last executing test programs: 2m42.395175236s ago: executing program 2 (id=1993): mremap$auto(0x8000000003, 0xda1, 0x3fd6, 0xb, 0xfffffffffffffffd) close_range$auto(0x0, 0xfffffffffffff000, 0x2) creat$auto(&(0x7f0000000000)='./file0\x00', 0x6f6d) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x1, 0xfffffffe}, 0xac6) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10002}, 0x1) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/dummy_hcd.0/urbs\x00', 0x40200, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0x7}, 0x5, 0x7fffffff, 0x1000) timerfd_create$auto(0x9, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r3, 0xc008ae88, &(0x7f00000005c0)={0x2, 0x0, [{0x490, 0x400, 0x9}]}) r4 = socket(0x1d, 0x800, 0x106) bind$auto(r4, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) r5 = prctl$auto(0x3e, 0x142, 0x0, 0x5, 0x0) r6 = syz_genetlink_get_family_id$auto_mac802154_hwsim(&(0x7f0000000280), r4) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(r5, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="00032cbd7000e9dbdf2508000900000001000600000070ea0b99d860968b58ce2b4076c822ce3a244169cc29e1044597750da39f3c6f045f5575a1a7616ac7ebef4dc330fd4be78121b717b9076342704117166169da1f2bc8ca037565ea4c7bd3a87cc1a85b6004597c808fe0f38358ccbc59d888cb19be3a97f7e0fa9137935850d2ebbcb10deadfb33d7fe376ede6875f86acf23deb5dc1a31d89a25b9634d9ce049c4db7a3200ec1bd423c77b8ed519140875eb60de15ce286cd41ad4f1cd25cd64e6f95"], 0x1c}, 0x1, 0x0, 0x0, 0x4004010}, 0x29882fe5309675a8) fcntl$getown(r5, 0x9) openat$auto_ns_file_operations_nsfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/ns/cgroup\x00', 0x40000, 0x0) 2m42.077685859s ago: executing program 2 (id=1996): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x7fffffff) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x280, 0x0) socket(0xa, 0x1, 0x84) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r1, 0x0, 0x20) openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x61c042, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x100000, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) madvise$auto(0x0, 0x9, 0x15) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) shmctl$auto_SHM_STAT(0x5, 0xd, &(0x7f0000000140)={{0x10001, 0xffffffffffffffff, 0x0, 0x2, 0x3, 0x3, 0x6}, 0x5, 0x9, 0x1, 0x9, @inferred, @inferred, 0x0, 0x0, &(0x7f0000000000)="a92cc5b95cbadeeec0c80a78f129b552aff38f501076b376c850e3181d7ab078b9c2a74d949545259b5a23079c5ddb423ec48eaac2ce48768e1e", &(0x7f0000000100)}) msgctl$auto_IPC_SET(0x7f7, 0x1, &(0x7f0000000240)={{0x1000, 0xee00, 0xee01, 0x8, 0x40, 0x81, 0x786}, &(0x7f00000001c0)=0x54, &(0x7f0000000200)=0x53, 0x100, 0x5, 0xd48b, 0x4056, 0x3, 0xffff, 0x8, 0xff, @raw=0x4}) setregid$auto(r4, r5) 2m40.686659605s ago: executing program 2 (id=2004): r0 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r0, &(0x7f0000000000), 0x0) 2m40.453690791s ago: executing program 2 (id=2007): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x7ff, 0x1, 0x8000000000000000, 0x0) open(0x0, 0x261c2, 0x184) readv$auto(0x3, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) ustat$auto(0x801, 0x0) r0 = socket(0x25, 0x1, 0x0) r1 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/ap_power_level\x00', 0x0, 0x0) preadv$auto(r1, &(0x7f00000000c0)={0x0, 0x7}, 0x5, 0x37, 0x3) sendto$auto(r0, 0x0, 0x0, 0x0, 0x0, 0x3) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(0xffffffffffffffff, 0x80083314, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x1fffffdef) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) timer_create$auto(0x3, 0x0, 0x0) syz_clone(0xcb86c80, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x100, 0x4, 0x3, 0x18, 0xffffffffffffffff, 0xd3d) r2 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000000), 0x48101, 0x0) write$auto(r2, &(0x7f0000002e80)='#[-#\x00', 0x4) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x101002, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) open(&(0x7f0000001bc0)='./file0\x00', 0x4140, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty57\x00', 0x40741, 0x0) ioctl$auto(0x3, 0x402c542d, r3) write$auto(0x3, 0x0, 0xfffffdef) ioctl$auto(0x3, 0x541b, 0x74) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x2, 0x0) 2m39.342576714s ago: executing program 2 (id=2011): r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/xusbatm/parameters/rx_padding\x00', 0x100, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000000540)="00000093500000000000108300000000", 0x10) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/conf/veth1_to_team/igmpv3_unsolicited_report_interval\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x8004, 0x7, 0x1, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0x2, 0x0, 0x0, 0x0, 0x2961]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x1ac}}, 0x40000) r4 = socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000400), r0) sendmsg$auto_KSMBD_EVENT_SHARE_CONFIG_REQUEST(r0, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x14, r5, 0x1, 0x70bd2b, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @inferred=r3}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) recvfrom$auto(0x3, 0x0, 0x8000000003, 0xfffff4a5, 0x0, 0xfffffffffffffffd) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r4, 0x0, 0x0) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0x0, 0xe) writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3) fsconfig$auto_XFS_DAX_ALWAYS(r6, 0x0, 0x0, 0x0, 0x1) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") 2m38.8606107s ago: executing program 2 (id=2013): write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x6, 0x4) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0xffffffffffffffff) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0xf0, &(0x7f0000000280)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, r0, [0x1, 0x3ff, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x535, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) read$auto_posix_clock_file_operations_posix_clock(r1, &(0x7f0000000200)=""/85, 0x55) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680), 0x0) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400005, 0xe3, 0x9b72, 0x2, 0x10) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [0x0, 0x101], {0x9, 0x6, 0xf, 0x29f, 0xe9f9, 0x7f, 0x101, 0x1, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000004}}) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) futex_wake$auto(&(0x7f0000000000)="facff2b53ab3522cb329b5a87bdbc091f5a6ad597f2789e870d64db4cf6503135f5a750abc973b65703b6649", 0xfffffffffffffff8, 0xffc, 0x7f) sysfs$auto(0x2, 0x20, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000100)=0x2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event2\x00', 0x20081, 0x0) mmap$auto(0x0, 0xb, 0x10000000000e1, 0xeb1, 0x401, 0x8000) 2m36.579317184s ago: executing program 1 (id=2026): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) unlink$auto(&(0x7f0000000080)='./cgroup.cpu/cgroup.procs\x00') (async, rerun: 64) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (rerun: 64) close_range$auto(0x2, 0xa, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async, rerun: 32) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) (rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) socket(0xa, 0x3, 0x3a) (async) setsockopt$auto(0x400000000000003, 0x29, 0xd2, 0x0, 0x567) fanotify_init$auto(0x65, 0x2) (async) pipe$auto(0x0) (async) dup2$auto(0x5, 0x4) (async) mmap$auto(0x0, 0x20009, 0x6, 0xeb1, 0x7f, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0xfffe, 0x10000, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) (async, rerun: 64) write$auto(0x6, 0x0, 0x100000001) (rerun: 64) setsockopt$auto(0x3, 0x1, 0x2a, 0x0, 0x9) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async) ioctl$auto_USBDEVFS_SUBMITURB(r0, 0x8038550a, &(0x7f00000000c0)={0x3, 0x81, 0x5b, 0x4, &(0x7f0000000280), 0xd22ff64, 0xeb90, 0x2, @number_of_packets=0x4, 0x7, 0x476, 0x0}) (async) unshare$auto(0xfff) 2m34.879211508s ago: executing program 1 (id=2030): mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs\x00\x00', 0x200, &(0x7f0000001280)="428112e56c5919b60937b30777b1b745bbc9ae0848b6e2735be5d890751760a05d8ba765a9a9367aa663a7dade95e25b24288775cad7c3d2c3d29e80f425cf0345b983744f96f7322ae88270e3e85b88c4c14f1b75670dc708e3c914a70472a98d740773f7fea40f51045ad7807a") mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0xa) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) select$auto(0x4, 0x0, &(0x7f0000000100)={[0x9, 0x7, 0xfffffffffffffff9, 0x9, 0x7ff, 0x3, 0x6, 0x2, 0x9, 0xffff, 0x1ff, 0xd, 0x3, 0x200000201, 0x7, 0x6]}, 0x0, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000240), 0x40, 0x0) recvfrom$auto(r2, 0x0, 0x1, 0xb, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40}, 0x6a) r3 = socket(0xa, 0x2, 0x0) sendmmsg$auto(r3, &(0x7f0000000180)={{&(0x7f0000000040), 0xb8, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x9}, 0x1, 0x8008) close_range$auto(0x2, 0x8, 0x0) 2m32.0158636s ago: executing program 1 (id=2036): mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0xe, 0x0) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000240)='/dev/sg0\x00', 0x141040, 0x0) ioctl$auto_SCSI_IOCTL_PROBE_HOST(r0, 0x5385, &(0x7f0000000280)) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f00000001c0), 0x80000, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) mmap$auto(0xc4, 0x6, 0x8, 0x9b72, r0, 0x28100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x9, 0xb5, 0x2010, 0xb, 0x7, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x1, 0x7, 0x6, 0xffffffffffffffff, 0xffffffffffffffff}, 0x10) bpf$auto(0x1d, &(0x7f0000000380)=@task_fd_query={0x0, r2, 0x1200000, 0xfffffeff, 0x52c, 0xff, r2, 0x8001, 0x3a07}, 0x81) socket(0x11, 0x80003, 0x300) socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0xe, 0x0, 0x2) mmap$auto(0x9, 0x83, 0xdf, 0x17, 0x2, 0x8000) r3 = socket(0x1a, 0x2, 0x1) connect$auto(r3, &(0x7f00000000c0)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}}, 0x55) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x2) getcwd$auto(0x0, 0xffffffffffffffff) fanotify_init$auto(0x3, 0x2000000000002) r4 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r4, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) socket(0xa, 0x5, 0x0) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0xe6e) close_range$auto(0x2, 0xa, 0x0) 2m31.891453142s ago: executing program 1 (id=2037): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x10, 0x3, 0x3b) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0x6, 0x66) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x2ffffffffffd) mmap$auto(0x0, 0x7f, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="361b1000", @ANYRES16=0x0, @ANYBLOB="080028bd7000fddbdf250300000008000600020000000c0014"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x405b) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x2, 0x1, 0x0, 0x5, 0x7) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_prog_fd=r0, 0x3, @old_prog_fd=0x13b}, 0xa3) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000336bd7000fedbdf2502"], 0x24}, 0x1, 0x0, 0x0, 0xc005}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer2\x00', 0x2, 0x0) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r2, 0x4601, &(0x7f0000000080)) setgroups$auto(0x8, &(0x7f0000000000)=0x5) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0x400a507}, 0x800}, 0xa, 0x8) write$auto_proc_mem_operations_base(r1, &(0x7f0000000400)="94c5be883ae7ee95e2bff5f990f6f7249475e8960bf6c1ee8796193bfbd249c19c9460ea0c1c18bb983b84aebb8629e8e9e25558c9bfeb22ed79fdab8065d67eec271b56d08971f043224fe7604598e2506e785c6318c1b7696b10324d1e7db02961facdf9fab2640716f07dd1c617dcb6f1bb648821a53f78be14a6dc8f336e92e389609b991019c180950ed085b91123", 0x91) syz_genetlink_get_family_id$auto_smc_pnetid(0x0, 0xffffffffffffffff) r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/block/loop9/hctx0/sched_tags_bitmap\x00', 0x101a00, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r4, &(0x7f0000000340)=""/179, 0xb3) 2m31.142896653s ago: executing program 1 (id=2038): unshare$auto(0x40000080) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video54\x00', 0x42942, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0x10, 0x2, 0x9) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/thermal/cooling_device1/type\x00', 0x101000, 0x0) listen$auto(0x3, 0x81) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="21020cbd70c031cd0ce401"], 0x14}}, 0x4000091) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2400c001) r1 = socket(0x10, 0x2, 0x4) write$auto(r1, &(0x7f0000000000)='-\x00', 0x2fb) poll$auto(&(0x7f0000000040)={r0, 0x83c, 0xc}, 0x8, 0x6) writev$auto(0x3, &(0x7f0000000100)={&(0x7f0000000140), 0x7111}, 0x8) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd4\x00', 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r3, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r4 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) read$auto_vhci_fops_hci_vhci(r4, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 2m29.881398719s ago: executing program 1 (id=2042): r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/xusbatm/parameters/rx_padding\x00', 0x100, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000000540)="00000093500000000000108300000000", 0x10) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/conf/veth1_to_team/igmpv3_unsolicited_report_interval\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x8004, 0x7, 0x1, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0x2, 0x0, 0x0, 0x0, 0x2961]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r4 = socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_smbd_genl(0x0, r0) sendmsg$auto_KSMBD_EVENT_SHARE_CONFIG_REQUEST(r0, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x14, r5, 0x1, 0x70bd2b, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @inferred=r3}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) recvfrom$auto(0x3, 0x0, 0x8000000003, 0xfffff4a5, 0x0, 0xfffffffffffffffd) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r4, 0x0, 0x0) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0x0, 0xe) writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3) fsconfig$auto_XFS_DAX_ALWAYS(r6, 0x0, 0x0, 0x0, 0x1) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") 2m14.892531342s ago: executing program 32 (id=2042): r0 = socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r1 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/xusbatm/parameters/rx_padding\x00', 0x100, 0x0) write$auto_ocfs2_control_fops_stack_user(r2, &(0x7f0000000540)="00000093500000000000108300000000", 0x10) write$auto(r1, &(0x7f0000000080)=')@-!\x00', 0x1e1) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/conf/veth1_to_team/igmpv3_unsolicited_report_interval\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x14, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x8004, 0x7, 0x1, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x78, 0x0, 0x0, [0x0, 0x0, 0x0, 0x200, 0x9, 0x0, 0x0, 0x4, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10, 0xfffffffffffffffe, 0x2, 0x0, 0x0, 0x0, 0x2961]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r4 = socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_smbd_genl(0x0, r0) sendmsg$auto_KSMBD_EVENT_SHARE_CONFIG_REQUEST(r0, &(0x7f0000000500)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000440)={0x14, r5, 0x1, 0x70bd2b, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x20000844}, 0x0) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f0000000040)={0x2, "f74d086d6600f5daa47fca1f1a0730a2f629350000000000000008600418af10", @inferred=r3}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) recvfrom$auto(0x3, 0x0, 0x8000000003, 0xfffff4a5, 0x0, 0xfffffffffffffffd) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r4, 0x0, 0x0) r6 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) keyctl$auto(0x4, 0xfffffffe, 0xffffffffffffffff, 0x0, 0xe) writev$auto(r6, &(0x7f0000000200)={0x0, 0x7}, 0x3) fsconfig$auto_XFS_DAX_ALWAYS(r6, 0x0, 0x0, 0x0, 0x1) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") 1m27.962147729s ago: executing program 0 (id=2368): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) shmctl$auto(0x80005, 0x7, &(0x7f0000000280)={{0x12, 0x0, 0xee00, 0x50a, 0x400000c, 0x2401, 0x4}, 0x58e, 0xd, 0x83, 0x43, @raw=0x9, @raw=0x1, 0x2, 0x0, &(0x7f0000000300)="b5ed6907cbb8717e70ef5b28000000001839dcfaa02f1aad9fea027e4a2107aec54dfec01219088c663793b99717f8d2a34470378bfede98e3bf069b5b42d5188ab1e4cbf487471bd6f5effecb7432239eadcc2f4f1d3ec792b7d5dbddefbebde021daab0105fcd712b520", &(0x7f00000004c0)="31af3cb1df60fe8f6516924d358b08cc3200360f289557830b99c49955b7feb5d00a70f020799ec1c586df4d4988a0e014cdf66c9d600aa9da1a3f16b51c64aa07aad022a631b3dbd07418aab49b5d817db05b1e0e75081ff41b5ab4e658a6f6cf41fe0502136aab7b77fb7140e6285e9f8208b26725a0db185e3770bb7192e9575947785bb0acd094fef9e03153edd9545d22b001fc4688b624fe36f72dd9e37b861215675d2f8cf28886adb3020babbbf54701e2b6bd847d466c5bfa6d08cf47176bec53916db25b4ab27e24fdd415b21a9b4fd0cc002a2c70200b07b3792e822351ee132cf8cfa7bdd73a65937e3b58e12c83492c0c98f77404e3abd5df904ecde24ac300c06e641c04d2151188a9018d0bcc5cc1ff0b5e3c3a0260d1a6e209a01199037503010bb8c5135c30b8e3df48cfb1ec3bc0e8ad4790ef4303d6bc8b60620247cb70"}) keyctl$auto(0x1f, r2, r2, 0x3, 0x8) madvise$auto(0xfffffffffffffffd, 0x240007, 0x4) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x0, 0x890) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) mmap$auto(0x5, 0x1001, 0x3, 0x9b72, r1, 0x8000000000001000) sysfs$auto(0x2, 0x100001000000032, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket(0x11, 0x2, 0x2) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x82002, 0x0) write$auto_ocfs2_control_fops_stack_user(r4, &(0x7f0000003900)="fb", 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/module/pn533_usb/uevent\x00', 0x68c300, 0x0) sendfile$auto(r1, r3, 0x0, 0x7ffff000) mmap$auto(0x0, 0x7, 0xe2, 0x9b72, 0x2, 0x8004) write$auto(0x3, 0x0, 0x6) setsockopt$auto(0xffffffffffffffff, 0x11, 0x67, 0x0, 0x8) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x60423, 0x0) unshare$auto(0x40000080) 1m27.593158484s ago: executing program 0 (id=2369): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r1, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rpc/nfsd.fh/channel\x00', 0x8f3b7a51b8063981, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000040)="205c7820027e0dc0023af10e9bfa1babfa203753ca9a20370a", 0x19) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000108, 0x400}]}) (async) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000108, 0x400}]}) pwrite64$auto(0xc8, 0x0, 0x8, 0x7) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000003c0), r0) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_CFG(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000000)={0x34, r4, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@ETHTOOL_A_PLCA_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x1}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x885}, 0x40) r5 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0x4c, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0xb}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0x7fff}, @IOAM6_ATTR_SC_NONE={0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x800}, @IOAM6_ATTR_SC_NONE={0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x10001}, @IOAM6_ATTR_SC_NONE={0x4}, @IOAM6_ATTR_SC_NONE={0x4}, @IOAM6_ATTR_SC_ID={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x4000) (async) sendmsg$auto_IOAM6_CMD_NS_SET_SCHEMA(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f00000001c0)={&(0x7f0000000300)={0x4c, r5, 0x0, 0x70bd2a, 0x25dfdbfc, {}, [@IOAM6_ATTR_SC_ID={0x8, 0x4, 0xb}, @IOAM6_ATTR_NS_ID={0x6, 0x1, 0x7fff}, @IOAM6_ATTR_SC_NONE={0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x800}, @IOAM6_ATTR_SC_NONE={0x4}, @IOAM6_ATTR_SC_ID={0x8, 0x4, 0x10001}, @IOAM6_ATTR_SC_NONE={0x4}, @IOAM6_ATTR_SC_NONE={0x4}, @IOAM6_ATTR_SC_ID={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x10}, 0x4000) r6 = socket(0x10, 0x2, 0x0) mq_timedsend$auto(0xffffffffffffffff, &(0x7f0000000040)='@*!:}\xc1-.!\\#[./\',-\x00', 0x80, 0x9, 0x0) (async) mq_timedsend$auto(0xffffffffffffffff, &(0x7f0000000040)='@*!:}\xc1-.!