last executing test programs: 12.846165742s ago: executing program 3 (id=1502): openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mem\x00', 0x101181, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x23c102, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(0xffffffffffffffff, &(0x7f0000000000)='-\x00', 0x2fb) readv$auto(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)="5e917ac6577d20063f953728568d59608fc20c79b1ffbefaca58ff01a6e8bb4dad1e562f1c2b11cdee95c122882c2ae80c85beb38abb35f28e301020d83298f7babda654fb8f26fffd66eed511d1b078978f45a43682cc2774efa09f7b5223f2e9a82a9187bb5f6f7a3033614636135941bd101298f96a9a0d3b0a63fb262fb33503df21d6054a30c9207cf5721c2faeee740a5dbe364c5893ea96655220cc9e0c6f374000b1a70539f946317e38e4aef1ebef8f7c58e1a7dcd65dd8a7f710077a7f25533665acd315550b5dcf78dfd22036", 0x1}, 0x1) r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/dri/vkms/state\x00', 0xa8201, 0x0) lseek$auto(r0, 0x9, 0x0) ioctl$auto(0xffffffffffffffff, 0x4bfb, 0x9) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0xd, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x40100, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x8, 0x7, 0x8}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=@link_create={@prog_fd, @target_ifindex, 0x8, 0xd, @bpf_attr_link_create_4_1={0x5, 0x8}}, 0x5) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x200) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r3 = openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim6/ports/1/ethtool/ring/rx_mini_max_pending\x00', 0x0, 0x0) mmap$auto(0x8, 0x1, 0x272, 0x10, r3, 0x9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x5512c0, 0x0) ioprio_set$auto(0x2, 0x800000000, 0x8) ioctl$auto_OSS_GETVERSION(0xffffffffffffffff, 0x80044d76, &(0x7f00000000c0)) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) 11.713887308s ago: executing program 3 (id=1506): openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mem\x00', 0x101181, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x23c102, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(0xffffffffffffffff, &(0x7f0000000000)='-\x00', 0x2fb) readv$auto(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)="5e917ac6577d20063f953728568d59608fc20c79b1ffbefaca58ff01a6e8bb4dad1e562f1c2b11cdee95c122882c2ae80c85beb38abb35f28e301020d83298f7babda654fb8f26fffd66eed511d1b078978f45a43682cc2774efa09f7b5223f2e9a82a9187bb5f6f7a3033614636135941bd101298f96a9a0d3b0a63fb262fb33503df21d6054a30c9207cf5721c2faeee740a5dbe364c5893ea96655220cc9e0c6f374000b1a70539f946317e38e4aef1ebef8f7c58e1a7dcd65dd8a7f710077a7f25533665acd315550b5dcf78dfd22036", 0x1}, 0x1) r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/dri/vkms/state\x00', 0xa8201, 0x0) lseek$auto(r0, 0x9, 0x0) ioctl$auto(0xffffffffffffffff, 0x4bfb, 0x9) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0xd, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x40100, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x8, 0x7, 0x8}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=@link_create={@prog_fd, @target_ifindex, 0x8, 0xd, @bpf_attr_link_create_4_1={0x5, 0x8}}, 0x5) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x200) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r3 = openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim6/ports/1/ethtool/ring/rx_mini_max_pending\x00', 0x0, 0x0) mmap$auto(0x8, 0x1, 0x272, 0x10, r3, 0x9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x5512c0, 0x0) ioprio_set$auto(0x2, 0x800000000, 0x8) openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x800, 0x0) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) 9.846937953s ago: executing program 3 (id=1513): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="3f7388eea67865454cc850714efcb152f1613f0f5830cede", @ANYRES16=r2, @ANYBLOB="1b0026bd7000ffdbdf2503000000"], 0x14}}, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b04", 0x159) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80080, 0x0) mmap$auto(0x100000, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) semctl$auto_GETPID(0x0, 0x7ff, 0xb, 0xfffffffffffffffc) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) close_range$auto(0x2, 0xa, 0x0) madvise$auto(0x0, 0x200007, 0x8) ioctl$auto(r4, 0x7fff, r4) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/loginuid\x00', 0x109000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/11/smp_affinity_list\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0xf34) madvise$auto(0x0, 0x2003f0, 0x15) 8.335778962s ago: executing program 1 (id=1519): openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mem\x00', 0x101181, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x23c102, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(0xffffffffffffffff, &(0x7f0000000000)='-\x00', 0x2fb) readv$auto(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)="5e917ac6577d20063f953728568d59608fc20c79b1ffbefaca58ff01a6e8bb4dad1e562f1c2b11cdee95c122882c2ae80c85beb38abb35f28e301020d83298f7babda654fb8f26fffd66eed511d1b078978f45a43682cc2774efa09f7b5223f2e9a82a9187bb5f6f7a3033614636135941bd101298f96a9a0d3b0a63fb262fb33503df21d6054a30c9207cf5721c2faeee740a5dbe364c5893ea96655220cc9e0c6f374000b1a70539f946317e38e4aef1ebef8f7c58e1a7dcd65dd8a7f710077a7f25533665acd315550b5dcf78dfd22036", 0x1}, 0x1) r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/dri/vkms/state\x00', 0xa8201, 0x0) lseek$auto(r0, 0x9, 0x0) ioctl$auto(0xffffffffffffffff, 0x4bfb, 0x9) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0xd, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x40100, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x8, 0x7, 0x8}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=@link_create={@prog_fd, @target_ifindex, 0x8, 0xd, @bpf_attr_link_create_4_1={0x5, 0x8}}, 0x5) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x200) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r3 = openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim6/ports/1/ethtool/ring/rx_mini_max_pending\x00', 0x0, 0x0) mmap$auto(0x8, 0x1, 0x272, 0x10, r3, 0x9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x5512c0, 0x0) r4 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x800, 0x0) ioctl$auto_OSS_GETVERSION(r4, 0x80044d76, &(0x7f00000000c0)) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) 7.677194329s ago: executing program 1 (id=1523): openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x482c0, 0x0) (fail_nth: 2) r0 = socket(0x11, 0x2, 0x0) capset$auto(0x0, &(0x7f0000000000)={0xc, 0x3, 0x4}) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x4, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) 6.121223779s ago: executing program 1 (id=1526): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_clone(0x20008000, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo$auto(0x0, 0xffff7b6f, &(0x7f0000000000)={@siginfo_0_0={0x8, 0xd, 0x6, @_rt={r1, 0x0, @sival_ptr=0x0}}}) r2 = socket(0x11, 0x3, 0x9) pwrite64$auto(0xc8, &(0x7f0000000200)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\x00^\x0fo\x97\xfc\x89\v\xea\xc2\x95\xafQ;C>\x15L\x90\xad\xa4\x1648W\t\x00\x00\x001\x00\x00\x00@X\xb9_\xdd\xa6\xa2E\xd8?\'\x8dg\x81h*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&%`_[\xde\x7f\xde8\xf7\xc1\x94\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\xee\xa9\x0eX\x01\xa3g\xba\x9cc\x90\xe3\xae\xa9\xde\x00\x00\x00B\xb4\xf2&\x00\xe2\xead\xd0\"\x16\x84v\n\xcdN\xb6\xa4\xe0\xb7e\x97 ?\xb5\xa1E=t\x96\xbd\xfd\xc5\xebn\xb7\n\xc2\xbc\xa2\xa8\x04#\x84\xa7R|\xed\x8f\x03\x01\x10wLT\vay\x12\xb63\x9e\a\x8e\xbd\x18y<\xb3\v\x14\x82\x97&\xfcm\x86\x10o\xdc\xf3x\xfd\x06\x87t\xb9$\x94,f\x9b0\xcd\xd3\r\xb1e\'\x19\xc1\xe7>*\xad\xa5+\xa8\x1c\x88\xa1\x0e[\x99\xb6LKZ\x9e\r\xd0r\xe2Ct\xc1\x99\x1b/\xc5P.aUdq\x97\x94\xb9\xa8qU\xae*g\x86\xc9\xa4\xe7\n\vh-v\"o.\xbf6\x13\tFK\x8e\xc6&&\x13\x81\x00\x8c7PS\x9c\xa3\xfb\x1d\xa9\x98\xd47\n\xa7\xd1\x10\xb3i\xd2\xa8\x18f\xb3K\x9b\x9b\x8c\xe8\x84\xa3,5-\xd6\xae\xbd\x1d\xf2o\x99\x02\x1azw9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\bl\x042\x935\x9e\xeeH\x87\xda\x10\x8f^1\x89L`\xf4[\x06\xf6\xc7\xd0#\xdb\xb1\\\xc3\xb1\xb8\xe8\xde2\xbb\xf8I\x9c\x17KI\x8c\f\x1d\xaa\xa0\xdb\xc7\x9e\x81\x90CTe\xfa\x8dq&\x17\x908\xc9T\xffm\x930\x1d\x91\xf8|t\xfd\x18\xd5\xb0\xcbH\xa7\xb6T\n\x11%\xba\x16o\r\xf6\x90k\xfb\a\xa1\x15\x0e\xe1\xce0Q\xd0\x00\xc1\x1a\x1f\xaa8\xfbo)rtYK\"c\xe2c\xbeM\x9bT\x05\xf3\xccC\x8c\x00\xdf\x8c\x1b+\xca\x80', 0x84, 0xe83) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x35}, 0x5, 0x0, 0x5, 0xe}, 0x5}, 0x2, 0x100) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/sys/net/ipv6/conf/ip6tnl0/stable_secret\x00', 0x141241, 0x0) pwrite64$auto(r3, &(0x7f0000000000)='./cgroup/memory.pressure\x00', 0x6bc, 0x5) r4 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r4, 0x7, 0x6}, 0x6, 0x100000) r6 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r4) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000000480)=ANY=[@ANYBLOB="0000000026786aceb620932c5538092d5ffe58e7c3423ca5fadfafdcd6b81d144ad313781ecdf9be8d151ae742da806ce66727a7ef", @ANYRES16=r6, @ANYBLOB="01032bbd7000fddbdf250a000000080003005009000008000100fbffffff08000200", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="08000200", @ANYRES32=0x0, @ANYBLOB="08000300040000000800030006000000"], 0x54}, 0x1, 0x0, 0x0, 0x2004c005}, 0xc4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'erspan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'syzkaller0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth1_to_bond\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syzkaller1\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'team_slave_0\x00', 0x0}) sendmsg$auto_NETDEV_CMD_DEV_GET(r3, &(0x7f0000000380)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x3c, r6, 0x828, 0x70bd2b, 0x25dfdbff, {}, [@NETDEV_A_DEV_IFINDEX={0x8, 0x1, r7}, @NETDEV_A_DEV_IFINDEX={0x8, 0x1, r8}, @NETDEV_A_DEV_IFINDEX={0x8, 0x1, r9}, @NETDEV_A_DEV_IFINDEX={0x8, 0x1, r10}, @NETDEV_A_DEV_IFINDEX={0x8, 0x1, r11}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20048040}, 0x2000c880) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000680)=ANY=[@ANYBLOB="17000000", @ANYBLOB='h\x005'], 0x1ac}, 0x1, 0x0, 0x0, 0x40814}, 0x2004c0c4) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000000) close_range$auto(0x2, 0x8, 0x0) r12 = socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x402000a, 0xffffffffffffffff, 0x400eb1, 0x401, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x81a4, 0xf) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x283f4, 0x0) getsockopt$auto(r12, 0x29, 0x6, 0x0, 0x0) 6.012777905s ago: executing program 3 (id=1529): close_range$auto(0x2, 0x8, 0x0) r0 = prctl$auto_PR_SET_VMA_ANON_NAME(0x401, 0x0, 0x0, 0x30000001, 0x3) io_uring_setup$auto(0x59, &(0x7f0000000200)={0x0, 0x1d, 0x3800, 0x2, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x8c48, 0x29b, 0x3, 0x7f, 0x0, 0x6, 0xfffffffffffffffd}, {0x100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c2, 0x9, 0x100000000}}) clone$auto(0x1, 0x9, &(0x7f0000000280)=0x5, 0x0, 0x8) io_uring_register$auto(0x2, 0x20, &(0x7f0000000240), 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) setitimer$auto(0x0, &(0x7f0000000140)={{0x40000000002, 0x5}, {0x20000, 0x8}}, 0x0) openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x482c0, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/mountinfo\x00', 0x20200, 0x0) select$auto(0x4, 0x0, &(0x7f0000000100)={[0x9, 0x7, 0xfffffffffffffff9, 0x9, 0x7ff, 0x3, 0x6, 0x2, 0x9, 0xffff, 0x1ff, 0xd, 0x3, 0x200000201, 0x7, 0x6]}, 0x0, 0x0) r2 = socket(0x11, 0x2, 0x0) read$auto_fops_u32_ro_(r0, &(0x7f0000000380)=""/4096, 0x1000) capset$auto(0x0, &(0x7f0000000000)={0xc, 0x3, 0x4}) sendmmsg$auto(r2, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000040)="fb45cb443a1886b8bab43cf024b182b1dd98dce795f8866c4c0cf65c52716e76f7d89d3eb8f5a10b708a72643ab3dfcc68de746ab52a4f5c8021156b02b335247927a7713a799fac823efd0b00"/96, 0x49}, 0x4, &(0x7f0000000180), 0x1, 0x1000}, 0x5}, 0x1, 0x100) open_by_handle_at$auto(r1, &(0x7f00000002c0)={0x80, 0xb9ac, "6faee3d29ec80712637b69aa517cd762a43732dace154eeaa31dd451bcece2ea485a49366961cec4c5195152d3d9246af471c17160558766d7dcf62682e3d4bfe7523a9a41a0f1e5ad4f3b87b841e923f1f85339cb46f29cb4d760d4221e62d47342b5f4ca66f138f0e8dbf654b6664c7c1bf1977c1940e9a192918f3c2e7c40"}, 0x1b) 5.660927786s ago: executing program 0 (id=1530): close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x8, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x18, 0x1, 0x3) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2000005, 0x2, 0xeb1, r0, 0x100000ffff) mmap$auto(0x0, 0x44009, 0xdf, 0x11, 0x7, 0x28000) socketcall$auto(0xfffffff9, &(0x7f0000000000)=0x1000000000) r1 = open(&(0x7f0000000040)='./file0\x00', 0x2041, 0xfa) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_STATUS64(r2, 0x80605414, &(0x7f00000001c0)={0x6, 0x3, 0x200, 0xba44, 0x7, 0xb, "e00026e8fdffdbcd2c02d3c293faa80c2f5336d79fc5b8202cb37f6b6d22c42432352deb58e78afdbae70400"}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xffffffffffff0006, 0x17) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) mmap$auto(0x1, 0x8d4, 0x6, 0x6f52, 0xffffffffffffffff, 0x8000) r3 = openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, &(0x7f0000000580)='/sys/kernel/debug/tracing/tracing_cpumask\x00', 0x8002, 0x0) writev$auto(r3, &(0x7f0000000000)={&(0x7f0000000180)="df0eae125b9f", 0x9}, 0x1) write$auto(r1, 0x0, 0xfffffdf1) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x40342, 0x32) linkat$auto(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mprotect$auto(0x20000000000004, 0x8000000000000003, 0x8) r4 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, r4, 0x401) 5.212582367s ago: executing program 1 (id=1531): openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mem\x00', 0x101181, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x23c102, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf8d5feacf8510"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c001) write$auto(0xffffffffffffffff, &(0x7f0000000000)='-\x00', 0x2fb) readv$auto(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)="5e917ac6577d20063f953728568d59608fc20c79b1ffbefaca58ff01a6e8bb4dad1e562f1c2b11cdee95c122882c2ae80c85beb38abb35f28e301020d83298f7babda654fb8f26fffd66eed511d1b078978f45a43682cc2774efa09f7b5223f2e9a82a9187bb5f6f7a3033614636135941bd101298f96a9a0d3b0a63fb262fb33503df21d6054a30c9207cf5721c2faeee740a5dbe364c5893ea96655220cc9e0c6f374000b1a70539f946317e38e4aef1ebef8f7c58e1a7dcd65dd8a7f710077a7f25533665acd315550b5dcf78dfd22036", 0x1}, 0x1) r0 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/dri/vkms/state\x00', 0xa8201, 0x0) lseek$auto(r0, 0x9, 0x0) ioctl$auto(0xffffffffffffffff, 0x4bfb, 0x9) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0xd, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000001c0), 0x40100, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x8, 0x7, 0x8}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f00000002c0)=@link_create={@prog_fd, @target_ifindex, 0x8, 0xd, @bpf_attr_link_create_4_1={0x5, 0x8}}, 0x5) move_mount$auto(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x200) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r3 = openat$auto_fops_u32_(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/netdevsim/netdevsim6/ports/1/ethtool/ring/rx_mini_max_pending\x00', 0x0, 0x0) mmap$auto(0x8, 0x1, 0x272, 0x10, r3, 0x9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x5512c0, 0x0) r4 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x800, 0x0) ioctl$auto_OSS_GETVERSION(r4, 0x80044d76, &(0x7f00000000c0)) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) 5.148743002s ago: executing program 2 (id=1532): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003040), r0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000000100)={0x34, r1, 0x1, 0x70bd21, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x2}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x20048880) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) r5 = setfsuid$auto(0xee01) setresuid$auto(0x0, r5, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r6 = socket(0x2, 0x3, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(r6, 0x1, 0x6, 0x0, 0xc089) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x5) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e22, @broadcast}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) sendmsg$auto_NL80211_CMD_START_AP(r3, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r4, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x9}, @NL80211_ATTR_WOWLAN_TRIGGERS={0xc, 0x75, 0x0, 0x1, [@typed={0x8, 0x2f, 0x0, 0x0, @uid=r5}]}, @NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0xa}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'wlan0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000800}, 0x4) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4210000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="34000000f0782d58be361f7f20e1650411415a886a915f2a3474181d554bf8d5051bc59e019a0a8cbe3a89c3797bb805929ae9f9534445ad348717", @ANYRES16=r2, @ANYBLOB="00012cbd7000fcdbdf25010000000800198056ef7a000800050001000000050029000000000005001f0009000000"], 0x34}, 0x1, 0x0, 0x0, 0x200040d1}, 0x4001) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x0, 0x0) r7 = fsopen$auto(0x0, 0x1) fsconfig$auto(r7, 0x8, 0x0, 0x0, 0x0) r8 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/est_nice\x00', 0x40001, 0x0) write$auto(r8, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0x200003) 4.886621773s ago: executing program 2 (id=1533): socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (fail_nth: 2) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x84, 0x17, 0x0, 0x70ed581b) 3.889167568s ago: executing program 2 (id=1534): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0xffffffffffffffff, 0x20009, 0x200009, 0x40000000000eb1, r0, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x9, 0x8, 0x800000003, 0xeb1, 0xfffffffffffffffa, 0x4000000) socket(0xa, 0x1, 0x84) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000001200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000080)={0x1b, 0x34, 0x7fff, 0x40000005, 0x80000000009, 0xfffffffffffffffe, 0x800, 0x101, 0x5, 0x7f93, 0xfffffffe, 0x3, 0x3, 0x7, 0x9}) socket(0xa, 0x801, 0x84) mmap$auto(0x400000, 0x20006, 0x1, 0xeb5, r0, 0x400000000a) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) write$auto(r2, 0x0, 0x101) ioctl$auto_SG_GET_NUM_WAITING(r2, 0x227d, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) socket(0x18, 0x3, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x7, 0x2, 0x10, 0x0, 0xf2a7214) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) open(&(0x7f0000000040)='./file0\x00', 0x202100, 0x6) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 3.624729011s ago: executing program 1 (id=1535): socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x84, 0x17, 0x0, 0x70ed581b) 2.696736326s ago: executing program 0 (id=1536): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0xffffffffffffffff, 0x20009, 0x200009, 0x40000000000eb1, r0, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x9, 0x8, 0x800000003, 0xeb1, 0xfffffffffffffffa, 0x4000000) socket(0xa, 0x1, 0x84) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000001200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000080)={0x1b, 0x34, 0x7fff, 0x40000005, 0x80000000009, 