4}, 0x1, 0x0, 0x0, 0x804}, 0x8044) madvise$auto(0x24, 0x1, 0x18) statx$auto(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0xfffffffc, &(0x7f0000000380)={0x6, 0x1, 0x917, 0x100, 0xee00, 0xee00, 0xfff8, 0x29, 0x2, 0x6, 0x5, 0xf9, {0x9, 0xffffffff}, {0x1, 0xffffffff}, {0x7ff, 0x4}, {0xe, 0x96}, 0x0, 0x3, 0x8, 0x9, 0x6, 0xffffffff, 0x4, 0x7, 0x8, 0x6, 0x6, 0xfffffffa, [0x6, 0x5, 0x1, 0xdd5, 0x8, 0xb, 0xa0, 0x8, 0x4]}) sendmsg$auto_NL80211_CMD_TDLS_CANCEL_CHANNEL_SWITCH(r2, &(0x7f0000000580)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000540)={&(0x7f0000000480)={0x9c, r3, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_SCAN_FREQUENCIES={0xc, 0x2c, 0x0, 0x1, [@typed={0x8, 0x10b, 0x0, 0x0, @uid=r4}]}, @NL80211_ATTR_TX_RATES={0x46, 0x5a, 0x0, 0x1, [@generic="8d9cee1118d077ea38642b4434abbe7b40ded8f713086ff7664fd076f050c5fdc4b3874e3fb4dfe691ebb439a368ae5b58616fa7826372028a0a9fa8dd80c7960fb0"]}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x33, 0xcd, "e41bd312a1af81962e4b08d6c86806eb8d67afca2bc665d9eb3f00d62bd359e1ba44c2298212ef67dbb5dd67bba7f2"}]}, 0x9c}, 0x1, 0x0, 0x0, 0x90}, 0x4000000) madvise$auto(0x8, 0x9, 0x3) r6 = syz_genetlink_get_family_id$auto_nlbl_mgmt(&(0x7f0000000600), r2) sendmsg$auto_NLBL_MGMT_C_VERSION(r2, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)={0x2c, r6, 0x4, 0x70bd2d, 0x25dfdbff, {}, [@NLBL_MGMT_A_VERSION={0x8, 0x3, 0x3}, @NLBL_MGMT_A_PROTOCOL={0x8, 0x2, 0x40}, @NLBL_MGMT_A_PROTOCOL={0x8}]}, 0x2c}}, 0x44044) r7 = socketpair$auto(0xd, 0xff, 0x5, &(0x7f0000000700)=0x2) r8 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000780), r2) sendmsg$auto_BATADV_CMD_GET_BLA_BACKBONE(r7, &(0x7f0000000840)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000800)={&(0x7f00000007c0)={0x24, r8, 0x200, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_TQ={0x5, 0x19, 0x4}, @BATADV_ATTR_MCAST_FLAGS_PRIV={0x8, 0x27, 0xd0}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000081}, 0x32) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000880), r7) r9 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000900), r2) sendmsg$auto_NL80211_CMD_UPDATE_CONNECT_PARAMS(r7, &(0x7f00000009c0)={&(0x7f00000008c0)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000980)={&(0x7f0000000940)={0x1c, r9, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_NETNS_FD={0x8, 0xdb, r7}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4011) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000a00)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x212900, 0x0) quotactl_fd$auto(r2, 0x6, r5, &(0x7f0000000a40)="159dcdc4ce4928809e74856a412e873702f92bd8ff3859af05ea47feb4c745fac5056427cc643f1950ae7cd178a3e6719175b280d1944b90a1fca23b6a40d2f331dc7f995cd4e180fb26e94b0dddcd594aa109427e79bccbbb340d161082d09453ba448c4ab945b5d7635b9489ab8d07481c2288903aab8334a398") ioctl$auto_MEMSETBADBLOCK(r7, 0x40084d0c, &(0x7f0000000ac0)) capget$auto(&(0x7f0000000b00)={0x6, 0xffffffffffffffff}, &(0x7f0000000b40)={0x7, 0xffff320e, 0x7}) kcmp$auto_KCMP_EPOLL_TFD(r10, 0xffffffffffffffff, 0x7, r0, 0x400) close_range$auto(r2, r0, 0x6) r11 = ioctl$auto_TUNGETVNETBE2(r7, 0x800454df, &(0x7f0000000b80)=0x4) ioctl$auto_XFS_IOC_START_COMMIT(r11, 0x80585882, &(0x7f0000000bc0)={r1, 0x0, 0x3c2, 0x3, 0xe89, 0xc5a8, [0x0, 0xd4b, 0x5, 0x7, 0x0, 0xac26]}) getpeername$auto(r11, &(0x7f0000000c40)=@l2tp={0x2, 0x0, @private=0xa010101, 0x4}, &(0x7f0000000c80)=0x200) openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000cc0), 0x100, 0x0) writev$auto(r7, &(0x7f0000000d40)={&(0x7f0000000d00)="3ec41c7f72c76c33e97aec3d2086befaca2099200d9d57e366b3197135e7d9ee1881aa0d3b403a", 0x4}, 0x2) ioctl$auto_TUNSETVNETLE2(r7, 0x400454dc, &(0x7f0000000d80)=0x80000000) 481.045643ms ago: executing program 6 (id=1374): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/virtual/block/nbd12/queue/iosched/prio_aging_expire\x00', 0x115202, 0x0) mmap$auto(0x0, 0x200006, 0x8, 0x40eb2, 0xd, 0x300000000000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r1, 0x0, 0xa) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/net/bond0/bonding/arp_missed_max\x00', 0xc2900, 0x0) read$auto(r2, &(0x7f0000000040)='\xfd-:]:\x00', 0x7) write$auto(r0, &(0x7f00000003c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x14\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3C\xf8B^`\xf8\xc2\x0e\xfc>\xa1\xc5\x1dc\xb5S\xb0eX\xba\xe2\xb8\x17\xd1?\xec\xa3Rc2U\xc2OD\x1cl\xc6\xf0,4\x84A\x8f\xa0\xecJ\xb7\xfcnDO\n[^\xfc\xee\xf4\x98\xb3:K\x05\xd6ElP\xb1\xdc\xa2cg\xafENM\xb2\x1e\xfe\x0f}\xba\x83\x00\x81\x1at\xbf\x9ezF+x\xec\xe1`Qfm:\xfd\xeek\xa6#\xde\x16\x8f\xe9\xe9\xccbP\xb2z\xe1\xed\x97\x11\xaa\xea@\xee:\r\xb8\xe5\xd9CNG\x94\xe5\xcf\xfc3\xc7Z8\x03\x00\x00\x00\xc9\xe2ny\xa7\xd4\xb5A\x8e\xe2\x87\xf0\x17\x90%c\x1dE\xb1j2\x13\x10\xc2\x98\xeak\xa8\x10\xa0\x0f\xe8\x828\"9\xc1\xf2\xb6\x18\x9atD\xf13\xb2+$\x06q\xd6\x8e\xc18\x85\xd2\xd2\x1f\x97\x1d\xd7\x88\"\x01w\xaa\\\f\x98\xbf\xff\xeb\xceg\xa7\x8e\x84B\x7fn\xddu\xe0i\xd3\xf8\x8e\xf4\x111\x86\xfd\xcb\xa1\xd41\x8cI\xe0\xfa\xb3/(s\xd6\xd8\xcdCr\xf5MZ\xb8\xd4\x97\xae1\xc23ph\x84-@\xd4N_\n\xef\x86\x93T\\x\xf2\xce \xfe\v2E\xcatr\x00\xe5\xd7\xb2\x13\xe6\xd8\xd0\xe1|f\xaa\xadX@!\xc2]\xf9\x80\x9a\x1d\xcbt;\xfew\x14\x92\xc27\xbf\xad\x10\xa4\x93\xcd\xdc\x89\xa15\xe7r\x85\xcc\xd2p?\xf2\x0f`+\xb2\xcb\xf1\xddXw\xd2}Is%x\xbbJx\xebo{\x80\xc6o\x9e\xb2\"\x1c\vzL\"\x880|\v\xe0N\x8f\xd6\x8a\xaf', 0x80001) r3 = epoll_create1$auto(0x5) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r4, &(0x7f0000000000)="632d1bfe595046ab5c40bd7563307acb6d16baef6176e669a216aae183cccafdd80500ffffffff0600000000fe00"/56, 0x38) sendmsg$auto_NL80211_CMD_NEW_KEY(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000640)=ANY=[@ANYBLOB="1809ff07", @ANYRES64, @ANYBLOB="3e42cfe17000fedbdf250b0000001f080e008370107424d8a6ed03c3c61b3ff8f1d932b3dda72e0c1319b782984c3096384db31c2eaef2aa452a02f80dae92b4259e049b5c4705eb1cb0c7d713a2a32b4bf097d6b4fdd0f1c8a01a7153e058adb510946090665cf5fcfa8687e21322af3614580e5beb7fdd928a3b6469f1a6c38c314e5b7b904404bc4dd6075fe2d35479faaf0d9921cf1ab0e8bef0820ea38c8cdb0b17fbfd080d1afdb661be9b6e9cf3691d86765b32b7f374281bf10d10ac85a3e1ec3841f8db445efa61f78746d634c04d85854df09011c9e96b18732a93949cfdd8e1cbac690b89a73d26029d1b970a7c065a13e80fbae9678735ab8b8c9021c31d2ee22821f725965c0cbb85aa6bf9f7e1ea5cdaa7ce7ef5695f9268fb249c487268214b5c524533bb1565d19d2ec99cd8de93e258bef3806ef7d5be3f1def1624bae72f5a6f326327cb2570578ebdc2a31200a093eb4452a520c8da1b297f6218a1cf814304022392875ff23b1a1301b4c0a46392a39250f872b95778ae73d04ddba221c4e07089cb2bf07922b21fe128f52823c13043ae8bc00af870fc1aabcddaba83ea271270a3013ec7e201bad82976048132703473a7cccbda6d5d98fcdf7197544c6fd25f3a5b045a61d5415c4346ae8e76b9f9097ad5a92e4b0d7df36b023113168ed958f60bc7f6e0888eb8c77bd1794ce7a4aa59a15a9aa64098bd6331475cbda56ad3f23a27bcadbc17b5dd88b82f58b655ad7bbf34f6eef2f3e387d69a3ef311b59350fd82a6b125a6997178fe824badc1a2f78a2960b79487fe1f256eec1d404b0e0a792ad5bb903d9e48e455512f8da3b289e85426b86eb62529240c530ab6800fdd684df728540d45f89dacf0738dc5a7273007c5e9adc658e4124cc7de5ceeb076ab5a15e945a34f8fc5618ffe72d31acff62de887d144cf06c6fac47f08362ecb3c87e20b139f45f7bd719037e8f70438431cb01ac25a678e390b641199cd296fa25253bd80804833f4caa5b038efaff1c49769c4537b05e97495090a06fefec5c7acb18e2ee1d26d66b13fac375ef308dec9b779ee2c1b45a387e97549efb2c55657bc5942af35b1cd4fcdd219d821c7666243adbaccc33b8069a4679aae30f1d9ba96ee7639ca17482420c3400146a41ae7edbe254f392e0e76d66317592bae81326786ba32a29629a1754731295bc8f4e1b10a671bc92f6aa7737f12b6c5a9af7fb03373f46190221ced3e679128dd5c5db757babd096994e51f5995d821fa6c63c3db4e7f6486adb125a5723e476f6a2cc90cbe04e26d7fdb854ae6a12d8a015955b4ac429c5ec3899dd680a9c91a0f8e2c02d3edbb6f77208a3206693b083b66ae377ab59581a13bc024b5fc5fcd02f24bc576d8f8f6a6c48e8620c1bbdbe13dba1be334a3fa119857394db58abed0bf1cada8d9aeac27e99c66bfa702f447a6abb933c656914924ba5aa9bc977e9030c519f13f8fa748229b3da578127dcbc1c418ef17100ae90fe05e61a329069b0805a36b69a5cc485c3aae9c98f8516b10c7764dde17b50088c2bd08c2b2cc091cd9a71f7795d4dd855f1bb1051b95efb08e6d221df952e7990029d5bf3185dea56da326567b372b600ffef35ee263849de9c4d843fae2265f020edcfd542e81671631cc1a38d0ac24cd1b58624d9e89f599cf65f18148c09a3fe8594a5c4dc7c3d00b13ee992b16de2811c36bd16bc06b179454578f86326707b7811018e6591c689317f7ae906b1001505cfed399abce681a1c1366730b2818db9068c668be5736c300593b91b108cac58b60b33b6af5d5185f6f7c80c645b3cb304deed16c1eb821845ec4e04610f7c16e139b548f9cad355427d32c39d1e4ee459a39728371eed2d42c556ad61534851894f40085a0f21ae65c5f69f0b34c9633853dd60b7e8709720d90a0d61b2389b6a26823ba3de9fd0badbb870824c5751b5754286324ab5878f3d3cc81f8325e483ae6587abb8b019bd806b00b3f7593e3ddf16dc45c4b2450003a9efc0d4dc1342c37833df73e7a482545e651de8b53d58a05e3c82b6ae1008e4c493ca24b4a4f75138bb76f36501ecab443da958f5b85b8cc628ddd5855fbe67f6de38f1e5e723e19827a3e3bc128f019a9fdcfd3dc9fdb625a465cf30e8d5a5ad6dd37f22599944b34e79add80a9a287c5920b5d7f71cdfc12fff392ac98093996905471b59e1e095e488ca8ea28ee99cd1cadbf2e3c24a91df6cb5dd2eb5087a12f2b1ca9651e923019480075f296e7304c14cf4f694d37ef111df72c679ce71d3ab0d0fa3f0d33eafef51beec81a0f84e77dc6ddbd7df8fa6ddef843a7c7443a1839e9df665be6fb7185c0e8fef005519843bd4b4e5f4bf141899bea623e010c4b134419ff4d82bdb62097fac1e8f98b0a0cd5c30e1244ed83c5b9fc830bd812f06db833734d20dac14e8a859306a9e239ed30b96d6c6f657250705f25ddfb392280033382db34048eeeed5749f6c8a5cce69efb5cc76d9bea916f08db60c0c5cdcbeb2c3fed7aec50e02b58ff0ea31b701d204c6ff6e112f7b8a6f06e42cd9da3ba1d21ea4338bd7e1688e70328906bfe970cf3c6b704627ab11fc0e2d67f05dd1dfd1b2d10bd54eb5fe679e552c392c94706ad122c8650874f0b00cf2e27993816da5aaf1d88a2e4e735579ce31cad63ed7c00472dde9f08b716a04d8dfb5595df3e35f058d188971b144c6b7af47d0bfd272f79a0cd6a6d60579414535bdc66ccc9d6df435fd09134a38246c2a8f2bf98a9789e3d248e3c3e2909075189d0a72d968b667736fe2a6dc2c5aa3e93e037b6e2d48bc87684fe6ca7037966d22bdb6b4b78f453c4e921fe520b372b8e06799714e6107349f860d9133d588494c4b319a7d227944aaa93280cb82d214711a4591ec1b744d14217bac12ce74b57dfbdbb676fc1838298822e09c4bb2385a8333316a2d9b60087001a00cd839573fb1df67e31e0397ea0b57247b1fb807dd5b1f99df78f6b04b0df6d73d44028a1cabb7f34425e606eea65cfb5a356f3baa496964b27ab3088957794ce60d57aad02d5a31b1e518c272bb1a23e8ee75a1703550e7b599a75c854f4ed009cf21b24a928a68d4d0cd1e6b26dd64a2afb83a7f1351c3323173271ed89600b1e2ee00008000500000000002800f50017d6714d6d0a54085f71a3dd22b1698dee79ac1a2195492f71c4e809be54a5f47fb86a6e1800180073bce8b5493938da1abeb0133493310018f7d4d40600510100000000050060006c000000"], 0x918}, 0x1, 0x0, 0x0, 0x440c1}, 0x20004000) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, 0x0, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) r5 = epoll_create$auto(0x3e) epoll_ctl$auto(r5, 0x1, 0xffffffffffffffff, 0x0) bpf$auto(0x8000000, 0x0, 0x0) r6 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/block/loop12/queue/virt_boundary_mask\x00', 0x0, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r6, 0x0, 0x24000000) write$auto(r7, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020005, 0x69a, 0x1a, 0xfffffffffffffffa, 0x8002) madvise$auto(0x4, 0x7fffffffffffffff, 0xa) syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3b) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) 213.230719ms ago: executing program 5 (id=1375): r0 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/manager\x00', 0x40800, 0x0) read$auto(r0, 0x0, 0xb4d3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = gettid() close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r2 = socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @loopback}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) kill$auto(r1, 0x11) setsockopt$auto(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000280)='lp\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4]U(\x01\t=\x1e\x00\x00', 0x4) bind$auto(0x3, 0x0, 0x6a) write$auto(0xffffffffffffffff, 0x0, 0x5) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x80282, 0x0) 168.770248ms ago: executing program 4 (id=1376): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x2000000}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0xfffffffe, 0x0, 0x5, 0x0, 0x200002, 0x8}, 0x801}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8932, 0x24) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0xc, 0x940, 0x1ffde, 0x7, 0x6, 0x3ff, 0x9, 0x1, 0x2, 0x7, 0x9, 0x8, 0x8, 0x407, 0x5, 0x7, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xe3a]}, 0x400, 0x81) r2 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) r3 = socket(0x29, 0x2, 0x0) r4 = socket(0x10, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r4, &(0x7f0000000040)={{0x0, 0x4, 0x0, 0x29, 0x0, 0x0, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r3, 0x8990, 0x24) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='p\x00', @ANYRES16], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd11/queue/read_ahead_kb\x00', 0x22b42, 0x0) sendfile$auto(r5, r5, 0x0, 0x4f64a1d2) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) bpf$auto(0x5, &(0x7f0000000140)=@bpf_attr_7={@prog_id=0x1a, 0x92f1, 0x4}, 0xa) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0xb, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='*'], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, &(0x7f0000000040)="a3b8399107037896867091cff675b760f6838819acf7c177afa2f15b74cc662e799514154ceb8f22866ef550b50045e73f513401aafc9aa5fa8f34308574cf2e8fbe1a76138296f0d0ca5d65709253b5b5dcf9f693198c8aefd503f6a65d7ad21af85686d65fd090b92433226c276ece5d766a06ad71b53672edf6ad7cfba0d90599e8521987b8cf", 0x88) 0s ago: executing program 0 (id=1377): close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0xfffffffb) shutdown$auto(0x200000003, 0x2) userfaultfd$auto(0x1) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8000, 0x0) mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) capset$auto(0x0, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(0xffffffffffffffff, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(0xffffffffffffffff, 0x7a0, 0x6) mmap$auto(0x0, 0x2, 0x7f, 0x9b72, 0xffffffffffffffff, 0x8000) adjtimex$auto(0x0) setsockopt$auto(0xffffffffffffffff, 0x1, 0xc, 0x0, 0x7fffffff) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) write$auto(r0, &(0x7f0000000040)='\x00', 0x7fffffffffffffff) pipe$auto(&(0x7f0000001480)=0xffffffffffffffff) read$auto_console_fops_tty_io(r1, &(0x7f00000001c0)=""/142, 0x8e) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mem\x00', 0x101181, 0x0) readv$auto(0x3, 0x0, 0x7) mmap$auto(0x401, 0x3, 0xdf, 0x800000009b72, 0x2, 0x200008000) mmap$auto(0x0, 0x2020009, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) io_submit$auto(0x2, 0xfffffffffffffffa, 0x0) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) ioctl$auto(0x3, 0x400454ca, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) kernel console output (not intermixed with test programs): 2184][ T8520] path_openat+0x1be/0x3120 [ 303.372211][ T8520] ? getname_flags+0x93/0xf0 [ 303.372233][ T8520] ? do_sys_openat2+0xc5/0x220 [ 303.372268][ T8520] ? __x64_sys_openat+0x12d/0x210 [ 303.372304][ T8520] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.372336][ T8520] ? __pfx_path_openat+0x10/0x10 [ 303.372376][ T8520] do_filp_open+0x1f7/0x420 [ 303.372407][ T8520] ? __pfx_do_filp_open+0x10/0x10 [ 303.372457][ T8520] ? _raw_spin_unlock+0x28/0x50 [ 303.372481][ T8520] ? alloc_fd+0x476/0x790 [ 303.372516][ T8520] do_sys_openat2+0x12e/0x220 [ 303.372554][ T8520] ? __pfx_do_sys_openat2+0x10/0x10 [ 303.372602][ T8520] __x64_sys_openat+0x12d/0x210 [ 303.372641][ T8520] ? __pfx___x64_sys_openat+0x10/0x10 [ 303.372679][ T8520] ? xfd_validate_state+0x129/0x190 [ 303.372728][ T8520] do_syscall_64+0xc9/0xf80 [ 303.372760][ T8520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.372784][ T8520] RIP: 0033:0x7f147719aeb9 [ 303.372804][ T8520] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 303.372833][ T8520] RSP: 002b:00007f1477f92028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 303.372856][ T8520] RAX: ffffffffffffffda RBX: 00007f1477415fa0 RCX: 00007f147719aeb9 [ 303.372872][ T8520] RDX: 0000000000101000 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 303.372887][ T8520] RBP: 00007f1477208c1f R08: 0000000000000000 R09: 0000000000000000 [ 303.372902][ T8520] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 303.372916][ T8520] R13: 00007f1477416038 R14: 00007f1477415fa0 R15: 00007ffdfefb3a48 [ 303.372947][ T8520] [ 303.697279][ T8524] nvme_fcloop: unknown parameter or missing value 'dev/snd/' [ 304.347963][ T8534] netlink: 334 bytes leftover after parsing attributes in process `syz.0.570'. [ 304.628388][ T8538] netlink: 252 bytes leftover after parsing attributes in process `syz.0.572'. [ 304.856357][ T8545] netlink: 334 bytes leftover after parsing attributes in process `syz.2.574'. [ 305.299701][ T8552] netlink: 28 bytes leftover after parsing attributes in process `syz.0.576'. [ 305.360738][ T8552] ipvlan0: entered promiscuous mode [ 305.397620][ T8552] ipvlan0: entered allmulticast mode [ 305.403069][ T8552] veth0_vlan: entered allmulticast mode [ 305.437546][ T8554] netlink: 4 bytes leftover after parsing attributes in process `syz.3.578'. [ 305.650457][ T8559] netlink: 25 bytes leftover after parsing attributes in process `syz.3.578'. [ 306.697254][ T8574] netlink: 146 bytes leftover after parsing attributes in process `syz.3.581'. [ 306.847221][ T8574] netlink: 146 bytes leftover after parsing attributes in process `syz.3.581'. [ 307.205975][ T8574] netlink: 146 bytes leftover after parsing attributes in process `syz.3.581'. [ 307.229417][ T8578] nvme_fcloop: unknown parameter or missing value 'dev/snd/' [ 307.295735][ T8574] netlink: 146 bytes leftover after parsing attributes in process `syz.3.581'. [ 308.985981][ T8590] netlink: 334 bytes leftover after parsing