\\#[./\',-\x00', 0x80, 0x9, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYRESDEC=r6, @ANYRES64=r6, @ANYRESDEC=r6, @ANYRESDEC=r6], 0x1ac}, 0x1, 0x0, 0x0, 0x400c810}, 0x4810) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x4000000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x4000000) 1m27.475970518s ago: executing program 0 (id=2370): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200000008000300000000001b"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) r0 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_BATADV_CMD_GET_MCAST_FLAGS(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r0, @ANYBLOB="8b0500000000"], 0x1c}, 0x1, 0x0, 0x0, 0x14}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m27.338902511s ago: executing program 0 (id=2371): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000ebd, 0xfffffffffffffffa, 0x8000) mmap$auto(0xffffffffffffffff, 0x2000a, 0x100000000009f, 0xeb2, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0xffffffffffffffff, 0x2000a, 0x100000000009f, 0xeb2, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/reset\x00', 0xa201, 0x0) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/reset\x00', 0xa201, 0x0) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x01\x00\x01\x00\x00\x00\x00\x00\xc7k', 0x81) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x1, 0x0, 0xfffffffffffffffc, 0x2}, 0xed7138c}, 0x2, 0xc) io_uring_setup$auto(0x6, 0x0) (async) io_uring_setup$auto(0x6, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000140)='/dev/usbmon8\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181000, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0xff80}, 0x7, 0x0, 0x4, 0xb}, 0x8}, 0x5, 0x7fffffff) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x7fffffff}, 0x7}, 0x3, 0xfffffffe) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x7fffffff}, 0x7}, 0x3, 0xfffffffe) mmap$auto(0x0, 0x400008, 0x7, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) waitid$auto(0x8, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000180)={{0xfffffffffffffff7, 0x7fffffff}, {0x4, 0xb9b3}, 0x4, 0x5, 0x1, 0x3, 0x0, 0xc7, 0x80000000, 0x7, 0xb7, 0x5d9, 0x7, 0x7ff, 0x2055}) getpid() (async) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/radio14\x00', 0x6122c0, 0x0) ioctl$auto(0x3, 0xc0585605, 0x38) io_uring_setup$auto(0x6, 0x0) (async) r2 = io_uring_setup$auto(0x6, 0x0) io_uring_setup$auto(0x40, &(0x7f00000001c0)={0x1200, 0x4, 0x10000, 0x9, 0x5b77b906, 0x0, r2, [0xcfa, 0xe5d, 0x5], {0x7ffe, 0x38, 0x9, 0x4, 0x4, 0x3, 0x43ff, 0x3, 0xffff}, {0x20000000, 0x3fd, 0x8007, 0x2, 0x2, 0xffff13a7, 0x0, 0x449e, 0x1}}) (async) io_uring_setup$auto(0x40, &(0x7f00000001c0)={0x1200, 0x4, 0x10000, 0x9, 0x5b77b906, 0x0, r2, [0xcfa, 0xe5d, 0x5], {0x7ffe, 0x38, 0x9, 0x4, 0x4, 0x3, 0x43ff, 0x3, 0xffff}, {0x20000000, 0x3fd, 0x8007, 0x2, 0x2, 0xffff13a7, 0x0, 0x449e, 0x1}}) r3 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r3, 0x107, 0xf, 0x0, 0x6) 1m27.130877917s ago: executing program 0 (id=2372): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cec8\x00', 0x101901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f0000000100)={'\x00\x00\x00 ', 0xffff, 0x6, 0x1, 0x9b4, 0x20000009, "ce7009002ce1000000000000000600", '\x00', "0201ccb7", '\x00', ["00000f0008b330ac007abfc1", "70d900001100", '\x00', "00deff1000"]}) r1 = prctl$auto_PR_SCHED_CORE_GET(0x7, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/mpls/platform_labels\x00', 0x10242, 0x0) pwrite64$auto(r2, &(0x7f0000000040)='/proc/sys/user/max_fanotify_g\b\x00\x00\x00s@', 0x7, 0x7) ioctl$auto_VHOST_SET_BACKEND_FEATURES2(r1, 0x4008af25, &(0x7f0000000000)=0x3) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/default_smp_affinity\x00', 0x48041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x80003, 0x4) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_setup$auto(0x2, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyyb\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) socketpair$auto(0x83ff, 0x9, 0x420001, 0x0) ioctl$auto_TIOCSETD2(r3, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r3, 0x5437, 0x0) 1m26.974750447s ago: executing program 0 (id=2373): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0xa2202, 0x0) sendfile$auto(r1, r1, 0x0, 0xd) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r0, 0x1000) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) close_range$auto(r1, r2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x5) sysfs$auto(0x2, 0x27, 0x6) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video48\x00', 0x0, 0x0) ioctl$auto(r3, 0xc0445624, r3) fcntl$auto_F_OFD_SETLK(r2, 0x25, 0x7) mmap$auto(0x0, 0x800000007, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r4 = socket(0xa, 0x3, 0xff) connect$auto(r4, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680), 0x0) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x20, 0x0) 1m11.615808275s ago: executing program 33 (id=2373): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0xa2202, 0x0) sendfile$auto(r1, r1, 0x0, 0xd) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r0, 0x1000) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) close_range$auto(r1, r2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x5) sysfs$auto(0x2, 0x27, 0x6) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video48\x00', 0x0, 0x0) ioctl$auto(r3, 0xc0445624, r3) fcntl$auto_F_OFD_SETLK(r2, 0x25, 0x7) mmap$auto(0x0, 0x800000007, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r4 = socket(0xa, 0x3, 0xff) connect$auto(r4, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680), 0x0) syz_clone3(0x0, 0x0) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0x0, 0x400008, 0xb, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x20, 0x0) 18.703501031s ago: executing program 3 (id=2504): r0 = waitid$auto(0xb, 0xffffffffffffffff, &(0x7f0000000100)={@_si_pad}, 0x3, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r1, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x4, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x9) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r2, 0x4008af25, &(0x7f0000000000)=0x7) mmap$auto(0xa, 0xa00006, 0x2, 0x100000000040eb1, r2, 0x300000000000) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x1, 0x7, 0x6, "551e7285968d8e86bd4794a0e875ee9f7b35db28d0a7e72b7a19039c336389cb57a05ba0582cc612c6c0be4beb4cc54d8337d40c93638ba34c4a0435c32a206e808194584d8c359d418662d18943a5e3c6234e712a096205457b56f0a1e5d4d19835696295a54f38117d9d751e23b5fb61daa5a6b2c75148106dc167a20061e3fe55cc53ffadf62b0945da4b27515a0102a8d2d002a842362b4744b8972a5e11e8a6aab89c7b85947f3901d696d459641aa7e6b89b73387ec5fa2d2af6c992213d82c5774c4bcd4187585bcf652af094e988e75002e01f607abf5e25ae0f5548fd13175b681fc059c1f9160aef893bae78cf6cf62c30fa3f0c5c60cbe383a9c0cc1289519b0c7cff81cc3b4fec739fad19c662b0f98d607b61d825d10e2dd3b27b0f7a6b1adc5a452f344c39da5f086ea7c5d99674ca69c4f5635776e67c151bad72f906cd65231da3a55d6056e23b00686723714fabd752f3e2c86dafdee9d379230c0abeabfde9cf88cae099f3ccc76ea7e64a3734ced5ffe749a8012db53ad4d6a5e347bdd83bb409c1bdb762f4aba145df74833d73ccd583797d4fb4ed3e0c7c29d502aacaef02e114d9e60ca6b0bcb28f825f5d49e94ccd2f830933c39a3ba3782505453e3de872ad8da84a6a22aaa62970428bb9a95d1817dbeeded1c53c5d508dea6cc53d80153b05f954c263278bb9c8bc02f3b1805dd9299dc8b97ebff0165d615ba7bf5ce8c490f4dd273642a18267b0a61a594cb1d608f3dffb292991ea32bb647a6f9b951f283e118dc73b45843b5aa883410e402e3bec9ba889ec237462042cedaed761cca0c3b7058d3ffc276c9a75e18b79804f4e21650d911edbedb9fedd31959a8783b1e39d7d6408554bddb2a5d67703d225fe4422bf2367ca483e77fe479495be3235f4c77b3872a9e33946d2602486b83e84e7d8d1742d369e2d00b9dbb552385502c0f597b3615bed54de65af106b58d2b6bebbdd3fe625152527af965b67e9424da7be2e2574e1492aed568d4faaa9da508e0a2e687876fa291e38b7c3ef38643e2c49e0d46d0f2d53352da2f184c4ced2305865ab0ad1435644419773ea82336ffdf62dd325a6a8b2d199d96dba8a13bb5a86ff65b80818ceb37ee8a2b2a8813b33e474e5b110e1ed13dbc4f52efabbce38935a8ada53a0ed5a1a01453a254a1dc528492159591aa192ff6cfa0b372caf236c78d1a0c94dc37916746358b4cf3cc1c0132657818ce6465e58936dbf5991dfb74ff97382c066ba0ceb06ac4f0c005e4c9166e94161bc08e1c23df7ed3419b10ae229aa6bafb19e6af003c9e319956723d839dc50a7edd8d80bce971ba504e0aac811d76e65acffdc4f7e9836396ba98b824be6cc704c59f5849642b191437a5cf902fc1ac491e8c59241586c6791b282b5cfae57eb7e6792048c4769b5b3f21987ec5097e530fd001da5d2999db4ded708225e9a53a2b48d2be3401a063da3c19168769eccaef710d7c2e06818bb05c4a9aa0ce2785a5a6d2846bac9836f1905a9b042029dcc59d918450b6affb522fbf78116941c5cef4ecb82a2134ee8e67ea6091170b67bfc3abec9e2cfc8208d4ba3bb732230fe6a9470c1152ebdc31bbce93cb742b4484bc1cef4298ce897a36c7e8b3ef8bd1b0e3d4dfa46da8bf89b06d67d8a5da465e8f68f999ec38ef8d1b7972125d2d8492680f6698419313afb74b5f715c90aa5ca0a6ea5561acd89a25d0fd066234b1752d6535251be347d8e69afea162f0ae84aa08a1a5475e6860af5956babe0530b6349e918fa97f14e6a83f7e2054c85ec37424757c49c6b76a889cde8473eebc495ac1088fda54f5c70bb17ef4873bf7b524ae892cd8267adfcd1e7054ac0c8b904855f816cbab8a6c5332d2221060b97931130187e1f07b0b9fad917c06f56d3f9fbca9d0ad93c300d88a6025359eb609e86c2b604d6834cde1351ccb0ba238715d6a77953f58b23a78db05bc38cf1e47d5336226a966af0a88fa19b4d"}, 0x6, 0x3, 0xff) r3 = socket(0xa, 0x5, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x4, r0, 0x1, 0x0) ioctl$auto_BLKCRYPTOIMPORTKEY(0xffffffffffffffff, 0xc0401289, &(0x7f0000000300)={0x80000000, 0x4000000000000000, 0x67, 0x2, [0x8, 0xb99, 0xdc8, 0xff]}) write$auto(r4, 0x0, 0x100000a3d9) socket(0x2b, 0x2, 0x3) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x9e5b4abe1b8b5cca, 0x0) write$auto_tty_fops_tty_io(r6, &(0x7f0000000180)="976f29bd689a850edbe36136c8535f593331280bb0b4ba0edd7932ab185cca064833fda24d0f81d1b16c3cca5b2611827c2f1ca88bb01e672131ac62d346b5601f538ccf285e7a197166480ef899794cab4b61107cda1b9fb125fbc752544c11d1640e59f86de019c613761b5d384219a3f53e519954888ce5cf54846c8e07", 0x7f) futex$auto(&(0x7f0000000080)=0x7, 0x69, 0x7, &(0x7f00000000c0)={0x100000001, 0x7fffffff}, &(0x7f0000000140)=0x7, 0x0) write$auto(0x3, 0x0, 0xfffffdef) write$auto(r3, 0x0, 0x18000) 17.643685875s ago: executing program 3 (id=2505): r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x8300, 0x0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000040)={0x2}) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2b, 0x1, 0x1) ptrace$auto_PTRACE_GETEVENTMSG(0x4201, 0x0, 0x722, 0xfffffffffffffffe) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) ioctl$auto_UI_SET_ABSBIT(r2, 0x40045567, 0x0) r3 = open(&(0x7f0000000140)='./file0/file0\x00', 0x149443, 0x111) mount$auto(&(0x7f0000000000)='veth1_vlan\x00', &(0x7f0000000340)='./file0\x00', &(0x7f0000000240)='hfs\x00\x81\xe2\xde\xa8\xb7\xc4G[*}\xaa{\xf1\x86\xf7d@\xe8Y\xea\xb1H\x01\xff\"^\'6\xba\xa9s\x1d\xf4\xe1i\xc5\xb6_B\xa7KFS\xc1\xa7\x8e*h\xe3\x8b\x7f\xca\xfcNEi\x84?\x82\xff\xf2\xac\xd1\xee\xf4\x9a?\xac\x11\x88\aO\x84\xe6k\a\x9bY\xddx\xb8\xdf\vHv\xb5\f\xbc\b\xc0\xfa\xc0\xfe\xa6\xce\xbd\x03\x00\x93\xdc4\x97\xce\xd5&\x93\xae\x05q\xe9\xa8?\x00\xbdi\x88q\xd0w\xfd@\r\xce\xe4\xadrt`\xf8`b\xbf\xeci\x93a\xc6o\x9ej\xe4\xa3\x9d\xaa\xe1\xe1N\n\xbcq\n[\"5\xd4\xa6\x96#).\xbd\x8aD\x88>8J\v\xb5\x99H\xc5\a\xc9\xcf\xbc\x85\xbf\x85\x81\x0f\x7f8\x11\xdbK\xf3\xc2#\x18 \xdf\x05\xcd\xbb\xc03_\xb7Q@\xf2G', 0x7, 0x0) r4 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x8000, 0x0) ioctl$auto_USBDEVFS_CONTROL(r3, 0xc0185500, 0x0) socket(0x5, 0x800, 0x0) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r4, 0xc0045002, 0x0) utimensat$auto(0xffffffffffffffff, 0x0, 0x0, 0x1000) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x129800, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r6, 0x0, 0x20) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x105000, 0x0) r7 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_LINK_SET(r0, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={&(0x7f0000000180)=ANY=[@ANYBLOB="07bb3868b2bc78773515c3b6bbd97c430db6a6ae3dc72c5c5a415ec885ee0baf3c8d8ab05b38cd89c57a3f3c7f08895a3db64720a0975d1e5ba1622b5a93678c726cdd3a48", @ANYRES16=r7, @ANYBLOB="010026bd7000fcdbdf250900000004000480"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x80) 16.951529775s ago: executing program 3 (id=2506): unshare$auto(0x40000080) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x42942, 0x0) mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0x10, 0x2, 0x9) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/thermal/cooling_device1/type\x00', 0x101000, 0x0) listen$auto(0x3, 0x81) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="21020cbd70c031cd0ce401"], 0x14}}, 0x4000091) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2400c001) r0 = socket(0x10, 0x2, 0x4) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) 16.814651919s ago: executing program 3 (id=2507): mmap$auto(0x6df, 0x1ffffffff, 0xdf, 0xeb1, 0x401, 0x8002) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x24045840) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/scsi/device_info\x00', 0x40380, 0x0) pread64$auto(r1, 0x0, 0x10001, 0x2000000000830) setreuid$auto(0x15, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/uapsd_queues\x00', 0x2, 0x0) r2 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) lseek$auto(r2, 0x9, 0x0) getdents$auto(r2, 0x0, 0x62d4) mmap$auto_snd_pcm_f_ops_pcm1(&(0x7f0000ff8000/0x5000)=nil, 0x5000, 0x5, 0x8010, r2, 0x8) keyctl$auto(0x3, 0x0, 0xee01, 0x0, 0x8) setsockopt$auto_SO_PEEK_OFF(r0, 0xff, 0x2a, &(0x7f0000000080)='/dev/nullb0\x00', 0x4) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_clone(0x0, 0x0, 0x19, 0x0, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) kcmp$auto_KCMP_FILE(r3, r3, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x81) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vhci_hcd.5/usb19/19-0:1.0/authorized\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0x20f35) write$auto(0x3, 0x0, 0xfffffdf2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) unshare$auto(0x40000080) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) 15.875551584s ago: executing program 3 (id=2508): acct$auto(&(0x7f0000000100)='/dev/snd/controlC1\x00') r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9e, 0x10, 0xd, 0xfffffffffffffffb, 0x100000000, 0x2c2, 0x800002017d, 0x4, 0x1000000040, 0xd, 0xd59, 0xfb, 0xff, 0x21, 0x100000005]}, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0) sendmsg$auto_ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)={0x18, r2, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4104}, 0x20044050) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x20e9, 0x103) open(&(0x7f0000000280)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', 0x20102, 0x100) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0xfff5}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x31, 0x8000, 0x1ffde, 0x1, 0x2, 0x1, 0x9, 0x3, 0x5, 0x8, 0x3002, 0x9, 0xb, 0x80010002, 0x80, 0xd8f9, 0x0, 0x7, 0x2, 0x203, 0x400, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd) acct$auto(&(0x7f0000000040)='/dev/pts/ptmx\x00') sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x24008000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/net/afs/stats\x00', 0x42500, 0x0) read$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000001080)=""/244, 0xf4) mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptya6\x00', 0x40001, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r6, 0x80045439, 0x0) ioctl$auto_TIOCSETD2(r5, 0x5423, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(r5, 0x89f2, r5) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0xfc, &(0x7f0000000100)={0x0, 0xfc6}, 0x2, 0x0, 0x7, 0x3}, 0x800}, 0x7, 0x4008) 14.989121522s ago: executing program 3 (id=2509): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) getrlimit$auto(0x3, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r1 = ioctl$auto_SIOCGIFHWADDR2(0xffffffffffffffff, 0x8927, &(0x7f0000000080)="83f72950c4a15930c2601a4a9bc630bc64855986ae86b0e5edcb4ff873f9ac90f6362e3c28d6bded6152cae220b4b23cff0bd19118c132f0908bba3bb4fa2cc8a9da3c288fa1061077e1548f206de75fb69de8718758268f4a59cb52f79b1dd32c31fedbb3b9899a46c0721ac716a3ac49bc") r2 = openat$auto_proc_mountstats_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000), 0x24280, 0x0) mmap$auto(0x80, 0x5, 0x2, 0x7fffffffffffffff, r2, 0x1) mmap$auto(0xa, 0x8, 0x9d, 0x18, r2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) ioctl$auto_SG_GET_PACK_ID(r1, 0x227c, &(0x7f0000000380)="1bff233a47c10ab9d950de4607b7ee4abfd5100b815153e7d1a8d66dc9fce7e52bb979ba153acb6004c28a1bfb7e7323d7847ebd025ca0150554a7d83c861711140ff6e30dd8b291a723d48f7f4fb94ab5bc22bc6b618cc84d48af44f52dfe99722c856c0442a73f0ac8b4c3e1aa1ffa1337075e093c511120dd946a563969a4fa0db1bc8a16fc5bb6cf3cea68034e9650c7ace5041c3864e749f333030dc0398b1e5e2b5c017d99dc26fdd6504cf0667d756dcf3e6d6e554eaeb99142614889d567") sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000027c0)=ANY=[@ANYRES8=r2, @ANYRES16=r4, @ANYBLOB="080029bd7000fddbdf25050000003b67d0fbc2d6942bd4c2e9a5997883ea0ed7e88fcbc804de51e3447b2cd87d3da16e95d6b5df0ef265b87cf7614f48591913528fb902116bc182266cb243e2a3ef40e0592fe615311562a784d4d12bc17d47ea5b8ff4827d0d08a61e85fe28c4e8043f4b65d0d9346b3210dcad11609c8174fc2c1636caf5612abdace1937ea35c8bb0ed17f084477c32b407037bcdf9314d5f0a70a4726adb3358da88e7dd186439ccdcee1e185a1f7f82756e9c7984ee4f62a0db3e41e6e2f2967a9c5533b5ecba9fe6d7fb958c7fc4581b2e1d33bdf9d40bd0b8aa107fbee1bdb8cf02ffe31de53c24ad1f445584000000"], 0x100}, 0x1, 0x0, 0x0, 0x844}, 0x4010) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x64}, 0x1, 0x0, 0x0, 0x20000040}, 0x20000814) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x0, 0x0) pread64$auto(r5, 0x0, 0x40001000f42c, 0x586) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/bus/netdevsim/new_device\x00', 0x149b01, 0x0) writev$auto(r6, &(0x7f0000000200)={0x0, 0x9}, 0x7) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram1\x00', 0x6281, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x802, 0x0) ioctl$auto_BLKZEROOUT(r7, 0x127f, 0x0) r8 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x20143, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r8, 0xc0045002, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0xfffc, 0x7, 0x27ffd) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0x22341, 0x0) 0s ago: executing program 34 (id=2509): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) getrlimit$auto(0x3, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, 0x0, 0x80000, 0x0) r1 = ioctl$auto_SIOCGIFHWADDR2(0xffffffffffffffff, 0x8927, &(0x7f0000000080)="83f72950c4a15930c2601a4a9bc630bc64855986ae86b0e5edcb4ff873f9ac90f6362e3c28d6bded6152cae220b4b23cff0bd19118c132f0908bba3bb4fa2cc8a9da3c288fa1061077e1548f206de75fb69de8718758268f4a59cb52f79b1dd32c31fedbb3b9899a46c0721ac716a3ac49bc") r2 = openat$auto_proc_mountstats_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000), 0x24280, 0x0) mmap$auto(0x80, 0x5, 0x2, 0x7fffffffffffffff, r2, 0x1) mmap$auto(0xa, 0x8, 0x9d, 0x18, r2, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) ioctl$auto_SG_GET_PACK_ID(r1, 0x227c, &(0x7f0000000380)="1bff233a47c10ab9d950de4607b7ee4abfd5100b815153e7d1a8d66dc9fce7e52bb979ba153acb6004c28a1bfb7e7323d7847ebd025ca0150554a7d83c861711140ff6e30dd8b291a723d48f7f4fb94ab5bc22bc6b618cc84d48af44f52dfe99722c856c0442a73f0ac8b4c3e1aa1ffa1337075e093c511120dd946a563969a4fa0db1bc8a16fc5bb6cf3cea68034e9650c7ace5041c3864e749f333030dc0398b1e5e2b5c017d99dc26fdd6504cf0667d756dcf3e6d6e554eaeb99142614889d567") sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000001c0)={&(0x7f00000027c0)=ANY=[@ANYRES8=r2, @ANYRES16=r4, @ANYBLOB="080029bd7000fddbdf25050000003b67d0fbc2d6942bd4c2e9a5997883ea0ed7e88fcbc804de51e3447b2cd87d3da16e95d6b5df0ef265b87cf7614f48591913528fb902116bc182266cb243e2a3ef40e0592fe615311562a784d4d12bc17d47ea5b8ff4827d0d08a61e85fe28c4e8043f4b65d0d9346b3210dcad11609c8174fc2c1636caf5612abdace1937ea35c8bb0ed17f084477c32b407037bcdf9314d5f0a70a4726adb3358da88e7dd186439ccdcee1e185a1f7f82756e9c7984ee4f62a0db3e41e6e2f2967a9c5533b5ecba9fe6d7fb958c7fc4581b2e1d33bdf9d40bd0b8aa107fbee1bdb8cf02ffe31de53c24ad1f445584000000"], 0x100}, 0x1, 0x0, 0x0, 0x844}, 0x4010) sendmsg$auto_IOAM6_CMD_DEL_SCHEMA(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40200000}, 0xc, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYRES64=r0], 0x64}, 0x1, 0x0, 0x0, 0x20000040}, 0x20000814) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp\x00', 0x0, 0x0) pread64$auto(r5, 0x0, 0x40001000f42c, 0x586) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x123000, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/bus/netdevsim/new_device\x00', 0x149b01, 0x0) writev$auto(r6, &(0x7f0000000200)={0x0, 0x9}, 0x7) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram1\x00', 0x6281, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/018/001\x00', 0x802, 0x0) ioctl$auto_BLKZEROOUT(r7, 0x127f, 0x0) r8 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x20143, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r8, 0xc0045002, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0xfffc, 0x7, 0x27ffd) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0x22341, 0x0) kernel console output (not intermixed with test programs): :00007fec0e5ba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 505.756265][T15237] RAX: ffffffffffffffda RBX: 00007fec0da16180 RCX: 00007fec0d79aeb9 [ 505.756284][T15237] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 505.756302][T15237] RBP: 00007fec0e5ba090 R08: 0000000000000000 R09: 0000000000000000 [ 505.756319][T15237] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000002 [ 505.756336][T15237] R13: 00007fec0da16218 R14: 00007fec0da16180 R15: 00007ffd98d6a468 [ 505.756380][T15237] [ 505.983450][T15196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 505.997519][T15196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 506.088149][T15196] team0: Port device team_slave_0 added [ 506.096869][T15196] team0: Port device team_slave_1 added [ 506.246848][T15242] futex_wake_op: syz.0.2029 tries to shift op by -1; fix this program [ 506.277092][T15196] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 506.284577][T15196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 506.331429][T15196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 506.350444][T11882] bridge_slave_1: left allmulticast mode [ 506.357254][T11882] bridge_slave_1: left promiscuous mode [ 506.364325][ T7648] Bluetooth: hci4: command tx timeout [ 506.374433][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.380715][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 506.388646][T11882] bridge0: port 2(bridge_slave_1) entered disabled state [ 506.408177][T11882] bridge_slave_0: left allmulticast mode [ 506.414707][T15248] nfs: Unknown parameter 'BålY¶ 7³w±·E»É®H¶âs[åØu` ]‹§e©©6z¦c§ÚÞ•â[$(‡uÊ×ÃÒÃÒž€ô%ÏE¹ƒtO–÷2*è‚pãè[ˆÄÁOugÇãɧr©ts÷þ¤QZ×€z' [ 506.417383][T11882] bridge_slave_0: left