last executing test programs: 6m37.942178418s ago: executing program 2 (id=4812): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="1b0026bd7400fddbdf250300000004000800100003800c0009"], 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00211459a600fbdbdf250200"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="180027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 6m37.556263077s ago: executing program 2 (id=4816): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) 6m35.487702825s ago: executing program 2 (id=4824): madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/005/001\x00', 0x100, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x5, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) write$auto(0x6, 0x0, 0x100000001) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 6m34.439023712s ago: executing program 2 (id=4832): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 6m34.086716709s ago: executing program 2 (id=4835): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4188aea7, &(0x7f00000000c0)={0x2, 0x0, [{0x0, 0x9, 0x1}]}) 6m33.610345977s ago: executing program 2 (id=4836): sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x40000) openat$auto_ext4_dir_operations_ext4(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci4/power\x00', 0x20100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0xfffffffd, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f2, 0x24) 6m33.262104807s ago: executing program 32 (id=4836): sendmsg$auto_NL80211_CMD_ABORT_SCAN(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x4}, 0x40000) openat$auto_ext4_dir_operations_ext4(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci4/power\x00', 0x20100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0xfffffffd, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f2, 0x24) 6m22.264830372s ago: executing program 3 (id=4902): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x1, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x5e30523b26a2a748, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty19\x00', 0x800, 0x0) ioctl$auto(r1, 0x4b62, r0) r2 = socket(0x11, 0x3, 0x80000000) setsockopt$auto(r2, 0x107, 0x12, 0x0, 0x8) 6m21.856901972s ago: executing program 3 (id=4905): openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r0, 0x540a, 0x0) unshare$auto(0x40000080) read$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffffff, 0x0, 0x0) r1 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r1, &(0x7f0000000040)=""/4096, 0xfffffe82) 6m20.297003108s ago: executing program 3 (id=4912): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x40000) recvmmsg$auto(r0, 0x0, 0x10a, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) ioctl$auto(0x3, 0x800005411, 0x38) 6m19.216331054s ago: executing program 3 (id=4918): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ocfs2/max_locking_protocol\x00', 0xa2500, 0x0) socket(0xa, 0x2, 0x3a) setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) pread64$auto(r0, 0x0, 0x8, 0x6) 6m18.181741124s ago: executing program 3 (id=4924): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 6m17.772943907s ago: executing program 3 (id=4925): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x700001c) 6m2.427469394s ago: executing program 33 (id=4925): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x700001c) 3m6.218087716s ago: executing program 1 (id=6377): statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0xb267, 0x759, 0x5, 0x81, 0x1ffde, 0x7, 0xfffffffffffffffd, 0x8, 0x9, 0x80003, 0x4, 0x200000000005, 0x384, 0x9, 0xb14, 0x10006, 0x4000083, 0x7, 0x0, 0xe, 0x21ff9, 0x200, 0x0, 0x84, 0x0, 0x0, 0x3, 0x0, 0xac79, [0x0, 0x7, 0x0, 0x25c3, 0x0, 0x0, 0x2000000000, 0x0, 0x0, 0x0, 0x3, 0x3, 0x0, 0x0, 0x80000000, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x40000000000004ac, 0x100000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x196fc46e, 0x2, 0xffffffffffffdfff, 0x0, 0x80000001, 0x0, 0x40000000000, 0x4, 0x0, 0x101, 0x0, 0x0, 0xffffffffffdffffd]}, 0x1fa, 0x11) r0 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000000), 0x28002, 0x0) r1 = openat$auto_ftrace_event_format_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/tracing/events/vmalloc/alloc_vmap_area/format\x00', 0x40, 0x0) pread64$auto(r1, &(0x7f0000000300)='/sys/kernel/tracing/events/vmalloc/allop_area/format\x00\x00\x00\x00\x00\x00\x0f:\xe23j\xb2\x93\x99\r\x02\xd0f\x87Wz\x1b\xc7\x9f\x0f7\xe8\x94\xac(,\x03\x03\xff\xc4*o\xcbf\xe4\x8a\x10\xf3\x7fA\x02:Y\xcf\x1b\x8e\x91%\x00\xf9\xff6\xa6\\\x80\x0f\xfa\xd4\xec\xa6\x0e\x1c,\'\\Aq\xae\x8e\x9c_ \x0f\v\xd3\xcb\xe4\"\xf2\x95\x8e\xc0q\x03;\x16\x84apq\xb4\x88o\xe2\x8c\xb2\xbf\x18z\xee\x8f\x05\x84\xdb\xcbP\xfa\xcec\xa4\xec\xd3\xa9[\x91xV\xd5g\xdf)\xfbJ\xaeNI\x13o\xb8\x98\xc9\x06yP>N\xe7\xf4e\xc2\x97\x02_\xeaV\xc9Vk\xaff\v\xc7\x7f\xdc\xd4\xca\xcf\x94\xb6\x1dK\xc0\xdd\x83w\xe0\x8dx\f\x17>\xa1\riQ\xb7\x03=1\xb7\xed\x1e&t\xffHx>\xc9\xac\x17/\x16\x92y\x87\xc6\x90\x8c\xcb\x86H5\n\xa2\xe8\x03\x92\xc3\xa9\xfb\x9eh\xec\xa9\x8d\xb80\x86\xa6\xa5\xd4I\xfe\xc6]F\xbe\xa0\xda\xa2\x13\xc6\xfb\xe6\xee\xf4Z,\x10\x10C0\x8b\xfd\xfb\xee\x93\x125\xfe\xc4z\"\xc6=Z\xacM\x14\x8f?w\x88S;eNL\xcd.(\xccT\xfaI\a\x1c\xb5\x8d\xf8\xccd\x1f\x1b\xb48\xb1\xbc\xfb\x13f\xa5\xd2\xfb\x17\xff\xe8\xd9\b3\x95\xa7\x85\xb1\x98\xd0\xcf\xbf=\xf7\xd0q1\b\xd2|\xc1B\xcc#5', 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$auto(0x3, 0xc08c5335, 0x38) ioctl$auto__ctl_fops_dm_ioctl(r0, 0xfffffff7effffd05, &(0x7f00000001c0)) 3m6.007223384s ago: executing program 1 (id=6382): openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xc0380, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) sendmsg$auto_IPVS_CMD_FLUSH(r1, &(0x7f00000024c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000026c0)={0x14, r2, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}}, 0x4000000) ioctl$auto(0x3, 0xc008ae67, 0x38) 3m5.778670676s ago: executing program 1 (id=6385): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) unshare$auto(0x40000080) unshare$auto(0x40000080) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x81, 0x8000000000001, 0xa}, 0xb, 0x0) landlock_restrict_self$auto(r0, 0x8) 3m4.753136178s ago: executing program 1 (id=6388): r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x8, 0x4000000000df, 0x40eb1, 0xffffffffffffffff, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x5, 0x1, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) recvmmsg$auto(r0, 0x0, 0xfffffe0c, 0x8e0, 0x0) 3m3.787005479s ago: executing program 1 (id=6397): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop13\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0x0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) 3m1.861335412s ago: executing program 1 (id=6405): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/wchan\x00', 0xc8400, 0x0) read$auto_proc_single_file_operations_base(r2, &(0x7f0000000080)=""/112, 0x70) acct$auto(&(0x7f0000000380)='/sys/kernel/debug/kcov\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x3071c0, 0x0) r3 = eventfd$auto(0xf) r4 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x800, 0x0) sendfile$auto(r4, r3, 0x0, 0x4) 2m46.404179609s ago: executing program 34 (id=6405): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r0) sendmsg$auto_NFSD_CMD_LISTENER_SET(r0, &(0x7f00000050c0)={0x0, 0x0, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/wchan\x00', 0xc8400, 0x0) read$auto_proc_single_file_operations_base(r2, &(0x7f0000000080)=""/112, 0x70) acct$auto(&(0x7f0000000380)='/sys/kernel/debug/kcov\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x3071c0, 0x0) r3 = eventfd$auto(0xf) r4 = openat$auto_ftrace_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/enable\x00', 0x800, 0x0) sendfile$auto(r4, r3, 0x0, 0x4) 2m40.23701353s ago: executing program 6 (id=6471): openat$auto_hsr_node_table_fops_(0xffffffffffffff9c, 0x0, 0x861c2, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001040)='/sys/devices/platform/vhci_hcd.14/usb37/37-0:1.0/usb37-port5/power/control\x00', 0x6700, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000000c0)=""/73, 0x49) mmap$auto(0x0, 0x3000c, 0x4000000000df, 0x4000eb1, 0x401, 0x10000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0xe, 0x940, 0x1ffde, 0x8, 0x2000000000000006, 0x2, 0x9, 0x5, 0xfffffffffffffffe, 0x7, 0xb0, 0x7, 0x2, 0x3, 0x5, 0x7, 0x0, 0x6, 0x0, 0x0, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40]}, 0x1fe, 0x81) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\'', @ANYRES16, @ANYBLOB="000226bd7000fedbdf25040000000600060009000800000000040000000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a0005000180c200000e00000a0001000000000000000000080004001400000008000300050000000a00"], 0x6c}, 0x1, 0x0, 0x0, 0x4040840}, 0x44890) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40400c4) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2m39.908930687s ago: executing program 6 (id=6475): socket(0x15, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x100, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = socket(0x23, 0x80805, 0x0) bind$auto(r1, &(0x7f0000000000)=@in={0x2, 0x4e22, @remote}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x22100, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x37, 0xa, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x7, 0x3, 0x800, 0x80000023, 0x200000000000007, 0x6d42, 0xc, 0x2495dae0, 0x6]}, 0x0) 2m38.900617956s ago: executing program 6 (id=6478): unshare$auto(0x40000080) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x80903, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(0x3, 0x0, 0xfffffdef) mmap$auto(0x0, 0xc, 0x9c0f, 0x44eb2, 0xffffffffffffffff, 0x300000020000) 2m37.308401252s ago: executing program 6 (id=6488): openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x2000000000000000, 0x1, 0x31ae, 0x100000009b74, 0x2, 0x7ffe) mmap$auto(0x0, 0x100000000010000, 0xe0, 0x11, 0xffffffffffffffff, 0x28000) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket(0x10, 0x2, 0x0) bpf$auto(0xff, &(0x7f00000004c0)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x4, 0x5, 0xffffffffffffffff, @relative_id=0x4, 0x5}, 0x3fc) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x700, &(0x7f0000000100)={&(0x7f0000000580), 0xfc2}, 0x2, &(0x7f0000000000), 0x7, 0xa502}, 0x803}, 0x4, 0x8) 2m36.304200137s ago: executing program 6 (id=6493): ioctl$auto_SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0xf, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) lseek$auto(r0, 0x9, 0x0) getdents$auto(r0, 0x0, 0x62d4) r1 = socket(0x2, 0x5, 0x0) getsockopt$auto(r1, 0x84, 0x84, 0x0, &(0x7f00000000c0)=0x10008) 2m35.991373604s ago: executing program 6 (id=6496): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0xa, 0x5, 0x0) open(0x0, 0x22240, 0x154) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) fcntl$auto(0x3, 0x4, 0xa553) 2m20.872654473s ago: executing program 35 (id=6496): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0xa, 0x5, 0x0) open(0x0, 0x22240, 0x154) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) fcntl$auto(0x3, 0x4, 0xa553) 1m12.201074343s ago: executing program 5 (id=6975): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(0x3, 0x0, 0x5c8) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000040)={0x2, 0x0, [{0x8f, 0x400, 0x9}]}) 1m11.773949402s ago: executing program 5 (id=6978): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000003b40)={'xfrm0\x00', 0x0}) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r3, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r3) read$auto(r3, &(0x7f0000000040)='nl80211\x00', 0xbe62) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030000020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0005"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r2], 0x1ac}}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 1m11.580024294s ago: executing program 5 (id=6981): mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x4, 0x0, 0x7fff, 0x1}, 0x80000b}, 0x5, 0x20000000) 1m10.858626169s ago: executing program 5 (id=6982): close_range$auto(0x2, 0x8, 0x0) socket(0x22, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) socket(0x10, 0x2, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x161500, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) statx$auto(0xffffff9c, 0x0, 0x1000, 0x1, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0x4080aea2, 0x0) 1m10.390904463s ago: executing program 5 (id=6985): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x80000000}, 0x4) sysfs$auto(0x2, 0x23, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = clone$auto(0xc9, 0x8, 0x0, 0x0, 0x4) setpriority$auto_PRIO_PGRP(0x1, r1, 0x1) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000440)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06\x00', &(0x7f0000000140)='nfsd\x00', 0x1010000, 0x0) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xa8, 0x0, 0x4ad, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_STA_FLAGS={0x1f, 0x11, 0x0, 0x1, [@nested={0x8, 0x15b, 0x0, 0x1, [@nested={0x4, 0xb6}]}, @typed={0x8, 0xda, 0x0, 0x0, @u32=0x8}, @generic="96180a0004803ed3a6dbd3"]}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_PREV_BSSID={0x42, 0x4f, "9f9280ed1c78479ffd958f90174962132b228acbc993133193ac7e9d0bcc42a65482c33130075848370819b777b80bcda981f53c1b1b193141aaf9fdf99c"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x9a}, @NL80211_ATTR_WDEV={0xc, 0x99, 0x4}, @NL80211_ATTR_MBSSID_CONFIG={0x14, 0x132, 0x0, 0x1, [@NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES={0x5, 0x1, 0x9}, @NL80211_MBSSID_CONFIG_ATTR_EMA={0x4}, @NL80211_MBSSID_CONFIG_ATTR_EMA={0x4}]}, @NL80211_ATTR_REG_INDOOR={0x4}]}, 0xa8}, 0x1, 0x0, 0x0, 0x40}, 0x44) 1m9.170884794s ago: executing program 5 (id=6990): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) getsockname$auto(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}, 0x3}}, 0x0) sysfs$auto(0x2, 0x1f, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x101d0, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 55.364517526s ago: executing program 4 (id=7063): madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2020009, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x67f00, 0x0) io_uring_setup$auto(0x0, 0x0) ioctl$auto_BLKPG2(0xffffffffffffffff, 0x1269, 0x0) clock_settime$auto(0x2, 0x0) r0 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r0, 0x0, 0x8fb5) dup2$auto(0x0, 0x3) ioctl$auto(0x3, 0x541b, 0x10000000000402) 54.927481953s ago: executing program 4 (id=7067): mmap$auto(0x0, 0x5db, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) waitid$auto(0x3, r0, 0x0, 0x2, &(0x7f00000001c0)={{0x2, 0x3}, {0x7, 0xc}, 0xf5, 0x75, 0x8, 0x9c7, 0x6, 0x1, 0x3, 0x4, 0x1ca, 0x9, 0x2, 0x6, 0x80000001}) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x480, 0x0) mmap$auto(0x0, 0x400000, 0x7, 0x19b72, 0x5, 0x9000) r1 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x5, &(0x7f0000000200)=@iter_create={r1, 0x7fff}, 0x1ff) 54.834103576s ago: executing program 4 (id=7068): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x2, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20008841) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x2, 0x0) 54.191121206s ago: executing program 4 (id=7071): mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) close_range$auto(0x0, 0xffffffffffffffff, 0x2) getcwd$auto(0x0, 0xffffffffffffffff) fanotify_init$auto(0xc00, 0x2000000000002) r0 = open(&(0x7f0000000000)='./file1\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r0, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) socket(0xa, 0x5, 0x0) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0xe6e) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x20600, 0x0) 54.032265542s ago: executing program 4 (id=7072): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x80000000}, 0x4) sysfs$auto(0x2, 0x23, 0x0) r0 = fsopen$auto(0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = clone$auto(0xc9, 0x8, 0x0, 0x0, 0x4) setpriority$auto_PRIO_PGRP(0x1, r1, 0x1) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000440)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06\x00', &(0x7f0000000140)='nfsd\x00', 0x1010000, 0x0) sendmsg$auto_NL80211_CMD_SET_NOACK_MAP(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0xa8, 0x0, 0x4ad, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_STA_FLAGS={0x1f, 0x11, 0x0, 0x1, [@nested={0x8, 0x15b, 0x0, 0x1, [@nested={0x4, 0xb6}]}, @typed={0x8, 0xda, 0x0, 0x0, @u32=0x8}, @generic="96180a0004803ed3a6dbd3"]}, @NL80211_ATTR_USE_RRM={0x4}, @NL80211_ATTR_PREV_BSSID={0x42, 0x4f, "9f9280ed1c78479ffd958f90174962132b228acbc993133193ac7e9d0bcc42a65482c33130075848370819b777b80bcda981f53c1b1b193141aaf9fdf99c"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x9a}, @NL80211_ATTR_WDEV={0xc, 0x99, 0x4}, @NL80211_ATTR_MBSSID_CONFIG={0x14, 0x132, 0x0, 0x1, [@NL80211_MBSSID_CONFIG_ATTR_MAX_INTERFACES={0x5, 0x1, 0x9}, @NL80211_MBSSID_CONFIG_ATTR_EMA={0x4}, @NL80211_MBSSID_CONFIG_ATTR_EMA={0x4}]}, @NL80211_ATTR_REG_INDOOR={0x4}]}, 0xa8}, 0x1, 0x0, 0x0, 0x40}, 0x44) 53.9832723s ago: executing program 36 (id=6990): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) getsockname$auto(0xffffffffffffffff, &(0x7f0000000000)=@tipc=@name={0x1e, 0x2, 0x3, {{0x42, 0x2}, 0x3}}, 0x0) sysfs$auto(0x2, 0x1f, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x101d0, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 52.424375661s ago: executing program 4 (id=7078): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x14) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x5, 0x84) r0 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x101b00, 0x0) unshare$auto(0x40000080) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) 36.735074066s ago: executing program 37 (id=7078): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x10, 0x2, 0x14) socket(0x10, 0x2, 0x0) socket(0x10, 0x2, 0x0) socket(0xa, 0x5, 0x84) r0 = openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f0000000000), 0x101b00, 0x0) unshare$auto(0x40000080) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) 6.205082577s ago: executing program 8 (id=7262): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) mmap$auto(0x0, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x1e, 0x1, 0x0) getsockname$auto(r0, &(0x7f0000000000), &(0x7f0000000040)=0x3) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 4.646338326s ago: executing program 8 (id=7269): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x40000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) r2 = socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010337bd7000ffdbdf25100000000c0001"], 0x20}, 0x1, 0x0, 0x0, 0x40010}, 0x80000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) r3 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x4000050) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 4.412918449s ago: executing program 8 (id=7272): sendmsg$auto_IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, 0x0, 0x20000881) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x17a0, 0x6) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000100)="93eed63fdb4bc288c530daf216af22890fa6687cf5d5f1439f6abd8b3df58b967c75f5fcdb0b581f3fd8080000004e949cc0ce385abf3c3d01006dce8a6061abb1b21cc9eda60e652f5f9a3a46f157e6ff3ca0df7c033557d1b7070000008da465d015c64047c2", 0x1000) 4.288439488s ago: executing program 0 (id=7273): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x40000, 0x0) setreuid$auto(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0) socket(0xa, 0x801, 0x84) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace\x00', 0x2, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) statx$auto(0xffffff9c, 0x0, 0x1000, 0x803, 0x0) r2 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) ioctl$auto(r2, 0x3b8e, r1) close_range$auto(r0, 0x8, 0x0) 4.23494935s