0xfffffffffffffffe, 0x800, 0x101, 0x5, 0x7f93, 0xfffffffe, 0x3, 0x3, 0x7, 0x9}) socket(0xa, 0x801, 0x84) mmap$auto(0x400000, 0x20006, 0x1, 0xeb5, r0, 0x400000000a) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) write$auto(r2, 0x0, 0x101) ioctl$auto_SG_GET_NUM_WAITING(r2, 0x227d, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) socket(0x18, 0x3, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x7, 0x2, 0x10, 0x0, 0xf2a7214) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) open(&(0x7f0000000040)='./file0\x00', 0x202100, 0x6) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 2.597239896s ago: executing program 3 (id=1537): openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/hci1:201\x00', 0x482c0, 0x0) r0 = socket(0x11, 0x2, 0x0) capset$auto(0x0, &(0x7f0000000000)={0xc, 0x3, 0x4}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.cpu/memory.soft_limit_in_bytes\x00', 0xa42, 0x0) sendfile$auto(r2, r2, 0x0, 0x1) close_range$auto(0x2, r1, 0x0) openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0) r3 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/filesystems\x00', 0x2, 0x0) read$auto_proc_iter_file_ops_compat_inode(r3, &(0x7f0000000280)=""/144, 0x90) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) r4 = eventfd2$auto(0x7f, 0x0) r5 = ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000200)={0xd, "74a517f574545f6e56dd0a76e95f7ebe732ad2c90cf711c0bb363ed3997e3e14", @inferred=r4}) ioctl$auto(0xffffffffffffffff, 0x9, r5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) read$auto_tracing_fops_trace(0xffffffffffffffff, &(0x7f0000001580)=""/4077, 0xfed) mmap$auto(0x4, 0x1, 0xdf, 0x9b72, 0x2, 0x40008000) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) statmount$auto(0x0, &(0x7f0000000180)={0x3, 0xb9, 0x44f, 0xa, 0x1, 0x1007181, 0x8a0d, 0x4, 0x10007, 0x7, 0x89, 0x29, 0x4, 0x1ffffffffffe, 0xfffffffffffff340, 0xfffffffffffffffa, 0xffffffffffffffff, 0x0, 0x0, 0xfffffffffffffffb, 0x6, 0x401, 0x22402, 0x9, 0xfffffffd, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x70e2, 0x0, 0x3, 0xb7, 0x0, 0x0, 0x8, 0x4, 0x9, 0x100000, 0x10000, 0x15b, 0x7, 0x1fc, 0x0, 0x10000000000002, 0x0, 0x0, 0x48, 0x0, 0x3a, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x400000000, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0xfffffffffffffffc, 0x3, 0xe, 0x0, 0x0, 0x0, 0xa53, 0xbd9, 0xfffffffffffffffd]}, 0x7, 0xd) r6 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto__ctl_fops_dm_ioctl(r6, 0xfffffff7effffd04, &(0x7f00000001c0)) sendmmsg$auto(r0, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x4, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) 2.519009869s ago: executing program 2 (id=1538): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x1f40) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000300)='ns/net\x00') sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x880) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) r2 = socket(0xa, 0x1, 0x100) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) socket(0x28, 0x5, 0x0) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) r3 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r2) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(r2, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r3, 0x5, 0x70bd2a, 0x25dfdbff, {}, [@L2TP_ATTR_PEER_CONN_ID={0x8, 0xa, 0x21}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x20040004) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, &(0x7f00000001c0)="624d1bfe595046ab5c98199adf260600de16baef6176e6021e1dce210500e8fdffff0000000000fffffffe00a7ed73de11691c13403c82be", 0x7b) process_mrelease$auto(0xffffffffffffffff, 0xa) write$auto(0x3, 0x0, 0x100082) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/vhci_hcd.4/usb18/18-0:1.0/usb18-port3/location\x00', 0x0, 0x0) semctl$auto_SETALL(0x9, 0xd, 0x11, 0x8) read$auto(0x3, 0x0, 0x7fffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) 2.238038742s ago: executing program 1 (id=1539): mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x2000d, 0x3, 0xeb1, 0x404, 0x100010008000) unshare$auto(0x40000080) mremap$auto(0x110c230000, 0x0, 0x2000101, 0x3, 0x0) madvise$auto(0x2000000, 0x8, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$auto(0x3, 0xc08c5332, 0x38) close_range$auto(0x2, 0x8, 0x0) r0 = socketpair$auto(0xfffffffe, 0x1, 0x8000000000000000, 0x0) r1 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) openat$auto_random_fops_random(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) select$auto(0x5, &(0x7f0000000080)={[0x20000009, 0xfffffffffffffffc, 0x9, 0x5, 0xc, 0x3, 0x3, 0x1ffe000, 0xcad, 0x2, 0x9, 0xf, 0xa657, 0x202, 0x6, 0x1]}, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="010029bd50009ddbdf251100000008000300", @ANYRES32=r5], 0x1c}, 0x1, 0x0, 0x0, 0x20018048}, 0x0) sendmsg$auto_NL80211_CMD_STOP_NAN(r1, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x20, r3, 0x1, 0x70bd28, 0x25dfdbff, {}, [@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x2}, @NL80211_ATTR_MLO_LINK_DISABLED={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x801}, 0x4) ioctl$auto_BLKOPENZONE(r0, 0x40101286, &(0x7f0000000040)={0x1, 0x5000000000}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 1.724830684s ago: executing program 0 (id=1540): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003040), r0) sendmsg$auto_ETHTOOL_MSG_CHANNELS_SET(r0, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000000100)={0x34, r1, 0x1, 0x70bd21, 0x25dfdbfb, {}, [@ETHTOOL_A_CHANNELS_RX_COUNT={0x8, 0x6, 0x2}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'bond_slave_0\x00'}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000004}, 0x20048880) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) r5 = setfsuid$auto(0xee01) setresuid$auto(0x0, r5, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) r6 = socket(0x2, 0x3, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(r6, 0x1, 0x6, 0x0, 0xc089) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x5) connect$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x4e22, @broadcast}, 0x55) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) sendmsg$auto_NL80211_CMD_START_AP(r3, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, r4, 0x300, 0x70bd28, 0x25dfdbfe, {}, [@NL80211_ATTR_DFS_REGION={0x5, 0x92, 0x9}, @NL80211_ATTR_WOWLAN_TRIGGERS={0xc, 0x75, 0x0, 0x1, [@typed={0x8, 0x2f, 0x0, 0x0, @uid=r5}]}, @NL80211_ATTR_MLO_RECONF_REM_LINKS={0x6, 0x14f, 0xa}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'wlan0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000800}, 0x4) sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4210000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="34000000f0782d58be361f7f20e1650411415a886a915f2a3474181d554bf8d5051bc59e019a0a8cbe3a89c3797bb805929ae9f9534445ad348717", @ANYRES16=r2, @ANYBLOB="00012cbd7000fcdbdf25010000000800198056ef7a000800050001000000050029000000000005001f0009000000"], 0x34}, 0x1, 0x0, 0x0, 0x200040d1}, 0x4001) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x0, 0x0) r7 = fsopen$auto(0x0, 0x1) fsconfig$auto(r7, 0x8, 0x0, 0x0, 0x0) r8 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000300)='/proc/sys/net/ipv4/vs/est_nice\x00', 0x40001, 0x0) write$auto(r8, 0x0, 0x0) fsmount$auto(0x4, 0x0, 0x200003) 1.442333107s ago: executing program 0 (id=1541): socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) setsockopt$auto(0x3, 0x84, 0x17, 0x0, 0x70ed581b) (fail_nth: 2) 1.271000334s ago: executing program 2 (id=1542): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB="3f7388eea67865454cc850714efcb152f1613f0f5830cede", @ANYRES16=r2, @ANYBLOB="1b0026bd7000ffdbdf2503000000"], 0x14}}, 0x0) write$auto_seq_oss_f_ops_seq_oss(r0, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b04", 0x159) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r3, &(0x7f0000000200)='/de\xef\xe7audio1\x00', 0xa3d9) preadv$auto(0x40000000000003, 0x0, 0x6, 0x8, 0x5) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x80080, 0x0) mmap$auto(0x100000, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) semctl$auto_GETPID(0x0, 0x7ff, 0xb, 0xfffffffffffffffc) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) close_range$auto(0x2, 0xa, 0x0) madvise$auto(0x0, 0x200007, 0x8) ioctl$auto(r4, 0x7fff, r4) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_loginuid_operations_base(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/loginuid\x00', 0x109000, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/11/smp_affinity_list\x00', 0x129542, 0x0) read$auto(0x3, 0x0, 0xf34) madvise$auto(0x0, 0x2003f0, 0x15) 1.018801116s ago: executing program 3 (id=1543): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(r1, r0, 0x5) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/dummy0/addr_gen_mode\x00', 0x1, 0x0) pwrite64$auto(r2, 0x0, 0x0, 0x2000000000040007) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) tgkill$auto(0x0, 0x0, 0x11) readv$auto(0x3, 0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x2003f2, 0x15) 393.032403ms ago: executing program 0 (id=1544): openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mem\x00', 0x101181, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x23c102, 0x0) ioctl$auto(0xffffffffffffffff, 0x4bfb, 0x9) process_vm_readv$auto(0x0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, 0x0, 0x6, 0x0) r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fb1\x00', 0x5512c0, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000)="c80d1b5d399b3b", 0xfdef) 81.921092ms ago: executing program 2 (id=1545): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f0000001080)="7fd0a917413f68eb6b28d5eea7d1553f6595c094f1f855eb8d8776e6bd8f81c440da3fe3433f8243402fc2752caac5da7a03bbb5adf685740635a6bc231c6cf093b7cf0e4dd07f10b2dc12791aa3ebded3cfe2e4befc0e02d2e064b1db3adc8b2ec1c0378efff268086d6cb998b8dedfb7f20d06b7b091e974de1c1a4ce3d378d91b7639d914ba86b1f18337bb06e3619af99e68dfac380ab153fc75a2159d8efbbf7436752c964490346cf1558249979fc61ee71509560d14bdd0922e50904f3a4b2ae1bfc4f6bb9e08f16afd6baa53cf87077be5bcca2829dd4133da071a6fd072ed5568670a5d171e3deee5576bf571a016c162ca369182f202dbe49839df8d4c438dacdd6cdd67c21e2ed9be20baeff5e5019313d5e6e5a0e93eab61be5dec2c7e144cf9d73fd945c25ff11d5d5aa26bf8ab2e06098b8aeb05c1f29c1a30d268d82768b3350c3efcdac39334de0f6406a1aed635e0c55412ff73b0222d67be6bdd185478d502b492c41696ce6f88609795409aa0841dbc7cb222f0cb239b19d9499fdc45988f0290af0666c37b93f047d45b17cbe7c9332c63ad46c6aa871e4b351efa4fbfb88cfa0281f465d1a970939c2d6c45c50ade06f0bb98ed66623b887de325c0f42ab530b649ea29757af9464c18dea186a0bbc62ce209a3be8e86e8f710323cb899d806caf575cb73a419c0804afd4c8a329a2afaebb87291e9fdfd2ca0edebfc4fb7b1e281fa3e6ac387aebfc92107f4251aa8c96a4c6d7599933c2c489a7696e8e42d88b572fa46bead2c96f619030ab70026f14f91bbf0a4c1b3ed74c564d6ae3eefeef94d37e19701513ff7713a52ebfd8f251dc303455de00d1ee3ed3e204bed2901a644056193fc7e00ce10aa6463892a7881a51893af629f7bd8801ce4c44c7ff2decdb6a69d9ed48ff79661ba9ec4a84dd222d3b40e4abf56222b97db9aa646a67e5031a57d570030f41b09529298f1acddbcd1f0ff6a30cb2a2d5eaecd774bbf897477cc1e55488f3493b6aa6908d24b032cbda24f956f7f262d992838923efde7e8ed0558872451d7bd6a4769ecd47c6d0a125a6e638df6f67793901a67071c506d010930b01ce541aa43f9110d874311d18a8ea50fb1907e8d17c3932e0c12c7d6f7c145209ab81105649fc0c5266063bd8c6a16319a82ff5d236122d53e15d6a7fcb16245d7754f3ffbf659a141cbd29286176fe445deebd5dd18baae1bbdfedbe4bd3453c50fb2f6c22505ecd768ad0703624ebf7b924dc7e8e93ea94c8a6a9f0372351b5a4aaadf89", 0x396) set_mempolicy$auto(0x65, &(0x7f0000000040)=0x40100007e, 0x5) (async) close_range$auto(0x0, 0x5, 0x0) (async) socket(0x23, 0x80805, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0xc6, 0x3, 0xfff, &(0x7f0000000000)=0x1) r1 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r1, 0x0) (async) r2 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r2, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r1, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) (async) clone$auto(0x20003b43, 0xe83, 0x0, 0x0, 0x2) 0s ago: executing program 0 (id=1546): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0xffffffffffffffff, 0x20009, 0x200009, 0x40000000000eb1, r0, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x9, 0x8, 0x800000003, 0xeb1, 0xfffffffffffffffa, 0x4000000) socket(0xa, 0x1, 0x84) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000001200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000080)={0x1b, 0x34, 0x7fff, 0x40000005, 0x80000000009, 0xfffffffffffffffe, 0x800, 0x101, 0x5, 0x7f93, 0xfffffffe, 0x3, 0x3, 0x7, 0x9}) socket(0xa, 0x801, 0x84) mmap$auto(0x400000, 0x20006, 0x1, 0xeb5, r0, 0x400000000a) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) write$auto(r2, 0x0, 0x101) ioctl$auto_SG_GET_NUM_WAITING(r2, 0x227d, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) socket(0x18, 0x3, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x7, 0x2, 0x10, 0x0, 0xf2a7214) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) open(&(0x7f0000000040)='./file0\x00', 0x202100, 0x6) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) kernel console output (not intermixed with test programs): adding VLAN 0 to HW filter on device batadv0 [ 101.903185][ T5823] veth0_vlan: entered promiscuous mode [ 101.944361][ T5823] veth1_vlan: entered promiscuous mode [ 101.979863][ T5829] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.043200][ T5823] veth0_macvtap: entered promiscuous mode [ 102.071298][ T5823] veth1_macvtap: entered promiscuous mode [ 102.161531][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.207688][ T5823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.235292][ T159] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.251315][ T5834] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.267877][ T159] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.280247][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.294850][ T5829] veth0_vlan: entered promiscuous mode [ 102.313809][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.361523][ T5829] veth1_vlan: entered promiscuous mode [ 102.378772][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 102.451396][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.471645][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.528625][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 102.530486][ T5829] veth0_macvtap: entered promiscuous mode [ 102.547358][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 102.577493][ T5829] veth1_macvtap: entered promiscuous mode [ 102.635027][ T5823] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 102.675518][ T5831] veth0_vlan: entered promiscuous mode [ 102.694366][ T5834] veth0_vlan: entered promiscuous mode [ 102.710819][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 102.739895][ T5834] veth1_vlan: entered promiscuous mode [ 102.762010][ T5829] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 102.789763][ T5831] veth1_vlan: entered promiscuous mode [ 102.813255][ T49] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.832391][ T49] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.844137][ T49] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.884322][ T49] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 102.962827][ T5834] veth0_macvtap: entered promiscuous mode [ 102.986179][ T5831] veth0_macvtap: entered promiscuous mode [ 103.008171][ T5834] veth1_macvtap: entered promiscuous mode [ 103.032552][ T5831] veth1_macvtap: entered promiscuous mode [ 103.104339][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.124274][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.151085][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.241521][ T5913] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 103.293293][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.308018][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 103.321609][ T159] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.337580][ T159] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.374041][ T5834] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 103.391730][ T13] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.418841][ T5143] Bluetooth: hci0: command tx timeout [ 103.433604][ T13] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.468865][ T13] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.517506][ T13] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.526328][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.576722][ T5143] Bluetooth: hci3: command tx timeout [ 103.593927][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.618333][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.657891][ T5143] Bluetooth: hci2: command tx timeout [ 103.663390][ T5143] Bluetooth: hci1: command tx timeout [ 103.701362][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 103.845917][ T30] audit: type=1806 audit(1775467998.902:2): xattr="." res=0 [ 103.864380][ T159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.890092][ T159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 103.963454][ T159] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 103.981955][ T159] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.074576][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.095104][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 104.153954][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 104.183067][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 105.551238][ T5143] Bluetooth: hci0: command tx timeout [ 105.676512][ T5143] Bluetooth: hci3: command tx timeout [ 105.736530][ T5143] Bluetooth: hci1: command tx timeout [ 105.742020][ T5143] Bluetooth: hci2: command tx timeout [ 106.015540][ T5945] netlink: 186 bytes leftover after parsing attributes in process `syz.3.7'. [ 106.701749][ T5953] netlink: 186 bytes leftover after parsing attributes in process `syz.1.9'. [ 113.616336][ T6000] netlink: 186 bytes leftover after parsing attributes in process `syz.3.18'. [ 115.836599][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 116.352018][ T6021] netlink: 186 bytes leftover after parsing attributes in process `syz.3.23'. [ 120.631988][ T6051] netlink: 186 bytes leftover after parsing attributes in process `syz.2.29'. [ 124.317180][ T6074] netlink: 186 bytes leftover after parsing attributes in process `syz.3.34'. [ 127.401328][ T6108] netlink: 186 bytes leftover after parsing attributes in process `syz.2.40'. [ 133.195546][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.206567][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 135.974820][ T6193] netlink: 186 bytes leftover after parsing attributes in process `syz.3.55'. [ 140.228447][ T6228] netlink: 186 bytes leftover after parsing attributes in process `syz.1.61'. [ 142.928485][ T6253] serio: Serial port pty6 [ 146.409982][ T6290] futex_wake_op: syz.2.74 tries to shift op by -2048; fix this program [ 147.136754][ T6290] random: crng reseeded on system resumption [ 148.147304][ T6305] Zero length message leads to an empty skb [ 153.871162][ T6352] netlink: 186 bytes leftover after parsing attributes in process `syz.0.87'. [ 157.583615][ T6375] netlink: 186 bytes leftover after parsing attributes in process `syz.2.94'. [ 164.066983][ T0] NOHZ tick-stop error: local softirq work is pending, handler #142!!! [ 180.179155][ T6516] futex_wake_op: syz.2.121 tries to shift op by -2048; fix this program [ 181.211039][ T6522] futex_wake_op: syz.0.122 