last executing test programs: 8.596588767s ago: executing program 0 (id=2665): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x200009, 0x2, 0x48eb1, 0xffffffffffffffff, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0x6, 0x66) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0xe779, 0x400000000007, 0xdf, 0x13, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x84) r0 = socket(0x28, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) clock_nanosleep$auto(0x8, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x82202, 0x0) io_uring_setup$auto(0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) write$auto(r0, &(0x7f0000000080)='/dev/ttyS2\x00', 0xe) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x2, 0x3, 0xa) 6.669043099s ago: executing program 2 (id=2672): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x7069, 0x8, 0x19, 0x401, 0x8ffd) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 6.32713133s ago: executing program 0 (id=2674): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, 0x0, 0x3, 0xf8, 0xffffffffffffffff) readv$auto(0x3, 0x0, 0x1) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae80, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [0x2000000], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/conf/xfrm0/disable_xfrm\x00', 0x202, 0x0) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 6.063658864s ago: executing program 2 (id=2675): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x7069, 0x8, 0x19, 0x401, 0x8ffd) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 5.936864063s ago: executing program 1 (id=2676): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x34d802, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(0xffffffffffffffff, &(0x7f0000001f40)={0x0, 0x0, &(0x7f0000001f00)={0x0, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x0) socket(0xa, 0x2, 0x3a) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=@bpf_attr_7={@map_id=0x5, 0x2, 0x10000, r0}, 0x1000ac) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) nanosleep$auto(&(0x7f0000000040)={0x6, 0x8}, &(0x7f0000000080)={0x6, 0x4}) select$auto(0x8, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000400)='\x00\x00\x00\x00', 0x100000a3d9) close_range$auto(r2, r1, 0x80) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x100, 0x0) lseek$auto(0x3, 0x8, 0x1) ioctl$auto(0x3, 0x400454ca, 0x38) select$auto(0xd, 0x0, 0x0, &(0x7f0000000200)={[0x8001ff, 0x7, 0xd, 0x8fd6, 0x948d, 0x3, 0x2, 0x3, 0x6, 0x8000000000000001, 0x7, 0x100000000000007, 0xd, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) r4 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/config/nullb/features\x00', 0x80280, 0x0) read$auto(r4, 0x0, 0x10) write$auto(0x3, 0x0, 0xffd8) bpf$auto(0x9, &(0x7f0000000280)=@raw_tracepoint={0x0, r1, 0x0, 0xe1}, 0xe3) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) setresuid$auto(0x60, 0x1000, 0x607) ioctl$auto(r5, 0x801070cf, 0xffffffffffffffff) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x200) 5.128187844s ago: executing program 0 (id=2678): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/pppol2tp\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0xd, 0x6e9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) futex$auto(&(0x7f0000000180)=0xffffffff, 0x9, 0x47e7, &(0x7f00000001c0)={0x8, 0xacff}, &(0x7f0000000200)=0x9723, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) setresuid$auto(0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sched_setattr$auto(0x0, 0x0, 0x7b) msync$auto(0x1ffff000, 0x17ffffffffffffc, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0) set_mempolicy_home_node$auto(0x1, 0x4, 0x1000, 0x8) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, 0x0, 0x33) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x9, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 5.054051788s ago: executing program 2 (id=2679): r0 = prctl$auto_PR_SCHED_CORE_GET(0x3, 0x0, 0x0, 0x4, 0x3) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_POWER_SAVE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}}, 0x40008c5) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/scsi/sg/allow_dio\x00', 0x101181, 0x0) write$auto(0x3, 0x0, 0x100082) r1 = socket$nl_generic(0x10, 0x3, 0x10) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) pipe$auto(0x0) clone$auto(0x7fff, 0xff, 0x0, 0x0, 0x7) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x800000000007, 0xd3e, 0x1, 0x948b, 0x3, 0xf1f, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) dup2$auto(0x5, 0x4) write$auto(0x6, 0x0, 0x100000001) splice$auto(0x4, 0x0, r2, 0x0, 0x10000, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) r3 = syz_genetlink_get_family_id$auto_smbd_genl(0x0, r1) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r2, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r3, 0x200, 0x70bd2c, 0x25dfdbff, {}, ["", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x20008800}, 0x20) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$auto_NET_SHAPER_CMD_GROUP(0xffffffffffffffff, 0x0, 0x14) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) r4 = socket(0x2, 0x3, 0xff) setsockopt$auto(r4, 0xff, 0x1, 0x0, 0x7) getpriority$auto_PRIO_USER(0x2, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r5, 0x0, 0xfffffdef) 4.938275785s ago: executing program 3 (id=2680): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/pppol2tp\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0xd, 0x6e9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) futex$auto(&(0x7f0000000180)=0xffffffff, 0x9, 0x47e7, &(0x7f00000001c0)={0x8, 0xacff}, &(0x7f0000000200)=0x9723, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) setresuid$auto(0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sched_setattr$auto(0x0, 0x0, 0x7b) msync$auto(0x1ffff000, 0x17ffffffffffffc, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) set_mempolicy_home_node$auto(0x1, 0x4, 0x1000, 0x8) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, 0x0, 0x33) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x9, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 4.481820915s ago: executing program 1 (id=2681): mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_cpu_latency_qos_fops_qos(0xffffffffffffff9c, &(0x7f0000000100), 0x1, 0x0) writev$auto(r0, &(0x7f0000000080)={&(0x7f0000000140)='\x00\x00\x00\x00', 0x4}, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r3, 0xc0145401, &(0x7f00000014c0)={0x3, 0x3000005, 0x1, 0xffffefff, 0xffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="2f212cbd7000fcdbdf252100000008000300", @ANYRES32=0x0, @ANYBLOB="e6a41ffcc4d66c31036217f0fd212c8ab5ffe7bb769a137f64a2a8540ea6ad3a1eb38c989c214102e47f7ee9e455239b704a01ec0fa0087405bccf62744644b665c382aa0bbd47f7ede25e497b1bb1c8e1cfc86cdfa021464c9f96be39581e37df8b2703952190f8ceb2ce021881901b8c1c8fa6d5a1c2482c0b0f3accd5f847883066aa999ee1347228bbbbdcd7a8d62689f68423f07b"], 0x1c}}, 0x4000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x1ea0e65cd64b4e7a) r6 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000440), r4) sendmsg$auto_L2TP_CMD_SESSION_MODIFY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="c0c393067000fbdbdf250700000005000d00d1000000"], 0x1c}, 0x1, 0x0, 0x0, 0x20040844}, 0x4000) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001f00), r7) sendmsg$auto_NBD_CMD_STATUS(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000002380)={&(0x7f0000002000)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010029bd7400fcdbdf25050000000800010020800000"], 0x1c}, 0x1, 0x0, 0x0, 0x40004}, 0x4008050) sendmsg$auto_NL80211_CMD_SET_CQM(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000480)=ANY=[@ANYBLOB="60120000", @ANYRES16=r2, @ANYBLOB="01002bbd7000fddbdf253f00000042125e80120157803b38694e6b0fca720453224d88a2393983143415c642e3c360ab48d694e21204e89b4c8ab7d4be6f1bd65055c54d3fedb9b4591e6ee6576b1f011e23c80c6ea478e8f3da21f26ade35148398f2ef3e09640a60c3c91182270b133cd2c31dc32b05b5ee01b088c4974eef13d2e4f95cb2ac0310e4be67d9c413ba544ba9032697b70cfabb60ec8054e108535328bdec1e0b739a64b91ce719be7daf4bef038618c8fccd0944385a98747f2a7268f08864bda87a2213c48acc5e6c42979968e0f3768eb883808e04e10e569b844eaaeaa3189ba059a1cceea2c7c642a436757dd6815ec3f1582f74e9dee4e0f7e472575ed6621d42aeaa18af25da7d3268e408003100", @ANYRESDEC=r1, @ANYRESDEC=r6, @ANYRES32=0x0, @ANYRESDEC=r7, @ANYRESHEX=r6], 0x1260}, 0x1, 0x0, 0x0, 0x1}, 0x8000000) bpf$auto_BPF_MAP_LOOKUP_ELEM(0x1, &(0x7f0000000000)=@query={@target_ifindex=r5, 0x40, 0x7, 0x46, 0xffffffff, @count=0x40, 0x0, 0x2, 0xca0c, 0x6, 0x1ff}, 0x1) madvise$auto(0x0, 0xffffffffffff0006, 0x17) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0) r9 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/plpmtud_probe_interval\x00', 0x88002, 0x0) sendfile$auto(r9, 0x3, 0x0, 0x400000000008) madvise$auto(0x0, 0xffffffffffff0001, 0x15) rseq$auto(0x0, 0x8000, 0x0, 0x6) io_uring_setup$auto(0x1b, 0x0) poll$auto(0x0, 0x0, 0x9f) socket$nl_generic(0x10, 0x3, 0x10) mlockall$auto(0x7) 4.122260544s ago: executing program 2 (id=2682): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, 0x0, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x7069, 0x8, 0x19, 0x401, 0x8ffd) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 3.796542698s ago: executing program 0 (id=2683): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xef1, 0xffffffffffffffff, 0x8000) socket(0xa, 0x3, 0x3b) syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = epoll_create$auto(0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r1, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x82000000) epoll_wait$auto(r0, 0x0, 0xe007, 0x1) madvise$auto(0x110c230000, 0x1, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) r2 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000001a00)='/dev/binderfs/binder0\x00', 0x0, 0x0) ioctl$auto_BINDER_GET_NODE_INFO_FOR_REF(r2, 0xc018620c, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0x1d, 0x1, 0x7fff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00\xd6I\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xa8\xd3D\xd6O\xffmU\x03\xbcK\x86\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x8e\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa\x00\x00\x00\x00\x00\x00', 0x100000a3d9) ioprio_set$auto(0x81b, 0xff, 0xffffffff) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) 3.659265262s ago: executing program 3 (id=2684): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x80002, 0xdf, 0x200000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r1, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdf3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) statx$auto(0xffffff9c, 0x0, 0x1000, 0xbb, 0x0) read$auto(r0, &(0x7f0000000040)='$(\xc2[\x00', 0xe) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f0000000100)={0x2000000000062, 0x0, 0x2100000, 0x7ffffffc, 0xfffffffffffffffe, 0x1, 0x0, 0x2000000000000e8, 0x0, 0x4, 0x0, 0x8}) r2 = socket(0xa, 0x801, 0x84) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) setsockopt$auto(r2, 0x10000000084, 0x9, 0x0, 0x9c) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000bc0), 0xffffffffffffffff) unshare$auto(0x8000000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x0, 0x6, 0x7, 0x8, 0xffffffffffffffff, [0x0, 0x0, 0x20000000], {0x6, 0x6, 0x2000000f, 0x29d, 0x103, 0x83, 0x4101, 0x6, 0x8}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x33ff, 0x1}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) shmget$auto(0x0, 0xfffffffffeffffff, 0x69c2) socket$nl_generic(0x10, 0x3, 0x10) 3.456765296s ago: executing program 3 (id=2685): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = prctl$auto(0x5, 0x80000000, 0x0, 0x78, 0x8) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000180)={0x0, 0xfffffffffffffffa}, 0x6, 0x2, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) shmat$auto(0x0, &(0x7f0000000580)='(\x00', 0xfffffffa) syz_clone(0x21000000, 0x0, 0x0, 0x0, 0x0, 0x0) shmdt$auto(&(0x7f0000000000)='(\x00') mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0x8000000000000003, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty0\x00', 0x201, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/01.3\x00', 0x149041, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x149942, 0x0) ioctl$auto_TIOCVHANGUP2(r3, 0x5437, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysinfo$auto(&(0x7f0000000100)={0x6, [0x404, 0xc, 0x100], 0x200, 0xd5, 0x0, 0x6, 0x6, 0x1, 0x7f, 0x0, 0x100000000, 0x7, 0x6}) r4 = socket(0xa, 0x1, 0x84) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) setsockopt$auto(r4, 0x0, 0x60, 0x0, 0x6f7250c4) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r3, 0x5452, &(0x7f00000001c0)={0x40007, 0xbed0}) r6 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x4000, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="1b0026bd7000fddbdf2503000000040008001400038010000c800c00098008000600", @ANYRES32=0x0, @ANYBLOB="12000100898771f1c19f17790481008286dd0000040002"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0xc800) unshare$auto(0x40000080) shmget$auto(0x0, 0x200040007, 0x7d) 3.125739288s ago: executing program 1 (id=2686): quotactl$auto(0x9, 0x0, 0x62a0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x200, 0x0) mmap$auto(0x0, 0x2000c, 0x800000000de, 0xe31, 0x40000000000a5, 0x8000) inotify_init1$auto(0x7fff) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x800, 0x0) ioctl$auto_SG_NEXT_CMD_LEN(r1, 0x2283, &(0x7f0000000080)="351547") r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) r4 = openat$auto_ipsec_dbg_fops_ipsec(0xffffffffffffff9c, &(0x7f0000001240)='/sys/kernel/debug/netdevsim/netdevsim0/ports/3/ipsec\x00', 0x400, 0x0) read$auto_ipsec_dbg_fops_ipsec(r4, 0x0, 0x0) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x10, 0x2, 0xa94e, 0x66, 0x0, 0x0, 0x0, 0x1000000006, 0xfffffffffffffffe, 0x7ffffffffffffffd, 0x5, 0x7fffffff, 0x6, 0x7, 0x7, 0x61, 0x40000103}) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(r2, &(0x7f000000ca40)={0x0, 0x0, &(0x7f000000ca00)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3, @ANYBLOB="1cbc94caebf317ba76af2277ef2e0d9c79a924cef859459cc3c88475f32c75fd88bda9d43cb3c65464f61364e4e9f73acb8aa8c41e6f09a09ea7147a6124162255bb2b08b2d9358c709d3fa47ff630c4636c533c7c2ffdf50e6788ce9750197d5c0215bca0844bda8baee90a3cfe4a132d39e682f97bf54163bfeb462e2512dac3100c07208b6ad4069057b0770c617a5f0ce70a"], 0x14}, 0x1, 0x0, 0x0, 0x841}, 0x4) r6 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC1D0c\x00', 0x20000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_DROP2(r6, 0x4143, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) lseek$auto(r0, 0x7, 0x401) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) prctl$auto(0x4000002a, 0x3, 0x0, 0x1, 0x0) 2.989549847s ago: executing program 2 (id=2687): unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_GET_RADIO(r0, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000280)={0x14, r1, 0xf3e97f51700e57cf, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x884}, 0x8020) mprotect$auto(0x8000, 0x8, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x121000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice\x00', 0x30000, 0x0) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00', @ANYRES16=r3, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) read$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000040), 0x94000, 0x0) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0xb) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x46, 0x2b, 0x1000000000065f, 0x80000000, 0x40000007, 0x3, 0x20000002, 0x9, 0x1, 0x6, 0x4, 0xb4, 0x9, 0x4, 0x2, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x80000001, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5cfe]}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) ioctl$auto_CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000002c40)=0xd0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000400)={"f8ab071a", 0x5, 0x4, 0x3, 0x81, 0xaf06, "c27dd21e130257a235608f35b9ff46", "72d15067", "b8919662", "17aba429", ["74ea2a52b5d44affc0a38054", "f97aba2b29705640cf05bf58", "cf66ac3036b01605f0aad490", "e6c21d2bda70d054d9ad103c"]}) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2.631511841s ago: executing program 3 (id=2688): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x7069, 0x8, 0x19, 0x401, 0x8ffd) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, 0x0) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 2.074846987s ago: executing program 1 (id=2689): unshare$auto(0x40000080) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_GET_RADIO(r0, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000280)={0x14, r1, 0xf3e97f51700e57cf, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x884}, 0x8020) mprotect$auto(0x8000, 0x8, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x121000, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/mice\x00', 0x30000, 0x0) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000001400)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="01002bbd7000fcdbdf2504"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) read$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000040), 0x94000, 0x0) socket(0xa, 0x801, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x75, 0x0, 0xb) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x46, 0x2b, 0x1000000000065f, 0x80000000, 0x40000007, 0x3, 0x20000002, 0x9, 0x1, 0x6, 0x4, 0xb4, 0x9, 0x4, 0x2, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x80000001, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5cfe]}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r4 = socket(0x10, 0x2, 0x0) ioctl$auto_CEC_S_MODE(0xffffffffffffffff, 0x40046109, &(0x7f0000002c40)=0xd0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000400)={"f8ab071a", 0x5, 0x4, 0x3, 0x81, 0xaf06, "c27dd21e130257a235608f35b9ff46", "72d15067", "b8919662", "17aba429", ["74ea2a52b5d44affc0a38054", "f97aba2b29705640cf05bf58", "cf66ac3036b01605f0aad490", "e6c21d2bda70d054d9ad103c"]}) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2.039259922s ago: executing program 0 (id=2690): r0 = memfd_secret$auto(0x10001) write$auto(r0, &(0x7f00000001c0)='/dev/input/event0\x00', 