ago: executing program 7 (id=7274): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) prctl$auto(0x3e, 0x11, 0x0, 0x20000000000001, 0x0) getsockopt$auto_SO_SELECT_ERR_QUEUE(0xffffffffffffffff, 0x3, 0x2d, &(0x7f0000000040)='/dev/mISDNtimer\x00', &(0x7f00000000c0)=0x8) r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x18b803, 0x0) ioctl$auto_IMADDTIMER(r0, 0x80044940, &(0x7f0000000000)=0x1) madvise$auto(0x101, 0x8, 0x9) ioctl$auto_IMADDTIMER(r0, 0x80044940, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.676956456s ago: executing program 0 (id=7275): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x80000, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket(0x11, 0x3, 0x9) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x201, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000240)={0x0, 0x81, 0x5b, 0x4, 0x0, 0x4000006, 0x401, 0x5, @number_of_packets=0x86c9, 0x9, 0x476, 0x0}) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/mnt\x00') listmount$auto(&(0x7f0000000100)={0x20, @inferred=r0, 0x8000000000, 0xfffffffffffffff7}, 0x0, 0x0, 0x1) 3.530639667s ago: executing program 9 (id=7276): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) bind$auto(0x4, 0xfffffffffffffffe, 0x0) write$auto(0x3, 0x0, 0xfdef) read$auto(0x4, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) 3.225609869s ago: executing program 0 (id=7277): socket(0x28, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_adj\x00', 0x48402, 0x0) read$auto(r0, 0x0, 0x7) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, 0x0, 0x81) bpf$auto(0x0, 0x0, 0x6f4) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000a80)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x40000, 0x0) epoll_create$auto(0x3e) arch_prctl$auto_ARCH_REQ_XCOMP_GUEST_PERM(0x1025, 0xfffffffffffffff7) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x8, 0xe4) 3.196832051s ago: executing program 7 (id=7278): mmap$auto(0x2, 0x400008, 0xdf, 0x9b72, 0x2, 0x10000000008000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) msgctl$auto_IPC_STAT(0x0, 0x2, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x200000000003, 0x2f4a3a23) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0) writev$auto(r0, &(0x7f0000000300)={&(0x7f0000000200), 0x200}, 0x3) 3.113043301s ago: executing program 8 (id=7279): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/extra\x00', 0xa142, 0x0) r1 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mlockall$auto(0x7) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) read$auto(r1, 0x0, 0x1) write$auto(0x3, 0x0, 0xffd8) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/bus/input/handlers\x00', 0x200, 0x0) readv$auto(r0, &(0x7f0000000a80)={0x0, 0x4000000000ffff}, 0x1) 2.920510281s ago: executing program 0 (id=7280): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r0, 0x3, 0x0, 0x0) read$auto(0x3, 0x0, 0x80) settimeofday$auto(&(0x7f0000000180)={0x10000001f, 0x1}, 0x0) 2.624918657s ago: executing program 0 (id=7281): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0xffffffffffffffff, 0x10008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x82802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_SG_SET_TIMEOUT2(r0, 0x2201, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(0x3, 0x0, 0x100082) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) futex_wake$auto(0x0, 0x4, 0x1, 0x9) mincore$auto(0x1000, 0x4000000, 0x0) 2.547818314s ago: executing program 9 (id=7282): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) ioctl$auto_PROCMAP_QUERY(r1, 0xc0686611, &(0x7f0000000080)={0x67, 0x0, 0x7fff, 0x5, 0x80000000007, 0x1, 0x80000001, 0xff, 0x5, 0x7, 0xfbfffffe, 0x5, 0x7fb, 0x7, 0x9}) 2.122427815s ago: executing program 7 (id=7283): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0x5, 0x5, 0xff, 0xac1, 0x5, 0x36242398, 0xfffff5b2, 0x3bb, 0x7, 0xffff, 0x800, 0x81, 0x68198}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) clone$auto(0x20003b4a, 0x2, 0x0, 0x0, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/block/ram0/queue/nomerges\x00', 0xe3102, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="0100"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.119698339s ago: executing program 8 (id=7284): io_uring_setup$auto(0x2, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x2001, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100, 0x0) mmap$auto(0x1, 0x400005, 0x800000000000df, 0x8000000000000014, 0x2, 0x4000000008000) unshare$auto(0x400) select$auto(0xd, 0x0, 0x0, 0x0, 0x0) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) ioctl$auto_SNAPSHOT_UNFREEZE(r0, 0x3302, 0x0) clock_settime$auto(0x6, 0x0) madvise$auto(0x110c230000, 0x1fffffe, 0x9) madvise$auto(0x6, 0x3, 0x5c) 1.950156359s ago: executing program 7 (id=7285): connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x301000, 0x0) r1 = socket(0x22, 0x3, 0x0) bind$auto(r1, &(0x7f0000000040)=@l2tp={0x2, 0x0, @multicast2}, 0x5) ioctl$auto(r0, 0x40104d01, r0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r2, 0x0, 0x7ff, 0xd) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) 1.300168332s ago: executing program 7 (id=7286): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) r0 = socket(0xa, 0x3, 0x87) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_PEER_REMOVE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x0, 0x4, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x48891}, 0x20) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r1) mq_notify$auto(0x5cf5, &(0x7f00000006c0)={@sival_ptr=0x0, @inferred=r0, 0x2, @_sigev_thread={0x0, 0x0}}) 1.166359434s ago: executing program 9 (id=7287): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) fcntl$auto(0x3, 0x4, 0xa553) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/cpu/cpu0/cache/index0/type\x00', 0x183142, 0x0) getrlimit$auto(0x8, 0x0) keyctl$auto(0x7ff, 0xfffffffe, 0xffffffffffffffff, 0x0, 0x7) ioctl$auto_FS_IOC_UNRESVSP(0xffffffffffffffff, 0x40305829, 0x100) statmount$auto(0x0, 0x0, 0x1fe, 0x5) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) 1.025538458s ago: executing program 8 (id=7288): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0x3, 0x0, 0x7fffffff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/loop14/queue/dma_alignment\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) unshare$auto(0x40000080) write$auto(0x1, 0x0, 0x80000000) mmap$auto(0x100000, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) 669.298986ms ago: executing program 9 (id=7289): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x2) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r1, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x4, &(0x7f00000001c0)=@raw_tracepoint={0x5, r0, 0x0, 0x8000000000007}, 0x9) 504.003723ms ago: executing program 9 (id=7290): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x8, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r0, 0x3, 0x0, 0x0) read$auto(0x3, 0x0, 0x80) settimeofday$auto(&(0x7f0000000180)={0x10000001f, 0x1}, 0x0) 300.873439ms ago: executing program 7 (id=7291): openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x20041, 0x9, 0x2}, 0x18) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x401, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt$auto(r1, 0x84, 0x1, 0x0, 0x0) 141.079721ms ago: executing program 9 (id=7292): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x23, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/bus/usb/drivers/dvb_usb_dibusb_mc/new_id\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) write$auto(r0, 0x0, 0x4) openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, 0x0, 0x2482, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x80000001, 0x2, 0x800) getrandom$auto(0x0, 0x6000000, 0x3) bpf$auto(0x5, &(0x7f0000000140)=@bpf_attr_7={@prog_id=0x1a, 0x92f1, 0x4}, 0xa) 0s ago: executing program 0 (id=7293): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2000000008000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x20, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) r1 = socket(0xa, 0x801, 0x84) lsm_list_modules$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x1, 0x3f, 0x0, 0xb) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) setsockopt$auto(r0, 0x1, 0x4b, 0x0, 0xb) recvmmsg$auto(0x3, 0x0, 0x4, 0x1006, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) kernel console output (not intermixed with test programs): 50'. [ 861.933408][ T30] audit: type=1800 audit(1772176447.417:18): pid=23008 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6056" name="dbroot" dev="configfs" ino=91929 res=0 errno=0 [ 862.223803][T23017] netlink: 146 bytes leftover after parsing attributes in process `syz.4.6068'. [ 862.380727][T23022] netlink: 'syz.5.6061': attribute type 5 has an invalid length. [ 862.389970][T23022] netlink: 314 bytes leftover after parsing attributes in process `syz.5.6061'. [ 863.670681][T23050] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6073'. [ 863.806082][T23052] ima: policy update failed [ 863.810890][ T30] audit: type=1802 audit(1772176449.287:19): pid=23052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.5.6072" res=0 errno=0 [ 864.014498][T23058] FAULT_INJECTION: forcing a failure. [ 864.014498][T23058] name failslab, interval 1, probability 0, space 0, times 0 [ 864.027817][T23058] CPU: 0 UID: 0 PID: 23058 Comm: syz.5.6076 Tainted: G U L syzkaller #0 PREEMPT(full) [ 864.027878][T23058] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 864.027892][T23058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 864.027914][T23058] Call Trace: [ 864.027926][T23058] [ 864.027940][T23058] dump_stack_lvl+0x100/0x190 [ 864.027997][T23058] should_fail_ex.cold+0x5/0xa [ 864.028074][T23058] should_failslab+0xc2/0x120 [ 864.028109][T23058] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 864.028158][T23058] ? __kernfs_new_node+0xd2/0x960 [ 864.028213][T23058] __kernfs_new_node+0xd2/0x960 [ 864.028263][T23058] ? __pfx___kernfs_new_node+0x10/0x10 [ 864.028321][T23058] ? find_held_lock+0x2b/0x80 [ 864.028353][T23058] ? kernfs_root+0xee/0x2a0 [ 864.028396][T23058] ? kernfs_root+0xee/0x2a0 [ 864.028450][T23058] kernfs_new_node+0x11b/0x1a0 [ 864.028506][T23058] __kernfs_create_file+0x53/0x350 [ 864.028549][T23058] sysfs_add_file_mode_ns+0x207/0x3c0 [ 864.028603][T23058] internal_create_group+0x593/0xf40 [ 864.028661][T23058] ? __pfx_internal_create_group+0x10/0x10 [ 864.028718][T23058] ? kernfs_create_link+0x1bd/0x240 [ 864.028763][T23058] internal_create_groups+0x9d/0x150 [ 864.028822][T23058] device_add+0x77a/0x1950 [ 864.028881][T23058] ? __pfx_device_add+0x10/0x10 [ 864.028932][T23058] ? __pfx___might_resched+0x10/0x10 [ 864.028980][T23058] ? lockdep_hardirqs_on+0x78/0x100 [ 864.029042][T23058] __add_disk+0x518/0xe40 [ 864.029099][T23058] add_disk_fwnode+0x118/0x5c0 [ 864.029154][T23058] loop_add+0x90b/0xb60 [ 864.029190][T23058] ? __pfx_loop_add+0x10/0x10 [ 864.029255][T23058] ? find_held_lock+0x2b/0x80 [ 864.029284][T23058] ? __fget_files+0x215/0x3d0 [ 864.029342][T23058] loop_control_ioctl+0xae/0x620 [ 864.029382][T23058] ? __pfx_loop_control_ioctl+0x10/0x10 [ 864.029427][T23058] ? __pfx_loop_control_ioctl+0x10/0x10 [ 864.029466][T23058] __x64_sys_ioctl+0x18e/0x210 [ 864.029515][T23058] do_syscall_64+0x106/0xf80 [ 864.029550][T23058] ? clear_bhb_loop+0x40/0x90 [ 864.029592][T23058] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.029627][T23058] RIP: 0033:0x7ff770f9c799 [ 864.029657][T23058] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 864.029693][T23058] RSP: 002b:00007ff771e49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 864.029728][T23058] RAX: ffffffffffffffda RBX: 00007ff771215fa0 RCX: 00007ff770f9c799 [ 864.029752][T23058] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 864.029776][T23058] RBP: 00007ff771032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 864.029796][T23058] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 864.029817][T23058] R13: 00007ff771216038 R14: 00007ff771215fa0 R15: 00007ffc41c62318 [ 864.029864][T23058] [ 864.835208][T23067] FAULT_INJECTION: forcing a failure. [ 864.835208][T23067] name failslab, interval 1, probability 0, space 0, times 0 [ 864.866931][T23067] CPU: 0 UID: 0 PID: 23067 Comm: syz.5.6078 Tainted: G U L syzkaller #0 PREEMPT(full) [ 864.866990][T23067] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 864.867003][T23067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 864.867024][T23067] Call Trace: [ 864.867035][T23067] [ 864.867049][T23067] dump_stack_lvl+0x100/0x190 [ 864.867118][T23067] should_fail_ex.cold+0x5/0xa [ 864.867159][T23067] ? tracepoint_add_func+0x2c5/0xf30 [ 864.867193][T23067] should_failslab+0xc2/0x120 [ 864.867226][T23067] __kmalloc_noprof+0xe0/0x850 [ 864.867282][T23067] ? __pfx_trace_event_raw_event_nfs4_lookup_event+0x10/0x10 [ 864.867339][T23067] tracepoint_add_func+0x2c5/0xf30 [ 864.867371][T23067] ? __pfx_trace_event_raw_event_nfs4_lookup_event+0x10/0x10 [ 864.867438][T23067] ? __pfx_trace_event_raw_event_nfs4_lookup_event+0x10/0x10 [ 864.867492][T23067] tracepoint_probe_register+0xc4/0x110 [ 864.867528][T23067] ? __pfx_tracepoint_probe_register+0x10/0x10 [ 864.867563][T23067] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 864.867603][T23067] ? __pfx_trace_event_raw_event_nfs4_lookup_event+0x10/0x10 [ 864.867664][T23067] ? __pfx_probe_sched_switch+0x10/0x10 [ 864.867721][T23067] ? __lock_acquire+0x4a5/0x2630 [ 864.867771][T23067] trace_event_reg+0x209/0x350 [ 864.867825][T23067] __ftrace_event_enable_disable+0x211/0x6f0 [ 864.867888][T23067] __ftrace_set_clr_event_nolock+0x390/0xc30 [ 864.867940][T23067] ftrace_set_clr_event+0x16e/0x330 [ 864.867985][T23067] ? __pfx_ftrace_set_clr_event+0x10/0x10 [ 864.868027][T23067] ? trace_get_user+0x3ae/0xa70 [ 864.868083][T23067] ftrace_event_write+0x259/0x2c0 [ 864.868128][T23067] ? __pfx_ftrace_event_write+0x10/0x10 [ 864.868193][T23067] vfs_write+0x2aa/0x1070 [ 864.868249][T23067] ? __pfx_ftrace_event_write+0x10/0x10 [ 864.868299][T23067] ? __pfx_vfs_write+0x10/0x10 [ 864.868349][T23067] ? __fget_files+0x215/0x3d0 [ 864.868413][T23067] ? __fget_files+0x21f/0x3d0 [ 864.868477][T23067] ksys_write+0x12a/0x250 [ 864.868530][T23067] ? __pfx_ksys_write+0x10/0x10 [ 864.868598][T23067] do_syscall_64+0x106/0xf80 [ 864.868637][T23067] ? clear_bhb_loop+0x40/0x90 [ 864.868681][T23067] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 864.868718][T23067] RIP: 0033:0x7ff770f9c799 [ 864.868748][T23067] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 864.868784][T23067] RSP: 002b:00007ff771e49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 864.868818][T23067] RAX: ffffffffffffffda RBX: 00007ff771215fa0 RCX: 00007ff770f9c799 [ 864.868842][T23067] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000005 [ 864.868863][T23067] RBP: 00007ff771032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 864.868884][T23067] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 864.868904][T23067] R13: 00007ff771216038 R14: 00007ff771215fa0 R15: 00007ffc41c62318 [ 864.868950][T23067] [ 864.871604][T23067] event trace: Could not enable event nfs4_remove [ 865.401659][T23071] serio: Serial port ttyS0 [ 866.078038][T23093] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6087'. [ 866.079022][T23093] netlink: 13 bytes leftover after parsing attributes in process `syz.5.6087'. [ 866.450366][T23100] FAULT_INJECTION: forcing a failure. [ 866.450366][T23100] name failslab, interval 1, probability 0, space 0, times 0 [ 866.493005][T23100] CPU: 1 UID: 0 PID: 23100 Comm: syz.4.6088 Tainted: G U L syzkaller #0 PREEMPT(full) [ 866.493061][T23100] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 866.493074][T23100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 866.493095][T23100] Call Trace: [ 866.493107][T23100] [ 866.493120][T23100] dump_stack_lvl+0x100/0x190 [ 866.493176][T23100] should_fail_ex.cold+0x5/0xa [ 866.493216][T23100] should_failslab+0xc2/0x120 [ 866.493250][T23100] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 866.493300][T23100] ? __kernfs_new_node+0xd2/0x960 [ 866.493355][T23100] __kernfs_new_node+0xd2/0x960 [ 866.493407][T23100] ? __pfx___kernfs_new_node+0x10/0x10 [ 866.493462][T23100] ? find_held_lock+0x2b/0x80 [ 866.493499][T23100] ? kernfs_root+0xee/0x2a0 [ 866.493541][T23100] ? kernfs_root+0xee/0x2a0 [ 866.493595][T23100] kernfs_new_node+0x11b/0x1a0 [ 866.493650][T23100] __kernfs_create_file+0x53/0x350 [ 866.493690][T23100] sysfs_add_file_mode_ns+0x207/0x3c0 [ 866.493809][T23100] internal_create_group+0x593/0xf40 [ 866.493869][T23100] ? __pfx_internal_create_group+0x10/0x10 [ 866.493924][T23100] ? kernfs_create_link+0x1bd/0x240 [ 866.493968][T23100] internal_create_groups+0x9d/0x150 [ 866.494125][T23100] device_add+0x77a/0x1950 [ 866.494184][T23100] ? __pfx_device_add+0x10/0x10 [ 866.494231][T23100] ? __pfx___might_resched+0x10/0x10 [ 866.494282][T23100] ? lockdep_hardirqs_on+0x78/0x100 [ 866.494338][T23100] __add_disk+0x518/0xe40 [ 866.494394][T23100] add_disk_fwnode+0x118/0x5c0 [ 866.494445][T23100] loop_add+0x90b/0xb60 [ 866.494481][T23100] ? __pfx_loop_add+0x10/0x10 [ 866.494541][T23100] ? find_held_lock+0x2b/0x80 [ 866.494569][T23100] ? __fget_files+0x215/0x3d0 [ 866.494622][T23100] loop_control_ioctl+0xae/0x620 [ 866.494660][T23100] ? __pfx_loop_control_ioctl+0x10/0x10 [ 866.494702][T23100] ? __pfx_loop_control_ioctl+0x10/0x10 [ 866.494738][T23100] __x64_sys_ioctl+0x18e/0x210 [ 866.494784][T23100] do_syscall_64+0x106/0xf80 [ 866.494821][T23100] ? clear_bhb_loop+0x40/0x90 [ 866.494864][T23100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 866.494899][T23100] RIP: 0033:0x7f5c8e19c799 [ 866.494928][T23100] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 866.495000][T23100] RSP: 002b:00007f5c8efdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 866.495033][T23100] RAX: ffffffffffffffda RBX: 00007f5c8e415fa0 RCX: 00007f5c8e19c799 [ 866.495056][T23100] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 866.495078][T23100] RBP: 00007f5c8e232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 866.495098][T23100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 866.495119][T23100] R13: 00007f5c8e416038 R14: 00007f5c8e415fa0 R15: 00007ffdddf34368 [ 866.495163][T23100] [ 867.548604][T23123] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6099'. [ 867.574362][T23123] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6099'. [ 868.304363][T23116] Process accounting paused [ 868.941707][T23151] netlink: 326 bytes leftover after parsing attributes in process `syz.0.6110'. [ 869.255475][T23161] FAULT_INJECTION: forcing a failure. [ 869.255475][T23161] name failslab, interval 1, probability 0, space 0, times 0 [ 869.270468][T23161] CPU: 0 UID: 0 PID: 23161 Comm: syz.4.6122 Tainted: G U L syzkaller #0 PREEMPT(full) [ 869.270528][T23161] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 869.270542][T23161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 869.270561][T23161] Call Trace: [ 869.270573][T23161] [ 869.270587][T23161] dump_stack_lvl+0x100/0x190 [ 869.270645][T23161] should_fail_ex.cold+0x5/0xa [ 869.270686][T23161] should_failslab+0xc2/0x120 [ 869.270719][T23161] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 869.270780][T23161] ? seq_open+0x55/0x170 [ 869.270826][T23161] ? __pfx_blk_mq_debugfs_show+0x10/0x10 [ 869.270866][T23161] seq_open+0x55/0x170 [ 869.270906][T23161] ? __pfx_blk_mq_debugfs_show+0x10/0x10 [ 869.270945][T23161] single_open+0xfc/0x1d0 [ 869.270989][T23161] blk_mq_debugfs_open+0xde/0x1b0 [ 869.271031][T23161] ? __pfx_blk_mq_debugfs_open+0x10/0x10 [ 869.271068][T23161] full_proxy_open_regular+0x1b6/0x370 [ 869.271116][T23161] do_dentry_open+0x6d8/0x1660 [ 869.271172][T23161] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 869.271227][T23161] vfs_open+0x82/0x3f0 [ 