tries to shift op by -2048; fix this program [ 181.270569][ T6522] random: crng reseeded on system resumption [ 188.351754][ T6570] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 188.746638][ T30] audit: type=1800 audit(1775468083.492:3): pid=6572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.132" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 189.584077][ T6577] netlink: 186 bytes leftover after parsing attributes in process `syz.3.133'. [ 190.735842][ T6589] netlink: 186 bytes leftover after parsing attributes in process `syz.0.135'. [ 194.626026][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.632650][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.616801][ T6628] netlink: 186 bytes leftover after parsing attributes in process `syz.2.140'. [ 209.580429][ T6709] futex_wake_op: syz.0.156 tries to shift op by -2048; fix this program [ 209.721663][ T6710] random: crng reseeded on system resumption [ 211.356880][ T6719] netlink: 186 bytes leftover after parsing attributes in process `syz.1.159'. [ 211.866599][ T6721] futex_wake_op: syz.0.158 tries to shift op by -2048; fix this program [ 212.041284][ T6721] random: crng reseeded on system resumption [ 213.706240][ T6736] netlink: 186 bytes leftover after parsing attributes in process `syz.3.163'. [ 214.476557][ T6750] netlink: 186 bytes leftover after parsing attributes in process `syz.3.164'. [ 218.482959][ T6777] netlink: 186 bytes leftover after parsing attributes in process `syz.0.168'. [ 222.309794][ T5836] Bluetooth: hci3: command 0x0406 tx timeout [ 222.326644][ T5836] Bluetooth: hci1: command 0x0406 tx timeout [ 222.334345][ T5836] Bluetooth: hci2: command 0x0406 tx timeout [ 222.334652][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 225.825574][ T6812] netlink: 186 bytes leftover after parsing attributes in process `syz.2.176'. [ 226.461467][ T6823] futex_wake_op: syz.3.180 tries to shift op by -2048; fix this program [ 226.548897][ T6823] random: crng reseeded on system resumption [ 231.400472][ T6860] netlink: 186 bytes leftover after parsing attributes in process `syz.2.186'. [ 235.602259][ T6890] netlink: 186 bytes leftover after parsing attributes in process `syz.1.191'. [ 236.373418][ T6894] futex_wake_op: syz.3.193 tries to shift op by -2048; fix this program [ 236.445962][ T6894] random: crng reseeded on system resumption [ 237.591465][ T6902] netlink: 186 bytes leftover after parsing attributes in process `syz.1.194'. [ 237.922995][ T6906] netlink: 186 bytes leftover after parsing attributes in process `syz.3.195'. [ 240.922881][ T6923] netlink: 186 bytes leftover after parsing attributes in process `syz.2.198'. [ 242.253525][ T30] audit: type=1800 audit(1775468137.312:4): pid=6936 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.200" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 243.382727][ T6944] netlink: 186 bytes leftover after parsing attributes in process `syz.1.202'. [ 243.508738][ T6945] netlink: 186 bytes leftover after parsing attributes in process `syz.2.203'. [ 243.997891][ T6953] netlink: 186 bytes leftover after parsing attributes in process `syz.3.204'. [ 246.072061][ T6963] futex_wake_op: syz.0.207 tries to shift op by -2048; fix this program [ 246.112054][ T6963] random: crng reseeded on system resumption [ 252.627705][ T7023] netlink: 186 bytes leftover after parsing attributes in process `syz.3.219'. [ 253.367697][ T7029] netlink: 186 bytes leftover after parsing attributes in process `syz.1.220'. [ 255.648053][ T7056] futex_wake_op: syz.1.224 tries to shift op by -2048; fix this program [ 255.671911][ T7050] netlink: 186 bytes leftover after parsing attributes in process `syz.3.223'. [ 255.710879][ T7056] random: crng reseeded on system resumption [ 256.060773][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.067294][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.963979][ T7072] netlink: 186 bytes leftover after parsing attributes in process `syz.1.227'. [ 258.529325][ T7085] netlink: 186 bytes leftover after parsing attributes in process `syz.2.228'. [ 260.396567][ T7099] netlink: 186 bytes leftover after parsing attributes in process `syz.1.231'. [ 261.425783][ T7108] netlink: 186 bytes leftover after parsing attributes in process `syz.1.234'. [ 263.799208][ T7130] futex_wake_op: syz.0.238 tries to shift op by -2048; fix this program [ 263.869541][ T7130] random: crng reseeded on system resumption [ 265.182992][ T7141] netlink: 186 bytes leftover after parsing attributes in process `syz.3.239'. [ 265.518858][ T7151] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 265.667307][ T30] audit: type=1800 audit(1775468160.712:5): pid=7154 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.242" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 272.548337][ T7210] netlink: 186 bytes leftover after parsing attributes in process `syz.2.253'. [ 273.422990][ T7215] netlink: 186 bytes leftover after parsing attributes in process `syz.1.254'. [ 276.115630][ T7238] netlink: 186 bytes leftover after parsing attributes in process `syz.2.257'. [ 280.356652][ T7278] netlink: 186 bytes leftover after parsing attributes in process `syz.0.266'. [ 282.672211][ T7290] netlink: 186 bytes leftover after parsing attributes in process `syz.3.268'. [ 287.113147][ T7323] futex_wake_op: syz.3.276 tries to shift op by -2048; fix this program [ 287.173957][ T7323] random: crng reseeded on system resumption [ 288.382332][ T7334] netlink: 186 bytes leftover after parsing attributes in process `syz.3.279'. [ 292.519677][ T7366] netlink: 186 bytes leftover after parsing attributes in process `syz.1.284'. [ 294.637314][ T7390] futex_wake_op: syz.2.288 tries to shift op by -2048; fix this program [ 294.767664][ T7390] random: crng reseeded on system resumption [ 295.535370][ T7396] serio: Serial port pty6 [ 296.483306][ T7403] futex_wake_op: syz.0.292 tries to shift op by -2048; fix this program [ 296.545932][ T7403] random: crng reseeded on system resumption [ 298.029279][ T7417] netlink: 186 bytes leftover after parsing attributes in process `syz.0.294'. [ 300.762859][ T7441] serio: Serial port pty6 [ 302.716401][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 303.466161][ T7465] futex_wake_op: syz.1.304 tries to shift op by -2048; fix this program [ 303.528404][ T7465] random: crng reseeded on system resumption [ 304.228094][ T7474] futex_wake_op: syz.1.305 tries to shift op by -2048; fix this program [ 304.277993][ T7474] random: crng reseeded on system resumption [ 305.667227][ T7489] serio: Serial port pty6 [ 307.356503][ T7508] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 307.536640][ T30] audit: type=1800 audit(1775468202.552:6): pid=7510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.311" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 313.366752][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 314.775814][ T7569] netlink: 186 bytes leftover after parsing attributes in process `syz.0.322'. [ 317.527006][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.533543][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.750184][ T7638] netlink: 186 bytes leftover after parsing attributes in process `syz.1.334'. [ 325.662158][ T7647] futex_wake_op: syz.1.336 tries to shift op by -2048; fix this program [ 325.730628][ T7647] random: crng reseeded on system resumption [ 331.650567][ T7694] netlink: 186 bytes leftover after parsing attributes in process `syz.1.344'. [ 336.215797][ T7732] netlink: 186 bytes leftover after parsing attributes in process `syz.2.350'. [ 340.227297][ T7762] netlink: 186 bytes leftover after parsing attributes in process `syz.1.357'. [ 342.726421][ T7769] futex_wake_op: syz.3.358 tries to shift op by -2048; fix this program [ 342.922398][ T7772] random: crng reseeded on system resumption [ 346.609577][ T7796] netlink: 186 bytes leftover after parsing attributes in process `syz.1.362'. [ 347.258961][ T7806] futex_wake_op: syz.3.363 tries to shift op by -2048; fix this program [ 347.405985][ T7806] random: crng reseeded on system resumption [ 351.460372][ T7840] netlink: 186 bytes leftover after parsing attributes in process `syz.1.371'. [ 355.506497][ T7865] netlink: 186 bytes leftover after parsing attributes in process `syz.0.375'. [ 368.726777][ T7974] netlink: 186 bytes leftover after parsing attributes in process `syz.0.394'. [ 377.260264][ T8042] netlink: 186 bytes leftover after parsing attributes in process `syz.3.407'. [ 378.758855][ T8053] netlink: 186 bytes leftover after parsing attributes in process `syz.2.409'. [ 378.943419][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.950064][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 382.596560][ T8073] netlink: 186 bytes leftover after parsing attributes in process `syz.2.412'. [ 383.751738][ T8078] netlink: 186 bytes leftover after parsing attributes in process `syz.3.414'. [ 394.776365][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 395.255846][ T8159] random: crng reseeded on system resumption [ 396.063619][ T8167] futex_wake_op: syz.2.429 tries to shift op by -2048; fix this program [ 396.152760][ T8167] random: crng reseeded on system resumption [ 402.404609][ T8214] netlink: 186 bytes leftover after parsing attributes in process `syz.2.436'. [ 407.120797][ T8242] futex_wake_op: syz.2.441 tries to shift op by -2048; fix this program [ 407.233300][ T8242] random: crng reseeded on system resumption [ 408.273617][ T8256] netlink: 186 bytes leftover after parsing attributes in process `syz.3.442'. [ 408.627729][ T8260] netlink: 186 bytes leftover after parsing attributes in process `syz.2.443'. [ 409.308720][ T8265] netlink: 186 bytes leftover after parsing attributes in process `syz.3.444'. [ 413.913801][ T8295] netlink: 186 bytes leftover after parsing attributes in process `syz.0.450'. [ 415.201474][ T8310] netlink: 186 bytes leftover after parsing attributes in process `syz.1.453'. [ 416.628573][ T8324] netlink: 186 bytes leftover after parsing attributes in process `syz.1.455'. [ 420.187128][ T8349] netlink: 186 bytes leftover after parsing attributes in process `syz.2.461'. [ 421.767953][ T8365] netlink: 186 bytes leftover after parsing attributes in process `syz.0.463'. [ 423.208598][ T8371] netlink: 186 bytes leftover after parsing attributes in process `syz.3.464'. [ 423.228058][ T8373] futex_wake_op: syz.0.465 tries to shift op by -2048; fix this program [ 423.279995][ T8373] random: crng reseeded on system resumption [ 426.362328][ T8406] netlink: 186 bytes leftover after parsing attributes in process `syz.2.472'. [ 432.699006][ T8453] netlink: 186 bytes leftover after parsing attributes in process `syz.1.479'. [ 440.381722][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.388155][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 444.030574][ T8545] netlink: 186 bytes leftover after parsing attributes in process `syz.3.502'. [ 448.144086][ T8580] netlink: 186 bytes leftover after parsing attributes in process `syz.1.507'. [ 450.789674][ T8598] netlink: 186 bytes leftover after parsing attributes in process `syz.1.511'. [ 452.347567][ T8617] netlink: 186 bytes leftover after parsing attributes in process `syz.0.514'. [ 458.212179][ T8667] netlink: 186 bytes leftover after parsing attributes in process `syz.1.523'. [ 459.796721][ T8690] netlink: 186 bytes leftover after parsing attributes in process `syz.2.528'. [ 469.086937][ T8764] netlink: 186 bytes leftover after parsing attributes in process `syz.3.543'. [ 471.907353][ T8798] netlink: 186 bytes leftover after parsing attributes in process `syz.2.550'. [ 484.567860][ T8945] netlink: 186 bytes leftover after parsing attributes in process `syz.1.577'. [ 501.819355][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.825827][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 514.504494][ T9290] futex_wake_op: syz.3.645 tries to shift op by -2048; fix this program [ 526.401414][ T9420] futex_wake_op: syz.0.673 tries to shift op by -2048; fix this program [ 532.706742][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 544.318396][ T9629] netlink: 186 bytes leftover after parsing attributes in process `syz.3.714'. [ 548.304868][ T9693] netlink: 186 bytes leftover after parsing attributes in process `syz.3.728'. [ 548.613703][ T9696] netlink: 186 bytes leftover after parsing attributes in process `syz.0.729'. [ 549.584688][ T9708] netlink: 186 bytes leftover after parsing attributes in process `syz.2.732'. [ 562.152956][ T9878] netlink: 186 bytes leftover after parsing attributes in process `syz.1.770'. [ 563.263505][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.270209][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.773257][ T9901] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 581.347333][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 590.048395][T10144] netlink: 186 bytes leftover after parsing attributes in process `syz.2.835'. [ 595.854015][T10194] netlink: 186 bytes leftover after parsing attributes in process `syz.1.837'. [ 597.360775][T10206] netlink: 186 bytes leftover after parsing attributes in process `syz.0.838'. [ 598.411592][T10223] netlink: 186 bytes leftover after parsing attributes in process `syz.3.843'. [ 600.877143][T10249] netlink: 186 bytes leftover after parsing attributes in process `syz.1.848'. [ 600.916110][T10253] netlink: 186 bytes leftover after parsing attributes in process `syz.2.849'. [ 603.667150][T10272] netlink: 186 bytes leftover after parsing attributes in process `syz.1.852'. [ 611.550795][T10367] netlink: 186 bytes leftover after parsing attributes in process `syz.0.869'. [ 613.888994][T10389] netlink: 186 bytes leftover after parsing attributes in process `syz.0.875'. [ 614.830573][T10402] netlink: 186 bytes leftover after parsing attributes in process `syz.2.878'. [ 624.704072][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.712608][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 625.138613][T10506] netlink: 186 bytes leftover after parsing attributes in process `syz.1.900'. [ 639.660739][T10629] netlink: 186 bytes leftover after parsing attributes in process `syz.2.926'. [ 643.606725][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 648.706592][T10721] serio: Serial port pty6 [ 659.726302][T10918] serio: Serial port pty6 [ 661.448486][T10949] serio: Serial port pty6 [ 665.499643][T11025] serio: Serial port pty6 [ 670.638267][T11169] futex_wake_op: syz.3.1046 tries to shift op by -2048; fix this program [ 670.689957][T11169] random: crng reseeded on system resumption [ 678.026255][T11309] futex_wake_op: syz.2.1074 tries to shift op by -2048; fix this program [ 678.089856][T11308] random: crng reseeded on system resumption [ 686.143867][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.150323][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 699.106732][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 699.926500][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 726.894182][T12016] FAULT_INJECTION: forcing a failure. [ 726.894182][T12016] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 726.923201][T12016] CPU: 0 UID: 0 PID: 12016 Comm: syz.0.1230 Tainted: G L syzkaller #0 PREEMPT(full) [ 726.923250][T12016] Tainted: [L]=SOFTLOCKUP [ 726.923260][T12016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 726.923287][T12016] Call Trace: [ 726.923298][T12016] [ 726.923312][T12016] dump_stack_lvl+0x100/0x190 [ 726.923378][T12016] should_fail_ex.cold+0x5/0xa [ 726.923413][T12016] _copy_to_user+0x32/0xd0 [ 726.923456][T12016] simple_read_from_buffer+0xcb/0x170 [ 726.923510][T12016] proc_fail_nth_read+0x1af/0x230 [ 726.923553][T12016] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 726.923597][T12016] ? rw_verify_area+0xce/0x6d0 [ 726.923646][T12016] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 726.923689][T12016] vfs_read+0x1e4/0xb30 [ 726.923727][T12016] ? __pfx_vfs_read+0x10/0x10 [ 726.923748][T12016] ? __fget_files+0x215/0x3d0 [ 726.923778][T12016] ? __fget_files+0x21f/0x3d0 [ 726.923809][T12016] ksys_read+0x12a/0x250 [ 726.923831][T12016] ? __pfx_ksys_read+0x10/0x10 [ 726.923861][T12016] do_syscall_64+0x106/0xf80 [ 726.923885][T12016] ? clear_bhb_loop+0x40/0x90 [ 726.923913][T12016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.923943][T12016] RIP: 0033:0x7fe2fe15d04e [ 726.923966][T12016] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 726.923989][T12016] RSP: 002b:00007fe2ff01dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 726.924013][T12016] RAX: ffffffffffffffda RBX: 00007fe2ff01e6c0 RCX: 00007fe2fe15d04e [ 726.924029][T12016] RDX: 000000000000000f RSI: 00007fe2ff01e0a0 RDI: 0000000000000003 [ 726.924042][T12016] RBP: 00007fe2ff01e090 R08: 0000000000000000 R09: 0000000000000000 [ 726.924056][T12016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 726.924069][T12016] R13: 00007fe2fe416038 R14: 00007fe2fe415fa0 R15: 00007fff1d718b48 [ 726.924099][T12016] [ 728.862129][T12048] FAULT_INJECTION: forcing a failure. [ 728.862129][T12048] name failslab, interval 1, probability 0, space 0, times 1 [ 728.883470][T12048] CPU: 0 UID: 0 PID: 12048 Comm: syz.1.1240 Tainted: G L syzkaller #0 PREEMPT(full) [ 728.883506][T12048] Tainted: [L]=SOFTLOCKUP [ 728.883514][T12048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 728.883527][T12048] Call Trace: [ 728.883534][T12048] [ 728.883543][T12048] dump_stack_lvl+0x100/0x190 [ 728.883582][T12048] should_fail_ex.cold+0x5/0xa [ 728.883610][T12048] should_failslab+0xc2/0x120 [ 728.883636][T12048] __kmalloc_cache_noprof+0x7a/0x6f0 [ 728.883668][T12048] ? alloc_pipe_info+0x10e/0x590 [ 728.883693][T12048] ? find_held_lock+0x2b/0x80 [ 728.883720][T12048] alloc_pipe_info+0x10e/0x590 [ 728.883748][T12048] splice_direct_to_actor+0x78f/0xa30 [ 728.883774][T12048] ? __lock_acquire+0x4a5/0x2630 [ 728.883802][T12048] ? __pfx_direct_splice_actor+0x10/0x10 [ 728.883835][T12048] ? __pfx_aa_file_perm+0x10/0x10 [ 728.883871][T12048] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 728.883905][T12048] do_splice_direct+0x174/0x240 [ 728.883930][T12048] ? __pfx_do_splice_direct+0x10/0x10 [ 728.883955][T12048] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 728.883983][T12048] ? rw_verify_area+0xce/0x6d0 [ 728.884020][T12048] do_sendfile+0xadc/0xe20 [ 728.884062][T12048] ? __pfx_do_sendfile+0x10/0x10 [ 728.884099][T12048] ? __fget_files+0x21f/0x3d0 [ 728.884129][T12048] __x64_sys_sendfile64+0x1d8/0x220 [ 728.884156][T12048] ? ksys_write+0x1ac/0x250 [ 728.884178][T12048] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 728.884214][T12048] do_syscall_64+0x106/0xf80 [ 728.884237][T12048] ? clear_bhb_loop+0x40/0x90 [ 728.884265][T12048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 728.884288][T12048] RIP: 0033:0x7f3abc59c819 [ 728.884307][T12048] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 728.884329][T12048] RSP: 002b:00007f3abd3b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 728.884350][T12048] RAX: ffffffffffffffda RBX: 00007f3abc815fa0 RCX: 00007f3abc59c819 [ 728.884365][T12048] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 728.884378][T12048] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 728.884391][T12048] R10: 0000400000000006 R11: 0000000000000246 R12: 0000000000000001 [ 728.884405][T12048] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 728.884434][T12048] [ 