last executing test programs: 6m57.106638908s ago: executing program 0 (id=4654): mmap$auto(0x0, 0x400008, 0x6, 0x9b72, 0xffffffffffffffff, 0x400000000008000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x9, 0x2, 0xb, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptya7\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x1) ioctl$auto_TCFLSH2(r0, 0x40087101, 0x0) 6m56.500984178s ago: executing program 0 (id=4661): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0x80000000000000a, 0x2, 0x0) r0 = socket(0xa, 0x801, 0x84) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x71, 0x0, 0x0) 6m56.152167456s ago: executing program 0 (id=4665): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x23, 0x2, 0x10000000000002) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0xffff7fff, 0x4, 0x80000001, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 6m55.799326243s ago: executing program 0 (id=4667): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 6m55.217868332s ago: executing program 0 (id=4673): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = memfd_create$auto(0x0, 0x4) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x3, 0x3a) statx$auto(r0, 0x0, 0x1000, 0xbdfc, 0x0) setsockopt$auto(r1, 0x29, 0x14, 0x0, 0x56b) setsockopt$auto(r1, 0x29, 0x15, 0x0, 0x52b) 6m54.754920726s ago: executing program 0 (id=4678): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/oom_adj\x00', 0x8402, 0x0) read$auto(r0, 0x0, 0x10) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) lsm_get_self_attr$auto(0x1ff, 0x0, 0x0, 0x6) open_by_handle_at$auto(r2, &(0x7f0000000040)={0x1, 0x2, '\v'}, 0x2) 6m54.320999099s ago: executing program 32 (id=4678): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/oom_adj\x00', 0x8402, 0x0) read$auto(r0, 0x0, 0x10) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = open(&(0x7f00000000c0)='./cgroup\x00', 0x80400, 0xb5d1af1605322dd2) lsm_get_self_attr$auto(0x1ff, 0x0, 0x0, 0x6) open_by_handle_at$auto(r2, &(0x7f0000000040)={0x1, 0x2, '\v'}, 0x2) 3m39.819389562s ago: executing program 2 (id=6196): r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x6041, 0x0) socket(0x2000000000000021, 0x2, 0x10000000000002) r1 = socket(0x10, 0x3, 0xa) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond_slave_0\x00', 0x0}) bpf$auto(0x7, &(0x7f0000000000)=@query={@target_ifindex=r2, 0x0, 0xc6c3, 0xa24, 0x8000010002, @count=0x42, 0x0, 0x9, 0x9, 0x0, 0x3}, 0xa3) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={0x0, 0x49}, 0x4, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) 3m39.565828968s ago: executing program 2 (id=6200): sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000040)={0x28, 0x0, 0x4, 0x70bd2b, 0x25dfdbff, {}, [@ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x278e18a297a8387c}, 0x24000802) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x5, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fddbdf250300000004000800040003374b0008"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m39.276357709s ago: executing program 2 (id=6204): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmmsg$auto(r0, 0x0, 0x7, 0x4008) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/oom_adj\x00', 0x980, 0x0) read$auto(r1, 0x0, 0x4) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) unshare$auto(0x6c000000) 3m38.614775058s ago: executing program 2 (id=6210): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_GTP_CMD_GETPDP(0xffffffffffffffff, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2c, 0x0, 0x1, 0x70bd2c, 0x25dfdbfe, {}, [@GTPA_LINK={0x8, 0x1, 0x3ff}, @GTPA_VERSION={0x8, 0x2, 0x8}, @GTPA_FAMILY={0x5, 0xd, 0xe5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x24040814) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a00000808000300000000000800010000000000080002"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c51d50e", @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 3m38.1884443s ago: executing program 2 (id=6211): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x5, 0x0) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter\x00', 0x40001, 0x0) open(&(0x7f0000000040)='./file1\x00', 0x165840, 0x151) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(r0, &(0x7f00000001c0)={{0x0, 0x1aa, 0x0, 0x6, 0x0, 0x0, 0x1002}, 0x5}, 0x2, 0x100) bpf$auto(0xf7fff011, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x4, 0xfaae, 0x468, 0x9, 0x2, 0x8, 0x3, 0x4, 0x1ff, 0x5, 0xb5, 0x4, 0x806, 0xd9ee}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x200) 3m38.061561311s ago: executing program 2 (id=6212): unshare$auto(0x40000080) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) listen$auto(0x3, 0x81) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x24048004) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x82000, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x4) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x1c}}, 0x4000) 3m22.679885179s ago: executing program 33 (id=6212): unshare$auto(0x40000080) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) listen$auto(0x3, 0x81) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x24048004) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x82000, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x4) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0x1c}}, 0x4000) 2m48.891725054s ago: executing program 3 (id=6492): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb3/threaded\x00', 0x8a801, 0x0) write$auto(r0, &(0x7f0000000000)='0\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x95, 0x4000000000e3, 0x40eb2, 0xffffffffffffffff, 0x300000000000) capget$auto(0x0, 0xfffffffffffffffe) clone3$auto(&(0x7f0000000400)={0x100008000, 0x980, 0x4, 0x6, 0x0, 0x2, 0x1, 0x8, 0x1, 0x0, 0x3}, 0x40) r2 = socket(0xa, 0x801, 0x84) getsockopt$auto(r2, 0x84, 0x83, 0x0, 0x0) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 2m47.362780026s ago: executing program 3 (id=6498): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) ioctl$auto_XFS_IOC_GETPARENTS_BY_HANDLE(0xffffffffffffffff, 0xc040583f, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x400000eb1, 0xffffffffffffffff, 0x8000) socket(0x23, 0x3, 0x300) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000400)={{0x0, 0x5aa, 0x0, 0x1, 0x0, 0x5, 0x3}, 0x5}, 0x2, 0x100) r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) readv$auto(r0, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) futex$auto(0x0, 0x81, 0x1ffb, 0x0, 0x0, 0xa2) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x5, 0x0) ustat$auto(0x7fd, 0x0) 2m46.30948135s ago: executing program 3 (id=6501): openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x48180, 0x0) fcntl$auto(0x3, 0x4, 0xa553) mmap$auto(0x0, 0x83, 0xe2, 0xeb1, 0x405, 0x8000) setsockopt$auto(0x3, 0x11b, 0x2, 0xffffffffffffffff, 0x9) semctl$auto(0x7, 0x2, 0x13, 0x1) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x560a, 0x7) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, 0x0, 0x2000, 0x0) userfaultfd$auto(0x4) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/kvm/halt_poll_fail_hist\x00', 0xa2500, 0x0) close_range$auto(0x2, 0xa, 0x0) 2m45.719699482s ago: executing program 3 (id=6503): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x7) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, 0x0, 0x5) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) write$auto(0x3, 0x0, 0xfffffdef) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) syz_genetlink_get_family_id$auto_802_15_4_mac(0x0, r3) ioctl$auto_NS_GET_PARENT(r3, 0xb702, 0x0) 2m42.983982939s ago: executing program 3 (id=6515): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) open(&(0x7f0000000100)='./file0\x00', 0x201c2, 0x10e) getcwd$auto(0x0, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0xe6e) rename$auto(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./file1\x00') 2m42.416701336s ago: executing program 3 (id=6518): mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) io_uring_setup$auto(0x401, 0x0) read$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) lseek$auto(0x3, 0xffffffffff800002, 0xe) write$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x9, 0x3, 0x0, 0x6, 0x100000001) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) umount2$auto(&(0x7f0000000000)='.\x00', 0x4) umount2$auto(&(0x7f0000000040)='.\x00', 0xc) 2m27.281940545s ago: executing program 34 (id=6518): mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) io_uring_setup$auto(0x401, 0x0) read$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) lseek$auto(0x3, 0xffffffffff800002, 0xe) write$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x9, 0x3, 0x0, 0x6, 0x100000001) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) umount2$auto(&(0x7f0000000000)='.\x00', 0x4) umount2$auto(&(0x7f0000000040)='.\x00', 0xc) 1m51.859199425s ago: executing program 5 (id=6741): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x100000000000027, 0x0) fsopen$auto(0x0, 0x1) socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x0, 0x8, 0xa, 0x3, 0x81, 0xffffffff, 0x2000000000000002, 0x0, 0x9, 0x1, 0x2, 0x80000001, 0xb0, 0x9, 0x20000800001, 0xffffffff, 0x5, 0x7, 0x6, 0x7, 0x0, 0xffffffee, 0x2a17}, 0x8, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0xc090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4044810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0xffffffff, 0x0) 1m51.300974318s ago: executing program 5 (id=6742): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_enter$auto(0x3, 0x1, 0x82400001, 0xb, 0x0, 0xd) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xffffffff}, 0x6, 0x0) io_uring_enter$auto(0x3, 0x5, 0xffffffff, 0x3, 0x0, 0x2) 1m50.752233447s ago: executing program 5 (id=6745): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty51\x00', 0x40001, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x5, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) socket(0x2, 0x1, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0xc, 0x0, 0x0) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) ioctl$auto_I2C_SMBUS(r1, 0x720, 0x0) 1m50.312756265s ago: executing program 5 (id=6747): epoll_create$auto(0x4) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/video48\x00', 0x18a041, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r0 = socket(0x2, 0x80802, 0x0) setsockopt$auto(r0, 0x11, 0x67, 0x0, 0x8) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f0000000100)={0x0, 0xa}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m50.005595279s ago: executing program 5 (id=6749): open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) mkdir$auto(&(0x7f0000000080)='}[,&*}\x00', 0x8001) socket(0xa, 0x2, 0x0) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06', &(0x7f0000000140)='nfsd\x00', 0x10000, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') setresuid$auto(0x2, 0x7, 0x8080) open(&(0x7f0000000100)='.\x00', 0x0, 0x1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) 1m49.641399795s ago: executing program 5 (id=6751): mmap$auto(0x0, 0x10008, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0xa, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_udc.5/udc/dummy_udc.5/srp\x00', 0x60301, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) close_range$auto(0x2, 0x8, 0x0) 1m34.532757347s ago: executing program 35 (id=6751): mmap$auto(0x0, 0x10008, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0xa, 0x0) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_udc.5/udc/dummy_udc.5/srp\x00', 0x60301, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) close_range$auto(0x2, 0x8, 0x0) 6.887339658s ago: executing program 1 (id=7162): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = socket(0xa, 0x3, 0x3a) close$auto(r1) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r1, 0x8, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r2 = open(0x0, 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) 5.962366762s ago: executing program 7 (id=7169): unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r0 = clone3$auto(&(0x7f0000000040)={0x43, 0x4, 0xa5e7, 0x10000, 0x1, 0x8000000000000000, 0x10, 0x5, 0xf, 0x1ff, 0x5185}, 0x1) r1 = prctl$auto(0x3e, 0x1, r0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r1, &(0x7f00000000c0)='\xafEevOhudio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa6tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) unshare$auto(0x40000080) close_range$auto(r1, 0xfffffffffffff000, 0x2) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r2, 0x4b72, r3) 4.691395381s ago: executing program 7 (id=7173): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mprotect$auto(0x0, 0x806121, 0x8) mmap$auto(0x0, 0x20009, 0x10000008000df, 0xeb1, 0x401, 0x8000) socket(0xa, 0x801, 0x84) open(0x0, 0x0, 0x408) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) read$auto(r0, 0x0, 0x9a28) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r1, 0x0, 0x3) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x83, 0x0, 0x8) 3.711306451s ago: executing program 7 (id=7175): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80000, 0x0) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000580)='\x04>\x01\x01\x00\x00\x00\x00\x01T\x9eQ\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc7\xa1\x90s\x1d\xfe\x04\b\xacO\x99\x96\xbdf\x05z4~I<@B\x1d]\xbabB\xdc\xff\x03\x00\x00\x00\x00\x00\x00\xa5\xd86\x14\xe5\xfa\x88XCu\x17\xd0\xc58\xa9\xcc\x03I\xff\x13]\xe0\x10\x83hN\x04\xaf\xa8\xfe;$\x81\xb5\'?\xbc\x82\xf6-\xe0\x97\xbe\xba(\xf3\xf4h\x85\xfb\x97\xcd\xb9JS\xf3a\x01\xca\xdb\xb6\xf5\x96\x04\x00\x00\x00\x00\x00\x00\x92\xfc\xe4\xd7\xf4\xaeU\xae\x1aB\xee\xfeTL\xfa\x17Y\xacz\xda\xd4\x9d\xecX@\x1e\x1e\xd2\xc1^\x1d\x80\x10\xca=F\xeb(\x16\xa0B\x1e\xfb\xaa\x87RVdVc:\xb0\x9e\x05\x10\xe1YLP\xe0\xa0\x1d\x8b\x13U\x16\xd9\xde\x8d\xd61\xaef\x9aZ\xecyb\xa4<\x11K\x8dG*\xbb\x06\xb7\x80\xe4\xf8eS\xf4\xd0\x96\x7f\xeaK\xff}O:\x15x\x11\xc1\v\xffW\xeb\xf6\x7f\xd6\xcc\xc8\x99\x92\x8b\x9cg\xf7#\xc8\x0e\x98\xe4\x83\xd0;?\x00\x00\x00\x00\x00\xca_\x05\")7\xdb\xff];oI,\\Y\xd6eL\x90\rb\xe5\xf4\x116O\xd1\x92C\n\x14\xac\x95\xf4m\x92\xb2\xe0\x89O\fdO\x86\x96r\xaa\xcf,\x90\xb0\xcds\x85\xbc\xbc)(\xaa_\x0f\xa6\x8e\x17\x88\xb0\x1c\x15\xbc)\xcc\xcb\xf6\x91\x11\xa9\xe7\xc9 H\xcel\xe9\xcdm/H\x83gJ%I\xd1 q\x92f\xd8f\xa8\x1b\xd7\x1c\x8aMeP\xc1\xfb\xfd\x85\x86\xc4r\xe4!\x06?\x12\xb0:\x88\\)d+\xfa`.\x8e\x8e\x1b\xba1\x13\x10\xd9n\xea0\x11\xc1l\xb10K\r\x13C#tj', 0x7) sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, 0x0, 0x20000004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r1, 0x0, 0x4000) socket$nl_generic(0x10, 0x3, 0x10) 3.710883769s ago: executing program 6 (id=7176): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x50000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x0, 0x100000000, 0x7) cachestat$auto(r0, 0x0, 0x0, 0x5e43d222) landlock_restrict_self$auto(0xffffffffffffffff, 0x4) openat$auto_event_inject_fops_trace(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r1) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x82c00, 0x0) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x0, 0x10, 0x7f5) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) 3.710525046s ago: executing program 1 (id=7177): openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x101040, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0c\x00', 0x40002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyq0\x00', 0x8000, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, &(0x7f0000000080)={0xdc}) 3.290546613s ago: executing program 1 (id=7178): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80302, 0x0) preadv$auto(0x3, 0x0, 0x3, 0xf8, 0xffffffffffffffff) mknodat$auto(0xffffffffffffffff, &(0x7f00000003c0)='./file0\x00', 0xfff, 0xfffffff8) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b4b", 0xfdef) 3.290451609s ago: executing program 6 (id=7179): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x25, 0x801, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/platform/usbip-vudc.0/usbip_sockfd\x00', 0x103841, 0x0) openat$auto_buffer_percent_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/buffer_percent\x00', 0x1, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/transparent_hugepage/khugepaged/max_ptes_none\x00', 0x183042, 0x0) read$auto(r1, 0x0, 0x9) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x3) 3.279861841s ago: executing program 4 (id=7186): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x1, 0x106) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001fc, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x0, 0x6, 0x3, 0x62, 0x5, 0x5, 0x6d3f, 0x7, 0x6, 0x6]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x4, 0x3, 0x3, 0x3, 0x3, 0x3, 0x8000000000000000, 0x2, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) 3.098845593s ago: executing program 4 (id=7180): r0 = socket(0x2b, 0x1, 0x2) bind$auto(0x3, 0x0, 0x6a) sendmmsg$auto(r0, 0x0, 0x5, 0x20000000) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020409, 0xa, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = socket(0x2, 0x1, 0x106) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/all/addr_gen_mode\x00', 0xa0202, 0x0) connect$auto(r1, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0xc}}, 0x54) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x894b, 0x38) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 2.783951834s ago: executing program 7 (id=7181): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D3\x00', 0x20c00, 0x0) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82040, 0x0) socket(0xa, 0x1, 0x100) modify_ldt$auto(0x1, 0x0, 0x10) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) wait4$auto(0x80000000, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/loop10/queue/add_random\x00', 0x80302, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) clock_gettime$auto(0xfffffffffffffff0, 0x0) 2.783405719s ago: executing program 6 (id=7182): unlink$auto(0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) kexec_load$auto(0x2, 0x2, 0x0, 0x80000005) 2.49246397s ago: executing program 7 (id=7183): socket(0x1f, 0x6, 0xffffffff) bind$auto(0x3, 0x0, 0x6a) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x8c00, 0x0) unshare$auto(0x40000080) exit$auto(0x7) mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0x7, 0x0) io_uring_setup$auto(0x59, 0x0) syz_clone(0x0, 0x0, 0xfffffffffffffd55, 0x0, 0x0, 0x0) 2.292542537s ago: executing program 1 (id=7184): mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0xe6e) lchown$auto(0x0, 0xee01, 0xee00) readv$auto(0x4, &(0x7f0000000100)={0x0, 0x1000}, 0x8) setsockopt$auto(0x3, 0x10000000084, 0x17, 0x0, 0x3ff) 2.094301125s ago: executing program 1 (id=7185): openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x0, 0x0) r0 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x189160, 0x0) mmap$auto(0x0, 0x2000a, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, 0x0, 0x103001, 0x0) ioctl$auto_I2C_RDWR(r1, 0x707, 0x0) openat$auto_set_tracer_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/current_tracer\x00', 0x0, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0x8, 