last executing test programs: 2m21.57734951s ago: executing program 3 (id=1405): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="1b0026bd7000fddbdf2503000000040008001400038010000c80", @ANYRES32, @ANYBLOB="1200010089"], 0x44}, 0x1, 0x0, 0x0, 0x50}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="01002cbd7000fbdbdf250a00000808000300000000000800010000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c51d50e", @ANYRES16=0x0, @ANYBLOB="20002cbd7000fbdbdf250200000008000300800040000800030009"], 0x24}, 0x1, 0x0, 0x0, 0x20008010}, 0x400d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x7}, 0xa}, 0x3, 0x0) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{0xd, 0x8, 0x5, 0x6}, "a04bf46f39edd51588b59731202c07eda4afcffbc3e6cb015bc8b8f22bca543f654b8eb037d0126e2466e0907b97df6faa48fda0355afcdc1e1e856969a4c312fb9b3661a01cd927c147dcb6d14c8015", 0xc96}) ioctl$auto_UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000004bc0)={{0x9, 0x9, 0x3, 0x80}, "477e73797f937be5687680ddec1c45cf8a758fb87cc9fa9b3733fb3092ce744b2c65926cd378e62ea00a888d429187a459c01b4745fe9ce1c02246996a5d875e736477c7708d06000000000000005d51", 0x8}) 2m21.24428218s ago: executing program 3 (id=1407): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000100), r1) sendmsg$auto_L2TP_CMD_SESSION_GET(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r2, 0x1311, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0xefb7e034ab6a1498}, 0x24000084) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) socket(0xa, 0x80802, 0x0) io_uring_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x1, 0xf, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x1}, 0x55) r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000280), r0) sendmsg$auto_SMC_NETLINK_FLUSH_UEID(r0, &(0x7f00000008c0)={&(0x7f0000000240), 0xc, &(0x7f00000003c0)={&(0x7f00000002c0)={0x50, r3, 0x400, 0x70bd2a, 0x25dfdbfb, {}, "3a8fdfe802961ce7f0a7dd60ffc692e0da24e5fe9acaa40df8bedeef21a8a1eb92838541911f913ad0157d36774e4fb760801340ae877e98988174"}, 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x41) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r0, &(0x7f000000a5c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r4, 0x1, 0x70bd2e, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x24008880) sendmsg$auto_NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000440)={0x45c, r4, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_SCAN_FREQUENCIES={0x2d5, 0x2c, 0x0, 0x1, [@nested={0x14, 0x125, 0x0, 0x1, [@nested={0x4, 0x14f}, @typed={0x9, 0x43, 0x0, 0x0, @str='**}}\x00'}]}, @generic="d56ae5b865027620209550a14c9cb46833449d3e0bf85cecec61d7b560de15fe87caf4ce07a49f27f6fe79f16d447f3b1f28eb14271013bdba39ef473b2e5757e4ba71e6e82b41d3bff5cc5b674651aef1ec4f745ed1f21338cc6e3a4979e8df535ba07397f72a317cf6eec0475e1093765ea4263a0fdc00b8f8d322fb50446f4d3ee7ca12a8eb6f2b81ef0e442861800aa639bc3309db20bcca6b2da1ca58c5c1c33456ade67494e12cab8ebe2edd5dc0c04fec559a69237d4463c81cd3f1ffaa5cd82b5aa31c4bf0273ce682f8919221e617a879a809edb72c5d", @nested={0x41, 0x25, 0x0, 0x1, [@generic="0583ed5899c01e695170c098a4a12aabe56aecc86ce5b4b700f781ece5e2419df3ce5e2adb62ef8edec6ce6798a2ba11422384f5d276482152", @nested={0x4, 0x42}]}, @nested={0xc, 0xe, 0x0, 0x1, [@typed={0x8, 0xc7, 0x0, 0x0, @u32=0x9}]}, @typed={0x4, 0x3}, @typed={0xd3, 0xe9, 0x0, 0x0, @binary="0fed1c4d5ad92882b4dcc95fd654e9e4753c00555ce043d8cb10dc010badc533d38e1d7f14cd8fe88ac95cc360a14048d1369a8ffed082aa3adfda37fbf9f5b2fac417e02e153dea70a39bea4afc99ad9ea783b8fca13ffe29683d6212e080287146cd10b055a23ddd448182829da15a40951089f39ee12b547e32bff73fe170ae0b608e2f1a7ae033fc99ef7d93d1ec292eeb2184d70e8598ccac4388be608afa9f7a6e074bdebe383ddc03cc244d92393e959b1bc4d807b4bfe40f68d9c2aa5092396d2a62e57397f85eaadab4d4"}, @generic="1e7f0652bf3da11af9013cec8954f803bdce5ec41498e020327858fe86fcf930b94f835973419a834bed12c7f465751e8d96af8e32ea5a995a733d56d9e1eb55fe795078b355bacc1bd425039d27147d6cf3009304ff243d39051d178eff03683f0e63a77f95b82ba7f2ee3abd850eedcfc295e2074e148174e2d40555658b7726406f6767915b32a90c2d24fc4ca9f20b7e3fb7213b605d6325f076af2e9823584111685e338fc7aaff2265e7ceccbcfc7a", @typed={0x8, 0x8e, 0x0, 0x0, @ipv4=@remote}]}, @NL80211_ATTR_QOS_MAP={0xac, 0xc7, "27adac702facea7dd7761f403102dc30755f5cb060345677a6c9aa6829ae6079c386c5b6dfb31f553d14c4cec5bee11d775ff4ca31a9679f05be04e3a900d0fee198324e95f47474827d4ac22030fda5a78de266e6f1a38a4c79efa2b1a06107673f4b0eda478c65c3c89752f13d6ab6641e781d645be94717f9bb0939f174c503c252c14d6621ee405182af74d8eb2cbd487b231e21f759754ba18fbe6fc1beca49b96321345859"}, @NL80211_ATTR_SCAN_FREQ_KHZ={0xc3, 0x124, 0x0, 0x1, [@generic="44f1d53ba2b771d11a47b07194a88640ca72c043f1c222a3bf659fa8f54b31c668b01b8d81692552a88a35e3494f9323470e2396f87e942f4265b341cbdac522943107f3d058ff76cd9c3ea6b4e1c156e55a5574916b49526ecd7900ffb15e4bf32447590fd630a27979b51d699a403e4255e08521a6026728fc6be8456e30e2fc612720f774c4a849dbf5ef2244f1a014b64165793c09f6ce2038e517a59abf7b74691f77c4e095f8598bcf5becdd412e66ee6d61866c", @typed={0x8, 0x94, 0x0, 0x0, @u32}]}]}, 0x45c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000) landlock_create_ruleset$auto(&(0x7f0000000000)={0x20000000000000, 0x404, 0x2b}, 0x8, 0x0) r5 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x129800, 0x0) ioctl$auto(r5, 0xb21064a7, 0x20000a) getsockopt$auto_SO_NO_CHECK(r1, 0x4, 0xb, &(0x7f0000000000)='l2tp\x00', &(0x7f0000000140)=0x3) 2m20.883176021s ago: executing program 3 (id=1410): r0 = socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000073, 0x400, 0xfff}]}) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r4 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000040), r0) sendmsg$auto_THERMAL_GENL_CMD_THRESHOLD_FLUSH(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x98, r4, 0x200, 0x70bd28, 0x25dfdbfd, {}, [@THERMAL_GENL_ATTR_CDEV={0x40, 0xe, 0x0, 0x1, [@generic="3cbce46e1fde43441d8a6869e593b2635e5da17052b2818a8480f78f7337540024e9bb8de57cddce03c4622a8a5f008c164b0b27b64bc7", @generic="cd7de51efc"]}, @THERMAL_GENL_ATTR_TZ_TRIP_TYPE={0x8, 0x6, 0x800}, @THERMAL_GENL_ATTR_TZ_TEMP={0x8, 0x3, 0x9}, @THERMAL_GENL_ATTR_TZ_TRIP_TEMP={0x8, 0x7, 0x4}, @THERMAL_GENL_ATTR_CPU_CAPABILITY_ID={0x8, 0x15, 0x7}, @THERMAL_GENL_ATTR_CDEV={0x4}, @THERMAL_GENL_ATTR_TZ_TRIP_HYST={0x8, 0x8, 0x10}, @THERMAL_GENL_ATTR_TZ_TRIP_ID={0x8, 0x5, 0x7}, @THERMAL_GENL_ATTR_CPU_CAPABILITY_ID={0x8, 0x15, 0x2}, @THERMAL_GENL_ATTR_CDEV_ID={0x8, 0xf, 0x5}]}, 0x98}}, 0x20004810) setsockopt$auto(0x3, 0x0, 0x5, 0x0, 0x2) 2m20.480728481s ago: executing program 3 (id=1412): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r0, &(0x7f000000a5c0)={0x0, 0x1400, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r1, 0x1, 0x70bd2e, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x24008880) 2m20.107157123s ago: executing program 3 (id=1414): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0) shmctl$auto(0x691, 0x3, 0x0) r0 = open(0x0, 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) io_uring_setup$auto(0x2, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) mmap$auto(0x0, 0x61, 0x10001, 0xfa31, 0x400, 0x8000) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, 0x0) 2m19.791837138s ago: executing program 3 (id=1417): r0 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, 0x0, 0x2400, 0x0) getsockopt$auto_SO_BUF_LOCK(r0, 0x4, 0x48, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', &(0x7f0000000080)=0x2) unshare$auto(0x40000080) socket(0x18, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8001, 0x0) sendmsg$auto_NFC_CMD_LLC_SDREQ(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048894}, 0x4040040) socket(0x2b, 0x1, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) madvise$auto(0x0, 0x240007, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r3 = socket(0x2, 0x1, 0x106) bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @private=0xa010101}, 0x47a3c4c3) write$auto(0x3, 0x0, 0xfffffdef) userfaultfd$auto(0x1) fallocate$auto(0x8000000000000003, 0x0, 0x200000009, 0x904cbd5d) ioctl$auto_UI_DEV_CREATE(r1, 0x5501, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x42800, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) unlink$auto(0x0) 2m3.874245962s ago: executing program 32 (id=1417): r0 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, 0x0, 0x2400, 0x0) getsockopt$auto_SO_BUF_LOCK(r0, 0x4, 0x48, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', &(0x7f0000000080)=0x2) unshare$auto(0x40000080) socket(0x18, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x1) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8001, 0x0) sendmsg$auto_NFC_CMD_LLC_SDREQ(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048894}, 0x4040040) socket(0x2b, 0x1, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) madvise$auto(0x0, 0x240007, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r3 = socket(0x2, 0x1, 0x106) bind$auto(r3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) shutdown$auto(0x200000003, 0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @private=0xa010101}, 0x47a3c4c3) write$auto(0x3, 0x0, 0xfffffdef) userfaultfd$auto(0x1) fallocate$auto(0x8000000000000003, 0x0, 0x200000009, 0x904cbd5d) ioctl$auto_UI_DEV_CREATE(r1, 0x5501, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x42800, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) unlink$auto(0x0) 2m0.456585887s ago: executing program 2 (id=1429): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) io_uring_setup$auto(0x2, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) mmap$auto(0x0, 0x61, 0x10001, 0xfa31, 0x400, 0x8000) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) 2m0.242819179s ago: executing program 2 (id=1431): socket(0x28, 0x1, 0x0) getsockname$auto(0x3, &(0x7f0000000d00), &(0x7f0000000d40)=0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002f00), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x24, r1, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@NFSD_A_SERVER_THREADS={0x8, 0x1, 0xfffffffc}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0xffff}]}, 0x24}, 0x1, 0x0, 0x0, 0x4002000}, 0x40010) close_range$auto(0x2, 0x8000, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) getsockopt$auto(r2, 0x6, 0x8000, &(0x7f0000000000)='\x00', &(0x7f0000000040)=0x9) io_uring_register$auto(0x2, 0x22, &(0x7f0000000000), 0x1) 1m59.649191587s ago: executing program 2 (id=1433): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x42800, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_EVIOCGRAB(r0, 0x40044590, &(0x7f00000010c0)=0xf1) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x443, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="440000005cadee1e733e3cff5261ac0406bb0b92be2c55d101817e732d0068bf607281875cc613e4d6e61b6e7113f1cda06f85327295c7261a792e9995ff2332a52bd967f2a740efc1d06d23a7f5fe34b14fb6608d8c5b67f6f155c8d5056c51dfbc3c771103543757678259eeed8f03650c65ad31ff4fc1f5df4c885bfb9c33372e5540ab2f254bfdb62ca660608ae1f155804138f3818f", @ANYBLOB="010027bd7000fcdbdf250a00000018000180140002000000000000000000000000000000000018000180140002006261746164765f736c6176655f310000998d56c778bf49aa54321f8a032f4443f38613354ea49b0fd4295d6229becad35a83b12540bde9381e17ea8d493009abe13f6340e46a637f2fc7fea4ef9ae60ccba051141983ac1f781a5f16ab"], 0x44}, 0x1, 0x0, 0x0, 0x801}, 0x40) close_range$auto(0x2, 0x8, 0x0) writev$auto(0xc8, 0x0, 0x9) sendmsg$auto_IEEE802154_DISASSOCIATE_REQ(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="255a8b7a", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fcdbdf250300000016001f002f6465762f696e7075742f6576656e7431000000"], 0x2c}, 0x1, 0x0, 0x0, 0x408c}, 0x80) r2 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$auto_USB_RAW_IOCTL_INIT(r2, 0x41015500, &(0x7f0000000040)={"efe5872581616df46abe643ccb395fd8a777ba50bd3051833108b2f51a5b00054374292b811f6a04257f2607a986c21d1a8104f9fe5673a40d2ff10f42ad440c274dff13306a591029afaae48f0044168a8db393f9a559dc3840668a96eecb84597cb573abe0fa77d8bf7563eeb8caadf519b5a0c3ae8b0ded671547f3443a9f", "cf1289f7fe77a4005d948b24639bbc1b03f5cae090f2bce8599226ef46ce5764368cf529920c0b14bad6a62c861e3c5c27238455e0b2c0b0506564e74dbd39b716e6a025a0a9018c3c619f78381869c708e0810a5514962496f3bba7ffdcde16ecff92e64433dd2987f4f5e94394b87653d188de6f658920bffd996c65946ab8", 0xb2}) r3 = socketcall$auto(0xfffffff8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x400, 0xffffffffffffffff, [0x5, 0x101], {0x6, 0x6, 0xf, 0x29f, 0x1, 0x5, 0x3, 0x4, 0x2}, {0xff, 0x401, 0x4f, 0x9, 0x4cd, 0x20000041, 0x7fffffff, 0x7, 0x8}}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000180), 0x7, 0x2}, 0x800}, 