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.15/usb39/speed\x00', 0x10502, 0x0) r1 = open(0x0, 0x5c5082, 0x18d) open_by_handle_at$auto(r1, &(0x7f0000000140)={0x8, 0x30001, "b190a905237d4b53"}, 0x42) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x20041, 0x9, 0x2}, 0xfdb1) socket(0x1d, 0xa, 0xff) r2 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x204, 0x1a00) read$auto(r2, 0x0, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/a\x87dio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r4 = openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000200), 0x541, 0x0) pread64$auto(r4, &(0x7f0000004380)='^{\x00', 0x3ff, 0x4c0) mmap$auto(0x0, 0x9437, 0x4d95, 0x16, 0x2, 0x8003) set_mempolicy$auto(0x4006, &(0x7f0000000080)=0x5, 0x21) mmap$auto(0x13, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/neigh/gre0/proxy_delay\x00', 0x141241, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram12/queue/io_poll_delay\x00', 0x80000, 0x0) read$auto(r6, 0x0, 0x45b9) write$auto(r5, 0x0, 0x3) unshare$auto(0x3) socket(0x25, 0x1, 0x0) r7 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000180)='/dev/input/event0\x00', 0x42000, 0x0) ioctl$auto_EVIOCGMASK(r7, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0xffffffffffffff95}) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) timer_create$auto_CLOCK_MONOTONIC(0x1, &(0x7f0000000300)={@sival_ptr=&(0x7f0000000440)="310420c8d6f388bc99ab5913e89b6ef070aa78f30dff7be6de2d92e7d7c99d6dce20bc641cef70a0427d7923394b4637988908fe52a477b041db15b89d0a340fe127eec39929cef3438228aeabf3cbfbd0af4bba28781104b3dc263bdcb31f05c2d616105b2173c0b9fa60aa3d526b920a4c55b06cd73228a752e1177718498ba59e1ddf15b01eb1607ef02e63e59d856690bab789b98237415c12265f", @inferred=r5, 0x401, @_tid}, &(0x7f0000000340)=0x3) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) 1.904353911s ago: executing program 2 (id=2691): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x80, 0x7fffffff, 0x1008017) mmap$auto(0x0, 0x8, 0x2, 0x9b72, 0x5, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) r0 = socket(0x1d, 0x2, 0x7) r1 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$auto(r0, &(0x7f0000000000)=@can={0x1d, r2}, 0x6a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r3}, 0x18) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x687ca0b, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0xb}, 0x7}, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x3, 0xfff, 0x9b72, 0xffffffffffffffff, 0x0) prctl$auto(0x8000003e, 0xc, 0x0, 0x1, 0x4) madvise$auto(0x108000, 0x800032, 0x4) unshare$auto(0x40000080) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) rt_sigsuspend$auto(0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r4, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) socket(0x2, 0x1, 0x106) poll$auto(0x0, 0x6, 0x8) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e22, @empty}, 0x69) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 1.645577894s ago: executing program 3 (id=2692): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x7069, 0x8, 0x19, 0x401, 0x8ffd) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 1.370238922s ago: executing program 1 (id=2693): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x7069, 0x8, 0x19, 0x401, 0x8ffd) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) socket(0x2, 0x1, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 236.876616ms ago: executing program 0 (id=2694): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200003, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xffffffffffffffff, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x7, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r4 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r4, 0x40146f2c, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_expire_count\x00', 0x80, 0x0) read$auto(r5, &(0x7f0000000ac0)='vlan1\x00', 0x5) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x40146f2c, 0x0) r6 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40802, 0x0) read$auto(r6, 0x0, 0xb4d3) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) mmap$auto(0xffffffff00000000, 0x2020007, 0x0, 0x100000eb1, r1, 0x529) fsopen$auto(0x0, 0x1) r7 = socket(0xa, 0x3, 0x88) setsockopt$auto(r7, 0x11, 0xa, 0x0, 0x8) 110.270974ms ago: executing program 1 (id=2695): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) r0 = socket(0x2, 0x2, 0x88) mmap$auto(0x0, 0x9, 0xdf, 0x18, r0, 0x8000) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x8000, 0xfa9d, 0x2, 0x0, 0x3, 0x1) clone$auto(0x10051c, 0x6, 0x0, 0xffffffffffffffff, 0x80000001) r1 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/numa_maps\x00', 0x22000, 0x0) read$auto_proc_sessionid_operations_base(r1, &(0x7f00000000c0)=""/4096, 0x1000) capset$auto(0x0, &(0x7f0000000180)={0x1, 0x7, 0x6}) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000040), 0x101400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) mmap$auto(0x6df, 0x200000001, 0xdf, 0xeb1, 0x401, 0x8001) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) unshare$auto(0x40000080) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) r3 = openat$auto_fops_blob_file(0xffffffffffffff9c, &(0x7f0000011500), 0x40002, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000140)="3318cb") write$auto(0x3, 0x0, 0x7fffffff) readv$auto(r3, &(0x7f0000000a80)={0x0, 0xffff}, 0x2) socketpair$auto(0x409, 0x5, 0xffffffff, 0x0) 0s ago: executing program 3 (id=2696): mmap$auto(0x0, 0x20009, 0xdb, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x100000000000035, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) setpgid$auto(0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) socketcall$auto_SYS_SOCKET(0x1, &(0x7f0000000040)=0x8) mmap$auto(0x0, 0x20009, 0xffffffffffffffff, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x29, 0x2, 0x0) r1 = openat$auto_state_fops_(0xffffffffffffff9c, 0x0, 0x1e9482, 0x0) read$auto_state_fops_(r1, &(0x7f0000000180)=""/61, 0xfffffeeb) socket(0xa, 0x2, 0x88) r2 = socket(0xa, 0x1, 0x0) setsockopt$auto(r2, 0x29, 0x37, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/net/nr15/queues/tx-0/tx_maxrate\x00', 0x10b942, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/mac80211_hwsim/hwsim1/ieee80211/phy1/rfkill3/state\x00', 0x102, 0x0) sendfile$auto(r4, r3, 0x0, 0x7) close_range$auto(0x2, 0x8, 0x2) open(0x0, 0x22240, 0x154) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r5, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000000000)={0x1c, r6, 0x1, 0x870bd2b, 0x25dfdbfc, {}, [@NFSD_A_SERVER_SOCK_ADDR={0x8, 0x1, 0x0, 0x1, [@NFSD_A_SOCK_ADDR={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc000}, 0x20000000) kernel console output (not intermixed with test programs): l clock free running [ 524.281896][T14054] ptp ptp0: delete virtual clock ptp1 [ 524.997721][T14054] ptp ptp0: only physical clock in use now [ 526.093599][T14082] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1409'. [ 526.317676][T14086] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1409'. [ 527.159433][ T3445] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.306661][T14091] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 0, inode_bitmap = 137 [ 527.369545][ T3445] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.391188][T14091] EXT4-fs error (device sda1): ext4_validate_inode_bitmap:104: comm syz-executor: Corrupt inode bitmap - block_group = 1, inode_bitmap = 138 [ 527.421547][ T30] audit: type=1800 audit(1769863264.023:13): pid=14099 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1414" name="dbroot" dev="configfs" ino=43698 res=0 errno=0 [ 527.482560][T14091] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 0: bad block bitmap checksum [ 527.608708][ T3445] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 527.680307][T14102] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz-executor: bg 1: bad block bitmap checksum [ 527.858229][ T3445] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 528.347776][ T5148] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 528.358779][ T5148] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 528.369517][ T5148] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 528.377772][ T5148] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 528.385866][ T5148] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 528.474754][ T3445] bridge_slave_1: left allmulticast mode [ 528.510983][ T3445] bridge_slave_1: left promiscuous mode [ 528.553932][ T3445] bridge0: port 2(bridge_slave_1) entered disabled state [ 528.620323][ T3445] bridge_slave_0: left allmulticast mode [ 528.662067][ T3445] bridge_slave_0: left promiscuous mode [ 528.690678][ T3445] bridge0: port 1(bridge_slave_0) entered disabled state [ 529.145611][T14134] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1426'. [ 529.352580][T14138] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1426'. [ 529.970450][ T3445] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 530.003159][ T3445] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 530.029255][ T3445] bond0 (unregistering): Released all slaves [ 530.477857][T12275] Bluetooth: hci0: command tx timeout [ 531.091063][T14108] chnl_net:caif_netlink_parms(): no params data found [ 531.254347][T14170] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1422'. [ 531.513916][T14176] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1422'. [ 531.911421][T14108] bridge0: port 1(bridge_slave_0) entered blocking state [ 531.937873][T14108] bridge0: port 1(bridge_slave_0) entered disabled state [ 531.967925][T14108] bridge_slave_0: entered allmulticast mode [ 531.995486][T14108] bridge_slave_0: entered promiscuous mode [ 532.157303][T14108] bridge0: port 2(bridge_slave_1) entered blocking state [ 532.190335][T14108] bridge0: port 2(bridge_slave_1) entered disabled state [ 532.216025][T14108] bridge_slave_1: entered allmulticast mode [ 532.236808][T14108] bridge_slave_1: entered promiscuous mode [ 532.339719][T14187] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1425'. [ 532.468201][T14108] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 532.567296][ T5148] Bluetooth: hci0: command tx timeout [ 532.586685][ T5148] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 532.597243][ T5148] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 532.605671][ T5148] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 532.615657][ T5148] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 532.623646][ T5148] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 532.682740][T14108] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 532.896858][T14108] team0: Port device team_slave_0 added [ 532.920335][T14108] team0: Port device team_slave_1 added [ 533.048229][T14197] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1427'. [ 533.148122][T14108] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 533.173775][T14108] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 533.290348][T14108] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 533.337586][ T3445] hsr_slave_0: left promiscuous mode [ 533.362761][ T3445] hsr_slave_1: left promiscuous mode [ 533.384018][ T3445] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 533.411818][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 533.482764][ T3445] veth1_macvtap: left promiscuous mode [ 533.500962][ T3445] veth0_macvtap: left promiscuous mode [ 533.516512][ T3445] veth1_vlan: left promiscuous mode [ 533.539298][ T3445] veth0_vlan: left promiscuous mode [ 534.254383][ T3445] team0 (unregistering): Port device team_slave_1 removed [ 534.303655][ T3445] team0 (unregistering): Port device team_slave_0 removed [ 534.635827][T12275] Bluetooth: hci0: command tx timeout [ 534.718758][T12275] Bluetooth: hci3: command tx timeout [ 534.771200][T14197] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 534.781469][T14197] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 534.852707][T14108] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 534.862758][T14108] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 534.891263][T14108] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 535.079876][T14108] hsr_slave_0: entered promiscuous mode [ 535.101543][T14108] hsr_slave_1: entered promiscuous mode [ 535.157066][T14108] debugfs: 'hsr0' already exists in 'hsr' [ 535.177518][T14108] Cannot create hsr debugfs directory [ 535.725858][T14189] chnl_net:caif_netlink_parms(): no params data found [ 535.908649][ T3445] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.446529][ T3445] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.718672][T12275] Bluetooth: hci0: command tx timeout [ 536.729872][ T3445] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 536.798584][T12275] Bluetooth: hci3: command tx timeout [ 536.888748][ T3445] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 537.100790][T14189] bridge0: port 1(bridge_slave_0) entered blocking state [ 537.141194][T14189] bridge0: port 1(bridge_slave_0) entered disabled state [ 537.170576][T14189] bridge_slave_0: entered allmulticast mode [ 537.207084][T14189] bridge_slave_0: entered promiscuous mode [ 537.232226][T14189] bridge0: port 2(bridge_slave_1) entered blocking state [ 537.255956][T14189] bridge0: port 2(bridge_slave_1) entered disabled state [ 537.304971][T14189] bridge_slave_1: entered allmulticast mode [ 537.313614][T14189] bridge_slave_1: entered promiscuous mode [ 538.160169][T14189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 538.243713][T14189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 538.324748][ T3445] bridge_slave_0: left allmulticast mode [ 538.331238][ T3445] bridge_slave_0: left promiscuous mode [ 538.365613][ T3445] bridge0: port 1(bridge_slave_0) entered disabled state [ 538.885526][T12275] Bluetooth: hci3: command tx timeout [ 539.050648][T14299] db_root: not a directory: /dev/audio1 [ 539.065648][ T30] audit: type=1800 audit(1769863275.653:14): pid=14299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1432" name="dbroot" dev="configfs" ino=44889 res=0 errno=0 [ 539.351592][ T3445] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 539.375854][ T3445] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 539.396417][ T3445] bond0 (unregistering): Released all slaves [ 539.460916][T14298] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 539.491605][T14189] team0: Port device team_slave_0 added [ 539.506110][ T3445] HfR: left promiscuous mode [ 539.552075][T14189] team0: Port device team_slave_1 added [ 539.756984][T14189] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 539.763983][T14189] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 539.905446][T14189] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 539.936185][T14189] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 539.964875][T14189] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 540.045422][T14189] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 540.315064][T14108] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 540.350301][T14108] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 540.956693][T12275] Bluetooth: hci3: command tx timeout [ 540.992403][T14108] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 541.013822][T14108] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 541.037697][T14189] hsr_slave_0: entered promiscuous mode [ 541.044211][T14189] hsr_slave_1: entered promiscuous mode [ 541.057084][T14189] debugfs: 'hsr0' already exists in 'hsr' [ 541.064318][T14189] Cannot create hsr debugfs directory [ 542.228269][T14108] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.620126][T14368] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1436'. [ 542.671989][T14108] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.827924][T14370] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1436'. [ 543.553024][ T4598] bridge0: port 1(bridge_slave_0) entered blocking state [ 543.560324][ T4598] bridge0: port 1(bridge_slave_0) entered forwarding state [ 543.702722][ T3445] hsr_slave_0: left promiscuous mode [ 543.720675][ T3445] hsr_slave_1: left promiscuous mode [ 543.747455][ T3445] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 543.754922][ T3445] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 543.931433][ T3445] veth1_macvtap: left promiscuous mode [ 543.948958][ T3445] veth0_macvtap: left promiscuous mode [ 543.970535][ T3445] veth1_vlan: left promiscuous mode [ 543.989101][ T3445] veth0_vlan: left promiscuous mode [ 545.129567][ T3445] team0 (unregistering): Port device team_slave_1 removed [ 545.184616][ T3445] team0 (unregistering): Port device team_slave_0 removed [ 545.694393][T14402] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 545.811212][T14403] vhci_hcd vhci_hcd.2: invalid port number 252 [ 545.863450][ T3541] bridge0: port 2(bridge_slave_1) entered blocking state [ 545.870683][ T3541] bridge0: port 2(bridge_slave_1) entered forwarding state [ 545.899584][T14403] vhci_hcd vhci_hcd.2: default hub control req: 040f v0772 i00fc l2 [ 546.123287][T14108] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 546.166448][T14108] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 546.326616][T14189] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 546.389265][T14189] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 546.436943][T14189] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 546.477437][T14189] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 546.773363][T14189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 546.828163][T14108] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 546.866988][T14424] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input146 [ 546.898512][T14189] 8021q: adding VLAN 0 to HW filter on device team0 [ 546.960930][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 546.968107][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 547.053775][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 547.061305][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 547.231191][T14189] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 547.246256][T14425] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input147 [ 547.287388][T14189] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 547.302613][T14424] block nbd7: not configured, cannot reconfigure [ 547.367110][T14108] veth0_vlan: entered promiscuous mode [ 547.462269][T14108] veth1_vlan: entered promiscuous mode [ 547.698217][T14108] veth0_macvtap: entered promiscuous mode [ 547.758674][T14108] veth1_macvtap: entered promiscuous mode [ 547.936941][T14108] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 548.030788][T14108] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 548.070990][T14189] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 548.113061][ T3445] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.138331][ T3445] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.348225][ T49] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.397622][ T49] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.620639][T14189] veth0_vlan: entered promiscuous mode [ 548.739150][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.774344][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.795933][T14189] veth1_vlan: entered promiscuous mode [ 548.858522][ T3541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.909739][ T3541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.941504][T14189] veth0_macvtap: entered promiscuous mode [ 548.990446][T14189] veth1_macvtap: entered promiscuous mode [ 549.063042][T14189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 549.132631][T14189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 549.204184][ T3541] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.262723][ T3541] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.304211][ T3541] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.331389][ T3541] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 549.532016][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.564911][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 549.639508][ T3541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 549.666226][ T3541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 550.200226][T14467] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1448'. [ 550.538329][T14467] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1448'. [ 550.576057][T14474] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1450'. [ 550.614865][T14467] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 550.729161][T14467] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 550.763790][T14479] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1450'. [ 550.948071][T14479] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 550.956662][T12275] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 551.201765][T14479] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 553.140023][T14527] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1460'. [ 553.299183][T14530] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1461'. [ 553.529627][T14534] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1461'. [ 554.059312][ T30] audit: type=1800 audit(1769863290.663:15): pid=14546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1464" name="dbroot" dev="configfs" ino=47483 res=0 errno=0 [ 554.084094][T14545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1465'. [ 554.095621][T14546] db_root: not a directory: /dev/audio1 [ 554.432971][T14551] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1465'. [ 554.527158][T14559] blktrace: Concurrent blktraces are not allowed on loop2 [ 555.890669][T14587] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1473'. [ 557.559425][T14615] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 560.261785][T14656] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1489'. [ 560.672111][T14657] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1489'. [ 560.969672][T14667] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1490'. [ 561.354616][T14673] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1490'. [ 562.819352][T14699] zswap: compressor not available [ 564.519338][T14734] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1501'. [ 564.913736][T14738] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1501'. [ 565.435424][T12275] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 567.364731][T14780] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1509'. [ 567.435793][T14780] mac80211_hwsim hwsim55 ›: renamed from wlan0 (while UP) [ 567.863586][T14796] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1513'. [ 568.243047][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.253261][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.284022][T14795] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1513'. [ 568.783306][T14822] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1516'. [ 569.162889][T14822] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1516'. [ 571.157983][T14880] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1524'. [ 571.587097][T14880] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1524'. [ 573.503941][T14924] zswap: compressor not available [ 574.947556][T14957] hub 1-0:1.0: USB hub found [ 574.987091][T14957] hub 1-0:1.0: 1 port detected [ 575.455682][T14967] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 575.644400][T14970] vhci_hcd vhci_hcd.2: invalid port number 252 [ 575.700841][T14975] __vm_enough_memory: pid: 14975, comm: syz.3.1539, bytes: 4398046511104 not enough memory for the allocation [ 575.753724][T14970] vhci_hcd vhci_hcd.2: default hub control req: 040f v0772 i00fc l2 [ 576.366552][T14972] FAULT_INJECTION: forcing a failure. [ 576.366552][T14972] name failslab, interval 1, probability 0, space 0, times 0 [ 576.425397][T14972] CPU: 0 UID: 0 PID: 14972 Comm: syz.3.1539 Tainted: G L syzkaller #0 PREEMPT(full) [ 576.425427][T14972] Tainted: [L]=SOFTLOCKUP [ 576.425433][T14972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 576.425444][T14972] Call Trace: [ 576.425450][T14972] [ 576.425457][T14972] dump_stack_lvl+0x100/0x190 [ 576.425483][T14972] should_fail_ex.cold+0x5/0xa [ 576.425510][T14972] should_failslab+0xc2/0x120 [ 576.425532][T14972] __kmalloc_cache_noprof+0x80/0x810 [ 576.425548][T14972] ? fput+0x79/0x100 [ 576.425679][T14972] ? do_epoll_create+0x62/0x4b0 [ 576.425711][T14972] ? do_epoll_create+0x62/0x4b0 [ 576.425744][T14972] do_epoll_create+0x62/0x4b0 [ 576.425765][T14972] __x64_sys_epoll_create+0x45/0x70 [ 576.425786][T14972] do_syscall_64+0xc9/0xf80 [ 576.425807][T14972] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.425824][T14972] RIP: 0033:0x7fda9d59aeb9 [ 576.425839][T14972] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 576.425854][T14972] RSP: 002b:00007fda9e3b4028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 576.425870][T14972] RAX: ffffffffffffffda RBX: 00007fda9d815fa0 RCX: 00007fda9d59aeb9 [ 576.425882][T14972] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000003e [ 576.425892][T14972] RBP: 00007fda9d608c1f R08: 0000000000000000 R09: 0000000000000000 [ 576.425902][T14972] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 576.425912][T14972] R13: 00007fda9d816038 R14: 00007fda9d815fa0 R15: 00007ffd7cd61068 [ 576.425933][T14972] [ 577.186205][T14985] zswap: compressor not available [ 577.485086][T14989] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1540'. [ 578.174138][T15008] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1552'. [ 578.306575][T15013] futex_wake_op: syz.3.1543 tries to shift op by -2048; fix this program [ 578.416405][T15014] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1552'. [ 578.438066][T15013] futex_wake_op: syz.3.1543 tries to shift op by -2048; fix this program [ 578.485597][T15018] 0x000000000001-0x000000020000 : "" [ 578.634528][T15018] ftl_cs: FTL header corrupt! [ 579.731046][T15036] hub 1-0:1.0: USB hub found [ 579.808681][T15036] hub 1-0:1.0: 1 port detected [ 580.070383][T15042] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1548'. [ 580.096043][T15043] FAULT_INJECTION: forcing a failure. [ 580.096043][T15043] name failslab, interval 1, probability 0, space 0, times 0 [ 580.158304][T15043] CPU: 0 UID: 0 PID: 15043 Comm: syz.1.1550 Tainted: G L syzkaller #0 PREEMPT(full) [ 580.158334][T15043] Tainted: [L]=SOFTLOCKUP [ 580.158340][T15043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 580.158350][T15043] Call Trace: [ 580.158356][T15043] [ 580.158364][T15043] dump_stack_lvl+0x100/0x190 [ 580.158390][T15043] should_fail_ex.cold+0x5/0xa [ 580.158418][T15043] should_failslab+0xc2/0x120 [ 580.158441][T15043] kmem_cache_alloc_noprof+0x83/0x780 [ 580.158461][T15043] ? __pfx_map_id_range_down+0x10/0x10 [ 580.158478][T15043] ? security_inode_alloc+0x3b/0x2c0 [ 580.158503][T15043] ? security_inode_alloc+0x3b/0x2c0 [ 580.158522][T15043] security_inode_alloc+0x3b/0x2c0 [ 580.158543][T15043] inode_init_always_gfp+0xced/0x1040 [ 580.158564][T15043] alloc_inode+0x8e/0x250 [ 580.158588][T15043] new_inode+0x22/0x1c0 [ 580.158611][T15043] proc_pid_make_inode+0x22/0x160 [ 580.158633][T15043] proc_ns_dir_lookup+0x25b/0x390 [ 580.158656][T15043] ? __pfx_proc_ns_dir_lookup+0x10/0x10 [ 580.158675][T15043] lookup_open.isra.0+0x486/0x1890 [ 580.158695][T15043] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 580.158720][T15043] ? mnt_get_write_access+0x1e9/0x2f0 [ 580.158745][T15043] path_openat+0xa9b/0x3120 [ 580.158771][T15043] ? __pfx_path_openat+0x10/0x10 [ 580.158795][T15043] do_filp_open+0x1f7/0x420 [ 580.158815][T15043] ? __pfx_do_filp_open+0x10/0x10 [ 580.158840][T15043] ? __pfx_kfree_link+0x10/0x10 [ 580.158868][T15043] ? _raw_spin_unlock+0x28/0x50 [ 580.158883][T15043] ? alloc_fd+0x476/0x790 [ 580.158905][T15043] do_sys_openat2+0x12e/0x220 [ 580.158928][T15043] ? __pfx_do_sys_openat2+0x10/0x10 [ 580.158952][T15043] ? __fget_files+0x21f/0x3d0 [ 580.158972][T15043] __x64_sys_openat+0x12d/0x210 [ 580.158996][T15043] ? __pfx___x64_sys_openat+0x10/0x10 [ 580.159018][T15043] ? xfd_validate_state+0x129/0x190 [ 580.159048][T15043] do_syscall_64+0xc9/0xf80 [ 580.159069][T15043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.159085][T15043] RIP: 0033:0x7f272ed5b78e [ 580.159099][T15043] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 580.159114][T15043] RSP: 002b:00007f272fb88ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 580.159130][T15043] RAX: ffffffffffffffda RBX: 00007f272fb896c0 RCX: 00007f272ed5b78e [ 580.159140][T15043] RDX: 0000000000000002 RSI: 00007f272fb88f90 RDI: ffffffffffffff9c [ 580.159149][T15043] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 580.159159][T15043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 580.159169][T15043] R13: 00007f272f016038 R14: 00007f272f015fa0 R15: 00007ffce8a1ac38 [ 580.159190][T15043] [ 581.377626][T15059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1548'. [ 582.117462][T15073] __vm_enough_memory: pid: 15073, comm: syz.1.1554, bytes: 4398046511104 not enough memory for the allocation [ 582.603220][T15070] FAULT_INJECTION: forcing a failure. [ 582.603220][T15070] name failslab, interval 1, probability 0, space 0, times 0 [ 582.655536][T15070] CPU: 0 UID: 0 PID: 15070 Comm: syz.1.1554 Tainted: G L syzkaller #0 PREEMPT(full) [ 582.655564][T15070] Tainted: [L]=SOFTLOCKUP [ 582.655571][T15070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 582.655581][T15070] Call Trace: [ 582.655587][T15070] [ 582.655593][T15070] dump_stack_lvl+0x100/0x190 [ 582.655617][T15070] should_fail_ex.cold+0x5/0xa [ 582.655643][T15070] should_failslab+0xc2/0x120 [ 582.655666][T15070] __kmalloc_cache_noprof+0x80/0x810 [ 582.655682][T15070] ? fput+0x79/0x100 [ 582.655703][T15070] ? do_epoll_create+0x62/0x4b0 [ 582.655723][T15070] ? do_epoll_create+0x62/0x4b0 [ 582.655739][T15070] do_epoll_create+0x62/0x4b0 [ 582.655757][T15070] __x64_sys_epoll_create+0x45/0x70 [ 582.655774][T15070] do_syscall_64+0xc9/0xf80 [ 582.655794][T15070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.655811][T15070] RIP: 0033:0x7f272ed9aeb9 [ 582.655824][T15070] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 582.655840][T15070] RSP: 002b:00007f272fb89028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 582.655856][T15070] RAX: ffffffffffffffda RBX: 00007f272f015fa0 RCX: 00007f272ed9aeb9 [ 582.655866][T15070] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000003e [ 582.655876][T15070] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 582.655885][T15070] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 582.655893][T15070] R13: 00007f272f016038 R14: 00007f272f015fa0 R15: 00007ffce8a1ac38 [ 582.655913][T15070] [ 582.976733][T15084] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input148 [ 585.043985][T15136] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input149 [ 585.944375][T15153] FAULT_INJECTION: forcing a failure. [ 585.944375][T15153] name failslab, interval 1, probability 0, space 0, times 0 [ 586.001154][T15153] CPU: 0 UID: 0 PID: 15153 Comm: syz.3.1567 Tainted: G L syzkaller #0 PREEMPT(full) [ 586.001183][T15153] Tainted: [L]=SOFTLOCKUP [ 586.001189][T15153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 586.001198][T15153] Call Trace: [ 586.001205][T15153] [ 586.001211][T15153] dump_stack_lvl+0x100/0x190 [ 586.001235][T15153] should_fail_ex.cold+0x5/0xa [ 586.001262][T15153] should_failslab+0xc2/0x120 [ 586.001287][T15153] kmem_cache_alloc_noprof+0x83/0x780 [ 586.001308][T15153] ? __pfx_map_id_range_down+0x10/0x10 [ 586.001324][T15153] ? security_inode_alloc+0x3b/0x2c0 [ 586.001348][T15153] ? security_inode_alloc+0x3b/0x2c0 [ 586.001367][T15153] security_inode_alloc+0x3b/0x2c0 [ 586.001387][T15153] inode_init_always_gfp+0xced/0x1040 [ 586.001408][T15153] alloc_inode+0x8e/0x250 [ 586.001430][T15153] path_from_stashed+0x25b/0x750 [ 586.001448][T15153] ? do_raw_spin_unlock+0x145/0x1e0 [ 586.001474][T15153] ns_get_path+0x60/0x80 [ 586.001492][T15153] proc_ns_get_link+0x121/0x230 [ 586.001513][T15153] ? __pfx_proc_ns_get_link+0x10/0x10 [ 586.001535][T15153] ? atime_needs_update+0x8b/0x6b0 [ 586.001567][T15153] pick_link+0xd17/0x13c0 [ 586.001581][T15153] ? __pfx_proc_ns_get_link+0x10/0x10 [ 586.001605][T15153] step_into_slowpath+0x6c2/0xf50 [ 586.001643][T15153] ? __pfx_step_into_slowpath+0x10/0x10 [ 586.001658][T15153] ? find_held_lock+0x2b/0x80 [ 586.001680][T15153] path_openat+0xf95/0x3120 [ 586.001703][T15153] ? __pfx_path_openat+0x10/0x10 [ 586.001727][T15153] do_filp_open+0x1f7/0x420 [ 586.001746][T15153] ? __pfx_do_filp_open+0x10/0x10 [ 586.001777][T15153] ? _raw_spin_unlock+0x28/0x50 [ 586.001792][T15153] ? alloc_fd+0x476/0x790 [ 586.001814][T15153] do_sys_openat2+0x12e/0x220 [ 586.001838][T15153] ? __pfx_do_sys_openat2+0x10/0x10 [ 586.001863][T15153] ? __fget_files+0x21f/0x3d0 [ 586.001883][T15153] __x64_sys_openat+0x12d/0x210 [ 586.001906][T15153] ? __pfx___x64_sys_openat+0x10/0x10 [ 586.001927][T15153] ? xfd_validate_state+0x129/0x190 [ 586.001957][T15153] do_syscall_64+0xc9/0xf80 [ 586.001977][T15153] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.001993][T15153] RIP: 0033:0x7fda9d55b78e [ 586.002007][T15153] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 586.002023][T15153] RSP: 002b:00007fda9e3b3ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 586.002038][T15153] RAX: ffffffffffffffda RBX: 00007fda9e3b46c0 RCX: 00007fda9d55b78e [ 586.002049][T15153] RDX: 0000000000000002 RSI: 00007fda9e3b3f90 RDI: ffffffffffffff9c [ 586.002058][T15153] RBP: 00007fda9d608c1f R08: 0000000000000000 R09: 0000000000000000 [ 586.002068][T15153] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 586.002077][T15153] R13: 00007fda9d816038 R14: 00007fda9d815fa0 R15: 00007ffd7cd61068 [ 586.002097][T15153] [ 588.044381][T15177] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1570'. [ 588.361900][T15190] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1570'. [ 589.115563][T15210] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input150 [ 589.403900][T15212] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input151 [ 589.885041][T15225] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1585'. [ 590.381088][T15222] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1585'. [ 594.035497][T15314] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1590'. [ 594.071756][T15322] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1591'. [ 594.342640][T15324] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1591'. [ 595.785190][T15353] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 597.005593][T15379] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1602'. [ 597.366537][T15392] random: crng reseeded on system resumption [ 597.448662][T15393] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1604'. [ 597.460502][T15384] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1602'. [ 598.134542][T15401] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 598.901418][T15416] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input152 [ 599.389010][T15424] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input153 [ 600.837454][T15458] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1614'. [ 600.970318][T15464] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input154 [ 601.203987][T15463] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1614'. [ 601.717344][T15475] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1616'. [ 602.961755][T15492] input: ¶š9ã%v”ûJ,6Ö‘ as /devices/virtual/input/input155 [ 603.402391][T15507] FAULT_INJECTION: forcing a failure. [ 603.402391][T15507] name failslab, interval 1, probability 0, space 0, times 0 [ 603.476774][T15507] CPU: 0 UID: 0 PID: 15507 Comm: syz.1.1620 Tainted: G L syzkaller #0 PREEMPT(full) [ 603.476802][T15507] Tainted: [L]=SOFTLOCKUP [ 603.476808][T15507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 603.476819][T15507] Call Trace: [ 603.476825][T15507] [ 603.476832][T15507] dump_stack_lvl+0x100/0x190 [ 603.476858][T15507] should_fail_ex.cold+0x5/0xa [ 603.476885][T15507] should_failslab+0xc2/0x120 [ 603.476906][T15507] kmem_cache_alloc_noprof+0x83/0x780 [ 603.476926][T15507] ? prepare_creds+0x2c/0x950 [ 603.476951][T15507] ? prepare_creds+0x2c/0x950 [ 603.476964][T15507] prepare_creds+0x2c/0x950 [ 603.476980][T15507] __sys_setregid+0x109/0x910 [ 603.476997][T15507] ? rcu_is_watching+0x12/0xc0 [ 603.477014][T15507] do_syscall_64+0xc9/0xf80 [ 603.477034][T15507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.477050][T15507] RIP: 0033:0x7f272ed9aeb9 [ 603.477063][T15507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 603.477078][T15507] RSP: 002b:00007f272cfd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000072 [ 603.477093][T15507] RAX: ffffffffffffffda RBX: 00007f272f016180 RCX: 00007f272ed9aeb9 [ 603.477103][T15507] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffffffffff [ 603.477112][T15507] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 603.477121][T15507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 603.477130][T15507] R13: 00007f272f016218 R14: 00007f272f016180 R15: 00007ffce8a1ac38 [ 603.477149][T15507] [ 605.482553][T15548] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1627'. [ 607.001456][T15552] NFSD: Failed to start, no listeners configured. [ 607.660850][T15579] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1631'. [ 607.904788][T15583] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1631'. [ 608.469682][T15592] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1633'. [ 609.833344][T15601] zswap: compressor not available [ 610.179975][T15626] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1638'. [ 610.451899][T15631] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1638'. [ 610.635478][T15636] vivid-007: ================= START STATUS ================= [ 610.683257][T15636] vivid-007: Generate PTS: true [ 610.737460][T15636] vivid-007: Generate SCR: true [ 610.742443][T15636] tpg source WxH: 320x240 (Y'CbCr) [ 610.794920][T15636] tpg field: 1 [ 610.818457][T15636] tpg crop: (0,0)/320x240 [ 610.925415][T15636] tpg compose: (0,0)/320x240 [ 610.941505][T15636] tpg colorspace: 8 [ 611.005562][T15636] tpg transfer function: 0/0 [ 611.010405][T15636] tpg Y'CbCr encoding: 0/0 [ 611.106681][T15643] FAULT_INJECTION: forcing a failure. [ 611.106681][T15643] name failslab, interval 1, probability 0, space 0, times 0 [ 611.122419][T15636] tpg quantization: 0/0 [ 611.184612][T15643] CPU: 0 UID: 0 PID: 15643 Comm: syz.1.1641 Tainted: G L syzkaller #0 PREEMPT(full) [ 611.184643][T15643] Tainted: [L]=SOFTLOCKUP [ 611.184649][T15643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 611.184661][T15643] Call Trace: [ 611.184668][T15643] [ 611.184675][T15643] dump_stack_lvl+0x100/0x190 [ 611.184704][T15643] should_fail_ex.cold+0x5/0xa [ 611.184734][T15643] should_failslab+0xc2/0x120 [ 611.184756][T15643] ? constrain_params_by_rules+0x175/0xcc0 [ 611.184781][T15643] __kmalloc_noprof+0xf6/0x9c0 [ 611.184797][T15643] ? __kernel_text_address+0xd/0x30 [ 611.184823][T15643] ? unwind_get_return_address+0x59/0xa0 [ 611.184842][T15643] ? look_up_lock_class+0x55/0x120 [ 611.184863][T15643] ? constrain_params_by_rules+0x175/0xcc0 [ 611.184883][T15643] constrain_params_by_rules+0x175/0xcc0 [ 611.184909][T15643] ? __pfx_stack_trace_save+0x10/0x10 [ 611.184931][T15643] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 611.184966][T15643] ? __mutex_lock+0x26a/0x1b90 [ 611.184988][T15643] ? snd_interval_refine+0x2d0/0x580 [ 611.185005][T15643] snd_pcm_hw_refine+0x7e7/0xad0 [ 611.185029][T15643] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 611.185054][T15643] ? do_raw_spin_lock+0x128/0x260 [ 611.185079][T15643] ? mark_held_locks+0x40/0x70 [ 611.185101][T15643] snd_pcm_hw_params+0x3f1/0x1cb0 [ 611.185123][T15643] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 611.185145][T15643] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 611.185166][T15643] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 611.185185][T15643] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 611.185212][T15643] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 611.185245][T15643] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 611.185271][T15643] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 611.185303][T15643] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 611.185342][T15643] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 611.185363][T15643] snd_pcm_oss_sync+0x265/0x840 [ 611.185387][T15643] snd_pcm_oss_release+0x238/0x300 [ 611.185405][T15643] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 611.185425][T15643] __fput+0x3ff/0xb40 [ 611.185451][T15643] task_work_run+0x150/0x240 [ 611.185475][T15643] ? __pfx_task_work_run+0x10/0x10 [ 611.185504][T15643] exit_to_user_mode_loop+0x100/0x4b0 [ 611.185529][T15643] ? rcu_is_watching+0x12/0xc0 [ 611.185546][T15643] do_syscall_64+0x4ea/0xf80 [ 611.185567][T15643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.185584][T15643] RIP: 0033:0x7f272ed9aeb9 [ 611.185598][T15643] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 611.185614][T15643] RSP: 002b:00007f272fb89028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 611.185630][T15643] RAX: 0000000000000000 RBX: 00007f272f015fa0 RCX: 00007f272ed9aeb9 [ 611.185641][T15643] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 611.185651][T15643] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 611.185661][T15643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 611.185671][T15643] R13: 00007f272f016038 R14: 00007f272f015fa0 R15: 00007ffce8a1ac38 [ 611.185694][T15643] [ 611.540716][T15636] tpg RGB range: 0/2 [ 611.544757][T15636] vivid-007: ================== END STATUS ================== [ 612.524521][T15643] binder: 15642:15643 ioctl c018620c 0 returned -1 [ 614.166791][T15697] __vm_enough_memory: pid: 15697, comm: syz.3.1648, bytes: 4398046511104 not enough memory for the allocation [ 615.364835][T15727] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1654'. [ 617.471599][T15756] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1657'. [ 619.099369][T15767] NFSD: Failed to start, no listeners configured. [ 619.290469][T15776] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input156 [ 621.148427][T15800] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1664'. [ 624.203298][T15850] random: crng reseeded on system resumption [ 625.378482][T15863] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1673'. [ 625.836525][T15869] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input157 [ 628.707800][T15895] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1686'. [ 629.682697][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.689401][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.010502][T15924] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input158 [ 631.441198][T15926] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1682'. [ 634.034352][T15934] NFSD: Failed to start, no listeners configured. [ 636.196213][T15985] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1691'. [ 636.280775][T15987] __vm_enough_memory: pid: 15987, comm: syz.2.1692, bytes: 4398046511104 not enough memory for the allocation [ 637.407338][T16006] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1695'. [ 637.864244][T16014] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1695'. [ 640.682259][T16074] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1704'. [ 641.037576][T16077] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1704'. [ 642.722280][T16105] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1710'. [ 644.666072][T16148] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1716'. [ 645.112706][T16159] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1719'. [ 645.334294][T16165] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1719'. [ 647.924051][T16232] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1729'. [ 649.083586][T16213] ima: policy update failed [ 649.113259][ T30] audit: type=1802 audit(1769863385.713:16): pid=16213 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.1728" res=0 errno=0 [ 650.028577][T16259] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1734'. [ 650.244287][T16263] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1734'. [ 650.557372][T12275] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 651.398550][T16287] Console: switching to colour frame buffer device 128x48 [ 652.111733][T16298] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1739'. [ 652.235706][T12275] Bluetooth: hci0: command 0x0406 tx timeout [ 653.480041][ T3445] netdevsim netdevsim100 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 653.533629][T16321] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1742'. [ 656.519201][T16380] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1753'. [ 656.730839][T16390] : Can't lookup blockdev [ 656.875614][ T5148] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 657.358585][ T5148] Bluetooth: hci3: command 0x0406 tx timeout [ 658.160526][T16420] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1759'. [ 658.467340][T16424] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1759'. [ 660.893962][T16473] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 661.007134][T16473] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 661.053088][T16478] futex_wake_op: syz.3.1765 tries to shift op by -2048; fix this program [ 661.093707][T16473] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 661.136855][T16478] futex_wake_op: syz.3.1765 tries to shift op by -2048; fix this program [ 661.168935][T16473] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 661.230576][T16473] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 661.288112][T16473] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 661.971829][T16498] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1771'. [ 662.120747][T16496] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1771'. [ 662.569816][T16509] zswap: compressor not available [ 662.957527][ T5148] Bluetooth: hci2: command 0x0c1a tx timeout [ 663.037784][ T5148] Bluetooth: hci1: command 0x0c1a tx timeout [ 663.116608][ T5148] Bluetooth: hci0: command 0x0406 tx timeout [ 663.275425][ T5148] Bluetooth: hci3: command 0x0406 tx timeout [ 663.355328][T16264] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 664.634611][T16543] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input159 [ 664.676296][T16545] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 664.708537][T16545] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 664.774537][T16545] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 664.837729][T16545] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 665.046777][T16548] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input160 [ 665.070767][T16545] futex_wake_op: syz.1.1780 tries to shift op by -2048; fix this program [ 665.196649][T16545] futex_wake_op: syz.1.1780 tries to shift op by -2048; fix this program [ 665.900797][T16569] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1782'. [ 666.149113][T16574] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1782'. [ 666.717062][T16264] Bluetooth: hci1: command 0x0c1a tx timeout [ 666.723212][T16264] Bluetooth: hci2: command 0x0c1a tx timeout [ 666.796173][T16264] Bluetooth: hci0: command 0x0406 tx timeout [ 666.876994][T16264] Bluetooth: hci3: command 0x0406 tx timeout [ 666.923090][T16587] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1785'. [ 667.611972][T16571] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.157936][T16571] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.508235][T16571] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 668.696370][T16571] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 670.131830][T16642] vhci_hcd vhci_hcd.3: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 670.272456][T16650] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1795'. [ 671.341516][T16665] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1798'. [ 671.936683][T16679] input: f¬ as /devices/virtual/input/input161 [ 672.002954][T16671] zswap: compressor not available [ 672.021933][T16683] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1802'. [ 673.519986][T16695] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1804'. [ 673.863668][T16723] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input162 [ 674.384470][T16733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1809'. [ 674.763358][T16742] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1809'. [ 680.566759][T16802] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1820'. [ 680.746495][T16808] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1821'. [ 681.289148][T16814] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1822'. [ 681.961876][T16823] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1826'. [ 681.999667][T16823] ipvlan0: entered promiscuous mode [ 682.037141][T16823] ipvlan0: entered allmulticast mode [ 682.042519][T16823] veth0_vlan: entered allmulticast mode [ 682.960104][T16843] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1828'. [ 683.727243][T16865] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1832'. [ 684.324088][T16872] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1834'. [ 684.886471][T16883] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1835'. [ 685.296337][T16880] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1835'. [ 686.038378][T16908] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1839'. [ 686.210063][T16908] ipvlan0: entered promiscuous mode [ 686.345383][T16908] ipvlan0: entered allmulticast mode [ 686.494316][T16908] veth0_vlan: entered allmulticast mode [ 688.121921][T16939] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1845'. [ 689.408869][T16958] netlink: 330 bytes leftover after parsing attributes in process `syz.1.1847'. [ 690.812736][T16981] zswap: compressor not available [ 691.122584][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.129550][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.917521][T17014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1856'. [ 692.268421][T17018] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1856'. [ 694.076762][T16264] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 694.169930][T17052] bridge_slave_1: left allmulticast mode [ 694.216439][T17052] bridge_slave_1: left promiscuous mode [ 694.249252][T17052] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.860850][T17078] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1868'. [ 696.230548][T17075] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1868'. [ 697.679720][T17117] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1875'. [ 698.137349][T17117] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1875'. [ 698.179717][T17118] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1873'. [ 702.456967][T17201] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1887'. [ 703.096776][T17211] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1888'. [ 703.330729][T17218] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1889'. [ 703.957417][T17226] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1891'. [ 704.211120][T17229] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1891'. [ 706.113621][T17269] binder: 17268:17269 ioctl c0306201 0 returned -14 [ 706.678625][T17278] sd 0:0:1:0: PR command failed: 1026 [ 706.684137][T17278] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 706.765516][T17278] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 706.870644][T17283] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1900'. [ 707.113545][T17284] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1900'. [ 707.786972][T17301] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1903'. [ 708.244101][T17307] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1903'. [ 710.290652][T17366] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1910'. [ 710.546713][T17370] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1910'. [ 713.411287][T17457] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1923'. [ 713.559159][T17461] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1923'. [ 713.724478][T17467] blktrace: Concurrent blktraces are not allowed on loop2 [ 716.618748][T17528] FAULT_INJECTION: forcing a failure. [ 716.618748][T17528] name failslab, interval 1, probability 0, space 0, times 0 [ 716.771730][T17528] CPU: 0 UID: 0 PID: 17528 Comm: syz.2.1933 Tainted: G L syzkaller #0 PREEMPT(full) [ 716.771759][T17528] Tainted: [L]=SOFTLOCKUP [ 716.771766][T17528] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 716.771776][T17528] Call Trace: [ 716.771783][T17528] [ 716.771790][T17528] dump_stack_lvl+0x100/0x190 [ 716.771819][T17528] should_fail_ex.cold+0x5/0xa [ 716.771848][T17528] should_failslab+0xc2/0x120 [ 716.771879][T17528] __kmalloc_cache_noprof+0x80/0x810 [ 716.771897][T17528] ? rcu_is_watching+0x12/0xc0 [ 716.771915][T17528] ? single_open+0x4d/0x1d0 [ 716.771941][T17528] ? __pfx_filesystems_proc_show+0x10/0x10 [ 716.771964][T17528] ? single_open+0x4d/0x1d0 [ 716.771985][T17528] single_open+0x4d/0x1d0 [ 716.772007][T17528] ? __pfx_proc_single_open+0x10/0x10 [ 716.772030][T17528] proc_reg_open+0x2ab/0x5f0 [ 716.772053][T17528] do_dentry_open+0x73e/0x1570 [ 716.772073][T17528] ? __pfx_proc_reg_open+0x10/0x10 [ 716.772094][T17528] ? security_inode_permission+0xbf/0x250 [ 716.772123][T17528] vfs_open+0x82/0x3f0 [ 716.772146][T17528] path_openat+0x21dc/0x3120 [ 716.772171][T17528] ? __pfx_path_openat+0x10/0x10 [ 716.772195][T17528] do_filp_open+0x1f7/0x420 [ 716.772214][T17528] ? __pfx_do_filp_open+0x10/0x10 [ 716.772244][T17528] ? _raw_spin_unlock+0x28/0x50 [ 716.772260][T17528] ? alloc_fd+0x476/0x790 [ 716.772282][T17528] do_sys_openat2+0x12e/0x220 [ 716.772304][T17528] ? __pfx_do_sys_openat2+0x10/0x10 [ 716.772329][T17528] ? __fget_files+0x21f/0x3d0 [ 716.772353][T17528] __x64_sys_openat+0x12d/0x210 [ 716.772377][T17528] ? __pfx___x64_sys_openat+0x10/0x10 [ 716.772400][T17528] ? xfd_validate_state+0x129/0x190 [ 716.772431][T17528] do_syscall_64+0xc9/0xf80 [ 716.772451][T17528] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 716.772467][T17528] RIP: 0033:0x7faa7f59aeb9 [ 716.772482][T17528] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 716.772496][T17528] RSP: 