0x5) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r2) sendmsg$auto_ETHTOOL_MSG_MODULE_SET(r2, 0x0, 0xc810) fsconfig$auto_SHMEM_HUGE_WITHIN_SIZE(r2, 0x5, 0x0, 0x0, 0x2) ioctl$auto_BINDER_ENABLE_ONEWAY_SPAM_DETECTION(r0, 0x40046210, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) 1.817247431s ago: executing program 4 (id=7187): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x50000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x0, 0x100000000, 0x7) cachestat$auto(r0, 0x0, 0x0, 0x5e43d222) landlock_restrict_self$auto(0xffffffffffffffff, 0x4) openat$auto_event_inject_fops_trace(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r1) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000000), 0x82c00, 0x0) close_range$auto(0x2, 0x8, 0x0) shmget$auto(0x0, 0x10, 0x7f5) shmctl$auto(0x0, 0x0, 0xfffffffffffffffd) 1.686155419s ago: executing program 6 (id=7188): openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000080), 0x101040, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/pcmC0D0c\x00', 0x40002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptyq0\x00', 0x8000, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, &(0x7f0000000080)={0xdc}) 1.534923079s ago: executing program 4 (id=7189): timer_create$auto_CLOCK_MONOTONIC(0x1, &(0x7f00000002c0)={@sival_ptr=0x0, @inferred, 0xe9, @_sigev_thread={0x0, &(0x7f0000000240)="1bb11e619ea52fa171abe96b01811f84a9ecf9181717293016a828df3ad84f8b52"}}, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_secret$auto(0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0x5000aea5, 0x20) 1.335135148s ago: executing program 6 (id=7190): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) ioctl$auto(r0, 0x4004550c, r0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mlock$auto(0xfbea, 0x7fffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) madvise$auto(0x0, 0x22, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x2003f0, 0x11) madvise$auto(0x1, 0x1000, 0x10000) personality$auto(0xfffffffc) 1.097017454s ago: executing program 1 (id=7191): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x1, 0x106) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000001c0)) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r1, 0x5001, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001fc, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x0, 0x6, 0x3, 0x62, 0x5, 0x5, 0x6d3f, 0x7, 0x6, 0x6]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x4, 0x3, 0x3, 0x3, 0x3, 0x3, 0x8000000000000000, 0x2, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) 1.096392182s ago: executing program 4 (id=7192): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80000, 0x0) unshare$auto(0x40000080) write$auto(0xca, &(0x7f0000000580)='\x04>\x01\x01\x00\x00\x00\x00\x01T\x9eQ\xcc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc7\xa1\x90s\x1d\xfe\x04\b\xacO\x99\x96\xbdf\x05z4~I<@B\x1d]\xbabB\xdc\xff\x03\x00\x00\x00\x00\x00\x00\xa5\xd86\x14\xe5\xfa\x88XCu\x17\xd0\xc58\xa9\xcc\x03I\xff\x13]\xe0\x10\x83hN\x04\xaf\xa8\xfe;$\x81\xb5\'?\xbc\x82\xf6-\xe0\x97\xbe\xba(\xf3\xf4h\x85\xfb\x97\xcd\xb9JS\xf3a\x01\xca\xdb\xb6\xf5\x96\x04\x00\x00\x00\x00\x00\x00\x92\xfc\xe4\xd7\xf4\xaeU\xae\x1aB\xee\xfeTL\xfa\x17Y\xacz\xda\xd4\x9d\xecX@\x1e\x1e\xd2\xc1^\x1d\x80\x10\xca=F\xeb(\x16\xa0B\x1e\xfb\xaa\x87RVdVc:\xb0\x9e\x05\x10\xe1YLP\xe0\xa0\x1d\x8b\x13U\x16\xd9\xde\x8d\xd61\xaef\x9aZ\xecyb\xa4<\x11K\x8dG*\xbb\x06\xb7\x80\xe4\xf8eS\xf4\xd0\x96\x7f\xeaK\xff}O:\x15x\x11\xc1\v\xffW\xeb\xf6\x7f\xd6\xcc\xc8\x99\x92\x8b\x9cg\xf7#\xc8\x0e\x98\xe4\x83\xd0;?\x00\x00\x00\x00\x00\xca_\x05\")7\xdb\xff];oI,\\Y\xd6eL\x90\rb\xe5\xf4\x116O\xd1\x92C\n\x14\xac\x95\xf4m\x92\xb2\xe0\x89O\fdO\x86\x96r\xaa\xcf,\x90\xb0\xcds\x85\xbc\xbc)(\xaa_\x0f\xa6\x8e\x17\x88\xb0\x1c\x15\xbc)\xcc\xcb\xf6\x91\x11\xa9\xe7\xc9 H\xcel\xe9\xcdm/H\x83gJ%I\xd1 q\x92f\xd8f\xa8\x1b\xd7\x1c\x8aMeP\xc1\xfb\xfd\x85\x86\xc4r\xe4!\x06?\x12\xb0:\x88\\)d+\xfa`.\x8e\x8e\x1b\xba1\x13\x10\xd9n\xea0\x11\xc1l\xb10K\r\x13C#tj', 0x7) sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, 0x0, 0x20000004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_ct_limit(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(r1, 0x0, 0x4000) socket$nl_generic(0x10, 0x3, 0x10) 378.346302ms ago: executing program 7 (id=7193): read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000040)=""/4096, 0x1000) socket(0xa, 0x3, 0x3a) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900), 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x0) getsockopt$auto_SO_INCOMING_NAPI_ID(0xffffffffffffffff, 0xa, 0x38, 0x0, &(0x7f0000001980)=0x3000000) connect$auto(0x3, 0x0, 0x58) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, 0x0, 0x800) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) setrlimit$auto(0xb, 0x0) gettid() bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0xae30, 0x8, 0xfff, 0xffffffffffffffff, 0x4, 0x7ff}, 0x6f4) 9.767298ms ago: executing program 6 (id=7194): statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xb5f0, 0x7352, 0x36, 0x65f, 0x80000001, 0x7, 0x3, 0x2, 0x7, 0x7, 0x0, 0x4, 0xb4, 0x3, 0x9, 0x10003, 0x80, 0x8, 0x0, 0x7, 0x2000, 0x3, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, [0xc, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x1fe, 0x5) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x801, 0x84) r0 = socket(0x2, 0x3, 0x1) connect$auto(r0, &(0x7f0000000040)=@hci={0x1f, 0x4, 0x4}, 0x2) connect$auto(0x3, &(0x7f0000000140)=@in={0x2, 0x7, @local}, 0x55) capget$auto(0x0, 0xfffffffffffffffe) setsockopt$auto(0x3, 0x10000000084, 0x1e, 0x0, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="1100"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x1f, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 0s ago: executing program 4 (id=7202): socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, 0x0, 0x6e) socketpair$auto(0xfffffffe, 0x1, 0x8000000000000000, 0x0) ioctl$auto(0xffffffffffffffff, 0x89a0, 0x4) mmap$auto(0x0, 0x100, 0x4000000000df, 0x80000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xf03, 0x5, 0x2e, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyt2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) socketpair$auto(0x5b, 0x2, 0x420000, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) kernel console output (not intermixed with test programs): 13429][T20745] netlink: 146 bytes leftover after parsing attributes in process `syz.2.5289'. [ 707.294391][T20747] ERROR: Out of memory at tomoyo_memory_ok. [ 707.469347][T20753] input: f¬ as /devices/virtual/input/input18 [ 707.500834][ T5182] ERROR: Out of memory at tomoyo_memory_ok. [ 707.964318][T20766] ERROR: Out of memory at tomoyo_memory_ok. [ 708.858008][T20785] sd 0:0:1:0: device reset [ 709.472317][T20793] netlink: 'syz.3.5308': attribute type 33 has an invalid length. [ 709.513904][T20793] netlink: 322 bytes leftover after parsing attributes in process `syz.3.5308'. [ 709.724948][T20794] random: crng reseeded on system resumption [ 709.732106][T20798] ERROR: Out of memory at tomoyo_memory_ok. [ 710.810267][T20813] zswap: compressor not available [ 711.962195][T20838] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5319'. [ 712.892603][T20860] netlink: 16 bytes leftover after parsing attributes in process `syz.3.5330'. [ 713.027340][T20865] netlink: 354 bytes leftover after parsing attributes in process `syz.2.5333'. [ 715.002261][T20926] size and base must be multiples of 4 kiB [ 715.028759][T20926] CPU: 0 UID: 0 PID: 20926 Comm: syz.1.5359 Tainted: G L syzkaller #0 PREEMPT(full) [ 715.028789][T20926] Tainted: [L]=SOFTLOCKUP [ 715.028795][T20926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 715.028805][T20926] Call Trace: [ 715.028811][T20926] [ 715.028818][T20926] dump_stack_lvl+0x100/0x190 [ 715.028842][T20926] mtrr_add.cold+0x74/0x87 [ 715.028860][T20926] mtrr_ioctl+0x25a/0xcf0 [ 715.028890][T20926] ? __pfx_mtrr_ioctl+0x10/0x10 [ 715.028928][T20926] ? __pfx_mtrr_ioctl+0x10/0x10 [ 715.028951][T20926] proc_reg_unlocked_ioctl+0x229/0x320 [ 715.028973][T20926] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 715.028997][T20926] __x64_sys_ioctl+0x18e/0x210 [ 715.029159][T20926] do_syscall_64+0xc9/0xf80 [ 715.029184][T20926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 715.029203][T20926] RIP: 0033:0x7ffaca19aeb9 [ 715.029222][T20926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 715.029239][T20926] RSP: 002b:00007ffacb024028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 715.029256][T20926] RAX: ffffffffffffffda RBX: 00007ffaca415fa0 RCX: 00007ffaca19aeb9 [ 715.029268][T20926] RDX: 0000000000000003 RSI: 00000000400c4d01 RDI: 0000000000000003 [ 715.029279][T20926] RBP: 00007ffaca208c1f R08: 0000000000000000 R09: 0000000000000000 [ 715.029290][T20926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 715.029302][T20926] R13: 00007ffaca416038 R14: 00007ffaca415fa0 R15: 00007fff715a1d18 [ 715.029323][T20926] [ 715.913120][T20940] ERROR: Out of memory at tomoyo_memory_ok. [ 716.190604][T20945] netlink: 'syz.2.5366': attribute type 10 has an invalid length. [ 716.230818][T20945] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5366'. [ 717.140534][T20935] kexec: Could not allocate control_code_buffer [ 717.273741][T20970] binder: 20969:20970 ioctl 40046210 0 returned -14 [ 717.374285][ T30] audit: type=1800 audit(1770341743.896:23): pid=20976 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.5378" name="features" dev="configfs" ino=75886 res=0 errno=0 [ 717.778850][T20985] ERROR: Out of memory at tomoyo_memory_ok. [ 718.040332][T20991] ERROR: Out of memory at tomoyo_memory_ok. [ 718.670523][T21014] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5390'. [ 718.958002][T21017] zswap: compressor not available [ 719.232713][T21026] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5395'. [ 719.426393][T21030] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5397'. [ 719.512616][T21030] netlink: 13 bytes leftover after parsing attributes in process `syz.3.5397'. [ 719.562967][T21034] netlink: 338 bytes leftover after parsing attributes in process `syz.2.5399'. [ 719.722322][T21039] FAULT_INJECTION: forcing a failure. [ 719.722322][T21039] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 719.947374][T21039] CPU: 0 UID: 0 PID: 21039 Comm: syz.4.5398 Tainted: G L syzkaller #0 PREEMPT(full) [ 719.947408][T21039] Tainted: [L]=SOFTLOCKUP [ 719.947415][T21039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 719.947426][T21039] Call Trace: [ 719.947433][T21039] [ 719.947441][T21039] dump_stack_lvl+0x100/0x190 [ 719.947469][T21039] should_fail_ex.cold+0x5/0xa [ 719.947538][T21039] _copy_to_iter+0x5a4/0x1720 [ 719.947569][T21039] ? __pfx__copy_to_iter+0x10/0x10 [ 719.947594][T21039] ? folio_mark_accessed+0xf3/0x1040 [ 719.947618][T21039] ? __pfx_filemap_get_pages+0x10/0x10 [ 719.947639][T21039] ? __pfx_folio_mark_accessed+0x10/0x10 [ 719.947665][T21039] copy_page_to_iter+0x12a/0x1e0 [ 719.947689][T21039] filemap_read+0x7a9/0x10a0 [ 719.947719][T21039] ? __pfx_filemap_read+0x10/0x10 [ 719.947759][T21039] ? __pfx_down_read+0x10/0x10 [ 719.947780][T21039] ? __pfx_aa_file_perm+0x10/0x10 [ 719.947796][T21039] ? futex_unqueue+0x133/0x2c0 [ 719.947823][T21039] blkdev_read_iter+0x2c4/0x4f0 [ 719.947844][T21039] ? copy_iovec_from_user+0x102/0x140 [ 719.947897][T21039] do_iter_readv_writev+0x60d/0x920 [ 719.947919][T21039] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 719.947936][T21039] ? common_file_perm+0x1ab/0x4f0 [ 719.947964][T21039] ? bpf_lsm_file_permission+0x9/0x10 [ 719.947987][T21039] ? security_file_permission+0x76/0x210 [ 719.948013][T21039] ? rw_verify_area+0xce/0x6d0 [ 719.948029][T21039] vfs_readv+0x4d3/0x8d0 [ 719.948051][T21039] ? __pfx_vfs_readv+0x10/0x10 [ 719.948065][T21039] ? __pfx_futex_wait+0x10/0x10 [ 719.948092][T21039] ? __fget_files+0x21f/0x3d0 [ 719.948114][T21039] ? do_readv+0x13e/0x340 [ 719.948129][T21039] do_readv+0x13e/0x340 [ 719.948145][T21039] ? __pfx_do_readv+0x10/0x10 [ 719.948160][T21039] ? xfd_validate_state+0x129/0x190 [ 719.948188][T21039] __x64_sys_preadv2+0x11f/0x160 [ 719.948215][T21039] do_syscall_64+0xc9/0xf80 [ 719.948243][T21039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 719.948261][T21039] RIP: 0033:0x7f364239aeb9 [ 719.948276][T21039] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 719.948300][T21039] RSP: 002b:00007f36405d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 719.948317][T21039] RAX: ffffffffffffffda RBX: 00007f3642616180 RCX: 00007f364239aeb9 [ 719.948329][T21039] RDX: 0000000000000006 RSI: 0000200000000080 RDI: 0000000000000006 [ 719.948340][T21039] RBP: 00007f3642408c1f R08: 0000000000000004 R09: 000000000000002e [ 719.948352][T21039] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 719.948362][T21039] R13: 00007f3642616218 R14: 00007f3642616180 R15: 00007fff5e3663d8 [ 719.948385][T21039] [ 721.655833][T21059] random: crng reseeded on system resumption [ 721.729298][T21059] RDS: rds_bind could not find a transport for fe80::736d:2f73:7461:626c, load rds_tcp or rds_rdma? [ 722.267526][T21072] FAULT_INJECTION: forcing a failure. [ 722.267526][T21072] name failslab, interval 1, probability 393216, space 0, times 0 [ 722.329230][T21072] CPU: 0 UID: 0 PID: 21072 Comm: syz.4.5412 Tainted: G L syzkaller #0 PREEMPT(full) [ 722.329264][T21072] Tainted: [L]=SOFTLOCKUP [ 722.329271][T21072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 722.329281][T21072] Call Trace: [ 722.329287][T21072] [ 722.329294][T21072] dump_stack_lvl+0x100/0x190 [ 722.329319][T21072] should_fail_ex.cold+0x5/0xa [ 722.329348][T21072] should_failslab+0xc2/0x120 [ 722.329371][T21072] kmem_cache_alloc_noprof+0x83/0x780 [ 722.329391][T21072] ? __kernfs_new_node+0xd2/0x960 [ 722.329415][T21072] ? __kernfs_new_node+0xd2/0x960 [ 722.329433][T21072] __kernfs_new_node+0xd2/0x960 [ 722.329456][T21072] ? __pfx___kernfs_new_node+0x10/0x10 [ 722.329481][T21072] ? find_held_lock+0x2b/0x80 [ 722.329496][T21072] ? kernfs_root+0xee/0x2a0 [ 722.329515][T21072] ? kernfs_root+0xee/0x2a0 [ 722.329540][T21072] kernfs_new_node+0x11b/0x1a0 [ 722.329565][T21072] __kernfs_create_file+0x53/0x350 [ 722.329584][T21072] sysfs_add_file_mode_ns+0x207/0x3c0 [ 722.329608][T21072] sysfs_merge_group+0x194/0x340 [ 722.329630][T21072] ? __pfx_sysfs_merge_group+0x10/0x10 [ 722.329654][T21072] ? __pfx_dev_add_physical_location+0x10/0x10 [ 722.329676][T21072] ? bus_to_subsys+0x114/0x150 [ 722.329701][T21072] dpm_sysfs_add+0x237/0x280 [ 722.329722][T21072] device_add+0x9ef/0x1950 [ 722.329745][T21072] ? __pfx_device_add+0x10/0x10 [ 722.329765][T21072] ? lockdep_init_map_type+0x5c/0x250 [ 722.329785][T21072] ? __init_waitqueue_head+0xca/0x150 [ 722.329813][T21072] rfkill_register+0x1ad/0xb30 [ 722.329832][T21072] nfc_register_device+0x11f/0x3e0 [ 722.329853][T21072] nci_register_device+0x7f1/0xb80 [ 722.329871][T21072] ? __pfx_nci_register_device+0x10/0x10 [ 722.329889][T21072] ? lockdep_init_map_type+0x5c/0x250 [ 722.329912][T21072] virtual_ncidev_open+0x141/0x220 [ 722.329936][T21072] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 722.329960][T21072] misc_open+0x26d/0x450 [ 722.329979][T21072] ? __pfx_misc_open+0x10/0x10 [ 722.329995][T21072] chrdev_open+0x234/0x6a0 [ 722.330023][T21072] ? __pfx_apparmor_file_open+0x10/0x10 [ 722.330045][T21072] ? __pfx_chrdev_open+0x10/0x10 [ 722.330066][T21072] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 722.330089][T21072] do_dentry_open+0x73e/0x1570 [ 722.330110][T21072] ? __pfx_chrdev_open+0x10/0x10 [ 722.330129][T21072] ? security_inode_permission+0xbf/0x250 [ 722.330157][T21072] vfs_open+0x82/0x3f0 [ 722.330182][T21072] path_openat+0x21dc/0x3120 [ 722.330207][T21072] ? __pfx_path_openat+0x10/0x10 [ 722.330232][T21072] do_filp_open+0x1f7/0x420 [ 722.330251][T21072] ? __pfx_do_filp_open+0x10/0x10 [ 722.330283][T21072] ? _raw_spin_unlock+0x28/0x50 [ 722.330298][T21072] ? alloc_fd+0x476/0x790 [ 722.330322][T21072] do_sys_openat2+0x12e/0x220 [ 722.330344][T21072] ? __pfx_do_sys_openat2+0x10/0x10 [ 722.330368][T21072] ? find_held_lock+0x2b/0x80 [ 722.330387][T21072] __x64_sys_openat+0x12d/0x210 [ 722.330411][T21072] ? __pfx___x64_sys_openat+0x10/0x10 [ 722.330432][T21072] ? xfd_validate_state+0x129/0x190 [ 722.330463][T21072] do_syscall_64+0xc9/0xf80 [ 722.330484][T21072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.330499][T21072] RIP: 0033:0x7f364239aeb9 [ 722.330514][T21072] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 722.330542][T21072] RSP: 002b:00007f3643184028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 722.330564][T21072] RAX: ffffffffffffffda RBX: 00007f3642615fa0 RCX: 00007f364239aeb9 [ 722.330574][T21072] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 722.330584][T21072] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 722.330593][T21072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 722.330602][T21072] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 722.330622][T21072] [ 722.715041][T21077] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5413'. [ 723.228061][T21083] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5415'. [ 723.342906][T21087] netlink: 'syz.2.5417': attribute type 5 has an invalid length. [ 723.350948][T21087] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5417'. [ 723.901658][T21102] sg_write: data in/out 100663260/90 bytes for SCSI command 0x0-- guessing data in; [ 723.901658][T21102] program syz.3.5423 not setting count and/or reply_len properly [ 724.836178][T21128] netlink: 334 bytes leftover after parsing attributes in process `syz.3.5432'. [ 725.521382][T21146] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5440'. [ 725.584408][T21146] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5440'. [ 725.799320][T21148] zswap: compressor  not available [ 726.184333][T21171] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5449'. [ 726.218034][T21171] –õ\­: renamed from lo [ 726.320262][T21173] netlink: 'syz.4.5450': attribute type 33 has an invalid length. [ 726.357172][T21173] netlink: 322 bytes leftover after parsing attributes in process `syz.4.5450'. [ 726.683562][T21185] mkiss: ax0: crc mode is auto. [ 726.785462][T21191] mkiss: ax0: crc mode is auto. [ 727.050284][T21189] ERROR: Out of memory at tomoyo_memory_ok. [ 727.253314][T21203] netlink: 'syz.3.5463': attribute type 1 has an invalid length. [ 727.279971][T21203] netlink: 306 bytes leftover after parsing attributes in process `syz.3.5463'. [ 728.593889][T21221] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5470'. [ 729.261678][T21235] ERROR: Out of memory at tomoyo_memory_ok. [ 730.215779][T21268] netlink: 354 bytes leftover after parsing attributes in process `syz.4.5489'. [ 731.458298][T21298] netlink: 25 bytes leftover after parsing attributes in process `syz.4.5500'. [ 731.688315][T21289] Process accounting resumed [ 731.790026][T21309] kvm: kvm [21308]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000012) [ 732.744084][T21343] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 733.464343][T20589] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 