promiscuous mode [ 506.442478][T11882] bridge0: port 1(bridge_slave_0) entered disabled state [ 506.526483][T15251] FAULT_INJECTION: forcing a failure. [ 506.526483][T15251] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 506.544693][T15251] CPU: 0 UID: 0 PID: 15251 Comm: syz.1.2030 Tainted: G U L syzkaller #0 PREEMPT(full) [ 506.544738][T15251] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 506.544745][T15251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 506.544755][T15251] Call Trace: [ 506.544761][T15251] [ 506.544767][T15251] dump_stack_lvl+0x100/0x190 [ 506.544791][T15251] should_fail_ex.cold+0x5/0xa [ 506.544814][T15251] ? prepare_alloc_pages+0x16d/0x5f0 [ 506.544838][T15251] should_fail_alloc_page+0xeb/0x140 [ 506.544860][T15251] prepare_alloc_pages+0x1f0/0x5f0 [ 506.544882][T15251] ? rcu_is_watching+0x12/0xc0 [ 506.544900][T15251] __alloc_frozen_pages_noprof+0x193/0x2410 [ 506.544921][T15251] ? rcu_is_watching+0x12/0xc0 [ 506.544935][T15251] ? trace_mm_page_alloc+0x10e/0x160 [ 506.544958][T15251] ? __alloc_frozen_pages_noprof+0x2a0/0x2410 [ 506.544976][T15251] ? __pfx_stack_trace_save+0x10/0x10 [ 506.545001][T15251] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 506.545019][T15251] ? stack_depot_save_flags+0x27/0x9c0 [ 506.545050][T15251] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 506.545068][T15251] ? __vmalloc_node_range_noprof+0x213/0x1530 [ 506.545082][T15251] ? __snd_dma_alloc_pages+0xd2/0x150 [ 506.545097][T15251] ? do_alloc_pages+0x113/0x250 [ 506.545115][T15251] ? snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 506.545136][T15251] ? snd_pcm_hw_params+0x1729/0x1cb0 [ 506.545156][T15251] ? snd_pcm_kernel_ioctl+0x167/0x2e0 [ 506.545176][T15251] ? snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 506.545195][T15251] ? snd_pcm_oss_make_ready+0xeb/0x1b0 [ 506.545212][T15251] ? snd_pcm_oss_sync+0x1de/0x840 [ 506.545232][T15251] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.545251][T15251] alloc_pages_bulk_noprof+0x777/0x1500 [ 506.545269][T15251] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 506.545291][T15251] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 506.545317][T15251] ? alloc_pages_noprof+0x233/0x390 [ 506.545340][T15251] __kasan_populate_vmalloc+0xf0/0x210 [ 506.545362][T15251] alloc_vmap_area+0x935/0x2a00 [ 506.545390][T15251] ? __pfx_alloc_vmap_area+0x10/0x10 [ 506.545416][T15251] __get_vm_area_node+0x1ca/0x330 [ 506.545442][T15251] __vmalloc_node_range_noprof+0x213/0x1530 [ 506.545458][T15251] ? __snd_dma_alloc_pages+0xd2/0x150 [ 506.545474][T15251] ? lock_acquire+0x17c/0x330 [ 506.545495][T15251] ? __snd_dma_alloc_pages+0xd2/0x150 [ 506.545512][T15251] ? trace_contention_end+0xd6/0x110 [ 506.545534][T15251] ? exit_to_user_mode_loop+0x100/0x4b0 [ 506.545555][T15251] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 506.545570][T15251] ? do_alloc_pages+0xd1/0x250 [ 506.545589][T15251] ? do_alloc_pages+0xd1/0x250 [ 506.545612][T15251] ? __mutex_unlock_slowpath+0x15c/0x790 [ 506.545633][T15251] ? __snd_dma_alloc_pages+0xd2/0x150 [ 506.545648][T15251] __vmalloc_node_noprof+0xad/0xf0 [ 506.545662][T15251] ? __snd_dma_alloc_pages+0xd2/0x150 [ 506.545678][T15251] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 506.545705][T15251] __snd_dma_alloc_pages+0xd2/0x150 [ 506.545722][T15251] snd_dma_alloc_dir_pages+0x151/0x240 [ 506.545740][T15251] do_alloc_pages+0x113/0x250 [ 506.545763][T15251] snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 506.545789][T15251] snd_pcm_hw_params+0x1729/0x1cb0 [ 506.545815][T15251] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 506.545837][T15251] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 506.545858][T15251] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 506.545881][T15251] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 506.545904][T15251] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 506.545932][T15251] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 506.545950][T15251] ? __pfx___mutex_lock+0x10/0x10 [ 506.545987][T15251] snd_pcm_oss_make_ready+0xeb/0x1b0 [ 506.546009][T15251] snd_pcm_oss_sync+0x1de/0x840 [ 506.546031][T15251] snd_pcm_oss_release+0x238/0x300 [ 506.546049][T15251] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 506.546069][T15251] __fput+0x3ff/0xb40 [ 506.546094][T15251] task_work_run+0x150/0x240 [ 506.546117][T15251] ? __pfx_task_work_run+0x10/0x10 [ 506.546145][T15251] exit_to_user_mode_loop+0x100/0x4b0 [ 506.546165][T15251] ? rcu_is_watching+0x12/0xc0 [ 506.546181][T15251] do_syscall_64+0x4ea/0xf80 [ 506.546200][T15251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.546215][T15251] RIP: 0033:0x7fbfa4f9aeb9 [ 506.546229][T15251] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 506.546244][T15251] RSP: 002b:00007fbfa5e43028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 506.546260][T15251] RAX: 0000000000000000 RBX: 00007fbfa5216090 RCX: 00007fbfa4f9aeb9 [ 506.546270][T15251] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 506.546279][T15251] RBP: 00007fbfa5008c1f R08: 0000000000000000 R09: 0000000000000000 [ 506.546289][T15251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 506.546300][T15251] R13: 00007fbfa5216128 R14: 00007fbfa5216090 R15: 00007ffdce86d3f8 [ 506.546320][T15251] [ 506.548964][T15251] syz.1.2030: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 507.065444][T15251] CPU: 1 UID: 0 PID: 15251 Comm: syz.1.2030 Tainted: G U L syzkaller #0 PREEMPT(full) [ 507.065492][T15251] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 507.065503][T15251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 507.065514][T15251] Call Trace: [ 507.065520][T15251] [ 507.065527][T15251] dump_stack_lvl+0x100/0x190 [ 507.065550][T15251] warn_alloc.cold+0x95/0x1c1 [ 507.065576][T15251] ? __pfx_warn_alloc+0x10/0x10 [ 507.065600][T15251] ? __get_vm_area_node+0x2c5/0x330 [ 507.065623][T15251] ? __get_vm_area_node+0x208/0x330 [ 507.065648][T15251] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 507.065665][T15251] ? lock_acquire+0x17c/0x330 [ 507.065688][T15251] ? __snd_dma_alloc_pages+0xd2/0x150 [ 507.065705][T15251] ? trace_contention_end+0xd6/0x110 [ 507.065728][T15251] ? exit_to_user_mode_loop+0x100/0x4b0 [ 507.065750][T15251] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 507.065765][T15251] ? do_alloc_pages+0xd1/0x250 [ 507.065785][T15251] ? do_alloc_pages+0xd1/0x250 [ 507.065808][T15251] ? __mutex_unlock_slowpath+0x15c/0x790 [ 507.065830][T15251] ? __snd_dma_alloc_pages+0xd2/0x150 [ 507.065845][T15251] __vmalloc_node_noprof+0xad/0xf0 [ 507.065859][T15251] ? __snd_dma_alloc_pages+0xd2/0x150 [ 507.065875][T15251] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 507.065899][T15251] __snd_dma_alloc_pages+0xd2/0x150 [ 507.065916][T15251] snd_dma_alloc_dir_pages+0x151/0x240 [ 507.065934][T15251] do_alloc_pages+0x113/0x250 [ 507.065958][T15251] snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 507.065990][T15251] snd_pcm_hw_params+0x1729/0x1cb0 [ 507.066017][T15251] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 507.066039][T15251] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 507.066061][T15251] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 507.066085][T15251] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 507.066108][T15251] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 507.066136][T15251] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 507.066156][T15251] ? __pfx___mutex_lock+0x10/0x10 [ 507.066188][T15251] snd_pcm_oss_make_ready+0xeb/0x1b0 [ 507.066209][T15251] snd_pcm_oss_sync+0x1de/0x840 [ 507.066234][T15251] snd_pcm_oss_release+0x238/0x300 [ 507.066253][T15251] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 507.066272][T15251] __fput+0x3ff/0xb40 [ 507.066298][T15251] task_work_run+0x150/0x240 [ 507.066322][T15251] ? __pfx_task_work_run+0x10/0x10 [ 507.066350][T15251] exit_to_user_mode_loop+0x100/0x4b0 [ 507.066371][T15251] ? rcu_is_watching+0x12/0xc0 [ 507.066388][T15251] do_syscall_64+0x4ea/0xf80 [ 507.066408][T15251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 507.066424][T15251] RIP: 0033:0x7fbfa4f9aeb9 [ 507.066437][T15251] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 507.066453][T15251] RSP: 002b:00007fbfa5e43028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 507.066469][T15251] RAX: 0000000000000000 RBX: 00007fbfa5216090 RCX: 00007fbfa4f9aeb9 [ 507.066479][T15251] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 507.066488][T15251] RBP: 00007fbfa5008c1f R08: 0000000000000000 R09: 0000000000000000 [ 507.066497][T15251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 507.066506][T15251] R13: 00007fbfa5216128 R14: 00007fbfa5216090 R15: 00007ffdce86d3f8 [ 507.066541][T15251] [ 507.066552][T15251] Mem-Info: [ 507.410077][T15251] active_anon:23963 inactive_anon:50 isolated_anon:0 [ 507.410077][T15251] active_file:21135 inactive_file:45244 isolated_file:0 [ 507.410077][T15251] unevictable:768 dirty:2 writeback:0 [ 507.410077][T15251] slab_reclaimable:13920 slab_unreclaimable:96088 [ 507.410077][T15251] mapped:26594 shmem:9603 pagetables:1326 [ 507.410077][T15251] sec_pagetables:0 bounce:0 [ 507.410077][T15251] kernel_misc_reclaimable:0 [ 507.410077][T15251] free:1285080 free_pcp:13098 free_cma:0 [ 507.465209][T15251] Node 0 active_anon:95852kB inactive_anon:200kB active_file:84540kB inactive_file:180824kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106356kB dirty:108kB writeback:0kB shmem:36876kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:38912kB kernel_stack:12180kB pagetables:5136kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 507.509468][T15251] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 507.563141][T15251] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 507.629779][T15251] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 507.652479][T15251] Node 0 DMA32 free:1224380kB boost:0kB min:34320kB low:42900kB high:51480kB reserved_highatomic:0KB free_highatomic:0KB active_anon:99976kB inactive_anon:204kB active_file:86588kB inactive_file:180824kB unevictable:1536kB writepending:24kB zspages:728kB present:3129332kB managed:2539572kB mlocked:0kB bounce:0kB free_pcp:37996kB local_pcp:25304kB free_cma:0kB [ 507.725018][T15251] lowmem_reserve[]: 0 0 1 1 1 [ 507.747706][T15251] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 507.804787][T15251] lowmem_reserve[]: 0 0 0 0 0 [ 507.809507][T15251] Node 1 Normal free:3895364kB boost:0kB min:55560kB low:69448kB high:83336kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:8kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:12164kB local_pcp:2564kB free_cma:0kB [ 507.880063][T15251] lowmem_reserve[]: 0 0 0 0 0 [ 507.887445][T15251] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 507.963664][T15251] Node 0 DMA32: 8696*4kB (UM) 4836*8kB (UM) 2785*16kB (UME) 1268*32kB (UME) 712*64kB (UM) 518*128kB (UME) 404*256kB (UM) 202*512kB (UM) 173*1024kB (UM) 11*2048kB (UM) 134*4096kB (UM) = 1225872kB [ 507.998072][T15251] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 508.023969][T15251] Node 1 Normal: 210*4kB (UME) 52*8kB (UE) 33*16kB (U) 240*32kB (UE) 102*64kB (UE) 28*128kB (UME) 8*256kB (UME) 0*512kB 3*1024kB (UME) 2*2048kB (UE) 944*4096kB (M) = 3895416kB [ 508.063889][T15251] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 508.086763][T15251] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 508.100816][T15251] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 508.114117][T15251] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 508.130442][T15251] 76512 total pagecache pages [ 508.138773][T15251] 21 pages in swap cache [ 508.146868][T15251] Free swap = 124612kB [ 508.171447][T15251] Total swap = 124996kB [ 508.179291][T15251] 2097051 pages RAM [ 508.189989][T15251] 0 pages HighMem/MovableOnly [ 508.198191][T15251] 430196 pages reserved [ 508.204191][T15251] 0 pages cma reserved [ 508.242140][T11882] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 508.280143][T11882] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 508.314970][T11882] bond0 (unregistering): Released all slaves [ 508.328393][T15270] zswap: compressor not available [ 508.348916][T15196] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 508.367966][T15196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 508.407827][T15196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 508.441718][ T7648] Bluetooth: hci4: command tx timeout [ 508.531045][T11882] : left promiscuous mode [ 508.775185][T15196] hsr_slave_0: entered promiscuous mode [ 508.790487][T15196] hsr_slave_1: entered promiscuous mode [ 508.800316][T15196] debugfs: 'hsr0' already exists in 'hsr' [ 508.806278][T15196] Cannot create hsr debugfs directory [ 509.175874][T11882] hsr_slave_0: left promiscuous mode [ 509.184409][T11882] hsr_slave_1: left promiscuous mode [ 509.235957][T11882] veth1_macvtap: left promiscuous mode [ 509.242231][T11882] veth0_macvtap: left promiscuous mode [ 509.248544][T11882] veth1_vlan: left promiscuous mode [ 509.254111][T11882] veth0_vlan: left promiscuous mode [ 509.519006][T15293] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2037'. [ 509.749675][T11882] team0 (unregistering): Port device team_slave_0 removed [ 510.467132][T15307] FAULT_INJECTION: forcing a failure. [ 510.467132][T15307] name failslab, interval 1, probability 0, space 0, times 0 [ 510.485176][T15307] CPU: 1 UID: 0 PID: 15307 Comm: syz.0.2039 Tainted: G U L syzkaller #0 PREEMPT(full) [ 510.485220][T15307] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 510.485231][T15307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 510.485248][T15307] Call Trace: [ 510.485257][T15307] [ 510.485267][T15307] dump_stack_lvl+0x100/0x190 [ 510.485306][T15307] should_fail_ex.cold+0x5/0xa [ 510.485352][T15307] should_failslab+0xc2/0x120 [ 510.485391][T15307] kmem_cache_alloc_noprof+0x83/0x780 [ 510.485428][T15307] ? dst_alloc+0x99/0x1a0 [ 510.485467][T15307] ? __pfx_ip6_dst_gc+0x10/0x10 [ 510.485501][T15307] ? dst_alloc+0x99/0x1a0 [ 510.485534][T15307] dst_alloc+0x99/0x1a0 [ 510.485572][T15307] ip6_rt_cache_alloc+0x1ea/0x8e0 [ 510.485618][T15307] ? __pfx_ip6_rt_cache_alloc+0x10/0x10 [ 510.485672][T15307] ip6_pol_route+0xd59/0x1230 [ 510.485706][T15307] ? __pfx_ip6_pol_route+0x10/0x10 [ 510.485742][T15307] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 510.485781][T15307] ? kernel_text_address+0x8d/0x100 [ 510.485826][T15307] ? unwind_get_return_address+0x59/0xa0 [ 510.485860][T15307] ? arch_stack_walk+0xa6/0xf0 [ 510.485897][T15307] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 510.485927][T15307] fib6_rule_lookup+0x24c/0x720 [ 510.485958][T15307] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 510.485982][T15307] ? stack_trace_save+0x8e/0xc0 [ 510.486024][T15307] ? kasan_save_stack+0x3f/0x50 [ 510.486056][T15307] ? kasan_save_stack+0x30/0x50 [ 510.486088][T15307] ? kasan_record_aux_stack+0xa7/0xc0 [ 510.486114][T15307] ? __call_rcu_common.constprop.0+0xa5/0x9b0 [ 510.486163][T15307] ip6_route_output_flags+0x1d0/0x650 [ 510.486209][T15307] ip6_dst_lookup_tail.constprop.0+0x116/0x2110 [ 510.486253][T15307] ? __pfx_ip6_dst_lookup_tail.constprop.0+0x10/0x10 [ 510.486291][T15307] ? __lock_acquire+0x4a5/0x2630 [ 510.486341][T15307] ip6_dst_lookup_flow+0x99/0x1d0 [ 510.486373][T15307] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 510.486401][T15307] ? find_held_lock+0x2b/0x80 [ 510.486427][T15307] ? rawv6_sendmsg+0xbcd/0x48e0 [ 510.486466][T15307] ? rawv6_sendmsg+0xbcd/0x48e0 [ 510.486513][T15307] rawv6_sendmsg+0xeff/0x48e0 [ 510.486551][T15307] ? process_measurement+0x1ea/0x2400 [ 510.486599][T15307] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 510.486689][T15307] ? __import_iovec+0x1d2/0x640 [ 510.486739][T15307] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 510.486782][T15307] ? inet_sendmsg+0x11c/0x140 [ 510.486812][T15307] inet_sendmsg+0x11c/0x140 [ 510.486844][T15307] ____sys_sendmsg+0x9ad/0xc30 [ 510.486879][T15307] ? __pfx_____sys_sendmsg+0x10/0x10 [ 510.486915][T15307] ? _kstrtoull+0x13c/0x1f0 [ 510.486944][T15307] ? __pfx__kstrtoull+0x10/0x10 [ 510.486981][T15307] ___sys_sendmsg+0x190/0x1e0 [ 510.487016][T15307] ? __pfx____sys_sendmsg+0x10/0x10 [ 510.487083][T15307] ? __pfx___might_resched+0x10/0x10 [ 510.487133][T15307] __sys_sendmmsg+0x205/0x430 [ 510.487178][T15307] ? __pfx___sys_sendmmsg+0x10/0x10 [ 510.487228][T15307] ? __fget_files+0x215/0x3d0 [ 510.487258][T15307] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 510.487314][T15307] ? fput+0x79/0x100 [ 510.487350][T15307] ? ksys_write+0x1ac/0x250 [ 510.487381][T15307] ? __pfx_ksys_write+0x10/0x10 [ 510.487419][T15307] __x64_sys_sendmmsg+0x9c/0x100 [ 510.487459][T15307] ? lockdep_hardirqs_on+0x78/0x100 [ 510.487492][T15307] do_syscall_64+0xc9/0xf80 [ 510.487528][T15307] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.487557][T15307] RIP: 0033:0x7fe522f9aeb9 [ 510.487579][T15307] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 510.487605][T15307] RSP: 002b:00007fe523dca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 510.487633][T15307] RAX: ffffffffffffffda RBX: 00007fe523216180 RCX: 00007fe522f9aeb9 [ 510.487652][T15307] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 510.487669][T15307] RBP: 00007fe523dca090 R08: 0000000000000000 R09: 0000000000000000 [ 510.487687][T15307] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000002 [ 510.487704][T15307] R13: 00007fe523216218 R14: 00007fe523216180 R15: 00007ffed293b288 [ 510.487748][T15307] [ 510.891191][ T7648] Bluetooth: hci4: command tx timeout [ 511.568907][T15331] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2042'. [ 511.814473][T15334] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2044'. [ 511.827742][T15337] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2044'. [ 511.964249][T15337] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2044'. [ 511.977513][T15337] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2044'. [ 511.987967][T15337] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2044'. [ 512.013211][T15337] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2044'. [ 512.023271][T15337] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2044'. [ 512.048639][T15337] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2044'. [ 512.890674][ T7792] Bluetooth: hci4: command tx timeout [ 515.308833][T15416] zswap: compressor not available [ 515.342468][ T30] audit: type=1800 audit(1843107865.964:34): pid=15416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2054" name="lu_gp_id" dev="configfs" ino=59281 res=0 errno=0 [ 515.364347][T15416] kstrtoul() returned -22 for lu_gp_id [ 517.726270][T15476] cgroup: fork rejected by pids controller in /syz0 [ 518.059374][T15513] futex_wake_op: syz.0.2074 tries to shift op by -1; fix this program [ 518.827949][T15525] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2076'. [ 519.401652][T15539] nfs: Unknown parameter 'BålY¶ 7³w±·E»É®H¶âs[åØu` ]‹§e©©6z¦c§ÚÞ•â[$(‡uÊ×ÃÒÃÒž€ô%ÏE¹ƒtO–÷2*è‚pãè[ˆÄÁOugÇãɧr©ts÷þ¤QZ×€z' [ 519.503074][T15539] FAULT_INJECTION: forcing a failure. [ 519.503074][T15539] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 519.517121][T15539] CPU: 0 UID: 0 PID: 15539 Comm: syz.3.2080 Tainted: G U L syzkaller #0 PREEMPT(full) [ 519.517147][T15539] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 519.517153][T15539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 519.517163][T15539] Call Trace: [ 519.517168][T15539] [ 519.517175][T15539] dump_stack_lvl+0x100/0x190 [ 519.517197][T15539] should_fail_ex.cold+0x5/0xa [ 519.517225][T15539] ? prepare_alloc_pages+0x16d/0x5f0 [ 519.517274][T15539] should_fail_alloc_page+0xeb/0x140 [ 519.517314][T15539] prepare_alloc_pages+0x1f0/0x5f0 [ 519.517336][T15539] ? rcu_is_watching+0x12/0xc0 [ 519.517353][T15539] __alloc_frozen_pages_noprof+0x193/0x2410 [ 519.517377][T15539] ? rcu_is_watching+0x12/0xc0 [ 519.517392][T15539] ? trace_mm_page_alloc+0x10e/0x160 [ 519.517414][T15539] ? __alloc_frozen_pages_noprof+0x2a0/0x2410 [ 519.517433][T15539] ? __pfx_stack_trace_save+0x10/0x10 [ 519.517450][T15539] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 519.517467][T15539] ? stack_depot_save_flags+0x27/0x9c0 [ 519.517496][T15539] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 519.517513][T15539] ? __vmalloc_node_range_noprof+0x213/0x1530 [ 519.517528][T15539] ? __snd_dma_alloc_pages+0xd2/0x150 [ 519.517543][T15539] ? do_alloc_pages+0x113/0x250 [ 519.517562][T15539] ? snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 519.517582][T15539] ? snd_pcm_hw_params+0x1729/0x1cb0 [ 519.517602][T15539] ? snd_pcm_kernel_ioctl+0x167/0x2e0 [ 519.517623][T15539] ? snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 519.517641][T15539] ? snd_pcm_oss_make_ready+0xeb/0x1b0 [ 519.517657][T15539] ? snd_pcm_oss_sync+0x1de/0x840 [ 519.517677][T15539] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.517695][T15539] alloc_pages_bulk_noprof+0x777/0x1500 [ 519.517714][T15539] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 519.517736][T15539] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 519.517761][T15539] ? alloc_pages_noprof+0x233/0x390 [ 519.517799][T15539] __kasan_populate_vmalloc+0xf0/0x210 [ 519.517840][T15539] alloc_vmap_area+0x935/0x2a00 [ 519.517876][T15539] ? __pfx_alloc_vmap_area+0x10/0x10 [ 519.517903][T15539] __get_vm_area_node+0x1ca/0x330 [ 519.517928][T15539] __vmalloc_node_range_noprof+0x213/0x1530 [ 519.517944][T15539] ? __snd_dma_alloc_pages+0xd2/0x150 [ 519.517961][T15539] ? lock_acquire+0x17c/0x330 [ 519.517983][T15539] ? __snd_dma_alloc_pages+0xd2/0x150 [ 519.517999][T15539] ? trace_contention_end+0xd6/0x110 [ 519.518021][T15539] ? exit_to_user_mode_loop+0x100/0x4b0 [ 519.518042][T15539] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 519.518057][T15539] ? do_alloc_pages+0xd1/0x250 [ 519.518076][T15539] ? do_alloc_pages+0xd1/0x250 [ 519.518098][T15539] ? __mutex_unlock_slowpath+0x15c/0x790 [ 519.518126][T15539] ? __snd_dma_alloc_pages+0xd2/0x150 [ 519.518140][T15539] __vmalloc_node_noprof+0xad/0xf0 [ 519.518154][T15539] ? __snd_dma_alloc_pages+0xd2/0x150 [ 519.518169][T15539] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 519.518192][T15539] __snd_dma_alloc_pages+0xd2/0x150 [ 519.518209][T15539] snd_dma_alloc_dir_pages+0x151/0x240 [ 519.518227][T15539] do_alloc_pages+0x113/0x250 [ 519.518250][T15539] snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 519.518275][T15539] snd_pcm_hw_params+0x1729/0x1cb0 [ 519.518300][T15539] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 519.518322][T15539] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 519.518344][T15539] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 519.518369][T15539] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 519.518391][T15539] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 519.518419][T15539] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 519.518438][T15539] ? __pfx___mutex_lock+0x10/0x10 [ 519.518470][T15539] snd_pcm_oss_make_ready+0xeb/0x1b0 [ 519.518490][T15539] snd_pcm_oss_sync+0x1de/0x840 [ 519.518511][T15539] snd_pcm_oss_release+0x238/0x300 [ 519.518529][T15539] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 519.518548][T15539] __fput+0x3ff/0xb40 [ 519.518573][T15539] task_work_run+0x150/0x240 [ 519.518596][T15539] ? __pfx_task_work_run+0x10/0x10 [ 519.518623][T15539] exit_to_user_mode_loop+0x100/0x4b0 [ 519.518643][T15539] ? rcu_is_watching+0x12/0xc0 [ 519.518659][T15539] do_syscall_64+0x4ea/0xf80 [ 519.518679][T15539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.518694][T15539] RIP: 0033:0x7fec0d79aeb9 [ 519.518708][T15539] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 519.518722][T15539] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 519.518737][T15539] RAX: 0000000000000000 RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 519.518747][T15539] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 519.518755][T15539] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 519.518764][T15539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 519.518772][T15539] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 519.518792][T15539] [ 520.012126][T15539] syz.3.2080: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 520.037857][T15539] CPU: 0 UID: 0 PID: 15539 Comm: syz.3.2080 Tainted: G U L syzkaller #0 PREEMPT(full) [ 520.037884][T15539] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 520.037891][T15539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 520.037900][T15539] Call Trace: [ 520.037906][T15539] [ 520.037913][T15539] dump_stack_lvl+0x100/0x190 [ 520.037937][T15539] warn_alloc.cold+0x95/0x1c1 [ 520.037963][T15539] ? __pfx_warn_alloc+0x10/0x10 [ 520.037989][T15539] ? __get_vm_area_node+0x2c5/0x330 [ 520.038011][T15539] ? __get_vm_area_node+0x208/0x330 [ 520.038037][T15539] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 520.038054][T15539] ? lock_acquire+0x17c/0x330 [ 520.038076][T15539] ? __snd_dma_alloc_pages+0xd2/0x150 [ 520.038112][T15539] ? trace_contention_end+0xd6/0x110 [ 520.038135][T15539] ? exit_to_user_mode_loop+0x100/0x4b0 [ 520.038157][T15539] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 520.038173][T15539] ? do_alloc_pages+0xd1/0x250 [ 520.038192][T15539] ? do_alloc_pages+0xd1/0x250 [ 520.038215][T15539] ? __mutex_unlock_slowpath+0x15c/0x790 [ 520.038237][T15539] ? __snd_dma_alloc_pages+0xd2/0x150 [ 520.038252][T15539] __vmalloc_node_noprof+0xad/0xf0 [ 520.038266][T15539] ? __snd_dma_alloc_pages+0xd2/0x150 [ 520.038282][T15539] ? __pfx_snd_dma_vmalloc_alloc+0x10/0x10 [ 520.038305][T15539] __snd_dma_alloc_pages+0xd2/0x150 [ 520.038321][T15539] snd_dma_alloc_dir_pages+0x151/0x240 [ 520.038339][T15539] do_alloc_pages+0x113/0x250 [ 520.038363][T15539] snd_pcm_lib_malloc_pages+0x4bd/0x9b0 [ 520.038388][T15539] snd_pcm_hw_params+0x1729/0x1cb0 [ 520.038413][T15539] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 520.038435][T15539] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 520.038456][T15539] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 520.038479][T15539] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 520.038502][T15539] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 520.038530][T15539] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 520.038549][T15539] ? __pfx___mutex_lock+0x10/0x10 [ 520.038581][T15539] snd_pcm_oss_make_ready+0xeb/0x1b0 [ 520.038601][T15539] snd_pcm_oss_sync+0x1de/0x840 [ 520.038622][T15539] snd_pcm_oss_release+0x238/0x300 [ 520.038641][T15539] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 520.038660][T15539] __fput+0x3ff/0xb40 [ 520.038685][T15539] task_work_run+0x150/0x240 [ 520.038708][T15539] ? __pfx_task_work_run+0x10/0x10 [ 520.038735][T15539] exit_to_user_mode_loop+0x100/0x4b0 [ 520.038756][T15539] ? rcu_is_watching+0x12/0xc0 [ 520.038772][T15539] do_syscall_64+0x4ea/0xf80 [ 520.038791][T15539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.038807][T15539] RIP: 0033:0x7fec0d79aeb9 [ 520.038821][T15539] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 520.038835][T15539] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 520.038850][T15539] RAX: 0000000000000000 RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 520.038860][T15539] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 520.038869][T15539] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 520.038878][T15539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 520.038888][T15539] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 520.038909][T15539] [ 520.038915][T15539] Mem-Info: [ 520.373116][T15539] active_anon:24492 inactive_anon:50 isolated_anon:0 [ 520.373116][T15539] active_file:20597 inactive_file:45254 isolated_file:0 [ 520.373116][T15539] unevictable:768 dirty:0 writeback:22 [ 520.373116][T15539] slab_reclaimable:13660 slab_unreclaimable:92952 [ 520.373116][T15539] mapped:26627 shmem:9609 pagetables:1327 [ 520.373116][T15539] sec_pagetables:0 bounce:0 [ 520.373116][T15539] kernel_misc_reclaimable:0 [ 520.373116][T15539] free:1290325 free_pcp:10703 free_cma:0 [ 520.424144][T15539] Node 0 active_anon:97968kB inactive_anon:200kB active_file:82388kB inactive_file:180864kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:106488kB dirty:0kB writeback:88kB shmem:36900kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:40960kB kernel_stack:11816kB pagetables:5140kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 520.463883][T15542] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2081'. [ 520.473818][T15542] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2081'. [ 520.483685][T15542] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2081'. [ 520.493410][T15539] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:20kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:168kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 520.493844][T15542] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2081'. [ 520.533505][T15539] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 520.539235][T15542] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2081'. [ 520.572624][T15539] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 520.578972][T15539] Node 0 DMA32 free:1249856kB boost:0kB min:34320kB low:42900kB high:51480kB reserved_highatomic:0KB free_highatomic:0KB active_anon:100164kB inactive_anon:200kB active_file:82388kB inactive_file:180864kB unevictable:1536kB writepending:144kB zspages:728kB present:3129332kB managed:2539572kB mlocked:0kB bounce:0kB free_pcp:29188kB local_pcp:11292kB free_cma:0kB [ 520.582919][T15542] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2081'. [ 520.623270][T15539] lowmem_reserve[]: 0 0 1 1 1 [ 520.628335][T15542] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2081'. [ 520.628369][T15539] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 520.647739][T15542] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2081'. [ 520.668176][T15539] lowmem_reserve[]: 0 0 0 0 0 [ 520.686018][T15539] Node 1 Normal free:3896180kB boost:0kB min:55560kB low:69448kB high:83336kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:152kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:11408kB local_pcp:9100kB free_cma:0kB [ 520.724248][T15539] lowmem_reserve[]: 0 0 0 0 0 [ 520.728983][T15539] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 520.742087][T15539] Node 0 DMA32: 6198*4kB (UM) 4323*8kB (UME) 2727*16kB (UME) 1253*32kB (UME) 729*64kB (UM) 512*128kB (UME) 373*256kB (UM) 206*512kB (UM) 177*1024kB (UM) 19*2048kB (UM) 140*4096kB (UM) = 1249856kB [ 520.762103][T15539] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 520.774468][T15539] Node 1 Normal: 211*4kB (UME) 53*8kB (UME) 34*16kB (UM) 243*32kB (UME) 104*64kB (UME) 28*128kB (UE) 8*256kB (UME) 1*512kB (M) 3*1024kB (UME) 2*2048kB (UE) 944*4096kB (M) = 3896180kB [ 520.794801][T15539] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 520.812783][T15539] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 520.822148][T15539] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 520.834787][T15539] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 520.845039][T15539] 75477 total pagecache pages [ 520.853241][T15539] 19 pages in swap cache [ 520.857484][T15539] Free swap = 124612kB [ 520.863254][T15539] Total swap = 124996kB [ 520.867411][T15539] 2097051 pages RAM [ 520.874280][T15539] 0 pages HighMem/MovableOnly [ 520.880123][T15539] 430196 pages reserved [ 520.884612][T15539] 0 pages cma reserved [ 522.099371][T15571] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2089'. [ 522.326407][T15573] Console: switching to colour VGA+ 80x25 [ 523.928649][T15600] : Can't lookup blockdev [ 524.440151][T15607] zswap: compressor not available [ 525.736434][T15630] __nla_validate_parse: 7 callbacks suppressed [ 525.736458][T15630] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2101'. [ 525.798823][T15630] team0 (unregistering): Port device team_slave_0 removed [ 525.847351][T15630] team0 (unregistering): Port device team_slave_1 removed [ 526.633010][ T7648] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 526.643365][ T7648] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 526.651364][ T7648] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 526.659427][ T7648] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 526.669593][ T7648] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 526.926977][T15665] FAULT_INJECTION: forcing a failure. [ 526.926977][T15665] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 526.959928][T15665] CPU: 1 UID: 0 PID: 15665 Comm: syz.3.2107 Tainted: G U L syzkaller #0 PREEMPT(full) [ 526.959974][T15665] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 526.959985][T15665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 526.960001][T15665] Call Trace: [ 526.960010][T15665] [ 526.960021][T15665] dump_stack_lvl+0x100/0x190 [ 526.960060][T15665] should_fail_ex.cold+0x5/0xa [ 526.960104][T15665] _copy_from_user+0x2e/0xd0 [ 526.960146][T15665] copy_msghdr_from_user+0x9f/0x4f0 [ 526.960181][T15665] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 526.960219][T15665] ? _kstrtoull+0x13c/0x1f0 [ 526.960247][T15665] ? __pfx__kstrtoull+0x10/0x10 [ 526.960283][T15665] ___sys_sendmsg+0x106/0x1e0 [ 526.960317][T15665] ? __pfx____sys_sendmsg+0x10/0x10 [ 526.960383][T15665] ? __pfx___might_resched+0x10/0x10 [ 526.960433][T15665] __sys_sendmmsg+0x205/0x430 [ 526.960478][T15665] ? __pfx___sys_sendmmsg+0x10/0x10 [ 526.960528][T15665] ? __fget_files+0x215/0x3d0 [ 526.960558][T15665] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 526.960618][T15665] ? fput+0x79/0x100 [ 526.960655][T15665] ? ksys_write+0x1ac/0x250 [ 526.960686][T15665] ? __pfx_ksys_write+0x10/0x10 [ 526.960722][T15665] __x64_sys_sendmmsg+0x9c/0x100 [ 526.960763][T15665] ? lockdep_hardirqs_on+0x78/0x100 [ 526.960795][T15665] do_syscall_64+0xc9/0xf80 [ 526.960830][T15665] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 526.960858][T15665] RIP: 0033:0x7fec0d79aeb9 [ 526.960881][T15665] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 526.960907][T15665] RSP: 002b:00007fec0e5ba028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 526.960934][T15665] RAX: ffffffffffffffda RBX: 00007fec0da16180 RCX: 00007fec0d79aeb9 [ 526.960954][T15665] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 526.960970][T15665] RBP: 00007fec0e5ba090 R08: 0000000000000000 R09: 0000000000000000 [ 526.960987][T15665] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000002 [ 526.961004][T15665] R13: 00007fec0da16218 R14: 00007fec0da16180 R15: 00007ffd98d6a468 [ 526.961041][T15665] [ 526.961765][T15657] chnl_net:caif_netlink_parms(): no params data found [ 527.371597][T15657] bridge0: port 1(bridge_slave_0) entered blocking state [ 527.384953][T15657] bridge0: port 1(bridge_slave_0) entered disabled state [ 527.400623][T15657] bridge_slave_0: entered allmulticast mode [ 527.414985][T15657] bridge_slave_0: entered promiscuous mode [ 527.423789][T15657] bridge0: port 2(bridge_slave_1) entered blocking state [ 527.431585][T15657] bridge0: port 2(bridge_slave_1) entered disabled state [ 527.439077][T15657] bridge_slave_1: entered allmulticast mode [ 527.609402][T15657] bridge_slave_1: entered promiscuous mode [ 527.664458][T15657] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 527.680757][T15657] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 527.751555][T15657] team0: Port device team_slave_0 added [ 527.778125][T15657] team0: Port device team_slave_1 added [ 527.847513][T15657] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 527.859756][T15657] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 527.910425][T15657] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 527.934050][T15657] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 527.946583][T15657] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 527.993326][T15657] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 528.070627][T15657] hsr_slave_0: entered promiscuous mode [ 528.082765][T15657] hsr_slave_1: entered promiscuous mode [ 528.090328][T15657] debugfs: 'hsr0' already exists in 'hsr' [ 528.098062][T15657] Cannot create hsr debugfs directory [ 528.585482][T15696] nfs: Unknown parameter 'BålY¶ 7³w±·E»É®H¶âs[åØu` ]‹§e©©6z¦c§ÚÞ•â[$(‡uÊ×ÃÒÃÒž€ô%ÏE¹ƒtO–÷2*è‚pãè[ˆÄÁOugÇãɧr©ts÷þ¤QZ×€z' [ 528.687057][T15697] block nbd2: not configured, cannot reconfigure [ 528.739879][ T7792] Bluetooth: hci1: command tx timeout [ 528.864106][T15703] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2116'. [ 528.874912][T15703] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2116'. [ 528.884612][T15703] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2116'. [ 528.894745][T15703] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2116'. [ 528.904229][T15703] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2116'. [ 528.928196][T15703] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2116'. [ 528.947162][T15703] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2116'. [ 528.969544][T15703] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2116'. [ 530.151840][T15737] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2124'. [ 530.806578][ T7792] Bluetooth: hci1: command tx timeout [ 532.877044][ T7792] Bluetooth: hci1: command tx timeout [ 533.123544][T15800] __nla_validate_parse: 7 callbacks suppressed [ 533.123569][T15800] netlink: 202 bytes leftover after parsing attributes in process `syz.0.2142'. [ 533.304675][T15797] Process accounting resumed [ 533.653358][T15808] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2143'. [ 533.663234][T15809] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2143'. [ 533.672668][T15809] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2143'. [ 533.682379][T15809] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2143'. [ 533.693487][T15809] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2143'. [ 533.706789][T15808] netlink: 306 bytes leftover after parsing attributes in process `syz.3.2143'. [ 533.716514][T15809] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2143'. [ 533.727531][T15809] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2143'. [ 533.737190][T15809] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2143'. [ 534.947035][ T7792] Bluetooth: hci1: command tx timeout [ 535.220254][ T30] audit: type=1804 audit(1843118334.939:35): pid=15836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2150" name="file0" dev="tmpfs" ino=2861 res=1 errno=0 [ 535.280073][ T30] audit: type=1804 audit(1843118334.949:36): pid=15839 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.2150" name="file0" dev="tmpfs" ino=2861 res=1 errno=0 [ 536.323345][T15875] netlink: 'syz.0.2158': attribute type 5 has an invalid length. [ 538.550735][T15923] __nla_validate_parse: 20 callbacks suppressed [ 538.550759][T15923] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2173'. [ 538.570624][T15923] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2173'. [ 538.590664][T15923] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2173'. [ 538.607799][T15923] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2173'. [ 538.628318][T15923] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2173'. [ 538.639720][T15923] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2173'. [ 538.648994][T15923] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2173'. [ 538.660864][T15923] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2173'. [ 538.913071][T15932] futex_wake_op: syz.3.2176 tries to shift op by -1; fix this program [ 540.069527][T15955] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2183'. [ 540.080804][T15955] netlink: 338 bytes leftover after parsing attributes in process `syz.0.2183'. [ 540.862936][T15966] audit: audit_lost=13 audit_rate_limit=0 audit_backlog_limit=64 [ 540.870813][T15966] audit: out of memory in audit_log_start [ 543.611005][T16034] __nla_validate_parse: 14 callbacks suppressed [ 543.611032][T16034] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2202'. [ 543.628410][T16034] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2202'. [ 543.639166][T16034] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2202'. [ 543.648789][T16034] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2202'. [ 543.658727][T16034] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2202'. [ 543.668444][T16034] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2202'. [ 543.678096][T16034] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2202'. [ 543.711543][T16034] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2202'. [ 544.336628][T16055] binder: 16050:16055 ioctl 400c620e 0 returned -22 [ 544.932059][T16060] futex_wake_op: syz.0.2207 tries to shift op by -1; fix this program [ 549.923432][T16196] Invalid ELF header magic: != ELF [ 550.179716][T16199] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2240'. [ 550.191126][T16199] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2240'. [ 550.204052][T16199] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.244122][T16199] bridge_slave_1 (unregistering): left allmulticast mode [ 550.254425][T16199] bridge_slave_1 (unregistering): left promiscuous mode [ 550.265065][T16199] bridge0: port 2(bridge_slave_1) entered disabled state [ 550.586382][T16205] Invalid ELF header magic: != ELF [ 551.139276][T16217] FAULT_INJECTION: forcing a failure. [ 551.139276][T16217] name failslab, interval 1, probability 0, space 0, times 0 [ 551.152710][T16217] CPU: 0 UID: 0 PID: 16217 Comm: syz.3.2244 Tainted: G U L syzkaller #0 PREEMPT(full) [ 551.152745][T16217] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 551.152751][T16217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 551.152760][T16217] Call Trace: [ 551.152766][T16217] [ 551.152772][T16217] dump_stack_lvl+0x100/0x190 [ 551.152795][T16217] should_fail_ex.cold+0x5/0xa [ 551.152820][T16217] should_failslab+0xc2/0x120 [ 551.152841][T16217] ? tomoyo_realpath_from_path+0xb6/0x690 [ 551.152857][T16217] __kmalloc_noprof+0xf6/0x9c0 [ 551.152878][T16217] ? tomoyo_realpath_from_path+0xb6/0x690 [ 551.152892][T16217] tomoyo_realpath_from_path+0xb6/0x690 [ 551.152912][T16217] tomoyo_path_number_perm+0x23c/0x580 [ 551.152933][T16217] ? tomoyo_path_number_perm+0x22e/0x580 [ 551.152955][T16217] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 551.153002][T16217] ? find_held_lock+0x2b/0x80 [ 551.153017][T16217] ? hook_file_ioctl_common+0x146/0x410 [ 551.153038][T16217] ? __fget_files+0x215/0x3d0 [ 551.153058][T16217] ? __fget_files+0x21f/0x3d0 [ 551.153077][T16217] security_file_ioctl+0xd3/0x230 [ 551.153100][T16217] __x64_sys_ioctl+0xb7/0x210 [ 551.153125][T16217] do_syscall_64+0xc9/0xf80 [ 551.153146][T16217] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.153162][T16217] RIP: 0033:0x7fec0d79aeb9 [ 551.153175][T16217] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 551.153189][T16217] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 