0x7, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/net/bonding_masters\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f00000000c0)=""/4096, 0x1000) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, &(0x7f0000001100), 0x200000, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae80, 0x0) 1m59.205544416s ago: executing program 2 (id=1437): openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) set_mempolicy$auto(0x1, &(0x7f0000000000)=0x4, 0x21) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x200, 0x4020007, 0x9, 0x100000000001ff, 0xffffffffffffffff, 0x8000) getresgid$auto(0x0, 0x0, 0x0) write$auto(0x3, 0x0, 0x100082) connect$auto(0xffffffffffffffff, 0x0, 0x54) mmap$auto(0x2, 0x8, 0x2, 0x10, 0x5, 0x0) socketpair$auto(0x4000001e, 0x2d2c, 0xb30, 0x0) r1 = socket(0x1f, 0x3, 0x2) setsockopt$auto(r1, 0x107, 0x12, 0x0, 0x8) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2000000008000) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_sc_seq_fops_netdebug(0xffffffffffffff9c, 0x0, 0x88080, 0x0) pread64$auto(r3, 0x0, 0xd, 0x1) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_ADD_RXSA(r2, &(0x7f0000005fc0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x20000010) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x20, 0x0) r4 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) write$auto(r4, &(0x7f0000000000)='/sys/ker\x02\x00\x00\x00security/integrity/evm/evm_xattrs\x00', 0x3) write$auto(0x3, 0x0, 0xfdef) 1m58.496352721s ago: executing program 2 (id=1438): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x42800, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) setsockopt$auto_SO_NO_CHECK(r0, 0x4, 0xb, &(0x7f0000000180)='/dev/input/event1\x00', 0x0) r2 = socket(0x18, 0x5, 0x1) write$auto(r2, 0x0, 0x5) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getsockopt$auto(r1, 0x84, 0x2, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="440000005cadee1e733e3cff5261ac0406bb0b92be2c55d101817e732d0068bf607281875cc613e4d6e61b6e7113f1cda06f85327295c7261a792e9995ff2332a52bd967f2a740efc1d06d23a7f5fe34b14fb6608d8c5b67f6f155c8d5056c51dfbc3c771103543757678259eeed8f03650c65ad31ff4fc1f5df4c885bfb9c33372e5540ab2f254bfdb62ca660608ae1f155804138f3818f", @ANYBLOB="010027bd7000fcdbdf250a00000018000180140002000000000000000000000000000000000018000180140002006261746164765f736c6176655f310000998d56c778bf49aa54321f8a032f4443f38613354ea49b0fd4295d6229becad35a83b12540bde9381e17ea8d493009abe13f6340e46a637f2fc7fea4ef9ae60ccba051141983ac1f781a5f16ab"], 0x44}, 0x1, 0x0, 0x0, 0x801}, 0x40) r4 = openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x182, 0x0) close_range$auto(0x2, r4, 0x0) writev$auto(0xc8, 0x0, 0x9) sendmsg$auto_IEEE802154_DISASSOCIATE_REQ(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000008", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf250300000005001b006c000000"], 0x5}, 0x1, 0x0, 0x0, 0x408c}, 0x80) r5 = socketcall$auto(0xfffffff8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video0\x00', 0xa200, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x10001, 0xc0000000, 0xffffffffffffffff, 0x7, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0xb, 0xe5, 0x3}, 0x10) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) 1m57.539565969s ago: executing program 2 (id=1443): unshare$auto(0x40000080) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0xee00, 0x0, 0x3fd) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f00000001c0)={0x7, 0x1, 0xe4b7, 0x200, 0x30b}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) (async) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) (async) read$auto(r2, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) (async) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) getcpu$auto(0x0, 0x0, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) (async) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) 1m57.259375483s ago: executing program 4 (id=1418): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x19, 0x4, 0x4, 0x809, 0x8, 0xc, 0x66b, 0x4, 0x7ff}, 0x6f4) r2 = openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000003500), 0x40002, 0x0) write$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(r2, &(0x7f0000003540), 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(r3, 0x1, 0x820, 0x7fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x80000000000, 0x2000d, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8, &(0x7f0000000280)=@bpf_attr_7={@btf_id=0x2, 0x6, 0x40000023}, 0x96) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="000000009b35e18530a42c1ab72acf1b4942cda60d9c465e688d9279ed1b6290fc1f87d9c4", @ANYRES16=r5, @ANYBLOB="000826b57000fcdbdf2503000000060009000f00000004000800d90002801c9f0dba488a0ef8ad1f38e745533c22ce09b0386416d6c3692b4ec1469e9d20eb4f4726f39225f1498a74c682f00d9c4f379c11be9d8562a66395a0cb5bef5aaab05e6e42145090560261e8c07c4ae09769214d54679d091d0d663b4d33e6489d90518db519469774daa341368f6a709672362b307cc418d283853fbf89e789bae611dd0ea18e64826c88871f86b9cdf5215283132b1310ec892719effce5238bcb2709cddc47a51cba84e7c655170ec6c7a2695159742c77cc0cb39bbc23506a12d16700ed5cafa0c4daf67208009b00", @ANYRES32=r1, @ANYBLOB="00000012000100a9cf000006000000000d400000000000"], 0x110}, 0x1, 0x0, 0x0, 0x2000c000}, 0x84) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="1b0026bd7400fddbdf250300000004000800100003000b000000028000000000a70000000000000010000000000000000000e1894ffc359fd83e09eb"], 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 1m41.840589303s ago: executing program 33 (id=1443): unshare$auto(0x40000080) (async) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) keyctl$auto(0x1f, 0x1, 0xee00, 0x0, 0x3fd) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(0xffffffffffffffff, 0xc0145401, &(0x7f00000001c0)={0x7, 0x1, 0xe4b7, 0x200, 0x30b}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) (async) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0x4000000000db, 0x12, 0x400, 0x18002) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xfff) (async) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB="5de1"], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) (async) read$auto(r2, &(0x7f0000002300)='MAC802154_HWSIM\x00', 0xfdef) (async) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) getcpu$auto(0x0, 0x0, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) r3 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000100)='/dev/binderfs/binder1\x00', 0x0, 0x0) ioctl$auto_BINDER_SET_CONTEXT_MGR(r3, 0x40046207, 0x0) (async) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) 1m41.751227835s ago: executing program 34 (id=1418): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x19, 0x4, 0x4, 0x809, 0x8, 0xc, 0x66b, 0x4, 0x7ff}, 0x6f4) r2 = openat$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000003500), 0x40002, 0x0) write$auto_drm_crtc_crc_control_fops_drm_debugfs_crc(r2, &(0x7f0000003540), 0x0) r3 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(r3, 0x1, 0x820, 0x7fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x80000000000, 0x2000d, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8, &(0x7f0000000280)=@bpf_attr_7={@btf_id=0x2, 0x6, 0x40000023}, 0x96) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="000000009b35e18530a42c1ab72acf1b4942cda60d9c465e688d9279ed1b6290fc1f87d9c4", @ANYRES16=r5, @ANYBLOB="000826b57000fcdbdf2503000000060009000f00000004000800d90002801c9f0dba488a0ef8ad1f38e745533c22ce09b0386416d6c3692b4ec1469e9d20eb4f4726f39225f1498a74c682f00d9c4f379c11be9d8562a66395a0cb5bef5aaab05e6e42145090560261e8c07c4ae09769214d54679d091d0d663b4d33e6489d90518db519469774daa341368f6a709672362b307cc418d283853fbf89e789bae611dd0ea18e64826c88871f86b9cdf5215283132b1310ec892719effce5238bcb2709cddc47a51cba84e7c655170ec6c7a2695159742c77cc0cb39bbc23506a12d16700ed5cafa0c4daf67208009b00", @ANYRES32=r1, @ANYBLOB="00000012000100a9cf000006000000000d400000000000"], 0x110}, 0x1, 0x0, 0x0, 0x2000c000}, 0x84) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="1b0026bd7400fddbdf250300000004000800100003000b000000028000000000a70000000000000010000000000000000000e1894ffc359fd83e09eb"], 0x38}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 1m5.532380862s ago: executing program 5 (id=1650): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x42800, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(r0, r0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="440000005cadee1e733e3cff5261ac0406bb0b92be2c55d101817e732d0068bf607281875cc613e4d6e61b6e7113f1cda06f85327295c7261a792e9995ff2332a52bd967f2a740efc1d06d23a7f5fe34b14fb6608d8c5b67f6f155c8d5056c51dfbc3c771103543757678259eeed8f03650c65ad31ff4fc1f5df4c885bfb9c33372e5540ab2f254bfdb62ca660608ae1f155804138f3818f", @ANYBLOB="010027bd7000fcdbdf250a00000018000180140002000000000000000000000000000000000018000180140002006261746164765f736c6176655f310000998d56c778bf49aa54321f8a032f4443f38613354ea49b0fd4295d6229becad35a83b12540bde9381e17ea8d493009abe13f6340e46a637f2fc7fea4ef9ae60ccba051141983ac1f781a5f16ab"], 0x44}, 0x1, 0x0, 0x0, 0x801}, 0x40) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r4, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/geneve1/ignore_routes_with_linkdown\x00', 0x202, 0x0) writev$auto(0xc8, 0x0, 0x9) recvmsg$auto(r3, &(0x7f0000000480)={&(0x7f00000000c0)="165f0ecd86073846c5ba5178830d1630e479bac1eefa4ee3634071010b57f471bdf218fba1b37b55eaa30eaa4bd0a32c4897ea97633e800dcb08070d76e910", 0x3ff, &(0x7f0000000400)={&(0x7f0000000180)="9742e60efbf1330f19f61b72c2eddf56784de434169329045832be21af7805e17b60ae53c9dc6d31bde8377315e10d00", 0x7}, 0x195b, &(0x7f0000000440)="dd789f4cf5862154", 0x7, 0xfff}, 0x9) sendmsg$auto_IEEE802154_DISASSOCIATE_REQ(r2, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x0, 0x10, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PHY_NAME={0x16, 0x1f, '/dev/input/event1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x408c}, 0x80) r5 = socketcall$auto(0xfffffff8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) write$auto_fuse_dev_operations_fuse_i(0xffffffffffffffff, &(0x7f0000000200)="7555f9bc3b6d7435f984525c01492f9136f7ecb02dd6b67ab379c552e86e10584def643f81c248b00819577ba99b2614b9e527f15689229ad9bd70e4d1580087c508f8bc6ee01a6c5d3470de8d5376f196294f9b27cd7fc90be240fdeedd8b60722f315d2e8e264904930aacb94c0d4e6126509cf2", 0x75) 1m4.317309906s ago: executing program 5 (id=1656): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x310, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) io_uring_register$auto(0x2, 0x1, 0x0, 0x0) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_MM_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB=',\x00@\x00', @ANYRES16=r3, @ANYBLOB="010026bd7000fbdbdf252a00000018000180140002006261746164765f736c6176655f300000"], 0x2c}, 0x1, 0x0, 0x0, 0x22}, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, &(0x7f0000000080)={0x94}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(r4, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x18, r6, 0x2, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_CH_SWITCH_BLOCK_TX={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x4004804) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r5, &(0x7f000000a5c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r7, 0x1, 0x70bd2e, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000040}, 0x24008880) 1m3.843505822s ago: executing program 5 (id=1661): r0 = socket$nl_generic(0x10, 0x3, 0x10) listmount$auto(0x0, 0x0, 0x7fffffffffffffff, 0x0) (async) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), r0) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="00012dbd7000fedbdf25050000000400e200f8000201a270387849830d0ec87541340aee650081b71ca48485c86448a1d790116a505125d4107130d89f9600be923102808d447dbff83e05a6f3648b1413f1399cfe5ca7008fdd09238697db787fca9830f04afd58c30f27756273ad48e2acca293217719cd5b80f32878494defd2644ab9db1315b66907fceb3faac0e8a39876b3e3b7940840d4b747b969d3add11f7542fe1b3530acef1fb3e9dd1f5287a5ce0ee8547b063819a181678edd42ba4d212422c1f8e21340235fb98f11dc386b87ef11873086d45bf7f6e3a3adad6d31a35dec5712b0ba9e155ffa213f3bd395c267e580aa182bf66339f49381aa7fa4aca9f73905b391905003001100000000600b400060000000600981f000000000400e200"], 0x12c}, 0x1, 0x0, 0x0, 0x20040804}, 0x40) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) r3 = socketcall$auto(0x4, 0x0) (async) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) (async) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0xc008ae88, &(0x7f0000000040)={0x7, 0x0, [{0x11, 0x2, 0x6}]}) (async) socket(0x29, 0x2, 0x0) (async) sendto$auto(0x3, 0x0, 0xfdef, 0x7, 0x0, 