733.855166][ T30] audit: type=1800 audit(1770342783.374:24): pid=21372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.5529" name="dbroot" dev="configfs" ino=79379 res=0 errno=0 [ 734.765936][T21397] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 735.017698][T21397] File: /dev/ram5 PID: 21397 Comm: syz.3.5535 [ 735.574083][T21417] netlink: 342 bytes leftover after parsing attributes in process `syz.1.5546'. [ 735.617862][T21417] netlink: 'syz.1.5546': attribute type 2 has an invalid length. [ 735.651268][T21417] netlink: 'syz.1.5546': attribute type 3 has an invalid length. [ 735.684033][T21417] netlink: 222 bytes leftover after parsing attributes in process `syz.1.5546'. [ 737.318426][T21455] netlink: 346 bytes leftover after parsing attributes in process `syz.3.5558'. [ 737.987183][T21466] kvm: kvm [21465]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x4 [ 738.469687][T21473] sp0: Synchronizing with TNC [ 738.683580][T21477] netlink: 146 bytes leftover after parsing attributes in process `syz.1.5567'. [ 739.557781][T20589] Bluetooth: hci3: Unable to find connection for big 0xd2 [ 739.584673][T21492] netlink: zone id is out of range [ 739.615711][T21492] netlink: zone id is out of range [ 739.800248][T21492] netlink: set zone limit has 8 unknown bytes [ 740.410604][T21503] ERROR: Out of memory at tomoyo_memory_ok. [ 741.736674][T21540] futex_wake_op: syz.2.5591 tries to shift op by -2048; fix this program [ 741.780910][T21540] futex_wake_op: syz.2.5591 tries to shift op by -2048; fix this program [ 741.821757][T21540] 0x000000000001-0x000000020000 : "" [ 741.859160][T21540] ftl_cs: FTL header corrupt! [ 742.054078][T21545] ERROR: Out of memory at tomoyo_memory_ok. [ 742.096730][T21542] zswap: compressor not available [ 742.197271][T21551] netlink: 326 bytes leftover after parsing attributes in process `syz.2.5593'. [ 743.783704][T21580] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 744.070476][T21592] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5609'. [ 744.122030][T21592] netlink: 17 bytes leftover after parsing attributes in process `syz.1.5609'. [ 745.041379][T21616] binder: 21615:21616 ioctl c0306201 2000000000c0 returned -14 [ 745.478167][T21631] FAULT_INJECTION: forcing a failure. [ 745.478167][T21631] name failslab, interval 1, probability 393216, space 0, times 0 [ 745.543287][T21631] CPU: 0 UID: 0 PID: 21631 Comm: syz.4.5625 Tainted: G L syzkaller #0 PREEMPT(full) [ 745.543320][T21631] Tainted: [L]=SOFTLOCKUP [ 745.543326][T21631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 745.543337][T21631] Call Trace: [ 745.543343][T21631] [ 745.543349][T21631] dump_stack_lvl+0x100/0x190 [ 745.543374][T21631] should_fail_ex.cold+0x5/0xa [ 745.543400][T21631] should_failslab+0xc2/0x120 [ 745.543422][T21631] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 745.543443][T21631] ? d_alloc_parallel+0x864/0x14e0 [ 745.543458][T21631] ? proc_alloc_inode+0x25/0x200 [ 745.543482][T21631] ? __pfx_proc_alloc_inode+0x10/0x10 [ 745.543502][T21631] ? proc_alloc_inode+0x25/0x200 [ 745.543521][T21631] proc_alloc_inode+0x25/0x200 [ 745.543540][T21631] alloc_inode+0x68/0x250 [ 745.543563][T21631] new_inode+0x22/0x1c0 [ 745.543586][T21631] proc_pid_make_inode+0x22/0x160 [ 745.543608][T21631] proc_ns_dir_lookup+0x25b/0x390 [ 745.543631][T21631] ? __pfx_proc_ns_dir_lookup+0x10/0x10 [ 745.543650][T21631] lookup_open.isra.0+0x486/0x1890 [ 745.543671][T21631] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 745.543697][T21631] ? mnt_get_write_access+0x1e9/0x2f0 [ 745.543722][T21631] path_openat+0xa9b/0x3120 [ 745.543746][T21631] ? __pfx_path_openat+0x10/0x10 [ 745.543771][T21631] do_filp_open+0x1f7/0x420 [ 745.543790][T21631] ? __pfx_do_filp_open+0x10/0x10 [ 745.543815][T21631] ? __pfx_kfree_link+0x10/0x10 [ 745.543843][T21631] ? _raw_spin_unlock+0x28/0x50 [ 745.543859][T21631] ? alloc_fd+0x476/0x790 [ 745.543881][T21631] do_sys_openat2+0x12e/0x220 [ 745.543905][T21631] ? __pfx_do_sys_openat2+0x10/0x10 [ 745.543936][T21631] __x64_sys_openat+0x12d/0x210 [ 745.543960][T21631] ? __pfx___x64_sys_openat+0x10/0x10 [ 745.543982][T21631] ? xfd_validate_state+0x129/0x190 [ 745.544012][T21631] do_syscall_64+0xc9/0xf80 [ 745.544032][T21631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 745.544048][T21631] RIP: 0033:0x7f364235b78e [ 745.544063][T21631] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 745.544077][T21631] RSP: 002b:00007f3643183ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 745.544094][T21631] RAX: ffffffffffffffda RBX: 00007f36431846c0 RCX: 00007f364235b78e [ 745.544104][T21631] RDX: 0000000000000002 RSI: 00007f3643183f90 RDI: ffffffffffffff9c [ 745.544114][T21631] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 745.544124][T21631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 745.544133][T21631] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 745.544153][T21631] [ 746.391324][T21633] netlink: 'syz.4.5626': attribute type 33 has an invalid length. [ 746.445065][T21638] netlink: 326 bytes leftover after parsing attributes in process `syz.3.5628'. [ 746.602149][T21640] FAULT_INJECTION: forcing a failure. [ 746.602149][T21640] name failslab, interval 1, probability 393216, space 0, times 0 [ 746.646303][T21640] CPU: 0 UID: 0 PID: 21640 Comm: syz.4.5629 Tainted: G L syzkaller #0 PREEMPT(full) [ 746.646332][T21640] Tainted: [L]=SOFTLOCKUP [ 746.646338][T21640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 746.646348][T21640] Call Trace: [ 746.646354][T21640] [ 746.646361][T21640] dump_stack_lvl+0x100/0x190 [ 746.646385][T21640] should_fail_ex.cold+0x5/0xa [ 746.646412][T21640] should_failslab+0xc2/0x120 [ 746.646433][T21640] kmem_cache_alloc_noprof+0x83/0x780 [ 746.646453][T21640] ? security_file_alloc+0x34/0x2c0 [ 746.646480][T21640] ? security_file_alloc+0x34/0x2c0 [ 746.646503][T21640] security_file_alloc+0x34/0x2c0 [ 746.646526][T21640] init_file+0x93/0x4c0 [ 746.646546][T21640] alloc_empty_file+0x73/0x1c0 [ 746.646568][T21640] path_openat+0xe8/0x3120 [ 746.646588][T21640] ? getname_flags+0x93/0xf0 [ 746.646603][T21640] ? do_sys_openat2+0xc5/0x220 [ 746.646625][T21640] ? __x64_sys_openat+0x12d/0x210 [ 746.646648][T21640] ? do_syscall_64+0xc9/0xf80 [ 746.646665][T21640] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.646685][T21640] ? __pfx_path_openat+0x10/0x10 [ 746.646709][T21640] do_filp_open+0x1f7/0x420 [ 746.646729][T21640] ? __pfx_do_filp_open+0x10/0x10 [ 746.646761][T21640] ? _raw_spin_unlock+0x28/0x50 [ 746.646777][T21640] ? alloc_fd+0x476/0x790 [ 746.646799][T21640] do_sys_openat2+0x12e/0x220 [ 746.646821][T21640] ? __pfx_do_sys_openat2+0x10/0x10 [ 746.646850][T21640] __x64_sys_openat+0x12d/0x210 [ 746.646873][T21640] ? __pfx___x64_sys_openat+0x10/0x10 [ 746.646895][T21640] ? xfd_validate_state+0x129/0x190 [ 746.646925][T21640] do_syscall_64+0xc9/0xf80 [ 746.646945][T21640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.646961][T21640] RIP: 0033:0x7f364235b78e [ 746.646975][T21640] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 746.646989][T21640] RSP: 002b:00007f3643183ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 746.647004][T21640] RAX: ffffffffffffffda RBX: 00007f36431846c0 RCX: 00007f364235b78e [ 746.647016][T21640] RDX: 0000000000000002 RSI: 00007f3643183f90 RDI: ffffffffffffff9c [ 746.647026][T21640] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 746.647035][T21640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 746.647044][T21640] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 746.647064][T21640] [ 748.084623][T21662] netlink: 21 bytes leftover after parsing attributes in process `syz.4.5638'. [ 748.558734][T21668] zswap: compressor not available [ 748.850259][T21678] ERROR: Out of memory at tomoyo_memory_ok. [ 749.195204][T21689] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5647'. [ 749.289186][T21691] netlink: 13 bytes leftover after parsing attributes in process `syz.1.5647'. [ 749.360648][T21691] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5647'. [ 749.572843][T21699] FAULT_INJECTION: forcing a failure. [ 749.572843][T21699] name failslab, interval 1, probability 393216, space 0, times 0 [ 749.658177][T21699] CPU: 0 UID: 0 PID: 21699 Comm: syz.4.5650 Tainted: G L syzkaller #0 PREEMPT(full) [ 749.658205][T21699] Tainted: [L]=SOFTLOCKUP [ 749.658211][T21699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 749.658222][T21699] Call Trace: [ 749.658228][T21699] [ 749.658234][T21699] dump_stack_lvl+0x100/0x190 [ 749.658258][T21699] should_fail_ex.cold+0x5/0xa [ 749.658285][T21699] should_failslab+0xc2/0x120 [ 749.658306][T21699] ? lsm_blob_alloc+0x68/0x90 [ 749.658324][T21699] __kmalloc_noprof+0xf6/0x9c0 [ 749.658346][T21699] ? sk_prot_alloc+0x10b/0x2a0 [ 749.658367][T21699] ? lsm_blob_alloc+0x68/0x90 [ 749.658388][T21699] lsm_blob_alloc+0x68/0x90 [ 749.658409][T21699] security_sk_alloc+0x2d/0x290 [ 749.658430][T21699] sk_prot_alloc+0x12a/0x2a0 [ 749.658447][T21699] sk_alloc+0x36/0xe80 [ 749.658468][T21699] xsk_create+0x117/0x760 [ 749.658492][T21699] __sock_create+0x339/0x860 [ 749.658513][T21699] __sys_socket+0x14d/0x260 [ 749.658531][T21699] ? __pfx___sys_socket+0x10/0x10 [ 749.658548][T21699] ? xfd_validate_state+0x129/0x190 [ 749.658576][T21699] __x64_sys_socket+0x72/0xb0 [ 749.658593][T21699] ? lockdep_hardirqs_on+0x78/0x100 [ 749.658610][T21699] do_syscall_64+0xc9/0xf80 [ 749.658630][T21699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.658645][T21699] RIP: 0033:0x7f364239aeb9 [ 749.658658][T21699] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 749.658673][T21699] RSP: 002b:00007f3643184028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 749.658688][T21699] RAX: ffffffffffffffda RBX: 00007f3642615fa0 RCX: 00007f364239aeb9 [ 749.658698][T21699] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 000000000000002c [ 749.658707][T21699] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 749.658716][T21699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.658725][T21699] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 749.658745][T21699] [ 750.367809][T21708] netlink: 346 bytes leftover after parsing attributes in process `syz.2.5654'. [ 751.060826][T21727] kvm: kvm [21725]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x4000000e) = 0x4 [ 751.555634][T21739] ERROR: Out of memory at tomoyo_memory_ok. [ 752.350750][T21773] ERROR: Out of memory at tomoyo_memory_ok. [ 752.664821][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.674735][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 753.489620][T21803] FAULT_INJECTION: forcing a failure. [ 753.489620][T21803] name failslab, interval 1, probability 393216, space 0, times 0 [ 753.548645][T21803] CPU: 0 UID: 0 PID: 21803 Comm: syz.4.5690 Tainted: G L syzkaller #0 PREEMPT(full) [ 753.548674][T21803] Tainted: [L]=SOFTLOCKUP [ 753.548680][T21803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 753.548690][T21803] Call Trace: [ 753.548696][T21803] [ 753.548703][T21803] dump_stack_lvl+0x100/0x190 [ 753.548739][T21803] should_fail_ex.cold+0x5/0xa [ 753.548766][T21803] should_failslab+0xc2/0x120 [ 753.548788][T21803] kmem_cache_alloc_noprof+0x83/0x780 [ 753.548809][T21803] ? mas_wr_store_type+0xb21/0x2200 [ 753.548826][T21803] ? mas_alloc_nodes+0x280/0x390 [ 753.548844][T21803] ? mas_alloc_nodes+0x280/0x390 [ 753.548858][T21803] mas_alloc_nodes+0x280/0x390 [ 753.548880][T21803] mas_preallocate+0x39c/0xf10 [ 753.548902][T21803] ? __pfx_mas_preallocate+0x10/0x10 [ 753.548925][T21803] ? rcu_is_watching+0x12/0xc0 [ 753.548945][T21803] ? anon_vma_name+0x81/0x2c0 [ 753.548971][T21803] __split_vma+0x33d/0xe30 [ 753.548990][T21803] ? __pfx___split_vma+0x10/0x10 [ 753.549011][T21803] ? find_vma+0xbf/0x140 [ 753.549035][T21803] vma_modify+0x1127/0x2330 [ 753.549057][T21803] ? __pfx_vma_modify+0x10/0x10 [ 753.549079][T21803] vma_modify_policy+0x238/0x300 [ 753.549097][T21803] ? __pfx_vma_modify_policy+0x10/0x10 [ 753.549127][T21803] ? mas_walk+0x6ef/0x9b0 [ 753.549145][T21803] mbind_range+0x175/0x550 [ 753.549163][T21803] do_mbind+0x7de/0xfd0 [ 753.549181][T21803] ? __might_fault+0xc5/0x140 [ 753.549198][T21803] ? __pfx_do_mbind+0x10/0x10 [ 753.549216][T21803] ? _copy_from_user+0x59/0xd0 [ 753.549244][T21803] ? __pfx_get_nodes+0x10/0x10 [ 753.549268][T21803] kernel_mbind+0x1b7/0x200 [ 753.549284][T21803] ? __pfx_kernel_mbind+0x10/0x10 [ 753.549304][T21803] do_syscall_64+0xc9/0xf80 [ 753.549325][T21803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.549341][T21803] RIP: 0033:0x7f364239aeb9 [ 753.549355][T21803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 753.549369][T21803] RSP: 002b:00007f3643184028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 753.549385][T21803] RAX: ffffffffffffffda RBX: 00007f3642615fa0 RCX: 00007f364239aeb9 [ 753.549395][T21803] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 753.549404][T21803] RBP: 00007f3642408c1f R08: 0000000000000003 R09: 0000000000000003 [ 753.549413][T21803] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 753.549423][T21803] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 753.549444][T21803] [ 754.808542][T21826] netlink: 338 bytes leftover after parsing attributes in process `syz.3.5699'. [ 755.095107][T21835] futex_wake_op: syz.3.5702 tries to shift op by -2048; fix this program [ 755.125071][T21835] futex_wake_op: syz.3.5702 tries to shift op by -2048; fix this program [ 755.180241][T21835] 0x000000000001-0x000000020000 : "" [ 755.214928][T21835] ftl_cs: FTL header corrupt! [ 755.365780][T21838] ERROR: Out of memory at tomoyo_memory_ok. [ 755.534099][T21845] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 755.763557][T21850] netlink: 334 bytes leftover after parsing attributes in process `syz.1.5707'. [ 756.905632][T21869] zswap: compressor not available [ 759.374007][T21910] FAULT_INJECTION: forcing a failure. [ 759.374007][T21910] name failslab, interval 1, probability 393216, space 0, times 0 [ 759.401531][T21909] netlink: 326 bytes leftover after parsing attributes in process `syz.4.5723'. [ 759.441503][T21910] CPU: 0 UID: 0 PID: 21910 Comm: syz.3.5724 Tainted: G L syzkaller #0 PREEMPT(full) [ 759.441531][T21910] Tainted: [L]=SOFTLOCKUP [ 759.441537][T21910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 759.441547][T21910] Call Trace: [ 759.441553][T21910] [ 759.441560][T21910] dump_stack_lvl+0x100/0x190 [ 759.441585][T21910] should_fail_ex.cold+0x5/0xa [ 759.441611][T21910] should_failslab+0xc2/0x120 [ 759.441633][T21910] kmem_cache_alloc_noprof+0x83/0x780 [ 759.441654][T21910] ? alloc_empty_file+0x55/0x1c0 [ 759.441678][T21910] ? alloc_empty_file+0x55/0x1c0 [ 759.441698][T21910] alloc_empty_file+0x55/0x1c0 [ 759.441720][T21910] path_openat+0xe8/0x3120 [ 759.441737][T21910] ? getname_flags+0x93/0xf0 [ 759.441751][T21910] ? do_sys_openat2+0xc5/0x220 [ 759.441771][T21910] ? __x64_sys_openat+0x12d/0x210 [ 759.441793][T21910] ? do_syscall_64+0xc9/0xf80 [ 759.441810][T21910] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.441830][T21910] ? __pfx_path_openat+0x10/0x10 [ 759.441854][T21910] do_filp_open+0x1f7/0x420 [ 759.441874][T21910] ? __pfx_do_filp_open+0x10/0x10 [ 759.441905][T21910] ? _raw_spin_unlock+0x28/0x50 [ 759.441921][T21910] ? alloc_fd+0x476/0x790 [ 759.441943][T21910] do_sys_openat2+0x12e/0x220 [ 759.441965][T21910] ? __pfx_do_sys_openat2+0x10/0x10 [ 759.441994][T21910] __x64_sys_openat+0x12d/0x210 [ 759.442016][T21910] ? __pfx___x64_sys_openat+0x10/0x10 [ 759.442038][T21910] ? xfd_validate_state+0x129/0x190 [ 759.442067][T21910] do_syscall_64+0xc9/0xf80 [ 759.442087][T21910] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.442102][T21910] RIP: 0033:0x7f01a155b78e [ 759.442116][T21910] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 759.442130][T21910] RSP: 002b:00007f01a2467ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 759.442145][T21910] RAX: ffffffffffffffda RBX: 00007f01a24686c0 RCX: 00007f01a155b78e [ 759.442155][T21910] RDX: 0000000000000002 RSI: 00007f01a2467f90 RDI: ffffffffffffff9c [ 759.442165][T21910] RBP: 00007f01a1608c1f R08: 0000000000000000 R09: 0000000000000000 [ 759.442174][T21910] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 759.442182][T21910] R13: 00007f01a1816038 R14: 00007f01a1815fa0 R15: 00007fff99e7bb78 [ 759.442201][T21910] [ 759.932695][T21909] bridge0: port 2(bridge_slave_1) entered disabled state [ 759.941069][T21909] bridge0: port 1(bridge_slave_0) entered disabled state [ 760.089794][T21914] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5727'. [ 760.211846][T21921] futex_wake_op: syz.1.5726 tries to shift op by -2048; fix this program [ 760.272618][T21921] futex_wake_op: syz.1.5726 tries to shift op by -2048; fix this program [ 760.773535][T21930] FAULT_INJECTION: forcing a failure. [ 760.773535][T21930] name failslab, interval 1, probability 393216, space 0, times 0 [ 760.848771][T21930] CPU: 0 UID: 0 PID: 21930 Comm: syz.3.5731 Tainted: G L syzkaller #0 PREEMPT(full) [ 760.848798][T21930] Tainted: [L]=SOFTLOCKUP [ 760.848805][T21930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 760.848815][T21930] Call Trace: [ 760.848821][T21930] [ 760.848827][T21930] dump_stack_lvl+0x100/0x190 [ 760.848851][T21930] should_fail_ex.cold+0x5/0xa [ 760.848882][T21930] should_failslab+0xc2/0x120 [ 760.848903][T21930] kmem_cache_alloc_noprof+0x83/0x780 [ 760.848925][T21930] ? do_epoll_ctl+0x2434/0x36a0 [ 760.848947][T21930] ? do_epoll_ctl+0x2434/0x36a0 [ 760.848965][T21930] do_epoll_ctl+0x2434/0x36a0 [ 760.848991][T21930] ? __pfx_do_epoll_ctl+0x10/0x10 [ 760.849008][T21930] ? find_held_lock+0x2b/0x80 [ 760.849023][T21930] ? __might_fault+0xc5/0x140 [ 760.849047][T21930] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 760.849065][T21930] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 760.849083][T21930] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 760.849107][T21930] do_syscall_64+0xc9/0xf80 [ 760.849135][T21930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 760.849151][T21930] RIP: 0033:0x7f01a159aeb9 [ 760.849165][T21930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 760.849181][T21930] RSP: 002b:00007f01a2447028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 760.849197][T21930] RAX: ffffffffffffffda RBX: 00007f01a1816090 RCX: 00007f01a159aeb9 [ 760.849207][T21930] RDX: 0000000000000005 RSI: 0000000000000001 RDI: 0000000000000006 [ 760.849216][T21930] RBP: 00007f01a1608c1f R08: 0000000000000000 R09: 0000000000000000 [ 760.849225][T21930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 760.849233][T21930] R13: 00007f01a1816128 R14: 00007f01a1816090 R15: 00007fff99e7bb78 [ 760.849253][T21930] [ 761.786275][T21939] Process accounting paused [ 761.902987][T21951] netlink: 'syz.3.5736': attribute type 1 has an invalid length. [ 761.928832][T21951] netlink: 306 bytes leftover after parsing attributes in process `syz.3.5736'. [ 762.346588][T21959] netlink: 330 bytes leftover after parsing attributes in process `syz.1.5740'. [ 762.727298][T21965] ERROR: Out of memory at tomoyo_memory_ok. [ 