869.271271][T23161] path_openat+0x208c/0x31a0 [ 869.271319][T23161] ? __pfx_path_openat+0x10/0x10 [ 869.271367][T23161] do_file_open+0x20e/0x430 [ 869.271404][T23161] ? __pfx_do_file_open+0x10/0x10 [ 869.271467][T23161] ? alloc_fd+0x476/0x790 [ 869.271524][T23161] ? do_getname+0x191/0x390 [ 869.271568][T23161] do_sys_openat2+0x10d/0x1e0 [ 869.271611][T23161] ? __pfx_do_sys_openat2+0x10/0x10 [ 869.271657][T23161] ? __fget_files+0x21f/0x3d0 [ 869.271719][T23161] __x64_sys_openat+0x12d/0x210 [ 869.271773][T23161] ? __pfx___x64_sys_openat+0x10/0x10 [ 869.271833][T23161] do_syscall_64+0x106/0xf80 [ 869.271871][T23161] ? clear_bhb_loop+0x40/0x90 [ 869.271915][T23161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 869.271949][T23161] RIP: 0033:0x7f5c8e19c799 [ 869.271977][T23161] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 869.272013][T23161] RSP: 002b:00007f5c8efdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 869.272047][T23161] RAX: ffffffffffffffda RBX: 00007f5c8e415fa0 RCX: 00007f5c8e19c799 [ 869.272071][T23161] RDX: 0000000000060100 RSI: 0000200000000900 RDI: ffffffffffffff9c [ 869.272092][T23161] RBP: 00007f5c8e232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 869.272113][T23161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 869.272134][T23161] R13: 00007f5c8e416038 R14: 00007f5c8e415fa0 R15: 00007ffdddf34368 [ 869.272178][T23161] [ 870.540588][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.549908][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.771103][T23201] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6139'. [ 871.134552][T23213] MTRR 2 not used [ 872.024415][T23237] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6143'. [ 872.045026][T23237] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6143'. [ 872.233430][T23242] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6145'. [ 872.278978][T23244] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6144'. [ 873.750923][T23284] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6159'. [ 873.804163][T23288] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6170'. [ 875.143113][T23323] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6177'. [ 875.390322][T23334] KVM: debugfs: duplicate directory 23334-3 [ 879.179288][T23424] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6219'. [ 879.232761][T23424] netlink: 302 bytes leftover after parsing attributes in process `syz.0.6219'. [ 879.252329][T23426] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6210'. [ 881.754101][T23488] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6240'. [ 881.870629][T23488] \: renamed from lo [ 882.702055][T23497] netlink: 334 bytes leftover after parsing attributes in process `syz.5.6232'. [ 884.119385][T23523] : entered promiscuous mode [ 884.160373][T23524] FAULT_INJECTION: forcing a failure. [ 884.160373][T23524] name failslab, interval 1, probability 0, space 0, times 0 [ 884.218181][T23524] CPU: 1 UID: 0 PID: 23524 Comm: syz.5.6243 Tainted: G U L syzkaller #0 PREEMPT(full) [ 884.218239][T23524] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 884.218253][T23524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 884.218272][T23524] Call Trace: [ 884.218283][T23524] [ 884.218296][T23524] dump_stack_lvl+0x100/0x190 [ 884.218363][T23524] should_fail_ex.cold+0x5/0xa [ 884.218403][T23524] should_failslab+0xc2/0x120 [ 884.218437][T23524] __kmalloc_cache_noprof+0x7a/0x6f0 [ 884.218481][T23524] ? trace_pid_list_alloc+0x2fe/0x480 [ 884.218543][T23524] trace_pid_list_alloc+0x2fe/0x480 [ 884.218602][T23524] trace_pid_write+0x110/0x460 [ 884.218658][T23524] ? __pfx_trace_pid_write+0x10/0x10 [ 884.218738][T23524] event_pid_write.isra.0+0x1e4/0x800 [ 884.218798][T23524] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 884.218869][T23524] vfs_write+0x2aa/0x1070 [ 884.218924][T23524] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 884.218986][T23524] ? __pfx_vfs_write+0x10/0x10 [ 884.219043][T23524] ? __fget_files+0x215/0x3d0 [ 884.219108][T23524] ? __fget_files+0x21f/0x3d0 [ 884.219175][T23524] ksys_write+0x12a/0x250 [ 884.219255][T23524] ? __pfx_ksys_write+0x10/0x10 [ 884.219322][T23524] do_syscall_64+0x106/0xf80 [ 884.219369][T23524] ? clear_bhb_loop+0x40/0x90 [ 884.219414][T23524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 884.219451][T23524] RIP: 0033:0x7ff770f9c799 [ 884.219480][T23524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 884.219514][T23524] RSP: 002b:00007ff771e49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 884.219549][T23524] RAX: ffffffffffffffda RBX: 00007ff771215fa0 RCX: 00007ff770f9c799 [ 884.219573][T23524] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 884.219595][T23524] RBP: 00007ff771032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 884.219617][T23524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 884.219637][T23524] R13: 00007ff771216038 R14: 00007ff771215fa0 R15: 00007ffc41c62318 [ 884.219684][T23524] [ 885.141092][T23538] netlink: 334 bytes leftover after parsing attributes in process `syz.1.6246'. [ 885.697531][T23545] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6249'. [ 885.714895][T23545] netlink: 342 bytes leftover after parsing attributes in process `syz.0.6249'. [ 886.046101][T23554] : entered promiscuous mode [ 887.435515][T23580] FAULT_INJECTION: forcing a failure. [ 887.435515][T23580] name failslab, interval 1, probability 0, space 0, times 0 [ 887.484253][T23580] CPU: 1 UID: 0 PID: 23580 Comm: syz.5.6262 Tainted: G U L syzkaller #0 PREEMPT(full) [ 887.484313][T23580] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 887.484327][T23580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 887.484349][T23580] Call Trace: [ 887.484362][T23580] [ 887.484375][T23580] dump_stack_lvl+0x100/0x190 [ 887.484434][T23580] should_fail_ex.cold+0x5/0xa [ 887.484473][T23580] ? sk_prot_alloc+0x10b/0x2a0 [ 887.484518][T23580] should_failslab+0xc2/0x120 [ 887.484550][T23580] __kmalloc_noprof+0xe0/0x850 [ 887.484607][T23580] sk_prot_alloc+0x10b/0x2a0 [ 887.484655][T23580] sk_alloc+0x36/0xe80 [ 887.484692][T23580] __netlink_create+0x5e/0x2c0 [ 887.484726][T23580] ? __wake_up+0x3f/0x60 [ 887.484766][T23580] netlink_create+0x293/0x610 [ 887.484802][T23580] ? __pfx_genl_bind+0x10/0x10 [ 887.484840][T23580] ? __pfx_genl_unbind+0x10/0x10 [ 887.484886][T23580] ? __pfx_genl_release+0x10/0x10 [ 887.484937][T23580] __sock_create+0x339/0x860 [ 887.484994][T23580] __sys_socket+0x14d/0x260 [ 887.485046][T23580] ? __pfx___sys_socket+0x10/0x10 [ 887.485095][T23580] ? __pfx___do_sys_prctl+0x10/0x10 [ 887.485161][T23580] __x64_sys_socket+0x72/0xb0 [ 887.485212][T23580] ? lockdep_hardirqs_on+0x78/0x100 [ 887.485253][T23580] do_syscall_64+0x106/0xf80 [ 887.485291][T23580] ? clear_bhb_loop+0x40/0x90 [ 887.485332][T23580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.485368][T23580] RIP: 0033:0x7ff770f9c799 [ 887.485396][T23580] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 887.485432][T23580] RSP: 002b:00007ff771e49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 887.485465][T23580] RAX: ffffffffffffffda RBX: 00007ff771215fa0 RCX: 00007ff770f9c799 [ 887.485488][T23580] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 887.485509][T23580] RBP: 00007ff771032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 887.485535][T23580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 887.485555][T23580] R13: 00007ff771216038 R14: 00007ff771215fa0 R15: 00007ffc41c62318 [ 887.485598][T23580] [ 887.778358][T23580] usb usb3: usbfs: process 23580 (syz.5.6262) did not claim interface 0 before use [ 887.843731][T23578] mkiss: ax0: crc mode is auto. [ 888.131975][T23586] sp0: Synchronizing with TNC [ 888.330532][T23596] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 888.377996][T23596] CIFS mount error: No usable UNC path provided in device string! [ 888.377996][T23596] [ 888.421416][T23596] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 888.547606][T23602] : entered promiscuous mode [ 889.080608][T23612] random: crng reseeded on system resumption [ 889.186373][T23612] RDS: rds_bind could not find a transport for fe80::736d:2f73:7461:626c, load rds_tcp or rds_rdma? [ 889.588610][T20868] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 890.734076][T23643] openvswitch: : Dropping previously announced user features [ 891.823802][T23657] FAULT_INJECTION: forcing a failure. [ 891.823802][T23657] name failslab, interval 1, probability 0, space 0, times 0 [ 891.990012][T23657] CPU: 0 UID: 0 PID: 23657 Comm: syz.5.6294 Tainted: G U L syzkaller #0 PREEMPT(full) [ 891.990055][T23657] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 891.990065][T23657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 891.990080][T23657] Call Trace: [ 891.990089][T23657] [ 891.990100][T23657] dump_stack_lvl+0x100/0x190 [ 891.990141][T23657] should_fail_ex.cold+0x5/0xa [ 891.990170][T23657] ? ima_alloc_init_template+0x19d/0x6d0 [ 891.990205][T23657] should_failslab+0xc2/0x120 [ 891.990229][T23657] __kmalloc_noprof+0xe0/0x850 [ 891.990265][T23657] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 891.990304][T23657] ima_alloc_init_template+0x19d/0x6d0 [ 891.990341][T23657] ? take_dentry_name_snapshot+0x310/0x7c0 [ 891.990377][T23657] ima_store_measurement+0x1e3/0x5b0 [ 891.990415][T23657] ? __pfx_ima_store_measurement+0x10/0x10 [ 891.990463][T23657] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 891.990498][T23657] process_measurement+0x19cc/0x2350 [ 891.990538][T23657] ? stack_trace_save+0x8e/0xc0 [ 891.990562][T23657] ? __pfx_process_measurement+0x10/0x10 [ 891.990595][T23657] ? __lock_acquire+0x4a5/0x2630 [ 891.990625][T23657] ? __kasan_slab_alloc+0x89/0x90 [ 891.990690][T23657] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 891.990749][T23657] ? init_file+0x95/0x480 [ 891.990783][T23657] ? alloc_empty_file+0x73/0x1c0 [ 891.990810][T23657] ? alloc_file_pseudo+0x13a/0x230 [ 891.990838][T23657] ? ksys_mmap_pgoff+0x232/0x650 [ 891.990860][T23657] ? __x64_sys_mmap+0x125/0x190 [ 891.990894][T23657] ? do_syscall_64+0x106/0xf80 [ 891.990949][T23657] ? __pfx_aa_file_perm+0x10/0x10 [ 891.990991][T23657] ima_file_mmap+0x1c4/0x1f0 [ 891.991025][T23657] ? __pfx_ima_file_mmap+0x10/0x10 [ 891.991064][T23657] security_mmap_file+0x278/0x9b0 [ 891.991106][T23657] vm_mmap_pgoff+0xec/0x470 [ 891.991135][T23657] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 891.991158][T23657] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 891.991190][T23657] ? hugetlbfs_get_inode+0x36e/0x750 [ 891.991239][T23657] ksys_mmap_pgoff+0x273/0x650 [ 891.991264][T23657] ? __x64_sys_futex+0x358/0x4d0 [ 891.991297][T23657] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 891.991321][T23657] ? xfd_validate_state+0x129/0x190 [ 891.991361][T23657] __x64_sys_mmap+0x125/0x190 [ 891.991399][T23657] do_syscall_64+0x106/0xf80 [ 891.991426][T23657] ? clear_bhb_loop+0x40/0x90 [ 891.991456][T23657] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 891.991481][T23657] RIP: 0033:0x7ff770f9c799 [ 891.991501][T23657] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 891.991528][T23657] RSP: 002b:00007ff771e07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 891.991553][T23657] RAX: ffffffffffffffda RBX: 00007ff771216180 RCX: 00007ff770f9c799 [ 891.991570][T23657] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 891.991586][T23657] RBP: 00007ff771032bd9 R08: ffffffffffffffff R09: 0000300000020000 [ 891.991604][T23657] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 891.991620][T23657] R13: 00007ff771216218 R14: 00007ff771216180 R15: 00007ffc41c62318 [ 891.991653][T23657] [ 891.994487][ T30] audit: type=1804 audit(1772176477.462:20): pid=23657 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.5.6294" name="anon_hugepage" dev="hugetlbfs" ino=97521 res=0 errno=0 [ 893.405343][T23668] zswap: compressor not available [ 893.961220][T23687] netlink: 'syz.4.6295': attribute type 7 has an invalid length. [ 893.990317][T23687] netlink: 17 bytes leftover after parsing attributes in process `syz.4.6295'. [ 894.000957][T23689] netlink: 18 bytes leftover after parsing attributes in process `syz.0.6293'. [ 894.163916][T23691] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6296'. [ 894.188203][T23691] netlink: 342 bytes leftover after parsing attributes in process `syz.5.6296'. [ 894.253996][T23691] netlink: 'syz.5.6296': attribute type 3 has an invalid length. [ 894.294650][T23691] netlink: 290 bytes leftover after parsing attributes in process `syz.5.6296'. [ 894.453258][T23700] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6300'. [ 895.830492][T23723] netlink: 'syz.5.6308': attribute type 7 has an invalid length. [ 895.860998][T23723] netlink: 17 bytes leftover after parsing attributes in process `syz.5.6308'. [ 896.662354][T23742] openvswitch: : Dropping previously announced user features [ 898.528102][T23786] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6325'. [ 901.045364][T23831] FAULT_INJECTION: forcing a failure. [ 901.045364][T23831] name failslab, interval 1, probability 0, space 0, times 0 [ 901.066384][T23831] CPU: 1 UID: 0 PID: 23831 Comm: syz.4.6335 Tainted: G U L syzkaller #0 PREEMPT(full) [ 901.066460][T23831] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 901.066474][T23831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 901.066494][T23831] Call Trace: [ 901.066505][T23831] [ 901.066518][T23831] dump_stack_lvl+0x100/0x190 [ 901.066576][T23831] should_fail_ex.cold+0x5/0xa [ 901.066615][T23831] ? ima_alloc_init_template+0x19d/0x6d0 [ 901.066664][T23831] should_failslab+0xc2/0x120 [ 901.066699][T23831] __kmalloc_noprof+0xe0/0x850 [ 901.066747][T23831] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 901.066799][T23831] ima_alloc_init_template+0x19d/0x6d0 [ 901.066850][T23831] ? take_dentry_name_snapshot+0x310/0x7c0 [ 901.066900][T23831] ima_store_measurement+0x1e3/0x5b0 [ 901.066953][T23831] ? __pfx_ima_store_measurement+0x10/0x10 [ 901.067019][T23831] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 901.067069][T23831] process_measurement+0x19cc/0x2350 [ 901.067124][T23831] ? stack_trace_save+0x8e/0xc0 [ 901.067159][T23831] ? __pfx_process_measurement+0x10/0x10 [ 901.067203][T23831] ? __lock_acquire+0x4a5/0x2630 [ 901.067245][T23831] ? __kasan_slab_alloc+0x89/0x90 [ 901.067307][T23831] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 901.067356][T23831] ? init_file+0x95/0x480 [ 901.067389][T23831] ? alloc_empty_file+0x73/0x1c0 [ 901.067431][T23831] ? alloc_file_pseudo+0x13a/0x230 [ 901.067470][T23831] ? ksys_mmap_pgoff+0x232/0x650 [ 901.067501][T23831] ? __x64_sys_mmap+0x125/0x190 [ 901.067549][T23831] ? do_syscall_64+0x106/0xf80 [ 901.067627][T23831] ? __pfx_aa_file_perm+0x10/0x10 [ 901.067678][T23831] ima_file_mmap+0x1c4/0x1f0 [ 901.067725][T23831] ? __pfx_ima_file_mmap+0x10/0x10 [ 901.067780][T23831] security_mmap_file+0x278/0x9b0 [ 901.067838][T23831] vm_mmap_pgoff+0xec/0x470 [ 901.067879][T23831] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 901.067912][T23831] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 901.067956][T23831] ? hugetlbfs_get_inode+0x36e/0x750 [ 901.068024][T23831] ksys_mmap_pgoff+0x273/0x650 [ 901.068058][T23831] ? __x64_sys_futex+0x358/0x4d0 [ 901.068104][T23831] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 901.068138][T23831] ? xfd_validate_state+0x129/0x190 [ 901.068194][T23831] __x64_sys_mmap+0x125/0x190 [ 901.068249][T23831] do_syscall_64+0x106/0xf80 [ 901.068296][T23831] ? clear_bhb_loop+0x40/0x90 [ 901.068342][T23831] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 901.068379][T23831] RIP: 0033:0x7f5c8e19c799 [ 901.068408][T23831] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 901.068443][T23831] RSP: 002b:00007f5c8ef9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 901.068476][T23831] RAX: ffffffffffffffda RBX: 00007f5c8e416180 RCX: 00007f5c8e19c799 [ 901.068500][T23831] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 901.068521][T23831] RBP: 00007f5c8e232bd9 R08: ffffffffffffffff R09: 0000300000020000 [ 901.068543][T23831] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 901.068564][T23831] R13: 00007f5c8e416218 R14: 00007f5c8e416180 R15: 00007ffdddf34368 [ 901.068609][T23831] [ 901.100758][ T30] audit: type=1804 audit(1772176486.528:21): pid=23831 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.4.6335" name="anon_hugepage" dev="hugetlbfs" ino=98639 res=0 errno=0 [ 901.809353][T23839] netlink: 25 bytes leftover after parsing attributes in process `syz.1.6338'. [ 904.089955][T23891] random: crng reseeded on system resumption [ 904.650700][T23899] random: crng reseeded on system resumption [ 904.761210][T23902] sp0: Synchronizing with TNC [ 908.156671][T23982] netlink: 25 bytes leftover after parsing attributes in process `syz.4.6389'. [ 909.397859][T24010] FAULT_INJECTION: forcing a failure. [ 909.397859][T24010] name failslab, interval 1, probability 0, space 0, times 0 [ 909.442645][T24010] CPU: 1 UID: 0 PID: 24010 Comm: syz.5.6398 Tainted: G U L syzkaller #0 PREEMPT(full) [ 909.442707][T24010] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 909.442722][T24010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 909.442745][T24010] Call Trace: [ 909.442758][T24010] [ 909.442771][T24010] dump_stack_lvl+0x100/0x190 [ 909.442830][T24010] should_fail_ex.cold+0x5/0xa [ 909.442872][T24010] ? ima_alloc_init_template+0x19d/0x6d0 [ 909.442923][T24010] should_failslab+0xc2/0x120 [ 909.442955][T24010] __kmalloc_noprof+0xe0/0x850 [ 909.443004][T24010] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 909.443055][T24010] ima_alloc_init_template+0x19d/0x6d0 [ 909.443108][T24010] ? take_dentry_name_snapshot+0x310/0x7c0 [ 909.443158][T24010] ima_store_measurement+0x1e3/0x5b0 [ 909.443213][T24010] ? __pfx_ima_store_measurement+0x10/0x10 [ 909.443281][T24010] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 909.443333][T24010] process_measurement+0x19cc/0x2350 [ 909.443390][T24010] ? stack_trace_save+0x8e/0xc0 [ 909.443429][T24010] ? __pfx_process_measurement+0x10/0x10 [ 909.443471][T24010] ? __lock_acquire+0x4a5/0x2630 [ 909.443510][T24010] ? __kasan_slab_alloc+0x89/0x90 [ 909.443556][T24010] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 909.443599][T24010] ? init_file+0x95/0x480 [ 909.443637][T24010] ? alloc_empty_file+0x73/0x1c0 [ 909.443670][T24010] ? alloc_file_pseudo+0x13a/0x230 [ 909.443706][T24010] ? ksys_mmap_pgoff+0x232/0x650 [ 909.443734][T24010] ? __x64_sys_mmap+0x125/0x190 [ 909.443777][T24010] ? do_syscall_64+0x106/0xf80 [ 909.443848][T24010] ? __pfx_aa_file_perm+0x10/0x10 [ 909.443894][T24010] ima_file_mmap+0x1c4/0x1f0 [ 909.443935][T24010] ? __pfx_ima_file_mmap+0x10/0x10 [ 909.443986][T24010] security_mmap_file+0x278/0x9b0 [ 909.444045][T24010] vm_mmap_pgoff+0xec/0x470 [ 909.444088][T24010] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 909.444123][T24010] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 909.444169][T24010] ? hugetlbfs_get_inode+0x36e/0x750 [ 909.444239][T24010] ksys_mmap_pgoff+0x273/0x650 [ 909.444275][T24010] ? __x64_sys_futex+0x358/0x4d0 [ 909.444321][T24010] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 909.444357][T24010] ? xfd_validate_state+0x129/0x190 [ 909.444414][T24010] __x64_sys_mmap+0x125/0x190 [ 909.444470][T24010] do_syscall_64+0x106/0xf80 [ 909.444508][T24010] ? clear_bhb_loop+0x40/0x90 [ 909.444551][T24010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 909.444587][T24010] RIP: 0033:0x7ff770f9c799 [ 909.444626][T24010] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 909.444663][T24010] RSP: 002b:00007ff771e07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 909.444697][T24010] RAX: ffffffffffffffda RBX: 00007ff771216180 RCX: 00007ff770f9c799 [ 909.444720][T24010] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 