0x20) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0xd, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) socketpair$auto(0xf3, 0x4, 0x8000000000000000, 0x0) (async) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0xa2102, 0x0) read$auto(r5, 0x0, 0x2) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(&(0x7f0000000000)={0x1f, @raw=0x2, 0x3a12, 0x1, 0x6}, 0x0, 0x6553, 0x0) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/video40\x00', 0x0, 0x0) openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000180), 0x200000, 0x0) ioctl$auto(0x3, 0xc0485619, 0x38) openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) 1m2.828562587s ago: executing program 5 (id=1667): bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x10001, 0xc0000000, 0xffffffffffffffff, 0x7, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0xb, 0xe5, 0x3}, 0x10) (fail_nth: 8) 1m2.577525056s ago: executing program 5 (id=1668): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) shmctl$auto(0x691, 0x3, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) ioctl$auto(0xffffffffffffffff, 0x5600, 0xffffffffffffffff) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000240)='/dev/admmidi2\x00', 0x101000, 0x0) ioctl$auto_SNDRV_RAWMIDI_IOCTL_INFO(r2, 0x810c5701, &(0x7f0000003380)={0xfffffffb, 0xb, 0x1, 0x7ff, 0x1, "eb6183a2c44a716ca16333e5d5d5351305a348104d4c2603478adc3fe84e9d879df7cbd09efda00b5ac99df1e1bbb3b8b5c55fcd284101dfb7554a5fbd869d2e", "0aa103434fc7dee45be80fe485a0977a1026393bf2eec447c39915b2aa33b88417240f775d9caf5bc2ce8df08cfcde40c156df5242859e388d35b287edc71aa0318a1964d2bc3e90fbb1535ca82b3e2d", "d34a080600e6ff1a59435c07000000b2ef3309cfb7fb0100000000000500", 0x0, 0x81}) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r4) ioctl$auto_KVM_GET_MSRS(r3, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x10b, 0x400, 0x2}]}) io_uring_setup$auto(0x7, 0x0) 1m1.356341572s ago: executing program 5 (id=1672): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x42800, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fddbdf2508000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097d751f33e}, 0x80) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mq_unlink$auto(0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/6/smp_affinity\x00', 0x40d81, 0x0) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2402, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, 0x0, 0x40800) futex$auto(&(0x7f0000000000)=0x7, 0x9, 0x7, &(0x7f0000000040)={0xb, 0x401}, &(0x7f0000000080)=0x6f5, 0x4) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000180)='/dev/usbmon37\x00', 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mprotect$auto(0x0, 0x806121, 0x6) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x16bd00, 0x0) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x301, 0x70bd29, 0x25dfdbfe, {}, [@NETDEV_A_QSTATS_IFINDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x40000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 45.634670402s ago: executing program 35 (id=1672): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x42800, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000040), r0) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002dbd7000fddbdf2508000300", @ANYRES32=r4], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097d751f33e}, 0x80) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) mq_unlink$auto(0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/6/smp_affinity\x00', 0x40d81, 0x0) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2402, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r6, 0x0, 0x40800) futex$auto(&(0x7f0000000000)=0x7, 0x9, 0x7, &(0x7f0000000040)={0xb, 0x401}, &(0x7f0000000080)=0x6f5, 0x4) unshare$auto(0x40000080) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000180)='/dev/usbmon37\x00', 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mprotect$auto(0x0, 0x806121, 0x6) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x16bd00, 0x0) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4}, 0xa) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x301, 0x70bd29, 0x25dfdbfe, {}, [@NETDEV_A_QSTATS_IFINDEX={0x8, 0x1, r4}]}, 0x1c}}, 0x40000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 8.801004468s ago: executing program 6 (id=1858): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone3(&(0x7f00000004c0)={0x5a000200, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe$auto(&(0x7f0000000040)=0xffffffffffffffff) vmsplice$auto(r0, &(0x7f0000000000)={0x0, 0x7}, 0x5, 0x1) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mlockall$auto(0x18) write$auto(0xffffffffffffffff, 0x0, 0x1) getrandom$auto(0x0, 0x6, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x111800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) mmap$auto(0x0, 0x9644, 0xdf, 0x9b72, 0x2, 0x2d4a29c0) pivot_root$auto(0x0, 0x0) mmap$auto(0x4, 0x2020006, 0x3, 0xf8, r1, 0x8000) madvise$auto(0x0, 0x2000040080000000, 0xe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x7f, 0x82020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfff) unshare$auto(0x40000080) r2 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x80840, 0x0) rt_sigtimedwait$auto(&(0x7f0000000140)={0x8}, &(0x7f0000000280)={@siginfo_0_0={0x7ff, 0x1, 0x91c1, @_rt={0x0, 0x0, @sival_int=0x4}}}, &(0x7f00000001c0)={0x8001, 0x2}, 0x8) shmctl$auto_SHM_STAT(0xff000000, 0xd, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x3, 0x80000001, 0x70b, 0x1}, 0xa8d, 0x2, 0x1, 0x2, @inferred, @inferred, 0x100, 0x0, &(0x7f0000000080)="0100000000000000000000800111d06e2e00df9e0da21547b9b28d0d80353ee02a7f9d0000", &(0x7f0000000180)="c9a54d83ccc04eff2555bc1a30b5eb5b4433304c5941018efa0659b1"}) readv$auto(r2, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1) getsockopt$auto(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000040)='/dev/cec27\x00', 0x0) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000e0, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x2, 0x4, 0x3, 0x3) 7.690841615s ago: executing program 7 (id=1861): bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x10001, 0xc0000000, 0xffffffffffffffff, 0x7, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0xb, 0xe5, 0x3}, 0x10) (fail_nth: 19) 7.028281975s ago: executing program 7 (id=1862): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) shmctl$auto(0x691, 0x3, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) mmap$auto(0x0, 0x63, 0x6, 0xfa31, 0xffffffffffffffff, 0x8000) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) 6.269740226s ago: executing program 6 (id=1863): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) shmctl$auto(0x691, 0x3, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x6) r1 = prctl$auto_PR_SET_MM_BRK(0x5, 0x7, 0xffffffffffffffff, 0x6, 0x7ff) ioctl$auto_VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000000)={0x2, r0}) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) 6.268851365s ago: executing program 1 (id=1871): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) shmctl$auto(0x691, 0x3, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) mmap$auto(0x0, 0x63, 0x6, 0xfa31, 0xffffffffffffffff, 0x8000) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) 6.26815322s ago: executing program 7 (id=1864): mmap$auto(0xfffffffffffffffd, 0x20008, 0xdf, 0x100000000012, 0x40000000000a5, 0x8000) r0 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x3000, 0x6, 0x7, 0xa, 0xffffffffffffffff, [0x0, 0x0, 0x2], {0x6, 0x6, 0x8c48, 0x29b, 0x8, 0x7f, 0x101, 0xb, 0x3}, {0x110, 0x1, 0x52, 0x5, 0x2, 0x1a7b870a, 0x76c5, 0x4, 0x100000000}}) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x8, 0xffffffffffffff49, 0x5, 0x1823, 0x800000000004, 0x1, 0x5, 0x19, 0x10, 0x5, 0x2dde, 0x8, 0xfffffffffffffffa, 0xab, 0x0, 0x1]}, &(0x7f0000000040)={0x0, 0x7}) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) madvise$auto(0x1, 0x100, 0x4) ioctl$auto_EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0xc028660f, &(0x7f0000000000)={0x6d, r1, 0x1, 0x7, 0x2, 0x2}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) r3 = pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto_ftrace_system_enable_fops_trace_events(r3, &(0x7f0000000140)="681bcb5ca9462173da272f3f83b022eb3ca77e93fc37df5bf833350ac51551bc7c9c18769d64c68ad707f2c310005beb1003783a9deaa0eb48e2fa3e19db694568a9088b5d473a4aa344242c427cc5832b7e8783ec2b06a27f9ea8527b81ed5d24f176d08d9f9c59e6a83fb636b26ff886bd2c62dea9ce4e7cc10e", 0x7b) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000040), 0xffffffffffffffff) open_tree_attr$auto(0xffffffffffffffff, 0x0, 0x9000, &(0x7f0000000480)={0x6, 0xc753, 0x400, @inferred=0xffffffffffffffff}, 0x4756) r5 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/dsp\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r5, 0xc0045006, &(0x7f00000001c0)) write$auto(0x3, 0x0, 0x100082) ioctl$auto_SNDCTL_DSP_GETOPTR(r4, 0x800c5012, &(0x7f0000000080)="934c4a2927582366d2a151b970c5933c4d880b7de2a26c6af514a7bdcda50d8c1eb66d7727eca03de4182030123deb23ee5e918bee229d3220bc91fb1dfaac3081b3e129d916d7a7e735532bd49f30ff2afe365c472864ea3ce00ae98d2ded8e9886d1389db1a72411bedc5d99a9aea0e7f4e26201587b051487e623ce3da17b17df76975d576d65405ab1a4c315d4ec938458fa548ed2c0dec8a099a972115a9b8489b08a13") mmap$auto(0x8, 0x156, 0xd, 0x13, r5, 0xfffffffffffffff7) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, r5, 0x8000) syz_open_procfs$namespace(0x0, &(0x7f0000000200)='ns/net\x00') read$auto_severities_coverage_fops_severity(r0, &(0x7f0000000280)=""/31, 0x1f) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') close_range$auto(0x2, 0x8, 0x2) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r2, &(0x7f0000000040)=""/254, 0xfe) getdents$auto(r1, 0x0, 0x21) getdents$auto(r1, 0x0, 0x401) 6.077007831s ago: executing program 1 (id=1866): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x42800, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) setsockopt$auto_SO_NO_CHECK(r0, 0x4, 0xb, &(0x7f0000000180)='/dev/input/event1\x00', 0x0) r2 = socket(0x18, 0x5, 0x1) write$auto(r2, 0x0, 0x5) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getsockopt$auto(r1, 0x84, 0x2, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) r4 = openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x182, 0x0) close_range$auto(0x2, r4, 0x0) writev$auto(0xc8, 0x0, 0x9) sendmsg$auto_IEEE802154_DISASSOCIATE_REQ(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000008", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf250300000005001b006c000000"], 0x5}, 0x1, 0x0, 0x0, 0x408c}, 0x80) r5 = socketcall$auto(0xfffffff8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video0\x00', 0xa200, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x10001, 0xc0000000, 0xffffffffffffffff, 0x7, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0xb, 0xe5, 0x3}, 0x10) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) 6.022619629s ago: executing program 6 (id=1867): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x42800, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="440000005cadee1e733e3cff5261ac0406bb0b92be2c55d101817e732d0068bf607281875cc613e4d6e61b6e7113f1cda06f85327295c7261a792e9995ff2332a52bd967f2a740efc1d06d23a7f5fe34b14fb6608d8c5b67f6f155c8d5056c51dfbc3c771103543757678259eeed8f03650c65ad31ff4fc1f5df4c885bfb9c33372e5540ab2f254bfdb62ca660608ae1f155804138f3818f", @ANYBLOB="010027bd7000fcdbdf250a00000018000180140002000000000000000000000000000000000018000180140002006261746164765f736c6176655f310000998d56c778bf49aa54321f8a032f4443f38613354ea49b0fd4295d6229becad35a83b12540bde9381e17ea8d493009abe13f6340e46a637f2fc7fea4ef9ae60ccba051141983ac1f781a5f16ab"], 0x44}, 0x1, 0x0, 0x0, 0x801}, 0x40) close_range$auto(0x2, 0x8, 0x0) writev$auto(0xc8, 0x0, 0x9) sendmsg$auto_IEEE802154_DISASSOCIATE_REQ(r1, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, 0x0, 0x10, 0x70bd2c, 0x25dfdbfc, {}, [@IEEE802154_ATTR_PHY_NAME={0x16, 0x1f, '/dev/input/event1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x408c}, 0x80) r2 = socketcall$auto(0xfffffff8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x3f000000) 5.781160098s ago: executing program 7 (id=1868): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000008640)='/sys/devices/platform/vidtv.0/i2c-0/i2c-dev/i2c-0/name\x00', 0x400, 0x0) fcntl$auto_F_SET_RW_HINT(r0, 0x40c, 0x5) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, &(0x7f0000003900)='\t', 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r2, 0x0, 