764.728561][T21997] zswap: compressor not available [ 764.906950][T22004] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5755'. [ 764.970702][T22004] –õ\­: renamed from lo (while UP) [ 765.200173][T22009] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5757'. [ 767.328796][T22053] futex_wake_op: syz.4.5773 tries to shift op by -2048; fix this program [ 767.376813][T22053] futex_wake_op: syz.4.5773 tries to shift op by -2048; fix this program [ 767.513680][T20589] Bluetooth: hci3: Malformed LE Event: 0x0b [ 768.054184][T22067] netlink: 'syz.2.5778': attribute type 1 has an invalid length. [ 768.061939][T22067] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5778'. [ 768.619307][T22092] netlink: 'syz.2.5787': attribute type 1 has an invalid length. [ 768.644881][T22092] netlink: 306 bytes leftover after parsing attributes in process `syz.2.5787'. [ 768.763954][T22090] sd 0:0:1:0: PR command failed: 1026 [ 768.782300][T22090] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 768.806640][T22090] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 769.553294][T22110] kvm: kvm [22109]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000012) [ 769.756761][T22117] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5795'. [ 770.353499][T22134] netlink: 290 bytes leftover after parsing attributes in process `syz.1.5803'. [ 770.574819][T22141] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5807'. [ 770.870080][T20589] Bluetooth: hci0: ISO packet for unknown connection handle 0 [ 771.904337][T22172] futex_wake_op: syz.3.5819 tries to shift op by -2048; fix this program [ 771.944039][T22172] futex_wake_op: syz.3.5819 tries to shift op by -2048; fix this program [ 773.136151][T22207] futex_wake_op: syz.1.5829 tries to shift op by -2048; fix this program [ 773.184388][T22207] futex_wake_op: syz.1.5829 tries to shift op by -2048; fix this program [ 773.377992][T22211] netlink: 266 bytes leftover after parsing attributes in process `syz.3.5831'. [ 773.625072][T22218] ERROR: Out of memory at tomoyo_memory_ok. [ 773.940024][T22223] ERROR: Out of memory at tomoyo_memory_ok. [ 774.173387][T22221] zswap: compressor not available [ 774.858658][T22260] FAULT_INJECTION: forcing a failure. [ 774.858658][T22260] name failslab, interval 1, probability 393216, space 0, times 0 [ 775.000781][T22260] CPU: 0 UID: 0 PID: 22260 Comm: syz.4.5845 Tainted: G L syzkaller #0 PREEMPT(full) [ 775.000811][T22260] Tainted: [L]=SOFTLOCKUP [ 775.000817][T22260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 775.000827][T22260] Call Trace: [ 775.000834][T22260] [ 775.000840][T22260] dump_stack_lvl+0x100/0x190 [ 775.000865][T22260] should_fail_ex.cold+0x5/0xa [ 775.000892][T22260] should_failslab+0xc2/0x120 [ 775.000913][T22260] kmem_cache_alloc_noprof+0x83/0x780 [ 775.000938][T22260] ? __pfx_map_id_range_down+0x10/0x10 [ 775.000953][T22260] ? security_inode_alloc+0x3b/0x2c0 [ 775.000978][T22260] ? security_inode_alloc+0x3b/0x2c0 [ 775.000998][T22260] security_inode_alloc+0x3b/0x2c0 [ 775.001027][T22260] inode_init_always_gfp+0xced/0x1040 [ 775.001048][T22260] alloc_inode+0x8e/0x250 [ 775.001070][T22260] alloc_anon_inode+0x2a/0x3e0 [ 775.001090][T22260] anon_inode_make_secure_inode+0x2f/0x140 [ 775.001114][T22260] __anon_inode_getfile+0x1cf/0x280 [ 775.001133][T22260] ? _copy_to_user+0xaf/0xd0 [ 775.001156][T22260] io_uring_setup.cold+0x17b6/0x1a89 [ 775.001178][T22260] ? __pfx_io_uring_setup+0x10/0x10 [ 775.001208][T22260] ? __pfx_do_futex+0x10/0x10 [ 775.001241][T22260] ? xfd_validate_state+0x129/0x190 [ 775.001271][T22260] __x64_sys_io_uring_setup+0xc2/0x170 [ 775.001290][T22260] do_syscall_64+0xc9/0xf80 [ 775.001311][T22260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.001326][T22260] RIP: 0033:0x7f364239aeb9 [ 775.001341][T22260] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 775.001355][T22260] RSP: 002b:00007f36405f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 775.001371][T22260] RAX: ffffffffffffffda RBX: 00007f3642616090 RCX: 00007f364239aeb9 [ 775.001381][T22260] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 775.001390][T22260] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 775.001399][T22260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 775.001408][T22260] R13: 00007f3642616128 R14: 00007f3642616090 R15: 00007fff5e3663d8 [ 775.001428][T22260] [ 775.502521][T22269] ERROR: Out of memory at tomoyo_memory_ok. [ 776.256725][T22262] sp0: Synchronizing with TNC [ 777.333396][T22307] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 777.484122][T22319] netlink: 'syz.2.5859': attribute type 4 has an invalid length. [ 777.528315][T22319] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5859'. [ 777.547885][T22307] File: /dev/ram5 PID: 22307 Comm: syz.4.5857 [ 777.578017][T22319] IPv6: Can't replace route, no match found [ 777.856776][T22326] netlink: 'syz.1.5861': attribute type 32 has an invalid length. [ 777.918254][T22326] netlink: 'syz.1.5861': attribute type 32 has an invalid length. [ 781.617009][T22387] netlink: 244 bytes leftover after parsing attributes in process `syz.4.5886'. [ 781.976480][T22402] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5891'. [ 782.489941][T22413] zero sized request [ 783.490465][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 783.496899][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 784.427447][T22458] netlink: 98 bytes leftover after parsing attributes in process `syz.3.5914'. [ 784.476783][T22458] netlink: 50 bytes leftover after parsing attributes in process `syz.3.5914'. [ 784.696813][T22471] zero sized request [ 785.104247][T22481] ERROR: Out of memory at tomoyo_memory_ok. [ 785.516007][T22497] netlink: 206 bytes leftover after parsing attributes in process `syz.2.5928'. [ 785.563907][T22497] netlink: 266 bytes leftover after parsing attributes in process `syz.2.5928'. [ 785.882880][T22501] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5929'. [ 785.932850][T22501] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5929'. [ 788.887703][T22586] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input19 [ 788.917288][ T5182] ERROR: Out of memory at tomoyo_memory_ok. [ 790.945810][T22623] kvm: kvm [22620]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0xc1) = 0x2 [ 791.101956][T22630] netlink: 18 bytes leftover after parsing attributes in process `syz.2.5975'. [ 792.734623][T22674] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5990'. [ 792.748286][T22650] Process accounting resumed [ 792.780395][T22674] netlink: 13 bytes leftover after parsing attributes in process `syz.1.5990'. [ 792.967613][T22677] FAULT_INJECTION: forcing a failure. [ 792.967613][T22677] name failslab, interval 1, probability 393216, space 0, times 0 [ 793.035566][T22677] CPU: 0 UID: 0 PID: 22677 Comm: syz.4.5999 Tainted: G L syzkaller #0 PREEMPT(full) [ 793.035594][T22677] Tainted: [L]=SOFTLOCKUP [ 793.035600][T22677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 793.035610][T22677] Call Trace: [ 793.035617][T22677] [ 793.035624][T22677] dump_stack_lvl+0x100/0x190 [ 793.035648][T22677] should_fail_ex.cold+0x5/0xa [ 793.035674][T22677] should_failslab+0xc2/0x120 [ 793.035696][T22677] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 793.035719][T22677] ? __alloc_skb+0x156/0x410 [ 793.035743][T22677] ? __alloc_skb+0x156/0x410 [ 793.035761][T22677] __alloc_skb+0x156/0x410 [ 793.035780][T22677] ? __alloc_skb+0x35d/0x410 [ 793.035800][T22677] ? __pfx___alloc_skb+0x10/0x10 [ 793.035823][T22677] ? netlink_has_listeners+0x20f/0x430 [ 793.035852][T22677] ? netlink_has_listeners+0x20f/0x430 [ 793.035878][T22677] alloc_uevent_skb+0x7d/0x210 [ 793.035903][T22677] kobject_uevent_env+0xd2d/0x18b0 [ 793.035929][T22677] ? bus_to_subsys+0x114/0x150 [ 793.035955][T22677] device_add+0x116e/0x1950 [ 793.035978][T22677] ? __pfx_device_add+0x10/0x10 [ 793.036005][T22677] nfc_register_device+0x41/0x3e0 [ 793.036026][T22677] nci_register_device+0x7f1/0xb80 [ 793.036043][T22677] ? __pfx_nci_register_device+0x10/0x10 [ 793.036062][T22677] ? lockdep_init_map_type+0x5c/0x250 [ 793.036087][T22677] virtual_ncidev_open+0x141/0x220 [ 793.036110][T22677] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 793.036133][T22677] misc_open+0x26d/0x450 [ 793.036152][T22677] ? __pfx_misc_open+0x10/0x10 [ 793.036168][T22677] chrdev_open+0x234/0x6a0 [ 793.036186][T22677] ? __pfx_apparmor_file_open+0x10/0x10 [ 793.036211][T22677] ? __pfx_chrdev_open+0x10/0x10 [ 793.036232][T22677] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 793.036255][T22677] do_dentry_open+0x73e/0x1570 [ 793.036274][T22677] ? __pfx_chrdev_open+0x10/0x10 [ 793.036292][T22677] ? security_inode_permission+0xbf/0x250 [ 793.036318][T22677] vfs_open+0x82/0x3f0 [ 793.036349][T22677] path_openat+0x21dc/0x3120 [ 793.036377][T22677] ? __pfx_path_openat+0x10/0x10 [ 793.036402][T22677] do_filp_open+0x1f7/0x420 [ 793.036422][T22677] ? __pfx_do_filp_open+0x10/0x10 [ 793.036455][T22677] ? _raw_spin_unlock+0x28/0x50 [ 793.036471][T22677] ? alloc_fd+0x476/0x790 [ 793.036494][T22677] do_sys_openat2+0x12e/0x220 [ 793.036516][T22677] ? __pfx_do_sys_openat2+0x10/0x10 [ 793.036540][T22677] ? find_held_lock+0x2b/0x80 [ 793.036560][T22677] __x64_sys_openat+0x12d/0x210 [ 793.036583][T22677] ? __pfx___x64_sys_openat+0x10/0x10 [ 793.036605][T22677] ? xfd_validate_state+0x129/0x190 [ 793.036635][T22677] do_syscall_64+0xc9/0xf80 [ 793.036659][T22677] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.036675][T22677] RIP: 0033:0x7f364239aeb9 [ 793.036689][T22677] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 793.036704][T22677] RSP: 002b:00007f3643184028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 793.036720][T22677] RAX: ffffffffffffffda RBX: 00007f3642615fa0 RCX: 00007f364239aeb9 [ 793.036732][T22677] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 793.036742][T22677] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 793.036751][T22677] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 793.036764][T22677] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 793.036801][T22677] [ 793.601052][T22692] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5995'. [ 795.367587][T22722] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 795.395687][T22722] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 795.418588][T22722] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 795.437727][T22722] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 796.312768][T22754] ERROR: Out of memory at tomoyo_memory_ok. [ 796.597382][T20589] Bluetooth: hci2: command 0x0406 tx timeout [ 797.478050][T20589] Bluetooth: hci1: command 0x0c1a tx timeout [ 797.484758][T18959] Bluetooth: hci0: command 0x0406 tx timeout [ 797.492561][T18892] Bluetooth: hci3: command 0x0406 tx timeout [ 800.423317][T22837] openvswitch: netlink: IP tunnel dst address not specified [ 800.494636][T22836] netlink: 318 bytes leftover after parsing attributes in process `syz.2.6042'. [ 800.910043][T22844] FAULT_INJECTION: forcing a failure. [ 800.910043][T22844] name failslab, interval 1, probability 393216, space 0, times 0 [ 800.974880][T22844] CPU: 0 UID: 0 PID: 22844 Comm: syz.4.6047 Tainted: G L syzkaller #0 PREEMPT(full) [ 800.974909][T22844] Tainted: [L]=SOFTLOCKUP [ 800.974915][T22844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 800.974924][T22844] Call Trace: [ 800.974930][T22844] [ 800.974937][T22844] dump_stack_lvl+0x100/0x190 [ 800.974961][T22844] should_fail_ex.cold+0x5/0xa [ 800.974988][T22844] should_failslab+0xc2/0x120 [ 800.975009][T22844] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 800.975031][T22844] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 800.975047][T22844] ? alloc_unbound_pwq+0x3ff/0xdd0 [ 800.975067][T22844] ? alloc_unbound_pwq+0x3ff/0xdd0 [ 800.975083][T22844] alloc_unbound_pwq+0x3ff/0xdd0 [ 800.975104][T22844] apply_wqattrs_prepare+0x3aa/0xbb0 [ 800.975127][T22844] apply_workqueue_attrs_locked+0x64/0xe0 [ 800.975145][T22844] __alloc_workqueue+0xe25/0x1880 [ 800.975168][T22844] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 800.975187][T22844] alloc_workqueue_noprof+0xd2/0x200 [ 800.975206][T22844] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 800.975238][T22844] ? __pfx___debug_object_init+0x10/0x10 [ 800.975263][T22844] nci_register_device+0x511/0xb80 [ 800.975281][T22844] ? __pfx_nci_register_device+0x10/0x10 [ 800.975304][T22844] ? lockdep_init_map_type+0x5c/0x250 [ 800.975329][T22844] virtual_ncidev_open+0x141/0x220 [ 800.975354][T22844] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 800.975377][T22844] misc_open+0x26d/0x450 [ 800.975395][T22844] ? __pfx_misc_open+0x10/0x10 [ 800.975415][T22844] chrdev_open+0x234/0x6a0 [ 800.975434][T22844] ? __pfx_apparmor_file_open+0x10/0x10 [ 800.975454][T22844] ? __pfx_chrdev_open+0x10/0x10 [ 800.975476][T22844] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 800.975500][T22844] do_dentry_open+0x73e/0x1570 [ 800.975518][T22844] ? __pfx_chrdev_open+0x10/0x10 [ 800.975537][T22844] ? security_inode_permission+0xbf/0x250 [ 800.975562][T22844] vfs_open+0x82/0x3f0 [ 800.975586][T22844] path_openat+0x21dc/0x3120 [ 800.975611][T22844] ? __pfx_path_openat+0x10/0x10 [ 800.975637][T22844] do_filp_open+0x1f7/0x420 [ 800.975656][T22844] ? __pfx_do_filp_open+0x10/0x10 [ 800.975688][T22844] ? _raw_spin_unlock+0x28/0x50 [ 800.975702][T22844] ? alloc_fd+0x476/0x790 [ 800.975725][T22844] do_sys_openat2+0x12e/0x220 [ 800.975748][T22844] ? __pfx_do_sys_openat2+0x10/0x10 [ 800.975772][T22844] ? __fput+0x68a/0xb40 [ 800.975796][T22844] __x64_sys_openat+0x12d/0x210 [ 800.975819][T22844] ? __pfx___x64_sys_openat+0x10/0x10 [ 800.975841][T22844] ? xfd_validate_state+0x129/0x190 [ 800.975871][T22844] do_syscall_64+0xc9/0xf80 [ 800.975891][T22844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 800.975906][T22844] RIP: 0033:0x7f364239aeb9 [ 800.975920][T22844] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 800.975935][T22844] RSP: 002b:00007f3643184028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 800.975952][T22844] RAX: ffffffffffffffda RBX: 00007f3642615fa0 RCX: 00007f364239aeb9 [ 800.975963][T22844] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 800.975974][T22844] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 800.975984][T22844] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 800.975994][T22844] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 800.976016][T22844] [ 802.078792][T22857] netlink: 330 bytes leftover after parsing attributes in process `syz.3.6050'. [ 802.097084][T22857] gretap0: refused to change device tx_queue_len [ 807.461109][T22974] ERROR: Out of memory at tomoyo_memory_ok. [ 809.621967][T23014] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6103'. [ 812.030441][T23087] FAULT_INJECTION: forcing a failure. [ 812.030441][T23087] name fail_futex, interval 1, probability 0, space 0, times 0 [ 812.092221][T23087] CPU: 0 UID: 0 PID: 23087 Comm: syz.4.6127 Tainted: G L syzkaller #0 PREEMPT(full) [ 812.092250][T23087] Tainted: [L]=SOFTLOCKUP [ 812.092255][T23087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 812.092265][T23087] Call Trace: [ 812.092271][T23087] [ 812.092277][T23087] dump_stack_lvl+0x100/0x190 [ 812.092301][T23087] should_fail_ex.cold+0x5/0xa [ 812.092327][T23087] get_futex_key+0x1d2/0x1620 [ 812.092349][T23087] ? __pfx_get_futex_key+0x10/0x10 [ 812.092368][T23087] ? __lock_acquire+0x4a5/0x2630 [ 812.092388][T23087] ? __lock_acquire+0x4a5/0x2630 [ 812.092411][T23087] futex_wake+0xea/0x530 [ 812.092443][T23087] ? release_sock+0x21/0x220 [ 812.092465][T23087] ? __pfx_futex_wake+0x10/0x10 [ 812.092492][T23087] ? do_raw_spin_lock+0x128/0x260 [ 812.092514][T23087] ? find_held_lock+0x2b/0x80 [ 812.092531][T23087] do_futex+0x32b/0x350 [ 812.092552][T23087] ? __pfx_do_futex+0x10/0x10 [ 812.092579][T23087] ? do_fcntl+0x811/0x1670 [ 812.092605][T23087] __x64_sys_futex+0x34f/0x4d0 [ 812.092629][T23087] ? __pfx___x64_sys_futex+0x10/0x10 [ 812.092650][T23087] ? tomoyo_file_fcntl+0xa5/0xc0 [ 812.092669][T23087] ? fput+0x79/0x100 [ 812.092692][T23087] do_syscall_64+0xc9/0xf80 [ 812.092713][T23087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 812.092728][T23087] RIP: 0033:0x7f364239aeb9 [ 812.092742][T23087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 812.092758][T23087] RSP: 002b:00007f36431840e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 812.092773][T23087] RAX: ffffffffffffffda RBX: 00007f3642615fa8 RCX: 00007f364239aeb9 [ 812.092783][T23087] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3642615fac [ 812.092792][T23087] RBP: 00007f3642615fa0 R08: 0000000000000000 R09: 0000000000000000 [ 812.092801][T23087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 812.092810][T23087] R13: 00007f3642616038 R14: 00007fff5e3662f0 R15: 00007fff5e3663d8 [ 812.092830][T23087] [ 812.748194][T23092] netlink: 266 bytes leftover after parsing attributes in process `syz.2.6130'. [ 812.770652][T23094] netlink: 334 bytes leftover after parsing attributes in process `syz.3.6131'. [ 812.794018][T23092] IPv6: NLM_F_CREATE should be specified when creating new route [ 813.736658][T23110] netlink: 142 bytes leftover after parsing attributes in process `syz.2.6136'. [ 814.062807][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.069323][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 816.819035][T23165] netlink: 186 bytes leftover after parsing attributes in process `syz.4.6155'. [ 817.038093][T23169] FAULT_INJECTION: forcing a failure. [ 817.038093][T23169] name failslab, interval 1, probability 393216, space 0, times 0 [ 817.100326][T23169] CPU: 0 UID: 0 PID: 23169 Comm: syz.4.6164 Tainted: G L syzkaller #0 PREEMPT(full) [ 817.100354][T23169] Tainted: [L]=SOFTLOCKUP [ 817.100360][T23169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 817.100370][T23169] Call Trace: [ 817.100376][T23169] [ 817.100383][T23169] dump_stack_lvl+0x100/0x190 [ 817.100407][T23169] should_fail_ex.cold+0x5/0xa [ 817.100433][T23169] should_failslab+0xc2/0x120 [ 817.100455][T23169] __kmalloc_cache_noprof+0x80/0x810 [ 817.100473][T23169] ? create_filter_start.constprop.0+0x1c4/0x310 [ 817.100502][T23169] ? create_filter_start.constprop.0+0x1c4/0x310 [ 817.100527][T23169] create_filter_start.constprop.0+0x1c4/0x310 [ 817.100554][T23169] create_filter+0xb5/0x210 [ 817.100578][T23169] ? __pfx_create_filter+0x10/0x10 [ 817.100601][T23169] ? __pfx___mutex_lock+0x10/0x10 [ 817.100622][T23169] ? find_held_lock+0x2b/0x80 [ 817.100640][T23169] apply_event_filter+0x220/0x500 [ 817.100655][T23169] ? __pfx_apply_event_filter+0x10/0x10 [ 817.100676][T23169] event_filter_write+0x16d/0x290 [ 817.100698][T23169] vfs_write+0x2aa/0x1070 [ 817.100716][T23169] ? __pfx_event_filter_write+0x10/0x10 [ 817.100737][T23169] ? __pfx_vfs_write+0x10/0x10 [ 817.100753][T23169] ? find_held_lock+0x2b/0x80 [ 817.100771][T23169] ? __fget_files+0x215/0x3d0 [ 817.100792][T23169] ? __fget_files+0x21f/0x3d0 [ 817.100814][T23169] ksys_write+0x12a/0x250 [ 817.100831][T23169] ? __pfx_ksys_write+0x10/0x10 [ 