909.444742][T24010] RBP: 00007ff771032bd9 R08: ffffffffffffffff R09: 0000300000020000 [ 909.444764][T24010] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 909.444786][T24010] R13: 00007ff771216218 R14: 00007ff771216180 R15: 00007ffc41c62318 [ 909.444832][T24010] [ 909.785783][ T30] audit: type=1804 audit(1772194839.247:22): pid=24010 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.5.6398" name="anon_hugepage" dev="hugetlbfs" ino=100482 res=0 errno=0 [ 912.562243][T24059] zswap: compressor not available [ 912.668951][T24068] netlink: 138 bytes leftover after parsing attributes in process `syz.5.6416'. [ 912.994891][T24073] FAULT_INJECTION: forcing a failure. [ 912.994891][T24073] name failslab, interval 1, probability 0, space 0, times 0 [ 913.007812][T24073] CPU: 1 UID: 0 PID: 24073 Comm: syz.5.6417 Tainted: G U L syzkaller #0 PREEMPT(full) [ 913.007866][T24073] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 913.007880][T24073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 913.007899][T24073] Call Trace: [ 913.007913][T24073] [ 913.007925][T24073] dump_stack_lvl+0x100/0x190 [ 913.007979][T24073] should_fail_ex.cold+0x5/0xa [ 913.008014][T24073] ? ima_alloc_init_template+0x19d/0x6d0 [ 913.008057][T24073] should_failslab+0xc2/0x120 [ 913.008086][T24073] __kmalloc_noprof+0xe0/0x850 [ 913.008129][T24073] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 913.008174][T24073] ima_alloc_init_template+0x19d/0x6d0 [ 913.008219][T24073] ? take_dentry_name_snapshot+0x310/0x7c0 [ 913.008263][T24073] ima_store_measurement+0x1e3/0x5b0 [ 913.008310][T24073] ? __pfx_ima_store_measurement+0x10/0x10 [ 913.008369][T24073] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 913.008421][T24073] process_measurement+0x19cc/0x2350 [ 913.008471][T24073] ? stack_trace_save+0x8e/0xc0 [ 913.008501][T24073] ? __pfx_process_measurement+0x10/0x10 [ 913.008541][T24073] ? __lock_acquire+0x4a5/0x2630 [ 913.008577][T24073] ? __kasan_slab_alloc+0x89/0x90 [ 913.008621][T24073] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 913.008662][T24073] ? init_file+0x95/0x480 [ 913.008690][T24073] ? alloc_empty_file+0x73/0x1c0 [ 913.008722][T24073] ? alloc_file_pseudo+0x13a/0x230 [ 913.008754][T24073] ? ksys_mmap_pgoff+0x232/0x650 [ 913.008779][T24073] ? __x64_sys_mmap+0x125/0x190 [ 913.008819][T24073] ? do_syscall_64+0x106/0xf80 [ 913.008893][T24073] ? __pfx_aa_file_perm+0x10/0x10 [ 913.008937][T24073] ima_file_mmap+0x1c4/0x1f0 [ 913.008977][T24073] ? __pfx_ima_file_mmap+0x10/0x10 [ 913.009026][T24073] security_mmap_file+0x278/0x9b0 [ 913.009077][T24073] vm_mmap_pgoff+0xec/0x470 [ 913.009112][T24073] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 913.009140][T24073] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 913.009178][T24073] ? hugetlbfs_get_inode+0x36e/0x750 [ 913.009238][T24073] ksys_mmap_pgoff+0x273/0x650 [ 913.009267][T24073] ? __x64_sys_futex+0x358/0x4d0 [ 913.009306][T24073] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 913.009334][T24073] ? xfd_validate_state+0x129/0x190 [ 913.009389][T24073] __x64_sys_mmap+0x125/0x190 [ 913.009436][T24073] do_syscall_64+0x106/0xf80 [ 913.009468][T24073] ? clear_bhb_loop+0x40/0x90 [ 913.009505][T24073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 913.009536][T24073] RIP: 0033:0x7ff770f9c799 [ 913.009561][T24073] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 913.009591][T24073] RSP: 002b:00007ff771e07028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 913.009620][T24073] RAX: ffffffffffffffda RBX: 00007ff771216180 RCX: 00007ff770f9c799 [ 913.009640][T24073] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 913.009659][T24073] RBP: 00007ff771032bd9 R08: ffffffffffffffff R09: 0000300000020000 [ 913.009678][T24073] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 913.009697][T24073] R13: 00007ff771216218 R14: 00007ff771216180 R15: 00007ffc41c62318 [ 913.009737][T24073] [ 913.323522][ T30] audit: type=1804 audit(1772194842.466:23): pid=24073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.5.6417" name="anon_hugepage" dev="hugetlbfs" ino=100766 res=0 errno=0 [ 916.556069][T24111] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6430'. [ 916.573008][T24111] netlink: 354 bytes leftover after parsing attributes in process `syz.5.6430'. [ 916.735432][T24113] netlink: 'syz.5.6431': attribute type 21 has an invalid length. [ 916.743616][T24113] netlink: 326 bytes leftover after parsing attributes in process `syz.5.6431'. [ 918.209333][T24136] kvm: kvm [24134]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000085) [ 926.898907][ T8723] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 926.914793][ T8723] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 926.953475][ T8723] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 926.973819][ T8723] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 926.991624][ T8723] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 927.768458][T24150] chnl_net:caif_netlink_parms(): no params data found [ 928.235276][T24150] bridge0: port 1(bridge_slave_0) entered blocking state [ 928.249579][T24150] bridge0: port 1(bridge_slave_0) entered disabled state [ 928.258714][T24150] bridge_slave_0: entered allmulticast mode [ 928.269562][T24150] bridge_slave_0: entered promiscuous mode [ 928.287508][T24150] bridge0: port 2(bridge_slave_1) entered blocking state [ 928.295987][T24150] bridge0: port 2(bridge_slave_1) entered disabled state [ 928.303406][T24150] bridge_slave_1: entered allmulticast mode [ 928.316452][T24150] bridge_slave_1: entered promiscuous mode [ 928.370260][T24150] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 928.395879][T24150] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 928.444911][T24150] team0: Port device team_slave_0 added [ 928.468373][T24150] team0: Port device team_slave_1 added [ 928.537767][T24150] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 928.545153][T24150] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 928.571674][T24150] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 928.587782][T24150] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 928.594835][T24150] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 928.621264][T24150] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 928.674473][T24150] hsr_slave_0: entered promiscuous mode [ 928.681060][T24150] hsr_slave_1: entered promiscuous mode [ 928.689450][T24150] debugfs: 'hsr0' already exists in 'hsr' [ 928.695375][T24150] Cannot create hsr debugfs directory [ 928.891532][T24150] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 928.905441][T24150] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 928.917881][T24150] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 928.928863][T24150] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 929.021338][T24150] 8021q: adding VLAN 0 to HW filter on device bond0 [ 929.048228][T24150] 8021q: adding VLAN 0 to HW filter on device team0 [ 929.061968][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 929.069202][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 929.089789][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 929.097040][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 929.124493][T20868] Bluetooth: hci1: command tx timeout [ 929.338025][T24150] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 929.614056][T24150] veth0_vlan: entered promiscuous mode [ 929.632721][T24150] veth1_vlan: entered promiscuous mode [ 929.665437][T24150] veth0_macvtap: entered promiscuous mode [ 929.676426][T24150] veth1_macvtap: entered promiscuous mode [ 929.698685][T24150] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 929.723324][T24150] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 929.739010][T19596] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.749881][T19596] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.760649][T19596] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.770355][T19596] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 929.878252][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 929.896958][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 929.930191][T19596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 929.939319][T19596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 930.337463][T24203] vivid-001: ================= START STATUS ================= [ 930.367056][T24203] vivid-001: Radio HW Seek Mode: Bounded [ 930.373305][T24203] vivid-001: Radio Programmable HW Seek: false [ 930.396554][T24203] vivid-001: RDS Rx I/O Mode: Block I/O [ 930.428072][T24203] vivid-001: Generate RBDS Instead of RDS: false [ 930.453769][T24203] vivid-001: RDS Reception: true [ 930.460110][T24203] vivid-001: RDS Program Type: 0 inactive [ 930.470705][T24203] vivid-001: RDS PS Name: inactive [ 930.476578][T24203] vivid-001: RDS Radio Text: inactive [ 930.482310][T24203] vivid-001: RDS Traffic Announcement: false inactive [ 930.500382][T24203] vivid-001: RDS Traffic Program: false inactive [ 930.507336][T24203] vivid-001: RDS Music: false inactive [ 930.513097][T24203] vivid-001: ================== END STATUS ================== [ 931.218857][T20868] Bluetooth: hci1: command tx timeout [ 932.010838][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 932.023252][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.729573][T24264] netlink: 326 bytes leftover after parsing attributes in process `syz.6.6471'. [ 932.977364][T24271] netlink: 17 bytes leftover after parsing attributes in process `syz.5.6474'. [ 933.288980][T20868] Bluetooth: hci1: command tx timeout [ 934.230838][T24305] FAULT_INJECTION: forcing a failure. [ 934.230838][T24305] name failslab, interval 1, probability 0, space 0, times 0 [ 934.426627][T24305] CPU: 0 UID: 0 PID: 24305 Comm: syz.6.6478 Tainted: G U L syzkaller #0 PREEMPT(full) [ 934.426691][T24305] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 934.426706][T24305] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 934.426727][T24305] Call Trace: [ 934.426743][T24305] [ 934.426755][T24305] dump_stack_lvl+0x100/0x190 [ 934.426814][T24305] should_fail_ex.cold+0x5/0xa [ 934.426855][T24305] should_failslab+0xc2/0x120 [ 934.426888][T24305] __kmalloc_cache_noprof+0x7a/0x6f0 [ 934.426931][T24305] ? ima_d_path+0xc9/0x260 [ 934.426978][T24305] ? xattr_resolve_name+0x27d/0x3f0 [ 934.427037][T24305] ima_d_path+0xc9/0x260 [ 934.427087][T24305] ? __pfx_ima_d_path+0x10/0x10 [ 934.427143][T24305] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 934.427194][T24305] process_measurement+0x1b25/0x2350 [ 934.427251][T24305] ? stack_trace_save+0x8e/0xc0 [ 934.427286][T24305] ? __pfx_process_measurement+0x10/0x10 [ 934.427333][T24305] ? __lock_acquire+0x4a5/0x2630 [ 934.427376][T24305] ? __kasan_slab_alloc+0x89/0x90 [ 934.427426][T24305] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 934.427487][T24305] ? init_file+0x95/0x480 [ 934.427522][T24305] ? alloc_empty_file+0x73/0x1c0 [ 934.427560][T24305] ? alloc_file_pseudo+0x13a/0x230 [ 934.427601][T24305] ? ksys_mmap_pgoff+0x232/0x650 [ 934.427633][T24305] ? __x64_sys_mmap+0x125/0x190 [ 934.427683][T24305] ? do_syscall_64+0x106/0xf80 [ 934.427760][T24305] ? __pfx_aa_file_perm+0x10/0x10 [ 934.427810][T24305] ima_file_mmap+0x1c4/0x1f0 [ 934.427856][T24305] ? __pfx_ima_file_mmap+0x10/0x10 [ 934.427920][T24305] security_mmap_file+0x278/0x9b0 [ 934.427981][T24305] vm_mmap_pgoff+0xec/0x470 [ 934.428023][T24305] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 934.428057][T24305] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 934.428101][T24305] ? hugetlbfs_get_inode+0x36e/0x750 [ 934.428178][T24305] ksys_mmap_pgoff+0x273/0x650 [ 934.428215][T24305] ? __x64_sys_futex+0x358/0x4d0 [ 934.428263][T24305] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 934.428296][T24305] ? xfd_validate_state+0x129/0x190 [ 934.428353][T24305] __x64_sys_mmap+0x125/0x190 [ 934.428409][T24305] do_syscall_64+0x106/0xf80 [ 934.428456][T24305] ? clear_bhb_loop+0x40/0x90 [ 934.428514][T24305] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 934.428550][T24305] RIP: 0033:0x7f0a1699c799 [ 934.428579][T24305] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 934.428614][T24305] RSP: 002b:00007f0a17892028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 934.428647][T24305] RAX: ffffffffffffffda RBX: 00007f0a16c16180 RCX: 00007f0a1699c799 [ 934.428671][T24305] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 934.428691][T24305] RBP: 00007f0a16a32bd9 R08: ffffffffffffffff R09: 0000300000020000 [ 934.428712][T24305] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 934.428733][T24305] R13: 00007f0a16c16218 R14: 00007f0a16c16180 R15: 00007ffe18d35e28 [ 934.428777][T24305] [ 934.885233][T24319] Loading of unsigned module is rejected [ 934.916711][T24319] vivid-007: ================= START STATUS ================= [ 934.924677][T24319] vivid-007: Enable Output Cropping: true [ 934.931113][T24319] vivid-007: Enable Output Composing: true [ 934.941070][T24319] vivid-007: Enable Output Scaler: true [ 934.946724][T24319] vivid-007: Tx RGB Quantization Range: Automatic [ 934.953312][T24319] vivid-007: Transmit Mode: HDMI [ 934.960570][T24319] vivid-007: Hotplug Present: 0x00000000 [ 934.966299][T24319] vivid-007: RxSense Present: 0x00000000 [ 934.974180][T24319] vivid-007: EDID Present: 0x00000000 [ 934.979736][T24319] vivid-007: ================== END STATUS ================== [ 935.365808][T24331] netlink: 17 bytes leftover after parsing attributes in process `syz.0.6485'. [ 935.375122][T20868] Bluetooth: hci1: command tx timeout [ 937.169091][T24371] vivid-007: ================= START STATUS ================= [ 937.176820][T24371] vivid-007: Generate PTS: true [ 937.229450][T24371] vivid-007: Generate SCR: true [ 937.235590][T24371] tpg source WxH: 320x240 (Y'CbCr) [ 937.246772][T24371] tpg field: 1 [ 937.253814][T24371] tpg crop: (0,0)/320x240 [ 937.271094][T24371] tpg compose: (0,0)/320x240 [ 937.275779][T24371] tpg colorspace: 8 [ 937.347011][T24371] tpg transfer function: 0/0 [ 937.364391][T24371] tpg Y'CbCr encoding: 0/0 [ 937.388603][T24371] tpg quantization: 0/0 [ 937.392845][T24371] tpg RGB range: 0/2 [ 937.442370][T24371] vivid-007: ================== END STATUS ================== [ 938.117275][T24399] netlink: 93 bytes leftover after parsing attributes in process `syz.0.6510'. [ 938.137183][T24391] netlink: 93 bytes leftover after parsing attributes in process `syz.0.6510'. [ 939.795822][T24446] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 941.780166][T24480] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6531'. [ 942.991813][T24497] FAULT_INJECTION: forcing a failure. [ 942.991813][T24497] name failslab, interval 1, probability 0, space 0, times 0 [ 943.005565][T24497] CPU: 0 UID: 0 PID: 24497 Comm: syz.5.6526 Tainted: G U L syzkaller #0 PREEMPT(full) [ 943.005627][T24497] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 943.005642][T24497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 943.005664][T24497] Call Trace: [ 943.005676][T24497] [ 943.005688][T24497] dump_stack_lvl+0x100/0x190 [ 943.005745][T24497] should_fail_ex.cold+0x5/0xa [ 943.005785][T24497] should_failslab+0xc2/0x120 [ 943.005828][T24497] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 943.005883][T24497] ? fib_notifier_ops_register+0x32/0x270 [ 943.005927][T24497] ? __debug_object_init+0x2de/0x3d0 [ 943.006014][T24497] kmemdup_noprof+0x29/0x60 [ 943.006068][T24497] fib_notifier_ops_register+0x32/0x270 [ 943.006114][T24497] fib4_notifier_init+0x4f/0xd0 [ 943.006154][T24497] fib_net_init+0xbf/0x3f0 [ 943.006192][T24497] ? is_module_address+0x69/0xf0 [ 943.006235][T24497] ? __pfx_fib_net_init+0x10/0x10 [ 943.006276][T24497] ? timer_init_key+0x150/0x340 [ 943.006319][T24497] ? devinet_init_net+0x56c/0x8d0 [ 943.006369][T24497] ? __pfx_fib_net_init+0x10/0x10 [ 943.006407][T24497] ops_init+0x1e2/0x5f0 [ 943.006452][T24497] setup_net+0x118/0x3a0 [ 943.006494][T24497] ? __pfx_setup_net+0x10/0x10 [ 943.006532][T24497] ? lockdep_init_map_type+0x5c/0x250 [ 943.006579][T24497] ? mutex_init_lockep+0x110/0x150 [ 943.006631][T24497] copy_net_ns+0x46f/0x7c0 [ 943.006680][T24497] create_new_namespaces+0x3ea/0xac0 [ 943.006727][T24497] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 943.006768][T24497] ksys_unshare+0x473/0xad0 [ 943.006814][T24497] ? __pfx_ksys_unshare+0x10/0x10 [ 943.006873][T24497] __x64_sys_unshare+0x31/0x40 [ 943.006915][T24497] do_syscall_64+0x106/0xf80 [ 943.006953][T24497] ? clear_bhb_loop+0x40/0x90 [ 943.007004][T24497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 943.007041][T24497] RIP: 0033:0x7ff770f9c799 [ 943.007070][T24497] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 943.007105][T24497] RSP: 002b:00007ff771e49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 943.007139][T24497] RAX: ffffffffffffffda RBX: 00007ff771215fa0 RCX: 00007ff770f9c799 [ 943.007163][T24497] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 943.007183][T24497] RBP: 00007ff771032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 943.007203][T24497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 943.007223][T24497] R13: 00007ff771216038 R14: 00007ff771215fa0 R15: 00007ffc41c62318 [ 943.007268][T24497] [ 943.462314][T24502] Loading of unsigned module is rejected [ 943.525557][T24502] vivid-007: ================= START STATUS ================= [ 943.541498][T24502] vivid-007: Enable Output Cropping: true [ 943.548501][T24502] vivid-007: Enable Output Composing: true [ 943.570767][T24502] vivid-007: Enable Output Scaler: true [ 943.585069][T24502] vivid-007: Tx RGB Quantization Range: Automatic [ 943.631461][T24502] vivid-007: Transmit Mode: HDMI [ 943.636517][T24502] vivid-007: Hotplug Present: 0x00000000 [ 943.661480][T24502] vivid-007: RxSense Present: 0x00000000 [ 943.667287][T24502] vivid-007: EDID Present: 0x00000000 [ 943.673113][T24502] vivid-007: ================== END STATUS ================== [ 944.189241][T24520] FAULT_INJECTION: forcing a failure. [ 944.189241][T24520] name failslab, interval 1, probability 0, space 0, times 0 [ 944.220919][T24520] CPU: 0 UID: 0 PID: 24520 Comm: syz.4.6537 Tainted: G U L syzkaller #0 PREEMPT(full) [ 944.220978][T24520] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 944.220993][T24520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 944.221014][T24520] Call Trace: [ 944.221026][T24520] [ 944.221040][T24520] dump_stack_lvl+0x100/0x190 [ 944.221098][T24520] should_fail_ex.cold+0x5/0xa [ 944.221139][T24520] ? ima_alloc_init_template+0x19d/0x6d0 [ 944.221188][T24520] should_failslab+0xc2/0x120 [ 944.221222][T24520] __kmalloc_noprof+0xe0/0x850 [ 944.221273][T24520] ? take_dentry_name_snapshot+0x30b/0x7c0 [ 944.221325][T24520] ima_alloc_init_template+0x19d/0x6d0 [ 944.221375][T24520] ? take_dentry_name_snapshot+0x310/0x7c0 [ 944.221425][T24520] ima_store_measurement+0x1e3/0x5b0 [ 944.221479][T24520] ? __pfx_ima_store_measurement+0x10/0x10 [ 944.221547][T24520] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 944.221596][T24520] process_measurement+0x19cc/0x2350 [ 944.221663][T24520] ? stack_trace_save+0x8e/0xc0 [ 944.221697][T24520] ? __pfx_process_measurement+0x10/0x10 [ 944.221741][T24520] ? __lock_acquire+0x4a5/0x2630 [ 944.221783][T24520] ? __kasan_slab_alloc+0x89/0x90 [ 944.221833][T24520] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 944.221881][T24520] ? init_file+0x95/0x480 [ 944.221913][T24520] ? alloc_empty_file+0x73/0x1c0 [ 944.221949][T24520] ? alloc_file_pseudo+0x13a/0x230 [ 944.221987][T24520] ? ksys_mmap_pgoff+0x232/0x650 [ 944.222016][T24520] ? __x64_sys_mmap+0x125/0x190 [ 944.222065][T24520] ? do_syscall_64+0x106/0xf80 [ 944.222146][T24520] ? __pfx_aa_file_perm+0x10/0x10 [ 944.222198][T24520] ima_file_mmap+0x1c4/0x1f0 [ 944.222244][T24520] ? __pfx_ima_file_mmap+0x10/0x10 [ 944.222302][T24520] security_mmap_file+0x278/0x9b0 [ 944.222360][T24520] vm_mmap_pgoff+0xec/0x470 [ 944.222401][T24520] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 944.222434][T24520] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 944.222478][T24520] ? hugetlbfs_get_inode+0x36e/0x750 [ 944.222545][T24520] ksys_mmap_pgoff+0x273/0x650 [ 944.222579][T24520] ? __x64_sys_futex+0x358/0x4d0 [ 944.222625][T24520] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 944.222668][T24520] ? xfd_validate_state+0x129/0x190 [ 944.222726][T24520] __x64_sys_mmap+0x125/0x190 [ 944.222780][T24520] do_syscall_64+0x106/0xf80 [ 944.222817][T24520] ? clear_bhb_loop+0x40/0x90 [ 944.222860][T24520] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.222894][T24520] RIP: 0033:0x7f5c8e19c799 [ 944.222923][T24520] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 944.222958][T24520] RSP: 002b:00007f5c8ef9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 944.222992][T24520] RAX: ffffffffffffffda RBX: 00007f5c8e416180 RCX: 00007f5c8e19c799 [ 944.223016][T24520] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 944.223038][T24520] RBP: 00007f5c8e232bd9 R08: ffffffffffffffff R09: 0000300000020000 [ 944.223062][T24520] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 944.223084][T24520] R13: 00007f5c8e416218 R14: 00007f5c8e416180 R15: 00007ffdddf34368 [ 944.223130][T24520] [ 944.552137][ T30] audit: type=1804 audit(1772194874.000:24): pid=24520 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=add_template_measure cause=ENOMEM comm="syz.4.6537" name="anon_hugepage" dev="hugetlbfs" ino=102254 res=0 errno=0 [ 952.261768][ T8723] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 952.278722][ T8723] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 952.296048][ T8723] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 952.309049][ T8723] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 952.316919][ T8723] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 952.549542][T24535] chnl_net:caif_netlink_parms(): no params data found [ 952.644663][T24535] bridge0: port 1(bridge_slave_0) entered blocking state [ 952.651972][T24535] bridge0: port 1(bridge_slave_0) entered disabled state [ 952.659785][T24535] bridge_slave_0: entered allmulticast mode [ 952.668459][T24535] bridge_slave_0: entered promiscuous mode [ 952.677755][T24535] bridge0: port 2(bridge_slave_1) entered blocking state [ 952.685104][T24535] bridge0: port 2(bridge_slave_1) entered disabled state [ 952.692666][T24535] bridge_slave_1: entered allmulticast mode [ 952.700696][T24535] bridge_slave_1: entered promiscuous mode [ 952.747284][T24535] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 952.759932][T24535] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 952.798170][T24535] team0: Port device team_slave_0 added [ 952.809271][T24535] team0: Port device team_slave_1 added [ 952.843436][T24535] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 952.850508][T24535] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 952.876520][T24535] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 952.889110][T24535] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 952.898295][T24535] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 952.925206][T24535] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 952.982837][T24535] hsr_slave_0: entered promiscuous mode [ 952.989535][T24535] hsr_slave_1: entered promiscuous mode [ 952.995932][T24535] debugfs: 'hsr0' already exists in 'hsr' [ 953.001785][T24535] Cannot create hsr debugfs directory [ 953.178300][T24548] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6550'. [ 953.861370][T24535] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 953.906180][T24535] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 953.938972][T24535] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 954.076743][T24535] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 954.417566][T20868] Bluetooth: hci5: command tx timeout [ 954.559845][T24535] 8021q: adding VLAN 0 to HW filter on device bond0 [ 954.595759][T24535] 8021q: adding VLAN 0 to HW filter on device team0 [ 954.629676][T24578] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6551'. [ 954.662159][T24578] gretap0: refused to change device tx_queue_len [ 954.680101][T12283] bridge0: port 1(bridge_slave_0) entered blocking state [ 954.687404][T12283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 954.701410][T12283] bridge0: port 2(bridge_slave_1) entered blocking state [ 954.708711][T12283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 955.329728][T24591] binder: 24590:24591 ioctl 4018620d 9 returned -22 [ 955.843987][T24535] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 956.505050][T20868] Bluetooth: hci5: command tx timeout [ 956.716643][T24535] veth0_vlan: entered promiscuous mode [ 956.765624][T24535] veth1_vlan: entered promiscuous mode [ 956.854144][T24535] veth0_macvtap: entered promiscuous mode [ 956.880039][T24535] veth1_macvtap: entered promiscuous mode [ 956.930615][T24535] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 956.969408][T24535] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 957.009791][ T470] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.045145][ T470] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.099691][ T470] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.132156][ T12] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.275709][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 957.298761][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 957.359024][T19596] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 957.369290][T19596] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 958.579705][T20868] Bluetooth: hci5: command tx timeout [ 959.682111][T24680] netlink: 266 bytes leftover after parsing attributes in process `syz.4.6586'. [ 959.705925][T24680] IPv6: NLM_F_CREATE should be specified when creating new route [ 959.917235][T24691] FAULT_INJECTION: forcing a failure. [ 959.917235][T24691] name failslab, interval 1, probability 0, space 0, times 0 [ 959.957037][T24691] CPU: 1 UID: 0 PID: 24691 Comm: syz.5.6590 Tainted: G U L syzkaller #0 PREEMPT(full) [ 959.957087][T24691] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 959.957099][T24691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 959.957119][T24691] Call Trace: [ 959.957128][T24691] [ 959.957141][T24691] dump_stack_lvl+0x100/0x190 [ 959.957190][T24691] should_fail_ex.cold+0x5/0xa [ 959.957223][T24691] should_failslab+0xc2/0x120 [ 959.957253][T24691] __kmalloc_cache_noprof+0x7a/0x6f0 [ 959.957287][T24691] ? madvise_collapse+0x1b5/0xbe0 [ 959.957324][T24691] madvise_collapse+0x1b5/0xbe0 [ 959.957363][T24691] ? find_held_lock+0x2b/0x80 [ 959.957390][T24691] ? finish_task_switch.isra.0+0x200/0xb80 [ 959.957422][T24691] ? __pfx_madvise_collapse+0x10/0x10 [ 959.957454][T24691] ? __pfx_rcu_is_watching+0x1/0x10 [ 959.957509][T24691] madvise_vma_behavior+0x1987/0x3050 [ 959.957545][T24691] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 959.957577][T24691] ? mas_prev_setup.constprop.0+0xb6/0x9c0 [ 959.957616][T24691] ? mas_prev+0x9b/0xf0 [ 959.957653][T24691] ? __pfx_mas_prev+0x10/0x10 [ 959.957699][T24691] ? find_vma_prev+0xd8/0x150 [ 959.957736][T24691] ? futex_unqueue+0x133/0x2c0 [ 959.957773][T24691] ? __pfx_find_vma_prev+0x10/0x10 [ 959.957815][T24691] ? __futex_wait+0x256/0x300 [ 959.957867][T24691] madvise_walk_vmas+0x2fe/0xa90 [ 959.957907][T24691] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 959.957953][T24691] madvise_do_behavior+0x1ea/0x510 [ 959.957993][T24691] ? __pfx_madvise_do_behavior+0x10/0x10 [ 959.958032][T24691] ? down_read+0x13b/0x460 [ 959.958092][T24691] do_madvise+0x195/0x240 [ 959.958122][T24691] ? __pfx_do_madvise+0x10/0x10 [ 959.958158][T24691] ? do_futex+0x192/0x350 [ 959.958225][T24691] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 959.958274][T24691] __x64_sys_madvise+0xa9/0x110 [ 959.958312][T24691] ? lockdep_hardirqs_on+0x78/0x100 [ 959.958350][T24691] do_syscall_64+0x106/0xf80 [ 959.958388][T24691] ? clear_bhb_loop+0x40/0x90 [ 959.958431][T24691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 959.958467][T24691] RIP: 0033:0x7ff770f9c799 [ 959.958496][T24691] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 959.958531][T24691] RSP: 002b:00007ff771e49028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 959.958566][T24691] RAX: ffffffffffffffda RBX: 00007ff771215fa0 RCX: 00007ff770f9c799 [ 959.958591][T24691] RDX: 0000000000000019 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 959.958615][T24691] RBP: 00007ff771032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 959.958637][T24691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 959.958659][T24691] R13: 00007ff771216038 R14: 00007ff771215fa0 R15: 00007ffc41c62318 [ 959.958703][T24691] [ 960.660638][T20868] Bluetooth: hci5: command tx timeout [ 961.047770][T24708] netlink: 'syz.4.6598': attribute type 27 has an invalid length. [ 961.091439][T24708] netlink: 'syz.4.6598': attribute type 28 has an invalid length. [ 961.135768][T24708] netlink: 'syz.4.6598': attribute type 29 has an invalid length. [ 961.144162][T24708] netlink: 'syz.4.6598': attribute type 30 has an invalid length. [ 961.154563][T24708] netlink: 'syz.4.6598': attribute type 31 has an invalid length. [ 961.175186][T24708] netlink: 'syz.4.6598': attribute type 32 has an invalid length. [ 961.192945][T24708] netlink: 'syz.4.6598': attribute type 33 has an invalid length. [ 961.210746][T24708] netlink: 'syz.4.6598': attribute type 35 has an invalid length. [ 961.258176][T24708] netlink: 'syz.4.6598': attribute type 37 has an invalid length. [ 961.287721][T24708] netlink: 18 bytes leftover after parsing attributes in process `syz.4.6598'. [ 961.545690][T24721] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6600'. [ 961.576435][T24721] veth1_vlan: entered allmulticast mode [ 962.142541][T24736] netlink: 202 bytes leftover after parsing attributes in process `syz.0.6607'. [ 962.646381][T24750] openvswitch: netlink: IP tunnel dst address not specified [ 962.823406][T24752] FAULT_INJECTION: forcing a failure. [ 962.823406][T24752] name fail_futex, interval 1, probability 0, space 0, times 0 [ 962.906991][T24752] CPU: 1 UID: 0 PID: 24752 Comm: syz.5.6611 Tainted: G U L syzkaller #0 PREEMPT(full) [ 962.907048][T24752] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 962.907061][T24752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 962.907080][T24752] Call Trace: [ 962.907090][T24752] [ 962.907104][T24752] dump_stack_lvl+0x100/0x190 [ 962.907162][T24752] should_fail_ex.cold+0x5/0xa [ 962.907202][T24752] get_futex_key+0x1d2/0x1620 [ 962.907258][T24752] ? __pfx_get_futex_key+0x10/0x10 [ 962.907314][T24752] futex_wake+0xea/0x530 [ 962.907370][T24752] ? __pfx_futex_wake+0x10/0x10 [ 962.907432][T24752] ? proc_id_connector+0x2ed/0x650 [ 962.907473][T24752] do_futex+0x32b/0x350 [ 962.907517][T24752] ? __pfx_do_futex+0x10/0x10 [ 962.907561][T24752] ? find_held_lock+0x2b/0x80 [ 962.907601][T24752] __x64_sys_futex+0x34f/0x4d0 [ 962.907652][T24752] ? __pfx___x64_sys_futex+0x10/0x10 [ 962.907714][T24752] do_syscall_64+0x106/0xf80 [ 962.907753][T24752] ? clear_bhb_loop+0x40/0x90 [ 962.907795][T24752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 962.907831][T24752] RIP: 0033:0x7ff770f9c799 [ 962.907861][T24752] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 962.907893][T24752] RSP: 002b:00007ff771e490e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 962.907927][T24752] RAX: ffffffffffffffda RBX: 00007ff771215fa8 RCX: 00007ff770f9c799 [ 962.907949][T24752] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff771215fac [ 962.907972][T24752] RBP: 00007ff771215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 962.907993][T24752] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 962.908013][T24752] R13: 00007ff771216038 R14: 00007ffc41c62230 R15: 00007ffc41c62318 [ 962.908058][T24752] [ 964.610559][T24794] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 964.842732][T24797] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6629'. [ 964.886932][T24797] netlink: 338 bytes leftover after parsing attributes in process `syz.4.6629'. [ 964.958631][T24797] netlink: 134 bytes leftover after parsing attributes in process `syz.4.6629'. [ 965.160788][T24802] FAULT_INJECTION: forcing a failure. [ 965.160788][T24802] name failslab, interval 1, probability 0, space 0, times 0 [ 965.210721][T24802] CPU: 1 UID: 8 PID: 24802 Comm: syz.5.6630 Tainted: G U L syzkaller #0 PREEMPT(full) [ 965.210783][T24802] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 965.210797][T24802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 965.210819][T24802] Call Trace: [ 965.210831][T24802] [ 965.210845][T24802] dump_stack_lvl+0x100/0x190 [ 965.210903][T24802] should_fail_ex.cold+0x5/0xa [ 965.210945][T24802] should_failslab+0xc2/0x120 [ 965.210977][T24802] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 965.211044][T24802] ? key_alloc+0x423/0x1310 [ 965.211076][T24802] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 965.211132][T24802] kmemdup_noprof+0x29/0x60 [ 965.211183][T24802] key_alloc+0x423/0x1310 [ 965.211231][T24802] ? __pfx_key_alloc+0x10/0x10 [ 965.211263][T24802] ? __pfx_key_default_cmp+0x10/0x10 [ 965.211301][T24802] ? __pfx_keyring_search_iterator+0x10/0x10 [ 965.211346][T24802] keyring_alloc+0x44/0xc0 [ 965.211387][T24802] look_up_user_keyrings+0x465/0x790 [ 965.211445][T24802] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 965.211494][T24802] ? futex_wait+0x125/0x380 [ 965.211548][T24802] ? __pfx_futex_wait+0x10/0x10 [ 965.211610][T24802] lookup_user_key+0xbb1/0x1300 [ 965.211665][T24802] ? __pfx_lookup_user_key+0x10/0x10 [ 965.211729][T24802] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 965.211790][T24802] ? __x64_sys_futex+0x34f/0x4d0 [ 965.211832][T24802] ? __x64_sys_futex+0x358/0x4d0 [ 965.211886][T24802] keyctl_session_to_parent+0x28/0xae0 [ 965.211943][T24802] __do_sys_keyctl+0x2b1/0x5a0 [ 965.212000][T24802] do_syscall_64+0x106/0xf80 [ 965.212039][T24802] ? clear_bhb_loop+0x40/0x90 [ 965.212081][T24802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 965.212124][T24802] RIP: 0033:0x7ff770f9c799 [ 965.212151][T24802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 965.212185][T24802] RSP: 002b:00007ff771e49028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 965.212214][T24802] RAX: ffffffffffffffda RBX: 00007ff771215fa0 RCX: 00007ff770f9c799 [ 965.212237][T24802] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 965.212259][T24802] RBP: 00007ff771032bd9 R08: 0000000000000001 R09: 0000000000000000 [ 965.212280][T24802] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 965.212300][T24802] R13: 00007ff771216038 R14: 00007ff771215fa0 R15: 00007ffc41c62318 [ 965.212346][T24802] [ 966.623234][T24827] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6640'. [ 966.667970][T24831] netlink: 306 bytes leftover after parsing attributes in process `syz.7.6641'. [ 968.375160][T24881] netlink: 342 bytes leftover after parsing attributes in process `syz.7.6661'. [ 968.604888][T24879] FAULT_INJECTION: forcing a failure. [ 968.604888][T24879] name failslab, interval 1, probability 0, space 0, times 0 [ 968.628767][T24879] CPU: 1 UID: 0 PID: 24879 Comm: syz.4.6660 Tainted: G U L syzkaller #0 PREEMPT(full) [ 968.628826][T24879] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 968.628839][T24879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 968.628861][T24879] Call Trace: [ 968.628874][T24879] [ 968.628888][T24879] dump_stack_lvl+0x100/0x190 [ 968.628952][T24879] should_fail_ex.cold+0x5/0xa [ 968.628995][T24879] should_failslab+0xc2/0x120 [ 968.629030][T24879] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 968.629078][T24879] ? dst_alloc+0x99/0x1a0 [ 968.629114][T24879] ? __pfx_ip6_dst_gc+0x10/0x10 [ 968.629173][T24879] dst_alloc+0x99/0x1a0 [ 968.629210][T24879] ip6_rt_cache_alloc+0x1ea/0x8e0 [ 968.629259][T24879] ? __pfx_ip6_rt_cache_alloc+0x10/0x10 [ 968.629316][T24879] ip6_pol_route+0xd59/0x1230 [ 968.629368][T24879] ? __pfx_ip6_pol_route+0x10/0x10 [ 968.629423][T24879] ? find_held_lock+0x2b/0x80 [ 968.629459][T24879] ? bpf_ksym_find+0x124/0x1c0 [ 968.629507][T24879] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 968.629557][T24879] fib6_rule_lookup+0x24c/0x720 [ 968.629602][T24879] ? __kernel_text_address+0xd/0x30 [ 968.629652][T24879] ? unwind_get_return_address+0x59/0xa0 [ 968.629689][T24879] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 968.629749][T24879] ? __pfx_rt6_probe+0x10/0x10 [ 968.629788][T24879] ? stack_trace_save+0x8e/0xc0 [ 968.629821][T24879] ? rt6_score_route+0x14a/0xa60 [ 968.629869][T24879] ip6_route_output_flags+0x1d0/0x650 [ 968.629917][T24879] ip6_dst_lookup_tail.constprop.0+0x116/0x2110 [ 968.629981][T24879] ? __pfx___find_rr_leaf+0x10/0x10 [ 968.630027][T24879] ? __pfx___find_rr_leaf+0x10/0x10 [ 968.630078][T24879] ? __pfx_ip6_dst_lookup_tail.constprop.0+0x10/0x10 [ 968.630128][T24879] ? __pfx_ip6_compressed_string+0x10/0x10 [ 968.630186][T24879] ? __lock_acquire+0x4a5/0x2630 [ 968.630230][T24879] ? rcu_is_watching+0x12/0xc0 [ 968.630293][T24879] ip6_dst_lookup_flow+0x99/0x1d0 [ 968.630343][T24879] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 968.630389][T24879] ? find_held_lock+0x2b/0x80 [ 968.630420][T24879] ? rawv6_sendmsg+0xb3c/0x4750 [ 968.630460][T24879] ? rawv6_sendmsg+0xb3c/0x4750 [ 968.630507][T24879] rawv6_sendmsg+0xe61/0x4750 [ 968.630553][T24879] ? aa_profile_af_perm+0x311/0x3a0 [ 968.630613][T24879] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 968.630665][T24879] ? trace_ignore_this_task+0x56/0x100 [ 968.630715][T24879] ? trace_ignore_this_task+0x56/0x100 [ 968.630805][T24879] ? __import_iovec+0x1d2/0x640 [ 968.630863][T24879] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 968.630907][T24879] ? inet_sendmsg+0x11c/0x140 [ 968.630964][T24879] inet_sendmsg+0x11c/0x140 [ 968.631016][T24879] ____sys_sendmsg+0x9ad/0xc30 [ 968.631072][T24879] ? __pfx_____sys_sendmsg+0x10/0x10 [ 968.631126][T24879] ? futex_unqueue+0x133/0x2c0 [ 968.631179][T24879] ___sys_sendmsg+0x190/0x1e0 [ 968.631233][T24879] ? __pfx____sys_sendmsg+0x10/0x10 [ 968.631283][T24879] ? __pfx___futex_wait+0x10/0x10 [ 968.631351][T24879] ? find_held_lock+0x2b/0x80 [ 968.631411][T24879] __sys_sendmmsg+0x205/0x430 [ 968.631453][T24879] ? __pfx___sys_sendmmsg+0x10/0x10 [ 968.631498][T24879] ? __pfx_do_futex+0x10/0x10 [ 968.631556][T24879] ? xfd_validate_state+0x129/0x190 [ 968.631611][T24879] __x64_sys_sendmmsg+0x9c/0x100 [ 968.631648][T24879] ? lockdep_hardirqs_on+0x78/0x100 [ 968.631683][T24879] do_syscall_64+0x106/0xf80 [ 968.631717][T24879] ? clear_bhb_loop+0x40/0x90 [ 968.631756][T24879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 968.631790][T24879] RIP: 0033:0x7f5c8e19c799 [ 968.631817][T24879] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 968.631853][T24879] RSP: 002b:00007f5c8efdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 968.631884][T24879] RAX: ffffffffffffffda RBX: 00007f5c8e415fa0 RCX: 00007f5c8e19c799 [ 968.631907][T24879] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 968.631926][T24879] RBP: 00007f5c8e232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 968.631956][T24879] R10: 0000000007fffffe R11: 0000000000000246 R12: 0000000000000000 [ 968.631977][T24879] R13: 00007f5c8e416038 R14: 00007f5c8e415fa0 R15: 00007ffdddf34368 [ 968.632021][T24879] [ 969.115972][T24890] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 969.385950][T24895] netlink: 186 bytes leftover after parsing attributes in process `syz.5.6667'. [ 