0x20) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) unshare$auto(0x40000080) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001540), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_KEY_SET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001f80)={&(0x7f0000000240)={0x14, r4, 0x1, 0x70bd2a, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x42000) mseal$auto(0x1000000000000000, 0x0, 0x0) creat$auto(0x0, 0x7) 5.612457687s ago: executing program 6 (id=1869): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) setrlimit$auto(0x7, &(0x7f0000001380)={0x5, 0x6}) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)=';') r1 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x40, 0x0) ioctl$auto(0x3, 0xc0086202, r1) shmctl$auto(0x691, 0x3, 0x0) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) mmap$auto(0x0, 0x61, 0x10001, 0xfa31, 0x400, 0x8000) r3 = socket(0x1e, 0xa, 0xd) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) sendmsg$auto_NL80211_CMD_GET_REG(r3, 0x0, 0x8) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x59, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0) ioctl$auto(r6, 0xc038563c, r5) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000005cc0), 0xffffffffffffffff) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000005d00)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_REMAIN_ON_CHANNEL(r4, &(0x7f0000005e40)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x1c, r7, 0x1, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r8}]}, 0x1c}}, 0x0) sendmsg$auto_NL80211_CMD_JOIN_IBSS(r3, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="04010000efd0e8539f8141d41a60aebc67b7b840f458f5132ec115f47ecb702db1b5dc2f0d04fc69f258b928034f7498b22b5099675f3453fe8301db960828a90c15854175723543218db83312d7fe09f157a294fe548d62", @ANYRES16=r7, @ANYBLOB="010028bd7000fcdbdf252b00000004001e01dc00bd001de56671ba0d8281da70284d1de0d6eebcb0e02273378df894454110b4713edad2fd365121c6c823e69f9db0762f7d39ad68f8d41dd7c041ae7feda8497987fedb142d997887e640da43ac3ce0b7c76e2c0534bd8ab8fb05b14ea08430872e82ac5d4ba6ddbb6b7a4329106ca679ad42d9bd5d95042fef12dca0831d95ec2b1d804ae9d92336f38f4e3795211aa78cba5f191825e65eb9556618f4e6486f26f73e8a7ee3f2e0e812a9e3cc14388a398b419bcedabf0e3ae2526fa4b02df04b7562211eca921be2660fd4ddf605da13627cf88128ed3555be05001801010000000800010002630000"], 0x104}, 0x1, 0x0, 0x0, 0x4001}, 0x805) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r2, 0x7af, 0x0) 5.222560263s ago: executing program 0 (id=1870): mmap$auto(0x10000000, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/geneve0/disable_policy\x00', 0x40180, 0x0) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) write$auto(r0, 0x0, 0x5) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) io_uring_setup$auto(0x2, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) mmap$auto(0x0, 0x61, 0x10001, 0xfa31, 0x400, 0x8000) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, 0x0) 4.875500089s ago: executing program 0 (id=1872): move_pages$auto(0x0, 0x4, &(0x7f0000000200)=0x0, &(0x7f0000000480)=0x6456, 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0x400000000e31, 0xffffffffffffffff, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/pppol2tp\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0xd, 0x6e9) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) futex$auto(&(0x7f0000000180)=0xffffffff, 0x9, 0x47e7, &(0x7f00000001c0)={0x8, 0xacff}, &(0x7f0000000200)=0x9723, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40ebf, 0xffffffffffffffff, 0x8ce) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sched_setattr$auto(0x0, 0x0, 0x7b) msync$auto(0x1ffff000, 0x17ffffffffffffc, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0) set_mempolicy_home_node$auto(0x1, 0x4, 0x1000, 0x8) write$auto_tomoyo_operations_securityfs_if(0xffffffffffffffff, 0x0, 0x33) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x9, 0xffffffffffffffff, 0x0) r2 = open(0x0, 0x0, 0x408) getdents$auto(r2, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x10003, 0xc0000000, 0xffffffffffffffff, 0x7, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0xb, 0xe5, 0x3}, 0x10) 4.875264329s ago: executing program 1 (id=1873): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000010}, 0x4040884) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0x401, 0x6) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x3, 0x3a) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(r0, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x8, 0x0, 0xfffffffffffffffd, 0x5da23d0a}, 0x100007}, 0x3, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0}, 0x1, 0x0, 0x0, 0x20000010}, 0x4040884) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0x401, 0x6) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) (async) close_range$auto(0x2, 0xffffffffffffffff, 0x0) (async) socket(0x2, 0x80002, 0x73) (async) socket(0xa, 0x3, 0x3a) (async) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) (async) sendmmsg$auto(r0, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x8, 0x0, 0xfffffffffffffffd, 0x5da23d0a}, 0x100007}, 0x3, 0x0) (async) 4.875067597s ago: executing program 6 (id=1874): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syz_clone3(&(0x7f00000004c0)={0x5a000200, 0x0, 0x0, 0x0, {0x3b}, 0x0, 0x0, 0x0, 0x0}, 0x58) pipe$auto(&(0x7f0000000040)=0xffffffffffffffff) vmsplice$auto(r0, &(0x7f0000000000)={0x0, 0x7}, 0x5, 0x1) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mlockall$auto(0x18) write$auto(0xffffffffffffffff, 0x0, 0x1) getrandom$auto(0x0, 0x6, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x111800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='./cgroup/pids.peak\x00', 0x8000, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) mmap$auto(0x0, 0x9644, 0xdf, 0x9b72, 0x2, 0x2d4a29c0) pivot_root$auto(0x0, 0x0) mmap$auto(0x4, 0x2020006, 0x3, 0xf8, r1, 0x8000) madvise$auto(0x0, 0x2000040080000000, 0xe) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x7f, 0x82020009, 0x3, 0xeb1, 0xffffffffffffffff, 0xfff) unshare$auto(0x40000080) r2 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000100), 0x80840, 0x0) rt_sigtimedwait$auto(&(0x7f0000000140)={0x8}, &(0x7f0000000280)={@siginfo_0_0={0x7ff, 0x1, 0x91c1, @_rt={0x0, 0x0, @sival_int=0x4}}}, &(0x7f00000001c0)={0x8001, 0x2}, 0x8) shmctl$auto_SHM_STAT(0xff000000, 0xd, &(0x7f0000000300)={{0x0, 0x0, 0x0, 0x3, 0x80000001, 0x70b, 0x1}, 0xa8d, 0x2, 0x1, 0x2, @inferred, @inferred, 0x100, 0x0, &(0x7f0000000080)="0100000000000000000000800111d06e2e00df9e0da21547b9b28d0d80353ee02a7f9d0000", &(0x7f0000000180)="c9a54d83ccc04eff2555bc1a30b5eb5b4433304c5941018efa0659b1"}) readv$auto(r2, &(0x7f0000000a80)={0x0, 0x5b54}, 0x1) getsockopt$auto(0xffffffffffffffff, 0x1, 0x3, &(0x7f0000000040)='/dev/cec27\x00', 0x0) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000e0, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x2, 0x4, 0x3, 0x3) 4.664300937s ago: executing program 1 (id=1875): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) shmctl$auto(0x691, 0x3, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) mmap$auto(0x0, 0x63, 0x6, 0xfa31, 0xffffffffffffffff, 0x8000) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) 4.523410098s ago: executing program 1 (id=1876): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f0000000280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xf4\x90\xc0\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\xed\xb74\xbeI\"\r\xb8\xe3\xe7;N\xc1\x7fq\xff', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) r3 = openat$auto_nvmf_dev_fops_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) write$auto_nvmf_dev_fops_fabrics(r3, 0x0, 0x300) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000003d40), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r1, 0x0, 0x4000050) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x1) madvise$auto(0x0, 0x200007, 0x19) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000002040)='/dev/snd/pcmC1D1c\x00', 0x80, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0x3f, 0x5, 0x2000000000948b, 0x3, 0x800295f4da0a, 0x2, 0x3, 0x62, 0x80000001, 0x50a7, 0x6d3f, 0x9, 0x3, 0xfffffffffffffffe]}, 0x0) 1.926047835s ago: executing program 0 (id=1877): r0 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy5/netdev:wlan0/stations/08:02:11:00:00:01/airtime\x00', 0x800, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r0, 0x0, 0x0) 1.692844996s ago: executing program 0 (id=1878): r0 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy5/netdev:wlan0/stations/08:02:11:00:00:01/airtime\x00', 0x800, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r0, 0x0, 0x0) (fail_nth: 1) 868.679596ms ago: executing program 0 (id=1879): socket(0x2, 0xa, 0x106) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0xffff, @remote}, 0x6d) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) (async) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r0, 0xc040564a, r0) listen$auto(0x3, 0x81) (async) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020209, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x2c, 0x3, 0x8) (async) r1 = socket(0x2c, 0x3, 0x8) flistxattr$auto(0xffffffffffffffff, &(0x7f0000000100)='/dev/dsp1\x00', 0x7) (async) flistxattr$auto(0xffffffffffffffff, &(0x7f0000000100)='/dev/dsp1\x00', 0x7) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x7c4bc12122db7df2, 0x0) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/bssid\x00', 0x220880, 0x0) (async) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy1/netdev:wlan1/bssid\x00', 0x220880, 0x0) inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0xfffff378) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdef) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x28adc1, 0x0) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x28adc1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x47, 0x8000) r2 = clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r1, 0x0, 0x40884) mincore$auto(0x1000, 0x8001, 0x0) fcntl$auto(0x8000000000000001, 0x7, 0x8) (async) r3 = fcntl$auto(0x8000000000000001, 0x7, 0x8) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x42a81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x10b142, 0x0) fcntl$auto(r3, 0x8, r2) madvise$auto(0x0, 0x8000000000000000, 0xa2) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x6, 0x0) (async) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x6, 0x0) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) (async) clone$auto(0x21, 0x9, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 449.210005ms ago: executing program 1 (id=1880): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x42800, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r1 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) setsockopt$auto_SO_NO_CHECK(r0, 0x4, 0xb, &(0x7f0000000180)='/dev/input/event1\x00', 0x0) r2 = socket(0x18, 0x5, 0x1) write$auto(r2, 0x0, 0x5) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = getsockopt$auto(r1, 0x84, 0x2, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) r4 = openat$auto_suspend_stats_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x182, 0x0) close_range$auto(0x2, r4, 0x0) writev$auto(0xc8, 0x0, 0x9) sendmsg$auto_IEEE802154_DISASSOCIATE_REQ(r3, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000008", @ANYRES16=0x0, @ANYBLOB="00022cbd7000fcdbdf250300000005001b006c000000"], 0x5}, 0x1, 0x0, 0x0, 0x408c}, 0x80) r5 = socketcall$auto(0xfffffff8, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video0\x00', 0xa200, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x10001, 0xc0000000, 0xffffffffffffffff, 0x7, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0xb, 0xe5, 0x3}, 0x10) ioctl$auto_KVM_CREATE_VM(r0, 0xae80, 0x0) 446.388927ms ago: executing program 6 (id=1881): socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) sendfile$auto(r0, r0, 0x0, 0x400000000004) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket(0x26, 0x2, 0xffff1cab) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000040)=ANY=[@ANYBLOB="13000000", @ANYBLOB='N\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) setsockopt$auto(0x3, 0x10000000084, 0x19, 0x0, 0x8) r2 = openat$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy5/netdev:wlan0/stations/08:02:11:00:00:01/airtime\x00', 0x800, 0x0) read$auto_adf_hb_cfg_fops_adf_heartbeat_dbgfs(r2, 0x0, 0x0) 367.524954ms ago: executing program 7 (id=1882): bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x10001, 0xc0000000, 0xffffffffffffffff, 0x7, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0xb, 0xe5, 0x3}, 0x10) (fail_nth: 20) 152.515133ms ago: executing program 0 (id=1883): unshare$auto(0x40000080) mmap$auto(0x6, 