817.100854][T23169] do_syscall_64+0xc9/0xf80 [ 817.100875][T23169] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.100890][T23169] RIP: 0033:0x7f364239aeb9 [ 817.100904][T23169] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 817.100919][T23169] RSP: 002b:00007f3643184028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 817.100935][T23169] RAX: ffffffffffffffda RBX: 00007f3642615fa0 RCX: 00007f364239aeb9 [ 817.100945][T23169] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 817.100955][T23169] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 817.100964][T23169] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 817.100974][T23169] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 817.100995][T23169] [ 818.515753][T23180] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6158'. [ 818.569666][T23180] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6158'. [ 818.623368][T23180] netlink: 302 bytes leftover after parsing attributes in process `syz.4.6158'. [ 818.890660][T23181] ERROR: Out of memory at tomoyo_memory_ok. [ 819.801099][T23193] netlink: 326 bytes leftover after parsing attributes in process `syz.3.6163'. [ 820.003194][T23196] FAULT_INJECTION: forcing a failure. [ 820.003194][T23196] name failslab, interval 1, probability 393216, space 0, times 0 [ 820.079180][T23196] CPU: 0 UID: 0 PID: 23196 Comm: syz.4.6165 Tainted: G L syzkaller #0 PREEMPT(full) [ 820.079207][T23196] Tainted: [L]=SOFTLOCKUP [ 820.079213][T23196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 820.079223][T23196] Call Trace: [ 820.079229][T23196] [ 820.079236][T23196] dump_stack_lvl+0x100/0x190 [ 820.079260][T23196] should_fail_ex.cold+0x5/0xa [ 820.079286][T23196] should_failslab+0xc2/0x120 [ 820.079308][T23196] __kmalloc_cache_noprof+0x80/0x810 [ 820.079324][T23196] ? find_held_lock+0x2b/0x80 [ 820.079339][T23196] ? kobject_uevent_env+0x263/0x18b0 [ 820.079366][T23196] ? kobject_uevent_env+0x263/0x18b0 [ 820.079388][T23196] kobject_uevent_env+0x263/0x18b0 [ 820.079414][T23196] ? kernfs_remove_by_name_ns+0x9f/0xf0 [ 820.079433][T23196] __kobject_del+0x168/0x220 [ 820.079453][T23196] kobject_put+0x348/0x640 [ 820.079474][T23196] net_rx_queue_update_kobjects+0x544/0x760 [ 820.079498][T23196] netdev_unregister_kobject+0x154/0x540 [ 820.079513][T23196] ? rtmsg_ifinfo_send+0xcc/0x110 [ 820.079531][T23196] unregister_netdevice_many_notify+0x1817/0x2580 [ 820.079563][T23196] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 820.079591][T23196] ? __pfx___mutex_lock+0x10/0x10 [ 820.079614][T23196] unregister_netdevice_queue+0x30b/0x3c0 [ 820.079630][T23196] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 820.079646][T23196] ? __pfx_locks_remove_file+0x10/0x10 [ 820.079666][T23196] ppp_release+0x211/0x230 [ 820.079684][T23196] ? __pfx_ppp_release+0x10/0x10 [ 820.079700][T23196] __fput+0x3ff/0xb40 [ 820.079725][T23196] task_work_run+0x150/0x240 [ 820.079749][T23196] ? __pfx_task_work_run+0x10/0x10 [ 820.079776][T23196] exit_to_user_mode_loop+0x100/0x4b0 [ 820.079797][T23196] ? rcu_is_watching+0x12/0xc0 [ 820.079814][T23196] do_syscall_64+0x4ea/0xf80 [ 820.079834][T23196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 820.079857][T23196] RIP: 0033:0x7f364239aeb9 [ 820.079872][T23196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 820.079888][T23196] RSP: 002b:00007f3643184028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 820.079904][T23196] RAX: 0000000000000000 RBX: 00007f3642615fa0 RCX: 00007f364239aeb9 [ 820.079914][T23196] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 820.079923][T23196] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 820.079932][T23196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 820.079941][T23196] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 820.079962][T23196] [ 820.862763][T23207] ERROR: Out of memory at tomoyo_memory_ok. [ 820.873093][T23205] sp0: Synchronizing with TNC [ 822.367907][T23252] netlink: 'syz.3.6190': attribute type 27 has an invalid length. [ 822.375742][T23252] netlink: 'syz.3.6190': attribute type 28 has an invalid length. [ 822.435036][T23252] netlink: 'syz.3.6190': attribute type 29 has an invalid length. [ 822.455074][T23257] netlink: 'syz.1.6192': attribute type 21 has an invalid length. [ 822.479555][T23252] netlink: 'syz.3.6190': attribute type 30 has an invalid length. [ 822.523695][T23257] netlink: 326 bytes leftover after parsing attributes in process `syz.1.6192'. [ 822.537176][T23252] netlink: 'syz.3.6190': attribute type 31 has an invalid length. [ 822.564372][T23252] netlink: 'syz.3.6190': attribute type 32 has an invalid length. [ 822.588788][T23252] netlink: 'syz.3.6190': attribute type 33 has an invalid length. [ 822.608216][T23252] netlink: 'syz.3.6190': attribute type 35 has an invalid length. [ 822.625148][T23252] netlink: 'syz.3.6190': attribute type 37 has an invalid length. [ 822.642349][T23252] netlink: 18 bytes leftover after parsing attributes in process `syz.3.6190'. [ 822.732694][T23252] Process accounting paused [ 822.851256][T23265] sp0: Synchronizing with TNC [ 823.178652][T23278] netlink: 266 bytes leftover after parsing attributes in process `syz.2.6200'. [ 824.301690][T23308] netlink: 326 bytes leftover after parsing attributes in process `syz.2.6210'. [ 824.510587][T20589] Bluetooth: hci3: unexpected event 0x06 length: 435 > 3 [ 824.581666][T23298] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 824.628851][T23298] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 824.666510][T23298] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 824.686137][T23298] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 825.832226][T20589] Bluetooth: hci2: command 0x0406 tx timeout [ 826.631232][T20589] Bluetooth: hci0: command 0x0406 tx timeout [ 826.637493][T18959] Bluetooth: hci3: command 0x0406 tx timeout [ 826.706623][T20589] Bluetooth: hci1: command 0x0c1a tx timeout [ 827.356617][T23376] FAULT_INJECTION: forcing a failure. [ 827.356617][T23376] name failslab, interval 1, probability 393216, space 0, times 0 [ 827.413540][T23376] CPU: 0 UID: 0 PID: 23376 Comm: syz.3.6233 Tainted: G L syzkaller #0 PREEMPT(full) [ 827.413568][T23376] Tainted: [L]=SOFTLOCKUP [ 827.413574][T23376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 827.413585][T23376] Call Trace: [ 827.413591][T23376] [ 827.413598][T23376] dump_stack_lvl+0x100/0x190 [ 827.413622][T23376] should_fail_ex.cold+0x5/0xa [ 827.413648][T23376] should_failslab+0xc2/0x120 [ 827.413671][T23376] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 827.413693][T23376] ? mqueue_alloc_inode+0x25/0x50 [ 827.413714][T23376] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 827.413731][T23376] ? mqueue_alloc_inode+0x25/0x50 [ 827.413747][T23376] mqueue_alloc_inode+0x25/0x50 [ 827.413764][T23376] alloc_inode+0x68/0x250 [ 827.413786][T23376] new_inode+0x22/0x1c0 [ 827.413809][T23376] mqueue_get_inode+0x2e/0xe00 [ 827.413827][T23376] ? sget_fc+0x801/0xc70 [ 827.413843][T23376] ? __pfx_mqueue_fill_super+0x10/0x10 [ 827.413860][T23376] mqueue_fill_super+0x14d/0x260 [ 827.413877][T23376] get_tree_nodev+0xdd/0x190 [ 827.413895][T23376] mqueue_get_tree+0xf1/0x130 [ 827.413912][T23376] vfs_get_tree+0x92/0x320 [ 827.413926][T23376] fc_mount_longterm+0x1a/0x270 [ 827.413942][T23376] mq_init_ns+0x482/0x820 [ 827.413963][T23376] copy_ipcs+0x3dd/0x7e0 [ 827.413984][T23376] create_new_namespaces+0x20a/0xab0 [ 827.414002][T23376] ? security_capable+0x80/0x260 [ 827.414023][T23376] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 827.414042][T23376] ksys_unshare+0x455/0xab0 [ 827.414064][T23376] ? __pfx_ksys_unshare+0x10/0x10 [ 827.414085][T23376] ? xfd_validate_state+0x129/0x190 [ 827.414114][T23376] __x64_sys_unshare+0x31/0x40 [ 827.414134][T23376] do_syscall_64+0xc9/0xf80 [ 827.414155][T23376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 827.414171][T23376] RIP: 0033:0x7f01a159aeb9 [ 827.414184][T23376] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 827.414199][T23376] RSP: 002b:00007f01a2468028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 827.414215][T23376] RAX: ffffffffffffffda RBX: 00007f01a1815fa0 RCX: 00007f01a159aeb9 [ 827.414226][T23376] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 827.414235][T23376] RBP: 00007f01a1608c1f R08: 0000000000000000 R09: 0000000000000000 [ 827.414244][T23376] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 827.414253][T23376] R13: 00007f01a1816038 R14: 00007f01a1815fa0 R15: 00007fff99e7bb78 [ 827.414273][T23376] [ 828.820001][T23388] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6237'. [ 829.389036][T23394] FAULT_INJECTION: forcing a failure. [ 829.389036][T23394] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 829.435989][T23394] CPU: 0 UID: 0 PID: 23394 Comm: syz.4.6239 Tainted: G L syzkaller #0 PREEMPT(full) [ 829.436017][T23394] Tainted: [L]=SOFTLOCKUP [ 829.436023][T23394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 829.436032][T23394] Call Trace: [ 829.436038][T23394] [ 829.436045][T23394] dump_stack_lvl+0x100/0x190 [ 829.436070][T23394] should_fail_ex.cold+0x5/0xa [ 829.436093][T23394] ? prepare_alloc_pages+0x16d/0x5f0 [ 829.436118][T23394] should_fail_alloc_page+0xeb/0x140 [ 829.436140][T23394] prepare_alloc_pages+0x1f0/0x5f0 [ 829.436166][T23394] __alloc_frozen_pages_noprof+0x193/0x2410 [ 829.436187][T23394] ? rcu_is_watching+0x12/0xc0 [ 829.436203][T23394] ? trace_mm_page_alloc+0x10e/0x160 [ 829.436226][T23394] ? __alloc_frozen_pages_noprof+0x2a0/0x2410 [ 829.436253][T23394] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 829.436273][T23394] ? kasan_save_stack+0x30/0x50 [ 829.436291][T23394] ? kasan_save_track+0x14/0x30 [ 829.436310][T23394] ? __kasan_kmalloc+0xaa/0xb0 [ 829.436328][T23394] ? __kmalloc_noprof+0x347/0x9c0 [ 829.436342][T23394] ? vhost_dev_set_owner+0x287/0xa30 [ 829.436360][T23394] ? vhost_dev_ioctl+0x521/0xe20 [ 829.436376][T23394] ? vhost_vsock_dev_ioctl+0x320/0xb30 [ 829.436396][T23394] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 829.436418][T23394] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 829.436438][T23394] ? policy_nodemask+0xed/0x4f0 [ 829.436462][T23394] alloc_pages_mpol+0x1fb/0x550 [ 829.436484][T23394] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 829.436510][T23394] ___kmalloc_large_node+0x104/0x150 [ 829.436534][T23394] __kmalloc_large_node_noprof+0x1c/0x70 [ 829.436557][T23394] ? vhost_dev_set_owner+0x191/0xa30 [ 829.436576][T23394] __kmalloc_noprof+0x6b1/0x9c0 [ 829.436596][T23394] ? vhost_dev_set_owner+0x191/0xa30 [ 829.436613][T23394] vhost_dev_set_owner+0x191/0xa30 [ 829.436638][T23394] vhost_dev_ioctl+0x521/0xe20 [ 829.436655][T23394] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 829.436672][T23394] ? do_vfs_ioctl+0x226/0x13e0 [ 829.436695][T23394] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 829.436720][T23394] vhost_vsock_dev_ioctl+0x320/0xb30 [ 829.436737][T23394] ? hook_file_ioctl_common+0x146/0x410 [ 829.436761][T23394] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 829.436781][T23394] ? __fget_files+0x21f/0x3d0 [ 829.436801][T23394] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 829.436819][T23394] __x64_sys_ioctl+0x18e/0x210 [ 829.436845][T23394] do_syscall_64+0xc9/0xf80 [ 829.436865][T23394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 829.436881][T23394] RIP: 0033:0x7f364239aeb9 [ 829.436896][T23394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 829.436911][T23394] RSP: 002b:00007f3643184028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 829.436927][T23394] RAX: ffffffffffffffda RBX: 00007f3642615fa0 RCX: 00007f364239aeb9 [ 829.436938][T23394] RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000003 [ 829.436948][T23394] RBP: 00007f3642408c1f R08: 0000000000000000 R09: 0000000000000000 [ 829.436958][T23394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 829.436967][T23394] R13: 00007f3642616038 R14: 00007f3642615fa0 R15: 00007fff5e3663d8 [ 829.436988][T23394] [ 830.396789][T23395] ERROR: Out of memory at tomoyo_memory_ok. [ 830.992173][T23403] sp0: Synchronizing with TNC [ 832.253778][T23434] netlink: 138 bytes leftover after parsing attributes in process `syz.1.6255'. [ 833.040796][T23457] sp0: Synchronizing with TNC [ 833.304693][T23467] mkiss: ax0: crc mode is auto. [ 833.326038][T23466] netlink: 138 bytes leftover after parsing attributes in process `syz.4.6268'. [ 835.001427][T23481] sp0: Synchronizing with TNC [ 836.013996][T23497] netlink: 138 bytes leftover after parsing attributes in process `syz.3.6278'. [ 837.935590][T23521] netlink: 'syz.1.6297': attribute type 1 has an invalid length. [ 838.053551][T23521] netlink: 'syz.1.6297': attribute type 6 has an invalid length. [ 840.416785][T18959] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 840.435852][T18959] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 840.444578][T18959] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 840.453221][T18959] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 840.460705][T18959] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 840.919595][T23540] [U] [ 840.922403][T23540] [U] [ 840.925077][T23540] [U] [ 840.927750][T23540] [U] [ 841.000235][T23540] [U] [ 841.002952][T23540] [U] [ 841.005630][T23540] [U] [ 841.008305][T23540] [U] [ 841.070109][T23540] [U] [ 841.072834][T23540] [U] [ 841.075528][T23540] [U] [ 841.078206][T23540] [U] [ 841.118184][T23535] chnl_net:caif_netlink_parms(): no params data found [ 841.146492][T23540] [U] [ 841.193487][T23550] FAULT_INJECTION: forcing a failure. [ 841.193487][T23550] name failslab, interval 1, probability 393216, space 0, times 0 [ 841.315998][T23550] CPU: 0 UID: 0 PID: 23550 Comm: syz.3.6295 Tainted: G L syzkaller #0 PREEMPT(full) [ 841.316027][T23550] Tainted: [L]=SOFTLOCKUP [ 841.316032][T23550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 841.316043][T23550] Call Trace: [ 841.316049][T23550] [ 841.316055][T23550] dump_stack_lvl+0x100/0x190 [ 841.316079][T23550] should_fail_ex.cold+0x5/0xa [ 841.316106][T23550] should_failslab+0xc2/0x120 [ 841.316128][T23550] kmem_cache_alloc_noprof+0x83/0x780 [ 841.316149][T23550] ? audit_log_start+0x29d/0x930 [ 841.316179][T23550] ? audit_log_start+0x29d/0x930 [ 841.316199][T23550] audit_log_start+0x29d/0x930 [ 841.316223][T23550] ? __pfx_audit_log_start+0x10/0x10 [ 841.316256][T23550] integrity_audit_message+0x10c/0x4f0 [ 841.316273][T23550] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 841.316296][T23550] ? __pfx_integrity_audit_message+0x10/0x10 [ 841.316314][T23550] ? take_dentry_name_snapshot+0x310/0x7c0 [ 841.316347][T23550] integrity_audit_msg+0x41/0x60 [ 841.316366][T23550] ima_collect_measurement+0x72a/0xa40 [ 841.316394][T23550] ? __pfx_ima_collect_measurement+0x10/0x10 [ 841.316416][T23550] ? lock_acquire+0x17c/0x330 [ 841.316446][T23550] ? process_measurement+0x5cd/0x2400 [ 841.316464][T23550] ? is_bad_inode+0xd/0x40 [ 841.316478][T23550] ? xattr_resolve_name+0x27d/0x3f0 [ 841.316498][T23550] ? vfs_getxattr_alloc+0xec/0x350 [ 841.316519][T23550] ? ima_get_hash_algo+0x22d/0x400 [ 841.316535][T23550] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 841.316556][T23550] ? process_measurement+0xe24/0x2400 [ 841.316572][T23550] process_measurement+0xe24/0x2400 [ 841.316597][T23550] ? __pfx_process_measurement+0x10/0x10 [ 841.316614][T23550] ? __lock_acquire+0xd73/0x2630 [ 841.316659][T23550] ? __configfs_open_file+0x6ca/0x9c0 [ 841.316686][T23550] ? inode_to_bdi+0x9e/0x160 [ 841.316709][T23550] ima_file_check+0xca/0x110 [ 841.316728][T23550] ? __pfx_ima_file_check+0x10/0x10 [ 841.316752][T23550] security_file_post_open+0xc4/0x210 [ 841.316776][T23550] path_openat+0x1564/0x3120 [ 841.316800][T23550] ? __pfx_path_openat+0x10/0x10 [ 841.316825][T23550] do_filp_open+0x1f7/0x420 [ 841.316844][T23550] ? __pfx_do_filp_open+0x10/0x10 [ 841.316875][T23550] ? _raw_spin_unlock+0x28/0x50 [ 841.316891][T23550] ? alloc_fd+0x476/0x790 [ 841.316914][T23550] do_sys_openat2+0x12e/0x220 [ 841.316938][T23550] ? __pfx_do_sys_openat2+0x10/0x10 [ 841.316962][T23550] ? __fget_files+0x21f/0x3d0 [ 841.316983][T23550] __x64_sys_openat+0x12d/0x210 [ 841.317005][T23550] ? __pfx___x64_sys_openat+0x10/0x10 [ 841.317027][T23550] ? xfd_validate_state+0x129/0x190 [ 841.317057][T23550] do_syscall_64+0xc9/0xf80 [ 841.317077][T23550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 841.317094][T23550] RIP: 0033:0x7f01a159aeb9 [ 841.317108][T23550] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 841.317123][T23550] RSP: 002b:00007f01a2447028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 841.317139][T23550] RAX: ffffffffffffffda RBX: 00007f01a1816090 RCX: 00007f01a159aeb9 [ 841.317149][T23550] RDX: 0000000000040240 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 841.317158][T23550] RBP: 00007f01a1608c1f R08: 0000000000000000 R09: 0000000000000000 [ 841.317168][T23550] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 841.317177][T23550] R13: 00007f01a1816128 R14: 00007f01a1816090 R15: 00007fff99e7bb78 [ 841.317197][T23550] [ 841.671860][T23550] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 841.679907][T23550] audit: out of memory in audit_log_start [ 842.211894][T23553] ERROR: Out of memory at tomoyo_memory_ok. [ 842.511719][T18959] Bluetooth: hci4: command tx timeout [ 843.064806][T23535] bridge0: port 1(bridge_slave_0) entered blocking state [ 843.117330][T23535] bridge0: port 1(bridge_slave_0) entered disabled state [ 843.155509][T23535] bridge_slave_0: entered allmulticast mode [ 843.178808][T18959] block nbd1: Receive control failed (result -32) [ 843.225932][T23535] bridge_slave_0: entered promiscuous mode [ 843.328912][T23535] bridge0: port 2(bridge_slave_1) entered blocking state [ 843.366097][T23535] bridge0: port 2(bridge_slave_1) entered disabled state [ 843.412501][T23535] bridge_slave_1: entered allmulticast mode [ 843.448139][T23535] bridge_slave_1: entered promiscuous mode [ 843.640687][T23535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 843.710221][T23535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 843.879083][T23535] team0: Port device team_slave_0 added [ 844.044066][T23591] netlink: 'syz.4.6311': attribute type 7 has an invalid length. [ 844.086936][T23591] netlink: 17 bytes leftover after parsing attributes in process `syz.4.6311'. [ 844.140489][T23535] team0: Port device team_slave_1 added [ 844.172036][T23593] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6312'. [ 844.357540][T23535] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 844.399162][T23597] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6314'. [ 844.423521][T23535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 844.476942][T23597] netlink: 25 bytes leftover after parsing attributes in process `syz.3.6314'. [ 844.543121][T18959] Bluetooth: hci4: command tx timeout [ 844.564274][T23535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 844.633599][T23535] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 844.661611][T23535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 