002b:00007faa803b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 716.772512][T17528] RAX: ffffffffffffffda RBX: 00007faa7f816090 RCX: 00007faa7f59aeb9 [ 716.772522][T17528] RDX: 00000000001a1442 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 716.772532][T17528] RBP: 00007faa7f608c1f R08: 0000000000000000 R09: 0000000000000000 [ 716.772542][T17528] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 716.772551][T17528] R13: 00007faa7f816128 R14: 00007faa7f816090 R15: 00007fff97221908 [ 716.772571][T17528] [ 718.281864][T17549] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1937'. [ 719.655914][T17576] netlink: 'syz.0.1941': attribute type 1 has an invalid length. [ 720.832606][T17603] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1945'. [ 723.442461][T17667] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1955'. [ 723.673492][T17670] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1955'. [ 723.783389][T17676] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1956'. [ 723.977355][T17677] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1956'. [ 726.766224][T17733] mkiss: ax0: crc mode is auto. [ 727.376958][T17750] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 727.569111][T17754] Invalid ELF header magic: != ELF [ 727.920318][T17766] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1971'. [ 728.198853][T17772] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1972'. [ 728.356131][T17768] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1971'. [ 728.996288][T17789] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1975'. [ 731.011869][T16264] Bluetooth: hci0: Malformed LE Event: 0x0b [ 731.942124][T17863] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 734.777320][T17920] HfR: entered promiscuous mode [ 734.837222][T17920] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1995'. [ 734.880366][T17920] HfR: left promiscuous mode [ 735.592233][T17940] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1998'. [ 735.921990][T17944] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1998'. [ 737.261261][T17943] kexec: Could not allocate control_code_buffer [ 737.346240][T17972] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2003'. [ 737.360567][T17973] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2004'. [ 737.597062][T17979] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2003'. [ 738.935344][T18014] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2009'. [ 739.209464][T18015] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2009'. [ 741.689185][T18069] FAULT_INJECTION: forcing a failure. [ 741.689185][T18069] name failslab, interval 1, probability 0, space 0, times 0 [ 741.721535][T18069] CPU: 0 UID: 0 PID: 18069 Comm: syz.1.2019 Tainted: G L syzkaller #0 PREEMPT(full) [ 741.721565][T18069] Tainted: [L]=SOFTLOCKUP [ 741.721570][T18069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 741.721580][T18069] Call Trace: [ 741.721586][T18069] [ 741.721592][T18069] dump_stack_lvl+0x100/0x190 [ 741.721619][T18069] should_fail_ex.cold+0x5/0xa [ 741.721646][T18069] should_failslab+0xc2/0x120 [ 741.721667][T18069] __kmalloc_cache_noprof+0x80/0x810 [ 741.721684][T18069] ? acpi_evaluate_object+0xf5/0xe00 [ 741.721703][T18069] ? __lock_acquire+0x4a5/0x2630 [ 741.721726][T18069] ? acpi_evaluate_object+0xf5/0xe00 [ 741.721744][T18069] acpi_evaluate_object+0xf5/0xe00 [ 741.721762][T18069] ? kernfs_fop_read_iter+0x46c/0x610 [ 741.721778][T18069] ? vfs_read+0x825/0xb30 [ 741.721793][T18069] ? ksys_read+0x12a/0x250 [ 741.721813][T18069] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 741.721834][T18069] ? __pfx___might_resched+0x10/0x10 [ 741.721860][T18069] acpi_evaluate_integer+0xdf/0x220 [ 741.721876][T18069] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 741.721900][T18069] ? __pfx_status_show+0x10/0x10 [ 741.721917][T18069] status_show+0xa0/0x120 [ 741.721934][T18069] ? __pfx_status_show+0x10/0x10 [ 741.721957][T18069] dev_attr_show+0x52/0xa0 [ 741.721978][T18069] ? __pfx_dev_attr_show+0x10/0x10 [ 741.721998][T18069] sysfs_kf_seq_show+0x217/0x3a0 [ 741.722020][T18069] seq_read_iter+0x32f/0x1270 [ 741.722045][T18069] kernfs_fop_read_iter+0x46c/0x610 [ 741.722062][T18069] ? rw_verify_area+0xce/0x6d0 [ 741.722076][T18069] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 741.722093][T18069] vfs_read+0x825/0xb30 [ 741.722112][T18069] ? __pfx_vfs_read+0x10/0x10 [ 741.722127][T18069] ? find_held_lock+0x2b/0x80 [ 741.722154][T18069] ksys_read+0x12a/0x250 [ 741.722170][T18069] ? __pfx_ksys_read+0x10/0x10 [ 741.722192][T18069] do_syscall_64+0xc9/0xf80 [ 741.722213][T18069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 741.722228][T18069] RIP: 0033:0x7f272ed9aeb9 [ 741.722242][T18069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 741.722257][T18069] RSP: 002b:00007f272fb89028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 741.722273][T18069] RAX: ffffffffffffffda RBX: 00007f272f015fa0 RCX: 00007f272ed9aeb9 [ 741.722283][T18069] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000007 [ 741.722292][T18069] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 741.722301][T18069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 741.722310][T18069] R13: 00007f272f016038 R14: 00007f272f015fa0 R15: 00007ffce8a1ac38 [ 741.722330][T18069] [ 742.147886][T18085] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2021'. [ 742.163724][T18085] i: entered promiscuous mode [ 742.179556][T18085] HfR: entered promiscuous mode [ 742.304995][T18089] phram: not enough arguments [ 743.477394][T18105] ubi0: detaching mtd0 [ 743.613129][T18105] ubi0: mtd0 is detached [ 745.566927][T18142] binder: 18141:18142 ioctl 4018620d ffffffffffffffff returned -22 [ 745.946815][T18154] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2034'. [ 746.143559][T18154] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2034'. [ 746.158144][T18160] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2035'. [ 746.391344][T18167] Invalid ELF header magic: != ELF [ 746.465438][T18157] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2035'. [ 746.539686][T18172] FAULT_INJECTION: forcing a failure. [ 746.539686][T18172] name fail_futex, interval 1, probability 0, space 0, times 0 [ 746.563380][T18172] CPU: 0 UID: 0 PID: 18172 Comm: syz.2.2038 Tainted: G L syzkaller #0 PREEMPT(full) [ 746.563409][T18172] Tainted: [L]=SOFTLOCKUP [ 746.563415][T18172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 746.563425][T18172] Call Trace: [ 746.563431][T18172] [ 746.563438][T18172] dump_stack_lvl+0x100/0x190 [ 746.563466][T18172] should_fail_ex.cold+0x5/0xa [ 746.563492][T18172] get_futex_key+0x1d2/0x1620 [ 746.563514][T18172] ? __pfx_get_futex_key+0x10/0x10 [ 746.563540][T18172] futex_wake+0xea/0x530 [ 746.563562][T18172] ? rcu_is_watching+0x12/0xc0 [ 746.563579][T18172] ? lockdep_hardirqs_on+0x78/0x100 [ 746.563598][T18172] ? __pfx_futex_wake+0x10/0x10 [ 746.563623][T18172] ? fd_install+0x223/0x580 [ 746.563638][T18172] ? putname+0xf5/0x1a0 [ 746.563662][T18172] do_futex+0x32b/0x350 [ 746.563683][T18172] ? __pfx_do_futex+0x10/0x10 [ 746.563701][T18172] ? __pfx_do_sys_openat2+0x10/0x10 [ 746.563724][T18172] ? __fget_files+0x21f/0x3d0 [ 746.563742][T18172] __x64_sys_futex+0x34f/0x4d0 [ 746.563765][T18172] ? __pfx___x64_sys_futex+0x10/0x10 [ 746.563784][T18172] ? xfd_validate_state+0x129/0x190 [ 746.563814][T18172] do_syscall_64+0xc9/0xf80 [ 746.563833][T18172] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.563849][T18172] RIP: 0033:0x7faa7f59aeb9 [ 746.563863][T18172] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 746.563877][T18172] RSP: 002b:00007faa803d50e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 746.563893][T18172] RAX: ffffffffffffffda RBX: 00007faa7f815fa8 RCX: 00007faa7f59aeb9 [ 746.563903][T18172] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007faa7f815fac [ 746.563913][T18172] RBP: 00007faa7f815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 746.563923][T18172] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000000 [ 746.563933][T18172] R13: 00007faa7f816038 R14: 00007fff97221820 R15: 00007fff97221908 [ 746.563953][T18172] [ 746.926308][T18178] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2040'. [ 748.373540][T18205] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2044'. [ 748.601506][T18205] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2044'. [ 749.889469][T18242] FAULT_INJECTION: forcing a failure. [ 749.889469][T18242] name failslab, interval 1, probability 0, space 0, times 0 [ 749.955721][T18242] CPU: 0 UID: 0 PID: 18242 Comm: syz.0.2050 Tainted: G L syzkaller #0 PREEMPT(full) [ 749.955749][T18242] Tainted: [L]=SOFTLOCKUP [ 749.955755][T18242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 749.955766][T18242] Call Trace: [ 749.955773][T18242] [ 749.955779][T18242] dump_stack_lvl+0x100/0x190 [ 749.955804][T18242] should_fail_ex.cold+0x5/0xa [ 749.955831][T18242] should_failslab+0xc2/0x120 [ 749.955853][T18242] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 749.955875][T18242] ? vidtv_psi_short_event_desc_init+0x429/0x5f0 [ 749.955904][T18242] ? kstrdup+0x51/0xe0 [ 749.955921][T18242] kstrdup+0x51/0xe0 [ 749.955942][T18242] vidtv_psi_short_event_desc_init+0x429/0x5f0 [ 749.955970][T18242] vidtv_psi_desc_clone+0x33f/0x5d0 [ 749.955995][T18242] vidtv_channel_si_init+0x764/0x18d0 [ 749.956020][T18242] vidtv_mux_init+0x526/0xbf0 [ 749.956040][T18242] vidtv_start_feed+0x33e/0x4c0 [ 749.956062][T18242] ? __pfx_vidtv_start_feed+0x10/0x10 [ 749.956083][T18242] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 749.956106][T18242] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 749.956132][T18242] ? mark_held_locks+0x40/0x70 [ 749.956154][T18242] ? __pfx_vidtv_start_feed+0x10/0x10 [ 749.956176][T18242] dmx_ts_feed_start_filtering+0xf6/0x220 [ 749.956203][T18242] dvb_dmxdev_start_feed+0x273/0x3f0 [ 749.956226][T18242] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 749.956249][T18242] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 749.956272][T18242] dvb_demux_do_ioctl+0xe64/0x1200 [ 749.956305][T18242] dvb_usercopy+0x167/0x340 [ 749.956325][T18242] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 749.956348][T18242] ? __pfx_dvb_usercopy+0x10/0x10 [ 749.956376][T18242] ? __fget_files+0x21f/0x3d0 [ 749.956397][T18242] dvb_demux_ioctl+0x29/0x40 [ 749.956415][T18242] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 749.956435][T18242] __x64_sys_ioctl+0x18e/0x210 [ 749.956460][T18242] do_syscall_64+0xc9/0xf80 [ 749.956481][T18242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 749.956496][T18242] RIP: 0033:0x7f34adf9aeb9 [ 749.956510][T18242] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 749.956525][T18242] RSP: 002b:00007f34aef09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 749.956540][T18242] RAX: ffffffffffffffda RBX: 00007f34ae215fa0 RCX: 00007f34adf9aeb9 [ 749.956551][T18242] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000003 [ 749.956561][T18242] RBP: 00007f34ae008c1f R08: 0000000000000000 R09: 0000000000000000 [ 749.956571][T18242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 749.956588][T18242] R13: 00007f34ae216038 R14: 00007f34ae215fa0 R15: 00007ffc98e71538 [ 749.956610][T18242] [ 750.741674][T18260] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2055'. [ 750.832151][T18265] random: crng reseeded on system resumption [ 750.915095][T18265] hub 1-0:1.0: USB hub found [ 750.982228][T18265] hub 1-0:1.0: 1 port detected [ 750.989949][T18260] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2055'. [ 751.407887][T18278] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2057'. [ 751.603574][T18281] FAULT_INJECTION: forcing a failure. [ 751.603574][T18281] name failslab, interval 1, probability 0, space 0, times 0 [ 751.678482][T18281] CPU: 0 UID: 0 PID: 18281 Comm: syz.1.2058 Tainted: G L syzkaller #0 PREEMPT(full) [ 751.678511][T18281] Tainted: [L]=SOFTLOCKUP [ 751.678517][T18281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 751.678527][T18281] Call Trace: [ 751.678533][T18281] [ 751.678540][T18281] dump_stack_lvl+0x100/0x190 [ 751.678564][T18281] should_fail_ex.cold+0x5/0xa [ 751.678591][T18281] should_failslab+0xc2/0x120 [ 751.678613][T18281] kmem_cache_alloc_noprof+0x83/0x780 [ 751.678633][T18281] ? alloc_empty_file+0x55/0x1c0 [ 751.678658][T18281] ? alloc_empty_file+0x55/0x1c0 [ 751.678677][T18281] alloc_empty_file+0x55/0x1c0 [ 751.678706][T18281] path_openat+0xe8/0x3120 [ 751.678724][T18281] ? getname_flags+0x93/0xf0 [ 751.678739][T18281] ? do_sys_openat2+0xc5/0x220 [ 751.678761][T18281] ? __x64_sys_openat+0x12d/0x210 [ 751.678782][T18281] ? do_syscall_64+0xc9/0xf80 [ 751.678799][T18281] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.678819][T18281] ? __pfx_path_openat+0x10/0x10 [ 751.678843][T18281] do_filp_open+0x1f7/0x420 [ 751.678862][T18281] ? __pfx_do_filp_open+0x10/0x10 [ 751.678892][T18281] ? _raw_spin_unlock+0x28/0x50 [ 751.678907][T18281] ? alloc_fd+0x476/0x790 [ 751.678929][T18281] do_sys_openat2+0x12e/0x220 [ 751.678951][T18281] ? __pfx_do_sys_openat2+0x10/0x10 [ 751.678980][T18281] __x64_sys_openat+0x12d/0x210 [ 751.679002][T18281] ? __pfx___x64_sys_openat+0x10/0x10 [ 751.679024][T18281] ? xfd_validate_state+0x129/0x190 [ 751.679053][T18281] do_syscall_64+0xc9/0xf80 [ 751.679072][T18281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 751.679088][T18281] RIP: 0033:0x7f272ed9aeb9 [ 751.679101][T18281] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 751.679116][T18281] RSP: 002b:00007f272fb89028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 751.679132][T18281] RAX: ffffffffffffffda RBX: 00007f272f015fa0 RCX: 00007f272ed9aeb9 [ 751.679142][T18281] RDX: 0000000000608100 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 751.679151][T18281] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 751.679160][T18281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 751.679169][T18281] R13: 00007f272f016038 R14: 00007f272f015fa0 R15: 00007ffce8a1ac38 [ 751.679188][T18281] [ 751.922964][T18279] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2057'. [ 752.100480][T18284] ======================================================= [ 752.100480][T18284] WARNING: The mand mount option has been deprecated and [ 752.100480][T18284] and is ignored by this kernel. Remove the mand [ 752.100480][T18284] option from the mount to silence this warning. [ 752.100480][T18284] ======================================================= [ 752.256561][T18288] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2060'. [ 752.504135][T18290] FAULT_INJECTION: forcing a failure. [ 752.504135][T18290] name failslab, interval 1, probability 0, space 0, times 0 [ 752.561243][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 752.571056][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 752.612018][T18290] CPU: 0 UID: 0 PID: 18290 Comm: syz.1.2061 Tainted: G L syzkaller #0 PREEMPT(full) [ 752.612047][T18290] Tainted: [L]=SOFTLOCKUP [ 752.612053][T18290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 752.612063][T18290] Call Trace: [ 752.612069][T18290] [ 752.612076][T18290] dump_stack_lvl+0x100/0x190 [ 752.612101][T18290] should_fail_ex.cold+0x5/0xa [ 752.612127][T18290] should_failslab+0xc2/0x120 [ 752.612149][T18290] ? __alloc_workqueue+0x148/0x1880 [ 752.612169][T18290] __kmalloc_noprof+0xf6/0x9c0 [ 752.612184][T18290] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 752.612211][T18290] ? __debug_object_init+0x2de/0x3d0 [ 752.612235][T18290] ? __alloc_workqueue+0x148/0x1880 [ 752.612255][T18290] __alloc_workqueue+0x148/0x1880 [ 752.612277][T18290] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 752.612297][T18290] alloc_workqueue_noprof+0xd2/0x200 [ 752.612318][T18290] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 752.612339][T18290] ? kobject_init+0x159/0x1b0 [ 752.612359][T18290] ? __alloc_disk_node+0x4d8/0x6b0 [ 752.612396][T18290] nbd_dev_add+0x51a/0xb10 [ 752.612415][T18290] ? find_held_lock+0x2b/0x80 [ 752.612432][T18290] ? __pfx_nbd_dev_add+0x10/0x10 [ 752.612448][T18290] ? nbd_genl_connect+0x131a/0x1a40 [ 752.612478][T18290] ? bpf_lsm_capable+0x9/0x10 [ 752.612493][T18290] ? __radix_tree_lookup+0x217/0x2b0 [ 752.612512][T18290] nbd_genl_connect+0xb8d/0x1a40 [ 752.612530][T18290] ? rcu_is_watching+0x12/0xc0 [ 752.612544][T18290] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 752.612565][T18290] ? __pfx_nbd_genl_connect+0x10/0x10 [ 752.612584][T18290] ? __nla_parse+0x40/0x60 [ 752.612604][T18290] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 752.612622][T18290] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 752.612643][T18290] genl_family_rcv_msg_doit+0x214/0x300 [ 752.612662][T18290] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 752.612678][T18290] ? genl_get_cmd+0x3ef/0x720 [ 752.612698][T18290] ? __dev_queue_xmit+0x7fd/0x46f0 [ 752.612716][T18290] ? __radix_tree_lookup+0x217/0x2b0 [ 752.612734][T18290] genl_rcv_msg+0x560/0x800 [ 752.612752][T18290] ? __pfx_genl_rcv_msg+0x10/0x10 [ 752.612769][T18290] ? __pfx_nbd_genl_connect+0x10/0x10 [ 752.612794][T18290] netlink_rcv_skb+0x159/0x420 [ 752.612817][T18290] ? __pfx_genl_rcv_msg+0x10/0x10 [ 752.612834][T18290] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 752.612865][T18290] ? netlink_deliver_tap+0x1ae/0xcc0 [ 752.612890][T18290] genl_rcv+0x28/0x40 [ 752.612903][T18290] netlink_unicast+0x5aa/0x870 [ 752.612929][T18290] ? __pfx_netlink_unicast+0x10/0x10 [ 752.612959][T18290] netlink_sendmsg+0x8b0/0xda0 [ 752.612985][T18290] ? __pfx_netlink_sendmsg+0x10/0x10 [ 752.613007][T18290] ? __import_iovec+0x1d2/0x640 [ 752.613034][T18290] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 752.613057][T18290] ____sys_sendmsg+0xa54/0xc30 [ 752.613076][T18290] ? __pfx_____sys_sendmsg+0x10/0x10 [ 752.613096][T18290] ? try_to_wake_up+0x644/0x1a60 [ 752.613116][T18290] ___sys_sendmsg+0x190/0x1e0 [ 752.613135][T18290] ? __pfx____sys_sendmsg+0x10/0x10 [ 752.613152][T18290] ? futex_private_hash_put+0x107/0x1c0 [ 752.613179][T18290] ? find_held_lock+0x2b/0x80 [ 752.613206][T18290] __sys_sendmsg+0x170/0x220 [ 