0x22009, 0x2000000df, 0xeb1, 0x401, 0x81) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop5\x00', 0x68b81, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vhci_hcd.1/usb12/12-0:1.0/usb12-port3/power/runtime_active_time\x00', 0xa101, 0x0) socket(0x1a, 0x80000, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) landlock_create_ruleset$auto(&(0x7f0000000040)={0x9, 0x402, 0x101}, 0x2c3, 0x20000010) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000000)) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000100)="15") r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0xe) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) ptrace$auto(0x6, 0x1, 0x3, 0x180000) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x840}, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x4001, 0x0) mmap$auto(0x8, 0x2, 0xdf, 0xeb1, 0x401, 0x3) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 0s ago: executing program 7 (id=1884): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) shmctl$auto(0x691, 0x3, 0x0) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) mmap$auto(0x0, 0x63, 0x6, 0xfa31, 0xffffffffffffffff, 0x8000) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r0, 0x7af, 0x0) kernel console output (not intermixed with test programs): BX: 00007f9516e15fa0 RCX: 00007f9516b9aeb9 [ 473.986684][T11632] RDX: 0000000024008880 RSI: 000020000000a5c0 RDI: 0000000000000003 [ 473.986705][T11632] RBP: 00007f9517abf090 R08: 0000000000000000 R09: 0000000000000000 [ 473.986726][T11632] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 473.986745][T11632] R13: 00007f9516e16038 R14: 00007f9516e15fa0 R15: 00007ffd21f860a8 [ 473.986789][T11632] [ 474.780323][T11653] FAULT_INJECTION: forcing a failure. [ 474.780323][T11653] name failslab, interval 1, probability 0, space 0, times 0 [ 475.022780][T11653] CPU: 1 UID: 0 PID: 11653 Comm: syz.3.1352 Tainted: G L syzkaller #0 PREEMPT(full) [ 475.022830][T11653] Tainted: [L]=SOFTLOCKUP [ 475.022841][T11653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 475.022859][T11653] Call Trace: [ 475.022870][T11653] [ 475.022882][T11653] dump_stack_lvl+0x100/0x190 [ 475.022927][T11653] should_fail_ex.cold+0x5/0xa [ 475.022980][T11653] should_failslab+0xc2/0x120 [ 475.023026][T11653] ? tomoyo_encode2+0xfb/0x3c0 [ 475.023055][T11653] __kmalloc_noprof+0xf6/0x9c0 [ 475.023084][T11653] ? __pfx_tomoyo_get_local_path+0x10/0x10 [ 475.023125][T11653] ? tomoyo_realpath_from_path+0xb6/0x690 [ 475.023168][T11653] ? tomoyo_encode2+0xfb/0x3c0 [ 475.023197][T11653] tomoyo_encode2+0xfb/0x3c0 [ 475.023233][T11653] tomoyo_encode+0x29/0x50 [ 475.023264][T11653] tomoyo_realpath_from_path+0x18c/0x690 [ 475.023307][T11653] tomoyo_path_number_perm+0x23c/0x580 [ 475.023355][T11653] ? tomoyo_path_number_perm+0x22e/0x580 [ 475.023404][T11653] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 475.023491][T11653] ? find_held_lock+0x2b/0x80 [ 475.023522][T11653] ? hook_file_ioctl_common+0x146/0x410 [ 475.023568][T11653] ? __fget_files+0x215/0x3d0 [ 475.023611][T11653] ? __fget_files+0x21f/0x3d0 [ 475.023654][T11653] security_file_ioctl+0xd3/0x230 [ 475.023719][T11653] __x64_sys_ioctl+0xb7/0x210 [ 475.023787][T11653] do_syscall_64+0xc9/0xf80 [ 475.023831][T11653] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.023939][T11653] RIP: 0033:0x7f920839aeb9 [ 475.023969][T11653] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 475.024001][T11653] RSP: 002b:00007f9209303028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 475.024032][T11653] RAX: ffffffffffffffda RBX: 00007f9208616090 RCX: 00007f920839aeb9 [ 475.024054][T11653] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000004 [ 475.024072][T11653] RBP: 00007f9209303090 R08: 0000000000000000 R09: 0000000000000000 [ 475.024096][T11653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 475.024125][T11653] R13: 00007f9208616128 R14: 00007f9208616090 R15: 00007ffe9fb34d58 [ 475.024172][T11653] [ 475.028260][T11653] ERROR: Out of memory at tomoyo_realpath_from_path. [ 475.451431][T11656] NFSD: Failed to start, no listeners configured. [ 475.661872][T11660] __nla_validate_parse: 23 callbacks suppressed [ 475.661895][T11660] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1355'. [ 475.794586][T11660] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1355'. [ 476.040125][T11664] vivid-007: ================= START STATUS ================= [ 476.099619][T11664] vivid-007: Generate PTS: true [ 476.125638][T11664] vivid-007: Generate SCR: true [ 476.136598][T11664] tpg source WxH: 320x240 (Y'CbCr) [ 476.143278][T11664] tpg field: 1 [ 476.149494][T11664] tpg crop: (0,0)/320x240 [ 476.160270][T11664] tpg compose: (0,0)/320x240 [ 476.182484][T11664] tpg colorspace: 8 [ 476.233569][T11664] tpg transfer function: 0/0 [ 476.288877][T11664] tpg Y'CbCr encoding: 0/0 [ 476.349392][T11664] tpg quantization: 0/0 [ 476.372347][T11664] tpg RGB range: 0/2 [ 476.544643][T11664] vivid-007: ================== END STATUS ================== [ 477.688167][T11695] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1362'. [ 478.515157][T11701] FAULT_INJECTION: forcing a failure. [ 478.515157][T11701] name failslab, interval 1, probability 0, space 0, times 0 [ 478.551643][T11701] CPU: 1 UID: 0 PID: 11701 Comm: syz.3.1364 Tainted: G L syzkaller #0 PREEMPT(full) [ 478.551694][T11701] Tainted: [L]=SOFTLOCKUP [ 478.551706][T11701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 478.551724][T11701] Call Trace: [ 478.551733][T11701] [ 478.551753][T11701] dump_stack_lvl+0x100/0x190 [ 478.551797][T11701] should_fail_ex.cold+0x5/0xa [ 478.551856][T11701] should_failslab+0xc2/0x120 [ 478.551902][T11701] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 478.551949][T11701] ? __alloc_skb+0x156/0x410 [ 478.551991][T11701] ? __alloc_skb+0x35d/0x410 [ 478.552040][T11701] ? __alloc_skb+0x156/0x410 [ 478.552083][T11701] __alloc_skb+0x156/0x410 [ 478.552125][T11701] ? __alloc_skb+0x35d/0x410 [ 478.552168][T11701] ? __pfx___alloc_skb+0x10/0x10 [ 478.552213][T11701] ? netlink_autobind.isra.0+0xe0/0x370 [ 478.552278][T11701] netlink_alloc_large_skb+0x69/0x150 [ 478.552333][T11701] netlink_sendmsg+0x680/0xda0 [ 478.552398][T11701] ? __pfx_netlink_sendmsg+0x10/0x10 [ 478.552447][T11701] ? __import_iovec+0x1d2/0x640 [ 478.552501][T11701] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 478.552550][T11701] ____sys_sendmsg+0xa54/0xc30 [ 478.552598][T11701] ? __pfx_____sys_sendmsg+0x10/0x10 [ 478.552650][T11701] ___sys_sendmsg+0x190/0x1e0 [ 478.552684][T11701] ? __pfx____sys_sendmsg+0x10/0x10 [ 478.552731][T11701] ? find_held_lock+0x2b/0x80 [ 478.552778][T11701] __sys_sendmsg+0x170/0x220 [ 478.552826][T11701] ? __pfx___sys_sendmsg+0x10/0x10 [ 478.552888][T11701] do_syscall_64+0xc9/0xf80 [ 478.552924][T11701] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 478.552951][T11701] RIP: 0033:0x7f920839aeb9 [ 478.552972][T11701] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 478.552998][T11701] RSP: 002b:00007f9209324028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 478.553024][T11701] RAX: ffffffffffffffda RBX: 00007f9208615fa0 RCX: 00007f920839aeb9 [ 478.553042][T11701] RDX: 0000000024008880 RSI: 000020000000a5c0 RDI: 0000000000000003 [ 478.553059][T11701] RBP: 00007f9209324090 R08: 0000000000000000 R09: 0000000000000000 [ 478.553076][T11701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 478.553092][T11701] R13: 00007f9208616038 R14: 00007f9208615fa0 R15: 00007ffe9fb34d58 [ 478.553126][T11701] [ 479.653126][T11721] FAULT_INJECTION: forcing a failure. [ 479.653126][T11721] name failslab, interval 1, probability 0, space 0, times 0 [ 479.666556][T11721] CPU: 1 UID: 0 PID: 11721 Comm: syz.1.1369 Tainted: G L syzkaller #0 PREEMPT(full) [ 479.666617][T11721] Tainted: [L]=SOFTLOCKUP [ 479.666628][T11721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 479.666647][T11721] Call Trace: [ 479.666657][T11721] [ 479.666669][T11721] dump_stack_lvl+0x100/0x190 [ 479.666713][T11721] should_fail_ex.cold+0x5/0xa [ 479.666766][T11721] should_failslab+0xc2/0x120 [ 479.666811][T11721] __kmalloc_cache_noprof+0x80/0x810 [ 479.666844][T11721] ? rcu_is_watching+0x12/0xc0 [ 479.666874][T11721] ? vhost_task_create+0xee/0x370 [ 479.666921][T11721] ? trace_contention_end+0xd6/0x110 [ 479.666966][T11721] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 479.667024][T11721] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 479.667075][T11721] ? vhost_task_create+0xee/0x370 [ 479.667121][T11721] vhost_task_create+0xee/0x370 [ 479.667172][T11721] ? __pfx_vhost_task_create+0x10/0x10 [ 479.667220][T11721] ? register_lock_class+0x40/0x560 [ 479.667275][T11721] ? __pfx_vhost_task_fn+0x10/0x10 [ 479.667331][T11721] ? __pfx___mutex_lock+0x10/0x10 [ 479.667384][T11721] kvm_mmu_post_init_vm+0x1b3/0x370 [ 479.667429][T11721] kvm_arch_vcpu_ioctl_run+0x66/0x1830 [ 479.667474][T11721] ? kvm_vcpu_ioctl+0x150f/0x16d0 [ 479.667518][T11721] kvm_vcpu_ioctl+0x730/0x16d0 [ 479.667552][T11721] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 479.667583][T11721] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 479.667621][T11721] ? do_vfs_ioctl+0x226/0x13e0 [ 479.667674][T11721] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 479.667737][T11721] ? find_held_lock+0x2b/0x80 [ 479.667768][T11721] ? hook_file_ioctl_common+0x146/0x410 [ 479.667828][T11721] ? __fget_files+0x21f/0x3d0 [ 479.667871][T11721] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 479.667905][T11721] __x64_sys_ioctl+0x18e/0x210 [ 479.667969][T11721] do_syscall_64+0xc9/0xf80 [ 479.668014][T11721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.668048][T11721] RIP: 0033:0x7f387239aeb9 [ 479.668073][T11721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 479.668105][T11721] RSP: 002b:00007f3873300028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 479.668136][T11721] RAX: ffffffffffffffda RBX: 00007f3872616090 RCX: 00007f387239aeb9 [ 479.668157][T11721] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000004 [ 479.668176][T11721] RBP: 00007f3873300090 R08: 0000000000000000 R09: 0000000000000000 [ 479.668195][T11721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 479.668213][T11721] R13: 00007f3872616128 R14: 00007f3872616090 R15: 00007fffdb558f58 [ 479.668256][T11721] [ 479.940210][T11718] FAULT_INJECTION: forcing a failure. [ 479.940210][T11718] name fail_futex, interval 1, probability 0, space 0, times 0 [ 479.956375][T11718] CPU: 1 UID: 0 PID: 11718 Comm: syz.2.1371 Tainted: G L syzkaller #0 PREEMPT(full) [ 479.956434][T11718] Tainted: [L]=SOFTLOCKUP [ 479.956445][T11718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 479.956466][T11718] Call Trace: [ 479.956476][T11718] [ 479.956488][T11718] dump_stack_lvl+0x100/0x190 [ 479.956530][T11718] should_fail_ex.cold+0x5/0xa [ 479.956582][T11718] get_futex_key+0x1d2/0x1620 [ 479.956630][T11718] ? __pfx_get_futex_key+0x10/0x10 [ 479.956668][T11718] ? futex_hash+0x2c5/0x380 [ 479.956721][T11718] futex_wake+0xea/0x530 [ 479.956772][T11718] ? __pfx_futex_wait+0x10/0x10 [ 479.956801][T11718] ? __pfx_futex_wake+0x10/0x10 [ 479.956853][T11718] ? rcu_read_lock_any_held+0x6a/0xa0 [ 479.956882][T11718] ? vfs_write+0x15d/0x1070 [ 479.956914][T11718] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 479.956952][T11718] do_futex+0x32b/0x350 [ 479.956990][T11718] ? __pfx_do_futex+0x10/0x10 [ 479.957025][T11718] ? __pfx_do_sys_openat2+0x10/0x10 [ 479.957076][T11718] __x64_sys_futex+0x34f/0x4d0 [ 479.957116][T11718] ? fdget_pos+0x2c0/0x380 [ 479.957148][T11718] ? __pfx___x64_sys_futex+0x10/0x10 [ 479.957185][T11718] ? xfd_validate_state+0x129/0x190 [ 479.957231][T11718] ? fdget+0x18b/0x210 [ 479.957265][T11718] do_syscall_64+0xc9/0xf80 [ 479.957300][T11718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.957328][T11718] RIP: 0033:0x7f9516b9aeb9 [ 479.957349][T11718] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 479.957376][T11718] RSP: 002b:00007f9517abf0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 479.957402][T11718] RAX: ffffffffffffffda RBX: 00007f9516e15fa8 RCX: 00007f9516b9aeb9 [ 479.957420][T11718] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9516e15fac [ 479.957442][T11718] RBP: 00007f9516e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 479.957459][T11718] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 479.957475][T11718] R13: 00007f9516e16038 R14: 00007ffd21f85fc0 R15: 00007ffd21f860a8 [ 479.957510][T11718] [ 480.448545][T11712] NFSD: Failed to start, no listeners configured. [ 