844.773826][T23535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 844.839044][T23600] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6315'. [ 844.872978][T23603] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6315'. [ 844.980363][T23602] netlink: 338 bytes leftover after parsing attributes in process `syz.1.6315'. [ 845.196560][T23535] hsr_slave_0: entered promiscuous mode [ 845.231669][T23535] hsr_slave_1: entered promiscuous mode [ 845.267776][T23535] debugfs: 'hsr0' already exists in 'hsr' [ 845.318288][T23535] Cannot create hsr debugfs directory [ 846.397379][T23634] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6326'. [ 846.478684][T23634] netlink: 13 bytes leftover after parsing attributes in process `syz.1.6326'. [ 846.496093][T23636] netlink: 146 bytes leftover after parsing attributes in process `syz.3.6327'. [ 846.613110][T18959] Bluetooth: hci4: command tx timeout [ 846.777609][T23535] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 846.859896][T23535] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 846.947817][T23535] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 847.042652][T23535] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 847.140912][T23648] veth1_vlan: entered allmulticast mode [ 847.524035][T23535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 847.637227][T23535] 8021q: adding VLAN 0 to HW filter on device team0 [ 847.728589][T18891] bridge0: port 1(bridge_slave_0) entered blocking state [ 847.735753][T18891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 847.806985][T18891] bridge0: port 2(bridge_slave_1) entered blocking state [ 847.814190][T18891] bridge0: port 2(bridge_slave_1) entered forwarding state [ 847.876338][T23670] : renamed from bridge_slave_1 (while UP) [ 847.902744][T23670] bridge0: port 2() entered disabled state [ 848.683497][T18959] Bluetooth: hci4: command tx timeout [ 848.747157][T23535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 848.945205][T23685] netlink: set zone limit has 8 unknown bytes [ 849.728246][T23535] veth0_vlan: entered promiscuous mode [ 849.813796][T23535] veth1_vlan: entered promiscuous mode [ 849.937100][T23535] veth0_macvtap: entered promiscuous mode [ 850.003328][T23535] veth1_macvtap: entered promiscuous mode [ 850.152989][T23535] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 850.218159][T23535] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 850.248745][T23717] __nla_validate_parse: 4 callbacks suppressed [ 850.248763][T23717] netlink: 330 bytes leftover after parsing attributes in process `syz.3.6352'. [ 850.290040][T23715] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6351'. [ 850.333505][T19070] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 850.384892][T19070] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 850.456045][T19070] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 850.510426][T19070] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 850.807227][T19070] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 850.867713][T19070] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 850.982122][T18895] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 851.022979][T18895] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 851.238473][T23727] netlink: 266 bytes leftover after parsing attributes in process `syz.4.6356'. [ 851.298669][T23727] IPv6: NLM_F_CREATE should be specified when creating new route [ 852.656744][T23748] Process accounting resumed [ 853.131486][T23765] netlink: 334 bytes leftover after parsing attributes in process `syz.5.6371'. [ 853.298708][T23766] ERROR: Out of memory at tomoyo_memory_ok. [ 854.660978][T23781] netlink: 350 bytes leftover after parsing attributes in process `syz.5.6376'. [ 854.745928][T23780] kAFS: bad VL server IP address [ 855.080356][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801efb1000: rx timeout, send abort [ 855.088739][ C0] vcan0: j1939_tp_rxtimer: 0xffff88801efb1400: rx timeout, send abort [ 855.097158][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88801efb1000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 855.111530][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88801efb1400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 855.134045][ T5179] ERROR: Out of memory at tomoyo_memory_ok. [ 855.182614][T23783] nvme_fabrics: missing parameter 'transport=%s' [ 855.211492][T23783] nvme_fabrics: missing parameter 'nqn=%s' [ 855.394769][T23795] FAULT_INJECTION: forcing a failure. [ 855.394769][T23795] name failslab, interval 1, probability 393216, space 0, times 0 [ 855.484885][T23795] CPU: 0 UID: 0 PID: 23795 Comm: syz.3.6381 Tainted: G L syzkaller #0 PREEMPT(full) [ 855.484914][T23795] Tainted: [L]=SOFTLOCKUP [ 855.484920][T23795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 855.484930][T23795] Call Trace: [ 855.484936][T23795] [ 855.484943][T23795] dump_stack_lvl+0x100/0x190 [ 855.484968][T23795] should_fail_ex.cold+0x5/0xa [ 855.484995][T23795] should_failslab+0xc2/0x120 [ 855.485018][T23795] kmem_cache_alloc_noprof+0x83/0x780 [ 855.485038][T23795] ? __pfx_acpi_ut_track_stack_ptr+0x10/0x10 [ 855.485060][T23795] ? acpi_ut_create_generic_state+0x61/0xc0 [ 855.485083][T23795] ? acpi_ut_create_generic_state+0x61/0xc0 [ 855.485101][T23795] acpi_ut_create_generic_state+0x61/0xc0 [ 855.485121][T23795] acpi_ps_init_scope+0x3a/0x240 [ 855.485143][T23795] acpi_ds_init_aml_walk+0x1f6/0x680 [ 855.485166][T23795] acpi_ps_execute_method+0x39d/0xe90 [ 855.485193][T23795] acpi_ns_evaluate+0x640/0x1670 [ 855.485220][T23795] acpi_evaluate_object+0x420/0xe00 [ 855.485237][T23795] ? kernfs_fop_read_iter+0x46c/0x610 [ 855.485261][T23795] ? vfs_read+0x825/0xb30 [ 855.485278][T23795] ? ksys_read+0x12a/0x250 [ 855.485298][T23795] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 855.485319][T23795] ? __pfx___might_resched+0x10/0x10 [ 855.485346][T23795] acpi_evaluate_integer+0xdf/0x220 [ 855.485362][T23795] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 855.485385][T23795] ? __pfx_status_show+0x10/0x10 [ 855.485402][T23795] status_show+0xa0/0x120 [ 855.485419][T23795] ? __pfx_status_show+0x10/0x10 [ 855.485442][T23795] dev_attr_show+0x52/0xa0 [ 855.485463][T23795] ? __pfx_dev_attr_show+0x10/0x10 [ 855.485484][T23795] sysfs_kf_seq_show+0x217/0x3a0 [ 855.485506][T23795] seq_read_iter+0x32f/0x1270 [ 855.485536][T23795] kernfs_fop_read_iter+0x46c/0x610 [ 855.485554][T23795] ? rw_verify_area+0xce/0x6d0 [ 855.485568][T23795] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 855.485587][T23795] vfs_read+0x825/0xb30 [ 855.485607][T23795] ? __pfx_vfs_read+0x10/0x10 [ 855.485623][T23795] ? find_held_lock+0x2b/0x80 [ 855.485650][T23795] ksys_read+0x12a/0x250 [ 855.485667][T23795] ? __pfx_ksys_read+0x10/0x10 [ 855.485689][T23795] do_syscall_64+0xc9/0xf80 [ 855.485710][T23795] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 855.485726][T23795] RIP: 0033:0x7f01a159aeb9 [ 855.485739][T23795] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 855.485753][T23795] RSP: 002b:00007f01a2468028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 855.485769][T23795] RAX: ffffffffffffffda RBX: 00007f01a1815fa0 RCX: 00007f01a159aeb9 [ 855.485780][T23795] RDX: 000000000000007a RSI: 0000200000000240 RDI: 0000000000000004 [ 855.485790][T23795] RBP: 00007f01a1608c1f R08: 0000000000000000 R09: 0000000000000000 [ 855.485800][T23795] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 855.485809][T23795] R13: 00007f01a1816038 R14: 00007f01a1815fa0 R15: 00007fff99e7bb78 [ 855.485830][T23795] [ 856.028137][T23793] Loading of unsigned module is rejected [ 858.657241][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807e2c9800: rx timeout, send abort [ 858.665582][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807e2c8000: rx timeout, send abort [ 858.674299][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807e2c9800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 858.688675][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807e2c8000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 859.019045][T23844] netlink: 25 bytes leftover after parsing attributes in process `syz.4.6401'. [ 860.904859][T23880] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6414'. [ 860.989391][T23880] bond_slave_0: entered allmulticast mode [ 861.708323][T23896] netlink: 17 bytes leftover after parsing attributes in process `syz.4.6421'. [ 861.768279][T23896] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6421'. [ 863.456030][T23928] binder: 23925:23928 ioctl 5309 38 returned -22 [ 863.507382][T23928] netlink: 16 bytes leftover after parsing attributes in process `syz.5.6432'. [ 863.610793][T23929] binder: 23925:23929 ioctl ae41 ffffffffffffffff returned -22 [ 864.565252][T23953] ERROR: Out of memory at tomoyo_memory_ok. [ 864.824467][T23964] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6445'. [ 864.873836][T23949] zswap: compressor not available [ 865.005446][T23965] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6441'. [ 865.612984][T23976] netlink: 17 bytes leftover after parsing attributes in process `syz.5.6448'. [ 865.665971][T23976] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6448'. [ 865.888759][T23975] netlink: 186 bytes leftover after parsing attributes in process `syz.4.6456'. [ 865.945045][T23975] netlink: 186 bytes leftover after parsing attributes in process `syz.4.6456'. [ 866.580861][T23991] netlink: 334 bytes leftover after parsing attributes in process `syz.4.6452'. [ 868.709963][T24024] netlink: 'syz.3.6465': attribute type 1 has an invalid length. [ 868.717754][T24024] netlink: 'syz.3.6465': attribute type 6 has an invalid length. [ 872.426509][T24071] netlink: 'syz.4.6482': attribute type 17 has an invalid length. [ 872.503831][T24071] netlink: 326 bytes leftover after parsing attributes in process `syz.4.6482'. [ 872.991241][T24090] netlink: 20 bytes leftover after parsing attributes in process `syz.5.6489'. [ 873.505744][T24096] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6491'. [ 873.599485][T24096] netlink: 'syz.1.6491': attribute type 1 has an invalid length. [ 873.694341][T24096] netlink: 13 bytes leftover after parsing attributes in process `syz.1.6491'. [ 875.206388][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.212928][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 875.732242][T24124] ERROR: Out of memory at tomoyo_memory_ok. [ 876.334336][T24129] netlink: 186 bytes leftover after parsing attributes in process `syz.5.6500'. [ 876.396327][T24129] netlink: 186 bytes leftover after parsing attributes in process `syz.5.6500'. [ 877.143039][T24139] zswap: compressor not available [ 877.199702][T24145] FAULT_INJECTION: forcing a failure. [ 877.199702][T24145] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 877.421676][T24145] CPU: 0 UID: 0 PID: 24145 Comm: syz.3.6503 Tainted: G L syzkaller #0 PREEMPT(full) [ 877.421705][T24145] Tainted: [L]=SOFTLOCKUP [ 877.421710][T24145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 877.421731][T24145] Call Trace: [ 877.421736][T24145] [ 877.421742][T24145] dump_stack_lvl+0x100/0x190 [ 877.421768][T24145] should_fail_ex.cold+0x5/0xa [ 877.421792][T24145] ? prepare_alloc_pages+0x16d/0x5f0 [ 877.421817][T24145] should_fail_alloc_page+0xeb/0x140 [ 877.421840][T24145] prepare_alloc_pages+0x1f0/0x5f0 [ 877.421865][T24145] __alloc_frozen_pages_noprof+0x193/0x2410 [ 877.421884][T24145] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 877.421901][T24145] ? find_held_lock+0x2b/0x80 [ 877.421916][T24145] ? mm_drop_all_locks+0x390/0x4b0 [ 877.421933][T24145] ? mm_drop_all_locks+0x390/0x4b0 [ 877.421955][T24145] ? __mutex_unlock_slowpath+0x15c/0x790 [ 877.421975][T24145] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 877.422003][T24145] ? mm_drop_all_locks+0x390/0x4b0 [ 877.422021][T24145] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 877.422039][T24145] ? policy_nodemask+0xed/0x4f0 [ 877.422062][T24145] alloc_pages_mpol+0x1fb/0x550 [ 877.422085][T24145] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 877.422111][T24145] alloc_pages_noprof+0x131/0x390 [ 877.422133][T24145] kvm_coalesced_mmio_init+0x1a/0x170 [ 877.422150][T24145] kvm_dev_ioctl+0xe00/0x1a80 [ 877.422173][T24145] ? find_held_lock+0x2b/0x80 [ 877.422188][T24145] ? hook_file_ioctl_common+0x146/0x410 [ 877.422211][T24145] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 877.422233][T24145] ? __fget_files+0x21f/0x3d0 [ 877.422253][T24145] ? __pfx_kvm_dev_ioctl+0x10/0x10 [ 877.422274][T24145] __x64_sys_ioctl+0x18e/0x210 [ 877.422299][T24145] do_syscall_64+0xc9/0xf80 [ 877.422320][T24145] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 877.422335][T24145] RIP: 0033:0x7f01a159aeb9 [ 877.422349][T24145] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 877.422363][T24145] RSP: 002b:00007f01a2468028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 877.422379][T24145] RAX: ffffffffffffffda RBX: 00007f01a1815fa0 RCX: 00007f01a159aeb9 [ 877.422389][T24145] RDX: 0000000000000000 RSI: 000000000000ae01 RDI: 0000000000000004 [ 877.422398][T24145] RBP: 00007f01a1608c1f R08: 0000000000000000 R09: 0000000000000000 [ 877.422407][T24145] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 877.422416][T24145] R13: 00007f01a1816038 R14: 00007f01a1815fa0 R15: 00007fff99e7bb78 [ 877.422435][T24145] [ 878.539170][T24164] netlink: 'syz.5.6509': attribute type 27 has an invalid length. [ 878.582889][T24164] netlink: 146 bytes leftover after parsing attributes in process `syz.5.6509'. [ 879.203423][T24169] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6511'. [ 879.304719][T24169] netlink: 274 bytes leftover after parsing attributes in process `syz.5.6511'. [ 880.027606][ T30] audit: type=1800 audit(1770364344.895:25): pid=24181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.6516" name="lu_gp_id" dev="configfs" ino=112803 res=0 errno=0 [ 882.839728][T24205] zswap: compressor û not available [ 884.134995][T24235] netlink: 86 bytes leftover after parsing attributes in process `syz.1.6534'. [ 886.796366][T24272] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6544'. [ 886.912637][T24273] ERROR: Out of memory at tomoyo_memory_ok. [ 887.927583][T24283] vhci_hcd vhci_hcd.2: invalid port number 16 [ 887.977025][T24283] vhci_hcd vhci_hcd.2: invalid port number 16 [ 888.933179][T24296] netlink: 186 bytes leftover after parsing attributes in process `syz.5.6553'. [ 889.844078][T24308] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 889.928724][T24309] FAULT_INJECTION: forcing a failure. [ 889.928724][T24309] name fail_futex, interval 1, probability 0, space 0, times 0 [ 890.002168][T24309] CPU: 0 UID: 0 PID: 24309 Comm: syz.5.6556 Tainted: G L syzkaller #0 PREEMPT(full) [ 890.002195][T24309] Tainted: [L]=SOFTLOCKUP [ 890.002200][T24309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 890.002211][T24309] Call Trace: [ 890.002217][T24309] [ 890.002223][T24309] dump_stack_lvl+0x100/0x190 [ 890.002247][T24309] should_fail_ex.cold+0x5/0xa [ 890.002273][T24309] get_futex_key+0x1d2/0x1620 [ 890.002295][T24309] ? __pfx_get_futex_key+0x10/0x10 [ 890.002321][T24309] futex_wake+0xea/0x530 [ 890.002347][T24309] ? __pfx_futex_wake+0x10/0x10 [ 890.002370][T24309] ? exit_mm_release+0x19/0x30 [ 890.002396][T24309] do_futex+0x32b/0x350 [ 890.002417][T24309] ? __pfx_do_futex+0x10/0x10 [ 890.002436][T24309] ? __might_fault+0xc5/0x140 [ 890.002458][T24309] mm_release+0x24a/0x2f0 [ 890.002477][T24309] do_exit+0x675/0x2a30 [ 890.002503][T24309] ? __pfx_do_exit+0x10/0x10 [ 890.002525][T24309] ? do_raw_spin_lock+0x128/0x260 [ 890.002548][T24309] ? find_held_lock+0x2b/0x80 [ 890.002562][T24309] ? get_signal+0x7e0/0x21e0 [ 890.002582][T24309] do_group_exit+0xd5/0x2a0 [ 890.002605][T24309] get_signal+0x1ec7/0x21e0 [ 890.002630][T24309] ? __pfx_get_signal+0x10/0x10 [ 890.002648][T24309] ? do_futex+0x192/0x350 [ 890.002670][T24309] arch_do_signal_or_restart+0x91/0x770 [ 890.002693][T24309] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 890.002719][T24309] ? __pfx___x64_sys_futex+0x10/0x10 [ 890.002738][T24309] ? xfd_validate_state+0x129/0x190 [ 890.002765][T24309] exit_to_user_mode_loop+0x86/0x4b0 [ 890.002787][T24309] ? rcu_is_watching+0x12/0xc0 [ 890.002809][T24309] do_syscall_64+0x4ea/0xf80 [ 890.002829][T24309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.002845][T24309] RIP: 0033:0x7f5680f9aeb9 [ 890.002858][T24309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 890.002873][T24309] RSP: 002b:00007f567f1d50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 890.002889][T24309] RAX: fffffffffffffe00 RBX: 00007f5681216098 RCX: 00007f5680f9aeb9 [ 890.002899][T24309] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f5681216098 [ 890.002908][T24309] RBP: 00007f5681216090 R08: 0000000000000000 R09: 0000000000000000 [ 890.002917][T24309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 890.002925][T24309] R13: 00007f5681216128 R14: 00007ffed7de9c40 R15: 00007ffed7de9d28 [ 890.002944][T24309] [ 890.666974][T24312] netlink: 62 bytes leftover after parsing attributes in process `syz.4.6557'. [ 890.804337][T24317] syz.1.6559 (24317): attempted to duplicate a private mapping with mremap. This is not supported. [ 891.414612][T24326] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6561'. [ 892.302971][T24345] binder: 24343:24345 unknown command 0 [ 892.322760][T24345] binder: 24343:24345 ioctl c0306201 2000000000c0 returned -22 [ 894.776570][T24363] netlink: 'syz.5.6573': attribute type 35 has an invalid length. [ 895.351743][ T5826] Process accounting paused [ 895.812801][T20589] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 895.823838][T20589] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 895.850715][T20589] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 895.859511][T20589] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 895.867895][T20589] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 896.796188][T24377] chnl_net:caif_netlink_parms(): no params data found [ 897.100270][T24377] bridge0: port 1(bridge_slave_0) entered blocking state [ 897.141589][T24377] bridge0: port 1(bridge_slave_0) entered disabled state [ 897.181490][T24377] bridge_slave_0: entered allmulticast mode [ 897.219677][T24377] bridge_slave_0: entered promiscuous mode [ 897.265971][T24377] bridge0: port 2(bridge_slave_1) entered blocking state [ 897.304367][T24377] bridge0: port 2(bridge_slave_1) entered disabled state [ 897.354879][T24377] bridge_slave_1: entered allmulticast mode [ 897.424472][T24377] bridge_slave_1: entered promiscuous mode [ 897.574394][T24377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 897.584228][T24407] FAULT_INJECTION: forcing a failure. [ 897.584228][T24407] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 897.646190][T24377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 897.666028][T24407] CPU: 0 UID: 0 PID: 24407 Comm: syz.5.6587 Tainted: G L syzkaller #0 PREEMPT(full) [ 897.666059][T24407] Tainted: [L]=SOFTLOCKUP [ 897.666067][T24407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 