attributes in process `syz.2.586'. [ 310.361531][ T8599] vhci_hcd vhci_hcd.0: invalid port number 16 [ 310.381217][ T8596] netlink: 8 bytes leftover after parsing attributes in process `syz.3.588'. [ 310.404850][ T8598] vhci_hcd vhci_hcd.0: invalid port number 16 [ 310.422825][ T8602] netlink: 4 bytes leftover after parsing attributes in process `syz.0.590'. [ 310.455214][ T8602] netlink: 25 bytes leftover after parsing attributes in process `syz.0.590'. [ 311.673416][ T7254] Bluetooth: hci2: unexpected event 0x20 length: 123 > 7 [ 312.119906][ T8619] netlink: 8 bytes leftover after parsing attributes in process `syz.1.595'. [ 315.350573][ T8651] netlink: 334 bytes leftover after parsing attributes in process `syz.1.603'. [ 315.628352][ T8658] Process accounting paused [ 320.078359][ T8712] netlink: 334 bytes leftover after parsing attributes in process `syz.3.615'. [ 320.554210][ T30] audit: type=1800 audit(4294967367.090:9): pid=8718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.617" name="dbroot" dev="configfs" ino=23568 res=0 errno=0 [ 321.917951][ T8728] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 322.419426][ T30] audit: type=1800 audit(4294967368.950:10): pid=8733 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.621" name="features" dev="configfs" ino=23681 res=0 errno=0 [ 322.846955][ T8742] netlink: 342 bytes leftover after parsing attributes in process `syz.0.625'. [ 322.916597][ T8742] IPv6: NLM_F_CREATE should be specified when creating new route [ 322.969302][ T8750] netlink: 342 bytes leftover after parsing attributes in process `syz.0.625'. [ 323.019445][ T8742] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 323.027160][ T8742] IPv6: NLM_F_CREATE should be set when creating new route [ 323.034483][ T8742] IPv6: NLM_F_CREATE should be set when creating new route [ 328.020528][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 328.042119][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 329.863366][ T8839] tc_dump_action: action bad kind [ 330.287459][ T8851] netlink: 334 bytes leftover after parsing attributes in process `syz.2.646'. [ 330.825780][ T8860] FAULT_INJECTION: forcing a failure. [ 330.825780][ T8860] name fail_futex, interval 1, probability 0, space 0, times 0 [ 330.935246][ T8860] CPU: 0 UID: 0 PID: 8860 Comm: syz.3.649 Tainted: G L syzkaller #0 PREEMPT(full) [ 330.935284][ T8860] Tainted: [L]=SOFTLOCKUP [ 330.935292][ T8860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 330.935306][ T8860] Call Trace: [ 330.935314][ T8860] [ 330.935322][ T8860] dump_stack_lvl+0x100/0x190 [ 330.935357][ T8860] should_fail_ex.cold+0x5/0xa [ 330.935395][ T8860] get_futex_key+0x1d2/0x1620 [ 330.935429][ T8860] ? __pfx_get_futex_key+0x10/0x10 [ 330.935468][ T8860] futex_wait_setup+0x81/0x500 [ 330.935497][ T8860] __futex_wait+0x19f/0x300 [ 330.935521][ T8860] ? __pfx___futex_wait+0x10/0x10 [ 330.935547][ T8860] ? __pfx_futex_wake_mark+0x10/0x10 [ 330.935588][ T8860] ? do_raw_spin_lock+0x128/0x260 [ 330.935623][ T8860] ? find_held_lock+0x2b/0x80 [ 330.935645][ T8860] ? futex_wake+0x456/0x530 [ 330.935679][ T8860] ? futex_wake+0x456/0x530 [ 330.935720][ T8860] futex_wait+0xed/0x380 [ 330.935742][ T8860] ? __pfx_futex_wait+0x10/0x10 [ 330.935769][ T8860] ? find_held_lock+0x2b/0x80 [ 330.935790][ T8860] ? putname+0xf5/0x1a0 [ 330.935826][ T8860] do_futex+0x1ef/0x350 [ 330.935859][ T8860] ? __pfx_do_futex+0x10/0x10 [ 330.935891][ T8860] ? cap_task_prctl+0x104/0xa50 [ 330.935927][ T8860] __x64_sys_futex+0x34f/0x4d0 [ 330.935960][ T8860] ? rcu_is_watching+0x12/0xc0 [ 330.935984][ T8860] ? __pfx___x64_sys_futex+0x10/0x10 [ 330.936017][ T8860] ? __pfx___do_sys_prctl+0x10/0x10 [ 330.936063][ T8860] do_syscall_64+0xc9/0xf80 [ 330.936102][ T8860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.936126][ T8860] RIP: 0033:0x7f147719aeb9 [ 330.936144][ T8860] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 330.936167][ T8860] RSP: 002b:00007f1477f920e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 330.936190][ T8860] RAX: ffffffffffffffda RBX: 00007f1477415fa8 RCX: 00007f147719aeb9 [ 330.936208][ T8860] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1477415fa8 [ 330.936223][ T8860] RBP: 00007f1477415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 330.936236][ T8860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.936250][ T8860] R13: 00007f1477416038 R14: 00007ffdfefb3960 R15: 00007ffdfefb3a48 [ 330.936279][ T8860] [ 332.511879][ T30] audit: type=1804 audit(4294967379.050:11): pid=8887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.655" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 336.735602][ T8930] netlink: 4 bytes leftover after parsing attributes in process `syz.2.667'. [ 337.191532][ T8930] netlink: 25 bytes leftover after parsing attributes in process `syz.2.667'. [ 337.483446][ T8937] netlink: 28 bytes leftover after parsing attributes in process `syz.1.669'. [ 339.605601][ T8964] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 343.388099][ T8993] random: crng reseeded on system resumption [ 344.562259][ T8993] hub 1-0:1.0: USB hub found [ 344.627955][ T8993] hub 1-0:1.0: 1 port detected [ 346.499414][ T7254] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 346.773240][ T8994] Process accounting resumed [ 349.935784][ T9063] netlink: 4 bytes leftover after parsing attributes in process `syz.0.696'. [ 349.994535][ T9052] [U] [ 349.997611][ T9052] [U] [ 350.000332][ T9052] [U] [ 350.003044][ T9052] [U] [ 350.211192][ T9052] [U] [ 350.213974][ T9052] [U] [ 350.216733][ T9052] [U] [ 350.219448][ T9052] [U] [ 350.317758][ T9052] [U] [ 350.320535][ T9052] [U] [ 350.323267][ T9052] [U] [ 350.325981][ T9052] [U] [ 350.468873][ T9052] [U] [ 350.626885][ T9072] netlink: 28 bytes leftover after parsing attributes in process `syz.3.697'. [ 354.782553][ T9135] FAULT_INJECTION: forcing a failure. [ 354.782553][ T9135] name failslab, interval 1, probability 0, space 0, times 0 [ 354.829965][ T9135] CPU: 0 UID: 0 PID: 9135 Comm: syz.3.714 Tainted: G L syzkaller #0 PREEMPT(full) [ 354.830005][ T9135] Tainted: [L]=SOFTLOCKUP [ 354.830014][ T9135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 354.830029][ T9135] Call Trace: [ 354.830037][ T9135] [ 354.830046][ T9135] dump_stack_lvl+0x100/0x190 [ 354.830081][ T9135] should_fail_ex.cold+0x5/0xa [ 354.830123][ T9135] should_failslab+0xc2/0x120 [ 354.830157][ T9135] ? constrain_params_by_rules+0x175/0xcc0 [ 354.830192][ T9135] __kmalloc_noprof+0xf6/0x9c0 [ 354.830215][ T9135] ? kasan_quarantine_put+0x104/0x240 [ 354.830245][ T9135] ? lockdep_hardirqs_on+0x78/0x100 [ 354.830273][ T9135] ? constrain_params_by_rules+0xa1d/0xcc0 [ 354.830314][ T9135] ? constrain_params_by_rules+0x175/0xcc0 [ 354.830347][ T9135] constrain_params_by_rules+0x175/0xcc0 [ 354.830395][ T9135] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 354.830437][ T9135] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 354.830488][ T9135] snd_pcm_hw_refine+0x7e7/0xad0 [ 354.830528][ T9135] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 354.830567][ T9135] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 354.830606][ T9135] ? snd_pcm_hw_param_value+0x27b/0x5b0 [ 354.830639][ T9135] snd_pcm_hw_param_first+0x2b0/0x680 [ 354.830671][ T9135] ? trace_hw_mask_param+0x80/0x1d0 [ 354.830699][ T9135] snd_pcm_hw_params+0x496/0x1cb0 [ 354.830741][ T9135] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 354.830776][ T9135] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 354.830807][ T9135] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 354.830842][ T9135] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 354.830878][ T9135] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 354.830916][ T9135] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 354.830971][ T9135] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 354.831026][ T9135] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 354.831059][ T9135] snd_pcm_oss_sync+0x265/0x840 [ 354.831094][ T9135] snd_pcm_oss_release+0x238/0x300 [ 354.831125][ T9135] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 354.831157][ T9135] __fput+0x3ff/0xb40 [ 354.831197][ T9135] task_work_run+0x150/0x240 [ 354.831236][ T9135] ? __pfx_task_work_run+0x10/0x10 [ 354.831283][ T9135] exit_to_user_mode_loop+0x100/0x4b0 [ 354.831317][ T9135] ? rcu_is_watching+0x12/0xc0 [ 354.831343][ T9135] do_syscall_64+0x4ea/0xf80 [ 354.831375][ T9135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.831400][ T9135] RIP: 0033:0x7f147719aeb9 [ 354.831420][ T9135] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 354.831444][ T9135] RSP: 002b:00007f1477f92028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 354.831468][ T9135] RAX: 0000000000000000 RBX: 00007f1477415fa0 RCX: 00007f147719aeb9 [ 354.831483][ T9135] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 354.831497][ T9135] RBP: 00007f1477208c1f R08: 0000000000000000 R09: 0000000000000000 [ 354.831512][ T9135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.831526][ T9135] R13: 00007f1477416038 R14: 00007f1477415fa0 R15: 00007ffdfefb3a48 [ 354.831557][ T9135] [ 355.824978][ T9142] netlink: 28 bytes leftover after parsing attributes in process `syz.2.716'. [ 356.282353][ T9145] binder: 9134:9145 ioctl c018620c 0 returned -1 [ 357.701947][ T9155] netlink: 8 bytes leftover after parsing attributes in process `syz.1.718'. [ 359.145724][ T9182] futex_wake_op: syz.3.724 tries to shift op by -2048; fix this program [ 359.426989][ T9181] 0x000000000001-0x000000020000 : "" [ 360.365324][ T9181] ftl_cs: FTL header corrupt! [ 360.806234][ T9188] netlink: 28 bytes leftover after parsing attributes in process `syz.0.725'. [ 361.775135][ T7254] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 362.069650][ T9188] bond0: (slave bond_slave_0): Releasing backup interface [ 364.792528][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.3.734'. [ 364.820903][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.3.734'. [ 365.477224][ T9239] netlink: 28 bytes leftover after parsing attributes in process `syz.2.745'. [ 365.785980][ T9239] bond0: (slave bond_slave_0): Releasing backup interface [ 370.211822][ T30] audit: type=1800 audit(4294967416.750:12): pid=9311 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.756" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 370.466685][ T9301] binder: 9300:9301 ioctl c018620c 0 returned -1 [ 375.439215][ T9320] Process accounting resumed [ 375.663670][ T9371] [U] 0="/ [ 375.678046][ T9371] [U] [ 375.692649][ T9371] [U] EeQ@ [ 376.262638][ T9370] [U]  [ 377.689533][ T30] audit: type=1800 audit(4294967424.230:13): pid=9396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=27192 res=0 errno=0 [ 378.257787][ T9396] could not allocate digest TFM handle [ 378.556786][ T9414] FAULT_INJECTION: forcing a failure. [ 378.556786][ T9414] name failslab, interval 1, probability 0, space 0, times 0 [ 378.636527][ T9414] CPU: 0 UID: 0 PID: 9414 Comm: syz.1.777 Tainted: G L syzkaller #0 PREEMPT(full) [ 378.636567][ T9414] Tainted: [L]=SOFTLOCKUP [ 378.636576][ T9414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 378.636590][ T9414] Call Trace: [ 378.636598][ T9414] [ 378.636608][ T9414] dump_stack_lvl+0x100/0x190 [ 378.636641][ T9414] should_fail_ex.cold+0x5/0xa [ 378.636684][ T9414] should_failslab+0xc2/0x120 [ 378.636719][ T9414] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 378.636754][ T9414] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 378.636782][ T9414] ? sock_alloc_inode+0x25/0x1c0 [ 378.636812][ T9414] ? __pfx_sock_alloc_inode+0x10/0x10 [ 378.636835][ T9414] ? sock_alloc_inode+0x25/0x1c0 [ 378.636857][ T9414] ? apparmor_socket_create+0x59/0x310 [ 378.636890][ T9414] sock_alloc_inode+0x25/0x1c0 [ 378.636914][ T9414] alloc_inode+0x68/0x250 [ 378.636950][ T9414] sock_alloc+0x44/0x280 [ 378.636970][ T9414] ? security_socket_create+0x7f/0x250 [ 378.637011][ T9414] __sock_create+0xc2/0x860 [ 378.637038][ T9414] ? lockdep_init_map_type+0x5c/0x250 [ 378.637076][ T9414] smc_create+0x163/0x290 [ 378.637106][ T9414] __sock_create+0x339/0x860 [ 378.637138][ T9414] __sys_socket+0x14d/0x260 [ 378.637165][ T9414] ? fput+0x79/0x100 [ 378.637197][ T9414] ? __pfx___sys_socket+0x10/0x10 [ 378.637224][ T9414] ? xfd_validate_state+0x129/0x190 [ 378.637270][ T9414] __x64_sys_socket+0x72/0xb0 [ 378.637299][ T9414] ? lockdep_hardirqs_on+0x78/0x100 [ 378.637327][ T9414] do_syscall_64+0xc9/0xf80 [ 378.637358][ T9414] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.637383][ T9414] RIP: 0033:0x7f5600d9aeb9 [ 378.637402][ T9414] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 378.637425][ T9414] RSP: 002b:00007f5601be7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 378.637448][ T9414] RAX: ffffffffffffffda RBX: 00007f5601015fa0 RCX: 00007f5600d9aeb9 [ 378.637464][ T9414] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 000000000000002b [ 378.637479][ T9414] RBP: 00007f5600e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 378.637493][ T9414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 378.637507][ T9414] R13: 00007f5601016038 R14: 00007f5601015fa0 R15: 00007ffef55cc2b8 [ 378.637537][ T9414] [ 378.637592][ T9414] socket: no more sockets [ 383.538459][ T7254] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 388.150512][ T9475] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 388.251966][ T9475] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 388.339568][ T9475] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 389.196412][ T7246] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 389.207087][ T7246] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 389.216338][ T7246] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 389.227128][ T7246] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 389.243537][ T7246] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 389.475566][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 389.482000][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 390.301669][ T9493] chnl_net:caif_netlink_parms(): no params data found [ 390.667720][ T9493] bridge0: port 1(bridge_slave_0) entered blocking state [ 390.719595][ T9493] bridge0: port 1(bridge_slave_0) entered disabled state [ 390.760055][ T9493] bridge_slave_0: entered allmulticast mode [ 390.792358][ T9493] bridge_slave_0: entered promiscuous mode [ 390.839335][ T9493] bridge0: port 2(bridge_slave_1) entered blocking state [ 390.871818][ T9493] bridge0: port 2(bridge_slave_1) entered disabled state [ 390.914567][ T9493] bridge_slave_1: entered allmulticast mode [ 390.951113][ T9493] bridge_slave_1: entered promiscuous mode [ 391.147113][ T9493] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 391.207008][ T9493] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 391.295445][ T7246] Bluetooth: hci4: command tx timeout [ 391.369582][ T9493] team0: Port device team_slave_0 added [ 391.407332][ T9493] team0: Port device team_slave_1 added [ 391.537003][ T9493] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 391.562785][ T9493] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 391.654207][ T9493] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 391.716966][ T9493] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 391.744492][ T9493] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 391.831682][ T9493] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 392.013396][ T9493] hsr_slave_0: entered promiscuous mode [ 392.068101][ T9493] hsr_slave_1: entered promiscuous mode [ 392.107573][ T9493] debugfs: 'hsr0' already exists in 'hsr' [ 392.113626][ T9493] Cannot create hsr debugfs directory [ 393.027866][ T9493] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 393.129153][ T9493] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 393.160037][ T9493] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 393.206459][ T9493] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 393.375871][ T7246] Bluetooth: hci4: command tx timeout [ 393.632797][ T9493] 8021q: adding VLAN 0 to HW filter on device bond0 [ 394.202525][ T9493] 8021q: adding VLAN 0 to HW filter on device team0 [ 394.688040][ T8346] bridge0: port 1(bridge_slave_0) entered blocking state [ 394.695340][ T8346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 395.325714][ T8346] bridge0: port 2(bridge_slave_1) entered blocking state [ 395.332920][ T8346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 395.455117][ T7246] Bluetooth: hci4: command tx timeout [ 396.141709][ T9493] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 396.745178][ T9493] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 396.756883][ T9577] zram0: detected capacity change from 0 to 8 [ 397.535599][ T7246] Bluetooth: hci4: command tx timeout [ 397.727008][ T9493] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 398.926644][ T9609] netlink: 8 bytes leftover after parsing attributes in process `syz.0.812'. [ 399.060051][ T9493] veth0_vlan: entered promiscuous mode [ 399.067653][ T9609] hub 1-0:1.0: USB hub found [ 399.097624][ T9609] hub 1-0:1.0: 1 port detected [ 399.138889][ T9493] veth1_vlan: entered promiscuous mode [ 399.304008][ T9493] veth0_macvtap: entered promiscuous mode [ 399.377411][ T9493] veth1_macvtap: entered promiscuous mode [ 399.491905][ T9493] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 399.560236][ T9493] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 399.628118][ T9611] zswap: compressor not available [ 399.654083][ T7253] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.688190][ T7253] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.753431][ T7253] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 399.807373][ T7253] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 400.219396][ T7253] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.270696][ T7253] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 400.387089][ T8346] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 400.413577][ T8346] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 401.012451][ T9629] binder: 9628:9629 ioctl 4018620d 9 returned -22 [ 403.096473][ T9643] netlink: 338 bytes leftover after parsing attributes in process `syz.1.819'. [ 403.507608][ T9641] netlink: 338 bytes leftover after parsing attributes in process `syz.1.819'. [ 406.474237][ T9668] Process accounting paused [ 406.787398][ T7254] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 406.799617][ T7254] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 406.827593][ T7254] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 406.848561][ T7254] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 406.856358][ T7254] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 407.841513][ T9670] chnl_net:caif_netlink_parms(): no params data found [ 408.344682][ T9692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 408.432978][ T9692] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 408.552992][ T9692] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 408.627058][ T9692] page_type: f5(slab) [ 408.631290][ T9692] raw: 00fff00000000040 ffff888140407640 dead000000000122 0000000000000000 [ 408.680564][ T9670] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.746852][ T9670] bridge0: port 1(bridge_slave_0) entered disabled state [ 408.754341][ T9670] bridge_slave_0: entered allmulticast mode [ 408.765703][ T9692] raw: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 408.856781][ T9670] bridge_slave_0: entered promiscuous mode [ 408.895328][ T7254] Bluetooth: hci5: command tx timeout [ 408.926037][ T9670] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.933203][ T9670] bridge0: port 2(bridge_slave_1) entered disabled state [ 408.978841][ T9692] head: 00fff00000000040 ffff888140407640 dead000000000122 0000000000000000 [ 409.021754][ T9670] bridge_slave_1: entered allmulticast mode [ 409.065224][ T9670] bridge_slave_1: entered promiscuous mode [ 409.146470][ T9692] head: 0000000000000000 0000000000070007 00000000f5000000 0000000000000000 [ 409.271606][ T9692] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 409.292971][ T9670] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 409.378382][ T9670] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 409.393483][ T9692] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 409.567032][ T9692] page dumped because: unmovable page [ 409.596844][ T9670] team0: Port device team_slave_0 added [ 409.655592][ T9692] page_owner tracks the page as allocated [ 409.661820][ T9692] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5195, tgid 5195 (udevd), ts 406548898939, free_ts 406545844039 [ 409.686219][ T9670] team0: Port device team_slave_1 added [ 409.918286][ T9692] post_alloc_hook+0x1e1/0x250 [ 409.947463][ T9692] get_page_from_freelist+0xe3d/0x2e10 [ 409.986694][ T9692] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 410.071128][ T9692] alloc_pages_mpol+0x1fb/0x550 [ 410.104891][ T9692] new_slab+0x2c4/0x440 [ 410.135302][ T9692] ___slab_alloc+0xda3/0x1ca0 [ 410.140160][ T9692] __slab_alloc.isra.0+0x63/0x110 [ 410.185275][ T9692] kmem_cache_alloc_noprof+0x4ec/0x780 [ 410.190988][ T9692] getname_flags.part.0+0x4c/0x540 [ 410.265370][ T9692] getname_flags+0x93/0xf0 [ 410.269897][ T9692] do_sys_openat2+0xc5/0x220 [ 410.274618][ T9692] __x64_sys_openat+0x12d/0x210 [ 410.315300][ T9692] do_syscall_64+0xc9/0xf80 [ 410.335446][ T9692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.341435][ T9692] page last free pid 5195 tgid 5195 stack trace: [ 410.405223][ T9692] __free_frozen_pages+0x822/0x1130 [ 410.418997][ T9692] __put_partials+0x127/0x160 [ 410.451297][ T9692] qlist_free_all+0x47/0xe0 [ 410.461646][ T9692] kasan_quarantine_reduce+0x1a0/0x1f0 [ 410.497583][ T9692] __kasan_slab_alloc+0x69/0x90 [ 410.515114][ T9692] kmem_cache_alloc_noprof+0x2ad/0x780 [ 410.556579][ T9692] getname_flags.part.0+0x4c/0x540 [ 410.561800][ T9692] getname_flags+0x93/0xf0 [ 410.584608][ T9692] do_readlinkat+0xb9/0x390 [ 410.596802][ T9692] __x64_sys_readlink+0x78/0xc0 [ 410.606384][ T9712] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 410.613529][ T9712] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 410.629977][ T9692] do_syscall_64+0xc9/0xf80 [ 410.640300][ T9692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 410.731012][ T9670] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 410.784216][ T9670] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 410.965755][ T9670] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 410.979933][ T7254] Bluetooth: hci5: command tx timeout [ 411.045321][ T9670] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 411.052438][ T9670] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 411.235628][ T9670] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 411.573042][ T9670] hsr_slave_0: entered promiscuous mode [ 411.627412][ T9670] hsr_slave_1: entered promiscuous mode [ 411.633639][ T9670] debugfs: 'hsr0' already exists in 'hsr' [ 411.696369][ T9670] Cannot create hsr debugfs directory [ 411.953821][ T9721] FAULT_INJECTION: forcing a failure. [ 411.953821][ T9721] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 412.007177][ T9721] CPU: 0 UID: 0 PID: 9721 Comm: syz.1.836 Tainted: G L syzkaller #0 PREEMPT(full) [ 412.007221][ T9721] Tainted: [L]=SOFTLOCKUP [ 412.007231][ T9721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 412.007248][ T9721] Call Trace: [ 412.007256][ T9721] [ 412.007267][ T9721] dump_stack_lvl+0x100/0x190 [ 412.007305][ T9721] should_fail_ex.cold+0x5/0xa [ 412.007351][ T9721] _copy_from_user+0x2e/0xd0 [ 412.007394][ T9721] kstrtouint_from_user+0xd6/0x1d0 [ 412.007426][ T9721] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 412.007463][ T9721] ? get_pid_task+0xfc/0x250 [ 412.007508][ T9721] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 412.007541][ T9721] proc_fail_nth_write+0x83/0x220 [ 412.007573][ T9721] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 412.007608][ T9721] ? iov_iter_advance+0xac/0x6d0 [ 412.007653][ T9721] vfs_writev+0x5ea/0xe10 [ 412.007705][ T9721] ? __pfx_vfs_writev+0x10/0x10 [ 412.007733][ T9721] ? fdget_pos+0x2aa/0x380 [ 412.007768][ T9721] ? fd_install+0x223/0x580 [ 412.007816][ T9721] ? __fget_files+0x21f/0x3d0 [ 412.007855][ T9721] ? do_writev+0x13e/0x340 [ 412.007881][ T9721] do_writev+0x13e/0x340 [ 412.007910][ T9721] ? __pfx_do_writev+0x10/0x10 [ 412.007954][ T9721] do_syscall_64+0xc9/0xf80 [ 412.007992][ T9721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.008020][ T9721] RIP: 0033:0x7f5600d9aeb9 [ 412.008042][ T9721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 412.008069][ T9721] RSP: 002b:00007f5601be7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 412.008096][ T9721] RAX: ffffffffffffffda RBX: 00007f5601015fa0 RCX: 00007f5600d9aeb9 [ 412.008114][ T9721] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000008 [ 412.008130][ T9721] RBP: 00007f5600e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 412.008146][ T9721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 412.008162][ T9721] R13: 00007f5601016038 R14: 00007f5601015fa0 R15: 00007ffef55cc2b8 [ 412.008198][ T9721] [ 413.056858][ T7246] Bluetooth: hci5: command tx timeout [ 413.234321][ T9670] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 413.273146][ T9670] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 413.367479][ T9670] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 413.421395][ T9670] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 413.697753][ T7254] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 414.138827][ T9742] HSR: entered promiscuous mode [ 414.593627][ T9670] 8021q: adding VLAN 0 to HW filter on device bond0 [ 414.760562][ T9670] 8021q: adding VLAN 0 to HW filter on device team0 [ 414.857070][ T7253] bridge0: port 1(bridge_slave_0) entered blocking state [ 414.864314][ T7253] bridge0: port 1(bridge_slave_0) entered forwarding state [ 414.957355][ T7253] bridge0: port 2(bridge_slave_1) entered blocking state [ 414.964613][ T7253] bridge0: port 2(bridge_slave_1) entered forwarding state [ 415.135130][ T7254] Bluetooth: hci5: command tx timeout [ 415.557133][ T9670] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 416.217871][ T9762] netlink: 'syz.1.842': attribute type 1 has an invalid length. [ 417.018352][ T9670] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 418.157835][ T9783] FAULT_INJECTION: forcing a failure. [ 418.157835][ T9783] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 418.267655][ T9783] CPU: 0 UID: 0 PID: 9783 Comm: syz.4.846 Tainted: G L syzkaller #0 PREEMPT(full) [ 418.267697][ T9783] Tainted: [L]=SOFTLOCKUP [ 418.267707][ T9783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 418.267722][ T9783] Call Trace: [ 418.267729][ T9783] [ 418.267739][ T9783] dump_stack_lvl+0x100/0x190 [ 418.267775][ T9783] should_fail_ex.cold+0x5/0xa [ 418.267816][ T9783] _copy_from_user+0x2e/0xd0 [ 418.267855][ T9783] kstrtouint_from_user+0xd6/0x1d0 [ 418.267884][ T9783] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 418.267917][ T9783] ? get_pid_task+0xfc/0x250 [ 418.267957][ T9783] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 418.267986][ T9783] proc_fail_nth_write+0x83/0x220 [ 418.268015][ T9783] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 418.268046][ T9783] ? iov_iter_advance+0xac/0x6d0 [ 418.268086][ T9783] vfs_writev+0x5ea/0xe10 [ 418.268126][ T9783] ? __pfx_vfs_writev+0x10/0x10 [ 418.268150][ T9783] ? fdget_pos+0x2aa/0x380 [ 418.268182][ T9783] ? fd_install+0x223/0x580 [ 418.268224][ T9783] ? __fget_files+0x21f/0x3d0 [ 418.268258][ T9783] ? do_writev+0x13e/0x340 [ 418.268281][ T9783] do_writev+0x13e/0x340 [ 418.268307][ T9783] ? __pfx_do_writev+0x10/0x10 [ 418.268341][ T9783] do_syscall_64+0xc9/0xf80 [ 418.268374][ T9783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.268398][ T9783] RIP: 0033:0x7f44a8f9aeb9 [ 418.268418][ T9783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 418.268442][ T9783] RSP: 002b:00007f44a9ecd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 418.268465][ T9783] RAX: ffffffffffffffda RBX: 00007f44a9215fa0 RCX: 00007f44a8f9aeb9 [ 418.268481][ T9783] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000008 [ 418.268495][ T9783] RBP: 00007f44a9008c1f R08: 0000000000000000 R09: 0000000000000000 [ 418.268509][ T9783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 418.268524][ T9783] R13: 00007f44a9216038 R14: 00007f44a9215fa0 R15: 00007ffc6890d8e8 [ 418.268555][ T9783] [ 418.506352][ T9787] HSR: entered promiscuous mode [ 419.372150][ T9670] veth0_vlan: entered promiscuous mode [ 419.683201][ T9670] veth1_vlan: entered promiscuous mode [ 419.730991][ T9802] FAULT_INJECTION: forcing a failure. [ 419.730991][ T9802] name failslab, interval 1, probability 0, space 0, times 0 [ 419.832683][ T9802] CPU: 0 UID: 0 PID: 9802 Comm: syz.1.852 Tainted: G L syzkaller #0 PREEMPT(full) [ 419.832722][ T9802] Tainted: [L]=SOFTLOCKUP [ 419.832730][ T9802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 419.832745][ T9802] Call Trace: [ 419.832753][ T9802] [ 419.832762][ T9802] dump_stack_lvl+0x100/0x190 [ 419.832797][ T9802] should_fail_ex.cold+0x5/0xa [ 419.832838][ T9802] should_failslab+0xc2/0x120 [ 419.832874][ T9802] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 419.832908][ T9802] ? vidtv_psi_short_event_desc_init+0x429/0x5f0 [ 419.832956][ T9802] ? kstrdup+0x51/0xe0 [ 419.832984][ T9802] kstrdup+0x51/0xe0 [ 419.833023][ T9802] vidtv_psi_short_event_desc_init+0x429/0x5f0 [ 419.833070][ T9802] vidtv_psi_desc_clone+0x33f/0x5d0 [ 419.833113][ T9802] vidtv_channel_si_init+0x764/0x18d0 [ 419.833153][ T9802] vidtv_mux_init+0x526/0xbf0 [ 419.833186][ T9802] vidtv_start_feed+0x33e/0x4c0 [ 419.833223][ T9802] ? __pfx_vidtv_start_feed+0x10/0x10 [ 419.833259][ T9802] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 419.833298][ T9802] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 419.833342][ T9802] ? mark_held_locks+0x40/0x70 [ 419.833379][ T9802] ? __pfx_vidtv_start_feed+0x10/0x10 [ 419.833415][ T9802] dmx_ts_feed_start_filtering+0xf6/0x220 [ 419.833460][ T9802] dvb_dmxdev_start_feed+0x273/0x3f0 [ 419.833497][ T9802] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 419.833537][ T9802] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 419.833574][ T9802] dvb_demux_do_ioctl+0xe64/0x1200 [ 419.833619][ T9802] dvb_usercopy+0x167/0x340 [ 419.833650][ T9802] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 419.833688][ T9802] ? __pfx_dvb_usercopy+0x10/0x10 [ 419.833731][ T9802] ? __fget_files+0x21f/0x3d0 [ 419.833763][ T9802] dvb_demux_ioctl+0x29/0x40 [ 419.833795][ T9802] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 419.833827][ T9802] __x64_sys_ioctl+0x18e/0x210 [ 419.833875][ T9802] do_syscall_64+0xc9/0xf80 [ 419.833907][ T9802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 419.833932][ T9802] RIP: 0033:0x7f5600d9aeb9 [ 419.833959][ T9802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 419.833984][ T9802] RSP: 002b:00007f5601be7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 419.834016][ T9802] RAX: ffffffffffffffda RBX: 00007f5601015fa0 RCX: 00007f5600d9aeb9 [ 419.834033][ T9802] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 419.834048][ T9802] RBP: 00007f5600e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 419.834063][ T9802] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 419.834078][ T9802] R13: 00007f5601016038 R14: 00007f5601015fa0 R15: 00007ffef55cc2b8 [ 419.834117][ T9802] [ 420.114311][ T9670] veth0_macvtap: entered promiscuous mode [ 420.123880][ T9670] veth1_macvtap: entered promiscuous mode [ 420.141411][ T9670] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 420.154560][ T9670] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 420.633740][ T9809] netlink: 'syz.0.853': attribute type 1 has an invalid length. [ 421.299143][ T7372] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.322506][ T7372] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.414503][ T7372] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.447953][ T7372] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 421.759096][ T7245] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 421.813324][ T7245] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 421.999213][ T7372] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 422.065750][ T7372] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 426.944759][ T9868] Console: switching to colour VGA+ 80x25 [ 427.412744][ T9866] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 427.951499][ T9886] netlink: 346 bytes leftover after parsing attributes in process `syz.1.867'. [ 428.550693][ T7372] netdevsim netdevsim100 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 432.585245][ T9952] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 432.795385][ T9938] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 434.546265][ T9983] raw_sendmsg: syz.4.889 forgot to set AF_INET. Fix it! [ 435.338808][ T9987] netlink: 342 bytes leftover after parsing attributes in process `syz.5.890'. [ 435.592334][ T9998] nbd: must specify a size in bytes for the device [ 436.017717][T10003] FAULT_INJECTION: forcing a failure. [ 436.017717][T10003] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 436.107597][T10003] CPU: 0 UID: 0 PID: 10003 Comm: syz.0.895 Tainted: G L syzkaller #0 PREEMPT(full) [ 436.107636][T10003] Tainted: [L]=SOFTLOCKUP [ 436.107644][T10003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 436.107658][T10003] Call Trace: [ 436.107666][T10003] [ 436.107674][T10003] dump_stack_lvl+0x100/0x190 [ 436.107707][T10003] should_fail_ex.cold+0x5/0xa [ 436.107752][T10003] _copy_from_user+0x2e/0xd0 [ 436.107789][T10003] copy_msghdr_from_user+0x9f/0x4f0 [ 436.107818][T10003] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 436.107850][T10003] ? _kstrtoull+0x13c/0x1f0 [ 436.107875][T10003] ? __pfx__kstrtoull+0x10/0x10 [ 436.107905][T10003] ___sys_sendmsg+0x106/0x1e0 [ 436.107934][T10003] ? __pfx____sys_sendmsg+0x10/0x10 [ 436.107994][T10003] __sys_sendmmsg+0x205/0x430 [ 436.108033][T10003] ? __pfx___sys_sendmmsg+0x10/0x10 [ 436.108075][T10003] ? __fget_files+0x215/0x3d0 [ 436.108101][T10003] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 436.108143][T10003] ? fput+0x79/0x100 [ 436.108174][T10003] ? ksys_write+0x1ac/0x250 [ 436.108200][T10003] ? __pfx_ksys_write+0x10/0x10 [ 436.108230][T10003] __x64_sys_sendmmsg+0x9c/0x100 [ 436.108265][T10003] ? lockdep_hardirqs_on+0x78/0x100 [ 436.108292][T10003] do_syscall_64+0xc9/0xf80 [ 436.108323][T10003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.108346][T10003] RIP: 0033:0x7fde50d9aeb9 [ 436.108364][T10003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 436.108388][T10003] RSP: 002b:00007fde51d04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 436.108410][T10003] RAX: ffffffffffffffda RBX: 00007fde51015fa0 RCX: 00007fde50d9aeb9 [ 436.108425][T10003] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 436.108439][T10003] RBP: 00007fde51d04090 R08: 0000000000000000 R09: 0000000000000000 [ 436.108452][T10003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 436.108466][T10003] R13: 00007fde51016038 R14: 00007fde51015fa0 R15: 00007ffc75143398 [ 436.108496][T10003] [ 436.803176][ T9999] Process accounting resumed [ 436.842823][T10013] block2mtd: parameter too long [ 437.092868][T10025] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input19 [ 437.601036][T10035] block nbd7: not configured, cannot reconfigure [ 439.328280][T10059] FAULT_INJECTION: forcing a failure. [ 439.328280][T10059] name failslab, interval 1, probability 0, space 0, times 0 [ 439.465488][T10059] CPU: 0 UID: 0 PID: 10059 Comm: syz.4.907 Tainted: G L syzkaller #0 PREEMPT(full) [ 439.465527][T10059] Tainted: [L]=SOFTLOCKUP [ 439.465535][T10059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 439.465549][T10059] Call Trace: [ 439.465559][T10059] [ 439.465569][T10059] dump_stack_lvl+0x100/0x190 [ 439.465602][T10059] should_fail_ex.cold+0x5/0xa [ 439.465637][T10059] ? trace_fib_table_lookup+0x7a/0x1f0 [ 439.465670][T10059] should_failslab+0xc2/0x120 [ 439.465703][T10059] kmem_cache_alloc_noprof+0x83/0x780 [ 439.465736][T10059] ? dst_alloc+0x99/0x1a0 [ 439.465778][T10059] ? dst_alloc+0x99/0x1a0 [ 439.465806][T10059] dst_alloc+0x99/0x1a0 [ 439.465839][T10059] rt_dst_alloc+0x35/0x3a0 [ 439.465862][T10059] ip_route_output_key_hash_rcu+0x87a/0x2870 [ 439.465900][T10059] ip_route_output_key_hash+0x118/0x2b0 [ 439.465929][T10059] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 439.465958][T10059] ? __pfx___might_resched+0x10/0x10 [ 439.466002][T10059] ? find_held_lock+0x2b/0x80 [ 439.466029][T10059] ip_route_output_flow+0x27/0x150 [ 439.466060][T10059] raw_sendmsg+0xb18/0x3800 [ 439.466097][T10059] ? __pfx_raw_sendmsg+0x10/0x10 [ 439.466130][T10059] ? __lock_acquire+0x4a5/0x2630 [ 439.466195][T10059] ? __import_iovec+0x1d2/0x640 [ 439.466235][T10059] ? __pfx_raw_sendmsg+0x10/0x10 [ 439.466264][T10059] inet_sendmsg+0x11c/0x140 [ 439.466292][T10059] ____sys_sendmsg+0x9ad/0xc30 [ 439.466321][T10059] ? __pfx_____sys_sendmsg+0x10/0x10 [ 439.466349][T10059] ? _kstrtoull+0x13c/0x1f0 [ 439.466374][T10059] ? __pfx__kstrtoull+0x10/0x10 [ 439.466404][T10059] ___sys_sendmsg+0x190/0x1e0 [ 439.466433][T10059] ? __pfx____sys_sendmsg+0x10/0x10 [ 439.466494][T10059] __sys_sendmmsg+0x205/0x430 [ 439.466537][T10059] ? __pfx___sys_sendmmsg+0x10/0x10 [ 439.466580][T10059] ? __fget_files+0x215/0x3d0 [ 439.466605][T10059] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 439.466647][T10059] ? fput+0x79/0x100 [ 439.466678][T10059] ? ksys_write+0x1ac/0x250 [ 439.466703][T10059] ? __pfx_ksys_write+0x10/0x10 [ 439.466734][T10059] __x64_sys_sendmmsg+0x9c/0x100 [ 439.466768][T10059] ? lockdep_hardirqs_on+0x78/0x100 [ 439.466795][T10059] do_syscall_64+0xc9/0xf80 [ 439.466825][T10059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 439.466849][T10059] RIP: 0033:0x7f44a8f9aeb9 [ 439.466866][T10059] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 439.466889][T10059] RSP: 002b:00007f44a9ecd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 439.466911][T10059] RAX: ffffffffffffffda RBX: 00007f44a9215fa0 RCX: 00007f44a8f9aeb9 [ 439.466926][T10059] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 439.466940][T10059] RBP: 00007f44a9ecd090 R08: 0000000000000000 R09: 0000000000000000 [ 439.466954][T10059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 439.466967][T10059] R13: 00007f44a9216038 R14: 00007f44a9215fa0 R15: 00007ffc6890d8e8 [ 439.466996][T10059] [ 440.660371][T10069] FAULT_INJECTION: forcing a failure. [ 440.660371][T10069] name failslab, interval 1, probability 0, space 0, times 0 [ 440.704217][T10069] CPU: 0 UID: 0 PID: 10069 Comm: syz.4.911 Tainted: G L syzkaller #0 PREEMPT(full) [ 440.704259][T10069] Tainted: [L]=SOFTLOCKUP [ 440.704268][T10069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 440.704283][T10069] Call Trace: [ 440.704291][T10069] [ 440.704300][T10069] dump_stack_lvl+0x100/0x190 [ 440.704336][T10069] should_fail_ex.cold+0x5/0xa [ 440.704378][T10069] should_failslab+0xc2/0x120 [ 440.704415][T10069] __kmalloc_cache_noprof+0x80/0x810 [ 440.704442][T10069] ? snd_timer_instance_new+0x47/0x2e0 [ 440.704471][T10069] ? __lock_acquire+0x4a5/0x2630 [ 440.704510][T10069] ? snd_timer_instance_new+0x47/0x2e0 [ 440.704552][T10069] snd_timer_instance_new+0x47/0x2e0 [ 440.704583][T10069] snd_seq_timer_open+0x1d4/0x600 [ 440.704624][T10069] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 440.704670][T10069] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 440.704698][T10069] ? lockdep_hardirqs_on+0x78/0x100 [ 440.704726][T10069] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 440.704756][T10069] queue_use+0xdc/0x1f0 [ 440.704787][T10069] snd_seq_queue_alloc+0x2e5/0x590 [ 440.704825][T10069] snd_seq_ioctl_create_queue+0xa9/0x370 [ 440.704868][T10069] call_seq_client_ctl+0xa3/0x130 [ 440.704895][T10069] snd_seq_kernel_client_ctl+0x77/0xd0 [ 440.704922][T10069] alloc_seq_queue+0xdb/0x180 [ 440.704948][T10069] ? __pfx_alloc_seq_queue+0x10/0x10 [ 440.704996][T10069] ? mark_held_locks+0x40/0x70 [ 440.705028][T10069] ? _raw_spin_unlock_irq+0x23/0x50 [ 440.705052][T10069] ? lockdep_hardirqs_on+0x78/0x100 [ 440.705084][T10069] snd_seq_oss_open+0x2b2/0xa10 [ 440.705124][T10069] odev_open+0x79/0xc0 [ 440.705147][T10069] ? __pfx_odev_open+0x10/0x10 [ 440.705170][T10069] soundcore_open+0x2e3/0x5a0 [ 440.705199][T10069] ? __pfx_soundcore_open+0x10/0x10 [ 440.705225][T10069] chrdev_open+0x234/0x6a0 [ 440.705255][T10069] ? __pfx_apparmor_file_open+0x10/0x10 [ 440.705288][T10069] ? __pfx_chrdev_open+0x10/0x10 [ 440.705320][T10069] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 440.705355][T10069] do_dentry_open+0x73e/0x1570 [ 440.705384][T10069] ? __pfx_chrdev_open+0x10/0x10 [ 440.705415][T10069] ? security_inode_permission+0xbf/0x250 [ 440.705456][T10069] vfs_open+0x82/0x3f0 [ 440.705495][T10069] path_openat+0x21dc/0x3120 [ 440.705534][T10069] ? __pfx_path_openat+0x10/0x10 [ 440.705573][T10069] do_filp_open+0x1f7/0x420 [ 440.705604][T10069] ? __pfx_do_filp_open+0x10/0x10 [ 440.705653][T10069] ? _raw_spin_unlock+0x28/0x50 [ 440.705676][T10069] ? alloc_fd+0x476/0x790 [ 440.705712][T10069] do_sys_openat2+0x12e/0x220 [ 440.705749][T10069] ? __pfx_do_sys_openat2+0x10/0x10 [ 440.705789][T10069] ? __fget_files+0x21f/0x3d0 [ 440.705821][T10069] __x64_sys_openat+0x12d/0x210 [ 440.705860][T10069] ? __pfx___x64_sys_openat+0x10/0x10 [ 440.705897][T10069] ? xfd_validate_state+0x129/0x190 [ 440.705945][T10069] do_syscall_64+0xc9/0xf80 [ 440.705977][T10069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.706002][T10069] RIP: 0033:0x7f44a8f9aeb9 [ 440.706022][T10069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 440.706046][T10069] RSP: 002b:00007f44a9eac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 440.706070][T10069] RAX: ffffffffffffffda RBX: 00007f44a9216090 RCX: 00007f44a8f9aeb9 [ 440.706086][T10069] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 440.706109][T10069] RBP: 00007f44a9008c1f R08: 0000000000000000 R09: 0000000000000000 [ 440.706124][T10069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 440.706138][T10069] R13: 00007f44a9216128 R14: 00007f44a9216090 R15: 00007ffc6890d8e8 [ 440.706169][T10069] [ 444.209601][T10098] netlink: 8 bytes leftover after parsing attributes in process `syz.0.917'. [ 446.017051][ T7254] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 447.483152][T10121] Process accounting resumed [ 447.972060][T10144] FAULT_INJECTION: forcing a failure. [ 447.972060][T10144] name failslab, interval 1, probability 0, space 0, times 0 [ 448.047404][T10144] CPU: 0 UID: 0 PID: 10144 Comm: syz.0.928 Tainted: G L syzkaller #0 PREEMPT(full) [ 448.047441][T10144] Tainted: [L]=SOFTLOCKUP [ 448.047449][T10144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 448.047462][T10144] Call Trace: [ 448.047470][T10144] [ 448.047479][T10144] dump_stack_lvl+0x100/0x190 [ 448.047513][T10144] should_fail_ex.cold+0x5/0xa [ 448.047551][T10144] should_failslab+0xc2/0x120 [ 448.047585][T10144] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 448.047618][T10144] ? __alloc_skb+0x156/0x410 [ 448.047648][T10144] ? __alloc_skb+0x35d/0x410 [ 448.047682][T10144] ? __alloc_skb+0x156/0x410 [ 448.047719][T10144] __alloc_skb+0x156/0x410 [ 448.047748][T10144] ? __alloc_skb+0x35d/0x410 [ 448.047778][T10144] ? __pfx___alloc_skb+0x10/0x10 [ 448.047809][T10144] ? __local_bh_enable_ip+0x9e/0x120 [ 448.047839][T10144] ? lockdep_hardirqs_on+0x78/0x100 [ 448.047866][T10144] ? rt_set_nexthop.isra.0+0x349/0x1240 [ 448.047893][T10144] ? __local_bh_enable_ip+0x9e/0x120 [ 448.047921][T10144] ? rt_set_nexthop.isra.0+0x446/0x1240 [ 448.047952][T10144] alloc_skb_with_frags+0xe0/0x810 [ 448.047976][T10144] ? xfrm_lookup_with_ifid+0xa70/0x1ce0 [ 448.048009][T10144] sock_alloc_send_pskb+0x801/0x980 [ 448.048049][T10144] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 448.048086][T10144] ? xfrm_lookup_route+0x6a/0x200 [ 448.048119][T10144] raw_sendmsg+0x19e6/0x3800 [ 448.048157][T10144] ? __pfx_raw_sendmsg+0x10/0x10 [ 448.048189][T10144] ? __lock_acquire+0x4a5/0x2630 [ 448.048249][T10144] ? __import_iovec+0x1d2/0x640 [ 448.048289][T10144] ? __pfx_raw_sendmsg+0x10/0x10 [ 448.048317][T10144] inet_sendmsg+0x11c/0x140 [ 448.048345][T10144] ____sys_sendmsg+0x9ad/0xc30 [ 448.048373][T10144] ? __pfx_____sys_sendmsg+0x10/0x10 [ 448.048403][T10144] ? _kstrtoull+0x13c/0x1f0 [ 448.048433][T10144] ? __pfx__kstrtoull+0x10/0x10 [ 448.048463][T10144] ___sys_sendmsg+0x190/0x1e0 [ 448.048492][T10144] ? __pfx____sys_sendmsg+0x10/0x10 [ 448.048552][T10144] __sys_sendmmsg+0x205/0x430 [ 448.048591][T10144] ? __pfx___sys_sendmmsg+0x10/0x10 [ 448.048633][T10144] ? __fget_files+0x215/0x3d0 [ 448.048659][T10144] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 448.048707][T10144] ? fput+0x79/0x100 [ 448.048739][T10144] ? ksys_write+0x1ac/0x250 [ 448.048764][T10144] ? __pfx_ksys_write+0x10/0x10 [ 448.048796][T10144] __x64_sys_sendmmsg+0x9c/0x100 [ 448.048830][T10144] ? lockdep_hardirqs_on+0x78/0x100 [ 448.048857][T10144] do_syscall_64+0xc9/0xf80 [ 448.048888][T10144] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.048911][T10144] RIP: 0033:0x7fde50d9aeb9 [ 448.048930][T10144] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 448.048954][T10144] RSP: 002b:00007fde51d04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 448.048976][T10144] RAX: ffffffffffffffda RBX: 00007fde51015fa0 RCX: 00007fde50d9aeb9 [ 448.048992][T10144] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 448.049007][T10144] RBP: 00007fde51d04090 R08: 0000000000000000 R09: 0000000000000000 [ 448.049021][T10144] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 448.049034][T10144] R13: 00007fde51016038 R14: 00007fde51015fa0 R15: 00007ffc75143398 [ 448.049064][T10144] [ 449.339909][T10153] netlink: 12 bytes leftover after parsing attributes in process `syz.0.930'. [ 450.900096][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 450.907511][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 454.104415][T10184] Process accounting resumed [ 455.279522][T10211] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 455.671752][T10216] block nbd7: not configured, cannot reconfigure [ 458.706087][T10247] bridge0: port 3(team0) entered blocking state [ 458.816272][T10247] bridge0: port 3(team0) entered disabled state [ 458.847012][T10251] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 458.860577][T10251] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 458.873883][T10251] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 458.888437][T10251] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 458.896771][T10251] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 458.984209][T10247] team0: entered allmulticast mode [ 459.033063][ T30] audit: type=1800 audit(4294975305.577:14): pid=10242 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.947" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 459.098396][T10247] team_slave_0: entered allmulticast mode [ 459.122090][T10247] team_slave_1: entered allmulticast mode [ 459.167828][T10247] team0: entered promiscuous mode [ 459.199004][T10247] team_slave_0: entered promiscuous mode [ 459.204901][T10247] team_slave_1: entered promiscuous mode [ 459.290821][T10247] bridge0: port 3(team0) entered blocking state [ 459.297325][T10247] bridge0: port 3(team0) entered forwarding state [ 459.375729][ T7254] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 459.779632][T10258] FAULT_INJECTION: forcing a failure. [ 459.779632][T10258] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.841548][T10258] CPU: 0 UID: 0 PID: 10258 Comm: syz.5.950 Tainted: G L syzkaller #0 PREEMPT(full) [ 459.841587][T10258] Tainted: [L]=SOFTLOCKUP [ 459.841595][T10258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 459.841609][T10258] Call Trace: [ 459.841618][T10258] [ 459.841627][T10258] dump_stack_lvl+0x100/0x190 [ 459.841661][T10258] should_fail_ex.cold+0x5/0xa [ 459.841709][T10258] _copy_from_iter+0x1f4/0x1690 [ 459.841752][T10258] ? __pfx__copy_from_iter+0x10/0x10 [ 459.841793][T10258] ? xfrm_lookup_route+0x6a/0x200 [ 459.841827][T10258] raw_sendmsg+0x1efa/0x3800 [ 459.841865][T10258] ? __pfx_raw_sendmsg+0x10/0x10 [ 459.841897][T10258] ? __lock_acquire+0x4a5/0x2630 [ 459.841957][T10258] ? __import_iovec+0x1d2/0x640 [ 459.842005][T10258] ? __pfx_raw_sendmsg+0x10/0x10 [ 459.842034][T10258] inet_sendmsg+0x11c/0x140 [ 459.842061][T10258] ____sys_sendmsg+0x9ad/0xc30 [ 459.842090][T10258] ? __pfx_____sys_sendmsg+0x10/0x10 [ 459.842119][T10258] ? _kstrtoull+0x13c/0x1f0 [ 459.842144][T10258] ? __pfx__kstrtoull+0x10/0x10 [ 459.842174][T10258] ___sys_sendmsg+0x190/0x1e0 [ 459.842203][T10258] ? __pfx____sys_sendmsg+0x10/0x10 [ 459.842264][T10258] __sys_sendmmsg+0x205/0x430 [ 459.842302][T10258] ? __pfx___sys_sendmmsg+0x10/0x10 [ 459.842351][T10258] ? __fget_files+0x215/0x3d0 [ 459.842377][T10258] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 459.842418][T10258] ? fput+0x79/0x100 [ 459.842450][T10258] ? ksys_write+0x1ac/0x250 [ 459.842475][T10258] ? __pfx_ksys_write+0x10/0x10 [ 459.842506][T10258] __x64_sys_sendmmsg+0x9c/0x100 [ 459.842541][T10258] ? lockdep_hardirqs_on+0x78/0x100 [ 459.842571][T10258] do_syscall_64+0xc9/0xf80 [ 459.842606][T10258] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.842629][T10258] RIP: 0033:0x7f8a13d9aeb9 [ 459.842648][T10258] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 459.842676][T10258] RSP: 002b:00007f8a14c57028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 459.842698][T10258] RAX: ffffffffffffffda RBX: 00007f8a14015fa0 RCX: 00007f8a13d9aeb9 [ 459.842714][T10258] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 459.842728][T10258] RBP: 00007f8a14c57090 R08: 0000000000000000 R09: 0000000000000000 [ 459.842742][T10258] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 459.842755][T10258] R13: 00007f8a14016038 R14: 00007f8a14015fa0 R15: 00007ffda8f3abe8 [ 459.842784][T10258] [ 460.568066][T10264] program syz.0.951 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 460.975504][ T7254] Bluetooth: hci7: command tx timeout [ 461.346422][T10273] FAULT_INJECTION: forcing a failure. [ 461.346422][T10273] name failslab, interval 1, probability 0, space 0, times 0 [ 461.432195][T10273] CPU: 0 UID: 0 PID: 10273 Comm: syz.4.954 Tainted: G L syzkaller #0 PREEMPT(full) [ 461.432234][T10273] Tainted: [L]=SOFTLOCKUP [ 461.432242][T10273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 461.432256][T10273] Call Trace: [ 461.432264][T10273] [ 461.432273][T10273] dump_stack_lvl+0x100/0x190 [ 461.432307][T10273] should_fail_ex.cold+0x5/0xa [ 461.432342][T10273] ? trace_fib_table_lookup+0x7a/0x1f0 [ 461.432376][T10273] should_failslab+0xc2/0x120 [ 461.432410][T10273] kmem_cache_alloc_noprof+0x83/0x780 [ 461.432441][T10273] ? dst_alloc+0x99/0x1a0 [ 461.432483][T10273] ? dst_alloc+0x99/0x1a0 [ 461.432512][T10273] dst_alloc+0x99/0x1a0 [ 461.432544][T10273] rt_dst_alloc+0x35/0x3a0 [ 461.432566][T10273] ip_route_output_key_hash_rcu+0x87a/0x2870 [ 461.432604][T10273] ip_route_output_key_hash+0x118/0x2b0 [ 461.432634][T10273] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 461.432663][T10273] ? __pfx___might_resched+0x10/0x10 [ 461.432707][T10273] ? find_held_lock+0x2b/0x80 [ 461.432734][T10273] ip_route_output_flow+0x27/0x150 [ 461.432765][T10273] raw_sendmsg+0xb18/0x3800 [ 461.432802][T10273] ? __pfx_raw_sendmsg+0x10/0x10 [ 461.432835][T10273] ? __lock_acquire+0x4a5/0x2630 [ 461.432895][T10273] ? __import_iovec+0x1d2/0x640 [ 461.432934][T10273] ? __pfx_raw_sendmsg+0x10/0x10 [ 461.432962][T10273] inet_sendmsg+0x11c/0x140 [ 461.432991][T10273] ____sys_sendmsg+0x9ad/0xc30 [ 461.433043][T10273] ? __pfx_____sys_sendmsg+0x10/0x10 [ 461.433072][T10273] ? _kstrtoull+0x13c/0x1f0 [ 461.433097][T10273] ? __pfx__kstrtoull+0x10/0x10 [ 461.433128][T10273] ___sys_sendmsg+0x190/0x1e0 [ 461.433157][T10273] ? __pfx____sys_sendmsg+0x10/0x10 [ 461.433222][T10273] __sys_sendmmsg+0x205/0x430 [ 461.433261][T10273] ? __pfx___sys_sendmmsg+0x10/0x10 [ 461.433304][T10273] ? __fget_files+0x215/0x3d0 [ 461.433329][T10273] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 461.433372][T10273] ? fput+0x79/0x100 [ 461.433403][T10273] ? ksys_write+0x1ac/0x250 [ 461.433429][T10273] ? __pfx_ksys_write+0x10/0x10 [ 461.433460][T10273] __x64_sys_sendmmsg+0x9c/0x100 [ 461.433500][T10273] ? lockdep_hardirqs_on+0x78/0x100 [ 461.433527][T10273] do_syscall_64+0xc9/0xf80 [ 461.433558][T10273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.433582][T10273] RIP: 0033:0x7f44a8f9aeb9 [ 461.433600][T10273] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 461.433624][T10273] RSP: 002b:00007f44a9ecd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 461.433647][T10273] RAX: ffffffffffffffda RBX: 00007f44a9215fa0 RCX: 00007f44a8f9aeb9 [ 