551.153203][T16217] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 551.153214][T16217] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000004 [ 551.153225][T16217] RBP: 00007fec0e5fc090 R08: 0000000000000000 R09: 0000000000000000 [ 551.153234][T16217] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 551.153242][T16217] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 551.153262][T16217] [ 551.153269][T16217] ERROR: Out of memory at tomoyo_realpath_from_path. [ 553.624239][T16245] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 553.929189][T16276] netlink: 'syz.3.2260': attribute type 1 has an invalid length. [ 553.941746][T16276] netlink: 306 bytes leftover after parsing attributes in process `syz.3.2260'. [ 554.061826][T16282] FAULT_INJECTION: forcing a failure. [ 554.061826][T16282] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 554.070641][T16284] ovs_ÿþÿþ?: entered promiscuous mode [ 554.075419][T16282] CPU: 1 UID: 0 PID: 16282 Comm: syz.3.2261 Tainted: G U L syzkaller #0 PREEMPT(full) [ 554.075462][T16282] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 554.075473][T16282] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 554.075490][T16282] Call Trace: [ 554.075499][T16282] [ 554.075509][T16282] dump_stack_lvl+0x100/0x190 [ 554.075547][T16282] should_fail_ex.cold+0x5/0xa [ 554.075585][T16282] ? prepare_alloc_pages+0x16d/0x5f0 [ 554.075630][T16282] should_fail_alloc_page+0xeb/0x140 [ 554.075670][T16282] prepare_alloc_pages+0x1f0/0x5f0 [ 554.075716][T16282] __alloc_frozen_pages_noprof+0x193/0x2410 [ 554.075756][T16282] ? rcu_is_watching+0x12/0xc0 [ 554.075783][T16282] ? trace_mm_page_alloc+0x10e/0x160 [ 554.075824][T16282] ? __alloc_frozen_pages_noprof+0x2a0/0x2410 [ 554.075861][T16282] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 554.075896][T16282] ? kasan_save_stack+0x30/0x50 [ 554.075927][T16282] ? kasan_save_track+0x14/0x30 [ 554.075958][T16282] ? __kasan_kmalloc+0xaa/0xb0 [ 554.075989][T16282] ? __kmalloc_noprof+0x347/0x9c0 [ 554.076020][T16282] ? vhost_dev_set_owner+0x287/0xa30 [ 554.076052][T16282] ? vhost_dev_ioctl+0x521/0xe20 [ 554.076082][T16282] ? vhost_vsock_dev_ioctl+0x320/0xb30 [ 554.076117][T16282] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 554.076159][T16282] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 554.076192][T16282] ? policy_nodemask+0xed/0x4f0 [ 554.076233][T16282] alloc_pages_mpol+0x1fb/0x550 [ 554.076273][T16282] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 554.076320][T16282] ___kmalloc_large_node+0x104/0x150 [ 554.076365][T16282] __kmalloc_large_node_noprof+0x1c/0x70 [ 554.076406][T16282] ? vhost_dev_set_owner+0x191/0xa30 [ 554.076439][T16282] __kmalloc_noprof+0x6b1/0x9c0 [ 554.076477][T16282] ? vhost_dev_set_owner+0x191/0xa30 [ 554.076508][T16282] vhost_dev_set_owner+0x191/0xa30 [ 554.076552][T16282] vhost_dev_ioctl+0x521/0xe20 [ 554.076584][T16282] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 554.076615][T16282] ? do_vfs_ioctl+0x226/0x13e0 [ 554.076655][T16282] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 554.076702][T16282] vhost_vsock_dev_ioctl+0x320/0xb30 [ 554.076732][T16282] ? hook_file_ioctl_common+0x146/0x410 [ 554.076773][T16282] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 554.076813][T16282] ? __fget_files+0x21f/0x3d0 [ 554.076848][T16282] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 554.076883][T16282] __x64_sys_ioctl+0x18e/0x210 [ 554.076927][T16282] do_syscall_64+0xc9/0xf80 [ 554.076963][T16282] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.076991][T16282] RIP: 0033:0x7fec0d79aeb9 [ 554.077018][T16282] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 554.077044][T16282] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 554.077070][T16282] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 554.077089][T16282] RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000008 [ 554.077105][T16282] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 554.077122][T16282] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.077139][T16282] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 554.077176][T16282] [ 554.222403][T16285] netlink: 266 bytes leftover after parsing attributes in process `syz.0.2259'. [ 554.399760][T16286] netlink: 266 bytes leftover after parsing attributes in process `syz.0.2259'. [ 556.659885][T16330] futex_wake_op: syz.0.2271 tries to shift op by -1; fix this program [ 557.981548][T16353] Invalid ELF header magic: != ELF [ 558.824474][T16364] block2mtd: illegal erase size [ 559.094330][T16368] futex_wake_op: syz.3.2281 tries to shift op by -1; fix this program [ 559.848519][T16388] FAULT_INJECTION: forcing a failure. [ 559.848519][T16388] name failslab, interval 1, probability 0, space 0, times 0 [ 559.866927][T16388] CPU: 0 UID: 0 PID: 16388 Comm: syz.3.2288 Tainted: G U L syzkaller #0 PREEMPT(full) [ 559.866956][T16388] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 559.866962][T16388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 559.866972][T16388] Call Trace: [ 559.866979][T16388] [ 559.866985][T16388] dump_stack_lvl+0x100/0x190 [ 559.867009][T16388] should_fail_ex.cold+0x5/0xa [ 559.867035][T16388] should_failslab+0xc2/0x120 [ 559.867057][T16388] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 559.867078][T16388] ? __alloc_skb+0x156/0x410 [ 559.867102][T16388] ? __alloc_skb+0x156/0x410 [ 559.867119][T16388] __alloc_skb+0x156/0x410 [ 559.867137][T16388] ? __alloc_skb+0x35d/0x410 [ 559.867156][T16388] ? __pfx___alloc_skb+0x10/0x10 [ 559.867175][T16388] ? rcu_is_watching+0x12/0xc0 [ 559.867191][T16388] ? trace_kmem_cache_alloc+0x10/0xb0 [ 559.867211][T16388] ? kmem_cache_alloc_noprof+0x2ff/0x780 [ 559.867230][T16388] ? audit_log_start+0x29d/0x930 [ 559.867251][T16388] ? lockdep_init_map_type+0x5c/0x250 [ 559.867280][T16388] audit_log_start+0x350/0x930 [ 559.867303][T16388] ? __pfx_audit_log_start+0x10/0x10 [ 559.867335][T16388] integrity_audit_message+0x10c/0x4f0 [ 559.867352][T16388] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 559.867375][T16388] ? __pfx_integrity_audit_message+0x10/0x10 [ 559.867393][T16388] ? take_dentry_name_snapshot+0x310/0x7c0 [ 559.867421][T16388] integrity_audit_msg+0x41/0x60 [ 559.867439][T16388] ima_collect_measurement+0x72a/0xa40 [ 559.867460][T16388] ? do_filp_open+0x1f7/0x420 [ 559.867482][T16388] ? __pfx_ima_collect_measurement+0x10/0x10 [ 559.867503][T16388] ? lock_acquire+0x17c/0x330 [ 559.867531][T16388] ? process_measurement+0x5cd/0x2400 [ 559.867548][T16388] ? is_bad_inode+0xd/0x40 [ 559.867563][T16388] ? xattr_resolve_name+0x27d/0x3f0 [ 559.867582][T16388] ? vfs_getxattr_alloc+0xec/0x350 [ 559.867603][T16388] ? ima_get_hash_algo+0x22d/0x400 [ 559.867619][T16388] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 559.867640][T16388] ? process_measurement+0xe24/0x2400 [ 559.867662][T16388] process_measurement+0xe24/0x2400 [ 559.867685][T16388] ? path_openat+0x21dc/0x3120 [ 559.867702][T16388] ? __pfx_process_measurement+0x10/0x10 [ 559.867720][T16388] ? __lock_acquire+0x4a5/0x2630 [ 559.867786][T16388] ? __configfs_open_file+0x6ca/0x9c0 [ 559.867830][T16388] ? inode_to_bdi+0x9e/0x160 [ 559.867873][T16388] ima_file_check+0xca/0x110 [ 559.867906][T16388] ? __pfx_ima_file_check+0x10/0x10 [ 559.867947][T16388] security_file_post_open+0xc4/0x210 [ 559.867991][T16388] path_openat+0x1564/0x3120 [ 559.868037][T16388] ? __pfx_path_openat+0x10/0x10 [ 559.868083][T16388] do_filp_open+0x1f7/0x420 [ 559.868111][T16388] ? __pfx_do_filp_open+0x10/0x10 [ 559.868142][T16388] ? _raw_spin_unlock+0x28/0x50 [ 559.868158][T16388] ? alloc_fd+0x476/0x790 [ 559.868184][T16388] do_sys_openat2+0x12e/0x220 [ 559.868225][T16388] ? __pfx_do_sys_openat2+0x10/0x10 [ 559.868272][T16388] ? __fget_files+0x21f/0x3d0 [ 559.868311][T16388] __x64_sys_openat+0x12d/0x210 [ 559.868357][T16388] ? __pfx___x64_sys_openat+0x10/0x10 [ 559.868415][T16388] do_syscall_64+0xc9/0xf80 [ 559.868454][T16388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 559.868483][T16388] RIP: 0033:0x7fec0d79aeb9 [ 559.868506][T16388] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 559.868535][T16388] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 559.868555][T16388] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 559.868566][T16388] RDX: 0000000000040240 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 559.868577][T16388] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 559.868586][T16388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 559.868595][T16388] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 559.868616][T16388] [ 559.868644][T16388] audit: audit_lost=14 audit_rate_limit=0 audit_backlog_limit=64 [ 560.268425][T16388] audit: out of memory in audit_log_start [ 560.464810][T16399] FAULT_INJECTION: forcing a failure. [ 560.464810][T16399] name failslab, interval 1, probability 0, space 0, times 0 [ 560.478606][T16399] CPU: 1 UID: 0 PID: 16399 Comm: syz.3.2291 Tainted: G U L syzkaller #0 PREEMPT(full) [ 560.478654][T16399] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 560.478665][T16399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 560.478683][T16399] Call Trace: [ 560.478692][T16399] [ 560.478704][T16399] dump_stack_lvl+0x100/0x190 [ 560.478745][T16399] should_fail_ex.cold+0x5/0xa [ 560.478795][T16399] should_failslab+0xc2/0x120 [ 560.478837][T16399] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 560.478880][T16399] ? __alloc_skb+0x156/0x410 [ 560.478924][T16399] ? __alloc_skb+0x156/0x410 [ 560.478956][T16399] __alloc_skb+0x156/0x410 [ 560.478991][T16399] ? __alloc_skb+0x35d/0x410 [ 560.479030][T16399] ? __pfx___alloc_skb+0x10/0x10 [ 560.479066][T16399] ? rcu_is_watching+0x12/0xc0 [ 560.479096][T16399] ? trace_kmem_cache_alloc+0x10/0xb0 [ 560.479133][T16399] ? kmem_cache_alloc_noprof+0x2ff/0x780 [ 560.479170][T16399] ? audit_log_start+0x29d/0x930 [ 560.479209][T16399] ? lockdep_init_map_type+0x5c/0x250 [ 560.479280][T16399] audit_log_start+0x350/0x930 [ 560.479335][T16399] ? __pfx_audit_log_start+0x10/0x10 [ 560.479394][T16399] integrity_audit_message+0x10c/0x4f0 [ 560.479426][T16399] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 560.479474][T16399] ? __pfx_integrity_audit_message+0x10/0x10 [ 560.479509][T16399] ? take_dentry_name_snapshot+0x310/0x7c0 [ 560.479557][T16399] integrity_audit_msg+0x41/0x60 [ 560.479589][T16399] ima_collect_measurement+0x72a/0xa40 [ 560.479627][T16399] ? do_filp_open+0x1f7/0x420 [ 560.479670][T16399] ? __pfx_ima_collect_measurement+0x10/0x10 [ 560.479710][T16399] ? lock_acquire+0x17c/0x330 [ 560.479765][T16399] ? process_measurement+0x5cd/0x2400 [ 560.479796][T16399] ? is_bad_inode+0xd/0x40 [ 560.479823][T16399] ? xattr_resolve_name+0x27d/0x3f0 [ 560.479860][T16399] ? vfs_getxattr_alloc+0xec/0x350 [ 560.479900][T16399] ? ima_get_hash_algo+0x22d/0x400 [ 560.479931][T16399] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 560.479972][T16399] ? process_measurement+0xe24/0x2400 [ 560.480005][T16399] process_measurement+0xe24/0x2400 [ 560.480048][T16399] ? path_openat+0x21dc/0x3120 [ 560.480082][T16399] ? __pfx_process_measurement+0x10/0x10 [ 560.480114][T16399] ? __lock_acquire+0x4a5/0x2630 [ 560.480201][T16399] ? __configfs_open_file+0x6ca/0x9c0 [ 560.480245][T16399] ? inode_to_bdi+0x9e/0x160 [ 560.480288][T16399] ima_file_check+0xca/0x110 [ 560.480330][T16399] ? __pfx_ima_file_check+0x10/0x10 [ 560.480376][T16399] security_file_post_open+0xc4/0x210 [ 560.480420][T16399] path_openat+0x1564/0x3120 [ 560.480465][T16399] ? __pfx_path_openat+0x10/0x10 [ 560.480513][T16399] do_filp_open+0x1f7/0x420 [ 560.480551][T16399] ? __pfx_do_filp_open+0x10/0x10 [ 560.480612][T16399] ? _raw_spin_unlock+0x28/0x50 [ 560.480642][T16399] ? alloc_fd+0x476/0x790 [ 560.480684][T16399] do_sys_openat2+0x12e/0x220 [ 560.480729][T16399] ? __pfx_do_sys_openat2+0x10/0x10 [ 560.480777][T16399] ? __fget_files+0x21f/0x3d0 [ 560.480818][T16399] __x64_sys_openat+0x12d/0x210 [ 560.480861][T16399] ? __pfx___x64_sys_openat+0x10/0x10 [ 560.480904][T16399] ? xfd_validate_state+0x129/0x190 [ 560.480962][T16399] do_syscall_64+0xc9/0xf80 [ 560.481001][T16399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.481031][T16399] RIP: 0033:0x7fec0d79aeb9 [ 560.481054][T16399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 560.481082][T16399] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 560.481111][T16399] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 560.481131][T16399] RDX: 0000000000040240 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 560.481151][T16399] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 560.481170][T16399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 560.481187][T16399] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 560.481228][T16399] [ 560.481263][T16399] audit: audit_lost=15 audit_rate_limit=0 audit_backlog_limit=64 [ 560.883813][T16399] audit: out of memory in audit_log_start [ 561.003535][T16404] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 561.961585][T16423] FAULT_INJECTION: forcing a failure. [ 561.961585][T16423] name failslab, interval 1, probability 0, space 0, times 0 [ 561.975838][T16423] CPU: 0 UID: 0 PID: 16423 Comm: syz.3.2297 Tainted: G U L syzkaller #0 PREEMPT(full) [ 561.975866][T16423] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 561.975872][T16423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 561.975882][T16423] Call Trace: [ 561.975887][T16423] [ 561.975895][T16423] dump_stack_lvl+0x100/0x190 [ 561.975918][T16423] should_fail_ex.cold+0x5/0xa [ 561.975944][T16423] should_failslab+0xc2/0x120 [ 561.975965][T16423] __kmalloc_cache_noprof+0x80/0x810 [ 561.975982][T16423] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 561.976005][T16423] ? snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 561.976024][T16423] snd_pcm_oss_change_params_locked+0x247/0x39f0 [ 561.976047][T16423] ? __mutex_lock+0x26a/0x1b90 [ 561.976067][T16423] ? snd_pcm_oss_get_active_substream+0x153/0x1d0 [ 561.976086][T16423] ? lockdep_hardirqs_on+0x78/0x100 [ 561.976105][T16423] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 561.976125][T16423] ? __pfx___mutex_lock+0x10/0x10 [ 561.976144][T16423] ? tomoyo_path_number_perm+0x28f/0x580 [ 561.976173][T16423] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 561.976204][T16423] ? futex_wait+0x125/0x380 [ 561.976237][T16423] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 561.976281][T16423] snd_pcm_oss_get_formats+0x7d/0x350 [ 561.976316][T16423] ? do_vfs_ioctl+0x226/0x13e0 [ 561.976360][T16423] ? __pfx_snd_pcm_oss_get_formats+0x10/0x10 [ 561.976408][T16423] snd_pcm_oss_ioctl+0x1719/0x3720 [ 561.976467][T16423] ? find_held_lock+0x2b/0x80 [ 561.976496][T16423] ? hook_file_ioctl_common+0x146/0x410 [ 561.976543][T16423] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 561.976584][T16423] ? __fget_files+0x21f/0x3d0 [ 561.976621][T16423] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 561.976661][T16423] __x64_sys_ioctl+0x18e/0x210 [ 561.976710][T16423] do_syscall_64+0xc9/0xf80 [ 561.976748][T16423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 561.976779][T16423] RIP: 0033:0x7fec0d79aeb9 [ 561.976803][T16423] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 561.976832][T16423] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 561.976865][T16423] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 561.976885][T16423] RDX: 0000000000000000 RSI: 000000008004500b RDI: 0000000000000007 [ 561.976903][T16423] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 561.976921][T16423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 561.976937][T16423] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 561.976976][T16423] [ 563.723580][T16444] Process accounting paused [ 563.749699][ T7648] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 563.759799][ T7648] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 563.792740][ T7648] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 563.805592][ T7648] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 563.813624][ T7648] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 563.879699][T16476] FAULT_INJECTION: forcing a failure. [ 563.879699][T16476] name failslab, interval 1, probability 0, space 0, times 0 [ 563.896193][T16476] CPU: 0 UID: 0 PID: 16476 Comm: syz.3.2307 Tainted: G U L syzkaller #0 PREEMPT(full) [ 563.896238][T16476] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 563.896249][T16476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 563.896265][T16476] Call Trace: [ 563.896274][T16476] [ 563.896284][T16476] dump_stack_lvl+0x100/0x190 [ 563.896322][T16476] should_fail_ex.cold+0x5/0xa [ 563.896367][T16476] should_failslab+0xc2/0x120 [ 563.896413][T16476] kmem_cache_alloc_noprof+0x83/0x780 [ 563.896450][T16476] ? getname_flags.part.0+0x4c/0x540 [ 563.896493][T16476] ? getname_flags.part.0+0x4c/0x540 [ 563.896531][T16476] getname_flags.part.0+0x4c/0x540 [ 563.896573][T16476] getname_flags+0x93/0xf0 [ 563.896601][T16476] do_sys_openat2+0xc5/0x220 [ 563.896642][T16476] ? __pfx_do_sys_openat2+0x10/0x10 [ 563.896681][T16476] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 563.896721][T16476] ? __fget_files+0x21f/0x3d0 [ 563.896757][T16476] __x64_sys_openat+0x12d/0x210 [ 563.896798][T16476] ? __pfx___x64_sys_openat+0x10/0x10 [ 563.896833][T16476] ? ksys_write+0x1ac/0x250 [ 563.896869][T16476] do_syscall_64+0xc9/0xf80 [ 563.896895][T16476] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.896921][T16476] RIP: 0033:0x7fec0d79aeb9 [ 563.896943][T16476] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 563.896966][T16476] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 563.896993][T16476] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 563.897011][T16476] RDX: 0000000000048442 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 563.897028][T16476] RBP: 00007fec0e5fc090 R08: 0000000000000000 R09: 0000000000000000 [ 563.897044][T16476] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 563.897061][T16476] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 563.897098][T16476] [ 564.095149][ T7648] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 564.095185][ T7648] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 564.111786][ T7648] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 564.111845][ T7648] Bluetooth: hci0: adv larger than maximum supported [ 564.119231][ T7648] Bluetooth: hci0: adv larger than maximum supported [ 564.125976][ T7648] Bluetooth: hci0: Malformed LE Event: 0x0d [ 564.440973][T16470] chnl_net:caif_netlink_parms(): no params data found [ 564.784177][T16470] bridge0: port 1(bridge_slave_0) entered blocking state [ 564.791961][T16470] bridge0: port 1(bridge_slave_0) entered disabled state [ 564.818415][T16470] bridge_slave_0: entered allmulticast mode [ 564.825360][T16470] bridge_slave_0: entered promiscuous mode [ 564.875370][T16470] bridge0: port 2(bridge_slave_1) entered blocking state [ 564.928555][T16470] bridge0: port 2(bridge_slave_1) entered disabled state [ 564.938618][T16470] bridge_slave_1: entered allmulticast mode [ 564.969930][T16470] bridge_slave_1: entered promiscuous mode [ 565.036483][T16470] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 565.110147][T16470] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 565.222691][T16470] team0: Port device team_slave_0 added [ 565.306006][T16470] team0: Port device team_slave_1 added [ 565.348915][T16470] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 565.364335][T16470] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 565.393385][T16470] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 565.428806][T16470] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 565.444505][T16470] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 565.491084][T16470] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 565.627619][T16470] hsr_slave_0: entered promiscuous mode [ 565.636756][T16470] hsr_slave_1: entered promiscuous mode [ 565.643207][T16470] debugfs: 'hsr0' already exists in 'hsr' [ 565.649345][T16470] Cannot create hsr debugfs directory [ 565.841700][ T7792] Bluetooth: hci5: command tx timeout [ 566.254993][T16533] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2320'. [ 567.395067][ T30] audit: type=1800 audit(1843118367.270:37): pid=16571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2331" name="sr0" dev="tmpfs" ino=3473 res=0 errno=0 [ 567.464229][T16566] zswap: compressor not available [ 567.518543][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.524948][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.844798][ T30] audit: type=1800 audit(1843118367.722:38): pid=16579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2332" name="features" dev="configfs" ino=66001 res=0 errno=0 [ 567.912196][ T7792] Bluetooth: hci5: command tx timeout [ 568.207758][T16591] FAULT_INJECTION: forcing a failure. [ 568.207758][T16591] name failslab, interval 1, probability 0, space 0, times 0 [ 568.223279][T16591] CPU: 1 UID: 0 PID: 16591 Comm: syz.3.2336 Tainted: G U L syzkaller #0 PREEMPT(full) [ 568.223324][T16591] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 568.223335][T16591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 568.223352][T16591] Call Trace: [ 568.223361][T16591] [ 568.223372][T16591] dump_stack_lvl+0x100/0x190 [ 568.223410][T16591] should_fail_ex.cold+0x5/0xa [ 568.223455][T16591] should_failslab+0xc2/0x120 [ 568.223493][T16591] kmem_cache_alloc_noprof+0x83/0x780 [ 568.223530][T16591] ? alloc_empty_file+0x55/0x1c0 [ 568.223575][T16591] ? alloc_empty_file+0x55/0x1c0 [ 568.223612][T16591] alloc_empty_file+0x55/0x1c0 [ 568.223652][T16591] path_openat+0xe8/0x3120 [ 568.223682][T16591] ? getname_flags+0x93/0xf0 [ 568.223709][T16591] ? do_sys_openat2+0xc5/0x220 [ 568.223747][T16591] ? __x64_sys_openat+0x12d/0x210 [ 568.223793][T16591] ? do_syscall_64+0xc9/0xf80 [ 568.223824][T16591] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.223862][T16591] ? __pfx_path_openat+0x10/0x10 [ 568.223908][T16591] do_filp_open+0x1f7/0x420 [ 568.223944][T16591] ? __pfx_do_filp_open+0x10/0x10 [ 568.224002][T16591] ? _raw_spin_unlock+0x28/0x50 [ 568.224030][T16591] ? alloc_fd+0x476/0x790 [ 568.224071][T16591] do_sys_openat2+0x12e/0x220 [ 568.224111][T16591] ? __pfx_do_sys_openat2+0x10/0x10 [ 568.224150][T16591] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 568.224190][T16591] ? __fget_files+0x21f/0x3d0 [ 568.224227][T16591] __x64_sys_openat+0x12d/0x210 [ 568.224269][T16591] ? __pfx___x64_sys_openat+0x10/0x10 [ 568.224309][T16591] ? ksys_write+0x1ac/0x250 [ 568.224353][T16591] do_syscall_64+0xc9/0xf80 [ 568.224388][T16591] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.224416][T16591] RIP: 0033:0x7fec0d79aeb9 [ 568.224438][T16591] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 568.224466][T16591] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 568.224492][T16591] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 568.224512][T16591] RDX: 0000000000048442 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 568.224530][T16591] RBP: 00007fec0e5fc090 R08: 0000000000000000 R09: 0000000000000000 [ 568.224547][T16591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.224563][T16591] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 568.224601][T16591] [ 568.921969][T16607] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2340'. [ 569.362934][T16621] FAULT_INJECTION: forcing a failure. [ 569.362934][T16621] name failslab, interval 1, probability 0, space 0, times 0 [ 569.376031][T16621] CPU: 1 UID: 0 PID: 16621 Comm: syz.3.2343 Tainted: G U L syzkaller #0 PREEMPT(full) [ 569.376077][T16621] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 569.376089][T16621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 569.376105][T16621] Call Trace: [ 569.376115][T16621] [ 569.376125][T16621] dump_stack_lvl+0x100/0x190 [ 569.376164][T16621] should_fail_ex.cold+0x5/0xa [ 569.376209][T16621] should_failslab+0xc2/0x120 [ 569.376248][T16621] kmem_cache_alloc_noprof+0x83/0x780 [ 569.376284][T16621] ? security_file_alloc+0x34/0x2c0 [ 569.376334][T16621] ? security_file_alloc+0x34/0x2c0 [ 569.376375][T16621] security_file_alloc+0x34/0x2c0 [ 569.376418][T16621] init_file+0x93/0x4c0 [ 569.376457][T16621] alloc_empty_file+0x73/0x1c0 [ 569.376498][T16621] path_openat+0xe8/0x3120 [ 569.376528][T16621] ? getname_flags+0x93/0xf0 [ 569.376555][T16621] ? do_sys_openat2+0xc5/0x220 [ 569.376593][T16621] ? __x64_sys_openat+0x12d/0x210 [ 569.376632][T16621] ? do_syscall_64+0xc9/0xf80 [ 569.376663][T16621] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.376701][T16621] ? __pfx_path_openat+0x10/0x10 [ 569.376747][T16621] do_filp_open+0x1f7/0x420 [ 569.376788][T16621] ? __pfx_do_filp_open+0x10/0x10 [ 569.376845][T16621] ? _raw_spin_unlock+0x28/0x50 [ 569.376873][T16621] ? alloc_fd+0x476/0x790 [ 569.376915][T16621] do_sys_openat2+0x12e/0x220 [ 569.376956][T16621] ? __pfx_do_sys_openat2+0x10/0x10 [ 569.376996][T16621] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 569.377035][T16621] ? __fget_files+0x21f/0x3d0 [ 569.377071][T16621] __x64_sys_openat+0x12d/0x210 [ 569.377114][T16621] ? __pfx___x64_sys_openat+0x10/0x10 [ 569.377154][T16621] ? ksys_write+0x1ac/0x250 [ 569.377198][T16621] do_syscall_64+0xc9/0xf80 [ 569.377234][T16621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.377263][T16621] RIP: 0033:0x7fec0d79aeb9 [ 569.377285][T16621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 569.377314][T16621] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 569.377341][T16621] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 569.377361][T16621] RDX: 0000000000048442 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 569.377381][T16621] RBP: 00007fec0e5fc090 R08: 0000000000000000 R09: 0000000000000000 [ 569.377398][T16621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 569.377416][T16621] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 569.377455][T16621] [ 569.747868][T16628] FAULT_INJECTION: forcing a failure. [ 569.747868][T16628] name fail_futex, interval 1, probability 0, space 0, times 0 [ 569.772694][T16628] CPU: 0 UID: 0 PID: 16628 Comm: syz.3.2346 Tainted: G U L syzkaller #0 PREEMPT(full) [ 569.772746][T16628] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 569.772756][T16628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 569.772775][T16628] Call Trace: [ 569.772784][T16628] [ 569.772795][T16628] dump_stack_lvl+0x100/0x190 [ 569.772837][T16628] should_fail_ex.cold+0x5/0xa [ 569.772878][T16628] ? __lock_acquire+0x4a5/0x2630 [ 569.772919][T16628] get_futex_key+0x1d2/0x1620 [ 569.772961][T16628] ? __pfx_get_futex_key+0x10/0x10 [ 569.773009][T16628] ? update_se+0x93/0x700 [ 569.773057][T16628] futex_wait_setup+0x81/0x500 [ 569.773093][T16628] __futex_wait+0x19f/0x300 [ 569.773123][T16628] ? __pfx___futex_wait+0x10/0x10 [ 569.773148][T16628] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 569.773180][T16628] ? lockdep_hardirqs_on+0x78/0x100 [ 569.773218][T16628] ? __pfx_futex_wake_mark+0x10/0x10 [ 569.773270][T16628] ? find_held_lock+0x2b/0x80 [ 569.773298][T16628] ? futex_wake+0x456/0x530 [ 569.773351][T16628] futex_wait+0xed/0x380 [ 569.773380][T16628] ? __pfx_futex_wait+0x10/0x10 [ 569.773416][T16628] ? do_readv+0x214/0x340 [ 569.773454][T16628] do_futex+0x1ef/0x350 [ 569.773493][T16628] ? __pfx_do_futex+0x10/0x10 [ 569.773536][T16628] ? __fget_files+0x21f/0x3d0 [ 569.773572][T16628] __x64_sys_futex+0x34f/0x4d0 [ 569.773617][T16628] ? __pfx___x64_sys_futex+0x10/0x10 [ 569.773655][T16628] ? xfd_validate_state+0x129/0x190 [ 569.773712][T16628] do_syscall_64+0xc9/0xf80 [ 569.773749][T16628] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 569.773779][T16628] RIP: 0033:0x7fec0d79aeb9 [ 569.773803][T16628] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 569.773830][T16628] RSP: 002b:00007fec0e5fc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 569.773858][T16628] RAX: ffffffffffffffda RBX: 00007fec0da15fa8 RCX: 00007fec0d79aeb9 [ 569.773878][T16628] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fec0da15fa8 [ 569.773897][T16628] RBP: 00007fec0da15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 569.773915][T16628] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 569.773933][T16628] R13: 00007fec0da16038 R14: 00007ffd98d6a380 R15: 00007ffd98d6a468 [ 569.773971][T16628] [ 570.008443][ T7792] Bluetooth: hci5: command tx timeout [ 570.818387][ T30] audit: type=1800 audit(1843118370.696:39): pid=16646 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2350" name="features" dev="configfs" ino=66104 res=0 errno=0 [ 571.951333][ T7792] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 572.054299][ T7792] Bluetooth: hci5: command tx timeout [ 572.603014][T16680] futex_wake_op: syz.0.2358 tries to shift op by -1; fix this program [ 573.018005][T16697] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2364'. [ 573.784606][T16720] netlink: 314 bytes leftover after parsing attributes in process `syz.0.2370'. [ 576.782360][T16748] netlink: 314 bytes leftover after parsing attributes in process `syz.3.2377'. [ 578.840722][T16763] futex_wake_op: syz.3.2382 tries to shift op by -1; fix this program [ 582.212349][T16790] futex_wake_op: syz.3.2389 tries to shift op by -1; fix this program [ 584.265061][T16801] zswap: compressor not available [ 585.857962][T16812] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2394'. [ 586.317629][ T7648] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 586.327873][ T7648] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 586.336115][ T7648] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 586.343813][ T7648] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 586.352855][ T7648] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 586.915204][T16815] chnl_net:caif_netlink_parms(): no params data found [ 587.111736][T16815] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.126300][T16815] bridge0: port 1(bridge_slave_0) entered disabled state [ 587.152096][T16815] bridge_slave_0: entered allmulticast mode [ 587.159071][T16815] bridge_slave_0: entered promiscuous mode [ 587.178414][T16815] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.201388][T16815] bridge0: port 2(bridge_slave_1) entered disabled state [ 587.228366][T16815] bridge_slave_1: entered allmulticast mode [ 587.253323][T16815] bridge_slave_1: entered promiscuous mode [ 587.332791][T16815] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 587.354333][T16815] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 587.421847][T16815] team0: Port device team_slave_0 added [ 587.443021][T16815] team0: Port device team_slave_1 added [ 587.493137][T16815] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 587.518468][T16815] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 587.549714][T16815] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 587.581333][T16815] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 587.588511][T16815] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 587.615115][T16815] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 587.776251][T16815] hsr_slave_0: entered promiscuous mode [ 587.839737][T16815] hsr_slave_1: entered promiscuous mode [ 587.858432][T16815] debugfs: 'hsr0' already exists in 'hsr' [ 587.865655][T16815] Cannot create hsr debugfs directory [ 588.455403][ T7792] Bluetooth: hci6: command tx timeout [ 589.994252][ T7648] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 590.007421][ T7648] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 590.015424][ T7648] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 590.025615][ T7648] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 590.052357][ T7648] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 590.447953][T16857] netlink: 314 bytes leftover after parsing attributes in process `syz.3.2405'. [ 590.528694][ T7648] Bluetooth: hci6: command tx timeout [ 590.619944][T16847] chnl_net:caif_netlink_parms(): no params data found [ 590.801879][T16847] bridge0: port 1(bridge_slave_0) entered blocking state [ 590.831235][T16847] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.842198][T16847] bridge_slave_0: entered allmulticast mode [ 590.865902][T16847] bridge_slave_0: entered promiscuous mode [ 590.879011][T16847] bridge0: port 2(bridge_slave_1) entered blocking state [ 590.904010][T16847] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.917730][T16847] bridge_slave_1: entered allmulticast mode [ 590.935549][T16847] bridge_slave_1: entered promiscuous mode [ 591.000144][T16847] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 591.026789][T16847] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 591.084044][T16847] team0: Port device team_slave_0 added [ 591.092156][T16847] team0: Port device team_slave_1 added [ 591.139390][T16847] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 591.147649][T16847] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 591.175036][T16847] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 591.203512][T16847] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 591.211476][T16847] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 591.240391][T16847] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 591.347025][T16847] hsr_slave_0: entered promiscuous mode [ 591.355133][T16847] hsr_slave_1: entered promiscuous mode [ 591.362976][T16847] debugfs: 'hsr0' already exists in 'hsr' [ 591.368766][T16847] Cannot create hsr debugfs directory [ 592.118198][ T7648] Bluetooth: hci7: command tx timeout [ 592.601424][ T7648] Bluetooth: hci6: command tx timeout [ 594.188492][ T7648] Bluetooth: hci7: command tx timeout [ 594.669110][ T7648] Bluetooth: hci6: command tx timeout [ 595.961681][T16890] Process accounting resumed [ 596.258944][ T7648] Bluetooth: hci7: command tx timeout [ 597.229134][ T10] smpboot: CPU 1 is now offline [ 597.734445][T16901] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2414'. [ 597.762965][T16901] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2414'. [ 597.782505][T16901] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2414'. [ 597.801576][T16901] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2414'. [ 597.810726][T16901] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2414'. [ 597.843514][T16902] netlink: 306 bytes leftover after parsing attributes in process `syz.3.2414'. [ 597.861938][T16901] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2414'. [ 597.886148][T16901] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2414'. [ 597.911332][T16901] netlink: 338 bytes leftover after parsing attributes in process `syz.3.2414'. [ 598.329011][ T7648] Bluetooth: hci7: command tx timeout [ 599.945169][T16922] FAULT_INJECTION: forcing a failure. [ 599.945169][T16922] name failslab, interval 1, probability 0, space 0, times 0 [ 599.994224][T16922] CPU: 0 UID: 0 PID: 16922 Comm: syz.3.2418 Tainted: G U L syzkaller #0 PREEMPT(full) [ 599.994251][T16922] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 599.994257][T16922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 599.994267][T16922] Call Trace: [ 599.994273][T16922] [ 599.994279][T16922] dump_stack_lvl+0x100/0x190 [ 599.994302][T16922] should_fail_ex.cold+0x5/0xa [ 599.994328][T16922] should_failslab+0xc2/0x120 [ 599.994349][T16922] ? tomoyo_init_log+0x1224/0x20c0 [ 599.994363][T16922] __kmalloc_noprof+0xf6/0x9c0 [ 599.994378][T16922] ? from_kuid+0x8d/0xd0 [ 599.994393][T16922] ? __pfx_from_kuid+0x10/0x10 [ 599.994407][T16922] ? tomoyo_get_attributes+0x3b2/0x5e0 [ 599.994432][T16922] ? tomoyo_init_log+0x1224/0x20c0 [ 599.994445][T16922] tomoyo_init_log+0x1224/0x20c0 [ 599.994461][T16922] ? vsnprintf+0x4ee/0x1240 [ 599.994483][T16922] ? __pfx_tomoyo_init_log+0x10/0x10 [ 599.994498][T16922] ? tomoyo_profile+0x47/0x60 [ 599.994514][T16922] ? tomoyo_domain_quota_is_ok+0x367/0x580 [ 599.994539][T16922] tomoyo_supervisor+0x506/0x1340 [ 599.994560][T16922] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 599.994588][T16922] ? tomoyo_realpath_from_path+0x19c/0x690 [ 599.994613][T16922] tomoyo_path_number_perm+0x445/0x580 [ 599.994637][T16922] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 599.994679][T16922] ? current_check_access_path+0x27a/0x460 [ 599.994712][T16922] tomoyo_path_mknod+0x164/0x190 [ 599.994730][T16922] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 599.994749][T16922] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 599.994769][T16922] security_path_mknod+0x161/0x300 [ 599.994787][T16922] lookup_open.isra.0+0xc93/0x1890 [ 599.994807][T16922] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 599.994826][T16922] ? __pfx___might_resched+0x10/0x10 [ 599.994849][T16922] ? mnt_get_write_access+0x52/0x2f0 [ 599.994875][T16922] ? __pfx_down_write+0x10/0x10 [ 599.994894][T16922] ? mnt_get_write_access+0x1e9/0x2f0 [ 599.994924][T16922] path_openat+0x117d/0x3120 [ 599.994949][T16922] ? __pfx_path_openat+0x10/0x10 [ 599.994974][T16922] do_filp_open+0x1f7/0x420 [ 599.994993][T16922] ? __pfx_do_filp_open+0x10/0x10 [ 599.995017][T16922] ? __pfx_kfree_link+0x10/0x10 [ 599.995046][T16922] ? _raw_spin_unlock+0x28/0x50 [ 599.995061][T16922] ? alloc_fd+0x476/0x790 [ 599.995083][T16922] do_sys_openat2+0x12e/0x220 [ 599.995106][T16922] ? __pfx_do_sys_openat2+0x10/0x10 [ 599.995127][T16922] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 599.995149][T16922] ? __fget_files+0x21f/0x3d0 [ 599.995168][T16922] __x64_sys_openat+0x12d/0x210 [ 599.995191][T16922] ? __pfx___x64_sys_openat+0x10/0x10 [ 599.995213][T16922] ? ksys_write+0x1ac/0x250 [ 599.995237][T16922] do_syscall_64+0xc9/0xf80 [ 599.995257][T16922] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 599.995272][T16922] RIP: 0033:0x7fec0d79aeb9 [ 599.995286][T16922] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 599.995300][T16922] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 599.995316][T16922] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 599.995325][T16922] RDX: 0000000000048442 RSI: 00002000000002c0 RDI: ffffffffffffff9c [ 599.995335][T16922] RBP: 00007fec0e5fc090 R08: 0000000000000000 R09: 0000000000000000 [ 599.995344][T16922] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 599.995352][T16922] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 599.995372][T16922] [ 604.366461][T16955] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 605.517410][T16972] __vm_enough_memory: pid: 16972, comm: syz.3.2430, bytes: 4398046511104 not enough memory for the allocation [ 607.940659][T16997] openvswitch: netlink: Message has 8 unknown bytes. [ 610.776176][T17031] XFS: Clearing xfsstats [ 611.477525][T17038] FAULT_INJECTION: forcing a failure. [ 611.477525][T17038] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 611.765757][T17038] CPU: 0 UID: 0 PID: 17038 Comm: syz.3.2443 Tainted: G U L syzkaller #0 PREEMPT(full) [ 611.765786][T17038] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 611.765792][T17038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 611.765802][T17038] Call Trace: [ 611.765807][T17038] [ 611.765814][T17038] dump_stack_lvl+0x100/0x190 [ 611.765837][T17038] should_fail_ex.cold+0x5/0xa [ 611.765862][T17038] _copy_from_user+0x2e/0xd0 [ 611.765886][T17038] __x64_sys_mq_notify+0xde/0x170 [ 611.765913][T17038] ? __pfx___x64_sys_mq_notify+0x10/0x10 [ 611.765938][T17038] ? rcu_is_watching+0x12/0xc0 [ 611.765955][T17038] do_syscall_64+0xc9/0xf80 [ 611.765975][T17038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.765990][T17038] RIP: 0033:0x7fec0d79aeb9 [ 611.766003][T17038] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 611.766017][T17038] RSP: 002b:00007fec0e578028 EFLAGS: 00000246 ORIG_RAX: 00000000000000f4 [ 611.766033][T17038] RAX: ffffffffffffffda RBX: 00007fec0da16360 RCX: 00007fec0d79aeb9 [ 611.766043][T17038] RDX: 0000000000000000 RSI: 00002000000010c0 RDI: 00000000000000b9 [ 611.766052][T17038] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 611.766061][T17038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 611.766069][T17038] R13: 00007fec0da163f8 R14: 00007fec0da16360 R15: 00007ffd98d6a468 [ 611.766088][T17038] [ 613.191537][T17067] FAULT_INJECTION: forcing a failure. [ 613.191537][T17067] name failslab, interval 1, probability 0, space 0, times 0 [ 613.220990][T17067] CPU: 0 UID: 0 PID: 17067 Comm: syz.3.2445 Tainted: G U L syzkaller #0 PREEMPT(full) [ 613.221017][T17067] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 613.221023][T17067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 613.221032][T17067] Call Trace: [ 613.221037][T17067] [ 613.221044][T17067] dump_stack_lvl+0x100/0x190 [ 613.221067][T17067] should_fail_ex.cold+0x5/0xa [ 613.221092][T17067] should_failslab+0xc2/0x120 [ 613.221113][T17067] ? tomoyo_encode2+0xfb/0x3c0 [ 613.221127][T17067] __kmalloc_noprof+0xf6/0x9c0 [ 613.221142][T17067] ? __pfx_tomoyo_get_local_path+0x10/0x10 [ 613.221157][T17067] ? tomoyo_realpath_from_path+0xb6/0x690 [ 613.221177][T17067] ? tomoyo_encode2+0xfb/0x3c0 [ 613.221190][T17067] tomoyo_encode2+0xfb/0x3c0 [ 613.221207][T17067] tomoyo_encode+0x29/0x50 [ 613.221221][T17067] tomoyo_realpath_from_path+0x18c/0x690 [ 613.221241][T17067] tomoyo_path_number_perm+0x23c/0x580 [ 613.221262][T17067] ? tomoyo_path_number_perm+0x22e/0x580 [ 613.221285][T17067] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 613.221326][T17067] ? current_check_access_path+0x27a/0x460 [ 613.221352][T17067] ? __pfx_current_check_access_path+0x10/0x10 [ 613.221381][T17067] tomoyo_path_mknod+0x164/0x190 [ 613.221399][T17067] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 613.221418][T17067] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 613.221437][T17067] security_path_mknod+0x161/0x300 [ 613.221454][T17067] lookup_open.isra.0+0xc93/0x1890 [ 613.221474][T17067] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 613.221493][T17067] ? __pfx___might_resched+0x10/0x10 [ 613.221516][T17067] ? mnt_get_write_access+0x52/0x2f0 [ 613.221542][T17067] ? __pfx_down_write+0x10/0x10 [ 613.221561][T17067] ? mnt_get_write_access+0x1e9/0x2f0 [ 613.221586][T17067] path_openat+0x117d/0x3120 [ 613.221611][T17067] ? __pfx_path_openat+0x10/0x10 [ 613.221635][T17067] do_filp_open+0x1f7/0x420 [ 613.221654][T17067] ? __pfx_do_filp_open+0x10/0x10 [ 613.221685][T17067] ? _raw_spin_unlock+0x28/0x50 [ 613.221701][T17067] ? alloc_fd+0x476/0x790 [ 613.221722][T17067] do_sys_openat2+0x12e/0x220 [ 613.221745][T17067] ? __pfx_do_sys_openat2+0x10/0x10 [ 613.221767][T17067] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 613.221788][T17067] ? __fget_files+0x21f/0x3d0 [ 613.221814][T17067] __x64_sys_openat+0x12d/0x210 [ 613.221838][T17067] ? __pfx___x64_sys_openat+0x10/0x10 [ 613.221859][T17067] ? ksys_write+0x1ac/0x250 [ 613.221883][T17067] do_syscall_64+0xc9/0xf80 [ 613.221903][T17067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.221919][T17067] RIP: 0033:0x7fec0d79aeb9 [ 