897.666077][T24407] Call Trace: [ 897.666084][T24407] [ 897.666095][T24407] dump_stack_lvl+0x100/0x190 [ 897.666120][T24407] should_fail_ex.cold+0x5/0xa [ 897.666146][T24407] _copy_from_user+0x2e/0xd0 [ 897.666171][T24407] post_copy_siginfo_from_user.isra.0+0x16e/0x300 [ 897.666196][T24407] ? __pfx_post_copy_siginfo_from_user.isra.0+0x10/0x10 [ 897.666220][T24407] ? find_held_lock+0x2b/0x80 [ 897.666246][T24407] __x64_sys_rt_tgsigqueueinfo+0x151/0x210 [ 897.666276][T24407] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 897.666308][T24407] do_syscall_64+0xc9/0xf80 [ 897.666330][T24407] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 897.666347][T24407] RIP: 0033:0x7f5680f9aeb9 [ 897.666360][T24407] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 897.666376][T24407] RSP: 002b:00007f567f1f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 897.666392][T24407] RAX: ffffffffffffffda RBX: 00007f5681215fa0 RCX: 00007f5680f9aeb9 [ 897.666403][T24407] RDX: 000000000000527b RSI: 00000000000000c0 RDI: 00000000000000bf [ 897.666412][T24407] RBP: 00007f5681008c1f R08: 0000000000000000 R09: 0000000000000000 [ 897.666421][T24407] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 897.666430][T24407] R13: 00007f5681216038 R14: 00007f5681215fa0 R15: 00007ffed7de9d28 [ 897.666450][T24407] [ 897.876882][T24377] team0: Port device team_slave_0 added [ 897.885167][T24377] team0: Port device team_slave_1 added [ 897.908491][T24377] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 897.915514][T24377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 897.941480][T24377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 897.953501][T24377] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 897.960698][T24377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 897.987580][T24377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 898.025713][T24377] hsr_slave_0: entered promiscuous mode [ 898.088002][T20589] Bluetooth: hci5: command tx timeout [ 898.099089][T24377] hsr_slave_1: entered promiscuous mode [ 898.129483][T24377] debugfs: 'hsr0' already exists in 'hsr' [ 898.164159][T24377] Cannot create hsr debugfs directory [ 898.187715][T24410] ERROR: Out of memory at tomoyo_memory_ok. [ 899.625930][T24420] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 899.891536][T24377] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 900.005147][T24377] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 900.074048][T24436] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6597'. [ 900.122400][T20589] Bluetooth: hci5: command tx timeout [ 900.145001][T24377] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 900.209541][T24436] bridge_slave_1: left allmulticast mode [ 900.219043][T24436] bridge_slave_1: left promiscuous mode [ 900.257090][T24436] bridge0: port 2(bridge_slave_1) entered disabled state [ 900.359864][T24436] bridge_slave_0: left allmulticast mode [ 900.387140][T24436] bridge_slave_0: left promiscuous mode [ 900.412462][T24436] bridge0: port 1(bridge_slave_0) entered disabled state [ 900.663107][T24377] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 900.961403][T24450] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6599'. [ 901.622287][T24377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 902.056742][T24377] 8021q: adding VLAN 0 to HW filter on device team0 [ 902.196479][T20589] Bluetooth: hci5: command tx timeout [ 902.414180][T19070] bridge0: port 1(bridge_slave_0) entered blocking state [ 902.421374][T19070] bridge0: port 1(bridge_slave_0) entered forwarding state [ 902.522077][T19070] bridge0: port 2(bridge_slave_1) entered blocking state [ 902.529224][T19070] bridge0: port 2(bridge_slave_1) entered forwarding state [ 902.907440][T24377] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 903.027148][T24473] zswap: compressor  not available [ 903.817334][T24377] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 904.265936][T20589] Bluetooth: hci5: command tx timeout [ 904.881157][T24377] veth0_vlan: entered promiscuous mode [ 904.969935][T24377] veth1_vlan: entered promiscuous mode [ 905.119808][T24377] veth0_macvtap: entered promiscuous mode [ 905.175172][T24377] veth1_macvtap: entered promiscuous mode [ 905.289851][T24377] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 905.354421][T24377] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 905.523556][T19070] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.567560][T19070] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.702893][T19070] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 905.750113][T24514] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6618'. [ 905.764862][T19070] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 906.632296][T18891] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 906.687382][T18891] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 906.796112][T18907] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 906.845641][T18907] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 906.874177][T24526] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6622'. [ 907.116849][T24526] veth0_macvtap: left promiscuous mode [ 907.289103][T24526] macvtap0: entered promiscuous mode [ 907.338976][T24526] macvtap0: entered allmulticast mode [ 908.306149][T24546] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6629'. [ 908.406741][T24546] netlink: 294 bytes leftover after parsing attributes in process `syz.5.6629'. [ 908.764977][T24553] netlink: 252 bytes leftover after parsing attributes in process `syz.5.6631'. [ 908.835401][T24553] netlink: 252 bytes leftover after parsing attributes in process `syz.5.6631'. [ 909.339983][T24564] ERROR: Out of memory at tomoyo_memory_ok. [ 911.026505][T24586] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6641'. [ 911.592550][T24586] team0 (unregistering): Port device team_slave_0 removed [ 912.722855][T24586] team0 (unregistering): Port device team_slave_1 removed [ 913.481003][T24611] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6651'. [ 913.858991][T24618] netlink: 338 bytes leftover after parsing attributes in process `syz.6.6653'. [ 914.717756][T24619] mkiss: ax0: crc mode is auto. [ 916.887055][T24666] RDS: rds_bind could not find a transport for ::ffff:300, load rds_tcp or rds_rdma? [ 917.165197][T24668] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 917.434801][T24671] Â: entered promiscuous mode [ 919.695917][T24707] netlink: 338 bytes leftover after parsing attributes in process `syz.5.6685'. [ 919.778610][T24709] netlink: 338 bytes leftover after parsing attributes in process `syz.5.6685'. [ 919.829557][T24709] netlink: 338 bytes leftover after parsing attributes in process `syz.5.6685'. [ 919.916286][T24709] netlink: 338 bytes leftover after parsing attributes in process `syz.5.6685'. [ 920.566640][T24715] ERROR: Out of memory at tomoyo_memory_ok. [ 920.674078][T24717] netlink: 'syz.5.6689': attribute type 1 has an invalid length. [ 920.731478][T24717] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6689'. [ 921.023421][T24721] netlink: 274 bytes leftover after parsing attributes in process `syz.1.6691'. [ 923.086304][T24763] zswap: compressor not available [ 924.176355][T24780] block nbd0: shutting down sockets [ 925.368801][T24800] netlink: 194 bytes leftover after parsing attributes in process `syz.1.6719'. [ 927.662368][T18907] bridge_slave_1: left allmulticast mode [ 927.731543][T18907] bridge_slave_1: left promiscuous mode [ 927.756806][T18907] bridge0: port 2(bridge_slave_1) entered disabled state [ 927.981292][T18907] bridge_slave_0: left allmulticast mode [ 928.042109][T18907] bridge_slave_0: left promiscuous mode [ 928.047860][T18907] bridge0: port 1(bridge_slave_0) entered disabled state [ 929.794155][T24847] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6734'. [ 930.888127][T24873] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6741'. [ 931.035525][T18907] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 931.143500][T18907] bond0 (unregistering): Released all slaves [ 931.544665][T18907] ovs_: left promiscuous mode [ 931.757885][T24881] ERROR: Out of memory at tomoyo_memory_ok. [ 932.859111][T24904] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6748'. [ 932.992615][T24906] netlink: 13 bytes leftover after parsing attributes in process `syz.4.6748'. [ 934.317359][T24913] netlink: 18 bytes leftover after parsing attributes in process `syz.4.6752'. [ 934.337981][T24923] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 934.590476][T24932] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6756'. [ 934.958575][T18907] hsr_slave_0: left promiscuous mode [ 934.997785][T18907] hsr_slave_1: left promiscuous mode [ 935.056234][T18907] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 935.107190][T18907] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 935.257373][T18907] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 935.264812][T18907] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 935.628141][T18907] veth1_vlan: left promiscuous mode [ 935.686704][T18907] veth0_vlan: left promiscuous mode [ 936.005794][T24952] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6761'. [ 936.363019][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 936.369332][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 938.854883][T18907] team0 (unregistering): Port device team_slave_1 removed [ 939.150656][T18907] team0 (unregistering): Port device team_slave_0 removed [ 941.511428][T24952] veth1_macvtap: left promiscuous mode [ 941.676319][T24976] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6769'. [ 942.957270][T24999] ERROR: Out of memory at tomoyo_memory_ok. [ 944.832370][T25032] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6782'. [ 945.025156][T25035] netlink: 'syz.4.6783': attribute type 10 has an invalid length. [ 945.064392][T25035] netlink: 230 bytes leftover after parsing attributes in process `syz.4.6783'. [ 947.013796][T25067] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6793'. [ 947.067074][T25067] netlink: 25 bytes leftover after parsing attributes in process `syz.6.6793'. [ 948.285358][T25086] netlink: 252 bytes leftover after parsing attributes in process `syz.6.6801'. [ 948.351802][T25087] netlink: 252 bytes leftover after parsing attributes in process `syz.6.6801'. [ 948.457179][T25090] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6802'. [ 948.626866][T18959] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 948.648505][T18959] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 948.663729][T18959] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 948.674586][T18959] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 948.682240][T18959] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 948.912654][T25098] netlink: 274 bytes leftover after parsing attributes in process `syz.1.6804'. [ 948.924346][T25099] netlink: 28 bytes leftover after parsing attributes in process `syz.6.6803'. [ 949.918174][T25092] chnl_net:caif_netlink_parms(): no params data found [ 950.253752][ T30] audit: type=1107 audit(1770364415.445:26): pid=25109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 950.339160][ T30] audit: type=1107 audit(1770364415.476:27): pid=25109 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 950.398540][T25121] FAULT_INJECTION: forcing a failure. [ 950.398540][T25121] name fail_futex, interval 1, probability 0, space 0, times 0 [ 950.474014][T25121] CPU: 0 UID: 0 PID: 25121 Comm: syz.6.6808 Tainted: G L syzkaller #0 PREEMPT(full) [ 950.474041][T25121] Tainted: [L]=SOFTLOCKUP [ 950.474051][T25121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 950.474060][T25121] Call Trace: [ 950.474066][T25121] [ 950.474072][T25121] dump_stack_lvl+0x100/0x190 [ 950.474096][T25121] should_fail_ex.cold+0x5/0xa [ 950.474121][T25121] get_futex_key+0x1d2/0x1620 [ 950.474144][T25121] ? __pfx_get_futex_key+0x10/0x10 [ 950.474169][T25121] futex_wait_setup+0x81/0x500 [ 950.474189][T25121] __futex_wait+0x19f/0x300 [ 950.474204][T25121] ? __pfx___futex_wait+0x10/0x10 [ 950.474221][T25121] ? __pfx_futex_wake_mark+0x10/0x10 [ 950.474248][T25121] ? __hrtimer_setup+0x178/0x280 [ 950.474272][T25121] ? ktime_add_safe+0x60/0x70 [ 950.474295][T25121] futex_wait+0xed/0x380 [ 950.474309][T25121] ? __pfx_futex_wait+0x10/0x10 [ 950.474322][T25121] ? __lock_acquire+0x4a5/0x2630 [ 950.474352][T25121] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 950.474381][T25121] do_futex+0x1ef/0x350 [ 950.474402][T25121] ? __pfx_do_futex+0x10/0x10 [ 950.474420][T25121] ? rcu_is_watching+0x12/0xc0 [ 950.474434][T25121] ? ktime_get+0x200/0x300 [ 950.474451][T25121] ? lockdep_hardirqs_on+0x78/0x100 [ 950.474470][T25121] ? read_tsc+0x9/0x20 [ 950.474492][T25121] __x64_sys_futex+0x34f/0x4d0 [ 950.474515][T25121] ? __pfx___x64_sys_futex+0x10/0x10 [ 950.474535][T25121] ? xfd_validate_state+0x129/0x190 [ 950.474565][T25121] do_syscall_64+0xc9/0xf80 [ 950.474585][T25121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 950.474600][T25121] RIP: 0033:0x7f117119aeb9 [ 950.474613][T25121] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 950.474627][T25121] RSP: 002b:00007fff42c26cf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 950.474642][T25121] RAX: ffffffffffffffda RBX: 00000000000e821d RCX: 00007f117119aeb9 [ 950.474652][T25121] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f1171415fac [ 950.474661][T25121] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 950.474670][T25121] R10: 00007fff42c26e00 R11: 0000000000000246 R12: 00007fff42c26e20 [ 950.474679][T25121] R13: 00007f1171415fac R14: 00000000000e824f R15: 00007fff42c26e00 [ 950.474698][T25121] [ 950.989328][T18959] Bluetooth: hci6: command tx timeout [ 951.039623][T25092] bridge0: port 1(bridge_slave_0) entered blocking state [ 951.076281][T25092] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.101752][T25092] bridge_slave_0: entered allmulticast mode [ 951.120075][T25092] bridge_slave_0: entered promiscuous mode [ 951.127772][T25092] bridge0: port 2(bridge_slave_1) entered blocking state [ 951.134982][T25092] bridge0: port 2(bridge_slave_1) entered disabled state [ 951.144035][T25092] bridge_slave_1: entered allmulticast mode [ 951.169418][T25092] bridge_slave_1: entered promiscuous mode [ 951.352528][T25092] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 951.415515][T25092] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 951.583864][T25092] team0: Port device team_slave_0 added [ 951.661805][T25092] team0: Port device team_slave_1 added [ 951.806334][T25092] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 951.868354][T25092] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 952.074080][T25092] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 952.129594][T25092] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 952.163272][T25092] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 952.318470][T25092] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 952.538023][T25092] hsr_slave_0: entered promiscuous mode [ 952.570815][T25154] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6819'. [ 952.586303][T25092] hsr_slave_1: entered promiscuous mode [ 952.612296][T25092] debugfs: 'hsr0' already exists in 'hsr' [ 952.620248][T25154] netlink: 25 bytes leftover after parsing attributes in process `syz.6.6819'. [ 952.654908][T25092] Cannot create hsr debugfs directory [ 952.974285][T25163] netlink: 86 bytes leftover after parsing attributes in process `syz.6.6820'. [ 952.996686][T18959] Bluetooth: hci6: command tx timeout [ 953.491499][T25092] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 953.544369][T25092] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 953.603664][T25092] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 953.657269][T25092] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 954.120730][T25092] 8021q: adding VLAN 0 to HW filter on device bond0 [ 954.233832][T25182] ERROR: Out of memory at tomoyo_memory_ok. [ 954.248031][T25092] 8021q: adding VLAN 0 to HW filter on device team0 [ 954.318403][T18895] bridge0: port 1(bridge_slave_0) entered blocking state [ 954.325554][T18895] bridge0: port 1(bridge_slave_0) entered forwarding state [ 954.458647][T18907] bridge0: port 2(bridge_slave_1) entered blocking state [ 954.465819][T18907] bridge0: port 2(bridge_slave_1) entered forwarding state [ 954.707181][T25092] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 955.073263][T18959] Bluetooth: hci6: command tx timeout [ 955.367243][T25202] netlink: 'syz.4.6828': attribute type 28 has an invalid length. [ 955.511313][T25202] netlink: 'syz.4.6828': attribute type 3 has an invalid length. [ 955.635886][T25202] netlink: 306 bytes leftover after parsing attributes in process `syz.4.6828'. [ 955.944335][T25092] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 957.136742][T18959] Bluetooth: hci6: command tx timeout [ 957.201661][T25092] veth0_vlan: entered promiscuous mode [ 957.277470][T25092] veth1_vlan: entered promiscuous mode [ 957.882044][T25092] veth0_macvtap: entered promiscuous mode [ 957.957312][T25092] veth1_macvtap: entered promiscuous mode [ 958.091051][T25092] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 958.204836][T25092] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 958.297065][T18907] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 958.368333][T18907] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 958.377060][T18907] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 958.804990][T18907] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 959.751672][T18918] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 959.760223][T18918] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 959.973908][T18918] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 960.030674][T18918] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 960.869440][T25286] nfs: Unknown parameter 'nl802154' [ 961.528749][T25296] netlink: 62 bytes leftover after parsing attributes in process `syz.4.6839'. [ 963.903683][T20589] Bluetooth: hci4: command 0x0406 tx timeout [ 965.401416][T25356] ERROR: Out of memory at tomoyo_memory_ok. [ 969.669421][T25406] sp0: Synchronizing with TNC [ 972.999450][ T30] audit: type=1107 audit(1770364438.309:28): pid=25446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 973.087505][ T30] audit: type=1107 audit(1770364438.329:29): pid=25446 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 973.525241][T25455] vivid-007: ================= START STATUS ================= [ 973.617625][T25455] vivid-007: Enable Output Cropping: true grabbed [ 973.740078][T25455] vivid-007: Enable Output Composing: true grabbed [ 973.838422][T25455] vivid-007: Enable Output Scaler: true grabbed [ 973.972998][T25455] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 974.032982][T25455] vivid-007: Transmit Mode: HDMI grabbed [ 974.127072][T25455] vivid-007: Hotplug Present: 0x00000000 [ 974.219227][T25455] vivid-007: RxSense Present: 0x00000000 [ 