730.531584][T12074] Unable to find swap-space signature [ 730.585422][T12083] FAULT_INJECTION: forcing a failure. [ 730.585422][T12083] name failslab, interval 1, probability 0, space 0, times 0 [ 730.604790][T12083] CPU: 0 UID: 0 PID: 12083 Comm: syz.1.1246 Tainted: G L syzkaller #0 PREEMPT(full) [ 730.604867][T12083] Tainted: [L]=SOFTLOCKUP [ 730.604878][T12083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 730.604896][T12083] Call Trace: [ 730.604907][T12083] [ 730.604919][T12083] dump_stack_lvl+0x100/0x190 [ 730.604977][T12083] should_fail_ex.cold+0x5/0xa [ 730.605018][T12083] ? tomoyo_realpath_from_path+0xb6/0x690 [ 730.605066][T12083] should_failslab+0xc2/0x120 [ 730.605104][T12083] __kmalloc_noprof+0xe0/0x850 [ 730.605159][T12083] tomoyo_realpath_from_path+0xb6/0x690 [ 730.605218][T12083] tomoyo_path_number_perm+0x23c/0x580 [ 730.605257][T12083] ? tomoyo_path_number_perm+0x22e/0x580 [ 730.605298][T12083] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 730.605381][T12083] ? find_held_lock+0x2b/0x80 [ 730.605412][T12083] ? __fget_files+0x215/0x3d0 [ 730.605443][T12083] ? hook_file_ioctl_common+0x146/0x410 [ 730.605494][T12083] ? __fget_files+0x21f/0x3d0 [ 730.605535][T12083] security_file_ioctl+0xd3/0x230 [ 730.605579][T12083] __x64_sys_ioctl+0xb7/0x210 [ 730.605643][T12083] do_syscall_64+0x106/0xf80 [ 730.605677][T12083] ? clear_bhb_loop+0x40/0x90 [ 730.605715][T12083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.605748][T12083] RIP: 0033:0x7f3abc59c819 [ 730.605774][T12083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 730.605802][T12083] RSP: 002b:00007f3abd3b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 730.605831][T12083] RAX: ffffffffffffffda RBX: 00007f3abc815fa0 RCX: 00007f3abc59c819 [ 730.605851][T12083] RDX: 0000200000000200 RSI: 0000000000008905 RDI: 0000000000000003 [ 730.605869][T12083] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 730.605888][T12083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 730.605906][T12083] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 730.605947][T12083] [ 730.605969][T12083] ERROR: Out of memory at tomoyo_realpath_from_path. [ 732.411437][T12124] FAULT_INJECTION: forcing a failure. [ 732.411437][T12124] name failslab, interval 1, probability 0, space 0, times 0 [ 732.497587][T12124] CPU: 0 UID: 0 PID: 12124 Comm: syz.0.1256 Tainted: G L syzkaller #0 PREEMPT(full) [ 732.497637][T12124] Tainted: [L]=SOFTLOCKUP [ 732.497647][T12124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 732.497665][T12124] Call Trace: [ 732.497675][T12124] [ 732.497686][T12124] dump_stack_lvl+0x100/0x190 [ 732.497750][T12124] should_fail_ex.cold+0x5/0xa [ 732.497790][T12124] should_failslab+0xc2/0x120 [ 732.497827][T12124] __kvmalloc_node_noprof+0xfa/0xa00 [ 732.497859][T12124] ? traverse.part.0.constprop.0+0x397/0x650 [ 732.497926][T12124] traverse.part.0.constprop.0+0x397/0x650 [ 732.497995][T12124] seq_read_iter+0x93f/0x1270 [ 732.498052][T12124] ? aa_file_perm+0x7f3/0x14d0 [ 732.498115][T12124] seq_read+0x33b/0x4c0 [ 732.498145][T12124] ? __pfx_seq_read+0x10/0x10 [ 732.498203][T12124] ? __pfx_seq_read+0x10/0x10 [ 732.498233][T12124] proc_reg_read+0x240/0x330 [ 732.498286][T12124] ? __pfx_proc_reg_read+0x10/0x10 [ 732.498339][T12124] vfs_read+0x1e4/0xb30 [ 732.498376][T12124] ? __pfx_vfs_read+0x10/0x10 [ 732.498404][T12124] ? find_held_lock+0x2b/0x80 [ 732.498435][T12124] ? __fget_files+0x215/0x3d0 [ 732.498467][T12124] ? __fget_files+0x215/0x3d0 [ 732.498508][T12124] ? __fget_files+0x21f/0x3d0 [ 732.498554][T12124] __x64_sys_pread64+0x1eb/0x250 [ 732.498591][T12124] ? __pfx___x64_sys_pread64+0x10/0x10 [ 732.498650][T12124] do_syscall_64+0x106/0xf80 [ 732.498684][T12124] ? clear_bhb_loop+0x40/0x90 [ 732.498725][T12124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.498763][T12124] RIP: 0033:0x7fe2fe19c819 [ 732.498788][T12124] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 732.498818][T12124] RSP: 002b:00007fe2ff01e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 732.498847][T12124] RAX: ffffffffffffffda RBX: 00007fe2fe415fa0 RCX: 00007fe2fe19c819 [ 732.498867][T12124] RDX: 0000000000000201 RSI: 0000000000000000 RDI: 0000000000000003 [ 732.498886][T12124] RBP: 00007fe2ff01e090 R08: 0000000000000000 R09: 0000000000000000 [ 732.498905][T12124] R10: 000000000000c000 R11: 0000000000000246 R12: 0000000000000001 [ 732.498923][T12124] R13: 00007fe2fe416038 R14: 00007fe2fe415fa0 R15: 00007fff1d718b48 [ 732.498966][T12124] [ 732.952679][T12126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1257'. [ 732.983598][T12126] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1257'. [ 732.985026][T12130] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 732.999374][T12130] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 733.127923][T12132] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1259'. [ 734.671733][T12166] binder: BINDER_SET_CONTEXT_MGR already set [ 734.683830][T12166] binder: 12164:12166 ioctl 4018620d 2000000027c0 returned -16 [ 736.027933][T12199] FAULT_INJECTION: forcing a failure. [ 736.027933][T12199] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 736.086727][T12199] CPU: 1 UID: 0 PID: 12199 Comm: syz.3.1281 Tainted: G L syzkaller #0 PREEMPT(full) [ 736.086764][T12199] Tainted: [L]=SOFTLOCKUP [ 736.086772][T12199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 736.086785][T12199] Call Trace: [ 736.086793][T12199] [ 736.086801][T12199] dump_stack_lvl+0x100/0x190 [ 736.086841][T12199] should_fail_ex.cold+0x5/0xa [ 736.086869][T12199] _copy_from_user+0x2e/0xd0 [ 736.086901][T12199] do_sock_getsockopt+0x30b/0x3d0 [ 736.086932][T12199] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 736.086974][T12199] __sys_getsockopt+0x133/0x1d0 [ 736.087015][T12199] ? __pfx_ksys_write+0x10/0x10 [ 736.087043][T12199] ? __x64_sys_getsockopt+0xbd/0x160 [ 736.087079][T12199] __x64_sys_getsockopt+0xbd/0x160 [ 736.087115][T12199] ? do_syscall_64+0x95/0xf80 [ 736.087138][T12199] ? lockdep_hardirqs_on+0x78/0x100 [ 736.087163][T12199] do_syscall_64+0x106/0xf80 [ 736.087186][T12199] ? clear_bhb_loop+0x40/0x90 [ 736.087214][T12199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.087245][T12199] RIP: 0033:0x7f8523b9c819 [ 736.087263][T12199] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 736.087284][T12199] RSP: 002b:00007f8524a7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 736.087306][T12199] RAX: ffffffffffffffda RBX: 00007f8523e15fa0 RCX: 00007f8523b9c819 [ 736.087321][T12199] RDX: 000000000000001e RSI: 0000000000000084 RDI: 0000000000000003 [ 736.087334][T12199] RBP: 00007f8524a7f090 R08: 0000000000000000 R09: 0000000000000000 [ 736.087347][T12199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 736.087361][T12199] R13: 00007f8523e16038 R14: 00007f8523e15fa0 R15: 00007ffd07d7c818 [ 736.087390][T12199] [ 736.552836][T12204] vivid-007: ================= START STATUS ================= [ 736.560965][T12204] vivid-007: Enable Output Cropping: true [ 736.573322][T12204] vivid-007: Enable Output Composing: true [ 736.592327][T12204] vivid-007: Enable Output Scaler: true [ 736.756269][T12204] vivid-007: Tx RGB Quantization Range: Automatic [ 736.763578][T12204] vivid-007: Transmit Mode: HDMI [ 736.783546][T12204] vivid-007: Hotplug Present: 0x00000000 [ 736.832278][T12204] vivid-007: RxSense Present: 0x00000000 [ 736.839431][T12204] vivid-007: EDID Present: 0x00000000 [ 736.869961][T12204] vivid-007: ================== END STATUS ================== [ 736.880320][T12217] FAULT_INJECTION: forcing a failure. [ 736.880320][T12217] name failslab, interval 1, probability 0, space 0, times 0 [ 736.924706][T12217] CPU: 1 UID: 0 PID: 12217 Comm: syz.2.1278 Tainted: G L syzkaller #0 PREEMPT(full) [ 736.924757][T12217] Tainted: [L]=SOFTLOCKUP [ 736.924768][T12217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 736.924785][T12217] Call Trace: [ 736.924796][T12217] [ 736.924807][T12217] dump_stack_lvl+0x100/0x190 [ 736.924863][T12217] should_fail_ex.cold+0x5/0xa [ 736.924903][T12217] should_failslab+0xc2/0x120 [ 736.924939][T12217] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 736.925000][T12217] ? sock_alloc_inode+0x25/0x1c0 [ 736.925044][T12217] ? __pfx_sock_alloc_inode+0x10/0x10 [ 736.925084][T12217] sock_alloc_inode+0x25/0x1c0 [ 736.925129][T12217] alloc_inode+0x68/0x250 [ 736.925175][T12217] sock_alloc+0x44/0x280 [ 736.925205][T12217] ? security_socket_create+0x7f/0x250 [ 736.925243][T12217] __sock_create+0xc2/0x860 [ 736.925291][T12217] mptcp_subflow_create_socket+0xec/0xa30 [ 736.925338][T12217] ? mptcp_release_cb+0x495/0x710 [ 736.925390][T12217] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 736.925446][T12217] __mptcp_nmpc_sk+0x17f/0x870 [ 736.925493][T12217] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 736.925545][T12217] ? __local_bh_enable_ip+0x9e/0x120 [ 736.925587][T12217] mptcp_setsockopt+0x830/0x3370 [ 736.925627][T12217] ? ksys_write+0x190/0x250 [ 736.925665][T12217] ? __pfx_mptcp_setsockopt+0x10/0x10 [ 736.925714][T12217] ? aa_sock_opt_perm+0xfe/0x1b0 [ 736.925773][T12217] ? sock_common_setsockopt+0x2e/0xf0 [ 736.925811][T12217] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 736.925854][T12217] do_sock_setsockopt+0xf3/0x1d0 [ 736.925899][T12217] __sys_setsockopt+0x119/0x190 [ 736.925961][T12217] __x64_sys_setsockopt+0xbd/0x160 [ 736.926012][T12217] ? do_syscall_64+0x95/0xf80 [ 736.926046][T12217] ? lockdep_hardirqs_on+0x78/0x100 [ 736.926080][T12217] do_syscall_64+0x106/0xf80 [ 736.926120][T12217] ? clear_bhb_loop+0x40/0x90 [ 736.926161][T12217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 736.926194][T12217] RIP: 0033:0x7f8014d9c819 [ 736.926220][T12217] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 736.926250][T12217] RSP: 002b:00007f8015bef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 736.926280][T12217] RAX: ffffffffffffffda RBX: 00007f8015015fa0 RCX: 00007f8014d9c819 [ 736.926300][T12217] RDX: 000000000000001e RSI: 0000000000000006 RDI: 0000000000000003 [ 736.926318][T12217] RBP: 00007f8015bef090 R08: 0000000000000007 R09: 0000000000000000 [ 736.926337][T12217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 736.926354][T12217] R13: 00007f8015016038 R14: 00007f8015015fa0 R15: 00007ffdbd567a38 [ 736.926396][T12217] [ 737.274642][T12217] socket: no more sockets [ 737.292723][T12210] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 737.310289][T12210] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 737.499132][T12210] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 737.527212][T12210] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 737.562845][T12210] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 737.576355][T12210] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 737.598975][T12210] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 737.614081][T12210] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 739.336357][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 739.559653][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 739.576220][ T5837] Bluetooth: hci2: command 0x0406 tx timeout [ 739.657514][ T5837] Bluetooth: hci3: command 0x0406 tx timeout [ 740.825728][T12283] futex_wake_op: syz.0.1298 tries to shift op by -2048; fix this program [ 741.237868][T12297] FAULT_INJECTION: forcing a failure. [ 741.237868][T12297] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 741.256659][T12297] CPU: 0 UID: 0 PID: 12297 Comm: syz.1.1301 Tainted: G L syzkaller #0 PREEMPT(full) [ 741.256710][T12297] Tainted: [L]=SOFTLOCKUP [ 741.256721][T12297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 741.256739][T12297] Call Trace: [ 741.256749][T12297] [ 741.256760][T12297] dump_stack_lvl+0x100/0x190 [ 741.256815][T12297] should_fail_ex.cold+0x5/0xa [ 741.256864][T12297] _copy_from_user+0x2e/0xd0 [ 741.256908][T12297] copy_msghdr_from_user+0x9f/0x4f0 [ 741.256954][T12297] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 741.257007][T12297] ? __pfx__kstrtoull+0x10/0x10 [ 741.257068][T12297] ___sys_sendmsg+0x106/0x1e0 [ 741.257116][T12297] ? __pfx____sys_sendmsg+0x10/0x10 [ 741.257197][T12297] ? proc_fail_nth_write+0x9f/0x220 [ 741.257241][T12297] ? find_held_lock+0x2b/0x80 [ 741.257277][T12297] __sys_sendmmsg+0x205/0x430 [ 741.257315][T12297] ? __pfx___sys_sendmmsg+0x10/0x10 [ 741.257359][T12297] ? __pfx_do_sys_openat2+0x10/0x10 [ 741.257425][T12297] ? ksys_write+0x1ac/0x250 [ 741.257457][T12297] ? __pfx_ksys_write+0x10/0x10 [ 741.257497][T12297] __x64_sys_sendmmsg+0x9c/0x100 [ 741.257528][T12297] ? lockdep_hardirqs_on+0x78/0x100 [ 741.257563][T12297] do_syscall_64+0x106/0xf80 [ 741.257596][T12297] ? clear_bhb_loop+0x40/0x90 [ 741.257636][T12297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.257670][T12297] RIP: 0033:0x7f3abc59c819 [ 741.257697][T12297] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 741.257727][T12297] RSP: 002b:00007f3abd3b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 741.257757][T12297] RAX: ffffffffffffffda RBX: 00007f3abc815fa0 RCX: 00007f3abc59c819 [ 741.257778][T12297] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 741.257796][T12297] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 741.257815][T12297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 741.257841][T12297] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 741.257882][T12297] [ 741.410624][T12300] FAULT_INJECTION: forcing a failure. [ 741.410624][T12300] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 741.410677][T12300] CPU: 1 UID: 0 PID: 12300 Comm: syz.2.1302 Tainted: G L syzkaller #0 PREEMPT(full) [ 741.410720][T12300] Tainted: [L]=SOFTLOCKUP [ 741.410750][T12300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 741.410768][T12300] Call Trace: [ 741.410778][T12300] [ 741.410789][T12300] dump_stack_lvl+0x100/0x190 [ 741.410844][T12300] should_fail_ex.cold+0x5/0xa [ 741.410883][T12300] _copy_from_user+0x2e/0xd0 [ 741.410928][T12300] __sys_bpf+0x243/0x4b90 [ 741.410974][T12300] ? __pfx___sys_bpf+0x10/0x10 [ 741.411014][T12300] ? proc_fail_nth_write+0x9f/0x220 [ 741.411065][T12300] ? find_held_lock+0x2b/0x80 [ 741.411106][T12300] ? find_held_lock+0x2b/0x80 [ 741.411138][T12300] ? ksys_write+0x190/0x250 [ 741.411179][T12300] ? __mutex_unlock_slowpath+0x15c/0x790 [ 741.411217][T12300] ? __fget_files+0x215/0x3d0 [ 741.411271][T12300] ? fput+0x79/0x100 [ 741.411310][T12300] ? ksys_write+0x1ac/0x250 [ 741.411342][T12300] ? __pfx_ksys_write+0x10/0x10 [ 741.411382][T12300] __x64_sys_bpf+0x7b/0xc0 [ 741.411421][T12300] ? lockdep_hardirqs_on+0x78/0x100 [ 741.411455][T12300] do_syscall_64+0x106/0xf80 [ 741.411487][T12300] ? clear_bhb_loop+0x40/0x90 [ 741.411527][T12300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.411561][T12300] RIP: 0033:0x7f8014d9c819 [ 741.411587][T12300] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 741.411616][T12300] RSP: 002b:00007f8015bef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 741.411646][T12300] RAX: ffffffffffffffda RBX: 00007f8015015fa0 RCX: 00007f8014d9c819 [ 741.411667][T12300] RDX: 00000000000000a3 RSI: 0000000000000000 RDI: 0000000000000000 [ 741.411686][T12300] RBP: 00007f8015bef090 R08: 0000000000000000 R09: 0000000000000000 [ 741.411704][T12300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 741.411723][T12300] R13: 00007f8015016038 R14: 00007f8015015fa0 R15: 00007ffdbd567a38 [ 741.411765][T12300] [ 741.416385][ T5837] Bluetooth: hci0: command 0x0406 tx timeout [ 741.576282][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 741.656464][ T5837] Bluetooth: hci2: command 0x0406 tx timeout [ 741.737848][ T5143] Bluetooth: hci3: command 0x0406 tx timeout [ 741.965542][T12303] FAULT_INJECTION: forcing a failure. [ 741.965542][T12303] name fail_futex, interval 1, probability 0, space 0, times 1 [ 742.137645][T12303] CPU: 0 UID: 0 PID: 12303 Comm: syz.2.1303 Tainted: G L syzkaller #0 PREEMPT(full) [ 742.137700][T12303] Tainted: [L]=SOFTLOCKUP [ 742.137720][T12303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 742.137740][T12303] Call Trace: [ 742.137751][T12303] [ 742.137763][T12303] dump_stack_lvl+0x100/0x190 [ 742.137822][T12303] should_fail_ex.cold+0x5/0xa [ 742.137864][T12303] get_futex_key+0x1d2/0x1620 [ 742.137913][T12303] ? __pfx_get_futex_key+0x10/0x10 [ 742.137959][T12303] ? putname+0xb1/0x110 [ 742.137999][T12303] ? kasan_save_stack+0x3f/0x50 [ 742.138029][T12303] ? kasan_save_stack+0x30/0x50 [ 742.138058][T12303] ? kasan_save_track+0x14/0x30 [ 742.138087][T12303] ? kasan_save_free_info+0x3b/0x70 [ 742.138133][T12303] ? __kasan_slab_free+0x5f/0x80 [ 742.138172][T12303] futex_wake+0xea/0x530 [ 742.138227][T12303] ? __pfx_futex_wake+0x10/0x10 [ 742.138298][T12303] do_futex+0x32b/0x350 [ 742.138345][T12303] ? __pfx_do_futex+0x10/0x10 [ 742.138403][T12303] __x64_sys_futex+0x34f/0x4d0 [ 742.138455][T12303] ? __pfx___x64_sys_futex+0x10/0x10 [ 742.138501][T12303] ? kmem_cache_free+0x124/0x6a0 [ 742.138566][T12303] do_syscall_64+0x106/0xf80 [ 742.138602][T12303] ? clear_bhb_loop+0x40/0x90 [ 742.138644][T12303] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.138679][T12303] RIP: 0033:0x7f8014d9c819 [ 742.138706][T12303] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 742.138747][T12303] RSP: 002b:00007f8015bef0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 742.138779][T12303] RAX: ffffffffffffffda RBX: 00007f8015015fa8 RCX: 00007f8014d9c819 [ 742.138801][T12303] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8015015fac [ 742.138823][T12303] RBP: 00007f8015015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 742.138843][T12303] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 742.138862][T12303] R13: 00007f8015016038 R14: 00007ffdbd567950 R15: 00007ffdbd567a38 [ 742.138907][T12303] [ 742.543115][T12312] FAULT_INJECTION: forcing a failure. [ 742.543115][T12312] name failslab, interval 1, probability 0, space 0, times 0 [ 742.599848][T12312] CPU: 1 UID: 0 PID: 12312 Comm: syz.1.1307 Tainted: G L syzkaller #0 PREEMPT(full) [ 742.599897][T12312] Tainted: [L]=SOFTLOCKUP [ 742.599908][T12312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 742.599926][T12312] Call Trace: [ 742.599936][T12312] [ 742.599948][T12312] dump_stack_lvl+0x100/0x190 [ 742.600014][T12312] should_fail_ex.cold+0x5/0xa [ 742.600054][T12312] should_failslab+0xc2/0x120 [ 742.600091][T12312] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 742.600145][T12312] ? sock_alloc_inode+0x25/0x1c0 [ 742.600189][T12312] ? __pfx_sock_alloc_inode+0x10/0x10 [ 742.600231][T12312] sock_alloc_inode+0x25/0x1c0 [ 742.600269][T12312] alloc_inode+0x68/0x250 [ 742.600316][T12312] sock_alloc+0x44/0x280 [ 742.600391][T12312] ? security_socket_create+0x7f/0x250 [ 742.600429][T12312] __sock_create+0xc2/0x860 [ 742.600480][T12312] __sys_socket+0x14d/0x260 [ 742.600522][T12312] ? fput+0x79/0x100 [ 742.600567][T12312] ? __pfx___sys_socket+0x10/0x10 [ 742.600616][T12312] ? ksys_write+0x1ac/0x250 [ 742.600647][T12312] ? __pfx_ksys_write+0x10/0x10 [ 742.600687][T12312] __x64_sys_socket+0x72/0xb0 [ 742.600730][T12312] ? lockdep_hardirqs_on+0x78/0x100 [ 742.600765][T12312] do_syscall_64+0x106/0xf80 [ 742.600797][T12312] ? clear_bhb_loop+0x40/0x90 [ 742.600839][T12312] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.600872][T12312] RIP: 0033:0x7f3abc59c819 [ 742.600898][T12312] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 