613.221932][T17067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 613.221947][T17067] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 613.221962][T17067] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 613.221972][T17067] RDX: 0000000000040240 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 613.221981][T17067] RBP: 00007fec0e5fc090 R08: 0000000000000000 R09: 0000000000000000 [ 613.221991][T17067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 613.221999][T17067] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 613.222019][T17067] [ 613.222035][T17067] ERROR: Out of memory at tomoyo_realpath_from_path. [ 613.920558][ T30] audit: type=1800 audit(1843118414.009:40): pid=17067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2445" name="features" dev="configfs" ino=69844 res=0 errno=0 [ 616.857541][T17088] HfR: entered promiscuous mode [ 616.907438][T17088] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2449'. [ 616.951660][T17088] HfR: left promiscuous mode [ 617.223514][T17091] QAT: Stopping all acceleration devices. [ 617.245709][T17091] FAULT_INJECTION: forcing a failure. [ 617.245709][T17091] name failslab, interval 1, probability 0, space 0, times 0 [ 617.279937][T17091] CPU: 0 UID: 0 PID: 17091 Comm: syz.3.2450 Tainted: G U L syzkaller #0 PREEMPT(full) [ 617.279965][T17091] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 617.279971][T17091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 617.279979][T17091] Call Trace: [ 617.279985][T17091] [ 617.279991][T17091] dump_stack_lvl+0x100/0x190 [ 617.280014][T17091] should_fail_ex.cold+0x5/0xa [ 617.280039][T17091] should_failslab+0xc2/0x120 [ 617.280060][T17091] kmem_cache_alloc_noprof+0x83/0x780 [ 617.280079][T17091] ? __pfx_map_id_range_down+0x10/0x10 [ 617.280095][T17091] ? security_inode_alloc+0x3b/0x2c0 [ 617.280119][T17091] ? security_inode_alloc+0x3b/0x2c0 [ 617.280137][T17091] security_inode_alloc+0x3b/0x2c0 [ 617.280157][T17091] inode_init_always_gfp+0xced/0x1040 [ 617.280177][T17091] alloc_inode+0x8e/0x250 [ 617.280199][T17091] path_from_stashed+0x25b/0x750 [ 617.280216][T17091] ? do_raw_spin_unlock+0x145/0x1e0 [ 617.280242][T17091] ns_get_path+0x60/0x80 [ 617.280259][T17091] proc_ns_get_link+0x121/0x230 [ 617.280280][T17091] ? __pfx_proc_ns_get_link+0x10/0x10 [ 617.280302][T17091] ? atime_needs_update+0x8b/0x6b0 [ 617.280326][T17091] pick_link+0xd17/0x13c0 [ 617.280340][T17091] ? __pfx_proc_ns_get_link+0x10/0x10 [ 617.280362][T17091] step_into_slowpath+0x6c2/0xf50 [ 617.280381][T17091] ? __pfx_step_into_slowpath+0x10/0x10 [ 617.280396][T17091] ? find_held_lock+0x2b/0x80 [ 617.280416][T17091] path_openat+0xf95/0x3120 [ 617.280439][T17091] ? __pfx_path_openat+0x10/0x10 [ 617.280464][T17091] do_filp_open+0x1f7/0x420 [ 617.280483][T17091] ? __pfx_do_filp_open+0x10/0x10 [ 617.280513][T17091] ? _raw_spin_unlock+0x28/0x50 [ 617.280534][T17091] ? alloc_fd+0x476/0x790 [ 617.280557][T17091] do_sys_openat2+0x12e/0x220 [ 617.280580][T17091] ? __pfx_do_sys_openat2+0x10/0x10 [ 617.280604][T17091] ? __fget_files+0x21f/0x3d0 [ 617.280624][T17091] __x64_sys_openat+0x12d/0x210 [ 617.280647][T17091] ? __pfx___x64_sys_openat+0x10/0x10 [ 617.280669][T17091] ? xfd_validate_state+0x129/0x190 [ 617.280698][T17091] do_syscall_64+0xc9/0xf80 [ 617.280718][T17091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 617.280733][T17091] RIP: 0033:0x7fec0d75b78e [ 617.280746][T17091] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 617.280761][T17091] RSP: 002b:00007fec0e5fbec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 617.280776][T17091] RAX: ffffffffffffffda RBX: 00007fec0e5fc6c0 RCX: 00007fec0d75b78e [ 617.280787][T17091] RDX: 0000000000000002 RSI: 00007fec0e5fbf90 RDI: ffffffffffffff9c [ 617.280798][T17091] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 617.280807][T17091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 617.280816][T17091] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 617.280836][T17091] [ 618.246452][T17091] QAT: Invalid ioctl 21531 [ 618.426409][T17096] FAULT_INJECTION: forcing a failure. [ 618.426409][T17096] name failslab, interval 1, probability 0, space 0, times 0 [ 618.480031][T17096] CPU: 0 UID: 0 PID: 17096 Comm: syz.3.2451 Tainted: G U L syzkaller #0 PREEMPT(full) [ 618.480058][T17096] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 618.480064][T17096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 618.480073][T17096] Call Trace: [ 618.480078][T17096] [ 618.480085][T17096] dump_stack_lvl+0x100/0x190 [ 618.480108][T17096] should_fail_ex.cold+0x5/0xa [ 618.480134][T17096] should_failslab+0xc2/0x120 [ 618.480156][T17096] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 618.480176][T17096] ? __lock_acquire+0x4a5/0x2630 [ 618.480197][T17096] ? alloc_inode+0x183/0x250 [ 618.480222][T17096] ? alloc_inode+0x183/0x250 [ 618.480242][T17096] alloc_inode+0x183/0x250 [ 618.480263][T17096] new_inode+0x22/0x1c0 [ 618.480286][T17096] configfs_new_inode+0x24/0x4a0 [ 618.480310][T17096] configfs_create+0xd9/0x370 [ 618.480334][T17096] configfs_lookup+0x38f/0x780 [ 618.480359][T17096] ? __pfx_configfs_lookup+0x10/0x10 [ 618.480373][T17096] lookup_open.isra.0+0x486/0x1890 [ 618.480393][T17096] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 618.480412][T17096] ? __pfx___might_resched+0x10/0x10 [ 618.480435][T17096] ? mnt_get_write_access+0x52/0x2f0 [ 618.480461][T17096] ? __pfx_down_write+0x10/0x10 [ 618.480481][T17096] ? mnt_get_write_access+0x1e9/0x2f0 [ 618.480506][T17096] path_openat+0x117d/0x3120 [ 618.480530][T17096] ? __pfx_path_openat+0x10/0x10 [ 618.480555][T17096] do_filp_open+0x1f7/0x420 [ 618.480574][T17096] ? __pfx_do_filp_open+0x10/0x10 [ 618.480605][T17096] ? _raw_spin_unlock+0x28/0x50 [ 618.480619][T17096] ? alloc_fd+0x476/0x790 [ 618.480641][T17096] do_sys_openat2+0x12e/0x220 [ 618.480664][T17096] ? __pfx_do_sys_openat2+0x10/0x10 [ 618.480685][T17096] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 618.480707][T17096] ? __fget_files+0x21f/0x3d0 [ 618.480726][T17096] __x64_sys_openat+0x12d/0x210 [ 618.480749][T17096] ? __pfx___x64_sys_openat+0x10/0x10 [ 618.480771][T17096] ? ksys_write+0x1ac/0x250 [ 618.480794][T17096] do_syscall_64+0xc9/0xf80 [ 618.480813][T17096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 618.480829][T17096] RIP: 0033:0x7fec0d79aeb9 [ 618.480841][T17096] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 618.480855][T17096] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 618.480871][T17096] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 618.480880][T17096] RDX: 0000000000040240 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 618.480889][T17096] RBP: 00007fec0e5fc090 R08: 0000000000000000 R09: 0000000000000000 [ 618.480898][T17096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 618.480907][T17096] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 618.480926][T17096] [ 624.034086][ T7792] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 624.045144][ T7792] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 624.053885][ T7792] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 624.061656][ T7792] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 624.069171][ T7792] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 624.561512][T17145] chnl_net:caif_netlink_parms(): no params data found [ 624.840133][T17145] bridge0: port 1(bridge_slave_0) entered blocking state [ 624.859832][T17145] bridge0: port 1(bridge_slave_0) entered disabled state [ 624.895781][T17145] bridge_slave_0: entered allmulticast mode [ 624.911188][T17145] bridge_slave_0: entered promiscuous mode [ 624.928543][T17145] bridge0: port 2(bridge_slave_1) entered blocking state [ 624.943976][T17145] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.961275][T17145] bridge_slave_1: entered allmulticast mode [ 624.974935][T17145] bridge_slave_1: entered promiscuous mode [ 625.035518][T17145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 625.069369][T17145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 625.125384][T17145] team0: Port device team_slave_0 added [ 625.140881][T17145] team0: Port device team_slave_1 added [ 625.187270][T17145] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 625.202624][T17145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 625.258093][T17145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 625.283579][T17145] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 625.298168][T17145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 625.353473][T17145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 625.437876][T17145] hsr_slave_0: entered promiscuous mode [ 625.450872][T17145] hsr_slave_1: entered promiscuous mode [ 625.465773][T17145] debugfs: 'hsr0' already exists in 'hsr' [ 625.478690][T17145] Cannot create hsr debugfs directory [ 626.119093][ T7792] Bluetooth: hci8: command tx timeout [ 626.380644][T17161] Process accounting paused [ 626.537960][T17168] audit: audit_lost=16 audit_rate_limit=0 audit_backlog_limit=64 [ 626.545702][T17168] audit: out of memory in audit_log_start [ 627.396859][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 627.403322][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 627.984693][ T30] audit: type=1800 audit(1843118428.135:41): pid=17190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2469" name="lu_gp_id" dev="configfs" ino=70861 res=0 errno=0 [ 628.005671][T17190] kstrtoul() returned -22 for lu_gp_id [ 628.188922][ T7648] Bluetooth: hci8: command tx timeout [ 628.456248][T17193] zswap: compressor  not available [ 628.856593][T17200] FAULT_INJECTION: forcing a failure. [ 628.856593][T17200] name failslab, interval 1, probability 0, space 0, times 0 [ 628.904082][T17200] CPU: 0 UID: 0 PID: 17200 Comm: syz.3.2471 Tainted: G U L syzkaller #0 PREEMPT(full) [ 628.904111][T17200] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 628.904118][T17200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 628.904127][T17200] Call Trace: [ 628.904133][T17200] [ 628.904140][T17200] dump_stack_lvl+0x100/0x190 [ 628.904162][T17200] should_fail_ex.cold+0x5/0xa [ 628.904189][T17200] should_failslab+0xc2/0x120 [ 628.904209][T17200] ? vkms_crtc_atomic_check+0x388/0x800 [ 628.904231][T17200] __kmalloc_noprof+0xf6/0x9c0 [ 628.904252][T17200] ? vkms_crtc_atomic_check+0x388/0x800 [ 628.904273][T17200] vkms_crtc_atomic_check+0x388/0x800 [ 628.904299][T17200] ? __pfx_vkms_crtc_atomic_check+0x10/0x10 [ 628.904320][T17200] drm_atomic_helper_check_planes+0x4dc/0x900 [ 628.904345][T17200] drm_atomic_helper_check+0xae/0x190 [ 628.904366][T17200] vkms_atomic_check+0x1d9/0x250 [ 628.904383][T17200] ? __pfx_vkms_atomic_check+0x10/0x10 [ 628.904402][T17200] drm_atomic_check_only+0x19ea/0x31b0 [ 628.904431][T17200] drm_atomic_commit+0x132/0x300 [ 628.904449][T17200] ? __pfx_drm_atomic_commit+0x10/0x10 [ 628.904467][T17200] ? __pfx___drm_printfn_info+0x10/0x10 [ 628.904493][T17200] ? drm_client_rotation+0x451/0x6a0 [ 628.904516][T17200] drm_client_modeset_commit_atomic+0x6a6/0x7e0 [ 628.904544][T17200] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 628.904585][T17200] drm_client_modeset_commit_locked+0x14d/0x580 [ 628.904610][T17200] drm_client_modeset_commit+0x4f/0x80 [ 628.904631][T17200] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 628.904655][T17200] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 628.904678][T17200] drm_fbdev_client_restore+0x1b/0x30 [ 628.904695][T17200] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 628.904712][T17200] drm_client_dev_restore+0x205/0x2a0 [ 628.904736][T17200] drm_release+0x2c6/0x360 [ 628.904755][T17200] ? __pfx_drm_release+0x10/0x10 [ 628.904774][T17200] __fput+0x3ff/0xb40 [ 628.904799][T17200] task_work_run+0x150/0x240 [ 628.904822][T17200] ? __pfx_task_work_run+0x10/0x10 [ 628.904851][T17200] exit_to_user_mode_loop+0x100/0x4b0 [ 628.904872][T17200] ? rcu_is_watching+0x12/0xc0 [ 628.904888][T17200] do_syscall_64+0x4ea/0xf80 [ 628.904917][T17200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.904933][T17200] RIP: 0033:0x7fec0d79aeb9 [ 628.904947][T17200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 628.904962][T17200] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 628.904978][T17200] RAX: 0000000000000000 RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 628.904988][T17200] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 628.904997][T17200] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 628.905007][T17200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 628.905016][T17200] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 628.905037][T17200] [ 630.259068][T16473] Bluetooth: hci8: command tx timeout [ 630.747601][T16473] Bluetooth: hci4: command 0x0406 tx timeout [ 630.977024][T17221] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2475'. [ 630.997154][T17221] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2475'. [ 631.161118][T17225] __vm_enough_memory: pid: 17225, comm: syz.3.2476, bytes: 4398046511104 not enough memory for the allocation [ 632.330800][ T7648] Bluetooth: hci8: command tx timeout [ 633.090146][T17235] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2478'. [ 633.566127][T17245] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2480'. [ 633.601907][T17243] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2480'. [ 633.976860][ T30] audit: type=1800 audit(1843118434.153:42): pid=17250 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2481" name="lu_gp_id" dev="configfs" ino=71296 res=0 errno=0 [ 634.011526][T17250] kstrtoul() returned -22 for lu_gp_id [ 635.969474][T17263] ima: policy update failed [ 635.986588][ T30] audit: type=1802 audit(1843118436.182:43): pid=17263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.2484" res=0 errno=0 [ 636.742356][T17271] futex_wake_op: syz.3.2486 tries to shift op by -1; fix this program [ 637.795057][T17284] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2490'. [ 639.630473][T17303] zswap: compressor not available [ 641.738496][T17327] zswap: compressor not available [ 643.693289][T17342] FAULT_INJECTION: forcing a failure. [ 643.693289][T17342] name failslab, interval 1, probability 0, space 0, times 0 [ 643.725680][T17342] CPU: 0 UID: 0 PID: 17342 Comm: syz.3.2505 Tainted: G U L syzkaller #0 PREEMPT(full) [ 643.725716][T17342] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 643.725722][T17342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 643.725731][T17342] Call Trace: [ 643.725738][T17342] [ 643.725744][T17342] dump_stack_lvl+0x100/0x190 [ 643.725769][T17342] should_fail_ex.cold+0x5/0xa [ 643.725795][T17342] should_failslab+0xc2/0x120 [ 643.725817][T17342] __kmalloc_cache_noprof+0x80/0x810 [ 643.725834][T17342] ? proc_thread_self_get_link+0x1a6/0x210 [ 643.725859][T17342] ? proc_thread_self_get_link+0x1a6/0x210 [ 643.725880][T17342] proc_thread_self_get_link+0x1a6/0x210 [ 643.725902][T17342] pick_link+0xac2/0x13c0 [ 643.725916][T17342] ? link_path_walk+0xf28/0x1cc0 [ 643.725930][T17342] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 643.725955][T17342] step_into_slowpath+0x6c2/0xf50 [ 643.725974][T17342] ? __pfx_step_into_slowpath+0x10/0x10 [ 643.725992][T17342] ? lookup_fast+0x2da/0x600 [ 643.726005][T17342] ? inode_permission+0x374/0x630 [ 643.726029][T17342] link_path_walk+0xf28/0x1cc0 [ 643.726050][T17342] path_openat+0x1be/0x3120 [ 643.726067][T17342] ? getname_flags+0x93/0xf0 [ 643.726080][T17342] ? do_sys_openat2+0xc5/0x220 [ 643.726101][T17342] ? __x64_sys_openat+0x12d/0x210 [ 643.726122][T17342] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.726143][T17342] ? __pfx_path_openat+0x10/0x10 [ 643.726168][T17342] do_filp_open+0x1f7/0x420 [ 643.726187][T17342] ? __pfx_do_filp_open+0x10/0x10 [ 643.726217][T17342] ? _raw_spin_unlock+0x28/0x50 [ 643.726232][T17342] ? alloc_fd+0x476/0x790 [ 643.726255][T17342] do_sys_openat2+0x12e/0x220 [ 643.726277][T17342] ? __pfx_do_sys_openat2+0x10/0x10 [ 643.726306][T17342] __x64_sys_openat+0x12d/0x210 [ 643.726328][T17342] ? __pfx___x64_sys_openat+0x10/0x10 [ 643.726350][T17342] ? xfd_validate_state+0x129/0x190 [ 643.726379][T17342] do_syscall_64+0xc9/0xf80 [ 643.726399][T17342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 643.726414][T17342] RIP: 0033:0x7fec0d79aeb9 [ 643.726427][T17342] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 643.726441][T17342] RSP: 002b:00007fec0e5fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 643.726457][T17342] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79aeb9 [ 643.726467][T17342] RDX: 0000000000000802 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 643.726477][T17342] RBP: 00007fec0d808c1f R08: 0000000000000000 R09: 0000000000000000 [ 643.726486][T17342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 643.726495][T17342] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 643.726515][T17342] [ 644.009966][T17342] FAULT_INJECTION: forcing a failure. [ 644.009966][T17342] name failslab, interval 1, probability 0, space 0, times 0 [ 644.022636][T17342] CPU: 0 UID: 0 PID: 17342 Comm: syz.3.2505 Tainted: G U L syzkaller #0 PREEMPT(full) [ 644.022664][T17342] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 644.022670][T17342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 644.022680][T17342] Call Trace: [ 644.022686][T17342] [ 644.022697][T17342] dump_stack_lvl+0x100/0x190 [ 644.022720][T17342] should_fail_ex.cold+0x5/0xa [ 644.022746][T17342] should_failslab+0xc2/0x120 [ 644.022768][T17342] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 644.022789][T17342] ? __pfx_css_rstat_updated+0x10/0x10 [ 644.022807][T17342] ? sock_alloc_inode+0x25/0x1c0 [ 644.022826][T17342] ? __pfx_sock_alloc_inode+0x10/0x10 [ 644.022841][T17342] ? sock_alloc_inode+0x25/0x1c0 [ 644.022855][T17342] sock_alloc_inode+0x25/0x1c0 [ 644.022870][T17342] alloc_inode+0x68/0x250 [ 644.022893][T17342] sock_alloc+0x44/0x280 [ 644.022905][T17342] ? security_socket_create+0x7f/0x250 [ 644.022926][T17342] __sock_create+0xc2/0x860 [ 644.022946][T17342] __sys_socket+0x14d/0x260 [ 644.022964][T17342] ? __pfx___sys_socket+0x10/0x10 [ 644.022983][T17342] ? do_user_addr_fault+0x8d6/0x12f0 [ 644.023002][T17342] __x64_sys_socket+0x72/0xb0 [ 644.023018][T17342] ? lockdep_hardirqs_on+0x78/0x100 [ 644.023036][T17342] do_syscall_64+0xc9/0xf80 [ 644.023055][T17342] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 644.023071][T17342] RIP: 0033:0x7fec0d79c747 [ 644.023085][T17342] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 644.023099][T17342] RSP: 002b:00007fec0e5faf98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 644.023114][T17342] RAX: ffffffffffffffda RBX: 00007fec0da15fa0 RCX: 00007fec0d79c747 [ 644.023124][T17342] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 644.023134][T17342] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 644.023143][T17342] R10: 0000200000000080 R11: 0000000000000286 R12: 0000000000000000 [ 644.023153][T17342] R13: 00007fec0da16038 R14: 00007fec0da15fa0 R15: 00007ffd98d6a468 [ 644.023173][T17342] [ 644.023188][T17342] socket: no more sockets [ 645.717916][T17354] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2508'. [ 645.776142][T17354] hsr_slave_0: left promiscuous mode [ 645.824040][T17354] hsr_slave_1: left promiscuous mode [ 646.603010][T16473] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 646.614511][T16473] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 646.622316][T16473] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 646.629911][T16473] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 646.642021][T16473] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 647.129156][T17373] chnl_net:caif_netlink_parms(): no params data found [ 647.412305][T17373] bridge0: port 1(bridge_slave_0) entered blocking state [ 647.457183][T17373] bridge0: port 1(bridge_slave_0) entered disabled state [ 647.483808][T17373] bridge_slave_0: entered allmulticast mode [ 647.529141][T17373] bridge_slave_0: entered promiscuous mode [ 647.547103][T17373] bridge0: port 2(bridge_slave_1) entered blocking state [ 647.588351][T17373] bridge0: port 2(bridge_slave_1) entered disabled state [ 647.637424][T17373] bridge_slave_1: entered allmulticast mode [ 647.644507][T17373] bridge_slave_1: entered promiscuous mode [ 647.759757][T17373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 647.808655][T17373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 647.900588][T17373] team0: Port device team_slave_0 added [ 647.928179][T17373] team0: Port device team_slave_1 added [ 647.997730][T17373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 648.025408][T17373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 648.095051][T17373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 648.136234][T17373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 648.143179][T17373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 648.244314][T17373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 648.364251][T17373] hsr_slave_0: entered promiscuous mode [ 648.374228][T17373] hsr_slave_1: entered promiscuous mode [ 648.403647][T17373] debugfs: 'hsr0' already exists in 'hsr' [ 648.422485][T17373] Cannot create hsr debugfs directory [ 648.732318][T16473] Bluetooth: hci9: command tx timeout [ 649.864661][ T7792] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 649.876066][ T7792] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 649.886176][ T7792] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 649.893870][ T7792] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 649.901792][ T7792] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 650.172233][T17397] chnl_net:caif_netlink_parms(): no params data found [ 650.297628][T17397] bridge0: port 1(bridge_slave_0) entered blocking state [ 650.316169][T17397] bridge0: port 1(bridge_slave_0) entered disabled state [ 650.325806][T17397] bridge_slave_0: entered allmulticast mode [ 650.343203][T17397] bridge_slave_0: entered promiscuous mode [ 650.356670][T17397] bridge0: port 2(bridge_slave_1) entered blocking state [ 650.363822][T17397] bridge0: port 2(bridge_slave_1) entered disabled state [ 650.384513][T17397] bridge_slave_1: entered allmulticast mode [ 650.394266][T17397] bridge_slave_1: entered promiscuous mode [ 650.447606][T17397] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 650.475326][T17397] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 650.535865][T17397] team0: Port device team_slave_0 added [ 650.547994][T17397] team0: Port device team_slave_1 added [ 650.595587][T17397] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 650.602532][T17397] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 650.672905][T17397] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 650.694216][T17397] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 650.701147][T17397] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 650.772403][T17397] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 650.802442][ T7648] Bluetooth: hci9: command tx timeout [ 650.847958][T17397] hsr_slave_0: entered promiscuous mode [ 650.865060][T17397] hsr_slave_1: entered promiscuous mode [ 650.872552][T17397] debugfs: 'hsr0' already exists in 'hsr' [ 650.878269][T17397] Cannot create hsr debugfs directory [ 651.128837][T16473] Bluetooth: hci1: command 0x0406 tx timeout [ 651.996829][T16473] Bluetooth: hci10: command tx timeout [ 652.872639][T16473] Bluetooth: hci9: command tx timeout [ 654.067030][T16473] Bluetooth: hci10: command tx timeout [ 654.943640][T16473] Bluetooth: hci9: command tx timeout [ 656.137266][T16473] Bluetooth: hci10: command tx timeout [ 658.207551][T16473] Bluetooth: hci10: command tx timeout [ 661.253960][ T5830] Process accounting resumed [ 661.465337][ T7648] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 661.477443][ T7648] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 661.487036][ T7648] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 661.497686][ T7648] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 661.505538][ T7648] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 661.764288][T17410] chnl_net:caif_netlink_parms(): no params data found [ 661.895567][T17410] bridge0: port 1(bridge_slave_0) entered blocking state [ 661.920316][T17410] bridge0: port 1(bridge_slave_0) entered disabled state [ 661.927512][T17410] bridge_slave_0: entered allmulticast mode [ 661.950450][T17410] bridge_slave_0: entered promiscuous mode [ 661.959075][T17410] bridge0: port 2(bridge_slave_1) entered blocking state [ 661.979914][T17410] bridge0: port 2(bridge_slave_1) entered disabled state [ 661.987100][T17410] bridge_slave_1: entered allmulticast mode [ 662.010778][T17410] bridge_slave_1: entered promiscuous mode [ 662.064366][T17410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 662.091958][T17410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 662.140678][T17410] team0: Port device team_slave_0 added [ 662.161098][T17410] team0: Port device team_slave_1 added [ 662.209240][T17410] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 662.216190][T17410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 662.278596][T17410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 662.309828][T17410] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 662.316773][T17410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 662.378009][T17410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 662.451931][T17410] hsr_slave_0: entered promiscuous mode [ 662.468337][T17410] hsr_slave_1: entered promiscuous mode [ 662.487938][T17410] debugfs: 'hsr0' already exists in 'hsr' [ 662.493662][T17410] Cannot create hsr debugfs directory [ 663.542433][ T7648] Bluetooth: hci11: command tx timeout [ 665.612759][ T7648] Bluetooth: hci11: command tx timeout [ 667.682968][ T7648] Bluetooth: hci11: command tx timeout [ 669.753244][ T7648] Bluetooth: hci11: command tx timeout [ 673.894169][ T31] INFO: task syz-executor:15196 blocked for more than 143 seconds. [ 673.902079][ T31] Tainted: G U L syzkaller #0 [ 673.923675][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 673.932342][ T31] task:syz-executor state:D stack:23992 pid:15196 tgid:15196 ppid:1 task_flags:0x480140 flags:0x00080002 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 673.963003][ T31] Call Trace: [ 673.976807][ T31] [ 673.979745][ T31] ? __schedule+0xf65/0x5e10 [ 674.013388][ T31] __schedule+0xfe4/0x5e10 [ 674.017816][ T31] ? __lock_acquire+0x4a5/0x2630 [ 674.022758][ T31] ? __pfx___schedule+0x10/0x10 [ 674.048212][ T31] ? find_held_lock+0x2b/0x80 [ 674.052902][ T31] ? schedule+0x2bf/0x390 [ 674.117783][ T31] schedule+0xdd/0x390 [ 674.121873][ T31] schedule_timeout+0x1b2/0x280 [ 674.150338][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 674.162493][ T31] ? mark_held_locks+0x40/0x70 [ 674.167604][ T31] __wait_for_common+0x2e7/0x4c0 [ 674.182927][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 674.188308][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 674.204505][ T31] remove_one+0x312/0x420 [ 674.208844][ T31] ? find_next_child+0x18f/0x280 [ 674.222445][ T31] __simple_recursive_removal+0x148/0x5c0 [ 674.228162][ T31] ? __pfx_remove_one+0x10/0x10 [ 674.252134][ T31] debugfs_remove+0x5d/0x80 [ 674.256646][ T31] nsim_dev_health_exit+0x3b/0xe0 [ 674.261656][ T31] nsim_dev_reload_destroy+0x144/0x4a0 [ 674.281931][ T31] nsim_drv_remove+0x52/0x1e0 [ 674.286620][ T31] ? __pfx_nsim_bus_remove+0x10/0x10 [ 674.313415][ T31] device_remove+0xcb/0x180 [ 674.318023][ T31] device_release_driver_internal+0x42e/0x600 [ 674.331756][ T31] bus_remove_device+0x22f/0x440 [ 674.336699][ T31] device_del+0x376/0x9b0 [ 674.341018][ T31] ? __pfx_device_del+0x10/0x10 [ 674.361570][ T31] ? __lock_acquire+0x4a5/0x2630 [ 674.366515][ T31] device_unregister+0x1d/0xe0 [ 674.381471][ T31] del_device_store+0x346/0x480 [ 674.386331][ T31] ? __pfx_del_device_store+0x10/0x10 [ 674.401490][ T31] ? find_held_lock+0x2b/0x80 [ 674.406166][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 674.423034][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 674.427892][ T31] ? __pfx_del_device_store+0x10/0x10 [ 674.441169][ T31] bus_attr_store+0x74/0xb0 [ 674.445678][ T31] ? __pfx_bus_attr_store+0x10/0x10 [ 674.450866][ T31] sysfs_kf_write+0xf2/0x150 [ 674.471151][ T31] kernfs_fop_write_iter+0x3e0/0x5f0 [ 674.481108][ T31] ? __pfx_sysfs_kf_write+0x10/0x10 [ 674.486308][ T31] vfs_write+0x6ac/0x1070 [ 674.490627][ T31] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 674.520949][ T31] ? __pfx_vfs_write+0x10/0x10 [ 674.525724][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 674.540729][ T31] ksys_write+0x12a/0x250 [ 674.545065][ T31] ? __pfx_ksys_write+0x10/0x10 [ 674.549907][ T31] do_syscall_64+0xc9/0xf80 [ 674.570637][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.577102][ T31] RIP: 0033:0x7f2a4895b78e [ 674.590538][ T31] RSP: 002b:00007fffef538808 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 674.598947][ T31] RAX: ffffffffffffffda RBX: 000055557b792500 RCX: 00007f2a4895b78e [ 674.620564][ T31] RDX: 0000000000000001 RSI: 00007fffef538890 RDI: 0000000000000005 [ 674.628534][ T31] RBP: 00007f2a48a08a88 R08: 0000000000000000 R09: 0000000000000000 [ 674.660171][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 674.668141][ T31] R13: 00007fffef538890 R14: 00007f2a49744620 R15: 0000000000000003 [ 674.690432][ T31] [ 674.700047][ T31] INFO: task syz.1.2042:15327 blocked for more than 144 seconds. [ 674.717481][ T31] Tainted: G U L syzkaller #0 [ 674.739782][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 674.748439][ T31] task:syz.1.2042 state:D stack:28744 pid:15327 tgid:15325 ppid:5829 task_flags:0x400140 flags:0x00080002 [ 674.778360][ T31] Call Trace: [ 674.782158][ T31] [ 674.785082][ T31] ? __schedule+0xf65/0x5e10 [ 674.799733][ T31] __schedule+0xfe4/0x5e10 [ 674.809569][ T31] ? __lock_acquire+0x4a5/0x2630 [ 674.814525][ T31] ? __pfx___schedule+0x10/0x10 [ 674.829495][ T31] ? find_held_lock+0x2b/0x80 [ 674.834172][ T31] ? schedule+0x2bf/0x390 [ 674.838499][ T31] schedule+0xdd/0x390 [ 674.859259][ T31] schedule_preempt_disabled+0x13/0x30 [ 674.864716][ T31] __mutex_lock+0xc9a/0x1b90 [ 674.879739][ T31] ? devlink_health_report+0x62b/0xa80 [ 674.899100][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 674.904127][ T31] ? devlink_recover_notify.constprop.0+0x4d7/0x670 [ 674.918991][ T31] ? devlink_recover_notify.constprop.0+0x200/0x670 [ 674.925589][ T31] ? devlink_health_report+0x62b/0xa80 [ 674.939055][ T31] devlink_health_report+0x62b/0xa80 [ 674.944341][ T31] ? __pfx_devlink_health_report+0x10/0x10 [ 674.968697][ T31] ? _copy_from_user+0x59/0xd0 [ 674.973472][ T31] nsim_dev_health_break_write+0x166/0x210 [ 674.988602][ T31] ? __pfx_nsim_dev_health_break_write+0x10/0x10 [ 674.994936][ T31] full_proxy_write+0x135/0x1a0 [ 675.009391][ T31] vfs_write+0x2aa/0x1070 [ 675.013727][ T31] ? __pfx_full_proxy_write+0x10/0x10 [ 675.038407][ T31] ? __pfx_vfs_write+0x10/0x10 [ 675.043172][ T31] ? find_held_lock+0x2b/0x80 [ 675.047834][ T31] ? __fget_files+0x215/0x3d0 [ 675.058584][ T31] ? __fget_files+0x21f/0x3d0 [ 675.063261][ T31] ksys_write+0x12a/0x250 [ 675.067579][ T31] ? __pfx_ksys_write+0x10/0x10 [ 675.090354][ T31] do_syscall_64+0xc9/0xf80 [ 675.094866][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.118025][ T31] RIP: 0033:0x7fbfa4f9aeb9 [ 675.122442][ T31] RSP: 002b:00007fbfa5e64028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 675.147914][ T31] RAX: ffffffffffffffda RBX: 00007fbfa5215fa0 RCX: 00007fbfa4f9aeb9 [ 675.155887][ T31] RDX: 00000000000001e1 RSI: 0000200000000080 RDI: 0000000000000004 [ 675.177742][ T31] RBP: 00007fbfa5008c1f R08: 0000000000000000 R09: 0000000000000000 [ 675.199372][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 675.207344][ T31] R13: 00007fbfa5216038 R14: 00007fbfa5215fa0 R15: 00007ffdce86d3f8 [ 675.227537][ T31] [ 675.230634][ T31] INFO: task syz-executor:15657 blocked for more than 144 seconds. [ 675.248937][ T31] Tainted: G U L syzkaller #0 [ 675.255438][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 675.287279][ T31] task:syz-executor state:D stack:24040 pid:15657 tgid:15657 ppid:1 task_flags:0x400140 flags:0x00080002 [ 675.308892][ T31] Call Trace: [ 675.312173][ T31] [ 675.333889][ T31] ? __schedule+0xf65/0x5e10 [ 675.338742][ T31] __schedule+0xfe4/0x5e10 [ 675.343155][ T31] ? __lock_acquire+0x4a5/0x2630 [ 675.357139][ T31] ? __pfx___schedule+0x10/0x10 [ 675.362020][ T31] ? find_held_lock+0x2b/0x80 [ 675.366688][ T31] ? schedule+0x2bf/0x390 [ 675.386824][ T31] schedule+0xdd/0x390 [ 675.391552][ T31] schedule_preempt_disabled+0x13/0x30 [ 675.406932][ T31] __mutex_lock+0xc9a/0x1b90 [ 675.415669][ T31] ? __pfx_vsscanf+0x10/0x10 [ 675.426748][ T31] ? del_device_store+0xd1/0x480 [ 675.431707][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 675.446887][ T31] ? __pfx_sscanf+0x10/0x10 [ 675.451398][ T31] ? __lock_acquire+0x4a5/0x2630 [ 675.456323][ T31] ? __lock_acquire+0x4a5/0x2630 [ 675.476338][ T31] ? del_device_store+0xd1/0x480 [ 675.481280][ T31] del_device_store+0xd1/0x480 [ 675.486037][ T31] ? __pfx_del_device_store+0x10/0x10 [ 675.506223][ T31] ? find_held_lock+0x2b/0x80 [ 675.510902][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 675.515738][ T31] ? sysfs_file_kobj+0xe4/0x290 [ 675.546052][ T31] ? __pfx_del_device_store+0x10/0x10 [ 675.551441][ T31] bus_attr_store+0x74/0xb0 [ 675.566240][ T31] ? __pfx_bus_attr_store+0x10/0x10 [ 675.571444][ T31] sysfs_kf_write+0xf2/0x150 [ 675.585916][ T31] kernfs_fop_write_iter+0x3e0/0x5f0 [ 675.591216][ T31] ? __pfx_sysfs_kf_write+0x10/0x10 [ 675.605785][ T31] vfs_write+0x6ac/0x1070 [ 675.610126][ T31] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 675.625668][ T31] ? __pfx_vfs_write+0x10/0x10 [ 675.630438][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 675.645894][ T31] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 675.652329][ T31] ksys_write+0x12a/0x250 [ 675.665970][ T31] ? __pfx_ksys_write+0x10/0x10 [ 675.670826][ T31] ? do_user_addr_fault+0x8d6/0x12f0 [ 675.695431][ T31] do_syscall_64+0xc9/0xf80 [ 675.700447][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 675.715189][ T31] RIP: 0033:0x7fcbe595b78e [ 675.719596][ T31] RSP: 002b:00007ffed4027128 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 675.735299][ T31] RAX: ffffffffffffffda RBX: 000055557265a500 RCX: 00007fcbe595b78e [ 675.743268][ T31] RDX: 0000000000000001 RSI: 00007ffed40271b0 RDI: 0000000000000005 [ 675.775095][ T31] RBP: 00007fcbe5a08a88 R08: 0000000000000000 R09: 0000000000000000 [ 675.783070][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 675.805460][ T31] R13: 00007ffed40271b0 R14: 00007fcbe6744620 R15: 0000000000000003 [ 675.813448][ T31] [ 675.834708][ T31] [ 675.834708][ T31] Showing all locks held in the system: [ 675.842423][ T31] 1 lock held by khungtaskd/31: [ 675.854862][ T31] #0: ffffffff8e5e3120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 675.875104][ T31] 7 locks held by syz-executor/15196: [ 675.880466][ T31] #0: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 675.904424][ T31] #1: ffff888033d39488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 675.914179][ T31] #2: ffff888028974968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 675.944273][ T31] #3: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 675.975448][ T31] #4: ffff8880788840e8 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xaa/0x600 [ 675.993963][ T31] #5: ffff888078885250 (&devlink->lock_key#4){+.+.}-{4:4}, at: nsim_drv_remove+0x4a/0x1e0 [ 676.013838][ T31] #6: ffff88804cd22988 (&sb->s_type->i_mutex_key#9/2){+.+.}-{4:4}, at: __simple_recursive_removal+0xe0/0x5c0 [ 676.033850][ T31] 3 locks held by syz.1.2042/15327: [ 676.039040][ T31] #0: ffff888033cfeef8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 676.063586][ T31] #1: ffff88801f6b2420 (sb_writers#8){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 676.072594][ T31] #2: ffff888078885250 (&devlink->lock_key#4){+.+.}-{4:4}, at: devlink_health_report+0x62b/0xa80 [ 676.113388][ T31] 4 locks held by syz-executor/15657: [ 676.118764][ T31] #0: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 676.143237][ T31] #1: ffff88805ab09888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 676.152996][ T31] #2: ffff888028974968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 676.183057][ T31] #3: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 676.205343][ T31] 4 locks held by syz-executor/16470: [ 676.211027][ T31] #0: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 676.230991][ T31] #1: ffff88805cc9cc88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 676.252795][ T31] #2: ffff888028974968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 676.272723][ T31] #3: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 676.292825][ T31] 1 lock held by syz.0.2373/16731: [ 676.297932][ T31] 4 locks held by syz-executor/16815: [ 676.322476][ T31] #0: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 676.331467][ T31] #1: ffff8880356a4088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 676.369667][ T31] #2: ffff888028974968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 676.382210][ T31] #3: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 676.402459][ T31] 4 locks held by syz-executor/16847: [ 676.407826][ T31] #0: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 676.434860][ T31] #1: ffff88801f366488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 676.461735][ T31] #2: ffff888028974968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 676.481636][ T31] #3: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 676.501591][ T31] 4 locks held by syz-executor/17145: [ 676.506951][ T31] #0: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 676.532962][ T31] #1: ffff8880337a6c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 676.551290][ T31] #2: ffff888028974968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 676.571183][ T31] #3: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 676.591092][ T31] 5 locks held by syz.3.2509/17368: [ 676.596281][ T31] #0: ffff888076675b38 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2aa/0x380 [ 676.621099][ T31] #1: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: do_writev+0x13e/0x340 [ 676.629991][ T31] #2: ffff88805c5c7888 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 676.660790][ T31] #3: ffff888028974878 (kn->active#53){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 676.690697][ T31] #4: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: new_device_store+0xfe/0x700 [ 676.710577][ T31] 4 locks held by syz-executor/17373: [ 676.716593][ T31] #0: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 676.740838][ T31] #1: ffff888036235c88 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 676.762258][ T31] #2: ffff888028974968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 676.780185][ T31] #3: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 676.800095][ T31] 4 locks held by syz-executor/17397: [ 676.805455][ T31] #0: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 676.830016][ T31] #1: ffff88804c40a488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 676.839765][ T31] #2: ffff888028974968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 676.871590][ T31] #3: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 676.899620][ T31] 4 locks held by syz-executor/17410: [ 676.904989][ T31] #0: ffff88803541a420 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 676.929562][ T31] #1: ffff888059c7a088 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x2c2/0x5f0 [ 676.939313][ T31] #2: ffff888028974968 (kn->active#52){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x332/0x5f0 [ 676.969517][ T31] #3: ffffffff8f94fdc8 (nsim_bus_dev_list_lock){+.+.}-{4:4}, at: del_device_store+0xd1/0x480 [ 676.989313][ T31] [ 676.991638][ T31] ============================================= [ 676.991638][ T31] [ 677.012363][ T31] NMI backtrace for cpu 0 [ 677.012379][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 677.012402][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 677.012408][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 677.012417][ T31] Call Trace: [ 677.012423][ T31] [ 677.012429][ T31] dump_stack_lvl+0x100/0x190 [ 677.012456][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 677.012477][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 677.012501][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 677.012527][ T31] sys_info+0x141/0x190 [ 677.012546][ T31] watchdog+0xcc3/0xfe0 [ 677.012567][ T31] ? __pfx_watchdog+0x10/0x10 [ 677.012583][ T31] ? __kthread_parkme+0x18c/0x230 [ 677.012602][ T31] ? __pfx_watchdog+0x10/0x10 [ 677.012618][ T31] ? __pfx_watchdog+0x10/0x10 [ 677.012632][ T31] kthread+0x3b3/0x730 [ 677.012654][ T31] ? __pfx_kthread+0x10/0x10 [ 677.012673][ T31] ? ret_from_fork+0x79/0xaf0 [ 677.012687][ T31] ? ret_from_fork+0x79/0xaf0 [ 677.012701][ T31] ? rcu_is_watching+0x12/0xc0 [ 677.012715][ T31] ? __pfx_kthread+0x10/0x10 [ 677.012737][ T31] ret_from_fork+0x754/0xaf0 [ 677.012751][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 677.012767][ T31] ? __switch_to+0x7b9/0x10c0 [ 677.012786][ T31] ? __pfx_kthread+0x10/0x10 [ 677.012807][ T31] ret_from_fork_asm+0x1a/0x30 [ 677.012837][ T31] [ 677.307784][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 677.314645][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 677.325302][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 677.330471][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 677.340504][ T31] Call Trace: [ 677.343774][ T31] [ 677.346691][ T31] dump_stack_lvl+0x100/0x190 [ 677.351357][ T31] vpanic+0x20d/0x630 [ 677.355320][ T31] panic+0xd1/0xd1 [ 677.359020][ T31] ? __pfx_panic+0x10/0x10 [ 677.363418][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 677.369565][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 677.375705][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 677.381847][ T31] ? watchdog.cold+0x198/0x1ca [ 677.386594][ T31] ? watchdog+0xcd3/0xfe0 [ 677.390908][ T31] watchdog.cold+0x1a9/0x1ca [ 677.395485][ T31] ? __pfx_watchdog+0x10/0x10 [ 677.400142][ T31] ? __kthread_parkme+0x18c/0x230 [ 677.405152][ T31] ? __pfx_watchdog+0x10/0x10 [ 677.409817][ T31] ? __pfx_watchdog+0x10/0x10 [ 677.414473][ T31] kthread+0x3b3/0x730 [ 677.418531][ T31] ? __pfx_kthread+0x10/0x10 [ 677.423109][ T31] ? ret_from_fork+0x79/0xaf0 [ 677.427767][ T31] ? ret_from_fork+0x79/0xaf0 [ 677.432432][ T31] ? rcu_is_watching+0x12/0xc0 [ 677.437177][ T31] ? __pfx_kthread+0x10/0x10 [ 677.441755][ T31] ret_from_fork+0x754/0xaf0 [ 677.446327][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 677.451422][ T31] ? __switch_to+0x7b9/0x10c0 [ 677.456084][ T31] ? __pfx_kthread+0x10/0x10 [ 677.460662][ T31] ret_from_fork_asm+0x1a/0x30 [ 677.465431][ T31] [ 677.468485][ T31] Kernel Offset: disabled [ 677.472794][ T31] Rebooting in 86400 seconds..