752.613228][T18290] ? __pfx___sys_sendmsg+0x10/0x10 [ 752.613250][T18290] ? __x64_sys_futex+0x34f/0x4d0 [ 752.613281][T18290] do_syscall_64+0xc9/0xf80 [ 752.613301][T18290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 752.613318][T18290] RIP: 0033:0x7f272ed9aeb9 [ 752.613332][T18290] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 752.613347][T18290] RSP: 002b:00007f272fb89028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 752.613363][T18290] RAX: ffffffffffffffda RBX: 00007f272f015fa0 RCX: 00007f272ed9aeb9 [ 752.613373][T18290] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 000000000000000d [ 752.613389][T18290] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 752.613399][T18290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 752.613409][T18290] R13: 00007f272f016038 R14: 00007f272f015fa0 R15: 00007ffce8a1ac38 [ 752.613430][T18290] [ 753.023317][T18290] block (null): Could not allocate knbd recv work queue. [ 753.135661][T18290] nbd: failed to add new device [ 754.903698][T18338] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2071'. [ 757.375156][T18393] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2080'. [ 757.599090][T18390] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2080'. [ 758.164718][T18418] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2085'. [ 758.332612][T18421] FAULT_INJECTION: forcing a failure. [ 758.332612][T18421] name failslab, interval 1, probability 0, space 0, times 0 [ 758.408140][T18421] CPU: 0 UID: 0 PID: 18421 Comm: syz.1.2084 Tainted: G L syzkaller #0 PREEMPT(full) [ 758.408168][T18421] Tainted: [L]=SOFTLOCKUP [ 758.408175][T18421] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 758.408185][T18421] Call Trace: [ 758.408190][T18421] [ 758.408197][T18421] dump_stack_lvl+0x100/0x190 [ 758.408221][T18421] should_fail_ex.cold+0x5/0xa [ 758.408248][T18421] should_failslab+0xc2/0x120 [ 758.408269][T18421] kmem_cache_alloc_noprof+0x83/0x780 [ 758.408290][T18421] ? acpi_ut_create_generic_state+0x61/0xc0 [ 758.408315][T18421] ? acpi_ut_create_generic_state+0x61/0xc0 [ 758.408334][T18421] acpi_ut_create_generic_state+0x61/0xc0 [ 758.408353][T18421] acpi_ps_init_scope+0x3a/0x240 [ 758.408376][T18421] acpi_ds_init_aml_walk+0x1f6/0x680 [ 758.408399][T18421] acpi_ds_call_control_method+0x3a2/0xab0 [ 758.408420][T18421] acpi_ps_parse_aml+0xacd/0x1120 [ 758.408443][T18421] acpi_ps_execute_method+0x5c4/0xe90 [ 758.408468][T18421] acpi_ns_evaluate+0x640/0x1670 [ 758.408495][T18421] acpi_evaluate_object+0x420/0xe00 [ 758.408512][T18421] ? kernfs_fop_read_iter+0x46c/0x610 [ 758.408528][T18421] ? vfs_read+0x825/0xb30 [ 758.408542][T18421] ? ksys_read+0x12a/0x250 [ 758.408561][T18421] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 758.408581][T18421] ? __pfx___might_resched+0x10/0x10 [ 758.408607][T18421] acpi_evaluate_integer+0xdf/0x220 [ 758.408623][T18421] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 758.408646][T18421] ? __pfx_status_show+0x10/0x10 [ 758.408662][T18421] status_show+0xa0/0x120 [ 758.408680][T18421] ? __pfx_status_show+0x10/0x10 [ 758.408702][T18421] dev_attr_show+0x52/0xa0 [ 758.408724][T18421] ? __pfx_dev_attr_show+0x10/0x10 [ 758.408744][T18421] sysfs_kf_seq_show+0x217/0x3a0 [ 758.408770][T18421] seq_read_iter+0x32f/0x1270 [ 758.408794][T18421] kernfs_fop_read_iter+0x46c/0x610 [ 758.408812][T18421] ? rw_verify_area+0xce/0x6d0 [ 758.408826][T18421] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 758.408844][T18421] vfs_read+0x825/0xb30 [ 758.408863][T18421] ? __pfx_vfs_read+0x10/0x10 [ 758.408878][T18421] ? find_held_lock+0x2b/0x80 [ 758.408906][T18421] ksys_read+0x12a/0x250 [ 758.408923][T18421] ? __pfx_ksys_read+0x10/0x10 [ 758.408945][T18421] do_syscall_64+0xc9/0xf80 [ 758.408966][T18421] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 758.408982][T18421] RIP: 0033:0x7f272ed9aeb9 [ 758.408997][T18421] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 758.409012][T18421] RSP: 002b:00007f272cff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 758.409027][T18421] RAX: ffffffffffffffda RBX: 00007f272f016090 RCX: 00007f272ed9aeb9 [ 758.409038][T18421] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000008 [ 758.409048][T18421] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 758.409058][T18421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 758.409074][T18421] R13: 00007f272f016128 R14: 00007f272f016090 R15: 00007ffce8a1ac38 [ 758.409095][T18421] [ 758.412335][T18421] ACPI Error: [ 760.384883][T18455] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2091'. [ 760.778713][T18455] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2091'. [ 760.848677][T18421] Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20250807/psparse-529) [ 761.719462][T18490] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2096'. [ 762.411239][T18506] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2099'. [ 762.630300][T18507] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2099'. [ 764.298854][T18537] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2104'. [ 764.740678][T18541] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2104'. [ 765.131226][T18551] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2107'. [ 766.521423][T18574] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2110'. [ 767.589531][T18600] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2114'. [ 768.007867][T18603] FAULT_INJECTION: forcing a failure. [ 768.007867][T18603] name failslab, interval 1, probability 0, space 0, times 0 [ 768.069840][T18603] CPU: 0 UID: 0 PID: 18603 Comm: syz.0.2115 Tainted: G L syzkaller #0 PREEMPT(full) [ 768.069867][T18603] Tainted: [L]=SOFTLOCKUP [ 768.069873][T18603] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 768.069884][T18603] Call Trace: [ 768.069890][T18603] [ 768.069897][T18603] dump_stack_lvl+0x100/0x190 [ 768.069923][T18603] should_fail_ex.cold+0x5/0xa [ 768.069957][T18603] should_failslab+0xc2/0x120 [ 768.069980][T18603] kmem_cache_alloc_noprof+0x83/0x780 [ 768.070001][T18603] ? __pfx_map_id_range_down+0x10/0x10 [ 768.070017][T18603] ? security_inode_alloc+0x3b/0x2c0 [ 768.070041][T18603] ? security_inode_alloc+0x3b/0x2c0 [ 768.070059][T18603] security_inode_alloc+0x3b/0x2c0 [ 768.070080][T18603] inode_init_always_gfp+0xced/0x1040 [ 768.070101][T18603] alloc_inode+0x8e/0x250 [ 768.070123][T18603] new_inode+0x22/0x1c0 [ 768.070146][T18603] bdev_alloc+0x2b/0x420 [ 768.070164][T18603] __alloc_disk_node+0x116/0x6b0 [ 768.070190][T18603] __blk_mq_alloc_disk+0x89/0x120 [ 768.070211][T18603] nbd_dev_add+0x492/0xb10 [ 768.070229][T18603] ? find_held_lock+0x2b/0x80 [ 768.070244][T18603] ? __pfx_nbd_dev_add+0x10/0x10 [ 768.070260][T18603] ? nbd_genl_connect+0x131a/0x1a40 [ 768.070291][T18603] ? bpf_lsm_capable+0x9/0x10 [ 768.070306][T18603] ? __radix_tree_lookup+0x217/0x2b0 [ 768.070326][T18603] nbd_genl_connect+0xb8d/0x1a40 [ 768.070344][T18603] ? rcu_is_watching+0x12/0xc0 [ 768.070359][T18603] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 768.070380][T18603] ? __pfx_nbd_genl_connect+0x10/0x10 [ 768.070399][T18603] ? __nla_parse+0x40/0x60 [ 768.070418][T18603] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 768.070435][T18603] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 768.070455][T18603] genl_family_rcv_msg_doit+0x214/0x300 [ 768.070474][T18603] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 768.070490][T18603] ? genl_get_cmd+0x3ef/0x720 [ 768.070510][T18603] ? __dev_queue_xmit+0x7fd/0x46f0 [ 768.070527][T18603] ? __radix_tree_lookup+0x217/0x2b0 [ 768.070546][T18603] genl_rcv_msg+0x560/0x800 [ 768.070564][T18603] ? __pfx_genl_rcv_msg+0x10/0x10 [ 768.070580][T18603] ? __pfx_nbd_genl_connect+0x10/0x10 [ 768.070606][T18603] netlink_rcv_skb+0x159/0x420 [ 768.070629][T18603] ? __pfx_genl_rcv_msg+0x10/0x10 [ 768.070646][T18603] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 768.070676][T18603] ? netlink_deliver_tap+0x1ae/0xcc0 [ 768.070701][T18603] genl_rcv+0x28/0x40 [ 768.070715][T18603] netlink_unicast+0x5aa/0x870 [ 768.070740][T18603] ? __pfx_netlink_unicast+0x10/0x10 [ 768.070770][T18603] netlink_sendmsg+0x8b0/0xda0 [ 768.070796][T18603] ? __pfx_netlink_sendmsg+0x10/0x10 [ 768.070817][T18603] ? __import_iovec+0x1d2/0x640 [ 768.070842][T18603] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 768.070869][T18603] ____sys_sendmsg+0xa54/0xc30 [ 768.070888][T18603] ? __pfx_____sys_sendmsg+0x10/0x10 [ 768.070909][T18603] ? try_to_wake_up+0x644/0x1a60 [ 768.070936][T18603] ___sys_sendmsg+0x190/0x1e0 [ 768.070956][T18603] ? __pfx____sys_sendmsg+0x10/0x10 [ 768.070974][T18603] ? futex_private_hash_put+0x107/0x1c0 [ 768.071003][T18603] ? find_held_lock+0x2b/0x80 [ 768.071032][T18603] __sys_sendmsg+0x170/0x220 [ 768.071055][T18603] ? __pfx___sys_sendmsg+0x10/0x10 [ 768.071076][T18603] ? __x64_sys_futex+0x34f/0x4d0 [ 768.071108][T18603] do_syscall_64+0xc9/0xf80 [ 768.071128][T18603] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.071144][T18603] RIP: 0033:0x7f34adf9aeb9 [ 768.071158][T18603] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 768.071172][T18603] RSP: 002b:00007f34aef09028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 768.071188][T18603] RAX: ffffffffffffffda RBX: 00007f34ae215fa0 RCX: 00007f34adf9aeb9 [ 768.071198][T18603] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 000000000000000d [ 768.071208][T18603] RBP: 00007f34ae008c1f R08: 0000000000000000 R09: 0000000000000000 [ 768.071218][T18603] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 768.071227][T18603] R13: 00007f34ae216038 R14: 00007f34ae215fa0 R15: 00007ffc98e71538 [ 768.071248][T18603] [ 768.889041][T18610] Invalid ELF header magic: != ELF [ 769.436438][T18603] nbd: failed to add new device [ 769.696671][T18625] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2118'. [ 770.470155][T18632] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2118'. [ 772.094458][T16264] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 773.928538][T18706] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2133'. [ 774.159166][ T5148] Bluetooth: hci3: command 0x0406 tx timeout [ 774.337630][T18712] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2133'. [ 776.235545][T16264] Bluetooth: hci3: command 0x0406 tx timeout [ 776.350427][T18763] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2143'. [ 777.050443][T18777] random: crng reseeded on system resumption [ 777.258646][T18779] hub 1-0:1.0: USB hub found [ 777.334505][T18779] hub 1-0:1.0: 1 port detected [ 779.270586][T18814] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2154'. [ 779.584295][T18817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2154'. [ 780.249261][T18837] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2157'. [ 781.984786][T18883] random: crng reseeded on system resumption [ 782.170636][T18890] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2166'. [ 782.199397][T18883] hub 1-0:1.0: USB hub found [ 782.242115][T18883] hub 1-0:1.0: 1 port detected [ 782.560679][T18895] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2166'. [ 783.172510][T18909] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2168'. [ 784.446790][T18943] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2176'. [ 784.510571][T18943] i: entered promiscuous mode [ 784.554227][T18947] HfR: entered promiscuous mode [ 785.759763][T18980] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2181'. [ 786.176715][T18984] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2181'. [ 787.200623][T19008] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 789.262321][T19056] random: crng reseeded on system resumption [ 791.675113][T19108] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2201'. [ 793.650697][T19163] random: crng reseeded on system resumption [ 793.848340][T19163] hub 1-0:1.0: USB hub found [ 793.942251][T19163] hub 1-0:1.0: 1 port detected [ 796.162909][T19221] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2215'. [ 797.502435][T19259] vivid-007: ================= START STATUS ================= [ 797.547590][T19259] vivid-007: Generate PTS: true [ 797.565864][T19259] vivid-007: Generate SCR: true [ 797.589017][T19259] tpg source WxH: 320x240 (Y'CbCr) [ 797.626082][T19259] tpg field: 1 [ 797.638894][T19259] tpg crop: (0,0)/320x240 [ 797.654642][T19259] tpg compose: (0,0)/320x240 [ 797.669858][T19259] tpg colorspace: 8 [ 797.698694][T19259] tpg transfer function: 0/0 [ 797.723848][T19259] tpg Y'CbCr encoding: 0/0 [ 797.779232][T19259] tpg quantization: 0/0 [ 797.819215][T19259] tpg RGB range: 0/2 [ 797.844420][T19259] vivid-007: ================== END STATUS ================== [ 799.012082][T19296] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2226'. [ 799.616715][T19306] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2227'. [ 800.903532][T19334] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2233'. [ 801.197393][T19338] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2233'. [ 801.439637][T19337] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2230'. [ 801.696515][T19337] bond0: entered promiscuous mode [ 801.701706][T19337] bond_slave_0: entered promiscuous mode [ 801.824847][T19337] bond_slave_1: entered promiscuous mode [ 801.918297][T19348] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2234'. [ 801.936246][T19337] bond0: entered allmulticast mode [ 801.941446][T19337] bond_slave_0: entered allmulticast mode [ 802.038874][T19354] snd_virmidi snd_virmidi.0: control 61678:131081:3:yªƒ>oÆ[k<÷:0 is already present [ 802.066523][T19337] bond_slave_1: entered allmulticast mode [ 804.619678][T19402] input: jJǸ-¶š9ã%vø“ as /devices/virtual/input/input164 [ 805.005034][T19412] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2246'. [ 805.463490][T19422] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2247'. [ 805.586694][T19425] FAULT_INJECTION: forcing a failure. [ 805.586694][T19425] name failslab, interval 1, probability 0, space 0, times 0 [ 805.653786][T19425] CPU: 0 UID: 0 PID: 19425 Comm: syz.3.2248 Tainted: G L syzkaller #0 PREEMPT(full) [ 805.653816][T19425] Tainted: [L]=SOFTLOCKUP [ 805.653822][T19425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 805.653836][T19425] Call Trace: [ 805.653841][T19425] [ 805.653849][T19425] dump_stack_lvl+0x100/0x190 [ 805.653873][T19425] should_fail_ex.cold+0x5/0xa [ 805.653900][T19425] should_failslab+0xc2/0x120 [ 805.653922][T19425] __kmalloc_cache_noprof+0x80/0x810 [ 805.653939][T19425] ? drm_atomic_state_alloc+0xb8/0x120 [ 805.653968][T19425] ? drm_atomic_state_alloc+0xb8/0x120 [ 805.653988][T19425] drm_atomic_state_alloc+0xb8/0x120 [ 805.654008][T19425] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 805.654032][T19425] ? trace_contention_end+0xd6/0x110 [ 805.654054][T19425] ? __mutex_lock+0x26a/0x1b90 [ 805.654074][T19425] ? __mutex_lock+0x26a/0x1b90 [ 805.654092][T19425] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 805.654114][T19425] ? drm_master_internal_acquire+0x21/0x80 [ 805.654154][T19425] drm_client_modeset_commit_locked+0x14d/0x580 [ 805.654188][T19425] drm_client_modeset_commit+0x4f/0x80 [ 805.654211][T19425] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 805.654236][T19425] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 805.654260][T19425] drm_fbdev_client_restore+0x1b/0x30 [ 805.654277][T19425] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 805.654294][T19425] drm_client_dev_restore+0x205/0x2a0 [ 805.654318][T19425] drm_release+0x2c6/0x360 [ 805.654338][T19425] ? __pfx_drm_release+0x10/0x10 [ 805.654357][T19425] __fput+0x3ff/0xb40 [ 805.654382][T19425] task_work_run+0x150/0x240 [ 805.654406][T19425] ? __pfx_task_work_run+0x10/0x10 [ 805.654435][T19425] exit_to_user_mode_loop+0x100/0x4b0 [ 805.654456][T19425] ? rcu_is_watching+0x12/0xc0 [ 805.654473][T19425] do_syscall_64+0x4ea/0xf80 [ 805.654493][T19425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.654509][T19425] RIP: 0033:0x7fda9d59aeb9 [ 805.654524][T19425] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 805.654540][T19425] RSP: 002b:00007fda9e3b4028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 805.654556][T19425] RAX: 0000000000000000 RBX: 00007fda9d815fa0 RCX: 00007fda9d59aeb9 [ 805.654566][T19425] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 805.654575][T19425] RBP: 00007fda9d608c1f R08: 0000000000000000 R09: 0000000000000000 [ 805.654584][T19425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 805.654593][T19425] R13: 00007fda9d816038 R14: 00007fda9d815fa0 R15: 00007ffd7cd61068 [ 805.654614][T19425] [ 807.313100][T19461] FAULT_INJECTION: forcing a failure. [ 807.313100][T19461] name failslab, interval 1, probability 0, space 0, times 0 [ 807.380196][T19461] CPU: 0 UID: 0 PID: 19461 Comm: syz.3.2255 Tainted: G L syzkaller #0 PREEMPT(full) [ 807.380224][T19461] Tainted: [L]=SOFTLOCKUP [ 807.380230][T19461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 807.380240][T19461] Call Trace: [ 807.380246][T19461] [ 807.380253][T19461] dump_stack_lvl+0x100/0x190 [ 807.380278][T19461] should_fail_ex.cold+0x5/0xa [ 807.380304][T19461] should_failslab+0xc2/0x120 [ 807.380326][T19461] kmem_cache_alloc_noprof+0x83/0x780 [ 807.380347][T19461] ? __mpol_dup+0x74/0x370 [ 807.380374][T19461] ? __mpol_dup+0x74/0x370 [ 807.380395][T19461] __mpol_dup+0x74/0x370 [ 807.380417][T19461] ? __pfx___mpol_dup+0x10/0x10 [ 807.380442][T19461] ? anon_vma_name+0x81/0x2c0 [ 807.380466][T19461] vma_dup_policy+0x42/0xb0 [ 807.380488][T19461] __split_vma+0x35e/0xe30 [ 807.380507][T19461] ? __pfx___split_vma+0x10/0x10 [ 807.380527][T19461] ? __pfx_mas_prev+0x10/0x10 [ 807.380552][T19461] vms_gather_munmap_vmas+0x3aa/0x1320 [ 807.380573][T19461] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 807.380593][T19461] ? mas_walk+0x6ef/0x9b0 [ 807.380614][T19461] __mmap_region+0x46e/0x2820 [ 807.380634][T19461] ? __pfx___mmap_region+0x10/0x10 [ 807.380659][T19461] ? lock_acquire+0x17c/0x330 [ 807.380677][T19461] ? look_up_lock_class+0x55/0x120 [ 807.380694][T19461] ? find_held_lock+0x2b/0x80 [ 807.380709][T19461] ? register_lock_class+0x40/0x560 [ 807.380730][T19461] ? rcu_is_watching+0x12/0xc0 [ 