480.702528][T11735] FAULT_INJECTION: forcing a failure. [ 480.702528][T11735] name failslab, interval 1, probability 0, space 0, times 0 [ 480.816312][T11735] CPU: 1 UID: 0 PID: 11735 Comm: syz.0.1374 Tainted: G L syzkaller #0 PREEMPT(full) [ 480.816359][T11735] Tainted: [L]=SOFTLOCKUP [ 480.816368][T11735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 480.816382][T11735] Call Trace: [ 480.816391][T11735] [ 480.816400][T11735] dump_stack_lvl+0x100/0x190 [ 480.816435][T11735] should_fail_ex.cold+0x5/0xa [ 480.816477][T11735] should_failslab+0xc2/0x120 [ 480.816514][T11735] kmem_cache_alloc_noprof+0x83/0x780 [ 480.816548][T11735] ? __kernfs_new_node+0xd2/0x960 [ 480.816591][T11735] ? __kernfs_new_node+0xd2/0x960 [ 480.816626][T11735] __kernfs_new_node+0xd2/0x960 [ 480.816664][T11735] ? __pfx___kernfs_new_node+0x10/0x10 [ 480.816707][T11735] ? find_held_lock+0x2b/0x80 [ 480.816732][T11735] ? kernfs_root+0xee/0x2a0 [ 480.816765][T11735] ? kernfs_root+0xee/0x2a0 [ 480.816806][T11735] kernfs_new_node+0x11b/0x1a0 [ 480.816849][T11735] __kernfs_create_file+0x53/0x350 [ 480.816881][T11735] sysfs_add_file_mode_ns+0x207/0x3c0 [ 480.816921][T11735] internal_create_group+0x593/0xf40 [ 480.816964][T11735] ? __pfx_internal_create_group+0x10/0x10 [ 480.817006][T11735] ? kernfs_create_link+0x1bd/0x240 [ 480.817039][T11735] internal_create_groups+0x9d/0x150 [ 480.817078][T11735] device_add+0x71a/0x1950 [ 480.817115][T11735] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 480.817153][T11735] ? __pfx_device_add+0x10/0x10 [ 480.817188][T11735] ? lockdep_init_map_type+0x5c/0x250 [ 480.817224][T11735] ? __init_waitqueue_head+0xca/0x150 [ 480.817271][T11735] netdev_register_kobject+0x1a9/0x3d0 [ 480.817308][T11735] register_netdevice+0x12b3/0x21d0 [ 480.817348][T11735] ? __pfx_register_netdevice+0x10/0x10 [ 480.817380][T11735] slip_open+0xb8a/0x1120 [ 480.817419][T11735] ? __pfx_slip_open+0x10/0x10 [ 480.817448][T11735] ? tty_set_ldisc+0x2b1/0x740 [ 480.817488][T11735] ? __pfx_slip_open+0x10/0x10 [ 480.817519][T11735] tty_ldisc_open+0xa2/0x120 [ 480.817553][T11735] tty_set_ldisc+0x325/0x740 [ 480.817591][T11735] tty_ioctl+0x695/0x1690 [ 480.817631][T11735] ? __pfx_tty_ioctl+0x10/0x10 [ 480.817680][T11735] ? find_held_lock+0x2b/0x80 [ 480.817704][T11735] ? hook_file_ioctl_common+0x146/0x410 [ 480.817749][T11735] ? __fget_files+0x21f/0x3d0 [ 480.817782][T11735] ? __pfx_tty_ioctl+0x10/0x10 [ 480.817821][T11735] __x64_sys_ioctl+0x18e/0x210 [ 480.817864][T11735] do_syscall_64+0xc9/0xf80 [ 480.817898][T11735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 480.817923][T11735] RIP: 0033:0x7f2e31f9aeb9 [ 480.817942][T11735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 480.817967][T11735] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 480.817991][T11735] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 480.818008][T11735] RDX: 0000000000000000 RSI: 0000000000005423 RDI: 0000000000000007 [ 480.818023][T11735] RBP: 00007f2e32008c1f R08: 0000000000000000 R09: 0000000000000000 [ 480.818039][T11735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 480.818054][T11735] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 480.818086][T11735] [ 482.297179][T11752] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1379'. [ 483.761790][T11772] FAULT_INJECTION: forcing a failure. [ 483.761790][T11772] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 483.831226][T11772] CPU: 1 UID: 0 PID: 11772 Comm: syz.0.1384 Tainted: G L syzkaller #0 PREEMPT(full) [ 483.831274][T11772] Tainted: [L]=SOFTLOCKUP [ 483.831284][T11772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 483.831300][T11772] Call Trace: [ 483.831311][T11772] [ 483.831322][T11772] dump_stack_lvl+0x100/0x190 [ 483.831372][T11772] should_fail_ex.cold+0x5/0xa [ 483.831423][T11772] _copy_from_iter+0x1f4/0x1690 [ 483.831470][T11772] ? __alloc_skb+0x220/0x410 [ 483.831505][T11772] ? __alloc_skb+0x35d/0x410 [ 483.831542][T11772] ? __pfx__copy_from_iter+0x10/0x10 [ 483.831584][T11772] ? netlink_autobind.isra.0+0xe0/0x370 [ 483.831643][T11772] netlink_sendmsg+0x808/0xda0 [ 483.831693][T11772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 483.831735][T11772] ? __import_iovec+0x1d2/0x640 [ 483.831780][T11772] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 483.831821][T11772] ____sys_sendmsg+0xa54/0xc30 [ 483.831855][T11772] ? __pfx_____sys_sendmsg+0x10/0x10 [ 483.831902][T11772] ___sys_sendmsg+0x190/0x1e0 [ 483.831936][T11772] ? __pfx____sys_sendmsg+0x10/0x10 [ 483.831984][T11772] ? find_held_lock+0x2b/0x80 [ 483.832033][T11772] __sys_sendmsg+0x170/0x220 [ 483.832074][T11772] ? __pfx___sys_sendmsg+0x10/0x10 [ 483.832141][T11772] do_syscall_64+0xc9/0xf80 [ 483.832184][T11772] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 483.832217][T11772] RIP: 0033:0x7f2e31f9aeb9 [ 483.832239][T11772] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 483.832266][T11772] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 483.832293][T11772] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 483.832311][T11772] RDX: 0000000024008880 RSI: 000020000000a5c0 RDI: 0000000000000003 [ 483.832328][T11772] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 483.832354][T11772] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 483.832370][T11772] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 483.832406][T11772] [ 484.484585][T11776] futex_wake_op: syz.0.1385 tries to shift op by -2048; fix this program [ 484.511854][T11776] futex_wake_op: syz.0.1385 tries to shift op by -2048; fix this program [ 484.770661][T11783] FAULT_INJECTION: forcing a failure. [ 484.770661][T11783] name failslab, interval 1, probability 0, space 0, times 0 [ 484.815203][T11783] CPU: 0 UID: 0 PID: 11783 Comm: syz.2.1388 Tainted: G L syzkaller #0 PREEMPT(full) [ 484.815253][T11783] Tainted: [L]=SOFTLOCKUP [ 484.815273][T11783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 484.815291][T11783] Call Trace: [ 484.815302][T11783] [ 484.815313][T11783] dump_stack_lvl+0x100/0x190 [ 484.815355][T11783] should_fail_ex.cold+0x5/0xa [ 484.815409][T11783] should_failslab+0xc2/0x120 [ 484.815454][T11783] __kmalloc_cache_noprof+0x80/0x810 [ 484.815488][T11783] ? rcu_is_watching+0x12/0xc0 [ 484.815522][T11783] ? vhost_task_create+0xee/0x370 [ 484.815558][T11783] ? trace_contention_end+0xd6/0x110 [ 484.815594][T11783] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 484.815637][T11783] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 484.815674][T11783] ? vhost_task_create+0xee/0x370 [ 484.815710][T11783] vhost_task_create+0xee/0x370 [ 484.815748][T11783] ? __pfx_vhost_task_create+0x10/0x10 [ 484.815784][T11783] ? register_lock_class+0x40/0x560 [ 484.815825][T11783] ? __pfx_vhost_task_fn+0x10/0x10 [ 484.815866][T11783] ? __pfx___mutex_lock+0x10/0x10 [ 484.815904][T11783] kvm_mmu_post_init_vm+0x1b3/0x370 [ 484.815937][T11783] kvm_arch_vcpu_ioctl_run+0x66/0x1830 [ 484.815969][T11783] ? kvm_vcpu_ioctl+0x150f/0x16d0 [ 484.815998][T11783] kvm_vcpu_ioctl+0x730/0x16d0 [ 484.816024][T11783] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 484.816047][T11783] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 484.816075][T11783] ? do_vfs_ioctl+0x226/0x13e0 [ 484.816114][T11783] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 484.816161][T11783] ? find_held_lock+0x2b/0x80 [ 484.816184][T11783] ? hook_file_ioctl_common+0x146/0x410 [ 484.816227][T11783] ? __fget_files+0x21f/0x3d0 [ 484.816263][T11783] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 484.816287][T11783] __x64_sys_ioctl+0x18e/0x210 [ 484.816326][T11783] do_syscall_64+0xc9/0xf80 [ 484.816386][T11783] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 484.816424][T11783] RIP: 0033:0x7f9516b9aeb9 [ 484.816449][T11783] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 484.816479][T11783] RSP: 002b:00007f9517abf028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 484.816509][T11783] RAX: ffffffffffffffda RBX: 00007f9516e15fa0 RCX: 00007f9516b9aeb9 [ 484.816530][T11783] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000004 [ 484.816550][T11783] RBP: 00007f9517abf090 R08: 0000000000000000 R09: 0000000000000000 [ 484.816569][T11783] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 484.816588][T11783] R13: 00007f9516e16038 R14: 00007f9516e15fa0 R15: 00007ffd21f860a8 [ 484.816631][T11783] [ 486.329594][T11798] NFSD: Failed to start, no listeners configured. [ 487.574854][T11812] FAULT_INJECTION: forcing a failure. [ 487.574854][T11812] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 487.624531][T11812] CPU: 0 UID: 0 PID: 11812 Comm: syz.3.1400 Tainted: G L syzkaller #0 PREEMPT(full) [ 487.624586][T11812] Tainted: [L]=SOFTLOCKUP [ 487.624599][T11812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 487.624618][T11812] Call Trace: [ 487.624629][T11812] [ 487.624640][T11812] dump_stack_lvl+0x100/0x190 [ 487.624686][T11812] should_fail_ex.cold+0x5/0xa [ 487.624740][T11812] _copy_from_iter+0x1f4/0x1690 [ 487.624807][T11812] ? __alloc_skb+0x220/0x410 [ 487.624851][T11812] ? __alloc_skb+0x35d/0x410 [ 487.624895][T11812] ? __pfx__copy_from_iter+0x10/0x10 [ 487.624944][T11812] ? netlink_autobind.isra.0+0xe0/0x370 [ 487.625014][T11812] netlink_sendmsg+0x808/0xda0 [ 487.625072][T11812] ? __pfx_netlink_sendmsg+0x10/0x10 [ 487.625121][T11812] ? __import_iovec+0x1d2/0x640 [ 487.625174][T11812] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 487.625222][T11812] ____sys_sendmsg+0xa54/0xc30 [ 487.625263][T11812] ? __pfx_____sys_sendmsg+0x10/0x10 [ 487.625318][T11812] ___sys_sendmsg+0x190/0x1e0 [ 487.625359][T11812] ? __pfx____sys_sendmsg+0x10/0x10 [ 487.625419][T11812] ? find_held_lock+0x2b/0x80 [ 487.625477][T11812] __sys_sendmsg+0x170/0x220 [ 487.625528][T11812] ? __pfx___sys_sendmsg+0x10/0x10 [ 487.625603][T11812] do_syscall_64+0xc9/0xf80 [ 487.625647][T11812] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.625681][T11812] RIP: 0033:0x7f920839aeb9 [ 487.625706][T11812] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 487.625738][T11812] RSP: 002b:00007f9209324028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 487.625769][T11812] RAX: ffffffffffffffda RBX: 00007f9208615fa0 RCX: 00007f920839aeb9 [ 487.625801][T11812] RDX: 0000000024008880 RSI: 000020000000a5c0 RDI: 0000000000000003 [ 487.625821][T11812] RBP: 00007f9209324090 R08: 0000000000000000 R09: 0000000000000000 [ 487.625840][T11812] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 487.625859][T11812] R13: 00007f9208616038 R14: 00007f9208615fa0 R15: 00007ffe9fb34d58 [ 487.625902][T11812] [ 488.192239][T11828] FAULT_INJECTION: forcing a failure. [ 488.192239][T11828] name failslab, interval 1, probability 0, space 0, times 0 [ 488.222100][T11828] CPU: 1 UID: 0 PID: 11828 Comm: syz.1.1403 Tainted: G L syzkaller #0 PREEMPT(full) [ 488.222138][T11828] Tainted: [L]=SOFTLOCKUP [ 488.222146][T11828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 488.222160][T11828] Call Trace: [ 488.222168][T11828] [ 488.222177][T11828] dump_stack_lvl+0x100/0x190 [ 488.222210][T11828] should_fail_ex.cold+0x5/0xa [ 488.222249][T11828] should_failslab+0xc2/0x120 [ 488.222283][T11828] ? lsm_blob_alloc+0x68/0x90 [ 488.222307][T11828] __kmalloc_noprof+0xf6/0x9c0 [ 488.222329][T11828] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 488.222362][T11828] ? lsm_blob_alloc+0x68/0x90 [ 488.222385][T11828] ? __asan_memset+0x23/0x50 [ 488.222408][T11828] lsm_blob_alloc+0x68/0x90 [ 488.222433][T11828] security_task_alloc+0x2a/0x260 [ 488.222457][T11828] copy_process+0x25cc/0x7890 [ 488.222502][T11828] ? __pfx_copy_process+0x10/0x10 [ 488.222538][T11828] ? lockdep_init_map_type+0x5c/0x250 [ 488.222574][T11828] ? lockdep_init_map_type+0x5c/0x250 [ 488.222607][T11828] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 488.222648][T11828] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 488.222685][T11828] vhost_task_create+0x1db/0x370 [ 488.222723][T11828] ? __pfx_vhost_task_create+0x10/0x10 [ 488.222758][T11828] ? register_lock_class+0x40/0x560 [ 488.222797][T11828] ? __pfx_vhost_task_fn+0x10/0x10 [ 488.222837][T11828] ? __pfx___mutex_lock+0x10/0x10 [ 488.222875][T11828] kvm_mmu_post_init_vm+0x1b3/0x370 [ 488.222907][T11828] kvm_arch_vcpu_ioctl_run+0x66/0x1830 [ 488.222939][T11828] ? kvm_vcpu_ioctl+0x150f/0x16d0 [ 488.222968][T11828] kvm_vcpu_ioctl+0x730/0x16d0 [ 488.222998][T11828] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 488.223021][T11828] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 488.223048][T11828] ? do_vfs_ioctl+0x226/0x13e0 [ 