742.600929][T12312] RSP: 002b:00007f3abd3b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 742.600966][T12312] RAX: ffffffffffffffda RBX: 00007f3abc815fa0 RCX: 00007f3abc59c819 [ 742.600987][T12312] RDX: 000000000000003b RSI: 0000000000000003 RDI: 000000000000000a [ 742.601005][T12312] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 742.601024][T12312] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.601042][T12312] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 742.601084][T12312] [ 742.601101][T12312] socket: no more sockets [ 742.720153][T12315] FAULT_INJECTION: forcing a failure. [ 742.720153][T12315] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 742.844114][T12315] CPU: 0 UID: 0 PID: 12315 Comm: syz.0.1305 Tainted: G L syzkaller #0 PREEMPT(full) [ 742.844163][T12315] Tainted: [L]=SOFTLOCKUP [ 742.844174][T12315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 742.844192][T12315] Call Trace: [ 742.844202][T12315] [ 742.844213][T12315] dump_stack_lvl+0x100/0x190 [ 742.844269][T12315] should_fail_ex.cold+0x5/0xa [ 742.844308][T12315] _copy_from_user+0x2e/0xd0 [ 742.844353][T12315] move_addr_to_kernel+0x65/0x170 [ 742.844400][T12315] __sys_connect+0xb5/0x170 [ 742.844448][T12315] ? __pfx___sys_connect+0x10/0x10 [ 742.844494][T12315] ? __fget_files+0x21f/0x3d0 [ 742.844542][T12315] ? __pfx_ksys_write+0x10/0x10 [ 742.844583][T12315] __x64_sys_connect+0x72/0xb0 [ 742.844631][T12315] ? lockdep_hardirqs_on+0x78/0x100 [ 742.844667][T12315] do_syscall_64+0x106/0xf80 [ 742.844708][T12315] ? clear_bhb_loop+0x40/0x90 [ 742.844749][T12315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.844782][T12315] RIP: 0033:0x7fe2fe19c819 [ 742.844809][T12315] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 742.844839][T12315] RSP: 002b:00007fe2ff01e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 742.844869][T12315] RAX: ffffffffffffffda RBX: 00007fe2fe415fa0 RCX: 00007fe2fe19c819 [ 742.844889][T12315] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 742.844909][T12315] RBP: 00007fe2ff01e090 R08: 0000000000000000 R09: 0000000000000000 [ 742.844928][T12315] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 742.844947][T12315] R13: 00007fe2fe416038 R14: 00007fe2fe415fa0 R15: 00007fff1d718b48 [ 742.844988][T12315] [ 743.847158][T12331] FAULT_INJECTION: forcing a failure. [ 743.847158][T12331] name failslab, interval 1, probability 0, space 0, times 0 [ 743.864033][T12331] CPU: 1 UID: 0 PID: 12331 Comm: syz.0.1310 Tainted: G L syzkaller #0 PREEMPT(full) [ 743.864082][T12331] Tainted: [L]=SOFTLOCKUP [ 743.864093][T12331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 743.864111][T12331] Call Trace: [ 743.864121][T12331] [ 743.864132][T12331] dump_stack_lvl+0x100/0x190 [ 743.864188][T12331] should_fail_ex.cold+0x5/0xa [ 743.864227][T12331] should_failslab+0xc2/0x120 [ 743.864264][T12331] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 743.864316][T12331] ? do_getname+0x35/0x390 [ 743.864357][T12331] ? find_held_lock+0x2b/0x80 [ 743.864397][T12331] do_getname+0x35/0x390 [ 743.864445][T12331] do_sys_openat2+0xc5/0x1e0 [ 743.864491][T12331] ? __pfx_do_sys_openat2+0x10/0x10 [ 743.864535][T12331] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 743.864579][T12331] ? __fget_files+0x21f/0x3d0 [ 743.864630][T12331] __x64_sys_openat+0x12d/0x210 [ 743.864679][T12331] ? __pfx___x64_sys_openat+0x10/0x10 [ 743.864724][T12331] ? ksys_write+0x1ac/0x250 [ 743.864771][T12331] do_syscall_64+0x106/0xf80 [ 743.864803][T12331] ? clear_bhb_loop+0x40/0x90 [ 743.864844][T12331] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 743.864877][T12331] RIP: 0033:0x7fe2fe19c819 [ 743.864903][T12331] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 743.864932][T12331] RSP: 002b:00007fe2fefbb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 743.864962][T12331] RAX: ffffffffffffffda RBX: 00007fe2fe416270 RCX: 00007fe2fe19c819 [ 743.864983][T12331] RDX: 0000000000060742 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 743.865003][T12331] RBP: 00007fe2fefbb090 R08: 0000000000000000 R09: 0000000000000000 [ 743.865022][T12331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 743.865041][T12331] R13: 00007fe2fe416308 R14: 00007fe2fe416270 R15: 00007fff1d718b48 [ 743.865081][T12331] [ 747.596885][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.603282][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.720181][T12370] FAULT_INJECTION: forcing a failure. [ 747.720181][T12370] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 747.763132][T12370] CPU: 0 UID: 0 PID: 12370 Comm: syz.0.1319 Tainted: G L syzkaller #0 PREEMPT(full) [ 747.763178][T12370] Tainted: [L]=SOFTLOCKUP [ 747.763188][T12370] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 747.763204][T12370] Call Trace: [ 747.763215][T12370] [ 747.763226][T12370] dump_stack_lvl+0x100/0x190 [ 747.763278][T12370] should_fail_ex.cold+0x5/0xa [ 747.763316][T12370] _copy_from_user+0x2e/0xd0 [ 747.763361][T12370] move_addr_to_kernel+0x65/0x170 [ 747.763408][T12370] __sys_connect+0xb5/0x170 [ 747.763456][T12370] ? __pfx___sys_connect+0x10/0x10 [ 747.763501][T12370] ? __fget_files+0x21f/0x3d0 [ 747.763556][T12370] ? __pfx_ksys_write+0x10/0x10 [ 747.763597][T12370] __x64_sys_connect+0x72/0xb0 [ 747.763644][T12370] ? lockdep_hardirqs_on+0x78/0x100 [ 747.763678][T12370] do_syscall_64+0x106/0xf80 [ 747.763711][T12370] ? clear_bhb_loop+0x40/0x90 [ 747.763752][T12370] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.763786][T12370] RIP: 0033:0x7fe2fe19c819 [ 747.763812][T12370] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 747.763841][T12370] RSP: 002b:00007fe2ff01e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 747.763871][T12370] RAX: ffffffffffffffda RBX: 00007fe2fe415fa0 RCX: 00007fe2fe19c819 [ 747.763892][T12370] RDX: 0000000000000058 RSI: 0000200000000000 RDI: 0000000000000003 [ 747.763911][T12370] RBP: 00007fe2ff01e090 R08: 0000000000000000 R09: 0000000000000000 [ 747.763930][T12370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 747.763949][T12370] R13: 00007fe2fe416038 R14: 00007fe2fe415fa0 R15: 00007fff1d718b48 [ 747.763991][T12370] [ 749.929415][T12407] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 751.722194][T12443] FAULT_INJECTION: forcing a failure. [ 751.722194][T12443] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 751.735413][T12443] CPU: 1 UID: 0 PID: 12443 Comm: syz.2.1333 Tainted: G L syzkaller #0 PREEMPT(full) [ 751.735460][T12443] Tainted: [L]=SOFTLOCKUP [ 751.735471][T12443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 751.735489][T12443] Call Trace: [ 751.735499][T12443] [ 751.735511][T12443] dump_stack_lvl+0x100/0x190 [ 751.735567][T12443] should_fail_ex.cold+0x5/0xa [ 751.735606][T12443] _copy_from_user+0x2e/0xd0 [ 751.735651][T12443] packet_setsockopt+0x1ce7/0x2380 [ 751.735698][T12443] ? __lock_acquire+0x4a5/0x2630 [ 751.735742][T12443] ? __pfx_packet_setsockopt+0x10/0x10 [ 751.735788][T12443] ? ksys_write+0x190/0x250 [ 751.735821][T12443] ? __pfx_aa_sk_perm+0x10/0x10 [ 751.735868][T12443] ? find_held_lock+0x2b/0x80 [ 751.735905][T12443] ? aa_sock_opt_perm+0xfe/0x1b0 [ 751.735960][T12443] ? __pfx_packet_setsockopt+0x10/0x10 [ 751.736007][T12443] do_sock_setsockopt+0xf3/0x1d0 [ 751.736052][T12443] __sys_setsockopt+0x119/0x190 [ 751.736117][T12443] __x64_sys_setsockopt+0xbd/0x160 [ 751.736167][T12443] ? do_syscall_64+0x95/0xf80 [ 751.736201][T12443] ? lockdep_hardirqs_on+0x78/0x100 [ 751.736245][T12443] do_syscall_64+0x106/0xf80 [ 751.736278][T12443] ? clear_bhb_loop+0x40/0x90 [ 751.736318][T12443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.736351][T12443] RIP: 0033:0x7f8014d9c819 [ 751.736378][T12443] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 751.736408][T12443] RSP: 002b:00007f8015bef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 751.736437][T12443] RAX: ffffffffffffffda RBX: 00007f8015015fa0 RCX: 00007f8014d9c819 [ 751.736456][T12443] RDX: 000000000000000f RSI: 0000000000000107 RDI: 0000000000000002 [ 751.736472][T12443] RBP: 00007f8015bef090 R08: 0000000000000006 R09: 0000000000000000 [ 751.736490][T12443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 751.736509][T12443] R13: 00007f8015016038 R14: 00007f8015015fa0 R15: 00007ffdbd567a38 [ 751.736551][T12443] [ 752.109268][T12447] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1335'. [ 752.212558][T12452] FAULT_INJECTION: forcing a failure. [ 752.212558][T12452] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 752.240058][T12454] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1336'. [ 752.365708][T12452] CPU: 1 UID: 0 PID: 12452 Comm: syz.1.1335 Tainted: G L syzkaller #0 PREEMPT(full) [ 752.365746][T12452] Tainted: [L]=SOFTLOCKUP [ 752.365753][T12452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 752.365767][T12452] Call Trace: [ 752.365775][T12452] [ 752.365783][T12452] dump_stack_lvl+0x100/0x190 [ 752.365823][T12452] should_fail_ex.cold+0x5/0xa [ 752.365850][T12452] _copy_from_user+0x2e/0xd0 [ 752.365883][T12452] copy_msghdr_from_user+0x9f/0x4f0 [ 752.365917][T12452] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 752.365954][T12452] ? __pfx__kstrtoull+0x10/0x10 [ 752.365996][T12452] ___sys_sendmsg+0x106/0x1e0 [ 752.366028][T12452] ? __pfx____sys_sendmsg+0x10/0x10 [ 752.366072][T12452] ? find_held_lock+0x2b/0x80 [ 752.366158][T12452] __sys_sendmmsg+0x205/0x430 [ 752.366194][T12452] ? __pfx___sys_sendmmsg+0x10/0x10 [ 752.366236][T12452] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 752.366274][T12452] ? fput+0x79/0x100 [ 752.366302][T12452] ? ksys_write+0x1ac/0x250 [ 752.366324][T12452] ? __pfx_ksys_write+0x10/0x10 [ 752.366351][T12452] __x64_sys_sendmmsg+0x9c/0x100 [ 752.366373][T12452] ? lockdep_hardirqs_on+0x78/0x100 [ 752.366397][T12452] do_syscall_64+0x106/0xf80 [ 752.366420][T12452] ? clear_bhb_loop+0x40/0x90 [ 752.366448][T12452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.366472][T12452] RIP: 0033:0x7f3abc59c819 [ 752.366490][T12452] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 752.366512][T12452] RSP: 002b:00007f3abd393028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 752.366533][T12452] RAX: ffffffffffffffda RBX: 00007f3abc816090 RCX: 00007f3abc59c819 [ 752.366548][T12452] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 752.366561][T12452] RBP: 00007f3abd393090 R08: 0000000000000000 R09: 0000000000000000 [ 752.366574][T12452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 752.366587][T12452] R13: 00007f3abc816128 R14: 00007f3abc816090 R15: 00007ffe432041e8 [ 752.366616][T12452] [ 752.640099][T12458] nbd: must specify at least one socket [ 753.542444][T12464] FAULT_INJECTION: forcing a failure. [ 753.542444][T12464] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 753.594624][T12464] CPU: 0 UID: 0 PID: 12464 Comm: syz.1.1339 Tainted: G L syzkaller #0 PREEMPT(full) [ 753.594671][T12464] Tainted: [L]=SOFTLOCKUP [ 753.594682][T12464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 753.594699][T12464] Call Trace: [ 753.594709][T12464] [ 753.594720][T12464] dump_stack_lvl+0x100/0x190 [ 753.594776][T12464] should_fail_ex.cold+0x5/0xa [ 753.594823][T12464] _copy_from_user+0x2e/0xd0 [ 753.594868][T12464] copy_msghdr_from_user+0x9f/0x4f0 [ 753.594913][T12464] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 753.594976][T12464] ___sys_sendmsg+0x106/0x1e0 [ 753.595022][T12464] ? __pfx____sys_sendmsg+0x10/0x10 [ 753.595115][T12464] __sys_sendmsg+0x170/0x220 [ 753.595148][T12464] ? __pfx___sys_sendmsg+0x10/0x10 [ 753.595204][T12464] do_syscall_64+0x106/0xf80 [ 753.595237][T12464] ? clear_bhb_loop+0x40/0x90 [ 753.595278][T12464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.595311][T12464] RIP: 0033:0x7f3abc59c819 [ 753.595336][T12464] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 753.595366][T12464] RSP: 002b:00007f3abd3b4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 753.595395][T12464] RAX: ffffffffffffffda RBX: 00007f3abc815fa0 RCX: 00007f3abc59c819 [ 753.595415][T12464] RDX: 0000000004048090 RSI: 0000200000000d80 RDI: 0000000000000008 [ 753.595435][T12464] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 753.595453][T12464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 753.595471][T12464] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 753.595510][T12464] [ 753.913664][T12470] openvswitch: netlink: Key 15 has unexpected len 16 expected 4 [ 753.960741][T12475] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(1884713407.2646898429.3057755795), cmd(12) [ 754.413026][T12472] zswap: compressor not available [ 754.827980][T12485] FAULT_INJECTION: forcing a failure. [ 754.827980][T12485] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 754.876615][T12485] CPU: 1 UID: 0 PID: 12485 Comm: syz.2.1344 Tainted: G L syzkaller #0 PREEMPT(full) [ 754.876663][T12485] Tainted: [L]=SOFTLOCKUP [ 754.876673][T12485] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 754.876690][T12485] Call Trace: [ 754.876700][T12485] [ 754.876711][T12485] dump_stack_lvl+0x100/0x190 [ 754.876766][T12485] should_fail_ex.cold+0x5/0xa [ 754.876804][T12485] ? __pfx_clear_refs_write+0x10/0x10 [ 754.876848][T12485] _copy_from_user+0x2e/0xd0 [ 754.876893][T12485] clear_refs_write+0xf1/0xb00 [ 754.876945][T12485] ? __pfx_clear_refs_write+0x10/0x10 [ 754.876993][T12485] ? __lock_acquire+0x4a5/0x2630 [ 754.877045][T12485] ? __pfx___might_resched+0x10/0x10 [ 754.877096][T12485] ? iovec_from_user+0xda/0x140 [ 754.877164][T12485] ? __pfx_clear_refs_write+0x10/0x10 [ 754.877206][T12485] vfs_writev+0x5ea/0xe10 [ 754.877233][T12485] ? rcu_is_watching+0x12/0xc0 [ 754.877292][T12485] ? __pfx_vfs_writev+0x10/0x10 [ 754.877317][T12485] ? fdget_pos+0x2aa/0x380 [ 754.877354][T12485] ? find_held_lock+0x2b/0x80 [ 754.877411][T12485] ? __fget_files+0x21f/0x3d0 [ 754.877454][T12485] ? do_writev+0x13e/0x340 [ 754.877480][T12485] do_writev+0x13e/0x340 [ 754.877511][T12485] ? __pfx_do_writev+0x10/0x10 [ 754.877553][T12485] do_syscall_64+0x106/0xf80 [ 754.877586][T12485] ? clear_bhb_loop+0x40/0x90 [ 754.877631][T12485] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 754.877664][T12485] RIP: 0033:0x7f8014d9c819 [ 754.877691][T12485] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 754.877722][T12485] RSP: 002b:00007f8015bef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 754.877752][T12485] RAX: ffffffffffffffda RBX: 00007f8015015fa0 RCX: 00007f8014d9c819 [ 754.877772][T12485] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 754.877791][T12485] RBP: 00007f8015bef090 R08: 0000000000000000 R09: 0000000000000000 [ 754.877810][T12485] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 754.877828][T12485] R13: 00007f8015016038 R14: 00007f8015015fa0 R15: 00007ffdbd567a38 [ 754.877872][T12485] [ 755.152678][ T5143] Bluetooth: hci3: unexpected event 0x36 length: 123 > 7 [ 755.187976][T12496] FAULT_INJECTION: forcing a failure. [ 755.187976][T12496] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 755.208550][T12496] CPU: 1 UID: 0 PID: 12496 Comm: syz.1.1348 Tainted: G L syzkaller #0 PREEMPT(full) [ 755.208586][T12496] Tainted: [L]=SOFTLOCKUP [ 755.208594][T12496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 755.208608][T12496] Call Trace: [ 755.208622][T12496] [ 755.208630][T12496] dump_stack_lvl+0x100/0x190 [ 755.208677][T12496] should_fail_ex.cold+0x5/0xa [ 755.208705][T12496] ? __pfx_clear_refs_write+0x10/0x10 [ 755.208736][T12496] _copy_from_user+0x2e/0xd0 [ 755.208767][T12496] clear_refs_write+0xf1/0xb00 [ 755.208804][T12496] ? __pfx_clear_refs_write+0x10/0x10 [ 755.208838][T12496] ? __lock_acquire+0x4a5/0x2630 [ 755.208871][T12496] ? __pfx___might_resched+0x10/0x10 [ 755.208910][T12496] ? iovec_from_user+0xda/0x140 [ 755.208958][T12496] ? __pfx_clear_refs_write+0x10/0x10 [ 755.208987][T12496] vfs_writev+0x5ea/0xe10 [ 755.209007][T12496] ? rcu_is_watching+0x12/0xc0 [ 755.209050][T12496] ? __pfx_vfs_writev+0x10/0x10 [ 755.209068][T12496] ? fdget_pos+0x2aa/0x380 [ 755.209095][T12496] ? find_held_lock+0x2b/0x80 [ 755.209134][T12496] ? __fget_files+0x21f/0x3d0 [ 755.209164][T12496] ? do_writev+0x13e/0x340 [ 755.209182][T12496] do_writev+0x13e/0x340 [ 755.209208][T12496] ? __pfx_do_writev+0x10/0x10 [ 755.209239][T12496] do_syscall_64+0x106/0xf80 [ 755.209263][T12496] ? clear_bhb_loop+0x40/0x90 [ 755.209291][T12496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.209314][T12496] RIP: 0033:0x7f3abc59c819 [ 755.209332][T12496] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 755.209354][T12496] RSP: 002b:00007f3abd3b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 755.209376][T12496] RAX: ffffffffffffffda RBX: 00007f3abc815fa0 RCX: 00007f3abc59c819 [ 755.209390][T12496] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 755.209404][T12496] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 755.209417][T12496] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 755.209430][T12496] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 755.209460][T12496] [ 755.717680][T12493] syz.3.1347 uses obsolete (PF_INET,SOCK_PACKET) [ 755.851433][T12501] nbd: must specify at least one socket [ 756.815207][T12536] FAULT_INJECTION: forcing a failure. [ 756.815207][T12536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 756.886251][T12536] CPU: 0 UID: 0 PID: 12536 Comm: syz.0.1357 Tainted: G L syzkaller #0 PREEMPT(full) [ 756.886303][T12536] Tainted: [L]=SOFTLOCKUP [ 756.886314][T12536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 756.886332][T12536] Call Trace: [ 756.886343][T12536] [ 756.886355][T12536] dump_stack_lvl+0x100/0x190 [ 756.886413][T12536] should_fail_ex.cold+0x5/0xa [ 756.886449][T12536] _copy_from_user+0x2e/0xd0 [ 756.886492][T12536] copy_msghdr_from_user+0x9f/0x4f0 [ 756.886540][T12536] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 756.886590][T12536] ? __pfx__kstrtoull+0x10/0x10 [ 756.886647][T12536] ___sys_sendmsg+0x106/0x1e0 [ 756.886693][T12536] ? __pfx____sys_sendmsg+0x10/0x10 [ 756.886757][T12536] ? find_held_lock+0x2b/0x80 [ 756.886827][T12536] __sys_sendmmsg+0x205/0x430 [ 756.886865][T12536] ? __pfx___sys_sendmmsg+0x10/0x10 [ 756.886910][T12536] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 756.886963][T12536] ? fput+0x79/0x100 [ 756.887001][T12536] ? ksys_write+0x1ac/0x250 [ 756.887030][T12536] ? __pfx_ksys_write+0x10/0x10 [ 756.887067][T12536] __x64_sys_sendmmsg+0x9c/0x100 [ 756.887097][T12536] ? lockdep_hardirqs_on+0x78/0x100 [ 756.887131][T12536] do_syscall_64+0x106/0xf80 [ 756.887162][T12536] ? clear_bhb_loop+0x40/0x90 [ 756.887201][T12536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 756.887234][T12536] RIP: 0033:0x7fe2fe19c819 [ 756.887259][T12536] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 756.887287][T12536] RSP: 002b:00007fe2feffd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 756.887316][T12536] RAX: ffffffffffffffda RBX: 00007fe2fe416090 RCX: 00007fe2fe19c819 [ 756.887335][T12536] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 756.887352][T12536] RBP: 00007fe2feffd090 R08: 0000000000000000 R09: 0000000000000000 [ 756.887370][T12536] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000001 [ 756.887387][T12536] R13: 00007fe2fe416128 R14: 00007fe2fe416090 R15: 00007fff1d718b48 [ 756.887427][T12536] [ 758.347393][T12550] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 758.350197][T12546] nbd: must