969.909507][T24908] netlink: 266 bytes leftover after parsing attributes in process `syz.7.6672'. [ 969.979910][T24908] IPv6: NLM_F_CREATE should be specified when creating new route [ 970.008387][T24912] netlink: 334 bytes leftover after parsing attributes in process `syz.5.6673'. [ 970.773830][T24932] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6680'. [ 970.819408][T24932] team0 (unregistering): Port device team_slave_0 removed [ 970.834879][T24932] team0 (unregistering): Port device team_slave_1 removed [ 972.424405][T24967] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6691'. [ 972.473660][T24967] team0 (unregistering): Port device team_slave_0 removed [ 972.502660][T24967] team0 (unregistering): Port device team_slave_1 removed [ 972.521726][T24969] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6693'. [ 972.533260][T24969] netlink: 13 bytes leftover after parsing attributes in process `syz.4.6693'. [ 973.190236][T24985] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 976.159081][T25040] FAULT_INJECTION: forcing a failure. [ 976.159081][T25040] name fail_futex, interval 1, probability 0, space 0, times 0 [ 976.200250][T25040] CPU: 0 UID: 0 PID: 25040 Comm: syz.7.6717 Tainted: G U L syzkaller #0 PREEMPT(full) [ 976.200307][T25040] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 976.200319][T25040] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 976.200341][T25040] Call Trace: [ 976.200352][T25040] [ 976.200366][T25040] dump_stack_lvl+0x100/0x190 [ 976.200434][T25040] should_fail_ex.cold+0x5/0xa [ 976.200475][T25040] get_futex_key+0x1d2/0x1620 [ 976.200522][T25040] ? __pfx_get_futex_key+0x10/0x10 [ 976.200575][T25040] futex_wake+0xea/0x530 [ 976.200630][T25040] ? __pfx_futex_wake+0x10/0x10 [ 976.200693][T25040] ? proc_id_connector+0x2ed/0x650 [ 976.200735][T25040] do_futex+0x32b/0x350 [ 976.200779][T25040] ? __pfx_do_futex+0x10/0x10 [ 976.200823][T25040] ? find_held_lock+0x2b/0x80 [ 976.200860][T25040] __x64_sys_futex+0x34f/0x4d0 [ 976.200909][T25040] ? __pfx___x64_sys_futex+0x10/0x10 [ 976.200968][T25040] do_syscall_64+0x106/0xf80 [ 976.201005][T25040] ? clear_bhb_loop+0x40/0x90 [ 976.201047][T25040] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 976.201083][T25040] RIP: 0033:0x7f702f99c799 [ 976.201112][T25040] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 976.201148][T25040] RSP: 002b:00007f70307fb0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 976.201182][T25040] RAX: ffffffffffffffda RBX: 00007f702fc15fa8 RCX: 00007f702f99c799 [ 976.201203][T25040] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f702fc15fac [ 976.201230][T25040] RBP: 00007f702fc15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 976.201251][T25040] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 976.201271][T25040] R13: 00007f702fc16038 R14: 00007ffd2109f6a0 R15: 00007ffd2109f788 [ 976.201315][T25040] [ 976.732816][T25048] Loading of unsigned module is rejected [ 978.054642][ T30] audit: type=1800 audit(1772194907.483:25): pid=25067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.6724" name="trace_marker" dev="tracefs" ino=3539 res=0 errno=0 [ 978.202682][T25085] netlink: 306 bytes leftover after parsing attributes in process `syz.0.6729'. [ 978.924070][T25095] netlink: 202 bytes leftover after parsing attributes in process `syz.5.6741'. [ 980.207214][T25123] netlink: 306 bytes leftover after parsing attributes in process `syz.4.6740'. [ 980.313229][T25121] netlink: 326 bytes leftover after parsing attributes in process `syz.7.6749'. [ 981.446318][T25147] netlink: 202 bytes leftover after parsing attributes in process `syz.4.6746'. [ 984.182262][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802a6d6c00: rx timeout, send abort [ 984.190757][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802a6d6800: rx timeout, send abort [ 984.199743][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802a6d6c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 984.214278][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802a6d6800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 984.631401][T25183] sp0: Synchronizing with TNC [ 985.488703][T25196] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6765'. [ 986.020297][ T30] audit: type=1800 audit(1772194915.439:26): pid=25206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.6769" name="trace_marker" dev="tracefs" ino=3539 res=0 errno=0 [ 986.922711][T25219] zswap: compressor 000 not available [ 988.248248][T25260] [U]  [ 988.251155][T25260] [U] [ 988.253925][T25260] [U] [ 988.256674][T25260] [U] [ 988.260702][T25260] [U] [ 988.263490][T25260] [U] [ 988.266292][T25260] [U] [ 988.269075][T25260] [U] [ 988.272839][T25260] [U] [ 988.275631][T25260] [U] [ 988.278398][T25260] [U] [ 988.281155][T25260] [U] [ 988.285547][T25260] [U] [ 988.288336][T25260] [U] [ 988.291095][T25260] [U] [ 988.293858][T25260] [U] [ 988.300113][T25260] [U] [ 988.302911][T25260] [U] [ 988.305676][T25260] [U] [ 988.308527][T25260] [U] [ 988.312443][T25260] [U] [ 988.315288][T25260] [U] [ 988.318052][T25260] [U] [ 988.320811][T25260] [U] [ 988.328661][T25260] [U] [ 988.331466][T25260] [U] [ 988.334249][T25260] [U] [ 988.337020][T25260] [U] [ 988.341862][T25260] [U] [ 988.344664][T25260] [U] [ 988.347423][T25260] [U] [ 988.350193][T25260] [U] [ 988.374277][T25260] [U] [ 988.377083][T25260] [U] [ 988.379848][T25260] [U] [ 988.382612][T25260] [U] [ 988.388354][T25260] [U] [ 988.391151][T25260] [U] [ 988.393919][T25260] [U] [ 988.396677][T25260] [U] [ 988.419119][T25260] [U] [ 988.421932][T25260] [U] [ 988.424713][T25260] [U] [ 988.427472][T25260] [U] [ 988.460409][T25260] [U] [ 988.463216][T25260] [U] [ 988.466003][T25260] [U] [ 988.468779][T25260] [U] [ 988.472734][T25260] [U] [ 988.475523][T25260] [U] [ 988.478288][T25260] [U] [ 988.481070][T25260] [U] [ 988.485604][T25260] [U] [ 988.488387][T25260] [U] [ 988.491153][T25260] [U] [ 988.494024][T25260] [U] [ 988.522041][T25260] [U] [ 988.524849][T25260] [U] [ 988.527635][T25260] [U] [ 988.530411][T25260] [U] [ 988.551753][T25260] [U] [ 988.554581][T25260] [U] [ 988.557355][T25260] [U] [ 988.560134][T25260] [U] [ 988.684346][T25260] [U] [ 988.687151][T25260] [U] [ 988.689915][T25260] [U] [ 988.692679][T25260] [U] [ 988.761382][T25260] [U] [ 988.764201][T25260] [U] [ 988.766962][T25260] [U] [ 988.769722][T25260] [U] [ 988.844361][T25260] [U] [ 988.847174][T25260] [U] [ 988.849949][T25260] [U] [ 988.852710][T25260] [U] [ 988.887564][T25260] [U] [ 988.890393][T25260] [U] [ 988.893160][T25260] [U] [ 988.895924][T25260] [U] [ 988.964462][T25260] [U] [ 988.967256][T25260] [U] [ 988.970000][T25260] [U] [ 988.972745][T25260] [U] [ 989.011042][T25260] [U] [ 989.013837][T25260] [U] [ 989.016603][T25260] [U] [ 989.019361][T25260] [U] [ 989.041454][T25260] [U] [ 989.044254][T25260] [U] [ 989.047014][T25260] [U] [ 989.049773][T25260] [U] [ 989.053020][T25260] [U] [ 989.055788][T25260] [U] [ 989.058550][T25260] [U] [ 989.061301][T25260] [U] [ 989.065129][T25260] [U] [ 989.068012][T25260] [U] [ 989.070783][T25260] [U] [ 989.073552][T25260] [U] [ 989.095271][T25260] [U] [ 989.098069][T25260] [U] [ 989.100845][T25260] [U] [ 989.104039][T25260] [U] [ 989.108461][T25260] [U] [ 989.111242][T25260] [U] [ 989.113996][T25260] [U] [ 989.116770][T25260] [U] [ 989.150645][T25260] [U] [ 989.862733][T25287] FAULT_INJECTION: forcing a failure. [ 989.862733][T25287] name failslab, interval 1, probability 0, space 0, times 0 [ 989.920786][T25287] CPU: 0 UID: 0 PID: 25287 Comm: syz.7.6792 Tainted: G U L syzkaller #0 PREEMPT(full) [ 989.920828][T25287] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 989.920838][T25287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 989.920853][T25287] Call Trace: [ 989.920862][T25287] [ 989.920872][T25287] dump_stack_lvl+0x100/0x190 [ 989.920914][T25287] should_fail_ex.cold+0x5/0xa [ 989.920942][T25287] should_failslab+0xc2/0x120 [ 989.920966][T25287] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 989.921001][T25287] ? security_file_alloc+0x34/0x2c0 [ 989.921042][T25287] ? trace_kmem_cache_alloc+0xf3/0x120 [ 989.921070][T25287] security_file_alloc+0x34/0x2c0 [ 989.921118][T25287] init_file+0x95/0x480 [ 989.921145][T25287] alloc_empty_file+0x73/0x1c0 [ 989.921175][T25287] dentry_open+0x46/0xd0 [ 989.921204][T25287] ima_calc_file_hash+0x2ad/0x480 [ 989.921241][T25287] ima_collect_measurement+0x887/0xa40 [ 989.921286][T25287] ? __pfx_ima_collect_measurement+0x10/0x10 [ 989.921322][T25287] ? lock_acquire+0x1cf/0x380 [ 989.921370][T25287] ? process_measurement+0x5ab/0x2350 [ 989.921401][T25287] ? is_bad_inode+0xd/0x40 [ 989.921435][T25287] ? xattr_resolve_name+0x27d/0x3f0 [ 989.921477][T25287] ? vfs_getxattr_alloc+0xec/0x350 [ 989.921522][T25287] ? ima_get_hash_algo+0x22d/0x400 [ 989.921551][T25287] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 989.921586][T25287] ? process_measurement+0xdfe/0x2350 [ 989.921617][T25287] process_measurement+0xdfe/0x2350 [ 989.921660][T25287] ? __pfx_process_measurement+0x10/0x10 [ 989.921765][T25287] ? mutex_init_lockep+0x110/0x150 [ 989.921816][T25287] ? seq_open+0x116/0x170 [ 989.921863][T25287] ? inode_to_bdi+0x9e/0x160 [ 989.921905][T25287] ima_file_check+0xcc/0x120 [ 989.921939][T25287] ? __pfx_ima_file_check+0x10/0x10 [ 989.921978][T25287] security_file_post_open+0xc4/0x210 [ 989.922018][T25287] path_openat+0x1418/0x31a0 [ 989.922051][T25287] ? __pfx_path_openat+0x10/0x10 [ 989.922085][T25287] do_file_open+0x20e/0x430 [ 989.922116][T25287] ? __pfx_do_file_open+0x10/0x10 [ 989.922161][T25287] ? alloc_fd+0x476/0x790 [ 989.922203][T25287] ? do_getname+0x191/0x390 [ 989.922235][T25287] do_sys_openat2+0x10d/0x1e0 [ 989.922266][T25287] ? __pfx_do_sys_openat2+0x10/0x10 [ 989.922307][T25287] __x64_sys_openat+0x12d/0x210 [ 989.922338][T25287] ? __pfx___x64_sys_openat+0x10/0x10 [ 989.922383][T25287] do_syscall_64+0x106/0xf80 [ 989.922410][T25287] ? clear_bhb_loop+0x40/0x90 [ 989.922440][T25287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 989.922466][T25287] RIP: 0033:0x7f702f99c799 [ 989.922487][T25287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 989.922511][T25287] RSP: 002b:00007f70307fb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 989.922536][T25287] RAX: ffffffffffffffda RBX: 00007f702fc15fa0 RCX: 00007f702f99c799 [ 989.922552][T25287] RDX: 0000000000020803 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 989.922569][T25287] RBP: 00007f702fa32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 989.922585][T25287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 989.922600][T25287] R13: 00007f702fc16038 R14: 00007f702fc15fa0 R15: 00007ffd2109f788 [ 989.922632][T25287] [ 990.257024][ T30] audit: type=1800 audit(1772194919.667:27): pid=25287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.6792" name="set_event_notrace_pid" dev="tracefs" ino=26 res=0 errno=0 [ 990.706194][T20868] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 993.387362][T25339] netlink: 326 bytes leftover after parsing attributes in process `syz.5.6808'. [ 993.486553][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.493159][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.631460][T25343] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6810'. [ 993.905907][T25357] ubi0: attaching mtd0 [ 993.916902][T25357] ubi0: scanning is finished [ 993.922192][T25357] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 994.152692][T25357] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 995.688751][T25384] netlink: 330 bytes leftover after parsing attributes in process `syz.5.6823'. [ 997.311461][T25422] FAULT_INJECTION: forcing a failure. [ 997.311461][T25422] name failslab, interval 1, probability 0, space 0, times 0 [ 997.346074][T25422] CPU: 0 UID: 0 PID: 25422 Comm: syz.4.6842 Tainted: G U L syzkaller #0 PREEMPT(full) [ 997.346136][T25422] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 997.346151][T25422] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 997.346173][T25422] Call Trace: [ 997.346185][T25422] [ 997.346199][T25422] dump_stack_lvl+0x100/0x190 [ 997.346259][T25422] should_fail_ex.cold+0x5/0xa [ 997.346299][T25422] should_failslab+0xc2/0x120 [ 997.346333][T25422] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 997.346381][T25422] ? security_file_alloc+0x34/0x2c0 [ 997.346445][T25422] ? trace_kmem_cache_alloc+0xf3/0x120 [ 997.346486][T25422] security_file_alloc+0x34/0x2c0 [ 997.346544][T25422] init_file+0x95/0x480 [ 997.346584][T25422] alloc_empty_file+0x73/0x1c0 [ 997.346627][T25422] dentry_open+0x46/0xd0 [ 997.346668][T25422] ima_calc_file_hash+0x2ad/0x480 [ 997.346727][T25422] ima_collect_measurement+0x887/0xa40 [ 997.346791][T25422] ? __pfx_ima_collect_measurement+0x10/0x10 [ 997.346842][T25422] ? lock_acquire+0x1cf/0x380 [ 997.346908][T25422] ? process_measurement+0x5ab/0x2350 [ 997.346955][T25422] ? is_bad_inode+0xd/0x40 [ 997.347002][T25422] ? xattr_resolve_name+0x27d/0x3f0 [ 997.347062][T25422] ? vfs_getxattr_alloc+0xec/0x350 [ 997.347127][T25422] ? ima_get_hash_algo+0x22d/0x400 [ 997.347168][T25422] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 997.347219][T25422] ? process_measurement+0xdfe/0x2350 [ 997.347262][T25422] process_measurement+0xdfe/0x2350 [ 997.347320][T25422] ? __pfx_process_measurement+0x10/0x10 [ 997.347420][T25422] ? mutex_init_lockep+0x110/0x150 [ 997.347475][T25422] ? seq_open+0x116/0x170 [ 997.347518][T25422] ? inode_to_bdi+0x9e/0x160 [ 997.347576][T25422] ima_file_check+0xcc/0x120 [ 997.347623][T25422] ? __pfx_ima_file_check+0x10/0x10 [ 997.347678][T25422] security_file_post_open+0xc4/0x210 [ 997.347735][T25422] path_openat+0x1418/0x31a0 [ 997.347783][T25422] ? __pfx_path_openat+0x10/0x10 [ 997.347833][T25422] do_file_open+0x20e/0x430 [ 997.347870][T25422] ? __pfx_do_file_open+0x10/0x10 [ 997.347934][T25422] ? alloc_fd+0x476/0x790 [ 997.347992][T25422] ? do_getname+0x191/0x390 [ 997.348037][T25422] do_sys_openat2+0x10d/0x1e0 [ 997.348081][T25422] ? __pfx_do_sys_openat2+0x10/0x10 [ 997.348139][T25422] __x64_sys_openat+0x12d/0x210 [ 997.348189][T25422] ? __pfx___x64_sys_openat+0x10/0x10 [ 997.348245][T25422] do_syscall_64+0x106/0xf80 [ 997.348284][T25422] ? clear_bhb_loop+0x40/0x90 [ 997.348326][T25422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 997.348360][T25422] RIP: 0033:0x7f5c8e19c799 [ 997.348389][T25422] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 997.348432][T25422] RSP: 002b:00007f5c8efdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 997.348466][T25422] RAX: ffffffffffffffda RBX: 00007f5c8e415fa0 RCX: 00007f5c8e19c799 [ 997.348489][T25422] RDX: 0000000000020803 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 997.348511][T25422] RBP: 00007f5c8e232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 997.348531][T25422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 997.348552][T25422] R13: 00007f5c8e416038 R14: 00007f5c8e415fa0 R15: 00007ffdddf34368 [ 997.348598][T25422] [ 997.734315][ T30] audit: type=1800 audit(1772194927.143:28): pid=25422 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6842" name="set_event_notrace_pid" dev="tracefs" ino=26 res=0 errno=0 [ 997.857482][T25426] netlink: 330 bytes leftover after parsing attributes in process `syz.7.6835'. [ 998.694854][T25442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 998.726835][T25442] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 998.978715][T25448] futex_wake_op: syz.0.6845 tries to shift op by -2048; fix this program [ 999.423806][T25456] ubi0: attaching mtd0 [ 999.435907][T25456] ubi0: scanning is finished [ 999.447646][T25456] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 999.593469][ T8723] Bluetooth: hci0: unexpected event 0x07 length: 435 > 255 [ 999.799870][T25456] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1000.665227][T25482] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6857'. [ 1000.690061][T25482] netlink: 294 bytes leftover after parsing attributes in process `syz.4.6857'. [ 1000.905407][T25488] FAULT_INJECTION: forcing a failure. [ 1000.905407][T25488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1000.920750][T25488] CPU: 1 UID: 0 PID: 25488 Comm: syz.4.6858 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1000.920809][T25488] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1000.920822][T25488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1000.920844][T25488] Call Trace: [ 1000.920855][T25488] [ 1000.920868][T25488] dump_stack_lvl+0x100/0x190 [ 1000.920924][T25488] should_fail_ex.cold+0x5/0xa [ 1000.920966][T25488] _copy_from_user+0x2e/0xd0 [ 1000.921022][T25488] copy_msghdr_from_user+0x9f/0x4f0 [ 1000.921075][T25488] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1000.921134][T25488] ? rcu_is_watching+0x12/0xc0 [ 1000.921185][T25488] ? ___sys_sendmsg+0x19d/0x1e0 [ 1000.921241][T25488] ? kfree+0x2ec/0x6b0 [ 1000.921290][T25488] ___sys_sendmsg+0x106/0x1e0 [ 1000.921346][T25488] ? __pfx____sys_sendmsg+0x10/0x10 [ 1000.921434][T25488] ? __pfx___might_resched+0x10/0x10 [ 1000.921493][T25488] __sys_sendmmsg+0x205/0x430 [ 1000.921538][T25488] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1000.921575][T25488] ? __local_bh_enable_ip+0x9e/0x120 [ 1000.921624][T25488] ? __pfx_do_futex+0x10/0x10 [ 1000.921693][T25488] ? xfd_validate_state+0x129/0x190 [ 1000.921752][T25488] __x64_sys_sendmmsg+0x9c/0x100 [ 1000.921791][T25488] ? lockdep_hardirqs_on+0x78/0x100 [ 1000.921830][T25488] do_syscall_64+0x106/0xf80 [ 1000.921867][T25488] ? clear_bhb_loop+0x40/0x90 [ 1000.921910][T25488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1000.921945][T25488] RIP: 0033:0x7f5c8e19c799 [ 1000.921974][T25488] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1000.922010][T25488] RSP: 002b:00007f5c8efdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1000.922043][T25488] RAX: ffffffffffffffda RBX: 00007f5c8e415fa0 RCX: 00007f5c8e19c799 [ 1000.922066][T25488] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 1000.922086][T25488] RBP: 00007f5c8e232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1000.922107][T25488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1000.922126][T25488] R13: 00007f5c8e416038 R14: 00007f5c8e415fa0 R15: 00007ffdddf34368 [ 1000.922169][T25488] [ 1001.545197][T25501] netlink: 338 bytes leftover after parsing attributes in process `syz.7.6863'. [ 1001.566782][T25501] team_slave_0: entered allmulticast mode [ 1002.113129][ T30] audit: type=1804 audit(1772194931.531:29): pid=25510 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.7.6864" name="/newroot/73/file0" dev="tmpfs" ino=390 res=1 errno=0 [ 1002.175261][ T30] audit: type=1804 audit(1772194931.531:30): pid=25511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.6864" name="/newroot/73/file0" dev="tmpfs" ino=390 res=1 errno=0 [ 1002.504411][T25515] sp0: Synchronizing with TNC [ 1003.509506][T25537] sp0: Synchronizing with TNC [ 1004.586916][T25558] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6881'. [ 1004.608276][T25558] netlink: 'syz.4.6881': attribute type 1 has an invalid length. [ 1004.628326][T25558] netlink: 13 bytes leftover after parsing attributes in process `syz.4.6881'. [ 1006.008664][T25580] futex_wake_op: syz.5.6888 tries to shift op by -2048; fix this program [ 1006.051043][T25580] futex_wake_op: syz.5.6888 tries to shift op by -2048; fix this program [ 1006.096797][T25580] 0x000000000001-0x000000020000 : "" [ 1006.125726][T25580] ftl_cs: FTL header corrupt! [ 1006.964096][T25606] FAULT_INJECTION: forcing a failure. [ 1006.964096][T25606] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1007.033366][T25606] CPU: 0 UID: 0 PID: 25606 Comm: syz.5.6898 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1007.033411][T25606] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1007.033422][T25606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1007.033438][T25606] Call