488.223086][T11828] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 488.223131][T11828] ? find_held_lock+0x2b/0x80 [ 488.223153][T11828] ? hook_file_ioctl_common+0x146/0x410 [ 488.223197][T11828] ? __fget_files+0x21f/0x3d0 [ 488.223227][T11828] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 488.223250][T11828] __x64_sys_ioctl+0x18e/0x210 [ 488.223290][T11828] do_syscall_64+0xc9/0xf80 [ 488.223322][T11828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.223346][T11828] RIP: 0033:0x7f387239aeb9 [ 488.223364][T11828] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 488.223387][T11828] RSP: 002b:00007f3873321028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 488.223409][T11828] RAX: ffffffffffffffda RBX: 00007f3872615fa0 RCX: 00007f387239aeb9 [ 488.223424][T11828] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000004 [ 488.223438][T11828] RBP: 00007f3873321090 R08: 0000000000000000 R09: 0000000000000000 [ 488.223452][T11828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 488.223466][T11828] R13: 00007f3872616038 R14: 00007f3872615fa0 R15: 00007fffdb558f58 [ 488.223496][T11828] [ 488.916473][T11816] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1399'. [ 489.256585][T11834] netlink: 'syz.3.1405': attribute type 1 has an invalid length. [ 489.321544][T11834] netlink: 314 bytes leftover after parsing attributes in process `syz.3.1405'. [ 489.722640][T11835] Line length is too long: Should be less than 4094 [ 490.153742][T11855] NFSD: Failed to start, no listeners configured. [ 490.945724][T11875] FAULT_INJECTION: forcing a failure. [ 490.945724][T11875] name failslab, interval 1, probability 0, space 0, times 0 [ 490.999907][T11875] CPU: 1 UID: 0 PID: 11875 Comm: syz.0.1416 Tainted: G L syzkaller #0 PREEMPT(full) [ 490.999956][T11875] Tainted: [L]=SOFTLOCKUP [ 490.999966][T11875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 490.999985][T11875] Call Trace: [ 490.999995][T11875] [ 491.000007][T11875] dump_stack_lvl+0x100/0x190 [ 491.000055][T11875] should_fail_ex.cold+0x5/0xa [ 491.000109][T11875] should_failslab+0xc2/0x120 [ 491.000154][T11875] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 491.000192][T11875] __kmalloc_noprof+0xf6/0x9c0 [ 491.000225][T11875] ? kasan_quarantine_put+0x104/0x240 [ 491.000263][T11875] ? lockdep_hardirqs_on+0x78/0x100 [ 491.000311][T11875] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 491.000348][T11875] genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 491.000394][T11875] genl_family_rcv_msg_doit+0xc7/0x300 [ 491.000433][T11875] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 491.000468][T11875] ? genl_get_cmd+0x3ef/0x720 [ 491.000641][T11875] ? bpf_lsm_capable+0x9/0x10 [ 491.000665][T11875] ? security_capable+0x80/0x260 [ 491.000716][T11875] genl_rcv_msg+0x560/0x800 [ 491.000747][T11875] ? __pfx_genl_rcv_msg+0x10/0x10 [ 491.000772][T11875] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 491.000801][T11875] ? __pfx_nl80211_req_set_reg+0x10/0x10 [ 491.000840][T11875] ? __pfx_nl80211_post_doit+0x10/0x10 [ 491.000879][T11875] netlink_rcv_skb+0x159/0x420 [ 491.000902][T11875] ? __pfx_genl_rcv_msg+0x10/0x10 [ 491.000929][T11875] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 491.000967][T11875] ? netlink_deliver_tap+0x1ae/0xcc0 [ 491.001060][T11875] genl_rcv+0x28/0x40 [ 491.001091][T11875] netlink_unicast+0x5aa/0x870 [ 491.001146][T11875] ? __pfx_netlink_unicast+0x10/0x10 [ 491.001199][T11875] netlink_sendmsg+0x8b0/0xda0 [ 491.001243][T11875] ? __pfx_netlink_sendmsg+0x10/0x10 [ 491.001281][T11875] ? __import_iovec+0x1d2/0x640 [ 491.001324][T11875] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 491.001361][T11875] ____sys_sendmsg+0xa54/0xc30 [ 491.001393][T11875] ? __pfx_____sys_sendmsg+0x10/0x10 [ 491.001439][T11875] ___sys_sendmsg+0x190/0x1e0 [ 491.001475][T11875] ? __pfx____sys_sendmsg+0x10/0x10 [ 491.001520][T11875] ? find_held_lock+0x2b/0x80 [ 491.001570][T11875] __sys_sendmsg+0x170/0x220 [ 491.001608][T11875] ? __pfx___sys_sendmsg+0x10/0x10 [ 491.001665][T11875] do_syscall_64+0xc9/0xf80 [ 491.001698][T11875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.001724][T11875] RIP: 0033:0x7f2e31f9aeb9 [ 491.001744][T11875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 491.001768][T11875] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 491.001791][T11875] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 491.001808][T11875] RDX: 0000000024008880 RSI: 000020000000a5c0 RDI: 0000000000000003 [ 491.001825][T11875] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 491.001840][T11875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.001854][T11875] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 491.001889][T11875] [ 507.085001][T11536] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 507.095972][T11536] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 507.104535][T11536] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 507.114132][T11536] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 507.124148][T11536] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 507.426380][T11886] chnl_net:caif_netlink_parms(): no params data found [ 507.580500][T11886] bridge0: port 1(bridge_slave_0) entered blocking state [ 507.588149][T11886] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.598218][T11886] bridge_slave_0: entered allmulticast mode [ 507.607105][T11886] bridge_slave_0: entered promiscuous mode [ 507.617048][T11886] bridge0: port 2(bridge_slave_1) entered blocking state [ 507.635059][T11886] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.643571][T11886] bridge_slave_1: entered allmulticast mode [ 507.653790][T11886] bridge_slave_1: entered promiscuous mode [ 507.703575][T11886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 507.717799][T11886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 507.770113][T11886] team0: Port device team_slave_0 added [ 507.782091][T11886] team0: Port device team_slave_1 added [ 507.824065][T11886] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 507.831431][T11886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 507.882361][T11886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 507.896019][T11886] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 507.906990][T11886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 507.934694][T11886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 508.002069][T11901] usb usb3: usbfs: process 11901 (syz.1.1420) did not claim interface 0 before use [ 508.024041][T11900] FAULT_INJECTION: forcing a failure. [ 508.024041][T11900] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 508.033808][T11897] block nbd8: shutting down sockets [ 508.062115][T11900] CPU: 1 UID: 0 PID: 11900 Comm: syz.0.1419 Tainted: G L syzkaller #0 PREEMPT(full) [ 508.062167][T11900] Tainted: [L]=SOFTLOCKUP [ 508.062179][T11900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 508.062197][T11900] Call Trace: [ 508.062208][T11900] [ 508.062220][T11900] dump_stack_lvl+0x100/0x190 [ 508.062264][T11900] should_fail_ex.cold+0x5/0xa [ 508.062310][T11900] ? prepare_alloc_pages+0x16d/0x5f0 [ 508.062360][T11900] should_fail_alloc_page+0xeb/0x140 [ 508.062409][T11900] prepare_alloc_pages+0x1f0/0x5f0 [ 508.062464][T11900] __alloc_frozen_pages_noprof+0x193/0x2410 [ 508.062520][T11900] ? find_held_lock+0x2b/0x80 [ 508.062550][T11900] ? is_bpf_text_address+0x8a/0x1a0 [ 508.062578][T11900] ? is_bpf_text_address+0x8a/0x1a0 [ 508.062606][T11900] ? bpf_ksym_find+0x124/0x1c0 [ 508.062644][T11900] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 508.062682][T11900] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 508.062729][T11900] ? is_bpf_text_address+0x94/0x1a0 [ 508.062758][T11900] ? __kernel_text_address+0xd/0x30 [ 508.062807][T11900] ? unwind_get_return_address+0x59/0xa0 [ 508.062865][T11900] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 508.062905][T11900] ? policy_nodemask+0xed/0x4f0 [ 508.062957][T11900] alloc_pages_mpol+0x1fb/0x550 [ 508.063006][T11900] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 508.063048][T11900] ? kasan_save_stack+0x30/0x50 [ 508.063095][T11900] ? __kasan_kmalloc+0xaa/0xb0 [ 508.063133][T11900] ? __get_vm_area_node+0x101/0x330 [ 508.063181][T11900] ? __vmalloc_node_range_noprof+0x213/0x1530 [ 508.063211][T11900] ? __vmalloc_node_noprof+0xad/0xf0 [ 508.063240][T11900] ? copy_process+0x5ec/0x7890 [ 508.063289][T11900] alloc_pages_noprof+0x131/0x390 [ 508.063339][T11900] get_free_pages_noprof+0x10/0xb0 [ 508.063385][T11900] __kasan_populate_vmalloc+0xa0/0x210 [ 508.063435][T11900] alloc_vmap_area+0x935/0x2a00 [ 508.063498][T11900] ? __pfx_alloc_vmap_area+0x10/0x10 [ 508.063559][T11900] __get_vm_area_node+0x1ca/0x330 [ 508.063617][T11900] __vmalloc_node_range_noprof+0x213/0x1530 [ 508.063650][T11900] ? vhost_task_create+0x1db/0x370 [ 508.063712][T11900] ? vhost_task_create+0x1db/0x370 [ 508.063760][T11900] ? rcu_read_unlock+0x17/0x60 [ 508.063807][T11900] ? rcu_read_unlock+0x17/0x60 [ 508.063863][T11900] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 508.063895][T11900] ? __memcg_slab_post_alloc_hook+0x473/0x880 [ 508.063953][T11900] ? rcu_is_watching+0x12/0xc0 [ 508.063986][T11900] ? trace_kmem_cache_alloc+0x80/0xb0 [ 508.064035][T11900] ? vhost_task_create+0x1db/0x370 [ 508.064092][T11900] __vmalloc_node_noprof+0xad/0xf0 [ 508.064124][T11900] ? vhost_task_create+0x1db/0x370 [ 508.064179][T11900] copy_process+0x5ec/0x7890 [ 508.064243][T11900] ? __pfx_copy_process+0x10/0x10 [ 508.064290][T11900] ? lockdep_init_map_type+0x5c/0x250 [ 508.064339][T11900] ? lockdep_init_map_type+0x5c/0x250 [ 508.064385][T11900] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 508.064442][T11900] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 508.064494][T11900] vhost_task_create+0x1db/0x370 [ 508.064545][T11900] ? __pfx_vhost_task_create+0x10/0x10 [ 508.064592][T11900] ? register_lock_class+0x40/0x560 [ 508.064649][T11900] ? __pfx_vhost_task_fn+0x10/0x10 [ 508.064704][T11900] ? __pfx___mutex_lock+0x10/0x10 [ 508.064758][T11900] kvm_mmu_post_init_vm+0x1b3/0x370 [ 508.064803][T11900] kvm_arch_vcpu_ioctl_run+0x66/0x1830 [ 508.064847][T11900] ? kvm_vcpu_ioctl+0x150f/0x16d0 [ 508.064888][T11900] kvm_vcpu_ioctl+0x730/0x16d0 [ 508.064922][T11900] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 508.064955][T11900] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 508.064994][T11900] ? do_vfs_ioctl+0x226/0x13e0 [ 508.065045][T11900] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 508.065117][T11900] ? find_held_lock+0x2b/0x80 [ 508.065147][T11900] ? hook_file_ioctl_common+0x146/0x410 [ 508.065208][T11900] ? __fget_files+0x21f/0x3d0 [ 508.065251][T11900] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 508.065285][T11900] __x64_sys_ioctl+0x18e/0x210 [ 508.065342][T11900] do_syscall_64+0xc9/0xf80 [ 508.065386][T11900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.065420][T11900] RIP: 0033:0x7f2e31f9aeb9 [ 508.065447][T11900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 508.065479][T11900] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 508.065511][T11900] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 508.065532][T11900] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000004 [ 508.065550][T11900] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 508.065569][T11900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.065588][T11900] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 508.065637][T11900] [ 508.066110][T11900] syz.0.1419: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 508.235988][T11886] hsr_slave_0: entered promiscuous mode [ 508.409720][T11900] ,cpuset= [ 508.447626][T11886] hsr_slave_1: entered promiscuous mode [ 508.562019][T11900] / [ 508.621899][T11886] debugfs: 'hsr0' already exists in 'hsr' [ 508.631995][T11886] Cannot create hsr debugfs directory [ 508.671527][T11900] ,mems_allowed=0-1 [ 508.684754][T11900] CPU: 0 UID: 0 PID: 11900 Comm: syz.0.1419 Tainted: G L syzkaller #0 PREEMPT(full) [ 508.684803][T11900] Tainted: [L]=SOFTLOCKUP [ 508.684814][T11900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 508.684834][T11900] Call Trace: [ 508.684844][T11900] [ 508.684856][T11900] dump_stack_lvl+0x100/0x190 [ 508.684901][T11900] warn_alloc.cold+0x95/0x1c1 [ 508.684956][T11900] ? __pfx_warn_alloc+0x10/0x10 [ 508.685028][T11900] ? __get_vm_area_node+0x2c5/0x330 [ 508.685077][T11900] ? __get_vm_area_node+0x208/0x330 [ 508.685143][T11900] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 