specify at least one socket [ 758.354026][T12550] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 758.411015][T12550] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 758.417447][T12550] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 758.996667][T12567] FAULT_INJECTION: forcing a failure. [ 758.996667][T12567] name failslab, interval 1, probability 0, space 0, times 0 [ 759.048320][T12567] CPU: 1 UID: 0 PID: 12567 Comm: syz.2.1362 Tainted: G L syzkaller #0 PREEMPT(full) [ 759.048370][T12567] Tainted: [L]=SOFTLOCKUP [ 759.048381][T12567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 759.048399][T12567] Call Trace: [ 759.048409][T12567] [ 759.048431][T12567] dump_stack_lvl+0x100/0x190 [ 759.048487][T12567] should_fail_ex.cold+0x5/0xa [ 759.048526][T12567] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 759.048561][T12567] should_failslab+0xc2/0x120 [ 759.048594][T12567] __kmalloc_noprof+0xe0/0x850 [ 759.048645][T12567] ? __pfx_aa_file_perm+0x10/0x10 [ 759.048700][T12567] kernfs_fop_write_iter+0x26a/0x5f0 [ 759.048742][T12567] do_iter_readv_writev+0x6ee/0x920 [ 759.048795][T12567] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 759.048855][T12567] vfs_writev+0x360/0xe10 [ 759.048874][T12567] ? rcu_is_watching+0x12/0xc0 [ 759.048919][T12567] ? __pfx_vfs_writev+0x10/0x10 [ 759.048937][T12567] ? fdget_pos+0x2aa/0x380 [ 759.048964][T12567] ? find_held_lock+0x2b/0x80 [ 759.049008][T12567] ? __fget_files+0x21f/0x3d0 [ 759.049043][T12567] ? do_writev+0x13e/0x340 [ 759.049062][T12567] do_writev+0x13e/0x340 [ 759.049083][T12567] ? __pfx_do_writev+0x10/0x10 [ 759.049116][T12567] do_syscall_64+0x106/0xf80 [ 759.049140][T12567] ? clear_bhb_loop+0x40/0x90 [ 759.049168][T12567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.049192][T12567] RIP: 0033:0x7f8014d9c819 [ 759.049211][T12567] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 759.049234][T12567] RSP: 002b:00007f8015b8c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 759.049255][T12567] RAX: ffffffffffffffda RBX: 00007f8015016270 RCX: 00007f8014d9c819 [ 759.049271][T12567] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000007 [ 759.049284][T12567] RBP: 00007f8015b8c090 R08: 0000000000000000 R09: 0000000000000000 [ 759.049297][T12567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 759.049310][T12567] R13: 00007f8015016308 R14: 00007f8015016270 R15: 00007ffdbd567a38 [ 759.049340][T12567] [ 759.268648][T12570] FAULT_INJECTION: forcing a failure. [ 759.268648][T12570] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 759.355805][T12570] CPU: 0 UID: 0 PID: 12570 Comm: syz.1.1366 Tainted: G L syzkaller #0 PREEMPT(full) [ 759.355842][T12570] Tainted: [L]=SOFTLOCKUP [ 759.355850][T12570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 759.355863][T12570] Call Trace: [ 759.355871][T12570] [ 759.355879][T12570] dump_stack_lvl+0x100/0x190 [ 759.355919][T12570] should_fail_ex.cold+0x5/0xa [ 759.355946][T12570] _copy_from_user+0x2e/0xd0 [ 759.355978][T12570] move_addr_to_kernel+0x65/0x170 [ 759.356010][T12570] __sys_connect+0xb5/0x170 [ 759.356044][T12570] ? __pfx___sys_connect+0x10/0x10 [ 759.356076][T12570] ? __fget_files+0x21f/0x3d0 [ 759.356153][T12570] ? __pfx_ksys_write+0x10/0x10 [ 759.356195][T12570] __x64_sys_connect+0x72/0xb0 [ 759.356228][T12570] ? lockdep_hardirqs_on+0x78/0x100 [ 759.356252][T12570] do_syscall_64+0x106/0xf80 [ 759.356275][T12570] ? clear_bhb_loop+0x40/0x90 [ 759.356303][T12570] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 759.356326][T12570] RIP: 0033:0x7f3abc59c819 [ 759.356344][T12570] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 759.356372][T12570] RSP: 002b:00007f3abd3b4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 759.356394][T12570] RAX: ffffffffffffffda RBX: 00007f3abc815fa0 RCX: 00007f3abc59c819 [ 759.356409][T12570] RDX: 0000000000000058 RSI: 0000000000000000 RDI: 0000000000000003 [ 759.356422][T12570] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 759.356436][T12570] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 759.356449][T12570] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 759.356478][T12570] [ 760.377603][ T5143] Bluetooth: hci1: command 0x0406 tx timeout [ 760.381288][T12305] Bluetooth: hci0: command 0x0406 tx timeout [ 760.456300][T12305] Bluetooth: hci2: command 0x0406 tx timeout [ 760.456321][ T5143] Bluetooth: hci3: command 0x0406 tx timeout [ 760.743353][T12587] FAULT_INJECTION: forcing a failure. [ 760.743353][T12587] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 760.806370][T12587] CPU: 1 UID: 0 PID: 12587 Comm: syz.3.1372 Tainted: G L syzkaller #0 PREEMPT(full) [ 760.806422][T12587] Tainted: [L]=SOFTLOCKUP [ 760.806433][T12587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 760.806451][T12587] Call Trace: [ 760.806461][T12587] [ 760.806473][T12587] dump_stack_lvl+0x100/0x190 [ 760.806529][T12587] should_fail_ex.cold+0x5/0xa [ 760.806561][T12587] ? prepare_alloc_pages+0x16d/0x5f0 [ 760.806604][T12587] should_fail_alloc_page+0xeb/0x140 [ 760.806644][T12587] prepare_alloc_pages+0x1f0/0x5f0 [ 760.806684][T12587] ? __lock_acquire+0x4a5/0x2630 [ 760.806732][T12587] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 760.806797][T12587] ? lock_acquire+0x1cf/0x380 [ 760.806841][T12587] ? find_held_lock+0x2b/0x80 [ 760.806872][T12587] ? page_table_check_set+0x49a/0xa10 [ 760.806906][T12587] ? page_table_check_set+0x49a/0xa10 [ 760.806943][T12587] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 760.807009][T12587] ? __page_table_check_ptes_set+0x1b5/0x4e0 [ 760.807043][T12587] ? xas_move_index+0xae/0x110 [ 760.807078][T12587] ? xas_find+0x32c/0x8e0 [ 760.807119][T12587] ? find_held_lock+0x2b/0x80 [ 760.807150][T12587] ? find_held_lock+0x2b/0x80 [ 760.807180][T12587] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 760.807217][T12587] ? policy_nodemask+0xed/0x4f0 [ 760.807265][T12587] alloc_pages_mpol+0x1fb/0x550 [ 760.807305][T12587] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 760.807354][T12587] folio_alloc_mpol_noprof+0x36/0x340 [ 760.807405][T12587] vma_alloc_folio_noprof+0xed/0x1d0 [ 760.807449][T12587] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 760.807505][T12587] do_anonymous_page+0xb3a/0x1fb0 [ 760.807569][T12587] __handle_mm_fault+0x1d48/0x2b60 [ 760.807625][T12587] ? reacquire_held_locks+0xce/0x1e0 [ 760.807670][T12587] ? __pfx___handle_mm_fault+0x10/0x10 [ 760.807725][T12587] ? lock_vma_under_rcu+0x17c/0x590 [ 760.807798][T12587] handle_mm_fault+0x36d/0xa20 [ 760.807854][T12587] do_user_addr_fault+0x5a3/0x12f0 [ 760.807901][T12587] exc_page_fault+0x6f/0xd0 [ 760.807935][T12587] asm_exc_page_fault+0x26/0x30 [ 760.807967][T12587] RIP: 0033:0x7f8523a5dfcb [ 760.807992][T12587] Code: 00 00 00 48 8d 3d bd a6 1a 00 48 89 c1 31 c0 e8 5b 32 ff ff eb d2 66 0f 1f 84 00 00 00 00 00 55 31 c0 53 48 81 ec 68 10 00 00 <48> 89 7c 24 08 48 8d 3d f1 a6 1a 00 48 89 34 24 48 8b 14 24 48 8b [ 760.808021][T12587] RSP: 002b:00007f8524a7dfa0 EFLAGS: 00010206 [ 760.808046][T12587] RAX: 0000000000000000 RBX: 00007f8523e15fa0 RCX: 0000000000000000 [ 760.808065][T12587] RDX: 0000000000000000 RSI: ffffffffffffffff RDI: 0000200000001940 [ 760.808085][T12587] RBP: 00007f8524a7f090 R08: 0000000000000000 R09: 0000000000000000 [ 760.808103][T12587] R10: 0000200000001940 R11: 0000000000000000 R12: 0000000000000001 [ 760.808122][T12587] R13: 00007f8523e16038 R14: 00007f8523e15fa0 R15: 00007ffd07d7c818 [ 760.808165][T12587] [ 760.815105][T12587] Huh VM_FAULT_OOM leaked out to the #PF handler. Retrying PF [ 761.367853][T12596] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(1884713407.2646898429.3057755795), cmd(12) [ 764.123712][T12640] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(1884713407.2646898429.3057755795), cmd(12) [ 764.482863][T12599] syz.2.1376 (12599) used greatest stack depth: 19672 bytes left [ 765.831019][T12659] FAULT_INJECTION: forcing a failure. [ 765.831019][T12659] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 765.897207][T12659] CPU: 1 UID: 0 PID: 12659 Comm: syz.1.1392 Tainted: G L syzkaller #0 PREEMPT(full) [ 765.897267][T12659] Tainted: [L]=SOFTLOCKUP [ 765.897278][T12659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 765.897296][T12659] Call Trace: [ 765.897307][T12659] [ 765.897319][T12659] dump_stack_lvl+0x100/0x190 [ 765.897375][T12659] should_fail_ex.cold+0x5/0xa [ 765.897414][T12659] _copy_from_user+0x2e/0xd0 [ 765.897459][T12659] copy_msghdr_from_user+0x9f/0x4f0 [ 765.897507][T12659] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 765.897568][T12659] ? __pfx__kstrtoull+0x10/0x10 [ 765.897630][T12659] ___sys_sendmsg+0x106/0x1e0 [ 765.897683][T12659] ? __pfx____sys_sendmsg+0x10/0x10 [ 765.897746][T12659] ? find_held_lock+0x2b/0x80 [ 765.897805][T12659] __sys_sendmmsg+0x205/0x430 [ 765.897849][T12659] ? __pfx___sys_sendmmsg+0x10/0x10 [ 765.897896][T12659] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 765.897951][T12659] ? fput+0x79/0x100 [ 765.897992][T12659] ? ksys_write+0x1ac/0x250 [ 765.898038][T12659] ? __pfx_ksys_write+0x10/0x10 [ 765.898078][T12659] __x64_sys_sendmmsg+0x9c/0x100 [ 765.898117][T12659] ? lockdep_hardirqs_on+0x78/0x100 [ 765.898151][T12659] do_syscall_64+0x106/0xf80 [ 765.898192][T12659] ? clear_bhb_loop+0x40/0x90 [ 765.898233][T12659] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 765.898281][T12659] RIP: 0033:0x7f3abc59c819 [ 765.898316][T12659] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 765.898354][T12659] RSP: 002b:00007f3abd3b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 765.898402][T12659] RAX: ffffffffffffffda RBX: 00007f3abc815fa0 RCX: 00007f3abc59c819 [ 765.898427][T12659] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 765.898440][T12659] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 765.898454][T12659] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000001 [ 765.898467][T12659] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 765.898497][T12659] [ 767.236897][T12684] can: request_module (can-proto-0) failed. [ 767.301479][T12684] vhci_hcd vhci_hcd.2: invalid port number 135 [ 767.336659][T12684] vhci_hcd vhci_hcd.2: invalid port number 135 [ 769.398368][T12714] futex_wake_op: syz.3.1404 tries to shift op by -2048; fix this program [ 769.799632][T12722] FAULT_INJECTION: forcing a failure. [ 769.799632][T12722] name failslab, interval 1, probability 0, space 0, times 0 [ 769.823802][T12722] CPU: 0 UID: 0 PID: 12722 Comm: syz.3.1408 Tainted: G L syzkaller #0 PREEMPT(full) [ 769.823867][T12722] Tainted: [L]=SOFTLOCKUP [ 769.823880][T12722] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 769.823900][T12722] Call Trace: [ 769.823911][T12722] [ 769.823924][T12722] dump_stack_lvl+0x100/0x190 [ 769.823983][T12722] should_fail_ex.cold+0x5/0xa [ 769.824024][T12722] should_failslab+0xc2/0x120 [ 769.824064][T12722] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 769.824119][T12722] ? alloc_empty_file+0x55/0x1c0 [ 769.824171][T12722] alloc_empty_file+0x55/0x1c0 [ 769.824216][T12722] alloc_file_pseudo+0x13a/0x230 [ 769.824264][T12722] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 769.824312][T12722] ? tipc_sk_finish_conn+0x600/0x7a0 [ 769.824362][T12722] sock_alloc_file+0x50/0x210 [ 769.824401][T12722] __sys_socketpair+0x353/0x5b0 [ 769.824452][T12722] ? __pfx___sys_socketpair+0x10/0x10 [ 769.824502][T12722] ? xfd_validate_state+0x129/0x190 [ 769.824564][T12722] __x64_sys_socketpair+0x96/0x100 [ 769.824612][T12722] ? lockdep_hardirqs_on+0x78/0x100 [ 769.824649][T12722] do_syscall_64+0x106/0xf80 [ 769.824683][T12722] ? clear_bhb_loop+0x40/0x90 [ 769.824724][T12722] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 769.824757][T12722] RIP: 0033:0x7f8523b9c819 [ 769.824783][T12722] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 769.824822][T12722] RSP: 002b:00007f8524a7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 769.824854][T12722] RAX: ffffffffffffffda RBX: 00007f8523e15fa0 RCX: 00007f8523b9c819 [ 769.824876][T12722] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 769.824896][T12722] RBP: 00007f8523c32c91 R08: 0000000000000000 R09: 0000000000000000 [ 769.824916][T12722] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 769.824934][T12722] R13: 00007f8523e16038 R14: 00007f8523e15fa0 R15: 00007ffd07d7c818 [ 769.824976][T12722] [ 770.318942][T12727] can: request_module (can-proto-0) failed. [ 770.332673][T12727] vhci_hcd vhci_hcd.2: invalid port number 135 [ 770.339088][T12727] vhci_hcd vhci_hcd.2: invalid port number 135 [ 773.090522][T12768] futex_wake_op: syz.0.1416 tries to shift op by -2048; fix this program [ 773.570557][T12778] FAULT_INJECTION: forcing a failure. [ 773.570557][T12778] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 773.656602][T12778] CPU: 1 UID: 0 PID: 12778 Comm: syz.3.1418 Tainted: G L syzkaller #0 PREEMPT(full) [ 773.656652][T12778] Tainted: [L]=SOFTLOCKUP [ 773.656663][T12778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 773.656681][T12778] Call Trace: [ 773.656692][T12778] [ 773.656703][T12778] dump_stack_lvl+0x100/0x190 [ 773.656758][T12778] should_fail_ex.cold+0x5/0xa [ 773.656797][T12778] _copy_from_iter+0x1f4/0x1690 [ 773.656852][T12778] ? __pfx__copy_from_iter+0x10/0x10 [ 773.656893][T12778] ? aa_file_perm+0x7e4/0x14d0 [ 773.656962][T12778] copy_page_from_iter+0xde/0x180 [ 773.657011][T12778] anon_pipe_write+0xae4/0x1d40 [ 773.657063][T12778] ? __pfx_anon_pipe_write+0x10/0x10 [ 773.657100][T12778] ? apparmor_file_permission+0x13f/0x1c0 [ 773.657142][T12778] ? bpf_lsm_file_permission+0x9/0x10 [ 773.657174][T12778] ? security_file_permission+0x76/0x210 [ 773.657221][T12778] ? rw_verify_area+0xce/0x6d0 [ 773.657299][T12778] vfs_write+0x6ac/0x1070 [ 773.657333][T12778] ? __pfx_anon_pipe_write+0x10/0x10 [ 773.657372][T12778] ? __pfx_vfs_write+0x10/0x10 [ 773.657401][T12778] ? find_held_lock+0x2b/0x80 [ 773.657462][T12778] ksys_write+0x1f8/0x250 [ 773.657494][T12778] ? __pfx_ksys_write+0x10/0x10 [ 773.657539][T12778] do_syscall_64+0x106/0xf80 [ 773.657573][T12778] ? clear_bhb_loop+0x40/0x90 [ 773.657618][T12778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 773.657651][T12778] RIP: 0033:0x7f8523b9c819 [ 773.657677][T12778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 773.657706][T12778] RSP: 002b:00007f8524a5e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 773.657736][T12778] RAX: ffffffffffffffda RBX: 00007f8523e16090 RCX: 00007f8523b9c819 [ 773.657756][T12778] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 773.657775][T12778] RBP: 00007f8524a5e090 R08: 0000000000000000 R09: 0000000000000000 [ 773.657794][T12778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 773.657812][T12778] R13: 00007f8523e16128 R14: 00007f8523e16090 R15: 00007ffd07d7c818 [ 773.657855][T12778] [ 774.184888][T12780] serio: Serial port pty6 [ 774.669312][T12785] capability: warning: `syz.3.1421' uses 32-bit capabilities (legacy support in use) [ 774.902329][T12791] QAT: Stopping all acceleration devices. [ 775.976814][T12791] QAT: Invalid ioctl 35077 [ 778.217968][T12305] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 780.667407][T12869] FAULT_INJECTION: forcing a failure. [ 780.667407][T12869] name failslab, interval 1, probability 0, space 0, times 0 [ 780.804166][T12869] CPU: 1 UID: 0 PID: 12869 Comm: syz.0.1438 Tainted: G L syzkaller #0 PREEMPT(full) [ 780.804217][T12869] Tainted: [L]=SOFTLOCKUP [ 780.804229][T12869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 780.804247][T12869] Call Trace: [ 780.804257][T12869] [ 780.804269][T12869] dump_stack_lvl+0x100/0x190 [ 780.804325][T12869] should_fail_ex.cold+0x5/0xa [ 780.804364][T12869] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 780.804401][T12869] should_failslab+0xc2/0x120 [ 780.804438][T12869] __kmalloc_noprof+0xe0/0x850 [ 780.804498][T12869] kernfs_fop_write_iter+0x26a/0x5f0 [ 780.804543][T12869] vfs_write+0x6ac/0x1070 [ 780.804577][T12869] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 780.804620][T12869] ? __pfx_vfs_write+0x10/0x10 [ 780.804688][T12869] ksys_write+0x12a/0x250 [ 780.804722][T12869] ? __pfx_ksys_write+0x10/0x10 [ 780.804768][T12869] do_syscall_64+0x106/0xf80 [ 780.804803][T12869] ? clear_bhb_loop+0x40/0x90 [ 780.804844][T12869] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 780.804878][T12869] RIP: 0033:0x7fe2fe19c819 [ 780.804904][T12869] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 780.804935][T12869] RSP: 002b:00007fe2ff01e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 780.804965][T12869] RAX: ffffffffffffffda RBX: 00007fe2fe415fa0 RCX: 00007fe2fe19c819 [ 780.804985][T12869] RDX: 0000000000000007 RSI: 0000000000000000 RDI: 0000000000000003 [ 780.805003][T12869] RBP: 00007fe2ff01e090 R08: 0000000000000000 R09: 0000000000000000 [ 780.805022][T12869] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 780.805040][T12869] R13: 00007fe2fe416038 R14: 00007fe2fe415fa0 R15: 00007fff1d718b48 [ 780.805084][T12869] [ 781.440962][T12877] synth uevent: /devices/virtual/tty/ptytb: unknown uevent action string [ 781.542349][T12877] tty ptytb: uevent: failed to send synthetic uevent: -22 [ 782.066718][T12888] futex_wake_op: syz.2.1443 tries to shift op by -2048; fix this program [ 783.695495][T12904] FAULT_INJECTION: forcing a failure. [ 783.695495][T12904] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 783.848404][T12904] CPU: 1 UID: 0 PID: 12904 Comm: syz.3.1447 Tainted: G L syzkaller #0 PREEMPT(full) [ 783.848453][T12904] Tainted: [L]=SOFTLOCKUP [ 783.848474][T12904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 783.848493][T12904] Call Trace: [ 783.848503][T12904] [ 783.848515][T12904] dump_stack_lvl+0x100/0x190 [ 783.848572][T12904] should_fail_ex.cold+0x5/0xa [ 783.848612][T12904] _copy_from_user+0x2e/0xd0 [ 783.848655][T12904] copy_msghdr_from_user+0x9f/0x4f0 [ 783.848702][T12904] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 783.848756][T12904] ? __pfx__kstrtoull+0x10/0x10 [ 783.848817][T12904] ___sys_sendmsg+0x106/0x1e0 [ 783.848864][T12904] ? __pfx____sys_sendmsg+0x10/0x10 [ 783.848928][T12904] ? find_held_lock+0x2b/0x80 [ 783.848988][T12904] __sys_sendmmsg+0x205/0x430 [ 783.849026][T12904] ? __pfx___sys_sendmmsg+0x10/0x10 [ 783.849072][T12904] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 783.849128][T12904] ? fput+0x79/0x100 [ 783.849169][T12904] ? ksys_write+0x1ac/0x250 [ 783.849201][T12904] ? __pfx_ksys_write+0x10/0x10 [ 783.849247][T12904] __x64_sys_sendmmsg+0x9c/0x100 [ 783.849280][T12904] ? lockdep_hardirqs_on+0x78/0x100 [ 783.849314][T12904] do_syscall_64+0x106/0xf80 [ 783.849348][T12904] ? clear_bhb_loop+0x40/0x90 [ 783.849388][T12904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 783.849422][T12904] RIP: 0033:0x7f8523b9c819 [ 783.849449][T12904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 783.849494][T12904] RSP: 002b:00007f8524a7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 783.849525][T12904] RAX: ffffffffffffffda RBX: 00007f8523e15fa0 RCX: 00007f8523b9c819 [ 783.849546][T12904] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 783.849565][T12904] RBP: 00007f8524a7f090 R08: 0000000000000000 R09: 0000000000000000 [ 783.849584][T12904] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 783.849602][T12904] R13: 00007f8523e16038 R14: 00007f8523e15fa0 R15: 00007ffd07d7c818 [ 783.849645][T12904] [ 785.184591][T12918] FAULT_INJECTION: forcing a failure. [ 785.184591][T12918] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 785.197887][T12918] CPU: 1 UID: 0 PID: 12918 Comm: syz.3.1450 Tainted: G L syzkaller #0 PREEMPT(full) [ 785.197923][T12918] Tainted: [L]=SOFTLOCKUP [ 785.197931][T12918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 785.197944][T12918] Call Trace: [ 785.197953][T12918] [ 785.197962][T12918] dump_stack_lvl+0x100/0x190 [ 785.198002][T12918] should_fail_ex.cold+0x5/0xa [ 785.198030][T12918] _copy_from_user+0x2e/0xd0 [ 785.198061][T12918] copy_msghdr_from_user+0x9f/0x4f0 [ 785.198094][T12918] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 785.198131][T12918] ? __pfx__kstrtoull+0x10/0x10 [ 785.198173][T12918] ___sys_sendmsg+0x106/0x1e0 [ 785.198206][T12918] ? __pfx____sys_sendmsg+0x10/0x10 [ 785.198249][T12918] ? find_held_lock+0x2b/0x80 [ 785.198291][T12918] __sys_sendmmsg+0x205/0x430 [ 785.198317][T12918] ? __pfx___sys_sendmmsg+0x10/0x10 [ 785.198395][T12918] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 785.198434][T12918] ? fput+0x79/0x100 [ 785.198463][T12918] ? ksys_write+0x1ac/0x250 [ 785.198485][T12918] ? __pfx_ksys_write+0x10/0x10 [ 785.198512][T12918] __x64_sys_sendmmsg+0x9c/0x100 [ 785.198534][T12918] ? lockdep_hardirqs_on+0x78/0x100 [ 785.198558][T12918] do_syscall_64+0x106/0xf80 [ 785.198582][T12918] ? clear_bhb_loop+0x40/0x90 [ 785.198610][T12918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 785.198634][T12918] RIP: 0033:0x7f8523b9c819 [ 785.198653][T12918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 785.198675][T12918] RSP: 002b:00007f8524a7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 785.198696][T12918] RAX: ffffffffffffffda RBX: 00007f8523e15fa0 RCX: 00007f8523b9c819 [ 785.198711][T12918] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 785.198724][T12918] RBP: 00007f8524a7f090 R08: 0000000000000000 R09: 0000000000000000 [ 785.198738][T12918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 785.198751][T12918] R13: 00007f8523e16038 R14: 00007f8523e15fa0 R15: 00007ffd07d7c818 [ 785.198780][T12918] [ 787.400882][T12947] FAULT_INJECTION: forcing a failure. [ 787.400882][T12947] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 787.528491][T12947] CPU: 1 UID: 0 PID: 12947 Comm: syz.3.1459 Tainted: G L syzkaller #0 PREEMPT(full) [ 787.528548][T12947] Tainted: [L]=SOFTLOCKUP [ 787.528556][T12947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 787.528570][T12947] Call Trace: [ 787.528577][T12947] [ 787.528585][T12947] dump_stack_lvl+0x100/0x190 [ 787.528625][T12947] should_fail_ex.cold+0x5/0xa [ 787.528653][T12947] strncpy_from_user+0x3b/0x2d0 [ 787.528686][T12947] do_getname+0x78/0x390 [ 787.528720][T12947] do_sys_openat2+0xc5/0x1e0 [ 787.528753][T12947] ? __pfx_do_sys_openat2+0x10/0x10 [ 787.528783][T12947] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 787.528813][T12947] ? __fget_files+0x21f/0x3d0 [ 787.528841][T12947] __x64_sys_openat+0x12d/0x210 [ 787.528874][T12947] ? __pfx___x64_sys_openat+0x10/0x10 [ 787.528905][T12947] ? ksys_write+0x1ac/0x250 [ 787.528937][T12947] do_syscall_64+0x106/0xf80 [ 787.528960][T12947] ? clear_bhb_loop+0x40/0x90 [ 787.528988][T12947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.529011][T12947] RIP: 0033:0x7f8523b9c819 [ 787.529030][T12947] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 787.529051][T12947] RSP: 002b:00007f8524a7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 787.529073][T12947] RAX: ffffffffffffffda RBX: 00007f8523e15fa0 RCX: 00007f8523b9c819 [ 787.529088][T12947] RDX: 00000000000a0942 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 787.529102][T12947] RBP: 00007f8524a7f090 R08: 0000000000000000 R09: 0000000000000000 [ 787.529116][T12947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 787.529129][T12947] R13: 00007f8523e16038 R14: 00007f8523e15fa0 R15: 00007ffd07d7c818 [ 787.529164][T12947] [ 789.566987][T12972] block loop4: the capability attribute has been deprecated. [ 789.575895][T12972] FAULT_INJECTION: forcing a failure. [ 789.575895][T12972] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 789.616283][T12972] CPU: 1 UID: 0 PID: 12972 Comm: syz.3.1468 Tainted: G L syzkaller #0 PREEMPT(full) [ 789.616321][T12972] Tainted: [L]=SOFTLOCKUP [ 789.616328][T12972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 789.616342][T12972] Call Trace: [ 789.616349][T12972] [ 789.616358][T12972] dump_stack_lvl+0x100/0x190 [ 789.616398][T12972] should_fail_ex.cold+0x5/0xa [ 789.616426][T12972] _copy_to_iter+0x1f3/0x1720 [ 789.616463][T12972] ? __pfx__copy_to_iter+0x10/0x10 [ 789.616492][T12972] ? kernfs_seq_stop+0xcd/0x120 [ 789.616524][T12972] ? kernfs_put_active+0x93/0xe0 [ 789.616549][T12972] seq_read_iter+0xdab/0x1270 [ 789.616599][T12972] kernfs_fop_read_iter+0x46c/0x610 [ 789.616628][T12972] ? rw_verify_area+0xce/0x6d0 [ 789.616662][T12972] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 789.616692][T12972] vfs_read+0x825/0xb30 [ 789.616718][T12972] ? __pfx_vfs_read+0x10/0x10 [ 789.616759][T12972] ksys_read+0x12a/0x250 [ 789.616780][T12972] ? __pfx_ksys_read+0x10/0x10 [ 789.616811][T12972] do_syscall_64+0x106/0xf80 [ 789.616834][T12972] ? clear_bhb_loop+0x40/0x90 [ 789.616862][T12972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 789.616886][T12972] RIP: 0033:0x7f8523b9c819 [ 789.616905][T12972] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 789.616927][T12972] RSP: 002b:00007f8524a7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 789.616947][T12972] RAX: ffffffffffffffda RBX: 00007f8523e15fa0 RCX: 00007f8523b9c819 [ 789.616962][T12972] RDX: 00000000000000f7 RSI: 0000200000000080 RDI: 0000000000000003 [ 789.616976][T12972] RBP: 00007f8524a7f090 R08: 0000000000000000 R09: 0000000000000000 [ 789.616989][T12972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 789.617004][T12972] R13: 00007f8523e16038 R14: 00007f8523e15fa0 R15: 00007ffd07d7c818 [ 789.617034][T12972] [ 789.978883][T12977] FAULT_INJECTION: forcing a failure. [ 789.978883][T12977] name failslab, interval 1, probability 0, space 0, times 0 [ 790.185841][T12977] CPU: 0 UID: 0 PID: 12977 Comm: syz.2.1467 Tainted: G L syzkaller #0 PREEMPT(full) [ 790.185890][T12977] Tainted: [L]=SOFTLOCKUP [ 790.185901][T12977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 790.185918][T12977] Call Trace: [ 790.185929][T12977] [ 790.185941][T12977] dump_stack_lvl+0x100/0x190 [ 790.185997][T12977] should_fail_ex.cold+0x5/0xa [ 790.186035][T12977] ? alloc_pipe_info+0x1ec/0x590 [ 790.186074][T12977] should_failslab+0xc2/0x120 [ 790.186108][T12977] __kmalloc_noprof+0xe0/0x850 [ 790.186156][T12977] ? bpf_lsm_capable+0x9/0x10 [ 790.186197][T12977] ? security_capable+0x80/0x260 [ 790.186231][T12977] alloc_pipe_info+0x1ec/0x590 [ 790.186266][T12977] splice_direct_to_actor+0x78f/0xa30 [ 790.186299][T12977] ? __lock_acquire+0x4a5/0x2630 [ 790.186335][T12977] ? __pfx_direct_splice_actor+0x10/0x10 [ 790.186367][T12977] ? __pfx_aa_file_perm+0x10/0x10 [ 790.186411][T12977] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 790.186452][T12977] do_splice_direct+0x174/0x240 [ 790.186483][T12977] ? __pfx_do_splice_direct+0x10/0x10 [ 790.186514][T12977] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 790.186548][T12977] ? rw_verify_area+0xce/0x6d0 [ 790.186595][T12977] do_sendfile+0xadc/0xe20 [ 790.186651][T12977] ? __pfx_do_sendfile+0x10/0x10 [ 790.186698][T12977] ? __fget_files+0x21f/0x3d0 [ 790.186736][T12977] __x64_sys_sendfile64+0x1d8/0x220 [ 790.186769][T12977] ? ksys_write+0x1ac/0x250 [ 790.186796][T12977] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 790.186841][T12977] do_syscall_64+0x106/0xf80 [ 790.186870][T12977] ? clear_bhb_loop+0x40/0x90 [ 790.186919][T12977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.186949][T12977] RIP: 0033:0x7f8014d9c819 [ 790.186973][T12977] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 790.187000][T12977] RSP: 002b:00007f8015bef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 790.187026][T12977] RAX: ffffffffffffffda RBX: 00007f8015015fa0 RCX: 00007f8014d9c819 [ 790.187045][T12977] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 790.187061][T12977] RBP: 00007f8015bef090 R08: 0000000000000000 R09: 0000000000000000 [ 790.187077][T12977] R10: 0000000000000b2d R11: 0000000000000246 R12: 0000000000000001 [ 790.187094][T12977] R13: 00007f8015016038 R14: 00007f8015015fa0 R15: 00007ffdbd567a38 [ 790.187129][T12977] [ 790.898562][T12988] FAULT_INJECTION: forcing a failure. [ 790.898562][T12988] name failslab, interval 1, probability 0, space 0, times 0 [ 790.911382][T12988] CPU: 0 UID: 0 PID: 12988 Comm: syz.0.1471 Tainted: G L syzkaller #0 PREEMPT(full) [ 790.911432][T12988] Tainted: [L]=SOFTLOCKUP [ 790.911443][T12988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 790.911461][T12988] Call Trace: [ 790.911472][T12988] [ 790.911483][T12988] dump_stack_lvl+0x100/0x190 [ 790.911539][T12988] should_fail_ex.cold+0x5/0xa [ 790.911578][T12988] ? tomoyo_encode2+0xfb/0x3c0 [ 790.911622][T12988] should_failslab+0xc2/0x120 [ 790.911659][T12988] __kmalloc_noprof+0xe0/0x850 [ 790.911720][T12988] tomoyo_encode2+0xfb/0x3c0 [ 790.911773][T12988] tomoyo_encode+0x29/0x50 [ 790.911817][T12988] tomoyo_realpath_from_path+0x18c/0x690 [ 790.911876][T12988] tomoyo_path_number_perm+0x23c/0x580 [ 790.911916][T12988] ? tomoyo_path_number_perm+0x22e/0x580 [ 790.911959][T12988] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 790.912039][T12988] ? find_held_lock+0x2b/0x80 [ 790.912071][T12988] ? __fget_files+0x215/0x3d0 [ 790.912101][T12988] ? hook_file_ioctl_common+0x146/0x410 [ 790.912159][T12988] ? __fget_files+0x21f/0x3d0 [ 790.912200][T12988] security_file_ioctl+0xd3/0x230 [ 790.912244][T12988] __x64_sys_ioctl+0xb7/0x210 [ 790.912298][T12988] do_syscall_64+0x106/0xf80 [ 790.912331][T12988] ? clear_bhb_loop+0x40/0x90 [ 790.912372][T12988] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.912405][T12988] RIP: 0033:0x7fe2fe19c819 [ 790.912432][T12988] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 790.912462][T12988] RSP: 002b:00007fe2ff01e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 790.912492][T12988] RAX: ffffffffffffffda RBX: 00007fe2fe415fa0 RCX: 00007fe2fe19c819 [ 790.912511][T12988] RDX: 0000200000000200 RSI: 0000000000008905 RDI: 0000000000000003 [ 790.912529][T12988] RBP: 00007fe2ff01e090 R08: 0000000000000000 R09: 0000000000000000 [ 790.912545][T12988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 790.912560][T12988] R13: 00007fe2fe416038 R14: 00007fe2fe415fa0 R15: 00007fff1d718b48 [ 790.912595][T12988] [ 790.912624][T12988] ERROR: Out of memory at tomoyo_realpath_from_path. [ 791.662312][T12996] futex_wake_op: syz.3.1476 tries to shift op by -2048; fix this program Ijn9_UVQ8j@:Un M%U[ 792.316212][T13012] futex_wake_op: syz.2.1479 tries to shift op by -2048; fix this program [ 793.549031][T13033] FAULT_INJECTION: forcing a failure. [ 793.549031][T13033] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 793.629965][T13033] CPU: 0 UID: 0 PID: 13033 Comm: syz.3.1486 Tainted: G L syzkaller #0 PREEMPT(full) [ 793.630013][T13033] Tainted: [L]=SOFTLOCKUP [ 793.630023][T13033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 793.630041][T13033] Call Trace: [ 793.630050][T13033] [ 793.630062][T13033] dump_stack_lvl+0x100/0x190 [ 793.630118][T13033] should_fail_ex.cold+0x5/0xa [ 793.630155][T13033] _copy_to_iter+0x5a4/0x1720 [ 793.630205][T13033] ? __pfx__copy_to_iter+0x10/0x10 [ 793.630241][T13033] ? lockdep_hardirqs_on+0x78/0x100 [ 793.630273][T13033] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 793.630334][T13033] ? seq_putc+0xba/0xf0 [ 793.630381][T13033] ? nfsd_show+0x2c2/0x330 [ 793.630427][T13033] seq_read_iter+0xdab/0x1270 [ 793.630489][T13033] seq_read+0x33b/0x4c0 [ 793.630515][T13033] ? __pfx_seq_read+0x10/0x10 [ 793.630564][T13033] ? __pfx_seq_read+0x10/0x10 [ 793.630589][T13033] proc_reg_read+0x240/0x330 [ 793.630634][T13033] ? __pfx_proc_reg_read+0x10/0x10 [ 793.630680][T13033] vfs_read+0x1e4/0xb30 [ 793.630712][T13033] ? __pfx_vfs_read+0x10/0x10 [ 793.630739][T13033] ? __fget_files+0x215/0x3d0 [ 793.630775][T13033] ? __fget_files+0x21f/0x3d0 [ 793.630813][T13033] ksys_read+0x12a/0x250 [ 793.630842][T13033] ? __pfx_ksys_read+0x10/0x10 [ 793.630885][T13033] do_syscall_64+0x106/0xf80 [ 793.630924][T13033] ? clear_bhb_loop+0x40/0x90 [ 793.630971][T13033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.631004][T13033] RIP: 0033:0x7f8523b9c819 [ 793.631029][T13033] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 793.631061][T13033] RSP: 002b:00007f8524a7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 793.631093][T13033] RAX: ffffffffffffffda RBX: 00007f8523e15fa0 RCX: 00007f8523b9c819 [ 793.631114][T13033] RDX: 00000000000000f8 RSI: 0000200000000080 RDI: 0000000000000003 [ 793.631133][T13033] RBP: 00007f8524a7f090 R08: 0000000000000000 R09: 0000000000000000 [ 793.631152][T13033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 793.631171][T13033] R13: 00007f8523e16038 R14: 00007f8523e15fa0 R15: 00007ffd07d7c818 [ 793.631211][T13033] [ 794.111524][T13037] FAULT_INJECTION: forcing a failure. [ 794.111524][T13037] name failslab, interval 1, probability 0, space 0, times 0 [ 794.124970][T13037] CPU: 0 UID: 0 PID: 13037 Comm: syz.0.1488 Tainted: G L syzkaller #0 PREEMPT(full) [ 794.125022][T13037] Tainted: [L]=SOFTLOCKUP [ 794.125033][T13037] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 794.125051][T13037] Call Trace: [ 794.125062][T13037] [ 794.125074][T13037] dump_stack_lvl+0x100/0x190 [ 794.125130][T13037] should_fail_ex.cold+0x5/0xa [ 794.125170][T13037] should_failslab+0xc2/0x120 [ 794.125207][T13037] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 794.125261][T13037] ? mas_alloc_nodes+0x280/0x390 [ 794.125320][T13037] mas_alloc_nodes+0x280/0x390 [ 794.125378][T13037] mas_preallocate+0x39c/0xf10 [ 794.125424][T13037] ? __pfx_mas_preallocate+0x10/0x10 [ 794.125472][T13037] ? vm_area_alloc+0x1f/0x160 [ 794.125522][T13037] ? lockdep_init_map_type+0x5c/0x250 [ 794.125575][T13037] __mmap_region+0x12b5/0x29e0 [ 794.125633][T13037] ? __pfx___mmap_region+0x10/0x10 [ 794.125681][T13037] ? process_measurement+0x1f4/0x2350 [ 794.125721][T13037] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 794.125764][T13037] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 794.125876][T13037] ? is_bpf_text_address+0x94/0x1a0 [ 794.125931][T13037] ? kernel_text_address+0x8d/0x100 [ 794.125983][T13037] ? __kernel_text_address+0xd/0x30 [ 794.126088][T13037] ? rcu_is_watching+0x12/0xc0 [ 794.126139][T13037] ? cap_capable+0x107/0x460 [ 794.126178][T13037] mmap_region+0x180/0x3e0 [ 794.126237][T13037] do_mmap+0xc63/0x12f0 [ 794.126283][T13037] ? __pfx_do_mmap+0x10/0x10 [ 794.126321][T13037] ? __pfx_down_write_killable+0x10/0x10 [ 794.126372][T13037] vm_mmap_pgoff+0x29e/0x470 [ 794.126420][T13037] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 794.126465][T13037] ? __fget_files+0x215/0x3d0 [ 794.126501][T13037] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 794.126546][T13037] ksys_mmap_pgoff+0xe1/0x650 [ 794.126606][T13037] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 794.126642][T13037] ? fput+0x79/0x100 [ 794.126682][T13037] ? ksys_write+0x1ac/0x250 [ 794.126713][T13037] ? __pfx_ksys_write+0x10/0x10 [ 794.126751][T13037] __x64_sys_mmap+0x125/0x190 [ 794.126807][T13037] do_syscall_64+0x106/0xf80 [ 794.126841][T13037] ? clear_bhb_loop+0x40/0x90 [ 794.126887][T13037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.126922][T13037] RIP: 0033:0x7fe2fe19c819 [ 794.126947][T13037] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 794.126978][T13037] RSP: 002b:00007fe2ff01e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 794.127009][T13037] RAX: ffffffffffffffda RBX: 00007fe2fe415fa0 RCX: 00007fe2fe19c819 [ 794.127030][T13037] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 794.127049][T13037] RBP: 00007fe2ff01e090 R08: 0000000000000002 R09: 0000000000008000 [ 794.127069][T13037] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 794.127088][T13037] R13: 00007fe2fe416038 R14: 00007fe2fe415fa0 R15: 00007fff1d718b48 [ 794.127132][T13037] [ 794.820385][T13040] futex_wake_op: syz.3.1489 tries to shift op by -2048; fix this program [ 795.122565][T13043] hub 1-0:1.0: USB hub found [ 795.184972][T13043] hub 1-0:1.0: 1 port detected [ 796.025366][T13059] FAULT_INJECTION: forcing a failure. [ 796.025366][T13059] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 796.038688][T13059] CPU: 1 UID: 0 PID: 13059 Comm: syz.1.1496 Tainted: G L syzkaller #0 PREEMPT(full) [ 796.038725][T13059] Tainted: [L]=SOFTLOCKUP [ 796.038733][T13059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 796.038747][T13059] Call Trace: [ 796.038762][T13059] [ 796.038772][T13059] dump_stack_lvl+0x100/0x190 [ 796.038812][T13059] should_fail_ex.cold+0x5/0xa [ 796.038840][T13059] _copy_to_user+0x32/0xd0 [ 796.038873][T13059] simple_read_from_buffer+0xcb/0x170 [ 796.038914][T13059] proc_fail_nth_read+0x1af/0x230 [ 796.038946][T13059] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 796.038977][T13059] ? rw_verify_area+0xce/0x6d0 [ 796.039012][T13059] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 796.039042][T13059] vfs_read+0x1e4/0xb30 [ 796.039067][T13059] ? __pfx_vfs_read+0x10/0x10 [ 796.039095][T13059] ? __fget_files+0x215/0x3d0 [ 796.039124][T13059] ? __fget_files+0x21f/0x3d0 [ 796.039155][T13059] ksys_read+0x12a/0x250 [ 796.039178][T13059] ? __pfx_ksys_read+0x10/0x10 [ 796.039208][T13059] do_syscall_64+0x106/0xf80 [ 796.039242][T13059] ? clear_bhb_loop+0x40/0x90 [ 796.039271][T13059] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.039300][T13059] RIP: 0033:0x7f3abc55d04e [ 796.039319][T13059] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 796.039343][T13059] RSP: 002b:00007f3abd3b3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 796.039365][T13059] RAX: ffffffffffffffda RBX: 00007f3abd3b46c0 RCX: 00007f3abc55d04e [ 796.039380][T13059] RDX: 000000000000000f RSI: 00007f3abd3b40a0 RDI: 0000000000000005 [ 796.039394][T13059] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 796.039408][T13059] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 796.039421][T13059] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 796.039451][T13059] [ 796.766882][T13067] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 796.773248][T13067] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 796.781309][T13067] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 796.816532][T13067] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 798.776341][T12305] Bluetooth: hci1: command 0x0406 tx timeout [ 798.782546][T12305] Bluetooth: hci0: command 0x0406 tx timeout [ 798.856609][ T5143] Bluetooth: hci3: command 0x0406 tx timeout [ 798.856640][T12305] Bluetooth: hci2: command 0x0406 tx timeout [ 799.006598][T13090] delete_channel: no stack [ 799.364575][T13095] futex_wake_op: syz.3.1502 tries to shift op by -2048; fix this program [ 800.249293][T13108] futex_wake_op: syz.2.1514 tries to shift op by -2048; fix this program [ 800.414851][T13111] futex_wake_op: syz.3.1506 tries to shift op by -2048; fix this program [ 802.170136][T13139] FAULT_INJECTION: forcing a failure. [ 802.170136][T13139] name fail_futex, interval 1, probability 0, space 0, times 0 [ 802.206784][T13139] CPU: 1 UID: 0 