807.380748][T19461] ? __lock_acquire+0x4a5/0x2630 [ 807.380774][T19461] ? lock_acquire+0x17c/0x330 [ 807.380818][T19461] ? rcu_is_watching+0x12/0xc0 [ 807.380844][T19461] mmap_region+0x180/0x3e0 [ 807.380867][T19461] do_mmap+0xc63/0x12f0 [ 807.380894][T19461] ? __pfx_do_mmap+0x10/0x10 [ 807.380917][T19461] ? __pfx_down_write_killable+0x10/0x10 [ 807.380941][T19461] vm_mmap_pgoff+0x29e/0x470 [ 807.380968][T19461] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 807.380988][T19461] ? __fget_files+0x215/0x3d0 [ 807.381008][T19461] ? __fget_files+0x21f/0x3d0 [ 807.381028][T19461] ksys_mmap_pgoff+0x328/0x5b0 [ 807.381056][T19461] ? syscall_user_dispatch+0x76/0x130 [ 807.381082][T19461] __x64_sys_mmap+0x125/0x190 [ 807.381101][T19461] do_syscall_64+0xc9/0xf80 [ 807.381121][T19461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 807.381138][T19461] RIP: 0033:0x7fda9d59aeb9 [ 807.381152][T19461] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 807.381167][T19461] RSP: 002b:00007fda9e3b4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 807.381182][T19461] RAX: ffffffffffffffda RBX: 00007fda9d815fa0 RCX: 00007fda9d59aeb9 [ 807.381193][T19461] RDX: 0000000000000003 RSI: 0000000000000009 RDI: 0000000000000000 [ 807.381202][T19461] RBP: 00007fda9d608c1f R08: 0000000000000003 R09: 0000000000008000 [ 807.381212][T19461] R10: 0000000000008012 R11: 0000000000000246 R12: 0000000000000000 [ 807.381222][T19461] R13: 00007fda9d816038 R14: 00007fda9d815fa0 R15: 00007ffd7cd61068 [ 807.381243][T19461] [ 810.379383][T19523] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2266'. [ 810.558014][T19525] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2265'. [ 812.620784][T19553] kexec: Could not allocate control_code_buffer [ 814.001826][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 814.017798][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 814.071294][T19618] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2277'. [ 814.393825][T19629] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2279'. [ 814.775515][T19642] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2281'. [ 814.807695][T19635] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2279'. [ 815.584083][T19656] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2285'. [ 818.023319][T19711] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2293'. [ 818.735821][T19721] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2295'. [ 818.884846][T19717] FAULT_INJECTION: forcing a failure. [ 818.884846][T19717] name failslab, interval 1, probability 0, space 0, times 0 [ 818.946400][T19717] CPU: 0 UID: 0 PID: 19717 Comm: syz.1.2294 Tainted: G L syzkaller #0 PREEMPT(full) [ 818.946430][T19717] Tainted: [L]=SOFTLOCKUP [ 818.946436][T19717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 818.946447][T19717] Call Trace: [ 818.946453][T19717] [ 818.946460][T19717] dump_stack_lvl+0x100/0x190 [ 818.946487][T19717] should_fail_ex.cold+0x5/0xa [ 818.946515][T19717] should_failslab+0xc2/0x120 [ 818.946537][T19717] kmem_cache_alloc_noprof+0x83/0x780 [ 818.946558][T19717] ? __mpol_dup+0x74/0x370 [ 818.946587][T19717] ? __mpol_dup+0x74/0x370 [ 818.946610][T19717] __mpol_dup+0x74/0x370 [ 818.946632][T19717] ? __pfx___mpol_dup+0x10/0x10 [ 818.946656][T19717] ? anon_vma_name+0x81/0x2c0 [ 818.946680][T19717] vma_dup_policy+0x42/0xb0 [ 818.946703][T19717] __split_vma+0x35e/0xe30 [ 818.946723][T19717] ? __pfx___split_vma+0x10/0x10 [ 818.946743][T19717] ? __pfx_mas_prev+0x10/0x10 [ 818.946768][T19717] vms_gather_munmap_vmas+0x3aa/0x1320 [ 818.946788][T19717] ? __pfx_vms_gather_munmap_vmas+0x10/0x10 [ 818.946809][T19717] ? mas_walk+0x6ef/0x9b0 [ 818.946831][T19717] __mmap_region+0x46e/0x2820 [ 818.946851][T19717] ? __pfx___mmap_region+0x10/0x10 [ 818.946876][T19717] ? lock_acquire+0x17c/0x330 [ 818.946895][T19717] ? look_up_lock_class+0x55/0x120 [ 818.946912][T19717] ? find_held_lock+0x2b/0x80 [ 818.946927][T19717] ? register_lock_class+0x40/0x560 [ 818.946947][T19717] ? rcu_is_watching+0x12/0xc0 [ 818.946978][T19717] ? __lock_acquire+0x4a5/0x2630 [ 818.947008][T19717] ? lock_acquire+0x17c/0x330 [ 818.947055][T19717] ? rcu_is_watching+0x12/0xc0 [ 818.947077][T19717] mmap_region+0x180/0x3e0 [ 818.947102][T19717] do_mmap+0xc63/0x12f0 [ 818.947128][T19717] ? __pfx_do_mmap+0x10/0x10 [ 818.947151][T19717] ? __pfx_down_write_killable+0x10/0x10 [ 818.947175][T19717] vm_mmap_pgoff+0x29e/0x470 [ 818.947201][T19717] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 818.947222][T19717] ? __fget_files+0x215/0x3d0 [ 818.947242][T19717] ? __fget_files+0x21f/0x3d0 [ 818.947262][T19717] ksys_mmap_pgoff+0x328/0x5b0 [ 818.947283][T19717] ? syscall_user_dispatch+0x76/0x130 [ 818.947308][T19717] __x64_sys_mmap+0x125/0x190 [ 818.947325][T19717] do_syscall_64+0xc9/0xf80 [ 818.947344][T19717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 818.947360][T19717] RIP: 0033:0x7f272ed9aeb9 [ 818.947373][T19717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 818.947388][T19717] RSP: 002b:00007f272fb89028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 818.947404][T19717] RAX: ffffffffffffffda RBX: 00007f272f015fa0 RCX: 00007f272ed9aeb9 [ 818.947415][T19717] RDX: 0000000000000003 RSI: 0000000000000009 RDI: 0000000000000000 [ 818.947424][T19717] RBP: 00007f272ee08c1f R08: 0000000000000003 R09: 0000000000008000 [ 818.947435][T19717] R10: 0000000000008012 R11: 0000000000000246 R12: 0000000000000000 [ 818.947445][T19717] R13: 00007f272f016038 R14: 00007f272f015fa0 R15: 00007ffce8a1ac38 [ 818.947466][T19717] [ 819.286559][T19730] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2298'. [ 819.305350][T19731] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2297'. [ 819.761780][T19730] i: entered promiscuous mode [ 819.797644][T19732] HfR: entered promiscuous mode [ 820.793433][T19767] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2304'. [ 822.771306][T19812] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2311'. [ 823.197347][T19831] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2315'. [ 824.114282][T19860] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2318'. [ 825.381529][T19878] netlink: 'syz.2.2320': attribute type 1 has an invalid length. [ 828.183284][T19927] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2328'. [ 828.424788][T19927] bond0: entered promiscuous mode [ 828.450068][T19927] bond_slave_0: entered promiscuous mode [ 828.543970][T19927] bond_slave_1: entered promiscuous mode [ 828.638664][T19927] bond0: entered allmulticast mode [ 828.700228][T19927] bond_slave_0: entered allmulticast mode [ 828.793715][T19927] bond_slave_1: entered allmulticast mode [ 829.182246][T19962] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2335'. [ 829.991315][T19974] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2336'. [ 830.618068][T19985] sp0: Synchronizing with TNC [ 831.383583][T20011] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2343'. [ 831.607244][T20015] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2343'. [ 831.631673][T20022] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2345'. [ 831.767792][T20016] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2344'. [ 831.821355][T20022] : renamed from bridge_slave_1 (while UP) [ 831.853347][T20022] bridge0: port 2() entered disabled state [ 832.538800][T20036] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2347'. [ 834.048894][T20081] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2355'. [ 834.496518][T20086] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2357'. [ 834.550031][T20086] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2357'. [ 834.947458][T20091] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2358'. [ 835.549509][T20111] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2362'. [ 837.311371][T20147] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2368'. [ 837.968747][T20164] zswap: compressor not available [ 841.263145][T20238] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2382'. [ 841.299637][T20238] ipvlan0: entered promiscuous mode [ 841.346242][T20238] ipvlan0: entered allmulticast mode [ 841.417166][T20238] veth0_vlan: entered allmulticast mode [ 841.469519][T20237] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2383'. [ 841.701839][T20249] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2384'. [ 844.244857][T20307] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2395'. [ 844.480649][T20316] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2397'. [ 848.126400][T20391] XFS: Clearing xfsstats [ 850.804922][T20452] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2422'. [ 851.161872][T20464] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2424'. [ 852.460665][T20495] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2430'. [ 852.507919][T20495] : renamed from bridge_slave_1 (while UP) [ 852.556173][T20495] : entered allmulticast mode [ 854.151484][T20535] FAULT_INJECTION: forcing a failure. [ 854.151484][T20535] name failslab, interval 1, probability 0, space 0, times 0 [ 854.216860][T20535] CPU: 0 UID: 0 PID: 20535 Comm: syz.1.2439 Tainted: G L syzkaller #0 PREEMPT(full) [ 854.216889][T20535] Tainted: [L]=SOFTLOCKUP [ 854.216895][T20535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 854.216906][T20535] Call Trace: [ 854.216911][T20535] [ 854.216918][T20535] dump_stack_lvl+0x100/0x190 [ 854.216944][T20535] should_fail_ex.cold+0x5/0xa [ 854.216971][T20535] should_failslab+0xc2/0x120 [ 854.216994][T20535] kmem_cache_alloc_noprof+0x83/0x780 [ 854.217016][T20535] ? sk_prot_alloc+0x60/0x2a0 [ 854.217036][T20535] ? sk_prot_alloc+0x60/0x2a0 [ 854.217050][T20535] sk_prot_alloc+0x60/0x2a0 [ 854.217067][T20535] sk_alloc+0x36/0xe80 [ 854.217088][T20535] rxrpc_create+0x116/0x8d0 [ 854.217109][T20535] __sock_create+0x339/0x860 [ 854.217129][T20535] __sys_socket+0x14d/0x260 [ 854.217147][T20535] ? __pfx___sys_socket+0x10/0x10 [ 854.217164][T20535] ? xfd_validate_state+0x129/0x190 [ 854.217197][T20535] __x64_sys_socket+0x72/0xb0 [ 854.217213][T20535] ? lockdep_hardirqs_on+0x78/0x100 [ 854.217232][T20535] do_syscall_64+0xc9/0xf80 [ 854.217251][T20535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 854.217266][T20535] RIP: 0033:0x7f272ed9aeb9 [ 854.217280][T20535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 854.217295][T20535] RSP: 002b:00007f272fb89028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 854.217311][T20535] RAX: ffffffffffffffda RBX: 00007f272f015fa0 RCX: 00007f272ed9aeb9 [ 854.217320][T20535] RDX: 0010000000000002 RSI: 0000000000000002 RDI: 2000000000000021 [ 854.217330][T20535] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 854.217339][T20535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 854.217348][T20535] R13: 00007f272f016038 R14: 00007f272f015fa0 R15: 00007ffce8a1ac38 [ 854.217367][T20535] [ 854.920003][T20543] NFSD: Failed to start, no listeners configured. [ 855.087340][T20547] futex_wake_op: syz.2.2442 tries to shift op by -2048; fix this program [ 855.146634][T20547] futex_wake_op: syz.2.2442 tries to shift op by -2048; fix this program [ 855.595161][T20557] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2444'. [ 857.226249][T20599] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2450'. [ 858.493732][T20610] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2453'. [ 859.198458][T20629] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2455'. [ 860.150599][T20645] mkiss: ax0: crc mode is auto. [ 860.492308][T20659] XFS: Clearing xfsstats [ 861.052816][T20670] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2460'. [ 861.859158][T20692] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2465'. [ 862.849949][T20708] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2470'. [ 862.891671][T20696] binder: 20695:20696 ioctl c018620c 0 returned -1 [ 863.836877][T20720] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2473'. [ 864.422814][T20728] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2474'. [ 864.675362][T20729] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 864.675692][T20729] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 865.850250][T20758] mkiss: ax0: crc mode is auto. [ 866.764755][T20777] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2484'. [ 868.639276][T20830] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2492'. [ 871.140802][T20899] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2503'. [ 874.031636][T20968] FAULT_INJECTION: forcing a failure. [ 874.031636][T20968] name failslab, interval 1, probability 0, space 0, times 0 [ 874.106223][T20968] CPU: 0 UID: 0 PID: 20968 Comm: syz.0.2513 Tainted: G L syzkaller #0 PREEMPT(full) [ 874.106276][T20968] Tainted: [L]=SOFTLOCKUP [ 874.106282][T20968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 874.106292][T20968] Call Trace: [ 874.106299][T20968] [ 874.106306][T20968] dump_stack_lvl+0x100/0x190 [ 874.106332][T20968] should_fail_ex.cold+0x5/0xa [ 874.106359][T20968] should_failslab+0xc2/0x120 [ 874.106398][T20968] __kmalloc_cache_noprof+0x80/0x810 [ 874.106416][T20968] ? resv_map_alloc+0x7e/0x400 [ 874.106438][T20968] ? resv_map_alloc+0x7e/0x400 [ 874.106456][T20968] resv_map_alloc+0x7e/0x400 [ 874.106475][T20968] hugetlb_reserve_pages+0x64d/0x1170 [ 874.106500][T20968] ? _raw_spin_unlock+0x28/0x50 [ 874.106516][T20968] ? __pfx_hugetlb_reserve_pages+0x10/0x10 [ 874.106542][T20968] ? rcu_read_lock_any_held+0x6a/0xa0 [ 874.106561][T20968] hugetlbfs_file_mmap_prepare+0x3d3/0x640 [ 874.106590][T20968] __mmap_region+0xe7f/0x2820 [ 874.106611][T20968] ? __pfx___mmap_region+0x10/0x10 [ 874.106635][T20968] ? find_held_lock+0x2b/0x80 [ 874.106666][T20968] ? is_bpf_text_address+0x8a/0x1a0 [ 874.106690][T20968] ? is_bpf_text_address+0x8a/0x1a0 [ 874.106712][T20968] ? bpf_ksym_find+0x124/0x1c0 [ 874.106730][T20968] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 874.106749][T20968] ? is_bpf_text_address+0x94/0x1a0 [ 874.106772][T20968] ? kernel_text_address+0x8d/0x100 [ 874.106795][T20968] ? __kernel_text_address+0xd/0x30 [ 874.106824][T20968] ? unwind_get_return_address+0x59/0xa0 [ 874.106854][T20968] ? stack_trace_save+0x8e/0xc0 [ 874.106898][T20968] ? rcu_is_watching+0x12/0xc0 [ 874.106919][T20968] mmap_region+0x180/0x3e0 [ 874.106947][T20968] do_mmap+0xc63/0x12f0 [ 874.106973][T20968] ? __pfx_do_mmap+0x10/0x10 [ 874.106996][T20968] ? __pfx_down_write_killable+0x10/0x10 [ 874.107022][T20968] vm_mmap_pgoff+0x29e/0x470 [ 874.107048][T20968] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 874.107068][T20968] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 874.107091][T20968] ? hugetlbfs_get_inode+0x36e/0x6f0 [ 874.107112][T20968] ksys_mmap_pgoff+0x1c4/0x5b0 [ 874.107136][T20968] __x64_sys_mmap+0x125/0x190 [ 874.107153][T20968] do_syscall_64+0xc9/0xf80 [ 874.107172][T20968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.107190][T20968] RIP: 0033:0x7f34adf9aeb9 [ 874.107204][T20968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.107218][T20968] RSP: 002b:00007f34aef09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 874.107234][T20968] RAX: ffffffffffffffda RBX: 00007f34ae215fa0 RCX: 00007f34adf9aeb9 [ 874.107245][T20968] RDX: 0000000000000002 RSI: 0000000000000005 RDI: 0000000000000000 [ 874.107253][T20968] RBP: 00007f34ae008c1f R08: 0000000000000401 R09: 0000300000000000 [ 874.107263][T20968] R10: 0000000000040eb2 R11: 0000000000000246 R12: 0000000000000000 [ 874.107273][T20968] R13: 00007f34ae216038 R14: 00007f34ae215fa0 R15: 00007ffc98e71538 [ 874.107294][T20968] [ 875.438853][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 875.446121][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 877.141293][T21042] __vm_enough_memory: pid: 21042, comm: syz.2.2524, bytes: 4398046511104 not enough memory for the allocation [ 877.155819][T21043] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2525'. [ 877.247230][T21046] ptrace attach of "./syz-executor exec"[5834] was attempted by "./syz-executor exec"[21046] [ 877.742363][T21043] ptrace attach of "./syz-executor exec"[5834] was attempted by "./syz-executor exec"[21043] [ 878.906398][T21079] binder: 21077:21079 ioctl c0306201 0 returned -14 [ 881.579200][T21132] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2537'. [ 883.926088][T21177] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2545'. [ 886.007247][T21215] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2553'. [ 886.095333][T14444] Process accounting resumed [ 886.229287][T21213] zswap: compressor û not available [ 889.138531][T21293] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2565'. [ 889.274647][T21294] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2566'. [ 889.409942][T21287] bridge0: port 3(netdevsim0) entered blocking state [ 889.475543][T21287] bridge0: port 3(netdevsim0) entered disabled state [ 889.759339][T21287] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 889.895787][T21287] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 889.903850][T21287] FAULT_INJECTION: forcing a failure. [ 889.903850][T21287] name failslab, interval 1, probability 0, space 0, times 0 [ 890.171993][T21287] CPU: 0 UID: 0 PID: 21287 Comm: syz.1.2564 Tainted: G L syzkaller #0 PREEMPT(full) [ 890.172022][T21287] Tainted: [L]=SOFTLOCKUP [ 890.172029][T21287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 890.172039][T21287] Call Trace: [ 890.172045][T21287] [ 890.172051][T21287] dump_stack_lvl+0x100/0x190 [ 890.172078][T21287] should_fail_ex.cold+0x5/0xa [ 890.172104][T21287] should_failslab+0xc2/0x120 [ 890.172126][T21287] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 890.172147][T21287] ? __alloc_skb+0x156/0x410 [ 890.172171][T21287] ? __alloc_skb+0x156/0x410 [ 890.172189][T21287] __alloc_skb+0x156/0x410 [ 890.172207][T21287] ? __alloc_skb+0x35d/0x410 [ 890.172228][T21287] ? __pfx___alloc_skb+0x10/0x10 [ 890.172256][T21287] br_vlan_notify+0x15d/0x8a0 [ 890.172276][T21287] ? nbp_vlan_add+0x2a4/0x3e0 [ 890.172297][T21287] nbp_vlan_init+0x3f6/0x500 [ 890.172316][T21287] ? __pfx_nbp_vlan_init+0x10/0x10 [ 890.172338][T21287] ? __local_bh_enable_ip+0x9e/0x120 [ 890.172357][T21287] ? lockdep_hardirqs_on+0x78/0x100 [ 890.172375][T21287] ? br_fdb_add_local+0x43/0x60 [ 890.172390][T21287] ? __local_bh_enable_ip+0x9e/0x120 [ 890.172411][T21287] br_add_if+0xf79/0x1b40 [ 890.172437][T21287] add_del_if+0x114/0x160 [ 890.172458][T21287] br_dev_siocdevprivate+0x8ac/0x1650 [ 890.172480][T21287] ? __lock_acquire+0x4a5/0x2630 [ 890.172499][T21287] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 890.172527][T21287] ? do_raw_spin_lock+0x128/0x260 [ 890.172553][T21287] ? mark_held_locks+0x40/0x70 [ 890.172574][T21287] ? netdev_name_node_lookup+0x107/0x150 [ 890.172598][T21287] ? __mutex_lock+0x26a/0x1b90 [ 890.172618][T21287] dev_ifsioc+0xc15/0x1eb0 [ 890.172642][T21287] ? __pfx_dev_ifsioc+0x10/0x10 [ 890.172661][T21287] ? __pfx___mutex_lock+0x10/0x10 [ 890.172687][T21287] ? dev_load+0x8e/0x240 [ 890.172705][T21287] ? dev_load+0x8e/0x240 [ 890.172729][T21287] dev_ioctl+0x70e/0x1070 [ 890.172751][T21287] sock_ioctl+0x494/0x6b0 [ 890.172769][T21287] ? __pfx_sock_ioctl+0x10/0x10 [ 890.172794][T21287] ? __pfx_sock_ioctl+0x10/0x10 [ 890.172812][T21287] __x64_sys_ioctl+0x18e/0x210 [ 890.172838][T21287] do_syscall_64+0xc9/0xf80 [ 890.172858][T21287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 890.172873][T21287] RIP: 0033:0x7f272ed9aeb9 [ 890.172887][T21287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 890.172901][T21287] RSP: 002b:00007f272fb89028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 890.172917][T21287] RAX: ffffffffffffffda RBX: 00007f272f015fa0 RCX: 00007f272ed9aeb9 [ 890.172927][T21287] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000007 [ 890.172938][T21287] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 890.172948][T21287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 890.172965][T21287] R13: 00007f272f016038 R14: 00007f272f015fa0 R15: 00007ffce8a1ac38 [ 890.172984][T21287] [ 890.173064][T21287] bridge0: port 3(netdevsim0) entered blocking state [ 890.475008][T21287] bridge0: port 3(netdevsim0) entered forwarding state [ 890.806701][T21320] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2569'. [ 890.922912][T21324] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2570'. [ 894.896568][T21395] vhci_hcd vhci_hcd.2: invalid port number 16 [ 894.923093][T21395] vhci_hcd vhci_hcd.2: invalid port number 16 [ 896.783884][T21443] ptp ptp0: only physical clock in use now [ 896.811972][ T30] audit: type=1326 audit(1769863633.413:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21442 comm="syz.3.2590" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fda9d59aeb9 code=0x0 [ 897.068663][T21451] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2592'. [ 898.231192][T21474] misc userio: No port type given on /dev/userio [ 898.271468][T21474] FAULT_INJECTION: forcing a failure. [ 898.271468][T21474] name failslab, interval 1, probability 0, space 0, times 0 [ 898.321938][T21474] CPU: 0 UID: 0 PID: 21474 Comm: syz.1.2597 Tainted: G L syzkaller #0 PREEMPT(full) [ 898.321966][T21474] Tainted: [L]=SOFTLOCKUP [ 898.321973][T21474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 898.321983][T21474] Call Trace: [ 898.321989][T21474] [ 898.321996][T21474] dump_stack_lvl+0x100/0x190 [ 898.322020][T21474] should_fail_ex.cold+0x5/0xa [ 898.322046][T21474] should_failslab+0xc2/0x120 [ 898.322068][T21474] __kmalloc_cache_noprof+0x80/0x810 [ 898.322084][T21474] ? loop_add+0xb9/0xb60 [ 898.322105][T21474] ? tomoyo_path_number_perm+0x188/0x580 [ 898.322131][T21474] ? loop_add+0xb9/0xb60 [ 898.322153][T21474] loop_add+0xb9/0xb60 [ 898.322177][T21474] ? __pfx_loop_add+0x10/0x10 [ 898.322211][T21474] ? find_held_lock+0x2b/0x80 [ 898.322225][T21474] ? hook_file_ioctl_common+0x146/0x410 [ 898.322249][T21474] loop_control_ioctl+0xae/0x620 [ 898.322264][T21474] ? __pfx_loop_control_ioctl+0x10/0x10 [ 898.322289][T21474] ? __pfx_loop_control_ioctl+0x10/0x10 [ 898.322314][T21474] __x64_sys_ioctl+0x18e/0x210 [ 898.322338][T21474] do_syscall_64+0xc9/0xf80 [ 898.322359][T21474] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 898.322375][T21474] RIP: 0033:0x7f272ed9aeb9 [ 898.322396][T21474] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 898.322413][T21474] RSP: 002b:00007f272cfd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 898.322429][T21474] RAX: ffffffffffffffda RBX: 00007f272f016180 RCX: 00007f272ed9aeb9 [ 898.322440][T21474] RDX: 0000000000000000 RSI: 0000000000004c80 RDI: 0000000000000002 [ 898.322451][T21474] RBP: 00007f272ee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 898.322460][T21474] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 898.322470][T21474] R13: 00007f272f016218 R14: 00007f272f016180 R15: 00007ffce8a1ac38 [ 898.322490][T21474] [ 899.883313][T21505] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2603'. [ 900.161738][ T30] audit: type=1800 audit(1769863636.763:18): pid=21519 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2607" name="trace_pipe" dev="tracefs" ino=73 res=0 errno=0 [ 900.253187][T21517] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2605'. [ 900.532059][T21529] Invalid ELF header magic: != ELF [ 901.239425][T21551] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2613'. [ 902.007876][T21563] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2615'. [ 902.383247][T21575] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2618'. [ 903.239348][T21597] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2622'. [ 903.814814][T21618] netlink: 342 bytes leftover after parsing attributes in process `syz.0.2625'. [ 904.112965][T21621] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2626'. [ 905.018997][T21647] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2630'. [ 905.988135][T21674] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2634'. [ 906.071265][T21673] RDS: rds_bind could not find a transport for ::ffff:172.20.20.253, load rds_tcp or rds_rdma? [ 907.064103][T21698] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2638'. [ 908.546473][T21718] FAULT_INJECTION: forcing a failure. [ 908.546473][T21718] name failslab, interval 1, probability 0, space 0, times 0 [ 908.687661][T21718] CPU: 0 UID: 0 PID: 21718 Comm: syz.0.2643 Tainted: G L syzkaller #0 PREEMPT(full) [ 908.687690][T21718] Tainted: [L]=SOFTLOCKUP [ 908.687696][T21718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 908.687705][T21718] Call Trace: [ 908.687711][T21718] [ 908.687718][T21718] dump_stack_lvl+0x100/0x190 [ 908.687743][T21718] should_fail_ex.cold+0x5/0xa [ 908.687770][T21718] should_failslab+0xc2/0x120 [ 908.687793][T21718] kmem_cache_alloc_noprof+0x83/0x780 [ 908.687814][T21718] ? radix_tree_node_alloc.constprop.0+0x66/0x340 [ 908.687838][T21718] ? radix_tree_node_alloc.constprop.0+0x66/0x340 [ 908.687865][T21718] ? radix_tree_node_alloc.constprop.0+0x66/0x340 [ 908.687889][T21718] radix_tree_node_alloc.constprop.0+0x66/0x340 [ 908.687917][T21718] idr_get_free+0x52e/0xa00 [ 908.687939][T21718] idr_alloc_u32+0x1ac/0x320 [ 908.687958][T21718] ? __pfx_idr_alloc_u32+0x10/0x10 [ 908.687981][T21718] idr_alloc+0xc0/0x130 [ 908.688004][T21718] ? __pfx_idr_alloc+0x10/0x10 [ 908.688021][T21718] ? lockdep_init_map_type+0x5c/0x250 [ 908.688047][T21718] loop_add+0x1fe/0xb60 [ 908.688071][T21718] ? __pfx_loop_add+0x10/0x10 [ 908.688106][T21718] ? find_held_lock+0x2b/0x80 [ 908.688121][T21718] ? hook_file_ioctl_common+0x146/0x410 [ 908.688146][T21718] loop_control_ioctl+0xae/0x620 [ 908.688161][T21718] ? __pfx_loop_control_ioctl+0x10/0x10 [ 908.688187][T21718] ? __pfx_loop_control_ioctl+0x10/0x10 [ 908.688211][T21718] __x64_sys_ioctl+0x18e/0x210 [ 908.688237][T21718] do_syscall_64+0xc9/0xf80 [ 908.688257][T21718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 908.688272][T21718] RIP: 0033:0x7f34adf9aeb9 [ 908.688286][T21718] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 908.688301][T21718] RSP: 002b:00007f34aef09028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 908.688316][T21718] RAX: ffffffffffffffda RBX: 00007f34ae215fa0 RCX: 00007f34adf9aeb9 [ 908.688326][T21718] RDX: 000000000000066b RSI: 0000000000004c80 RDI: 0000000000000007 [ 908.688335][T21718] RBP: 00007f34ae008c1f R08: 0000000000000000 R09: 0000000000000000 [ 908.688344][T21718] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 908.688353][T21718] R13: 00007f34ae216038 R14: 00007f34ae215fa0 R15: 00007ffc98e71538 [ 908.688385][T21718] [ 910.963467][T21773] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2651'. [ 911.573507][T21787] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2653'. [ 911.839847][T21795] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2653'. [ 912.404573][T21801] WARNING! power/level is deprecated; use power/control instead [ 912.548614][T21806] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2658'. [ 912.800516][ T30] audit: type=1800 audit(1769865697.458:19): pid=21801 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2656" name="lu_gp_id" dev="configfs" ino=97574 res=0 errno=0 [ 913.599446][ T30] audit: type=1800 audit(1769865698.252:20): pid=21826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2659" name="features" dev="configfs" ino=97641 res=0 errno=0 [ 913.641658][T21826] sd 0:0:1:0: PR command failed: 1026 [ 913.662829][T21826] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 913.710684][T21824] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2661'. [ 913.720314][T21826] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 916.052700][T21887] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2669'. [ 917.839976][ T30] audit: type=1800 audit(1769865702.514:21): pid=21952 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2676" name="features" dev="configfs" ino=98364 res=0 errno=0 [ 917.883910][T21952] sd 0:0:1:0: PR command failed: 1026 [ 917.903057][T21952] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 917.930166][T21952] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 918.904413][T21984] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2681'. [ 920.198810][T21994] binder: 21992:21994 ioctl c018620c 0 returned -1 [ 920.734684][T22013] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2687'. [ 921.440408][T22028] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2689'. [ 923.176718][T22055] FAULT_INJECTION: forcing a failure. [ 923.176718][T22055] name failslab, interval 1, probability 0, space 0, times 0 [ 923.256964][T22055] CPU: 0 UID: 0 PID: 22055 Comm: syz.0.2694 Tainted: G L syzkaller #0 PREEMPT(full) [ 923.256993][T22055] Tainted: [L]=SOFTLOCKUP [ 923.256999][T22055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 923.257008][T22055] Call Trace: [ 923.257015][T22055] [ 923.257022][T22055] dump_stack_lvl+0x100/0x190 [ 923.257048][T22055] should_fail_ex.cold+0x5/0xa [ 923.257075][T22055] should_failslab+0xc2/0x120 [ 923.257098][T22055] __kmalloc_cache_noprof+0x80/0x810 [ 923.257115][T22055] ? vidtv_psi_set_sec_len+0xa5/0x160 [ 923.257141][T22055] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 923.257161][T22055] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 923.257176][T22055] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 923.257193][T22055] vidtv_channel_si_init+0x1289/0x18d0 [ 923.257219][T22055] vidtv_mux_init+0x526/0xbf0 [ 923.257241][T22055] vidtv_start_feed+0x33e/0x4c0 [ 923.257263][T22055] ? __pfx_vidtv_start_feed+0x10/0x10 [ 923.257284][T22055] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 923.257307][T22055] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 923.257333][T22055] ? mark_held_locks+0x40/0x70 [ 923.257356][T22055] ? __pfx_vidtv_start_feed+0x10/0x10 [ 923.257377][T22055] dmx_ts_feed_start_filtering+0xf6/0x220 [ 923.257406][T22055] dvb_dmxdev_start_feed+0x273/0x3f0 [ 923.257428][T22055] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 923.257452][T22055] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 923.257475][T22055] dvb_demux_do_ioctl+0xe64/0x1200 [ 923.257503][T22055] dvb_usercopy+0x167/0x340 [ 923.257522][T22055] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 923.257545][T22055] ? __pfx_dvb_usercopy+0x10/0x10 [ 923.257571][T22055] ? __fget_files+0x21f/0x3d0 [ 923.257592][T22055] dvb_demux_ioctl+0x29/0x40 [ 923.257611][T22055] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 923.257630][T22055] __x64_sys_ioctl+0x18e/0x210 [ 923.257656][T22055] do_syscall_64+0xc9/0xf80 [ 923.257676][T22055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.257693][T22055] RIP: 0033:0x7f34adf9aeb9 [ 923.257707][T22055] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 923.257722][T22055] RSP: 002b:00007f34aeee8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 923.257738][T22055] RAX: ffffffffffffffda RBX: 00007f34ae216090 RCX: 00007f34adf9aeb9 [ 923.257752][T22055] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000003 [ 923.257761][T22055] RBP: 00007f34ae008c1f R08: 0000000000000000 R09: 0000000000000000 [ 923.257771][T22055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 923.257780][T22055] R13: 00007f34ae216128 R14: 00007f34ae216090 R15: 00007ffc98e71538 [ 923.257801][T22055] [ 923.257884][T22055] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 923.533342][T22055] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 923.541765][T22055] CPU: 0 UID: 0 PID: 22055 Comm: syz.0.2694 Tainted: G L syzkaller #0 PREEMPT(full) [ 923.552877][T22055] Tainted: [L]=SOFTLOCKUP [ 923.557312][T22055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 923.567442][T22055] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 923.573335][T22055] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 bd b9 ed f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 99 b9 ed f9 4d 85 e4 [ 923.592979][T22055] RSP: 0018:ffffc90004687a18 EFLAGS: 00010247 [ 923.599321][T22055] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000eb6a000 [ 923.607284][T22055] RDX: 0000000000000000 RSI: ffffffff881890c3 RDI: 0000000000000005 [ 923.615335][T22055] RBP: ffff888097ee5fc0 R08: 0000000000000000 R09: 4453534204050000 [ 923.623300][T22055] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 923.631380][T22055] R13: ffff88807989a140 R14: ffff88809e3ed680 R15: ffff88807989ad00 [ 923.639435][T22055] FS: 00007f34aeee86c0(0000) GS:ffff8881245e3000(0000) knlGS:0000000000000000 [ 923.648359][T22055] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 923.654943][T22055] CR2: 0000001b2eb08ff8 CR3: 000000009917a000 CR4: 00000000003526f0 [ 923.662916][T22055] Call Trace: [ 923.666197][T22055] [ 923.669119][T22055] vidtv_channel_si_init+0x12fc/0x18d0 [ 923.674597][T22055] vidtv_mux_init+0x526/0xbf0 [ 923.679444][T22055] vidtv_start_feed+0x33e/0x4c0 [ 923.684317][T22055] ? __pfx_vidtv_start_feed+0x10/0x10 [ 923.689725][T22055] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 923.695102][T22055] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 923.701697][T22055] ? mark_held_locks+0x40/0x70 [ 923.706461][T22055] ? __pfx_vidtv_start_feed+0x10/0x10 [ 923.711830][T22055] dmx_ts_feed_start_filtering+0xf6/0x220 [ 923.717553][T22055] dvb_dmxdev_start_feed+0x273/0x3f0 [ 923.722868][T22055] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 923.728343][T22055] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 923.733543][T22055] dvb_demux_do_ioctl+0xe64/0x1200 [ 923.738668][T22055] dvb_usercopy+0x167/0x340 [ 923.743189][T22055] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 923.748734][T22055] ? __pfx_dvb_usercopy+0x10/0x10 [ 923.753768][T22055] ? __fget_files+0x21f/0x3d0 [ 923.758617][T22055] dvb_demux_ioctl+0x29/0x40 [ 923.763204][T22055] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 923.768484][T22055] __x64_sys_ioctl+0x18e/0x210 [ 923.773250][T22055] do_syscall_64+0xc9/0xf80 [ 923.777804][T22055] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.783691][T22055] RIP: 0033:0x7f34adf9aeb9 [ 923.788103][T22055] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 923.808407][T22055] RSP: 002b:00007f34aeee8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 923.816850][T22055] RAX: ffffffffffffffda RBX: 00007f34ae216090 RCX: 00007f34adf9aeb9 [ 923.824812][T22055] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000003 [ 923.832772][T22055] RBP: 00007f34ae008c1f R08: 0000000000000000 R09: 0000000000000000 [ 923.840738][T22055] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 923.849308][T22055] R13: 00007f34ae216128 R14: 00007f34ae216090 R15: 00007ffc98e71538 [ 923.857278][T22055] [ 923.860285][T22055] Modules linked in: [ 923.865173][T22055] ---[ end trace 0000000000000000 ]--- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 924.894613][T22055] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 924.900794][T22055] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 bd b9 ed f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 99 b9 ed f9 4d 85 e4 [ 924.921625][T22055] RSP: 0018:ffffc90004687a18 EFLAGS: 00010247 [ 924.935446][T22055] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc9000eb6a000 [ 924.946965][T22055] RDX: 0000000000000000 RSI: ffffffff881890c3 RDI: 0000000000000005 [ 925.002640][T14378] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.021284][T22057] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 925.030719][T22055] RBP: ffff888097ee5fc0 R08: 0000000000000000 R09: 4453534204050000 [ 925.043797][T22055] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 925.092438][T22057] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 925.101304][T22055] R13: ffff88807989a140 R14: ffff88809e3ed680 R15: ffff88807989ad00 [ 925.111653][T22054] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 925.123978][T14378] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 925.143310][T22055] FS: 00007f34aeee86c0(0000) GS:ffff8881245e3000(0000) knlGS:0000000000000000 [ 925.161248][T22054] EXT4-fs error (device sda1) in ext4_free_inode:361: Corrupt filesystem [ 925.193332][T22055] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 925.199979][T22055] CR2: 00007fda9e3b49a0 CR3: 000000009917a000 CR4: 00000000003526f0 [ 925.245992][T22055] Kernel panic - not syncing: Fatal exception [ 925.252328][T22055] Kernel Offset: disabled [ 925.256652][T22055] Rebooting in 86400 seconds..