974.368144][T25455] vivid-007: EDID Present: 0x00000000 [ 974.375074][T25455] vivid-007: ================== END STATUS ================== [ 976.570341][T25499] netlink: 'syz.7.6903': attribute type 10 has an invalid length. [ 976.637582][T25499] netlink: 'syz.7.6903': attribute type 13 has an invalid length. [ 976.668758][T25500] ERROR: Out of memory at tomoyo_memory_ok. [ 978.241831][T25525] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 979.174480][T25535] random: crng reseeded on system resumption [ 983.873353][T18959] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 985.009025][T25600] netlink: 354 bytes leftover after parsing attributes in process `syz.6.6934'. [ 985.145687][T25605] tc_dump_action: action bad kind [ 986.746681][T25632] netlink: 186 bytes leftover after parsing attributes in process `syz.6.6947'. [ 986.816617][T25632] netlink: 186 bytes leftover after parsing attributes in process `syz.6.6947'. [ 987.882921][T25649] ERROR: Out of memory at tomoyo_memory_ok. [ 988.854212][T25670] netlink: 25 bytes leftover after parsing attributes in process `syz.6.6960'. [ 990.344660][T25686] netlink: 'syz.7.6965': attribute type 19 has an invalid length. [ 990.463618][T25686] netlink: 226 bytes leftover after parsing attributes in process `syz.7.6965'. [ 991.092661][T25696] netlink: 25 bytes leftover after parsing attributes in process `syz.7.6970'. [ 991.214995][T25702] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6973'. [ 991.681245][T25708] netlink: 186 bytes leftover after parsing attributes in process `syz.7.6974'. [ 991.895788][T25714] netlink: 226 bytes leftover after parsing attributes in process `syz.4.6977'. [ 991.957249][T25714] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6977'. [ 992.022893][T25714] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 992.134522][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805fe09400: rx timeout, send abort [ 992.150413][ T5179] ERROR: Out of memory at tomoyo_memory_ok. [ 992.386707][T25721] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6980'. [ 992.640257][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805fe09400: abort rx timeout. Force session deactivation [ 993.625224][T25736] netlink: 62 bytes leftover after parsing attributes in process `syz.7.6982'. [ 995.614717][T25757] netlink: 54 bytes leftover after parsing attributes in process `syz.4.6988'. [ 995.652668][T25753] zswap: compressor not available [ 997.501769][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 997.520156][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.440154][T18959] Bluetooth: hci1: SCO packet for unknown connection handle 0 [ 999.059733][T25810] ERROR: Out of memory at tomoyo_memory_ok. [ 999.349122][T25816] netlink: 'syz.4.7008': attribute type 10 has an invalid length. [ 999.411029][T25816] netlink: 230 bytes leftover after parsing attributes in process `syz.4.7008'. [ 999.520158][T25816] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 999.765459][T25819] binder: 25818:25819 ioctl c0306201 0 returned -14 [ 1001.464685][T25848] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7019'. [ 1001.732997][T25848] bridge_slave_1 (unregistering): left allmulticast mode [ 1001.766661][T25848] bridge_slave_1 (unregistering): left promiscuous mode [ 1001.815796][T25848] bridge0: port 2(bridge_slave_1) entered disabled state [ 1003.322164][T25877] FAULT_INJECTION: forcing a failure. [ 1003.322164][T25877] name failslab, interval 1, probability 393216, space 0, times 0 [ 1003.411585][T25877] CPU: 0 UID: 0 PID: 25877 Comm: syz.6.7029 Tainted: G L syzkaller #0 PREEMPT(full) [ 1003.411615][T25877] Tainted: [L]=SOFTLOCKUP [ 1003.411621][T25877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1003.411632][T25877] Call Trace: [ 1003.411638][T25877] [ 1003.411644][T25877] dump_stack_lvl+0x100/0x190 [ 1003.411670][T25877] should_fail_ex.cold+0x5/0xa [ 1003.411696][T25877] should_failslab+0xc2/0x120 [ 1003.411719][T25877] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 1003.411743][T25877] ? __alloc_skb+0x156/0x410 [ 1003.411767][T25877] ? __alloc_skb+0x156/0x410 [ 1003.411785][T25877] __alloc_skb+0x156/0x410 [ 1003.411804][T25877] ? __alloc_skb+0x35d/0x410 [ 1003.411823][T25877] ? __pfx___alloc_skb+0x10/0x10 [ 1003.411845][T25877] ? aa_label_sk_perm+0x194/0x5f0 [ 1003.411867][T25877] ? set_next_entity+0x11a/0x9b0 [ 1003.411891][T25877] alloc_skb_with_frags+0xe0/0x810 [ 1003.411907][T25877] ? __lock_acquire+0x4a5/0x2630 [ 1003.411929][T25877] sock_alloc_send_pskb+0x801/0x980 [ 1003.411954][T25877] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 1003.411975][T25877] ? __pfx_autoremove_wake_function+0x10/0x10 [ 1003.412000][T25877] caif_stream_sendmsg+0x446/0x800 [ 1003.412027][T25877] ? __pfx_caif_stream_sendmsg+0x10/0x10 [ 1003.412047][T25877] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1003.412069][T25877] sock_write_iter+0x566/0x610 [ 1003.412086][T25877] ? __pfx_sock_write_iter+0x10/0x10 [ 1003.412103][T25877] ? futex_unqueue+0x133/0x2c0 [ 1003.412127][T25877] ? __futex_wait+0x256/0x300 [ 1003.412145][T25877] do_iter_readv_writev+0x6ee/0x920 [ 1003.412163][T25877] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 1003.412178][T25877] ? common_file_perm+0x1ab/0x4f0 [ 1003.412202][T25877] ? bpf_lsm_file_permission+0x9/0x10 [ 1003.412222][T25877] ? security_file_permission+0x76/0x210 [ 1003.412246][T25877] ? rw_verify_area+0xce/0x6d0 [ 1003.412262][T25877] vfs_writev+0x360/0xe10 [ 1003.412283][T25877] ? __pfx_vfs_writev+0x10/0x10 [ 1003.412311][T25877] ? __fget_files+0x21f/0x3d0 [ 1003.412332][T25877] ? do_writev+0x28a/0x340 [ 1003.412347][T25877] do_writev+0x28a/0x340 [ 1003.412363][T25877] ? __pfx_do_writev+0x10/0x10 [ 1003.412383][T25877] do_syscall_64+0xc9/0xf80 [ 1003.412403][T25877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.412419][T25877] RIP: 0033:0x7f117119aeb9 [ 1003.412433][T25877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1003.412448][T25877] RSP: 002b:00007f11720eb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1003.412473][T25877] RAX: ffffffffffffffda RBX: 00007f1171415fa0 RCX: 00007f117119aeb9 [ 1003.412484][T25877] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 1003.412495][T25877] RBP: 00007f1171208c1f R08: 0000000000000000 R09: 0000000000000000 [ 1003.412504][T25877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1003.412513][T25877] R13: 00007f1171416038 R14: 00007f1171415fa0 R15: 00007fff42c26b98 [ 1003.412534][T25877] [ 1003.732577][T25862] ima: policy update failed [ 1003.832286][T25879] netlink: 342 bytes leftover after parsing attributes in process `syz.1.7030'. [ 1004.126254][ T30] audit: type=1802 audit(4294967343.053:30): pid=25862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.7.7024" res=0 errno=0 [ 1004.366080][T25886] netlink: 246 bytes leftover after parsing attributes in process `syz.1.7032'. [ 1004.808518][T25894] netlink: 'syz.4.7036': attribute type 15 has an invalid length. [ 1004.873757][T25894] netlink: 'syz.4.7036': attribute type 16 has an invalid length. [ 1004.918309][T25894] netlink: 194 bytes leftover after parsing attributes in process `syz.4.7036'. [ 1005.612518][T25913] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1007.345210][T25943] netlink: 186 bytes leftover after parsing attributes in process `syz.6.7050'. [ 1007.604653][T25940] ERROR: Out of memory at tomoyo_memory_ok. [ 1007.698744][T23317] NFSD: Failed to start, no listeners configured. [ 1007.889904][T25936] netlink: 186 bytes leftover after parsing attributes in process `syz.6.7050'. [ 1008.471355][T25955] bond0: option all_slaves_active: invalid value () [ 1009.087293][T25969] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7058'. [ 1009.148980][T25969] netlink: 25 bytes leftover after parsing attributes in process `syz.1.7058'. [ 1010.352476][T25980] ERROR: Out of memory at tomoyo_memory_ok. [ 1014.344891][T26048] netlink: 13 bytes leftover after parsing attributes in process `syz.4.7083'. [ 1016.475964][T26071] netlink: 'syz.7.7091': attribute type 5 has an invalid length. [ 1016.499937][T26072] netlink: 186 bytes leftover after parsing attributes in process `syz.6.7090'. [ 1016.540084][T26073] netlink: 'syz.7.7091': attribute type 5 has an invalid length. [ 1016.547838][T26073] netlink: 'syz.7.7091': attribute type 1 has an invalid length. [ 1016.629777][T26071] netlink: 'syz.7.7091': attribute type 1 has an invalid length. [ 1016.691482][T26071] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7091'. [ 1016.768342][T26073] netlink: 12 bytes leftover after parsing attributes in process `syz.7.7091'. [ 1017.365711][T26087] netlink: 226 bytes leftover after parsing attributes in process `syz.1.7096'. [ 1019.747717][T26093] kexec: Could not allocate control_code_buffer [ 1019.934012][T18959] Bluetooth: hci5: command 0x0406 tx timeout [ 1020.573579][T26118] zswap: compressor not available [ 1020.894887][T26127] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7106'. [ 1021.569301][T26140] ERROR: Out of memory at tomoyo_memory_ok. [ 1021.943293][T26146] netlink: 25 bytes leftover after parsing attributes in process `syz.6.7111'. [ 1023.143051][T26163] random: crng reseeded on system resumption [ 1023.647467][T26167] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7117'. [ 1026.940362][T26198] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7129'. [ 1027.240781][T26202] random: crng reseeded on system resumption [ 1028.112958][T26211] nfs: Unknown parameter 'nl802154' [ 1029.372424][T26226] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1029.681659][T20589] Bluetooth: hci0: unexpected subevent 0x01 length: 3 < 18 [ 1030.786001][T26245] zswap: compressor not available [ 1032.792444][T26276] ERROR: Out of memory at tomoyo_memory_ok. [ 1035.303991][T20589] Bluetooth: hci5: unexpected subevent 0x01 length: 3 < 18 [ 1036.391595][T26334] netlink: 4 bytes leftover after parsing attributes in process `syz.7.7165'. [ 1036.421598][T26329] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 1036.472712][T26341] netlink: 13 bytes leftover after parsing attributes in process `syz.7.7165'. [ 1036.628608][T26329] File: /dev/nullb0 PID: 26329 Comm: syz.1.7162 [ 1038.147473][T26363] usb usb36: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1038.186502][T26363] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 1039.101085][T20589] Bluetooth: hci6: unexpected subevent 0x01 length: 3 < 18 [ 1041.644164][T20589] Bluetooth: hci1: unexpected subevent 0x01 length: 3 < 18 [ 1042.693433][ T31] INFO: task syz.3.6518:24186 blocked for more than 143 seconds. [ 1042.726615][ T31] Tainted: G L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1042.759360][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1042.816244][T26436] netlink: 28 bytes leftover after parsing attributes in process `syz.6.7194'. [ 1042.864695][ T31] task:syz.3.6518 state:D stack:28072 pid:24186 tgid:24185 ppid:5826 task_flags:0x400140 flags:0x00080006 [ 1042.945956][ T31] Call Trace: [ 1042.949292][ T31] [ 1042.979432][ T31] ? __schedule+0xf65/0x5e10 [ 1043.008248][ T31] __schedule+0xfe4/0x5e10 [ 1043.032382][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1043.059107][ T31] ? __pfx___schedule+0x10/0x10 [ 1043.087942][ T31] ? find_held_lock+0x2b/0x80 [ 1043.115426][ T31] ? schedule+0x2bf/0x390 [ 1043.143330][ T31] schedule+0xdd/0x390 [ 1043.163331][ T31] schedule_preempt_disabled+0x13/0x30 [ 1043.203680][ T31] __mutex_lock+0xc9a/0x1b90 [ 1043.220316][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 1043.255597][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1043.297091][ T31] ? net_generic+0xea/0x2a0 [ 1043.320892][ T31] ? net_generic+0xea/0x2a0 [ 1043.352015][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 1043.371953][ T31] nfsd_shutdown_threads+0x5b/0xf0 [ 1043.478680][ T31] nfsd_umount+0x3b/0x60 [ 1043.498903][ T31] deactivate_locked_super+0xc1/0x1b0 [ 1043.565317][ T31] deactivate_super+0xe7/0x110 [ 1043.590278][ T31] cleanup_mnt+0x21f/0x450 [ 1043.594772][ T31] task_work_run+0x150/0x240 [ 1043.638198][ T31] ? __pfx_task_work_run+0x10/0x10 [ 1043.643358][ T31] ? __x64_sys_umount+0x124/0x1a0 [ 1043.697890][ T31] exit_to_user_mode_loop+0x100/0x4b0 [ 1043.727641][ T31] ? rcu_is_watching+0x12/0xc0 [ 1043.732453][ T31] do_syscall_64+0x4ea/0xf80 [ 1043.737061][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.793989][ T31] RIP: 0033:0x7f01a159aeb9 [ 1043.812945][ T31] RSP: 002b:00007f01a2468028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1043.857010][ T31] RAX: 0000000000000000 RBX: 00007f01a1815fa0 RCX: 00007f01a159aeb9 [ 1043.865045][ T31] RDX: 0000000000000000 RSI: 000000000000000c RDI: 0000200000000040 [ 1043.884354][T26437] ERROR: Out of memory at tomoyo_memory_ok. [ 1043.928623][ T31] RBP: 00007f01a1608c1f R08: 0000000000000000 R09: 0000000000000000 [ 1043.956553][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1043.964597][ T31] R13: 00007f01a1816038 R14: 00007f01a1815fa0 R15: 00007fff99e7bb78 [ 1044.016904][ T31] [ 1044.021995][ T31] [ 1044.021995][ T31] Showing all locks held in the system: [ 1044.093888][ T31] 1 lock held by khungtaskd/31: [ 1044.168753][ T31] #0: ffffffff8e5e3120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1044.220509][ T31] 2 locks held by syz.1.1934/11253: [ 1044.245962][ T31] #0: ffff888025f760e0 (&type->s_umount_key#51){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1044.292522][ T31] #1: ffffffff8ea472a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1044.334466][ T31] 2 locks held by kworker/u11:1/18895: [ 1044.339995][ T31] 4 locks held by kworker/u11:4/19028: [ 1044.367222][ T31] #0: ffff88801c29f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 1044.424314][ T31] #1: ffffc90003d7fc98 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 1044.482399][ T31] #2: ffffffff903dcf30 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xab/0x830 [ 1044.517885][ T31] #3: ffffffff903f5868 (rtnl_mutex){+.+.}-{4:4}, at: ops_undo_list+0x7ec/0xab0 [ 1044.553295][ T31] 3 locks held by kworker/u11:5/19070: [ 1044.558810][ T31] #0: ffff88813fe29948 ((wq_completion)events_unbound#2){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 1044.622891][ T31] #1: ffffc9000398fc98 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 1044.672817][ T31] #2: ffffffff903f5868 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 [ 1044.681916][ T31] 1 lock held by syz.4.5000/19886: [ 1044.710971][ T31] #0: ffffffff903f5868 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1044.752265][ T31] 2 locks held by syz.2.6212/23317: [ 1044.757514][ T31] #0: ffffffff904a26d0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1044.793219][ T31] #1: ffffffff8ea472a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0 [ 1044.823188][ T31] 2 locks held by syz-executor/23535: [ 1044.828585][ T31] #0: ffff88807e3080e0 (&type->s_umount_key#51){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1044.871681][ T31] #1: ffffffff8ea472a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1044.881303][ T31] 2 locks held by kworker/u11:6/23594: [ 1044.915315][ T31] #0: ffff88801d745948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 1044.951314][ T31] #1: ffffc9000b61fc98 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 1044.981155][ T31] 2 locks held by syz.3.6518/24186: [ 1044.986474][ T31] #0: ffff88805d2380e0 (&type->s_umount_key#51){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1045.026939][ T31] #1: ffffffff8ea472a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1045.060745][ T31] 1 lock held by syz.7.7193/26432: [ 1045.065894][ T31] #0: ffffffff8e5ef8f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1045.100430][ T31] 2 locks held by syz.6.7194/26436: [ 1045.105673][ T31] #0: ffffffff903f5868 (rtnl_mutex){+.+.}-{4:4}, at: rtnl_dellink+0x307/0xb40 [ 1045.150216][ T31] #1: ffffffff8e5ef8f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 1045.179342][ T31] [ 1045.279531][ T31] ============================================= [ 1045.279531][ T31] [ 1045.287999][ T31] NMI backtrace for cpu 0 [ 1045.288022][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1045.288045][ T31] Tainted: [L]=SOFTLOCKUP [ 1045.288051][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1045.288061][ T31] Call Trace: [ 1045.288070][ T31] [ 1045.288079][ T31] dump_stack_lvl+0x100/0x190 [ 1045.288105][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1045.288127][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1045.288154][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1045.288182][ T31] sys_info+0x141/0x190 [ 1045.288203][ T31] watchdog+0xcc3/0xfe0 [ 1045.288225][ T31] ? __pfx_watchdog+0x10/0x10 [ 1045.288242][ T31] ? __kthread_parkme+0x18c/0x230 [ 1045.288262][ T31] ? __pfx_watchdog+0x10/0x10 [ 1045.288278][ T31] ? __pfx_watchdog+0x10/0x10 [ 1045.288292][ T31] kthread+0x3b3/0x730 [ 1045.288314][ T31] ? __pfx_kthread+0x10/0x10 [ 1045.288334][ T31] ? ret_from_fork+0x79/0xaf0 [ 1045.288348][ T31] ? ret_from_fork+0x79/0xaf0 [ 1045.288362][ T31] ? rcu_is_watching+0x12/0xc0 [ 1045.288378][ T31] ? __pfx_kthread+0x10/0x10 [ 1045.288399][ T31] ret_from_fork+0x754/0xaf0 [ 1045.288415][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1045.288431][ T31] ? __switch_to+0x7b9/0x10c0 [ 1045.288450][ T31] ? __pfx_kthread+0x10/0x10 [ 1045.288472][ T31] ret_from_fork_asm+0x1a/0x30 [ 1045.288503][ T31] [ 1045.783038][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1045.789924][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 1045.800593][ T31] Tainted: [L]=SOFTLOCKUP [ 1045.804905][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1045.814951][ T31] Call Trace: [ 1045.818221][ T31] [ 1045.821144][ T31] dump_stack_lvl+0x100/0x190 [ 1045.825822][ T31] vpanic+0x20d/0x630 [ 1045.829799][ T31] panic+0xd1/0xd1 [ 1045.833513][ T31] ? __pfx_panic+0x10/0x10 [ 1045.837926][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1045.844090][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1045.850252][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1045.856406][ T31] ? watchdog.cold+0x198/0x1ca [ 1045.861166][ T31] ? watchdog+0xcd3/0xfe0 [ 1045.865489][ T31] watchdog.cold+0x1a9/0x1ca [ 1045.870078][ T31] ? __pfx_watchdog+0x10/0x10 [ 1045.874747][ T31] ? __kthread_parkme+0x18c/0x230 [ 1045.879768][ T31] ? __pfx_watchdog+0x10/0x10 [ 1045.884445][ T31] ? __pfx_watchdog+0x10/0x10 [ 1045.889116][ T31] kthread+0x3b3/0x730 [ 1045.893186][ T31] ? __pfx_kthread+0x10/0x10 [ 1045.897771][ T31] ? ret_from_fork+0x79/0xaf0 [ 1045.902443][ T31] ? ret_from_fork+0x79/0xaf0 [ 1045.907111][ T31] ? rcu_is_watching+0x12/0xc0 [ 1045.911868][ T31] ? __pfx_kthread+0x10/0x10 [ 1045.916459][ T31] ret_from_fork+0x754/0xaf0 [ 1045.921042][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1045.926146][ T31] ? __switch_to+0x7b9/0x10c0 [ 1045.930821][ T31] ? __pfx_kthread+0x10/0x10 [ 1045.935416][ T31] ret_from_fork_asm+0x1a/0x30 [ 1045.940187][ T31] [ 1045.943262][ T31] Kernel Offset: disabled [ 1045.947590][ T31] Rebooting in 86400 seconds..