461.433662][T10273] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 461.433676][T10273] RBP: 00007f44a9ecd090 R08: 0000000000000000 R09: 0000000000000000 [ 461.433689][T10273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 461.433703][T10273] R13: 00007f44a9216038 R14: 00007f44a9215fa0 R15: 00007ffc6890d8e8 [ 461.433733][T10273] [ 461.581303][T10270] Console: switching to colour frame buffer device 128x48 [ 461.585927][T10250] chnl_net:caif_netlink_parms(): no params data found [ 462.044387][T10250] bridge0: port 1(bridge_slave_0) entered blocking state [ 462.055294][T10250] bridge0: port 1(bridge_slave_0) entered disabled state [ 462.055546][T10250] bridge_slave_0: entered allmulticast mode [ 462.062921][T10250] bridge_slave_0: entered promiscuous mode [ 462.076956][T10250] bridge0: port 2(bridge_slave_1) entered blocking state [ 462.086534][T10250] bridge0: port 2(bridge_slave_1) entered disabled state [ 462.086745][T10250] bridge_slave_1: entered allmulticast mode [ 462.100023][T10250] bridge_slave_1: entered promiscuous mode [ 462.256747][T10250] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 462.259448][T10250] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 462.442058][T10250] team0: Port device team_slave_0 added [ 462.446998][T10250] team0: Port device team_slave_1 added [ 462.707805][T10250] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 462.707826][T10250] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 462.707858][T10250] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 462.720581][T10250] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 462.720601][T10250] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 462.720633][T10250] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 462.978899][T10250] hsr_slave_0: entered promiscuous mode [ 462.995503][T10250] hsr_slave_1: entered promiscuous mode [ 462.996122][T10250] debugfs: 'hsr0' already exists in 'hsr' [ 462.996143][T10250] Cannot create hsr debugfs directory [ 463.062362][ T7254] Bluetooth: hci7: command tx timeout [ 464.087936][T10250] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 464.189114][T10250] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 464.217121][T10250] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 464.264478][T10250] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 464.781536][T10250] 8021q: adding VLAN 0 to HW filter on device bond0 [ 464.876347][T10250] 8021q: adding VLAN 0 to HW filter on device team0 [ 464.911701][ T8346] bridge0: port 1(bridge_slave_0) entered blocking state [ 464.911947][ T8346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 464.981692][ T7245] bridge0: port 2(bridge_slave_1) entered blocking state [ 464.981782][ T7245] bridge0: port 2(bridge_slave_1) entered forwarding state [ 465.145243][T10251] Bluetooth: hci7: command tx timeout [ 465.967614][T10250] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 467.041276][T10363] FAULT_INJECTION: forcing a failure. [ 467.041276][T10363] name fail_futex, interval 1, probability 0, space 0, times 0 [ 467.140662][T10363] CPU: 0 UID: 0 PID: 10363 Comm: syz.0.971 Tainted: G L syzkaller #0 PREEMPT(full) [ 467.140698][T10363] Tainted: [L]=SOFTLOCKUP [ 467.140706][T10363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 467.140719][T10363] Call Trace: [ 467.140727][T10363] [ 467.140744][T10363] dump_stack_lvl+0x100/0x190 [ 467.140778][T10363] should_fail_ex.cold+0x5/0xa [ 467.140816][T10363] get_futex_key+0x1d2/0x1620 [ 467.140850][T10363] ? __pfx_get_futex_key+0x10/0x10 [ 467.140879][T10363] ? find_held_lock+0x2b/0x80 [ 467.140902][T10363] ? futex_wake+0x456/0x530 [ 467.140946][T10363] futex_wake+0xea/0x530 [ 467.140985][T10363] ? __pfx_futex_wake+0x10/0x10 [ 467.141021][T10363] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 467.141066][T10363] do_futex+0x32b/0x350 [ 467.141098][T10363] ? __pfx_do_futex+0x10/0x10 [ 467.141128][T10363] ? rcu_is_watching+0x12/0xc0 [ 467.141150][T10363] ? ktime_get+0x200/0x300 [ 467.141176][T10363] ? lockdep_hardirqs_on+0x78/0x100 [ 467.141204][T10363] ? read_tsc+0x9/0x20 [ 467.141247][T10363] __x64_sys_futex+0x34f/0x4d0 [ 467.141283][T10363] ? __pfx___x64_sys_futex+0x10/0x10 [ 467.141314][T10363] ? xfd_validate_state+0x129/0x190 [ 467.141360][T10363] do_syscall_64+0xc9/0xf80 [ 467.141391][T10363] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 467.141414][T10363] RIP: 0033:0x7fde50d9aeb9 [ 467.141433][T10363] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 467.141456][T10363] RSP: 002b:00007ffc751434f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 467.141478][T10363] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fde50d9aeb9 [ 467.141493][T10363] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fde51015fa8 [ 467.141507][T10363] RBP: 0000000000001079 R08: 00007fde51016038 R09: 0000000000000000 [ 467.141521][T10363] R10: 00007fde51015fa0 R11: 0000000000000246 R12: 0000000000000000 [ 467.141535][T10363] R13: 00007fde51015fac R14: 00007fde51015fa8 R15: 00007fde51015fa0 [ 467.141565][T10363] [ 467.675180][T10251] Bluetooth: hci7: command tx timeout [ 467.861010][T10250] veth0_vlan: entered promiscuous mode [ 467.906703][T10250] veth1_vlan: entered promiscuous mode [ 467.994327][T10250] veth0_macvtap: entered promiscuous mode [ 468.068755][T10250] veth1_macvtap: entered promiscuous mode [ 468.136156][T10250] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 468.198143][T10250] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 468.235436][ T8346] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.258308][ T8346] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.286224][ T8346] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.394550][ T8346] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 468.985365][ T7245] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.041726][ T7245] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.266743][ T7253] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 469.338328][ T7253] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 469.445419][T10387] netlink: 12 bytes leftover after parsing attributes in process `syz.5.977'. [ 469.705708][T10384] FAULT_INJECTION: forcing a failure. [ 469.705708][T10384] name failslab, interval 1, probability 0, space 0, times 0 [ 469.756352][ T30] audit: type=1804 audit(4294975316.297:15): pid=10396 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.978" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 469.831572][T10384] CPU: 0 UID: 0 PID: 10384 Comm: syz.4.975 Tainted: G L syzkaller #0 PREEMPT(full) [ 469.831613][T10384] Tainted: [L]=SOFTLOCKUP [ 469.831622][T10384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 469.831638][T10384] Call Trace: [ 469.831646][T10384] [ 469.831655][T10384] dump_stack_lvl+0x100/0x190 [ 469.831691][T10384] should_fail_ex.cold+0x5/0xa [ 469.831733][T10384] should_failslab+0xc2/0x120 [ 469.831768][T10384] ? constrain_params_by_rules+0x175/0xcc0 [ 469.831803][T10384] __kmalloc_noprof+0xf6/0x9c0 [ 469.831827][T10384] ? __kernel_text_address+0xd/0x30 [ 469.831865][T10384] ? unwind_get_return_address+0x59/0xa0 [ 469.831895][T10384] ? look_up_lock_class+0x64/0x120 [ 469.831930][T10384] ? constrain_params_by_rules+0x175/0xcc0 [ 469.831963][T10384] constrain_params_by_rules+0x175/0xcc0 [ 469.832005][T10384] ? __pfx_stack_trace_save+0x10/0x10 [ 469.832037][T10384] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 469.832107][T10384] ? __mutex_lock+0x26a/0x1b90 [ 469.832137][T10384] ? snd_interval_refine+0x2d0/0x580 [ 469.832164][T10384] snd_pcm_hw_refine+0x7e7/0xad0 [ 469.832202][T10384] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 469.832243][T10384] ? do_raw_spin_lock+0x128/0x260 [ 469.832284][T10384] ? mark_held_locks+0x40/0x70 [ 469.832319][T10384] snd_pcm_hw_params+0x3f1/0x1cb0 [ 469.832355][T10384] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 469.832390][T10384] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 469.832425][T10384] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 469.832455][T10384] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 469.832498][T10384] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 469.832535][T10384] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 469.832573][T10384] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 469.832619][T10384] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 469.832674][T10384] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 469.832707][T10384] snd_pcm_oss_sync+0x265/0x840 [ 469.832743][T10384] snd_pcm_oss_release+0x238/0x300 [ 469.832773][T10384] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 469.832804][T10384] __fput+0x3ff/0xb40 [ 469.832844][T10384] task_work_run+0x150/0x240 [ 469.832883][T10384] ? __pfx_task_work_run+0x10/0x10 [ 469.832929][T10384] exit_to_user_mode_loop+0x100/0x4b0 [ 469.832964][T10384] ? rcu_is_watching+0x12/0xc0 [ 469.832990][T10384] do_syscall_64+0x4ea/0xf80 [ 469.833021][T10384] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 469.833046][T10384] RIP: 0033:0x7f44a8f9aeb9 [ 469.833066][T10384] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 469.833090][T10384] RSP: 002b:00007f44a9ecd028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 469.833114][T10384] RAX: 0000000000000000 RBX: 00007f44a9215fa0 RCX: 00007f44a8f9aeb9 [ 469.833130][T10384] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 469.833144][T10384] RBP: 00007f44a9008c1f R08: 0000000000000000 R09: 0000000000000000 [ 469.833158][T10384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 469.833173][T10384] R13: 00007f44a9216038 R14: 00007f44a9215fa0 R15: 00007ffc6890d8e8 [ 469.833204][T10384] [ 470.672086][T10395] FAULT_INJECTION: forcing a failure. [ 470.672086][T10395] name failslab, interval 1, probability 0, space 0, times 0 [ 470.765119][T10395] CPU: 0 UID: 0 PID: 10395 Comm: syz.6.948 Tainted: G L syzkaller #0 PREEMPT(full) [ 470.765159][T10395] Tainted: [L]=SOFTLOCKUP [ 470.765168][T10395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 470.765183][T10395] Call Trace: [ 470.765190][T10395] [ 470.765200][T10395] dump_stack_lvl+0x100/0x190 [ 470.765234][T10395] should_fail_ex.cold+0x5/0xa [ 470.765275][T10395] should_failslab+0xc2/0x120 [ 470.765310][T10395] ? memcg_list_lru_alloc+0x4ec/0x740 [ 470.765339][T10395] __kmalloc_noprof+0xf6/0x9c0 [ 470.765379][T10395] ? memcg_list_lru_alloc+0x4ec/0x740 [ 470.765410][T10395] memcg_list_lru_alloc+0x4ec/0x740 [ 470.765448][T10395] ? __pfx_memcg_list_lru_alloc+0x10/0x10 [ 470.765478][T10395] ? rcu_read_unlock+0x17/0x60 [ 470.765521][T10395] ? get_mem_cgroup_from_objcg+0xd3/0x330 [ 470.765552][T10395] __memcg_slab_post_alloc_hook+0x12e/0x880 [ 470.765593][T10395] ? kasan_save_track+0x14/0x30 [ 470.765626][T10395] kmem_cache_alloc_lru_noprof+0x606/0x7d0 [ 470.765659][T10395] ? find_held_lock+0x2b/0x80 [ 470.765683][T10395] ? alloc_inode+0x183/0x250 [ 470.765723][T10395] ? alloc_inode+0x183/0x250 [ 470.765757][T10395] alloc_inode+0x183/0x250 [ 470.765792][T10395] path_from_stashed+0x25b/0x750 [ 470.765821][T10395] ? do_raw_spin_unlock+0x145/0x1e0 [ 470.765864][T10395] ns_get_path+0x60/0x80 [ 470.765893][T10395] proc_ns_get_link+0x121/0x230 [ 470.765945][T10395] ? __pfx_proc_ns_get_link+0x10/0x10 [ 470.765981][T10395] ? atime_needs_update+0x8b/0x6b0 [ 470.766022][T10395] pick_link+0xd17/0x13c0 [ 470.766044][T10395] ? __pfx_proc_ns_get_link+0x10/0x10 [ 470.766081][T10395] step_into_slowpath+0x6c2/0xf50 [ 470.766110][T10395] ? __pfx_step_into_slowpath+0x10/0x10 [ 470.766134][T10395] ? find_held_lock+0x2b/0x80 [ 470.766167][T10395] path_openat+0xf95/0x3120 [ 470.766205][T10395] ? __pfx_path_openat+0x10/0x10 [ 470.766244][T10395] do_filp_open+0x1f7/0x420 [ 470.766275][T10395] ? __pfx_do_filp_open+0x10/0x10 [ 470.766323][T10395] ? _raw_spin_unlock+0x28/0x50 [ 470.766347][T10395] ? alloc_fd+0x476/0x790 [ 470.766389][T10395] do_sys_openat2+0x12e/0x220 [ 470.766427][T10395] ? __pfx_do_sys_openat2+0x10/0x10 [ 470.766468][T10395] ? __fget_files+0x21f/0x3d0 [ 470.766501][T10395] __x64_sys_openat+0x12d/0x210 [ 470.766540][T10395] ? __pfx___x64_sys_openat+0x10/0x10 [ 470.766577][T10395] ? xfd_validate_state+0x129/0x190 [ 470.766626][T10395] do_syscall_64+0xc9/0xf80 [ 470.766658][T10395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.766683][T10395] RIP: 0033:0x7f675d55b78e [ 470.766703][T10395] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 470.766727][T10395] RSP: 002b:00007f675e48dec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 470.766750][T10395] RAX: ffffffffffffffda RBX: 00007f675e48e6c0 RCX: 00007f675d55b78e [ 470.766766][T10395] RDX: 0000000000000002 RSI: 00007f675e48df90 RDI: ffffffffffffff9c [ 470.766781][T10395] RBP: 00007f675d608c1f R08: 0000000000000000 R09: 0000000000000000 [ 470.766796][T10395] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 470.766810][T10395] R13: 00007f675d816038 R14: 00007f675d815fa0 R15: 00007ffcddc9aad8 [ 470.766840][T10395] [ 471.096004][T10384] binder: 10382:10384 ioctl c018620c 0 returned -1 [ 471.506556][T10404] FAULT_INJECTION: forcing a failure. [ 471.506556][T10404] name failslab, interval 1, probability 0, space 0, times 0 [ 471.534172][T10404] CPU: 0 UID: 0 PID: 10404 Comm: syz.0.980 Tainted: G L syzkaller #0 PREEMPT(full) [ 471.534215][T10404] Tainted: [L]=SOFTLOCKUP [ 471.534223][T10404] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 471.534343][T10404] Call Trace: [ 471.534357][T10404] [ 471.534368][T10404] dump_stack_lvl+0x100/0x190 [ 471.534404][T10404] should_fail_ex.cold+0x5/0xa [ 471.534449][T10404] should_failslab+0xc2/0x120 [ 471.534484][T10404] ? process_preds+0x49c/0x1e10 [ 471.534525][T10404] __kmalloc_noprof+0xf6/0x9c0 [ 471.534560][T10404] ? process_preds+0x49c/0x1e10 [ 471.534597][T10404] process_preds+0x49c/0x1e10 [ 471.534643][T10404] ? create_filter_start.constprop.0+0x134/0x310 [ 471.534689][T10404] create_filter+0x140/0x210 [ 471.534730][T10404] ? __pfx_create_filter+0x10/0x10 [ 471.534771][T10404] ? __pfx___mutex_lock+0x10/0x10 [ 471.534806][T10404] ? find_held_lock+0x2b/0x80 [ 471.534835][T10404] apply_event_filter+0x220/0x500 [ 471.534861][T10404] ? __pfx_apply_event_filter+0x10/0x10 [ 471.534912][T10404] event_filter_write+0x16d/0x290 [ 471.534951][T10404] vfs_write+0x2aa/0x1070 [ 471.534982][T10404] ? __pfx_event_filter_write+0x10/0x10 [ 471.535017][T10404] ? __pfx_vfs_write+0x10/0x10 [ 471.535044][T10404] ? do_futex+0x192/0x350 [ 471.535081][T10404] ? __pfx_do_futex+0x10/0x10 [ 471.535143][T10404] ? __x64_sys_futex+0x34f/0x4d0 [ 471.535178][T10404] ? __x64_sys_futex+0x358/0x4d0 [ 471.535219][T10404] ksys_write+0x12a/0x250 [ 471.535261][T10404] ? __pfx_ksys_write+0x10/0x10 [ 471.535358][T10404] do_syscall_64+0xc9/0xf80 [ 471.535392][T10404] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.535419][T10404] RIP: 0033:0x7fde50d9aeb9 [ 471.535440][T10404] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 471.535465][T10404] RSP: 002b:00007fde51d04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 471.535488][T10404] RAX: ffffffffffffffda RBX: 00007fde51015fa0 RCX: 00007fde50d9aeb9 [ 471.535504][T10404] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 471.535519][T10404] RBP: 00007fde50e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 471.535534][T10404] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 471.535548][T10404] R13: 00007fde51016038 R14: 00007fde51015fa0 R15: 00007ffc75143398 [ 471.535581][T10404] [ 472.949959][T10423] netlink: 16 bytes leftover after parsing attributes in process `syz.6.983'. [ 473.001871][T10404] zswap: compressor not available [ 473.438226][T10442] bdi 7:0: the stable_pages_required attribute has been removed. Use the stable_writes queue attribute instead. [ 474.397010][T10453] netlink: 146 bytes leftover after parsing attributes in process `syz.6.991'. [ 474.918682][T10449] netlink: 28 bytes leftover after parsing attributes in process `syz.5.990'. [ 476.663477][T10480] netlink: 116 bytes leftover after parsing attributes in process `syz.4.995'. [ 476.711222][T10480] openvswitch: netlink: Key type 11280 is out of range max 32 [ 476.833152][T10476] [U] [ 476.836008][T10476] [U] [ 476.838751][T10476] [U] [ 476.841468][T10476] [U] [ 476.914527][T10476] [U] [ 476.917350][T10476] [U] [ 476.920097][T10476] [U] [ 476.922870][T10476] [U] [ 476.994026][T10476] [U] [ 476.996847][T10476] [U] [ 476.999567][T10476] [U] [ 477.002281][T10476] [U] [ 477.080040][T10476] [U] [ 477.082949][T10476] [U] [ 477.085675][T10476] [U] [ 477.088403][T10476] [U] [ 477.143699][T10476] [U] [ 477.146461][T10476] [U] [ 477.149184][T10476] [U] [ 477.151907][T10476] [U] [ 477.247629][T10476] [U] [ 477.798165][T10483] Process accounting paused [ 478.001938][T10503] FAULT_INJECTION: forcing a failure. [ 478.001938][T10503] name failslab, interval 1, probability 0, space 0, times 0 [ 478.137122][T10503] CPU: 0 UID: 0 PID: 10503 Comm: syz.4.1002 Tainted: G L syzkaller #0 PREEMPT(full) [ 478.137163][T10503] Tainted: [L]=SOFTLOCKUP [ 478.137172][T10503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 478.137186][T10503] Call Trace: [ 478.137194][T10503] [ 478.137203][T10503] dump_stack_lvl+0x100/0x190 [ 478.137239][T10503] should_fail_ex.cold+0x5/0xa [ 478.137284][T10503] should_failslab+0xc2/0x120 [ 478.137320][T10503] kmem_cache_alloc_noprof+0x83/0x780 [ 478.137352][T10503] ? __proc_create+0xc2/0x8c0 [ 478.137389][T10503] ? __proc_create+0x2cb/0x8c0 [ 478.137431][T10503] ? __proc_create+0x2cb/0x8c0 [ 478.137467][T10503] __proc_create+0x2cb/0x8c0 [ 478.137506][T10503] ? __pfx___proc_create+0x10/0x10 [ 478.137549][T10503] ? _raw_write_unlock+0x28/0x50 [ 478.137576][T10503] ? proc_register+0x559/0x8a0 [ 478.137600][T10503] proc_create_reg+0x75/0x170 [ 478.137625][T10503] proc_create_net_data+0x8e/0x1c0 [ 478.137666][T10503] ? __pfx_proc_create_net_data+0x10/0x10 [ 478.137715][T10503] sctp_proc_init+0xfb/0x270 [ 478.137754][T10503] ? __pfx_sctp_defaults_init+0x10/0x10 [ 478.137790][T10503] sctp_defaults_init+0x758/0xd90 [ 478.137826][T10503] ? __pfx_sctp_defaults_init+0x10/0x10 [ 478.137861][T10503] ops_init+0x1e2/0x5f0 [ 478.137902][T10503] setup_net+0x118/0x3a0 [ 478.137923][T10503] ? __pfx_setup_net+0x10/0x10 [ 478.137960][T10503] ? lockdep_init_map_type+0x5c/0x250 [ 478.137995][T10503] ? mutex_init_lockep+0x110/0x150 [ 478.138034][T10503] copy_net_ns+0x46f/0x7c0 [ 478.138092][T10503] create_new_namespaces+0x3ea/0xab0 [ 478.138127][T10503] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 478.138158][T10503] ksys_unshare+0x455/0xab0 [ 478.138195][T10503] ? __pfx_ksys_unshare+0x10/0x10 [ 478.138230][T10503] ? xfd_validate_state+0x129/0x190 [ 478.138277][T10503] __x64_sys_unshare+0x31/0x40 [ 478.138312][T10503] do_syscall_64+0xc9/0xf80 [ 478.138343][T10503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.138368][T10503] RIP: 0033:0x7f44a8f9aeb9 [ 478.138387][T10503] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 478.138411][T10503] RSP: 002b:00007f44a9ecd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 478.138433][T10503] RAX: ffffffffffffffda RBX: 00007f44a9215fa0 RCX: 00007f44a8f9aeb9 [ 478.138449][T10503] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 478.138464][T10503] RBP: 00007f44a9008c1f R08: 0000000000000000 R09: 0000000000000000 [ 478.138479][T10503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 478.138493][T10503] R13: 00007f44a9216038 R14: 00007f44a9215fa0 R15: 00007ffc6890d8e8 [ 478.138525][T10503] [ 479.054096][T10517] __vm_enough_memory: pid: 10517, comm: syz.4.1002, bytes: 4398046511104 not enough memory for the allocation [ 480.152307][T10559] FAULT_INJECTION: forcing a failure. [ 480.152307][T10559] name failslab, interval 1, probability 0, space 0, times 0 [ 480.239502][T10559] CPU: 0 UID: 0 PID: 10559 Comm: syz.5.1007 Tainted: G L syzkaller #0 PREEMPT(full) [ 480.239545][T10559] Tainted: [L]=SOFTLOCKUP [ 480.239554][T10559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 480.239568][T10559] Call Trace: [ 480.239576][T10559] [ 480.239585][T10559] dump_stack_lvl+0x100/0x190 [ 480.239623][T10559] should_fail_ex.cold+0x5/0xa [ 480.239663][T10559] should_failslab+0xc2/0x120 [ 480.239698][T10559] kmem_cache_alloc_noprof+0x83/0x780 [ 480.239731][T10559] ? acpi_ut_create_generic_state+0x61/0xc0 [ 480.239769][T10559] ? acpi_ut_create_generic_state+0x61/0xc0 [ 480.239800][T10559] acpi_ut_create_generic_state+0x61/0xc0 [ 480.239831][T10559] acpi_ps_init_scope+0x3a/0x240 [ 480.239866][T10559] acpi_ds_init_aml_walk+0x1f6/0x680 [ 480.239902][T10559] acpi_ds_call_control_method+0x3a2/0xab0 [ 480.239935][T10559] acpi_ps_parse_aml+0xacd/0x1120 [ 480.239973][T10559] acpi_ps_execute_method+0x5c4/0xe90 [ 480.240014][T10559] acpi_ns_evaluate+0x640/0x1670 [ 480.240058][T10559] acpi_evaluate_object+0x420/0xe00 [ 480.240086][T10559] ? kernfs_fop_read_iter+0x46c/0x610 [ 480.240111][T10559] ? vfs_read+0x825/0xb30 [ 480.240135][T10559] ? ksys_read+0x12a/0x250 [ 480.240165][T10559] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 480.240197][T10559] ? __pfx___might_resched+0x10/0x10 [ 480.240239][T10559] acpi_evaluate_integer+0xdf/0x220 [ 480.240264][T10559] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 480.240300][T10559] ? __pfx_status_show+0x10/0x10 [ 480.240328][T10559] status_show+0xa0/0x120 [ 480.240356][T10559] ? __pfx_status_show+0x10/0x10 [ 480.240392][T10559] dev_attr_show+0x52/0xa0 [ 480.240426][T10559] ? __pfx_dev_attr_show+0x10/0x10 [ 480.240459][T10559] sysfs_kf_seq_show+0x217/0x3a0 [ 480.240494][T10559] seq_read_iter+0x32f/0x1270 [ 480.240531][T10559] kernfs_fop_read_iter+0x46c/0x610 [ 480.240565][T10559] ? rw_verify_area+0xce/0x6d0 [ 480.240587][T10559] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 480.240616][T10559] vfs_read+0x825/0xb30 [ 480.240646][T10559] ? __pfx_vfs_read+0x10/0x10 [ 480.240671][T10559] ? find_held_lock+0x2b/0x80 [ 480.240714][T10559] ksys_read+0x12a/0x250 [ 480.240741][T10559] ? __pfx_ksys_read+0x10/0x10 [ 480.240776][T10559] do_syscall_64+0xc9/0xf80 [ 480.240809][T10559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.240833][T10559] RIP: 0033:0x7f8a13d9aeb9 [ 480.240852][T10559] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 480.240876][T10559] RSP: 002b:00007f8a14c36028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 480.240898][T10559] RAX: ffffffffffffffda RBX: 00007f8a14016090 RCX: 00007f8a13d9aeb9 [ 480.240914][T10559] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000006 [ 480.240929][T10559] RBP: 00007f8a13e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 480.240944][T10559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 480.240958][T10559] R13: 00007f8a14016128 R14: 00007f8a14016090 R15: 00007ffda8f3abe8 [ 480.240990][T10559] [ 480.241172][T10559] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20250807/psparse-529) [ 483.077503][T10598] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1015'. [ 485.712684][T10623] Process accounting paused [ 486.485910][T10650] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1028'. [ 486.685449][T10650] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 488.718425][ T7254] Bluetooth: hci4: Malformed LE Event: 0x0b [ 488.968710][T10687] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 494.882263][T10766] zswap: compressor not available [ 496.771716][T10801] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 496.890486][T10795] FAULT_INJECTION: forcing a failure. [ 496.890486][T10795] name failslab, interval 1, probability 0, space 0, times 0 [ 497.026064][T10795] CPU: 0 UID: 0 PID: 10795 Comm: syz.0.1059 Tainted: G L syzkaller #0 PREEMPT(full) [ 497.026105][T10795] Tainted: [L]=SOFTLOCKUP [ 497.026114][T10795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 497.026130][T10795] Call Trace: [ 497.026138][T10795] [ 497.026147][T10795] dump_stack_lvl+0x100/0x190 [ 497.026182][T10795] should_fail_ex.cold+0x5/0xa [ 497.026223][T10795] should_failslab+0xc2/0x120 [ 497.026260][T10795] kmem_cache_alloc_noprof+0x83/0x780 [ 497.026291][T10795] ? __pfx_map_id_range_down+0x10/0x10 [ 497.026316][T10795] ? security_inode_alloc+0x3b/0x2c0 [ 497.026355][T10795] ? security_inode_alloc+0x3b/0x2c0 [ 497.026385][T10795] security_inode_alloc+0x3b/0x2c0 [ 497.026419][T10795] inode_init_always_gfp+0xced/0x1040 [ 497.026452][T10795] alloc_inode+0x8e/0x250 [ 497.026501][T10795] sock_alloc+0x44/0x280 [ 497.026521][T10795] ? security_socket_create+0x7f/0x250 [ 497.026554][T10795] __sock_create+0xc2/0x860 [ 497.026588][T10795] __sys_socket+0x14d/0x260 [ 497.026617][T10795] ? __pfx___sys_socket+0x10/0x10 [ 497.026648][T10795] ? do_user_addr_fault+0x8d6/0x12f0 [ 497.026679][T10795] __x64_sys_socket+0x72/0xb0 [ 497.026707][T10795] ? lockdep_hardirqs_on+0x78/0x100 [ 497.026736][T10795] do_syscall_64+0xc9/0xf80 [ 497.026785][T10795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.026810][T10795] RIP: 0033:0x7fde50d9c747 [ 497.026829][T10795] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 497.026853][T10795] RSP: 002b:00007fde51d02f98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 497.026876][T10795] RAX: ffffffffffffffda RBX: 00007fde51015fa0 RCX: 00007fde50d9c747 [ 497.026892][T10795] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 497.026907][T10795] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 497.026921][T10795] R10: 00002000000000c0 R11: 0000000000000286 R12: 0000000000000000 [ 497.026936][T10795] R13: 00007fde51016038 R14: 00007fde51015fa0 R15: 00007ffc75143398 [ 497.026965][T10795] [ 497.027007][T10795] socket: no more sockets [ 498.606562][T10812] FAULT_INJECTION: forcing a failure. [ 498.606562][T10812] name failslab, interval 1, probability 0, space 0, times 0 [ 498.975519][T10812] CPU: 0 UID: 0 PID: 10812 Comm: syz.5.1063 Tainted: G L syzkaller #0 PREEMPT(full) [ 498.975559][T10812] Tainted: [L]=SOFTLOCKUP [ 498.975567][T10812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 498.975582][T10812] Call Trace: [ 498.975590][T10812] [ 498.975599][T10812] dump_stack_lvl+0x100/0x190 [ 498.975633][T10812] should_fail_ex.cold+0x5/0xa [ 498.975674][T10812] should_failslab+0xc2/0x120 [ 498.975709][T10812] __kmalloc_cache_noprof+0x80/0x810 [ 498.975735][T10812] ? snd_timer_instance_new+0x47/0x2e0 [ 498.975764][T10812] ? __lock_acquire+0x4a5/0x2630 [ 498.975801][T10812] ? snd_timer_instance_new+0x47/0x2e0 [ 498.975829][T10812] snd_timer_instance_new+0x47/0x2e0 [ 498.975869][T10812] snd_seq_timer_open+0x1d4/0x600 [ 498.975910][T10812] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 498.975957][T10812] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 498.975984][T10812] ? lockdep_hardirqs_on+0x78/0x100 [ 498.976012][T10812] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 498.976042][T10812] queue_use+0xdc/0x1f0 [ 498.976073][T10812] snd_seq_queue_alloc+0x2e5/0x590 [ 498.976110][T10812] snd_seq_ioctl_create_queue+0xa9/0x370 [ 498.976153][T10812] call_seq_client_ctl+0xa3/0x130 [ 498.976179][T10812] snd_seq_kernel_client_ctl+0x77/0xd0 [ 498.976206][T10812] alloc_seq_queue+0xdb/0x180 [ 498.976232][T10812] ? __pfx_alloc_seq_queue+0x10/0x10 [ 498.976274][T10812] ? mark_held_locks+0x40/0x70 [ 498.976305][T10812] ? _raw_spin_unlock_irq+0x23/0x50 [ 498.976329][T10812] ? lockdep_hardirqs_on+0x78/0x100 [ 498.976360][T10812] snd_seq_oss_open+0x2b2/0xa10 [ 498.976393][T10812] odev_open+0x79/0xc0 [ 498.976415][T10812] ? __pfx_odev_open+0x10/0x10 [ 498.976438][T10812] soundcore_open+0x2e3/0x5a0 [ 498.976466][T10812] ? __pfx_soundcore_open+0x10/0x10 [ 498.976492][T10812] chrdev_open+0x234/0x6a0 [ 498.976521][T10812] ? __pfx_apparmor_file_open+0x10/0x10 [ 498.976554][T10812] ? __pfx_chrdev_open+0x10/0x10 [ 498.976586][T10812] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 498.976622][T10812] do_dentry_open+0x73e/0x1570 [ 498.976650][T10812] ? __pfx_chrdev_open+0x10/0x10 [ 498.976682][T10812] ? security_inode_permission+0xbf/0x250 [ 498.976723][T10812] vfs_open+0x82/0x3f0 [ 498.976762][T10812] path_openat+0x21dc/0x3120 [ 498.976801][T10812] ? __pfx_path_openat+0x10/0x10 [ 498.976846][T10812] do_filp_open+0x1f7/0x420 [ 498.976878][T10812] ? __pfx_do_filp_open+0x10/0x10 [ 498.976927][T10812] ? _raw_spin_unlock+0x28/0x50 [ 498.976952][T10812] ? alloc_fd+0x476/0x790 [ 498.976988][T10812] do_sys_openat2+0x12e/0x220 [ 498.977025][T10812] ? __pfx_do_sys_openat2+0x10/0x10 [ 498.977065][T10812] ? __fget_files+0x21f/0x3d0 [ 498.977098][T10812] __x64_sys_openat+0x12d/0x210 [ 498.977137][T10812] ? __pfx___x64_sys_openat+0x10/0x10 [ 498.977174][T10812] ? xfd_validate_state+0x129/0x190 [ 498.977223][T10812] do_syscall_64+0xc9/0xf80 [ 498.977258][T10812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.977284][T10812] RIP: 0033:0x7f8a13d9aeb9 [ 498.977304][T10812] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 498.977328][T10812] RSP: 002b:00007f8a14bd3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 498.977352][T10812] RAX: ffffffffffffffda RBX: 00007f8a14016360 RCX: 00007f8a13d9aeb9 [ 498.977370][T10812] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 498.977385][T10812] RBP: 00007f8a13e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 498.977400][T10812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 498.977414][T10812] R13: 00007f8a140163f8 R14: 00007f8a14016360 R15: 00007ffda8f3abe8 [ 498.977445][T10812] [ 502.919061][T10860] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1077'. [ 504.045467][T10853] block nbd7: not configured, cannot reconfigure [ 507.893076][T10905] Process accounting resumed [ 511.373288][T10947] futex_wake_op: syz.0.1097 tries to shift op by -2048; fix this program [ 511.456596][T10947] futex_wake_op: syz.0.1097 tries to shift op by -2048; fix this program [ 511.556339][T10947] ubi1: attaching mtd0 [ 511.561965][T10947] ubi1: scanning is finished [ 511.662412][T10947] ubi1 error: ubi_read_volume_table: the layout volume was not found [ 511.878413][T10947] ubi1 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 512.346657][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 512.353195][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 514.415158][T10251] Bluetooth: hci4: command 0x0406 tx timeout [ 514.595658][T10976] FAULT_INJECTION: forcing a failure. [ 514.595658][T10976] name failslab, interval 1, probability 0, space 0, times 0 [ 514.825186][T10976] CPU: 0 UID: 0 PID: 10976 Comm: syz.0.1105 Tainted: G L syzkaller #0 PREEMPT(full) [ 514.825229][T10976] Tainted: [L]=SOFTLOCKUP [ 514.825237][T10976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 514.825253][T10976] Call Trace: [ 514.825261][T10976] [ 514.825270][T10976] dump_stack_lvl+0x100/0x190 [ 514.825307][T10976] should_fail_ex.cold+0x5/0xa [ 514.825348][T10976] should_failslab+0xc2/0x120 [ 514.825383][T10976] __kmalloc_cache_noprof+0x80/0x810 [ 514.825410][T10976] ? alloc_fdtable+0xbd/0x2d0 [ 514.825433][T10976] ? do_raw_spin_lock+0x128/0x260 [ 514.825475][T10976] ? alloc_fdtable+0xbd/0x2d0 [ 514.825500][T10976] alloc_fdtable+0xbd/0x2d0 [ 514.825526][T10976] dup_fd+0x995/0xd10 [ 514.825571][T10976] __do_sys_close_range+0x327/0x740 [ 514.825605][T10976] ? __pfx___do_sys_close_range+0x10/0x10 [ 514.825644][T10976] do_syscall_64+0xc9/0xf80 [ 514.825676][T10976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 514.825701][T10976] RIP: 0033:0x7fde50d9aeb9 [ 514.825720][T10976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 514.825744][T10976] RSP: 002b:00007fde51d04028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 514.825766][T10976] RAX: ffffffffffffffda RBX: 00007fde51015fa0 RCX: 00007fde50d9aeb9 [ 514.825783][T10976] RDX: 0000000000000002 RSI: 0000000000000008 RDI: 0000000000000006 [ 514.825797][T10976] RBP: 00007fde50e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 514.825811][T10976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 514.825826][T10976] R13: 00007fde51016038 R14: 00007fde51015fa0 R15: 00007ffc75143398 [ 514.825856][T10976] [ 516.381248][T10991] Process accounting resumed [ 516.635175][T11012] netlink: 'syz.0.1112': attribute type 1 has an invalid length. [ 516.642983][T11012] block nbd0: Unsupported socket: should be TCP or UNIX. [ 517.201753][T11018] netlink: 'syz.6.1114': attribute type 4 has an invalid length. [ 517.276334][T11023] : entered promiscuous mode [ 517.369410][T11016] blkio.reset_stats is deprecated [ 517.626032][T11034] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1117'. [ 517.637727][T11031] FAULT_INJECTION: forcing a failure. [ 517.637727][T11031] name fail_futex, interval 1, probability 0, space 0, times 0 [ 517.785271][T11031] CPU: 0 UID: 0 PID: 11031 Comm: syz.0.1116 Tainted: G L syzkaller #0 PREEMPT(full) [ 517.785311][T11031] Tainted: [L]=SOFTLOCKUP [ 517.785318][T11031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 517.785333][T11031] Call Trace: [ 517.785341][T11031] [ 517.785350][T11031] dump_stack_lvl+0x100/0x190 [ 517.785384][T11031] should_fail_ex.cold+0x5/0xa [ 517.785423][T11031] get_futex_key+0x1d2/0x1620 [ 517.785458][T11031] ? __pfx_get_futex_key+0x10/0x10 [ 517.785485][T11031] ? futex_hash+0x2c5/0x380 [ 517.785523][T11031] futex_wake+0xea/0x530 [ 517.785562][T11031] ? __pfx_futex_wake+0x10/0x10 [ 517.785603][T11031] ? ksys_write+0x190/0x250 [ 517.785636][T11031] do_futex+0x32b/0x350 [ 517.785668][T11031] ? __pfx_do_futex+0x10/0x10 [ 517.785698][T11031] ? __fget_files+0x215/0x3d0 [ 517.785723][T11031] ? __fget_files+0x215/0x3d0 [ 517.785754][T11031] __x64_sys_futex+0x34f/0x4d0 [ 517.785790][T11031] ? __pfx___x64_sys_futex+0x10/0x10 [ 517.785822][T11031] ? ksys_mmap_pgoff+0x85/0x5b0 [ 517.785865][T11031] do_syscall_64+0xc9/0xf80 [ 517.785897][T11031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.785920][T11031] RIP: 0033:0x7fde50d9aeb9 [ 517.785938][T11031] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 517.785961][T11031] RSP: 002b:00007fde51d040e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 517.785983][T11031] RAX: ffffffffffffffda RBX: 00007fde51015fa8 RCX: 00007fde50d9aeb9 [ 517.785998][T11031] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fde51015fac [ 517.786012][T11031] RBP: 00007fde51015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 517.786025][T11031] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 517.786039][T11031] R13: 00007fde51016038 R14: 00007ffc751432b0 R15: 00007ffc75143398 [ 517.786075][T11031] [ 519.309829][T11042] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -4 [ 519.355255][T11042] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -4 [ 519.364868][T11042] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 521.193406][T11071] FAULT_INJECTION: forcing a failure. [ 521.193406][T11071] name failslab, interval 1, probability 0, space 0, times 0 [ 521.289211][T11071] CPU: 0 UID: 0 PID: 11071 Comm: syz.6.1124 Tainted: G L syzkaller #0 PREEMPT(full) [ 521.289252][T11071] Tainted: [L]=SOFTLOCKUP [ 521.289260][T11071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 521.289275][T11071] Call Trace: [ 521.289283][T11071] [ 521.289292][T11071] dump_stack_lvl+0x100/0x190 [ 521.289325][T11071] should_fail_ex.cold+0x5/0xa [ 521.289366][T11071] should_failslab+0xc2/0x120 [ 521.289400][T11071] ? sk_prot_alloc+0x10b/0x2a0 [ 521.289424][T11071] __kmalloc_noprof+0xf6/0x9c0 [ 521.289456][T11071] ? sk_prot_alloc+0x10b/0x2a0 [ 521.289479][T11071] ? __wake_up+0x3f/0x60 [ 521.289505][T11071] sk_prot_alloc+0x10b/0x2a0 [ 521.289532][T11071] sk_alloc+0x36/0xe80 [ 521.289566][T11071] __netlink_create+0x5e/0x2c0 [ 521.289598][T11071] ? __wake_up+0x3f/0x60 [ 521.289626][T11071] netlink_create+0x293/0x610 [ 521.289660][T11071] ? __pfx_genl_bind+0x10/0x10 [ 521.289682][T11071] ? __pfx_genl_unbind+0x10/0x10 [ 521.289703][T11071] ? __pfx_genl_release+0x10/0x10 [ 521.289730][T11071] __sock_create+0x339/0x860 [ 521.289773][T11071] __sys_socket+0x14d/0x260 [ 521.289801][T11071] ? __fget_files+0x21f/0x3d0 [ 521.289827][T11071] ? __pfx___sys_socket+0x10/0x10 [ 521.289854][T11071] ? xfd_validate_state+0x129/0x190 [ 521.289901][T11071] __x64_sys_socket+0x72/0xb0 [ 521.289929][T11071] ? lockdep_hardirqs_on+0x78/0x100 [ 521.289957][T11071] do_syscall_64+0xc9/0xf80 [ 521.289989][T11071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.290013][T11071] RIP: 0033:0x7f675d59aeb9 [ 521.290032][T11071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 521.290056][T11071] RSP: 002b:00007f675e48e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 521.290079][T11071] RAX: ffffffffffffffda RBX: 00007f675d815fa0 RCX: 00007f675d59aeb9 [ 521.290095][T11071] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 521.290109][T11071] RBP: 00007f675d608c1f R08: 0000000000000000 R09: 0000000000000000 [ 521.290123][T11071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 521.290137][T11071] R13: 00007f675d816038 R14: 00007f675d815fa0 R15: 00007ffcddc9aad8 [ 521.290168][T11071] [ 524.617651][T11116] netlink: 100 bytes leftover after parsing attributes in process `syz.6.1134'. [ 524.665962][T11116] FAULT_INJECTION: forcing a failure. [ 524.665962][T11116] name failslab, interval 1, probability 0, space 0, times 0 [ 524.767018][T11116] CPU: 0 UID: 0 PID: 11116 Comm: syz.6.1134 Tainted: G L syzkaller #0 PREEMPT(full) [ 524.767059][T11116] Tainted: [L]=SOFTLOCKUP [ 524.767067][T11116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 524.767082][T11116] Call Trace: [ 524.767090][T11116] [ 524.767100][T11116] dump_stack_lvl+0x100/0x190 [ 524.767134][T11116] should_fail_ex.cold+0x5/0xa [ 524.767171][T11116] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 524.767198][T11116] should_failslab+0xc2/0x120 [ 524.767233][T11116] kmem_cache_alloc_noprof+0x83/0x780 [ 524.767267][T11116] ? skb_clone+0x190/0x400 [ 524.767308][T11116] ? skb_clone+0x190/0x400 [ 524.767343][T11116] skb_clone+0x190/0x400 [ 524.767380][T11116] netlink_deliver_tap+0xaed/0xcc0 [ 524.767425][T11116] netlink_unicast+0x650/0x870 [ 524.767468][T11116] ? __pfx_netlink_unicast+0x10/0x10 [ 524.767514][T11116] ? __pfx_netlink_broadcast_filtered+0x10/0x10 [ 524.767562][T11116] netlink_sendmsg+0x8b0/0xda0 [ 524.767607][T11116] ? __pfx_netlink_sendmsg+0x10/0x10 [ 524.767644][T11116] ? __import_iovec+0x1d2/0x640 [ 524.767685][T11116] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 524.767720][T11116] ____sys_sendmsg+0xa54/0xc30 [ 524.767750][T11116] ? __pfx_____sys_sendmsg+0x10/0x10 [ 524.767775][T11116] ? __pfx___futex_wait+0x10/0x10 [ 524.767803][T11116] ? __pfx_futex_wake_mark+0x10/0x10 [ 524.767848][T11116] ___sys_sendmsg+0x190/0x1e0 [ 524.767879][T11116] ? __pfx____sys_sendmsg+0x10/0x10 [ 524.767932][T11116] ? do_futex+0x192/0x350 [ 524.767966][T11116] ? __pfx_do_futex+0x10/0x10 [ 524.768001][T11116] __sys_sendmsg+0x170/0x220 [ 524.768039][T11116] ? __pfx___sys_sendmsg+0x10/0x10 [ 524.768075][T11116] ? __x64_sys_futex+0x34f/0x4d0 [ 524.768125][T11116] do_syscall_64+0xc9/0xf80 [ 524.768158][T11116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 524.768183][T11116] RIP: 0033:0x7f675d59aeb9 [ 524.768203][T11116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 524.768227][T11116] RSP: 002b:00007f675e48e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 524.768250][T11116] RAX: ffffffffffffffda RBX: 00007f675d815fa0 RCX: 00007f675d59aeb9 [ 524.768267][T11116] RDX: 000000002000c000 RSI: 00002000000000c0 RDI: 0000000000000006 [ 524.768282][T11116] RBP: 00007f675d608c1f R08: 0000000000000000 R09: 0000000000000000 [ 524.768297][T11116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 524.768311][T11116] R13: 00007f675d816038 R14: 00007f675d815fa0 R15: 00007ffcddc9aad8 [ 524.768342][T11116] [ 525.556734][T11125] ima: Unable to open file: /sys/kernel/security/integrity/ima/policy (-26) [ 525.561044][T11125] ima: policy update failed [ 525.647207][ T30] audit: type=1802 audit(4294975372.177:16): pid=11125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.1138" res=0 errno=0 [ 525.688521][T11131] input: jJǸ-9%v as /devices/virtual/input/input22 [ 527.201214][ T7254] Bluetooth: hci5: unexpected subevent 0x01 length: 125 > 18 [ 529.779213][T10251] Bluetooth: hci5: command 0x0406 tx timeout [ 533.433967][T11241] ptp ptp0: only physical clock in use now [ 533.469497][ T30] audit: type=1326 audit(4294975380.017:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11240 comm="syz.5.1165" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8a13d9aeb9 code=0x0 [ 533.811169][T11243] zswap: compressor not available [ 536.188454][T11281] XFS: Clearing xfsstats [ 538.582362][T11297] Process accounting paused [ 539.405231][T11328] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 539.472625][T11328] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 539.582749][T11328] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 539.715284][T11328] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 539.817646][T11328] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 539.947830][T11328] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 540.005277][T11328] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 540.265330][T11328] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 540.271352][T11328] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 540.501962][T11328] Bluetooth: hci7: Opcode 0x0c1a failed: -4 [ 540.555371][T11328] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 540.633834][T11328] Bluetooth: hci7: Opcode 0x0406 failed: -4 [ 541.355175][T11352] FAULT_INJECTION: forcing a failure. [ 541.355175][T11352] name fail_futex, interval 1, probability 0, space 0, times 0 [ 541.455456][T11352] CPU: 0 UID: 0 PID: 11352 Comm: syz.0.1186 Tainted: G L syzkaller #0 PREEMPT(full) [ 541.455496][T11352] Tainted: [L]=SOFTLOCKUP [ 541.455504][T11352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 541.455518][T11352] Call Trace: [ 541.455526][T11352] [ 541.455535][T11352] dump_stack_lvl+0x100/0x190 [ 541.455569][T11352] should_fail_ex.cold+0x5/0xa [ 541.455611][T11352] get_futex_key+0x1d2/0x1620 [ 541.455646][T11352] ? __pfx_get_futex_key+0x10/0x10 [ 541.455687][T11352] futex_wake+0xea/0x530 [ 541.455724][T11352] ? rcu_is_watching+0x12/0xc0 [ 541.455748][T11352] ? lockdep_hardirqs_on+0x78/0x100 [ 541.455777][T11352] ? __pfx_futex_wake+0x10/0x10 [ 541.455819][T11352] ? fd_install+0x223/0x580 [ 541.455843][T11352] ? putname+0xf5/0x1a0 [ 541.455881][T11352] do_futex+0x32b/0x350 [ 541.455915][T11352] ? __pfx_do_futex+0x10/0x10 [ 541.455946][T11352] ? __pfx_do_sys_openat2+0x10/0x10 [ 541.456002][T11352] __x64_sys_futex+0x34f/0x4d0 [ 541.456041][T11352] ? __pfx___x64_sys_futex+0x10/0x10 [ 541.456074][T11352] ? xfd_validate_state+0x129/0x190 [ 541.456123][T11352] do_syscall_64+0xc9/0xf80 [ 541.456154][T11352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.456178][T11352] RIP: 0033:0x7fde50d9aeb9 [ 541.456198][T11352] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 541.456221][T11352] RSP: 002b:00007fde51d040e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 541.456244][T11352] RAX: ffffffffffffffda RBX: 00007fde51015fa8 RCX: 00007fde50d9aeb9 [ 541.456260][T11352] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fde51015fac [ 541.456274][T11352] RBP: 00007fde51015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 541.456288][T11352] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 541.456302][T11352] R13: 00007fde51016038 R14: 00007ffc751432b0 R15: 00007ffc75143398 [ 541.456331][T11352] [ 541.457927][ T7254] Bluetooth: hci0: command 0x0c1a tx timeout [ 541.676790][T10251] Bluetooth: hci1: command 0x0c1a tx timeout [ 541.682942][T10251] Bluetooth: hci2: command 0x0c1a tx timeout [ 541.775978][ T7254] Bluetooth: hci3: command 0x0c1a tx timeout [ 541.865015][ T7246] Bluetooth: hci4: command 0x0406 tx timeout [ 541.967497][T11360] FAULT_INJECTION: forcing a failure. [ 541.967497][T11360] name failslab, interval 1, probability 0, space 0, times 0 [ 542.092804][T11352] FAULT_INJECTION: forcing a failure. [ 542.092804][T11352] name fail_futex, interval 1, probability 0, space 0, times 0 [ 542.196745][T11352] CPU: 0 UID: 0 PID: 11352 Comm: syz.0.1186 Tainted: G L syzkaller #0 PREEMPT(full) [ 542.196783][T11352] Tainted: [L]=SOFTLOCKUP [ 542.196791][T11352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 542.196804][T11352] Call Trace: [ 542.196811][T11352] [ 542.196820][T11352] dump_stack_lvl+0x100/0x190 [ 542.196852][T11352] should_fail_ex.cold+0x5/0xa [ 542.196891][T11352] get_futex_key+0x106f/0x1620 [ 542.196926][T11352] ? __pfx_get_futex_key+0x10/0x10 [ 542.196965][T11352] futex_wake+0xea/0x530 [ 542.197005][T11352] ? __pfx_futex_wake+0x10/0x10 [ 542.197042][T11352] ? exit_mm_release+0x19/0x30 [ 542.197082][T11352] do_futex+0x32b/0x350 [ 542.197114][T11352] ? __pfx_do_futex+0x10/0x10 [ 542.197152][T11352] ? __might_fault+0xc5/0x140 [ 542.197186][T11352] mm_release+0x24a/0x2f0 [ 542.197213][T11352] do_exit+0x675/0x2a30 [ 542.197252][T11352] ? __pfx_do_exit+0x10/0x10 [ 542.197286][T11352] ? do_raw_spin_lock+0x128/0x260 [ 542.197321][T11352] ? find_held_lock+0x2b/0x80 [ 542.197348][T11352] ? get_signal+0x7e0/0x21e0 [ 542.197378][T11352] do_group_exit+0xd5/0x2a0 [ 542.197415][T11352] get_signal+0x1ec7/0x21e0 [ 542.197452][T11352] ? __pfx_get_signal+0x10/0x10 [ 542.197480][T11352] ? do_futex+0x192/0x350 [ 542.197514][T11352] arch_do_signal_or_restart+0x91/0x770 [ 542.197552][T11352] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 542.197593][T11352] ? __pfx___x64_sys_futex+0x10/0x10 [ 542.197632][T11352] exit_to_user_mode_loop+0x86/0x4b0 [ 542.197664][T11352] ? rcu_is_watching+0x12/0xc0 [ 542.197688][T11352] do_syscall_64+0x4ea/0xf80 [ 542.197735][T11352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.197758][T11352] RIP: 0033:0x7fde50d9aeb9 [ 542.197776][T11352] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 542.197798][T11352] RSP: 002b:00007fde51d040e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 542.197820][T11352] RAX: fffffffffffffe00 RBX: 00007fde51015fa8 RCX: 00007fde50d9aeb9 [ 542.197836][T11352] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fde51015fa8 [ 542.197850][T11352] RBP: 00007fde51015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 542.197864][T11352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 542.197877][T11352] R13: 00007fde51016038 R14: 00007ffc751432b0 R15: 00007ffc75143398 [ 542.197913][T11352] [ 542.705899][T11360] CPU: 0 UID: 0 PID: 11360 Comm: syz.4.1188 Tainted: G L syzkaller #0 PREEMPT(full) [ 542.705939][T11360] Tainted: [L]=SOFTLOCKUP [ 542.705948][T11360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 542.705963][T11360] Call Trace: [ 542.705970][T11360] [ 542.705979][T11360] dump_stack_lvl+0x100/0x190 [ 542.706014][T11360] should_fail_ex.cold+0x5/0xa [ 542.706054][T11360] should_failslab+0xc2/0x120 [ 542.706089][T11360] ? sk_prot_alloc+0x10b/0x2a0 [ 542.706113][T11360] __kmalloc_noprof+0xf6/0x9c0 [ 542.706145][T11360] ? sk_prot_alloc+0x10b/0x2a0 [ 542.706168][T11360] ? __wake_up+0x3f/0x60 [ 542.706194][T11360] sk_prot_alloc+0x10b/0x2a0 [ 542.706221][T11360] sk_alloc+0x36/0xe80 [ 542.706255][T11360] __netlink_create+0x5e/0x2c0 [ 542.706312][T11360] ? __wake_up+0x3f/0x60 [ 542.706343][T11360] netlink_create+0x293/0x610 [ 542.706376][T11360] ? __pfx_genl_bind+0x10/0x10 [ 542.706398][T11360] ? __pfx_genl_unbind+0x10/0x10 [ 542.706419][T11360] ? __pfx_genl_release+0x10/0x10 [ 542.706446][T11360] __sock_create+0x339/0x860 [ 542.706479][T11360] __sys_socket+0x14d/0x260 [ 542.706507][T11360] ? __pfx___sys_socket+0x10/0x10 [ 542.706534][T11360] ? xfd_validate_state+0x129/0x190 [ 542.706579][T11360] __x64_sys_socket+0x72/0xb0 [ 542.706606][T11360] ? lockdep_hardirqs_on+0x78/0x100 [ 542.706635][T11360] do_syscall_64+0xc9/0xf80 [ 542.706665][T11360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.706690][T11360] RIP: 0033:0x7f44a8f9aeb9 [ 542.706709][T11360] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 542.706733][T11360] RSP: 002b:00007f44a9ecd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 542.706757][T11360] RAX: ffffffffffffffda RBX: 00007f44a9215fa0 RCX: 00007f44a8f9aeb9 [ 542.706773][T11360] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 542.706794][T11360] RBP: 00007f44a9008c1f R08: 0000000000000000 R09: 0000000000000000 [ 542.706809][T11360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 542.706824][T11360] R13: 00007f44a9216038 R14: 00007f44a9215fa0 R15: 00007ffc6890d8e8 [ 542.706855][T11360] [ 543.040245][T11365] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 543.283498][ T7246] Bluetooth: hci5: command 0x0406 tx timeout [ 543.298953][ T7246] Bluetooth: hci7: command 0x0c1a tx timeout [ 543.915011][ T7254] Bluetooth: hci3: command 0x0c1a tx timeout [ 543.965411][ T7254] Bluetooth: hci4: command 0x0406 tx timeout [ 545.335232][T11406] queue_state_write: operation too long [ 545.384642][ T7254] Bluetooth: hci7: command 0x0c1a tx timeout [ 545.390813][ T7246] Bluetooth: hci5: command 0x0406 tx timeout [ 545.416252][T11406] queue_state_write: use 'run', 'start' or 'kick' [ 545.842174][T11411] FAULT_INJECTION: forcing a failure. [ 545.842174][T11411] name failslab, interval 1, probability 0, space 0, times 0 [ 545.842243][T11411] CPU: 0 UID: 0 PID: 11411 Comm: syz.4.1200 Tainted: G L syzkaller #0 PREEMPT(full) [ 545.842278][T11411] Tainted: [L]=SOFTLOCKUP [ 545.842287][T11411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 545.842303][T11411] Call Trace: [ 545.842311][T11411] [ 545.842320][T11411] dump_stack_lvl+0x100/0x190 [ 545.842353][T11411] should_fail_ex.cold+0x5/0xa [ 545.842394][T11411] should_failslab+0xc2/0x120 [ 545.842429][T11411] ? tomoyo_encode2+0xfb/0x3c0 [ 545.842458][T11411] __kmalloc_noprof+0xf6/0x9c0 [ 545.842483][T11411] ? __pfx_tomoyo_get_local_path+0x10/0x10 [ 545.842520][T11411] ? tomoyo_realpath_from_path+0xb6/0x690 [ 545.842552][T11411] ? tomoyo_encode2+0xfb/0x3c0 [ 545.842574][T11411] tomoyo_encode2+0xfb/0x3c0 [ 545.842601][T11411] tomoyo_encode+0x29/0x50 [ 545.842624][T11411] tomoyo_realpath_from_path+0x18c/0x690 [ 545.842658][T11411] tomoyo_path_number_perm+0x23c/0x580 [ 545.842694][T11411] ? tomoyo_path_number_perm+0x22e/0x580 [ 545.842732][T11411] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 545.842803][T11411] ? current_check_access_path+0x27a/0x460 [ 545.842846][T11411] ? __pfx_current_check_access_path+0x10/0x10 [ 545.842899][T11411] tomoyo_path_mknod+0x164/0x190 [ 545.842927][T11411] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 545.842958][T11411] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 545.842989][T11411] security_path_mknod+0x161/0x300 [ 545.843017][T11411] lookup_open.isra.0+0xc93/0x1890 [ 545.843052][T11411] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 545.843081][T11411] ? __pfx___might_resched+0x10/0x10 [ 545.843119][T11411] ? mnt_get_write_access+0x52/0x2f0 [ 545.843161][T11411] ? __pfx_down_write+0x10/0x10 [ 545.843192][T11411] ? mnt_get_write_access+0x1e9/0x2f0 [ 545.843233][T11411] path_openat+0x117d/0x3120 [ 545.843271][T11411] ? __pfx_path_openat+0x10/0x10 [ 545.843311][T11411] do_filp_open+0x1f7/0x420 [ 545.843342][T11411] ? __pfx_do_filp_open+0x10/0x10 [ 545.843391][T11411] ? _raw_spin_unlock+0x28/0x50 [ 545.843414][T11411] ? alloc_fd+0x476/0x790 [ 545.843449][T11411] do_sys_openat2+0x12e/0x220 [ 545.843494][T11411] ? __pfx_do_sys_openat2+0x10/0x10 [ 545.843534][T11411] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 545.843574][T11411] __x64_sys_openat+0x12d/0x210 [ 545.843613][T11411] ? __pfx___x64_sys_openat+0x10/0x10 [ 545.843650][T11411] ? xfd_validate_state+0x129/0x190 [ 545.843700][T11411] do_syscall_64+0xc9/0xf80 [ 545.843731][T11411] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.843756][T11411] RIP: 0033:0x7f44a8f9aeb9 [ 545.843776][T11411] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 545.843800][T11411] RSP: 002b:00007f44a9eac028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 545.843823][T11411] RAX: ffffffffffffffda RBX: 00007f44a9216090 RCX: 00007f44a8f9aeb9 [ 545.843839][T11411] RDX: 0000000000048041 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 545.843855][T11411] RBP: 00007f44a9008c1f R08: 0000000000000000 R09: 0000000000000000 [ 545.843870][T11411] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 545.843884][T11411] R13: 00007f44a9216128 R14: 00007f44a9216090 R15: 00007ffc6890d8e8 [ 545.843916][T11411] [ 545.879548][T11411] ERROR: Out of memory at tomoyo_realpath_from_path. [ 547.460550][ T7254] Bluetooth: hci7: command 0x0c1a tx timeout [ 547.569963][T11418] Process accounting paused [ 548.628446][T11444] ubi0: attaching mtd1 [ 548.634030][T11444] ubi0: scanning is finished [ 548.766074][T11444] ubi0 error: ubi_read_volume_table: LEB size too small for a volume record [ 549.492550][T11444] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd1, error -22 [ 552.825091][ T7254] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 554.157769][ T30] audit: type=1804 audit(4294975400.687:18): pid=11516 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.1223" name="/newroot/323/file0" dev="tmpfs" ino=1708 res=1 errno=0 [ 554.362537][ T30] audit: type=1804 audit(4294975400.787:19): pid=11518 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1223" name="/newroot/323/file0" dev="tmpfs" ino=1708 res=1 errno=0 [ 555.916983][T11554] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1228'. [ 555.935268][T11555] bonding: no command found in bonding_masters - use +ifname or -ifname [ 556.204060][T11555] bonding: no command found in bonding_masters - use +ifname or -ifname [ 558.025626][T11582] zero sized request [ 558.427886][ T9346] NFSD: Failed to start, no listeners configured. [ 562.967427][ T7254] Bluetooth: hci7: unexpected event 0x3e length: 508 > 260 [ 562.967464][ T7254] Bluetooth: hci7: unexpected subevent 0x02 length: 507 > 260 [ 562.982835][ T7254] Bluetooth: hci7: Dropping invalid advertising data [ 562.992250][ T7254] Bluetooth: hci7: unknown advertising packet type: 0xe9 [ 562.992285][ T7254] Bluetooth: hci7: Dropping invalid advertising data [ 563.008606][ T7254] Bluetooth: hci7: Malformed LE Event: 0x02 [ 563.574763][T11646] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1242'. [ 563.767472][T11648] bridge0: port 3(netdevsim0) entered blocking state [ 563.774326][T11648] bridge0: port 3(netdevsim0) entered disabled state [ 564.027470][T11648] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 564.195188][T11648] netdevsim netdevsim5 netdevsim0: entered promiscuous mode [ 564.348479][T11648] bridge0: port 3(netdevsim0) entered blocking state [ 564.355437][T11648] bridge0: port 3(netdevsim0) entered forwarding state [ 566.537247][T11693] sp0: Synchronizing with TNC [ 567.313137][T11708] mkiss: ax0: crc mode is auto. [ 567.662294][T11700] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1252'. [ 567.761257][T11701] KVM: debugfs: duplicate directory 11701-3 [ 567.874315][T11701] KVM: debugfs: duplicate directory 11701-4 [ 567.954392][T11701] KVM: debugfs: duplicate directory 11701-5 [ 568.089497][T11701] KVM: debugfs: duplicate directory 11701-7 [ 568.745824][T11709] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1252'. [ 568.930424][T11709] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 569.452282][T11709] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 570.474851][T11717] Process accounting resumed [ 570.918016][T11733] FAULT_INJECTION: forcing a failure. [ 570.918016][T11733] name failslab, interval 1, probability 0, space 0, times 0 [ 571.108023][T11733] CPU: 0 UID: 0 PID: 11733 Comm: syz.5.1258 Tainted: G L syzkaller #0 PREEMPT(full) [ 571.108064][T11733] Tainted: [L]=SOFTLOCKUP [ 571.108073][T11733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 571.108088][T11733] Call Trace: [ 571.108096][T11733] [ 571.108105][T11733] dump_stack_lvl+0x100/0x190 [ 571.108141][T11733] should_fail_ex.cold+0x5/0xa [ 571.108183][T11733] should_failslab+0xc2/0x120 [ 571.108225][T11733] kmem_cache_alloc_noprof+0x83/0x780 [ 571.108257][T11733] ? __asan_memcpy+0x3c/0x60 [ 571.108282][T11733] ? __kernfs_new_node+0xd2/0x960 [ 571.108321][T11733] ? __kernfs_new_node+0xd2/0x960 [ 571.108352][T11733] __kernfs_new_node+0xd2/0x960 [ 571.108383][T11733] ? __kernel_text_address+0xd/0x30 [ 571.108424][T11733] ? arch_stack_walk+0xa6/0xf0 [ 571.108451][T11733] ? __pfx___kernfs_new_node+0x10/0x10 [ 571.108494][T11733] ? find_held_lock+0x2b/0x80 [ 571.108517][T11733] ? kernfs_root+0xee/0x2a0 [ 571.108549][T11733] ? kernfs_root+0xee/0x2a0 [ 571.108589][T11733] kernfs_new_node+0x11b/0x1a0 [ 571.108631][T11733] kernfs_create_dir_ns+0x4c/0x1a0 [ 571.108673][T11733] sysfs_create_dir_ns+0x13a/0x2b0 [ 571.108706][T11733] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 571.108737][T11733] ? find_held_lock+0x2b/0x80 [ 571.108759][T11733] ? kobject_add_internal+0x25f/0x930 [ 571.108794][T11733] ? kobject_add_internal+0x25f/0x930 [ 571.108830][T11733] ? do_raw_spin_unlock+0x145/0x1e0 [ 571.108870][T11733] kobject_add_internal+0x2c8/0x930 [ 571.108909][T11733] kobject_add+0x16a/0x1e0 [ 571.108942][T11733] ? __pfx_kobject_add+0x10/0x10 [ 571.108981][T11733] ? lockdep_init_map_type+0x5c/0x250 [ 571.109015][T11733] ? class_to_subsys+0x114/0x150 [ 571.109062][T11733] device_add+0x294/0x1950 [ 571.109102][T11733] ? __pfx_device_add+0x10/0x10 [ 571.109148][T11733] ? mark_held_locks+0x40/0x70 [ 571.109187][T11733] usb_set_configuration+0xd97/0x1c60 [ 571.109245][T11733] bConfigurationValue_store+0x100/0x180 [ 571.109281][T11733] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 571.109316][T11733] ? find_held_lock+0x2b/0x80 [ 571.109339][T11733] ? sysfs_file_kobj+0xe4/0x290 [ 571.109367][T11733] ? sysfs_file_kobj+0xe4/0x290 [ 571.109397][T11733] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 571.109431][T11733] dev_attr_store+0x58/0x80 [ 571.109464][T11733] ? __pfx_dev_attr_store+0x10/0x10 [ 571.109497][T11733] sysfs_kf_write+0xf2/0x150 [ 571.109527][T11733] kernfs_fop_write_iter+0x3e0/0x5f0 [ 571.109551][T11733] ? __pfx_sysfs_kf_write+0x10/0x10 [ 571.109582][T11733] iter_file_splice_write+0x82b/0x10a0 [ 571.109628][T11733] ? __pfx_iter_file_splice_write+0x10/0x10 [ 571.109662][T11733] ? __pfx_copy_splice_read+0x10/0x10 [ 571.109704][T11733] ? __pfx_iter_file_splice_write+0x10/0x10 [ 571.109736][T11733] direct_splice_actor+0x192/0x6c0 [ 571.109767][T11733] splice_direct_to_actor+0x345/0xa30 [ 571.109797][T11733] ? __pfx_direct_splice_actor+0x10/0x10 [ 571.109830][T11733] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 571.109866][T11733] do_splice_direct+0x174/0x240 [ 571.109894][T11733] ? __pfx_do_splice_direct+0x10/0x10 [ 571.109919][T11733] ? common_file_perm+0x1ab/0x4f0 [ 571.109957][T11733] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 571.109988][T11733] ? rw_verify_area+0xce/0x6d0 [ 571.110014][T11733] do_sendfile+0xadc/0xe20 [ 571.110046][T11733] ? __pfx_do_sendfile+0x10/0x10 [ 571.110076][T11733] ? __x64_sys_futex+0x34f/0x4d0 [ 571.110109][T11733] ? __x64_sys_futex+0x358/0x4d0 [ 571.110146][T11733] __x64_sys_sendfile64+0x1d8/0x220 [ 571.110179][T11733] ? xfd_validate_state+0x129/0x190 [ 571.110224][T11733] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 571.110267][T11733] do_syscall_64+0xc9/0xf80 [ 571.110300][T11733] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 571.110325][T11733] RIP: 0033:0x7f8a13d9aeb9 [ 571.110346][T11733] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 571.110369][T11733] RSP: 002b:00007f8a14c57028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 571.110392][T11733] RAX: ffffffffffffffda RBX: 00007f8a14015fa0 RCX: 00007f8a13d9aeb9 [ 571.110408][T11733] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 571.110423][T11733] RBP: 00007f8a13e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 571.110437][T11733] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 571.110452][T11733] R13: 00007f8a14016038 R14: 00007f8a14015fa0 R15: 00007ffda8f3abe8 [ 571.110483][T11733] [ 571.574331][T11740] cgroup: fork rejected by pids controller in /syz0 [ 572.012216][T11733] kobject: kobject_add_internal failed for 1-0:1.0 (error: -12 parent: usb1) [ 572.021980][T11733] usb usb1: device_add(1-0:1.0) --> -12 [ 573.387994][T11848] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1265'. [ 573.455507][T11848] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1265'. [ 573.778424][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.786265][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 577.970284][T11915] can: request_module (can-proto-5) failed. [ 578.730840][T11918] Process accounting resumed [ 578.855856][T11935] random: crng reseeded on system resumption [ 579.871560][T11957] misc userio: Invalid payload size [ 588.719535][T12048] vhci_hcd vhci_hcd.3: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 588.831406][T12050] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 589.048391][T12050] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 590.892316][T12073] netlink: 330 bytes leftover after parsing attributes in process `syz.6.1308'. [ 596.818089][T12180] nfs: Unknown parameter 'm?LH>「^eko}* ' [ 599.015796][T12213] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 599.926770][ T30] audit: type=1800 audit(2147483668.410:20): pid=12230 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1342" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 600.782311][T12237] Process accounting paused [ 601.502356][T12249] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1345'. [ 607.752567][T12345] netlink: 342 bytes leftover after parsing attributes in process `syz.6.1366'. [ 608.479855][T12351] block nbd7: not configured, cannot reconfigure [ 608.988897][T12334] Process accounting paused [ 610.895449][ T31] INFO: task syz-executor:5828 blocked for more than 143 seconds. [ 610.903409][ T31] Tainted: G L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 610.970590][ T31] Blocked by coredump. [ 611.015026][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 611.093259][ T31] task:syz-executor state:D stack:22520 pid:5828 tgid:5828 ppid:1 task_flags:0x40054c flags:0x00080003 [ 611.165054][ T31] Call Trace: [ 611.168405][ T31] [ 611.205784][ T31] ? __schedule+0xf65/0x5e10 [ 611.238708][ T31] __schedule+0xfe4/0x5e10 [ 611.286813][ T31] ? __lock_acquire+0x4a5/0x2630 [ 611.308342][ T31] ? __pfx___schedule+0x10/0x10 [ 611.344990][ T31] ? find_held_lock+0x2b/0x80 [ 611.349852][ T31] ? schedule+0x2bf/0x390 [ 611.354269][ T31] schedule+0xdd/0x390 [ 611.529925][ T31] schedule_preempt_disabled+0x13/0x30 [ 611.552794][ T31] __mutex_lock+0xc9a/0x1b90 [ 611.648526][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 611.685254][ T31] ? __lock_acquire+0x4a5/0x2630 [ 611.690295][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 611.784111][ T31] ? net_generic+0xea/0x2a0 [ 611.814942][ T31] ? net_generic+0xea/0x2a0 [ 611.819537][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 611.885960][ T31] nfsd_shutdown_threads+0x5b/0xf0 [ 611.891440][ T31] nfsd_umount+0x3b/0x60 [ 611.935065][ T31] deactivate_locked_super+0xc1/0x1b0 [ 611.940514][ T31] deactivate_super+0xe7/0x110 [ 611.974971][ T31] cleanup_mnt+0x21f/0x450 [ 611.979519][ T31] task_work_run+0x150/0x240 [ 611.984239][ T31] ? __pfx_task_work_run+0x10/0x10 [ 612.017785][ T31] do_exit+0x829/0x2a30 [ 612.022032][ T31] ? _raw_read_unlock+0x28/0x50 [ 612.055163][ T31] ? __pfx_do_exit+0x10/0x10 [ 612.065263][ T31] ? do_raw_spin_lock+0x128/0x260 [ 612.070353][ T31] ? find_held_lock+0x2b/0x80 [ 612.106026][ T31] ? get_signal+0x7e0/0x21e0 [ 612.110737][ T31] do_group_exit+0xd5/0x2a0 [ 612.145007][ T31] get_signal+0x1ec7/0x21e0 [ 612.152408][ T31] ? __pfx_child_wait_callback+0x10/0x10 [ 612.177110][ T31] ? __pfx_get_signal+0x10/0x10 [ 612.182040][ T31] arch_do_signal_or_restart+0x91/0x770 [ 612.209063][ T31] ? __fput+0x68a/0xb40 [ 612.213303][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 612.245277][ T31] ? __pfx_fput_close_sync+0x10/0x10 [ 612.262741][ T31] exit_to_user_mode_loop+0x86/0x4b0 [ 612.284989][ T31] ? rcu_is_watching+0x12/0xc0 [ 612.290490][ T31] do_syscall_64+0x4ea/0xf80 [ 612.315025][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 612.321062][ T31] RIP: 0033:0x7f5600d5b78e [ 612.354180][ T31] RSP: 002b:00007ffef55cc5b8 EFLAGS: 00000246 ORIG_RAX: 000000000000003d [ 612.380697][ T31] RAX: fffffffffffffe00 RBX: 00005555794c3500 RCX: 00007f5600d5b78e [ 612.409083][ T31] RDX: 0000000040000000 RSI: 00007ffef55cc65c RDI: ffffffffffffffff [ 612.445699][ T31] RBP: 00007ffef55cc65c R08: 0000000000000000 R09: 0000000000000000 [ 612.467844][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000000000ea [ 612.492562][ T31] R13: 00005555794d69f0 R14: 000000000006c4b6 R15: 00007ffef55cc6b0 [ 612.525154][ T31] [ 612.532500][ T31] [ 612.532500][ T31] Showing all locks held in the system: [ 612.569936][ T31] 1 lock held by pool_workqueue_/3: [ 612.594963][ T31] #0: ffffffff8e5ef8f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 612.689645][ T31] 1 lock held by khungtaskd/31: [ 612.694587][ T31] #0: ffffffff8e5e3120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 612.765729][ T31] 2 locks held by getty/5581: [ 612.770506][ T31] #0: ffff8880310fa0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 612.835042][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 612.914994][ T31] 2 locks held by syz-executor/5828: [ 612.920342][ T31] #0: ffff88802ee8c0e0 (&type->s_umount_key#51){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 612.979408][ T31] #1: ffffffff8ea472a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 613.024976][ T31] 3 locks held by kworker/0:3/5830: [ 613.030266][ T31] #0: ffff88813fe15948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 613.104983][ T31] #1: ffffc900040efc98 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 613.114840][ T31] #2: ffffffff8e5ef8f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 613.205001][ T31] 2 locks held by syz.3.762/9346: [ 613.210130][ T31] #0: ffffffff904a2690 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 613.255054][ T31] #1: ffffffff8ea472a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0 [ 613.314995][ T31] 1 lock held by syz.2.799/9521: [ 613.320002][ T31] 4 locks held by kworker/u10:26/10546: [ 613.353611][ T31] #0: ffff88801c29f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 613.385174][ T31] #1: ffffc90002fc7c98 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 613.435006][ T31] #2: ffffffff903dcef0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xab/0x830 [ 613.444445][ T31] #3: ffffffff903f5828 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0x90/0xc60 [ 613.480731][ T31] 1 lock held by syz.5.1348/12263: [ 613.494976][ T31] #0: ffffffff903f5828 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 613.504035][ T31] 2 locks held by syz.6.1374/12380: [ 613.525384][ T31] #0: ffffffff903dcef0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 613.545148][ T31] #1: ffffffff903f5828 (rtnl_mutex){+.+.}-{4:4}, at: ip_tunnel_init_net+0x21e/0x780 [ 613.554702][ T31] 2 locks held by syz.4.1376/12383: [ 613.580467][ T31] #0: ffff88807d41a6f0 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0x150/0x990 [ 613.605170][ T31] #1: ffffffff903f5828 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x18f/0x1f0 [ 613.614178][ T31] 1 lock held by syz.4.1376/12386: [ 613.635441][ T31] #0: ffffffff903f5828 (rtnl_mutex){+.+.}-{4:4}, at: dev_ioctl+0x331/0x1070 [ 613.644405][ T31] 2 locks held by syz.4.1376/12394: [ 613.665380][ T31] #0: ffff88807d41f6f0 (nlk_cb_mutex-ROUTE){+.+.}-{4:4}, at: __netlink_dump_start+0x150/0x990 [ 613.697805][ T31] #1: ffffffff903f5828 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dumpit+0x18f/0x1f0 [ 613.749435][ T31] [ 613.751837][ T31] ============================================= [ 613.751837][ T31] [ 613.815269][ T31] NMI backtrace for cpu 0 [ 613.815296][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 613.815335][ T31] Tainted: [L]=SOFTLOCKUP [ 613.815342][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 613.815357][ T31] Call Trace: [ 613.815364][ T31] [ 613.815373][ T31] dump_stack_lvl+0x100/0x190 [ 613.815405][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 613.815437][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 613.815477][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 613.815517][ T31] sys_info+0x141/0x190 [ 613.815548][ T31] watchdog+0xcc3/0xfe0 [ 613.815580][ T31] ? __pfx_watchdog+0x10/0x10 [ 613.815605][ T31] ? __kthread_parkme+0x18c/0x230 [ 613.815634][ T31] ? __pfx_watchdog+0x10/0x10 [ 613.815660][ T31] ? __pfx_watchdog+0x10/0x10 [ 613.815682][ T31] kthread+0x3b3/0x730 [ 613.815716][ T31] ? __pfx_kthread+0x10/0x10 [ 613.815747][ T31] ? ret_from_fork+0x79/0xaf0 [ 613.815768][ T31] ? ret_from_fork+0x79/0xaf0 [ 613.815789][ T31] ? rcu_is_watching+0x12/0xc0 [ 613.815812][ T31] ? __pfx_kthread+0x10/0x10 [ 613.815845][ T31] ret_from_fork+0x754/0xaf0 [ 613.815867][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 613.815892][ T31] ? __switch_to+0x7b9/0x10c0 [ 613.815921][ T31] ? __pfx_kthread+0x10/0x10 [ 613.815955][ T31] ret_from_fork_asm+0x1a/0x30 [ 613.816003][ T31] [ 614.365277][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 614.372203][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 614.382953][ T31] Tainted: [L]=SOFTLOCKUP [ 614.387350][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 614.397443][ T31] Call Trace: [ 614.400739][ T31] [ 614.403738][ T31] dump_stack_lvl+0x100/0x190 [ 614.408452][ T31] vpanic+0x20d/0x630 [ 614.412468][ T31] panic+0xd1/0xd1 [ 614.416218][ T31] ? __pfx_panic+0x10/0x10 [ 614.420656][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 614.426841][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 614.433027][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 614.439236][ T31] ? watchdog.cold+0x198/0x1ca [ 614.444028][ T31] ? watchdog+0xcd3/0xfe0 [ 614.448397][ T31] watchdog.cold+0x1a9/0x1ca [ 614.453233][ T31] ? __pfx_watchdog+0x10/0x10 [ 614.457962][ T31] ? __kthread_parkme+0x18c/0x230 [ 614.463015][ T31] ? __pfx_watchdog+0x10/0x10 [ 614.467715][ T31] ? __pfx_watchdog+0x10/0x10 [ 614.472579][ T31] kthread+0x3b3/0x730 [ 614.476675][ T31] ? __pfx_kthread+0x10/0x10 [ 614.481291][ T31] ? ret_from_fork+0x79/0xaf0 [ 614.485997][ T31] ? ret_from_fork+0x79/0xaf0 [ 614.490780][ T31] ? rcu_is_watching+0x12/0xc0 [ 614.495563][ T31] ? __pfx_kthread+0x10/0x10 [ 614.500180][ T31] ret_from_fork+0x754/0xaf0 [ 614.504895][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 614.510028][ T31] ? __switch_to+0x7b9/0x10c0 [ 614.514728][ T31] ? __pfx_kthread+0x10/0x10 [ 614.519348][ T31] ret_from_fork_asm+0x1a/0x30 [ 614.524163][ T31] [ 614.527270][ T31] Kernel Offset: disabled [ 614.531620][ T31] Rebooting in 86400 seconds..