Trace: [ 1007.033447][T25606] [ 1007.033458][T25606] dump_stack_lvl+0x100/0x190 [ 1007.033501][T25606] should_fail_ex.cold+0x5/0xa [ 1007.033530][T25606] _copy_from_user+0x2e/0xd0 [ 1007.033570][T25606] copy_msghdr_from_user+0x9f/0x4f0 [ 1007.033610][T25606] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1007.033652][T25606] ? rcu_is_watching+0x12/0xc0 [ 1007.033696][T25606] ? ___sys_sendmsg+0x19d/0x1e0 [ 1007.033732][T25606] ? kfree+0x2ec/0x6b0 [ 1007.033767][T25606] ___sys_sendmsg+0x106/0x1e0 [ 1007.033806][T25606] ? __pfx____sys_sendmsg+0x10/0x10 [ 1007.033869][T25606] ? __pfx___might_resched+0x10/0x10 [ 1007.033911][T25606] __sys_sendmmsg+0x205/0x430 [ 1007.033943][T25606] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1007.033970][T25606] ? __local_bh_enable_ip+0x9e/0x120 [ 1007.034005][T25606] ? __pfx_do_futex+0x10/0x10 [ 1007.034050][T25606] ? xfd_validate_state+0x129/0x190 [ 1007.034093][T25606] __x64_sys_sendmmsg+0x9c/0x100 [ 1007.034121][T25606] ? lockdep_hardirqs_on+0x78/0x100 [ 1007.034150][T25606] do_syscall_64+0x106/0xf80 [ 1007.034177][T25606] ? clear_bhb_loop+0x40/0x90 [ 1007.034207][T25606] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1007.034234][T25606] RIP: 0033:0x7ff770f9c799 [ 1007.034255][T25606] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1007.034282][T25606] RSP: 002b:00007ff771e49028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1007.034307][T25606] RAX: ffffffffffffffda RBX: 00007ff771215fa0 RCX: 00007ff770f9c799 [ 1007.034325][T25606] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 1007.034341][T25606] RBP: 00007ff771032bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1007.034358][T25606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1007.034374][T25606] R13: 00007ff771216038 R14: 00007ff771215fa0 R15: 00007ffc41c62318 [ 1007.034406][T25606] [ 1008.528209][T25629] sp0: Synchronizing with TNC [ 1009.034109][ T30] audit: type=1804 audit(1772194938.438:31): pid=25634 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.6903" name="file0" dev="tmpfs" ino=9093 res=1 errno=0 [ 1009.113828][ T30] audit: type=1804 audit(1772194938.508:32): pid=25639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.6903" name="file0" dev="tmpfs" ino=9093 res=1 errno=0 [ 1009.651617][T25653] sp0: Synchronizing with TNC [ 1010.141710][T25662] FAULT_INJECTION: forcing a failure. [ 1010.141710][T25662] name failslab, interval 1, probability 0, space 0, times 0 [ 1010.156459][T25662] CPU: 0 UID: 0 PID: 25662 Comm: syz.4.6917 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1010.156518][T25662] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1010.156533][T25662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1010.156555][T25662] Call Trace: [ 1010.156568][T25662] [ 1010.156581][T25662] dump_stack_lvl+0x100/0x190 [ 1010.156639][T25662] should_fail_ex.cold+0x5/0xa [ 1010.156678][T25662] ? tomoyo_supervisor+0x65d/0x1340 [ 1010.156744][T25662] should_failslab+0xc2/0x120 [ 1010.156780][T25662] __kmalloc_noprof+0xe0/0x850 [ 1010.156839][T25662] tomoyo_supervisor+0x65d/0x1340 [ 1010.156888][T25662] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1010.156960][T25662] ? tomoyo_check_path_acl+0x141/0x210 [ 1010.157015][T25662] ? tomoyo_check_acl+0x1f7/0x410 [ 1010.157066][T25662] tomoyo_path_permission+0x270/0x3b0 [ 1010.157124][T25662] tomoyo_check_open_permission+0x37f/0x3c0 [ 1010.157178][T25662] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1010.157270][T25662] ? do_raw_spin_lock+0x128/0x260 [ 1010.157332][T25662] ? path_get+0x61/0x80 [ 1010.157371][T25662] tomoyo_file_open+0x6b/0x90 [ 1010.157415][T25662] security_file_open+0xb5/0x1e0 [ 1010.157449][T25662] do_dentry_open+0x5aa/0x1660 [ 1010.157509][T25662] ? security_inode_permission+0xbf/0x250 [ 1010.157567][T25662] vfs_open+0x82/0x3f0 [ 1010.157612][T25662] path_openat+0x208c/0x31a0 [ 1010.157660][T25662] ? __pfx_path_openat+0x10/0x10 [ 1010.157718][T25662] do_file_open+0x20e/0x430 [ 1010.157756][T25662] ? __pfx_do_file_open+0x10/0x10 [ 1010.157822][T25662] ? alloc_fd+0x476/0x790 [ 1010.157883][T25662] ? do_getname+0x191/0x390 [ 1010.157927][T25662] do_sys_openat2+0x10d/0x1e0 [ 1010.157970][T25662] ? __pfx_do_sys_openat2+0x10/0x10 [ 1010.158015][T25662] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 1010.158069][T25662] __x64_sys_openat+0x12d/0x210 [ 1010.158112][T25662] ? __pfx___x64_sys_openat+0x10/0x10 [ 1010.158173][T25662] do_syscall_64+0x106/0xf80 [ 1010.158209][T25662] ? clear_bhb_loop+0x40/0x90 [ 1010.158252][T25662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1010.158289][T25662] RIP: 0033:0x7f5c8e19c799 [ 1010.158320][T25662] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1010.158359][T25662] RSP: 002b:00007f5c8efdd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1010.158396][T25662] RAX: ffffffffffffffda RBX: 00007f5c8e415fa0 RCX: 00007f5c8e19c799 [ 1010.158421][T25662] RDX: 0000000000101080 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1010.158446][T25662] RBP: 00007f5c8e232bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1010.158470][T25662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1010.158492][T25662] R13: 00007f5c8e416038 R14: 00007f5c8e415fa0 R15: 00007ffdddf34368 [ 1010.158540][T25662] [ 1010.719155][T25667] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input18 [ 1011.768578][T25688] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1012.210041][T25697] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1014.241784][T25733] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1014.518047][T25741] netlink: 86 bytes leftover after parsing attributes in process `syz.4.6945'. [ 1014.892500][T25752] netlink: 266 bytes leftover after parsing attributes in process `syz.0.6948'. [ 1015.419928][T25762] netlink: 330 bytes leftover after parsing attributes in process `syz.0.6952'. [ 1015.925047][T25777] sp0: Synchronizing with TNC [ 1016.426818][T25785] openvswitch: : Dropping previously announced user features [ 1017.437011][T25800] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input19 [ 1018.795988][T25830] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6969'. [ 1021.132320][T25882] netlink: 194 bytes leftover after parsing attributes in process `syz.5.6978'. [ 1023.732599][T25922] netlink: 4 bytes leftover after parsing attributes in process `syz.7.6989'. [ 1024.093417][T25930] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7001'. [ 1024.134405][T25931] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1027.533701][T25986] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7011'. [ 1027.612011][T25986] team0 (unregistering): Port device team_slave_0 removed [ 1027.670372][T25986] team0 (unregistering): Port device team_slave_1 removed [ 1028.571021][T26002] sg_write: data in/out 100663260/90 bytes for SCSI command 0x0-- guessing data in; [ 1028.571021][T26002] program syz.4.7017 not setting count and/or reply_len properly [ 1032.766798][T26067] netlink: 28 bytes leftover after parsing attributes in process `syz.7.7037'. [ 1032.855047][T26067] team0 (unregistering): Port device team_slave_0 removed [ 1032.892741][T26067] team0 (unregistering): Port device team_slave_1 removed [ 1034.180252][T26091] netlink: 'syz.4.7045': attribute type 27 has an invalid length. [ 1034.197688][T26091] netlink: 146 bytes leftover after parsing attributes in process `syz.4.7045'. [ 1036.674060][T26130] netlink: 186 bytes leftover after parsing attributes in process `syz.7.7057'. [ 1037.570858][T26153] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7064'. [ 1038.014471][T26164] netlink: 342 bytes leftover after parsing attributes in process `syz.4.7068'. [ 1038.045218][T26164] netlink: 274 bytes leftover after parsing attributes in process `syz.4.7068'. [ 1038.923396][T26170] ubi0: attaching mtd0 [ 1038.942089][T26170] ubi0: scanning is finished [ 1038.946826][T26170] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1039.328941][T20868] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1039.464533][T20868] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1039.475987][T20868] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1039.483634][T26170] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1039.509511][T20868] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1039.520661][T20868] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1040.762733][T26182] chnl_net:caif_netlink_parms(): no params data found [ 1040.978913][T26182] bridge0: port 1(bridge_slave_0) entered blocking state [ 1040.986319][T26182] bridge0: port 1(bridge_slave_0) entered disabled state [ 1040.993824][T26182] bridge_slave_0: entered allmulticast mode [ 1041.002179][T26182] bridge_slave_0: entered promiscuous mode [ 1041.013697][T26182] bridge0: port 2(bridge_slave_1) entered blocking state [ 1041.021914][T26182] bridge0: port 2(bridge_slave_1) entered disabled state [ 1041.029294][T26182] bridge_slave_1: entered allmulticast mode [ 1041.037540][T26182] bridge_slave_1: entered promiscuous mode [ 1041.081166][T26182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1041.094402][T26182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1041.159345][T26182] team0: Port device team_slave_0 added [ 1041.169173][T26182] team0: Port device team_slave_1 added [ 1041.219549][T26182] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1041.228753][T26182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1041.257228][T26182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1041.272977][T26182] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1041.296791][T26182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1041.421246][T26182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1041.541101][T26182] hsr_slave_0: entered promiscuous mode [ 1041.548206][T26182] hsr_slave_1: entered promiscuous mode [ 1041.556661][T26182] debugfs: 'hsr0' already exists in 'hsr' [ 1041.563271][T26182] Cannot create hsr debugfs directory [ 1041.580581][ T8723] Bluetooth: hci6: command tx timeout [ 1042.268171][T26182] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1042.288001][T26182] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1042.323389][T26182] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1042.338059][T26182] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1042.476759][T26182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1042.507642][T26182] 8021q: adding VLAN 0 to HW filter on device team0 [ 1042.534885][ T3470] bridge0: port 1(bridge_slave_0) entered blocking state [ 1042.542272][ T3470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1042.577384][ T3470] bridge0: port 2(bridge_slave_1) entered blocking state [ 1042.584676][ T3470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1042.999813][T26182] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1043.463874][T26182] veth0_vlan: entered promiscuous mode [ 1043.480935][T26182] veth1_vlan: entered promiscuous mode [ 1043.530494][T26182] veth0_macvtap: entered promiscuous mode [ 1043.557988][T26182] veth1_macvtap: entered promiscuous mode [ 1043.591137][T26182] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1043.613602][T26182] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1043.644282][T25113] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.656031][T25113] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.666401][ T8723] Bluetooth: hci6: command tx timeout [ 1043.688436][T25113] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.708751][T12283] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.852355][ T3470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1043.860252][ T3470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1043.943921][ T3470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1043.961613][ T3470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1045.742804][ T8723] Bluetooth: hci6: command tx timeout [ 1047.366150][T26285] netlink: 342 bytes leftover after parsing attributes in process `syz.7.7100'. [ 1047.380322][T26285] netlink: 274 bytes leftover after parsing attributes in process `syz.7.7100'. [ 1047.824530][ T8723] Bluetooth: hci6: command tx timeout [ 1051.913051][ T8723] Bluetooth: hci1: command 0x0406 tx timeout [ 1054.952112][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.959156][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.374240][T20868] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1056.397031][T20868] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1056.406777][T20868] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1056.416375][T26309] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7105'. [ 1056.429903][T20868] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1056.449312][T20868] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1056.482065][T26313] usb usb2: usbfs: process 26313 (syz.7.7105) did not claim interface 4 before use [ 1056.651547][T26310] lo: entered allmulticast mode [ 1056.656639][T26310] lo: left allmulticast mode [ 1056.665365][T26314] zswap: compressor not available [ 1056.676348][T26318] Setting dangerous option i915.mitigations - tainting kernel [ 1056.708295][T26316] Setting dangerous option i915.mitigations - tainting kernel [ 1056.989313][T26325] netlink: 'syz.8.7108': attribute type 1 has an invalid length. [ 1057.021248][T26325] netlink: 330 bytes leftover after parsing attributes in process `syz.8.7108'. [ 1057.055206][T26308] chnl_net:caif_netlink_parms(): no params data found [ 1057.438783][T26308] bridge0: port 1(bridge_slave_0) entered blocking state [ 1057.446091][T26308] bridge0: port 1(bridge_slave_0) entered disabled state [ 1057.455689][T26308] bridge_slave_0: entered allmulticast mode [ 1057.467804][T26308] bridge_slave_0: entered promiscuous mode [ 1057.477321][T26308] bridge0: port 2(bridge_slave_1) entered blocking state [ 1057.487763][T26308] bridge0: port 2(bridge_slave_1) entered disabled state [ 1057.495258][T26308] bridge_slave_1: entered allmulticast mode [ 1057.503721][T26308] bridge_slave_1: entered promiscuous mode [ 1057.636887][T26308] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1057.676469][T26308] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1057.888656][T26308] team0: Port device team_slave_0 added [ 1057.909822][T26308] team0: Port device team_slave_1 added [ 1057.958879][T26349] netlink: 18 bytes leftover after parsing attributes in process `syz.8.7114'. [ 1058.014000][T26308] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1058.021404][T26308] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1058.050738][T26308] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1058.075365][T26352] netlink: 50 bytes leftover after parsing attributes in process `syz.7.7115'. [ 1058.085918][T26308] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1058.099786][T26308] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1058.157696][T26308] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1058.369513][T26308] hsr_slave_0: entered promiscuous mode [ 1058.376464][T26308] hsr_slave_1: entered promiscuous mode [ 1058.384716][T26308] debugfs: 'hsr0' already exists in 'hsr' [ 1058.406562][T26308] Cannot create hsr debugfs directory [ 1058.549544][T20868] Bluetooth: hci7: command tx timeout [ 1059.262836][T26373] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7123'. [ 1059.369444][T26308] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1059.389831][T26308] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1059.405404][T26308] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1059.427003][T26308] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1059.655323][T26308] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1059.706530][T26308] 8021q: adding VLAN 0 to HW filter on device team0 [ 1059.728533][ T3470] bridge0: port 1(bridge_slave_0) entered blocking state [ 1059.736233][ T3470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1059.807929][ T3470] bridge0: port 2(bridge_slave_1) entered blocking state [ 1059.815303][ T3470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1059.971034][T26391] FAULT_INJECTION: forcing a failure. [ 1059.971034][T26391] name failslab, interval 1, probability 0, space 0, times 0 [ 1060.025905][T26391] CPU: 1 UID: 0 PID: 26391 Comm: syz.7.7128 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1060.025972][T26391] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1060.025989][T26391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1060.026012][T26391] Call Trace: [ 1060.026025][T26391] [ 1060.026040][T26391] dump_stack_lvl+0x100/0x190 [ 1060.026098][T26391] should_fail_ex.cold+0x5/0xa [ 1060.026140][T26391] should_failslab+0xc2/0x120 [ 1060.026175][T26391] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1060.026224][T26391] ? __ksm_enter+0x3c/0x650 [ 1060.026281][T26391] __ksm_enter+0x3c/0x650 [ 1060.026335][T26391] ksm_enable_merge_any+0xbf/0x120 [ 1060.026386][T26391] __do_sys_prctl+0xef9/0x2330 [ 1060.026440][T26391] ? __pfx___do_sys_prctl+0x10/0x10 [ 1060.026502][T26391] do_syscall_64+0x106/0xf80 [ 1060.026541][T26391] ? clear_bhb_loop+0x40/0x90 [ 1060.026595][T26391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1060.026631][T26391] RIP: 0033:0x7f702f99c799 [ 1060.026662][T26391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1060.026700][T26391] RSP: 002b:00007f70307fb028 EFLAGS: 00000246 ORIG_RAX: 000000000000009d [ 1060.026744][T26391] RAX: ffffffffffffffda RBX: 00007f702fc15fa0 RCX: 00007f702f99c799 [ 1060.026768][T26391] RDX: 0000000000000000 RSI: 0000000000000017 RDI: 0000000000000043 [ 1060.026790][T26391] RBP: 00007f702fa32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1060.026812][T26391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1060.026834][T26391] R13: 00007f702fc16038 R14: 00007f702fc15fa0 R15: 00007ffd2109f788 [ 1060.026881][T26391] [ 1060.632712][T20868] Bluetooth: hci7: command tx timeout [ 1060.642894][T26308] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1060.737607][T26411] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7134'. [ 1060.766855][T26411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7134'. [ 1061.618671][T26308] veth0_vlan: entered promiscuous mode [ 1061.656741][T26308] veth1_vlan: entered promiscuous mode [ 1061.735826][T26308] veth0_macvtap: entered promiscuous mode [ 1061.780354][T26308] veth1_macvtap: entered promiscuous mode [ 1061.841448][T26308] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1061.862871][T26402] [U]  [ 1061.865744][T26402] [U] [ 1061.868560][T26402] [U] [ 1061.871324][T26402] [U] [ 1061.885029][T26308] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1061.919244][T26402] [U] [ 1061.922090][T26402] [U] [ 1061.924862][T26402] [U] [ 1061.927601][T26402] [U] [ 1061.931101][T26402] [U] [ 1061.933874][T26402] [U] [ 1061.936631][T26402] [U] [ 1061.939403][T26402] [U] [ 1061.956397][T25113] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1061.979366][T25113] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1061.993764][T25113] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1062.023775][T26402] [U] [ 1062.024915][T25113] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1062.026578][T26402] [U] [ 1062.038013][T26402] [U] [ 1062.040779][T26402] [U] [ 1062.186784][T26402] [U] [ 1062.278749][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1062.321870][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1062.515668][T25113] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1062.537660][T25113] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1062.712154][T20868] Bluetooth: hci7: command tx timeout [ 1064.711093][T26476] netlink: 318 bytes leftover after parsing attributes