PID: 13139 Comm: syz.0.1515 Tainted: G L syzkaller #0 PREEMPT(full) [ 802.206835][T13139] Tainted: [L]=SOFTLOCKUP [ 802.206847][T13139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 802.206865][T13139] Call Trace: [ 802.206876][T13139] [ 802.206888][T13139] dump_stack_lvl+0x100/0x190 [ 802.206944][T13139] should_fail_ex.cold+0x5/0xa [ 802.206983][T13139] get_futex_key+0x295/0x1620 [ 802.207030][T13139] ? __pfx_get_futex_key+0x10/0x10 [ 802.207072][T13139] ? __might_fault+0xc5/0x140 [ 802.207133][T13139] futex_unlock_pi+0x16c/0x900 [ 802.207187][T13139] ? get_pid_task+0x106/0x250 [ 802.207238][T13139] ? proc_fail_nth_write+0x9f/0x220 [ 802.207283][T13139] ? __pfx_futex_unlock_pi+0x10/0x10 [ 802.207344][T13139] ? ksys_write+0x190/0x250 [ 802.207376][T13139] ? ksys_write+0x190/0x250 [ 802.207416][T13139] do_futex+0x2c8/0x350 [ 802.207462][T13139] ? __pfx_do_futex+0x10/0x10 [ 802.207519][T13139] __x64_sys_futex+0x34f/0x4d0 [ 802.207568][T13139] ? fput+0x79/0x100 [ 802.207607][T13139] ? __pfx___x64_sys_futex+0x10/0x10 [ 802.207650][T13139] ? ksys_write+0x1ac/0x250 [ 802.207682][T13139] ? __pfx_ksys_write+0x10/0x10 [ 802.207726][T13139] do_syscall_64+0x106/0xf80 [ 802.207759][T13139] ? clear_bhb_loop+0x40/0x90 [ 802.207801][T13139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.207834][T13139] RIP: 0033:0x7fe2fe19c819 [ 802.207861][T13139] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 802.207893][T13139] RSP: 002b:00007fe2ff01e028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 802.207923][T13139] RAX: ffffffffffffffda RBX: 00007fe2fe415fa0 RCX: 00007fe2fe19c819 [ 802.207944][T13139] RDX: 0000000000000008 RSI: 0000000000000007 RDI: 0000000000000000 [ 802.207963][T13139] RBP: 00007fe2ff01e090 R08: 0000000000000000 R09: 0000000000000000 [ 802.207982][T13139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 802.208001][T13139] R13: 00007fe2fe416038 R14: 00007fe2fe415fa0 R15: 00007fff1d718b48 [ 802.208043][T13139] [ 802.489403][T13141] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1516'. [ 802.613863][T13143] FAULT_INJECTION: forcing a failure. [ 802.613863][T13143] name failslab, interval 1, probability 0, space 0, times 0 [ 802.627224][T13143] CPU: 1 UID: 0 PID: 13143 Comm: syz.1.1516 Tainted: G L syzkaller #0 PREEMPT(full) [ 802.627278][T13143] Tainted: [L]=SOFTLOCKUP [ 802.627291][T13143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 802.627311][T13143] Call Trace: [ 802.627322][T13143] [ 802.627334][T13143] dump_stack_lvl+0x100/0x190 [ 802.627394][T13143] should_fail_ex.cold+0x5/0xa [ 802.627437][T13143] should_failslab+0xc2/0x120 [ 802.627477][T13143] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 802.627532][T13143] ? alloc_empty_file+0x55/0x1c0 [ 802.627577][T13143] ? __pfx_stack_trace_save+0x10/0x10 [ 802.627621][T13143] alloc_empty_file+0x55/0x1c0 [ 802.627669][T13143] path_openat+0xe8/0x31a0 [ 802.627705][T13143] ? kasan_save_stack+0x3f/0x50 [ 802.627736][T13143] ? kasan_save_stack+0x30/0x50 [ 802.627777][T13143] ? kasan_save_track+0x14/0x30 [ 802.627809][T13143] ? __kasan_slab_alloc+0x89/0x90 [ 802.627843][T13143] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 802.627898][T13143] ? do_getname+0x35/0x390 [ 802.627940][T13143] ? do_sys_openat2+0xc5/0x1e0 [ 802.627987][T13143] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.628038][T13143] ? __pfx_path_openat+0x10/0x10 [ 802.628092][T13143] do_file_open+0x20e/0x430 [ 802.628136][T13143] ? __pfx_do_file_open+0x10/0x10 [ 802.628204][T13143] ? alloc_fd+0x476/0x790 [ 802.628246][T13143] ? do_getname+0x191/0x390 [ 802.628296][T13143] do_sys_openat2+0x10d/0x1e0 [ 802.628344][T13143] ? __pfx_do_sys_openat2+0x10/0x10 [ 802.628409][T13143] __x64_sys_openat+0x12d/0x210 [ 802.628460][T13143] ? __pfx___x64_sys_openat+0x10/0x10 [ 802.628526][T13143] do_syscall_64+0x106/0xf80 [ 802.628562][T13143] ? clear_bhb_loop+0x40/0x90 [ 802.628605][T13143] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.628641][T13143] RIP: 0033:0x7f3abc59c819 [ 802.628670][T13143] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 802.628704][T13143] RSP: 002b:00007f3abd372028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 802.628738][T13143] RAX: ffffffffffffffda RBX: 00007f3abc816180 RCX: 00007f3abc59c819 [ 802.628761][T13143] RDX: 0000000000038000 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 802.628783][T13143] RBP: 00007f3abc632c91 R08: 0000000000000000 R09: 0000000000000000 [ 802.628804][T13143] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 802.628825][T13143] R13: 00007f3abc816218 R14: 00007f3abc816180 R15: 00007ffe432041e8 [ 802.628868][T13143] [ 803.539950][T13153] futex_wake_op: syz.1.1519 tries to shift op by -2048; fix this program [ 804.321673][T13163] FAULT_INJECTION: forcing a failure. [ 804.321673][T13163] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 804.355743][T13165] FAULT_INJECTION: forcing a failure. [ 804.355743][T13165] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 804.425927][T13165] CPU: 0 UID: 0 PID: 13165 Comm: syz.1.1523 Tainted: G L syzkaller #0 PREEMPT(full) [ 804.425978][T13165] Tainted: [L]=SOFTLOCKUP [ 804.425989][T13165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 804.426008][T13165] Call Trace: [ 804.426019][T13165] [ 804.426031][T13165] dump_stack_lvl+0x100/0x190 [ 804.426090][T13165] should_fail_ex.cold+0x5/0xa [ 804.426128][T13165] strncpy_from_user+0x3b/0x2d0 [ 804.426175][T13165] do_getname+0x78/0x390 [ 804.426221][T13165] do_sys_openat2+0xc5/0x1e0 [ 804.426268][T13165] ? __pfx_do_sys_openat2+0x10/0x10 [ 804.426311][T13165] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 804.426355][T13165] ? __fget_files+0x21f/0x3d0 [ 804.426396][T13165] __x64_sys_openat+0x12d/0x210 [ 804.426443][T13165] ? __pfx___x64_sys_openat+0x10/0x10 [ 804.426485][T13165] ? ksys_write+0x1ac/0x250 [ 804.426525][T13165] do_syscall_64+0x106/0xf80 [ 804.426554][T13165] ? clear_bhb_loop+0x40/0x90 [ 804.426590][T13165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.426620][T13165] RIP: 0033:0x7f3abc59c819 [ 804.426643][T13165] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 804.426671][T13165] RSP: 002b:00007f3abd3b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 804.426698][T13165] RAX: ffffffffffffffda RBX: 00007f3abc815fa0 RCX: 00007f3abc59c819 [ 804.426717][T13165] RDX: 00000000000482c0 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 804.426735][T13165] RBP: 00007f3abd3b4090 R08: 0000000000000000 R09: 0000000000000000 [ 804.426752][T13165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 804.426769][T13165] R13: 00007f3abc816038 R14: 00007f3abc815fa0 R15: 00007ffe432041e8 [ 804.426805][T13165] [ 804.426823][T13163] CPU: 1 UID: 0 PID: 13163 Comm: syz.2.1524 Tainted: G L syzkaller #0 PREEMPT(full) [ 804.426867][T13163] Tainted: [L]=SOFTLOCKUP [ 804.426877][T13163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 804.426962][T13163] Call Trace: [ 804.427002][T13163] [ 804.427035][T13163] dump_stack_lvl+0x100/0x190 [ 804.427186][T13163] should_fail_ex.cold+0x5/0xa [ 804.427287][T13163] _copy_from_user+0x2e/0xd0 [ 804.427410][T13163] move_addr_to_kernel+0x65/0x170 [ 804.427541][T13163] copy_msghdr_from_user+0x417/0x4f0 [ 804.427662][T13163] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 804.427800][T13163] ? __pfx__kstrtoull+0x10/0x10 [ 804.427975][T13163] ___sys_sendmsg+0x106/0x1e0 [ 804.428101][T13163] ? __pfx____sys_sendmsg+0x10/0x10 [ 804.428267][T13163] ? find_held_lock+0x2b/0x80 [ 804.428455][T13163] __sys_sendmmsg+0x205/0x430 [ 804.428569][T13163] ? __pfx___sys_sendmmsg+0x10/0x10 [ 804.428691][T13163] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 804.428831][T13163] ? fput+0x79/0x100 [ 804.428933][T13163] ? ksys_write+0x1ac/0x250 [ 804.429015][T13163] ? __pfx_ksys_write+0x10/0x10 [ 804.429134][T13163] __x64_sys_sendmmsg+0x9c/0x100 [ 804.429213][T13163] ? lockdep_hardirqs_on+0x78/0x100 [ 804.429322][T13163] do_syscall_64+0x106/0xf80 [ 804.429411][T13163] ? clear_bhb_loop+0x40/0x90 [ 804.429521][T13163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 804.429609][T13163] RIP: 0033:0x7f8014d9c819 [ 804.429678][T13163] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 804.429768][T13163] RSP: 002b:00007f8015bef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 804.429875][T13163] RAX: ffffffffffffffda RBX: 00007f8015015fa0 RCX: 00007f8014d9c819 [ 804.429938][T13163] RDX: 0000000000000002 RSI: 00002000000001c0 RDI: 0000000000000003 [ 804.429993][T13163] RBP: 00007f8015bef090 R08: 0000000000000000 R09: 0000000000000000 [ 804.430048][T13163] R10: 0000000000000100 R11: 0000000000000246 R12: 0000000000000001 [ 804.430113][T13163] R13: 00007f8015016038 R14: 00007f8015015fa0 R15: 00007ffdbd567a38 [ 804.430223][T13163] [ 805.976614][T13181] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 806.802046][T13201] futex_wake_op: syz.1.1531 tries to shift op by -2048; fix this program [ 806.977070][T13203] FAULT_INJECTION: forcing a failure. [ 806.977070][T13203] name failslab, interval 1, probability 0, space 0, times 0 [ 807.026988][T13203] CPU: 1 UID: 0 PID: 13203 Comm: syz.2.1533 Tainted: G L syzkaller #0 PREEMPT(full) [ 807.027039][T13203] Tainted: [L]=SOFTLOCKUP [ 807.027051][T13203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 807.027069][T13203] Call Trace: [ 807.027079][T13203] [ 807.027091][T13203] dump_stack_lvl+0x100/0x190 [ 807.027148][T13203] should_fail_ex.cold+0x5/0xa [ 807.027188][T13203] should_failslab+0xc2/0x120 [ 807.027227][T13203] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 807.027279][T13203] ? mas_alloc_nodes+0x280/0x390 [ 807.027339][T13203] mas_alloc_nodes+0x280/0x390 [ 807.027396][T13203] mas_preallocate+0x39c/0xf10 [ 807.027442][T13203] ? __pfx_mas_preallocate+0x10/0x10 [ 807.027494][T13203] ? __mmap_region+0x117d/0x29e0 [ 807.027551][T13203] __mmap_region+0x12b5/0x29e0 [ 807.027609][T13203] ? __pfx___mmap_region+0x10/0x10 [ 807.027655][T13203] ? process_measurement+0x1f4/0x2350 [ 807.027695][T13203] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 807.027737][T13203] ? tomoyo_check_open_permission+0x1db/0x3c0 [ 807.027843][T13203] ? is_bpf_text_address+0x94/0x1a0 [ 807.027905][T13203] ? kernel_text_address+0x8d/0x100 [ 807.027957][T13203] ? __kernel_text_address+0xd/0x30 [ 807.028060][T13203] ? rcu_is_watching+0x12/0xc0 [ 807.028114][T13203] ? cap_capable+0x107/0x460 [ 807.028155][T13203] mmap_region+0x180/0x3e0 [ 807.028217][T13203] do_mmap+0xc63/0x12f0 [ 807.028264][T13203] ? __pfx_do_mmap+0x10/0x10 [ 807.028304][T13203] ? __pfx_down_write_killable+0x10/0x10 [ 807.028355][T13203] vm_mmap_pgoff+0x29e/0x470 [ 807.028403][T13203] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 807.028449][T13203] ? __fget_files+0x215/0x3d0 [ 807.028485][T13203] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 807.028530][T13203] ksys_mmap_pgoff+0xe1/0x650 [ 807.028574][T13203] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 807.028610][T13203] ? fput+0x79/0x100 [ 807.028650][T13203] ? ksys_write+0x1ac/0x250 [ 807.028676][T13203] ? __pfx_ksys_write+0x10/0x10 [ 807.028713][T13203] __x64_sys_mmap+0x125/0x190 [ 807.028769][T13203] do_syscall_64+0x106/0xf80 [ 807.028804][T13203] ? clear_bhb_loop+0x40/0x90 [ 807.028845][T13203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.028880][T13203] RIP: 0033:0x7f8014d9c819 [ 807.028914][T13203] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 807.028948][T13203] RSP: 002b:00007f8015bef028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 807.028979][T13203] RAX: ffffffffffffffda RBX: 00007f8015015fa0 RCX: 00007f8014d9c819 [ 807.029000][T13203] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 807.029019][T13203] RBP: 00007f8015bef090 R08: 0000000000000002 R09: 0000000000008000 [ 807.029038][T13203] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000001 [ 807.029058][T13203] R13: 00007f8015016038 R14: 00007f8015015fa0 R15: 00007ffdbd567a38 [ 807.029101][T13203] [ 809.022965][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.029761][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 810.786920][T13240] FAULT_INJECTION: forcing a failure. [ 810.786920][T13240] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 810.867749][T13240] CPU: 1 UID: 0 PID: 13240 Comm: syz.0.1541 Tainted: G L syzkaller #0 PREEMPT(full) [ 810.867795][T13240] Tainted: [L]=SOFTLOCKUP [ 810.867804][T13240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 810.867818][T13240] Call Trace: [ 810.867826][T13240] [ 810.867834][T13240] dump_stack_lvl+0x100/0x190 [ 810.867874][T13240] should_fail_ex.cold+0x5/0xa [ 810.867902][T13240] _copy_from_user+0x2e/0xd0 [ 810.867933][T13240] sctp_setsockopt+0x8cc/0xb370 [ 810.867965][T13240] ? __pfx_aa_sk_perm+0x10/0x10 [ 810.867997][T13240] ? __pfx_sctp_setsockopt+0x10/0x10 [ 810.868031][T13240] ? aa_sock_opt_perm+0xfe/0x1b0 [ 810.868068][T13240] ? sock_common_setsockopt+0x2e/0xf0 [ 810.868095][T13240] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 810.868125][T13240] do_sock_setsockopt+0xf3/0x1d0 [ 810.868156][T13240] __sys_setsockopt+0x119/0x190 [ 810.868199][T13240] __x64_sys_setsockopt+0xbd/0x160 [ 810.868234][T13240] ? do_syscall_64+0x95/0xf80 [ 810.868258][T13240] ? lockdep_hardirqs_on+0x78/0x100 [ 810.868283][T13240] do_syscall_64+0x106/0xf80 [ 810.868305][T13240] ? clear_bhb_loop+0x40/0x90 [ 810.868336][T13240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.868360][T13240] RIP: 0033:0x7fe2fe19c819 [ 810.868385][T13240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 810.868408][T13240] RSP: 002b:00007fe2feffd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 810.868429][T13240] RAX: ffffffffffffffda RBX: 00007fe2fe416090 RCX: 00007fe2fe19c819 [ 810.868445][T13240] RDX: 0000000000000017 RSI: 0000000000000084 RDI: 0000000000000003 [ 810.868459][T13240] RBP: 00007fe2feffd090 R08: 0000000070ed581b R09: 0000000000000000 [ 810.868473][T13240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 810.868487][T13240] R13: 00007fe2fe416128 R14: 00007fe2fe416090 R15: 00007fff1d718b48 [ 810.868516][T13240] [ 811.856300][ T5911] ================================================================== [ 811.856333][ T5911] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 811.856392][ T5911] Write of size 8 at addr ffffc90004039160 by task kworker/1:4/5911 [ 811.856420][ T5911] [ 811.856437][ T5911] CPU: 1 UID: 0 PID: 5911 Comm: kworker/1:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 811.856481][ T5911] Tainted: [L]=SOFTLOCKUP [ 811.856493][ T5911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 811.856517][ T5911] Workqueue: events_power_efficient fb_flashcursor [ 811.856554][ T5911] Call Trace: [ 811.856571][ T5911] [ 811.856582][ T5911] dump_stack_lvl+0x100/0x190 [ 811.856630][ T5911] print_report+0x156/0x4c9 [ 811.856673][ T5911] ? _raw_spin_lock_irqsave+0x52/0x60 [ 811.856730][ T5911] ? sys_imageblit+0x19fb/0x1d60 [ 811.856779][ T5911] kasan_report+0xdf/0x1e0 [ 811.856817][ T5911] ? sys_imageblit+0x19fb/0x1d60 [ 811.856872][ T5911] sys_imageblit+0x19fb/0x1d60 [ 811.856929][ T5911] ? __pfx_sys_imageblit+0x10/0x10 [ 811.856990][ T5911] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 811.857030][ T5911] soft_cursor+0x524/0xa10 [ 811.857080][ T5911] bit_cursor+0xe58/0x16f0 [ 811.857127][ T5911] ? __pfx_bit_cursor+0x10/0x10 [ 811.857176][ T5911] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 811.857211][ T5911] ? get_color+0x1da/0x450 [ 811.857243][ T5911] ? __pfx_bit_cursor+0x10/0x10 [ 811.857284][ T5911] fb_flashcursor+0x338/0x430 [ 811.857321][ T5911] process_one_work+0xa23/0x19a0 [ 811.857379][ T5911] ? __pfx_process_one_work+0x10/0x10 [ 811.857434][ T5911] ? __pfx_fb_flashcursor+0x10/0x10 [ 811.857471][ T5911] worker_thread+0x5ef/0xe50 [ 811.857525][ T5911] ? __pfx_worker_thread+0x10/0x10 [ 811.857580][ T5911] ? kthread+0x13a/0x450 [ 811.857623][ T5911] ? __pfx_worker_thread+0x10/0x10 [ 811.857670][ T5911] kthread+0x370/0x450 [ 811.857712][ T5911] ? __pfx_kthread+0x10/0x10 [ 811.857758][ T5911] ret_from_fork+0x754/0xd80 [ 811.857808][ T5911] ? __pfx_ret_from_fork+0x10/0x10 [ 811.857861][ T5911] ? __switch_to+0x7b4/0x1120 [ 811.857899][ T5911] ? __pfx_kthread+0x10/0x10 [ 811.857944][ T5911] ret_from_fork_asm+0x1a/0x30 [ 811.857991][ T5911] [ 811.858002][ T5911] [ 811.858010][ T5911] The buggy address belongs to a vmalloc virtual mapping [ 811.858034][ T5911] Memory state around the buggy address: [ 811.858051][ T5911] ffffc90004039000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 811.858082][ T5911] ffffc90004039080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 811.858105][ T5911] >ffffc90004039100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 811.858123][ T5911] ^ [ 811.858143][ T5911] ffffc90004039180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 811.858166][ T5911] ffffc90004039200: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 811.858185][ T5911] ================================================================== [ 811.858221][ T5911] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 811.858246][ T5911] CPU: 1 UID: 0 PID: 5911 Comm: kworker/1:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 811.858291][ T5911] Tainted: [L]=SOFTLOCKUP [ 811.858303][ T5911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 811.858324][ T5911] Workqueue: events_power_efficient fb_flashcursor [ 811.858360][ T5911] Call Trace: [ 811.858370][ T5911] [ 811.858382][ T5911] dump_stack_lvl+0x100/0x190 [ 811.858431][ T5911] vpanic+0x552/0x970 [ 811.858461][ T5911] ? __pfx_vpanic+0x10/0x10 [ 811.858498][ T5911] ? sys_imageblit+0x19fb/0x1d60 [ 811.858547][ T5911] panic+0xd1/0xe0 [ 811.858585][ T5911] ? __pfx_panic+0x10/0x10 [ 811.858617][ T5911] ? sys_imageblit+0x19fb/0x1d60 [ 811.858666][ T5911] ? preempt_schedule_common+0x42/0xc0 [ 811.858702][ T5911] ? check_panic_on_warn+0x1f/0x90 [ 811.858751][ T5911] check_panic_on_warn.cold+0x19/0x34 [ 811.858787][ T5911] end_report.part.0+0x3a/0x90 [ 811.858833][ T5911] kasan_report.cold+0xe/0x18 [ 811.858881][ T5911] ? sys_imageblit+0x19fb/0x1d60 [ 811.858936][ T5911] sys_imageblit+0x19fb/0x1d60 [ 811.858994][ T5911] ? __pfx_sys_imageblit+0x10/0x10 [ 811.859054][ T5911] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 811.859096][ T5911] soft_cursor+0x524/0xa10 [ 811.859146][ T5911] bit_cursor+0xe58/0x16f0 [ 811.859194][ T5911] ? __pfx_bit_cursor+0x10/0x10 [ 811.859244][ T5911] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 811.859280][ T5911] ? get_color+0x1da/0x450 [ 811.859315][ T5911] ? __pfx_bit_cursor+0x10/0x10 [ 811.859357][ T5911] fb_flashcursor+0x338/0x430 [ 811.859395][ T5911] process_one_work+0xa23/0x19a0 [ 811.859452][ T5911] ? __pfx_process_one_work+0x10/0x10 [ 811.859507][ T5911] ? __pfx_fb_flashcursor+0x10/0x10 [ 811.859546][ T5911] worker_thread+0x5ef/0xe50 [ 811.859607][ T5911] ? __pfx_worker_thread+0x10/0x10 [ 811.859657][ T5911] ? kthread+0x13a/0x450 [ 811.859699][ T5911] ? __pfx_worker_thread+0x10/0x10 [ 811.859746][ T5911] kthread+0x370/0x450 [ 811.859788][ T5911] ? __pfx_kthread+0x10/0x10 [ 811.859834][ T5911] ret_from_fork+0x754/0xd80 [ 811.859886][ T5911] ? __pfx_ret_from_fork+0x10/0x10 [ 811.859938][ T5911] ? __switch_to+0x7b4/0x1120 [ 811.859975][ T5911] ? __pfx_kthread+0x10/0x10 [ 811.860022][ T5911] ret_from_fork_asm+0x1a/0x30 [ 811.860070][ T5911] [ 811.860682][ T5911] Kernel Offset: disabled