in process `syz.9.7151'. [ 1064.793519][T20868] Bluetooth: hci7: command tx timeout [ 1065.618893][T26488] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7155'. [ 1065.655909][T26488] netlink: 25 bytes leftover after parsing attributes in process `syz.0.7155'. [ 1065.839865][T26490] netlink: 62 bytes leftover after parsing attributes in process `syz.8.7154'. [ 1066.810083][T26507] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1066.924102][T26511] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1068.095990][T26522] netlink: 318 bytes leftover after parsing attributes in process `syz.7.7165'. [ 1068.867647][T26542] netlink: 'syz.7.7173': attribute type 1 has an invalid length. [ 1068.885182][T26542] netlink: 'syz.7.7173': attribute type 6 has an invalid length. [ 1072.223253][T26587] netlink: 330 bytes leftover after parsing attributes in process `syz.0.7186'. [ 1073.035756][T26592] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input20 [ 1075.712318][T26642] FAULT_INJECTION: forcing a failure. [ 1075.712318][T26642] name failslab, interval 1, probability 0, space 0, times 0 [ 1075.737820][T26642] CPU: 0 UID: 0 PID: 26642 Comm: syz.8.7206 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1075.737880][T26642] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1075.737895][T26642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1075.737917][T26642] Call Trace: [ 1075.737929][T26642] [ 1075.737943][T26642] dump_stack_lvl+0x100/0x190 [ 1075.738003][T26642] should_fail_ex.cold+0x5/0xa [ 1075.738045][T26642] should_failslab+0xc2/0x120 [ 1075.738081][T26642] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1075.738136][T26642] ? sctp_sysctl_net_register+0x30/0x200 [ 1075.738185][T26642] ? __pfx_sctp_defaults_init+0x10/0x10 [ 1075.738226][T26642] kmemdup_noprof+0x29/0x60 [ 1075.738279][T26642] sctp_sysctl_net_register+0x30/0x200 [ 1075.738322][T26642] ? __pfx_sctp_defaults_init+0x10/0x10 [ 1075.738362][T26642] sctp_defaults_init+0x6d2/0xd90 [ 1075.738403][T26642] ? __pfx_sctp_defaults_init+0x10/0x10 [ 1075.738443][T26642] ops_init+0x1e2/0x5f0 [ 1075.738491][T26642] setup_net+0x118/0x3a0 [ 1075.738542][T26642] ? __pfx_setup_net+0x10/0x10 [ 1075.738581][T26642] ? lockdep_init_map_type+0x5c/0x250 [ 1075.738629][T26642] ? mutex_init_lockep+0x110/0x150 [ 1075.738684][T26642] copy_net_ns+0x46f/0x7c0 [ 1075.738735][T26642] create_new_namespaces+0x3ea/0xac0 [ 1075.738783][T26642] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 1075.738827][T26642] ksys_unshare+0x473/0xad0 [ 1075.738874][T26642] ? __pfx_ksys_unshare+0x10/0x10 [ 1075.738934][T26642] __x64_sys_unshare+0x31/0x40 [ 1075.738978][T26642] do_syscall_64+0x106/0xf80 [ 1075.739016][T26642] ? clear_bhb_loop+0x40/0x90 [ 1075.739059][T26642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1075.739096][T26642] RIP: 0033:0x7f2f39b9c799 [ 1075.739126][T26642] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1075.739163][T26642] RSP: 002b:00007f2f3aa08028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1075.739198][T26642] RAX: ffffffffffffffda RBX: 00007f2f39e15fa0 RCX: 00007f2f39b9c799 [ 1075.739223][T26642] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1075.739244][T26642] RBP: 00007f2f39c32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 1075.739265][T26642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1075.739285][T26642] R13: 00007f2f39e16038 R14: 00007f2f39e15fa0 R15: 00007ffd2cefe758 [ 1075.739331][T26642] [ 1077.253124][T26671] netlink: 4 bytes leftover after parsing attributes in process `syz.9.7211'. [ 1077.304914][T26673] netlink: 13 bytes leftover after parsing attributes in process `syz.9.7211'. [ 1077.337588][T26674] sysfs_service_op_store: Client not running :-5: [ 1077.521171][T26638] Bluetooth: hci5: command 0x0406 tx timeout [ 1077.917395][T26684] netlink: 338 bytes leftover after parsing attributes in process `syz.0.7217'. [ 1078.405351][T26695] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1078.444759][T26695] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1080.230307][T26717] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1080.794637][T26730] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7229'. [ 1080.806583][T26730] netlink: 13 bytes leftover after parsing attributes in process `syz.8.7229'. [ 1081.693899][T26739] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1081.735862][T26739] snd_aloop snd_aloop.0: Parsing timer source 'AxMBxdϮӫc$d?by@ó&w;2R' failed with -22 [ 1082.601009][T26757] netlink: 354 bytes leftover after parsing attributes in process `syz.8.7237'. [ 1084.750925][T26796] netlink: 334 bytes leftover after parsing attributes in process `syz.8.7251'. [ 1087.508928][T26845] FAULT_INJECTION: forcing a failure. [ 1087.508928][T26845] name failslab, interval 1, probability 0, space 0, times 0 [ 1087.586980][T26845] CPU: 1 UID: 0 PID: 26845 Comm: syz.9.7266 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1087.587041][T26845] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1087.587056][T26845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1087.587078][T26845] Call Trace: [ 1087.587090][T26845] [ 1087.587104][T26845] dump_stack_lvl+0x100/0x190 [ 1087.587162][T26845] should_fail_ex.cold+0x5/0xa [ 1087.587204][T26845] ? lsm_blob_alloc+0x68/0x90 [ 1087.587242][T26845] should_failslab+0xc2/0x120 [ 1087.587278][T26845] __kmalloc_noprof+0xe0/0x850 [ 1087.587328][T26845] ? trace_kmem_cache_alloc+0xf3/0x120 [ 1087.587371][T26845] lsm_blob_alloc+0x68/0x90 [ 1087.587411][T26845] security_prepare_creds+0x2d/0x290 [ 1087.587451][T26845] prepare_creds+0x5d6/0x950 [ 1087.587506][T26845] lookup_user_key+0xfb2/0x1300 [ 1087.587563][T26845] ? __pfx_lookup_user_key+0x10/0x10 [ 1087.587629][T26845] ? do_raw_spin_lock+0x128/0x260 [ 1087.587686][T26845] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1087.587745][T26845] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1087.587781][T26845] ? do_sigaltstack.constprop.0+0x4c0/0x670 [ 1087.587839][T26845] keyctl_restrict_keyring+0x99/0x250 [ 1087.587889][T26845] ? __pfx_keyctl_restrict_keyring+0x10/0x10 [ 1087.587957][T26845] __do_sys_keyctl+0x2e8/0x5a0 [ 1087.588008][T26845] do_syscall_64+0x106/0xf80 [ 1087.588046][T26845] ? clear_bhb_loop+0x40/0x90 [ 1087.588090][T26845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.588127][T26845] RIP: 0033:0x7fcbefb9c799 [ 1087.588155][T26845] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1087.588192][T26845] RSP: 002b:00007fcbf0b38028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1087.588227][T26845] RAX: ffffffffffffffda RBX: 00007fcbefe15fa0 RCX: 00007fcbefb9c799 [ 1087.588250][T26845] RDX: 0000000000000002 RSI: fffffffffffffffd RDI: 000000000000001d [ 1087.588272][T26845] RBP: 00007fcbefc32bd9 R08: fffffffffffffffd R09: 0000000000000000 [ 1087.588294][T26845] R10: 0000000000000628 R11: 0000000000000246 R12: 0000000000000000 [ 1087.588314][T26845] R13: 00007fcbefe16038 R14: 00007fcbefe15fa0 R15: 00007ffc7514c228 [ 1087.588358][T26845] [ 1088.181500][T26851] netlink: 4 bytes leftover after parsing attributes in process `syz.8.7269'. [ 1088.192924][T26851] netlink: 'syz.8.7269': attribute type 1 has an invalid length. [ 1088.201312][T26851] netlink: 13 bytes leftover after parsing attributes in process `syz.8.7269'. [ 1088.407556][T26857] random: crng reseeded on system resumption [ 1090.022853][T26881] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input21 [ 1090.975096][T26903] random: crng reseeded on system resumption [ 1092.729777][ T31] INFO: task syz-executor:24150 blocked for more than 143 seconds. [ 1092.755925][ T31] Tainted: G U L syzkaller #0 [ 1092.762526][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1092.835960][ T31] task:syz-executor state:D stack:24264 pid:24150 tgid:24150 ppid:1 task_flags:0x400140 flags:0x00080002 [ 1092.873949][ T31] Call Trace: [ 1092.884121][ T31] [ 1092.894319][ T31] __schedule+0xfee/0x60e0 [ 1092.906075][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1092.911173][ T31] ? __pfx___schedule+0x10/0x10 [ 1092.936127][ T31] ? find_held_lock+0x2b/0x80 [ 1092.940923][ T31] ? schedule+0x2bf/0x390 [ 1092.945336][ T31] schedule+0xdd/0x390 [ 1092.981682][ T31] schedule_preempt_disabled+0x13/0x30 [ 1093.019930][ T31] __mutex_lock+0xc9a/0x1b90 [ 1093.024640][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 1093.049643][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1093.054718][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1093.106109][ T31] ? net_generic+0xea/0x2a0 [ 1093.110745][ T31] ? net_generic+0xea/0x2a0 [ 1093.115330][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 1093.161877][ T31] nfsd_shutdown_threads+0x5b/0xf0 [ 1093.208333][ T31] nfsd_umount+0x3b/0x60 [ 1093.239184][ T31] deactivate_locked_super+0xc1/0x1b0 [ 1093.244684][ T31] deactivate_super+0xe7/0x110 [ 1093.276259][ T31] cleanup_mnt+0x21f/0x450 [ 1093.303325][ T31] task_work_run+0x150/0x240 [ 1093.344796][ T31] ? __pfx_task_work_run+0x10/0x10 [ 1093.373809][ T31] exit_to_user_mode_loop+0x100/0x4a0 [ 1093.415230][ T31] do_syscall_64+0x668/0xf80 [ 1093.433277][ T31] ? clear_bhb_loop+0x40/0x90 [ 1093.438220][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1093.452674][ T31] RIP: 0033:0x7f0a1699d9d7 [ 1093.510154][ T31] RSP: 002b:00007ffe18d35098 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 1093.595473][ T31] RAX: 0000000000000000 RBX: 00007f0a16a31f90 RCX: 00007f0a1699d9d7 [ 1093.646397][ T31] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe18d35150 [ 1093.699736][ T31] RBP: 00007ffe18d35150 R08: 00007ffe18d36150 R09: 00000000ffffffff [ 1093.742511][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffe18d361e0 [ 1093.786254][ T31] R13: 00007f0a16a31f90 R14: 00000000000e4a3e R15: 00007ffe18d36220 [ 1093.808172][ T31] [ 1093.816013][ T31] [ 1093.816013][ T31] Showing all locks held in the system: [ 1093.836868][ T31] 1 lock held by khungtaskd/31: [ 1093.871847][ T31] #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1093.931757][ T31] 1 lock held by syz-executor/5820: [ 1093.937428][ T31] #0: ffff8880b843b2e0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x88/0x140 [ 1093.957307][ T31] 3 locks held by kworker/1:3/5888: [ 1093.962576][ T31] #0: ffff88813fe63548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1093.981308][ T31] #1: ffffc900046a7d08 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1093.996625][ T31] #2: ffffffff8e7f4d00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1094.022181][ T31] 2 locks held by syz.0.26/5973: [ 1094.038818][ T31] 2 locks held by syz.0.2264/12096: [ 1094.044109][ T31] 2 locks held by syz.0.2768/13477: [ 1094.064822][ T31] 1 lock held by syz.0.4130/17382: [ 1094.081054][ T31] 2 locks held by syz-executor/19407: [ 1094.106906][ T31] #0: ffff88805deb20e0 (&type->s_umount_key#55){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1094.148803][ T31] #1: ffffffff8ec586e8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1094.171499][ T31] 2 locks held by syz-executor/20091: [ 1094.226651][ T31] #0: ffff888044e100e0 (&type->s_umount_key#55){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1094.256833][ T31] #1: ffffffff8ec586e8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1094.276772][ T31] 2 locks held by syz.1.6405/24031: [ 1094.282063][ T31] #0: ffffffff906be5f0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1094.327299][ T31] #1: ffffffff8ec586e8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1b20 [ 1094.352940][ T31] 2 locks held by syz-executor/24150: [ 1094.367030][ T31] #0: ffff8880298900e0 (&type->s_umount_key#55){++++}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1094.394962][ T31] #1: ffffffff8ec586e8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1094.437932][ T31] 4 locks held by kworker/u8:5/25113: [ 1094.443388][ T31] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1094.476959][ T31] #1: ffffc90005747d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1094.500984][ T31] #2: ffffffff905f9b10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 1094.546875][ T31] #3: ffffffff8e7f4e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1094.568900][ T31] 1 lock held by syz.8.7254/26807: [ 1094.574102][ T31] 1 lock held by syz.7.7283/26902: [ 1094.601441][ T31] 1 lock held by syz.8.7288/26917: [ 1094.610362][ T31] #0: ffffffff8e7f4d00 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1094.629076][ T31] 2 locks held by syz.9.7289/26921: [ 1094.634362][ T31] #0: ffff8880b843b2e0 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x88/0x140 [ 1094.667009][ T31] #1: ffff88807d958008 (&____s->seqcount#16){--.-}-{0:0}, at: trace_ignore_this_task+0x56/0x100 [ 1094.687001][ T31] 4 locks held by syz.9.7292/26934: [ 1094.692297][ T31] #0: ffff88802bf94ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 [ 1094.717153][ T31] #1: ffff88802bf940c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240 [ 1094.741569][ T31] #2: ffffffff908aa468 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280 [ 1094.752171][ T31] #3: ffff888032c4faf8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x770 [ 1094.762334][ T31] 2 locks held by dhcpcd/26940: [ 1094.768649][ T31] #0: ffff888078f7a260 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x2c/0xf50 [ 1094.778873][ T31] #1: ffffffff8e7f4e38 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1094.791796][ T31] [ 1094.794187][ T31] ============================================= [ 1094.794187][ T31] [ 1094.906985][ T31] NMI backtrace for cpu 1 [ 1094.907016][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1094.907065][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1094.907078][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1094.907098][ T31] Call Trace: [ 1094.907110][ T31] [ 1094.907121][ T31] dump_stack_lvl+0x100/0x190 [ 1094.907174][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1094.907227][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1094.907275][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1094.907330][ T31] sys_info+0x141/0x190 [ 1094.907370][ T31] watchdog+0xd25/0x1050 [ 1094.907413][ T31] ? __pfx_watchdog+0x10/0x10 [ 1094.907444][ T31] ? __kthread_parkme+0x18c/0x230 [ 1094.907485][ T31] ? kthread+0x13a/0x450 [ 1094.907524][ T31] ? __pfx_watchdog+0x10/0x10 [ 1094.907553][ T31] kthread+0x370/0x450 [ 1094.907593][ T31] ? __pfx_kthread+0x10/0x10 [ 1094.907637][ T31] ret_from_fork+0x754/0xd80 [ 1094.907687][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1094.907738][ T31] ? __switch_to+0x7b4/0x1120 [ 1094.907782][ T31] ? __pfx_kthread+0x10/0x10 [ 1094.907826][ T31] ret_from_fork_asm+0x1a/0x30 [ 1094.907879][ T31] [ 1094.907892][ T31] Sending NMI from CPU 1 to CPUs 0: [ 1095.037694][ C0] NMI backtrace for cpu 0 [ 1095.037721][ C0] CPU: 0 UID: 0 PID: 3470 Comm: kworker/u8:8 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1095.037762][ C0] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1095.037773][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1095.037791][ C0] Workqueue: events_unbound nsim_dev_trap_report_work [ 1095.037825][ C0] RIP: 0010:match_held_lock+0x7c/0xb0 [ 1095.037857][ C0] Code: 39 d0 0f 94 c0 0f b6 c0 c3 cc cc cc cc 90 e8 3b e1 62 f9 85 c0 74 0a 8b 05 11 f1 4c 05 85 c0 74 24 90 31 c0 5b e9 c4 2d 03 00 01 00 00 00 5b c3 cc cc cc cc 31 f6 e8 42 fe ff ff 48 85 c0 75 [ 1095.037883][ C0] RSP: 0018:ffffc9001025f600 EFLAGS: 00000046 [ 1095.037903][ C0] RAX: 0000000000000014 RBX: ffff888034608bb8 RCX: ffffc9001025f64c [ 1095.037920][ C0] RDX: 0000000000000005 RSI: ffffffff8e7e9220 RDI: ffff888034608bb8 [ 1095.037937][ C0] RBP: 0000000000000004 R08: 0000000000000001 R09: 0000000000000007 [ 1095.037953][ C0] R10: 0000000000000200 R11: 0000000000085661 R12: ffffffff8e7e9220 [ 1095.037969][ C0] R13: ffffc9001025f64c R14: 0000000000000005 R15: 0000000000000005 [ 1095.037986][ C0] FS: 0000000000000000(0000) GS:ffff88812434f000(0000) knlGS:0000000000000000 [ 1095.038018][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1095.038035][ C0] CR2: 000055e3962ba2c5 CR3: 00000000353b4000 CR4: 00000000003526f0 [ 1095.038052][ C0] Call Trace: [ 1095.038061][ C0] [ 1095.038071][ C0] find_held_lock+0x2b/0x80 [ 1095.038108][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 1095.038136][ C0] lock_release+0xdb/0x320 [ 1095.038174][ C0] unwind_next_frame+0x3c3/0x1ea0 [ 1095.038199][ C0] ? __alloc_skb+0x140/0x710 [ 1095.038228][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1095.038255][ C0] arch_stack_walk+0x94/0xf0 [ 1095.038282][ C0] ? nsim_dev_trap_report_work+0x2af/0xd10 [ 1095.038313][ C0] stack_trace_save+0x8e/0xc0 [ 1095.038336][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1095.038364][ C0] ? __lock_acquire+0x4a5/0x2630 [ 1095.038395][ C0] kasan_save_stack+0x30/0x50 [ 1095.038433][ C0] ? kasan_save_stack+0x30/0x50 [ 1095.038468][ C0] ? kasan_save_track+0x14/0x30 [ 1095.038505][ C0] ? __kasan_slab_alloc+0x89/0x90 [ 1095.038543][ C0] ? kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 1095.038582][ C0] ? __alloc_skb+0x140/0x710 [ 1095.038629][ C0] kasan_save_track+0x14/0x30 [ 1095.038666][ C0] __kasan_slab_alloc+0x89/0x90 [ 1095.038705][ C0] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 1095.038742][ C0] ? __alloc_skb+0x140/0x710 [ 1095.038771][ C0] __alloc_skb+0x140/0x710 [ 1095.038795][ C0] ? __alloc_skb+0x5b7/0x710 [ 1095.038820][ C0] ? __pfx___alloc_skb+0x10/0x10 [ 1095.038847][ C0] ? kfree_skbmem+0x19f/0x210 [ 1095.038885][ C0] nsim_dev_trap_report_work+0x2af/0xd10 [ 1095.038920][ C0] process_one_work+0x9d7/0x1920 [ 1095.038963][ C0] ? __pfx_process_one_work+0x10/0x10 [ 1095.039003][ C0] ? __pfx_nsim_dev_trap_report_work+0x10/0x10 [ 1095.039040][ C0] worker_thread+0x5da/0xe40 [ 1095.039081][ C0] ? kthread+0x13a/0x450 [ 1095.039112][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1095.039146][ C0] kthread+0x370/0x450 [ 1095.039178][ C0] ? __pfx_kthread+0x10/0x10 [ 1095.039211][ C0] ret_from_fork+0x754/0xd80 [ 1095.039249][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1095.039288][ C0] ? __switch_to+0x7b4/0x1120 [ 1095.039316][ C0] ? __pfx_kthread+0x10/0x10 [ 1095.039350][ C0] ret_from_fork_asm+0x1a/0x30 [ 1095.039385][ C0] [ 1095.754846][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1095.761843][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1095.772579][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1095.777809][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1095.787909][ T31] Call Trace: [ 1095.791224][ T31] [ 1095.794206][ T31] dump_stack_lvl+0x100/0x190 [ 1095.799154][ T31] vpanic+0x552/0x970 [ 1095.803194][ T31] ? __pfx_vpanic+0x10/0x10 [ 1095.807741][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1095.813968][ T31] panic+0xd1/0xe0 [ 1095.817749][ T31] ? __pfx_panic+0x10/0x10 [ 1095.822217][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1095.828431][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1095.834728][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1095.840947][ T31] ? watchdog.cold+0x198/0x1ca [ 1095.845784][ T31] ? watchdog+0xd35/0x1050 [ 1095.850259][ T31] watchdog.cold+0x1a9/0x1ca [ 1095.854920][ T31] ? __pfx_watchdog+0x10/0x10 [ 1095.859646][ T31] ? __kthread_parkme+0x18c/0x230 [ 1095.864730][ T31] ? kthread+0x13a/0x450 [ 1095.869039][ T31] ? __pfx_watchdog+0x10/0x10 [ 1095.873770][ T31] kthread+0x370/0x450 [ 1095.877898][ T31] ? __pfx_kthread+0x10/0x10 [ 1095.882547][ T31] ret_from_fork+0x754/0xd80 [ 1095.887207][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1095.892392][ T31] ? __switch_to+0x7b4/0x1120 [ 1095.897113][ T31] ? __pfx_kthread+0x10/0x10 [ 1095.901761][ T31] ret_from_fork_asm+0x1a/0x30 [ 1095.906585][ T31] [ 1095.910227][ T31] Kernel Offset: disabled [ 1095.914579][ T31] Rebooting in 86400 seconds..