508.685189][T11900] ? vhost_task_create+0x1db/0x370 [ 508.685241][T11900] ? rcu_read_unlock+0x17/0x60 [ 508.685288][T11900] ? rcu_read_unlock+0x17/0x60 [ 508.685344][T11900] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 508.685377][T11900] ? __memcg_slab_post_alloc_hook+0x473/0x880 [ 508.685436][T11900] ? rcu_is_watching+0x12/0xc0 [ 508.685469][T11900] ? trace_kmem_cache_alloc+0x80/0xb0 [ 508.685521][T11900] ? vhost_task_create+0x1db/0x370 [ 508.685570][T11900] __vmalloc_node_noprof+0xad/0xf0 [ 508.685609][T11900] ? vhost_task_create+0x1db/0x370 [ 508.685665][T11900] copy_process+0x5ec/0x7890 [ 508.685735][T11900] ? __pfx_copy_process+0x10/0x10 [ 508.685786][T11900] ? lockdep_init_map_type+0x5c/0x250 [ 508.685834][T11900] ? lockdep_init_map_type+0x5c/0x250 [ 508.685883][T11900] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 508.685940][T11900] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 508.685992][T11900] vhost_task_create+0x1db/0x370 [ 508.686045][T11900] ? __pfx_vhost_task_create+0x10/0x10 [ 508.686101][T11900] ? register_lock_class+0x40/0x560 [ 508.686156][T11900] ? __pfx_vhost_task_fn+0x10/0x10 [ 508.686213][T11900] ? __pfx___mutex_lock+0x10/0x10 [ 508.686274][T11900] kvm_mmu_post_init_vm+0x1b3/0x370 [ 508.686323][T11900] kvm_arch_vcpu_ioctl_run+0x66/0x1830 [ 508.686436][T11900] ? kvm_vcpu_ioctl+0x150f/0x16d0 [ 508.686484][T11900] kvm_vcpu_ioctl+0x730/0x16d0 [ 508.686520][T11900] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 508.686553][T11900] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 508.686591][T11900] ? do_vfs_ioctl+0x226/0x13e0 [ 508.686644][T11900] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 508.686706][T11900] ? find_held_lock+0x2b/0x80 [ 508.686737][T11900] ? hook_file_ioctl_common+0x146/0x410 [ 508.686796][T11900] ? __fget_files+0x21f/0x3d0 [ 508.686837][T11900] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 508.686870][T11900] __x64_sys_ioctl+0x18e/0x210 [ 508.686927][T11900] do_syscall_64+0xc9/0xf80 [ 508.686968][T11900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 508.687009][T11900] RIP: 0033:0x7f2e31f9aeb9 [ 508.687036][T11900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 508.687070][T11900] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 508.687104][T11900] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 508.687125][T11900] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000004 [ 508.687145][T11900] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 508.687165][T11900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 508.687182][T11900] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 508.687227][T11900] [ 508.687397][T11900] Mem-Info: [ 509.060871][T11900] active_anon:5824 inactive_anon:9518 isolated_anon:0 [ 509.060871][T11900] active_file:20607 inactive_file:38164 isolated_file:0 [ 509.060871][T11900] unevictable:768 dirty:900 writeback:0 [ 509.060871][T11900] slab_reclaimable:14389 slab_unreclaimable:101487 [ 509.060871][T11900] mapped:34554 shmem:1357 pagetables:1339 [ 509.060871][T11900] sec_pagetables:0 bounce:0 [ 509.060871][T11900] kernel_misc_reclaimable:0 [ 509.060871][T11900] free:1286636 free_pcp:11316 free_cma:0 [ 509.108071][T11900] Node 0 active_anon:23296kB inactive_anon:38072kB active_file:82428kB inactive_file:152524kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:138216kB dirty:3600kB writeback:0kB shmem:3896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:32768kB kernel_stack:11732kB pagetables:5240kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 509.145756][T11900] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1532kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:116kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 509.185419][T11900] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 509.221185][T11536] Bluetooth: hci4: command tx timeout [ 509.237372][T11900] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 509.251281][T11900] Node 0 DMA32 free:1236428kB boost:0kB min:34320kB low:42900kB high:51480kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23296kB inactive_anon:38072kB active_file:82428kB inactive_file:152524kB unevictable:1536kB writepending:3600kB zspages:0kB present:3129332kB managed:2539572kB mlocked:0kB bounce:0kB free_pcp:29716kB local_pcp:15440kB free_cma:0kB [ 509.324117][T11900] lowmem_reserve[]: 0 0 1 1 1 [ 509.328984][T11900] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 509.361570][T11900] lowmem_reserve[]: 0 0 0 0 0 [ 509.366612][T11900] Node 1 Normal free:3894308kB boost:0kB min:55560kB low:69448kB high:83336kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:16116kB local_pcp:7972kB free_cma:0kB [ 509.404144][T11900] lowmem_reserve[]: 0 0 0 0 0 [ 509.409100][T11900] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 509.426572][T11900] Node 0 DMA32: 2361*4kB (UME) 2687*8kB (UME) 2124*16kB (UME) 836*32kB (UME) 527*64kB (UME) 330*128kB (UM) 194*256kB (UME) 170*512kB (UME) 115*1024kB (UME) 12*2048kB (UME) 191*4096kB (M) = 1229020kB [ 509.449532][T11900] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 509.463084][T11900] Node 1 Normal: 169*4kB (UME) 50*8kB (UME) 41*16kB (UME) 149*32kB (UME) 47*64kB (UME) 8*128kB (UME) 3*256kB (ME) 4*512kB (UME) 2*1024kB (UM) 4*2048kB (UME) 945*4096kB (UM) = 3894308kB [ 509.527548][T11900] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 509.561201][T11900] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 509.591143][T11900] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 509.656311][T11900] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 509.681620][T11900] 60124 total pagecache pages [ 509.707985][T11900] 0 pages in swap cache [ 509.729888][T11900] Free swap = 124996kB [ 509.740089][T11900] Total swap = 124996kB [ 509.758456][T11900] 2097051 pages RAM [ 509.768660][T11900] 0 pages HighMem/MovableOnly [ 509.785574][T11900] 430196 pages reserved [ 509.806637][T11900] 0 pages cma reserved [ 510.277518][T11886] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 510.317546][T11886] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 510.349406][T11886] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 510.392420][T11886] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 510.433252][T11929] FAULT_INJECTION: forcing a failure. [ 510.433252][T11929] name failslab, interval 1, probability 0, space 0, times 0 [ 510.458845][T11929] CPU: 1 UID: 0 PID: 11929 Comm: syz.1.1430 Tainted: G L syzkaller #0 PREEMPT(full) [ 510.458904][T11929] Tainted: [L]=SOFTLOCKUP [ 510.458914][T11929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 510.458933][T11929] Call Trace: [ 510.458943][T11929] [ 510.458954][T11929] dump_stack_lvl+0x100/0x190 [ 510.458998][T11929] should_fail_ex.cold+0x5/0xa [ 510.459051][T11929] should_failslab+0xc2/0x120 [ 510.459097][T11929] ? tomoyo_realpath_from_path+0xb6/0x690 [ 510.459130][T11929] __kmalloc_noprof+0xf6/0x9c0 [ 510.459175][T11929] ? tomoyo_realpath_from_path+0xb6/0x690 [ 510.459208][T11929] tomoyo_realpath_from_path+0xb6/0x690 [ 510.459251][T11929] tomoyo_path_number_perm+0x23c/0x580 [ 510.459298][T11929] ? tomoyo_path_number_perm+0x22e/0x580 [ 510.459348][T11929] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 510.459444][T11929] ? find_held_lock+0x2b/0x80 [ 510.459476][T11929] ? hook_file_ioctl_common+0x146/0x410 [ 510.459524][T11929] ? __fget_files+0x215/0x3d0 [ 510.459567][T11929] ? __fget_files+0x21f/0x3d0 [ 510.459610][T11929] security_file_ioctl+0xd3/0x230 [ 510.459658][T11929] __x64_sys_ioctl+0xb7/0x210 [ 510.459718][T11929] do_syscall_64+0xc9/0xf80 [ 510.459761][T11929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 510.459794][T11929] RIP: 0033:0x7f387239aeb9 [ 510.459819][T11929] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 510.459850][T11929] RSP: 002b:00007f3873321028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 510.459888][T11929] RAX: ffffffffffffffda RBX: 00007f3872615fa0 RCX: 00007f387239aeb9 [ 510.459909][T11929] RDX: 0000000000000000 RSI: 00000000000007af RDI: 0000000000000003 [ 510.459928][T11929] RBP: 00007f3873321090 R08: 0000000000000000 R09: 0000000000000000 [ 510.459946][T11929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 510.459964][T11929] R13: 00007f3872616038 R14: 00007f3872615fa0 R15: 00007fffdb558f58 [ 510.460005][T11929] [ 510.460039][T11929] ERROR: Out of memory at tomoyo_realpath_from_path. [ 510.815979][T11937] NFSD: Failed to start, no listeners configured. [ 510.895125][T11886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 510.937521][T11886] 8021q: adding VLAN 0 to HW filter on device team0 [ 510.957561][T11543] bridge0: port 1(bridge_slave_0) entered blocking state [ 510.964863][T11543] bridge0: port 1(bridge_slave_0) entered forwarding state [ 511.008541][T11543] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.018951][T11543] bridge0: port 2(bridge_slave_1) entered forwarding state [ 511.303407][T11536] Bluetooth: hci4: command tx timeout [ 511.442125][T11953] FAULT_INJECTION: forcing a failure. [ 511.442125][T11953] name failslab, interval 1, probability 0, space 0, times 0 [ 511.470433][T11946] Invalid ELF header magic: != ELF [ 511.523376][T11953] CPU: 0 UID: 0 PID: 11953 Comm: syz.0.1436 Tainted: G L syzkaller #0 PREEMPT(full) [ 511.523427][T11953] Tainted: [L]=SOFTLOCKUP [ 511.523437][T11953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 511.523456][T11953] Call Trace: [ 511.523466][T11953] [ 511.523477][T11953] dump_stack_lvl+0x100/0x190 [ 511.523520][T11953] should_fail_ex.cold+0x5/0xa [ 511.523572][T11953] should_failslab+0xc2/0x120 [ 511.523613][T11953] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 511.523652][T11953] __kmalloc_noprof+0xf6/0x9c0 [ 511.523685][T11953] ? kasan_quarantine_put+0x104/0x240 [ 511.523721][T11953] ? lockdep_hardirqs_on+0x78/0x100 [ 511.523767][T11953] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 511.523803][T11953] genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 511.523849][T11953] genl_family_rcv_msg_doit+0xc7/0x300 [ 511.523889][T11953] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 511.523923][T11953] ? genl_get_cmd+0x3ef/0x720 [ 511.523962][T11953] ? bpf_lsm_capable+0x9/0x10 [ 511.523988][T11953] ? security_capable+0x80/0x260 [ 511.524034][T11953] genl_rcv_msg+0x560/0x800 [ 511.524071][T11953] ? __pfx_genl_rcv_msg+0x10/0x10 [ 511.524113][T11953] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 511.524146][T11953] ? __pfx_nl80211_req_set_reg+0x10/0x10 [ 511.524189][T11953] ? __pfx_nl80211_post_doit+0x10/0x10 [ 511.524237][T11953] netlink_rcv_skb+0x159/0x420 [ 511.524262][T11953] ? __pfx_genl_rcv_msg+0x10/0x10 [ 511.524295][T11953] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 511.524336][T11953] ? netlink_deliver_tap+0x1ae/0xcc0 [ 511.524385][T11953] genl_rcv+0x28/0x40 [ 511.524411][T11953] netlink_unicast+0x5aa/0x870 [ 511.524464][T11953] ? __pfx_netlink_unicast+0x10/0x10 [ 511.524529][T11953] netlink_sendmsg+0x8b0/0xda0 [ 511.524585][T11953] ? __pfx_netlink_sendmsg+0x10/0x10 [ 511.524634][T11953] ? __import_iovec+0x1d2/0x640 [ 511.524690][T11953] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 511.524740][T11953] ____sys_sendmsg+0xa54/0xc30 [ 511.524782][T11953] ? __pfx_____sys_sendmsg+0x10/0x10 [ 511.524834][T11953] ___sys_sendmsg+0x190/0x1e0 [ 511.524874][T11953] ? __pfx____sys_sendmsg+0x10/0x10 [ 511.524931][T11953] ? find_held_lock+0x2b/0x80 [ 511.524991][T11953] __sys_sendmsg+0x170/0x220 [ 511.525039][T11953] ? __pfx___sys_sendmsg+0x10/0x10 [ 511.525122][T11953] do_syscall_64+0xc9/0xf80 [ 511.525167][T11953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 511.525226][T11953] RIP: 0033:0x7f2e31f9aeb9 [ 511.525252][T11953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 511.525285][T11953] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 511.525317][T11953] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 511.525337][T11953] RDX: 0000000024008880 RSI: 000020000000a5c0 RDI: 0000000000000003 [ 511.525362][T11953] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 511.525381][T11953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 511.525400][T11953] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 511.525442][T11953] [ 511.645501][T11886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 512.267038][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 512.275027][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.524355][T11886] veth0_vlan: entered promiscuous mode [ 512.561249][T11886] veth1_vlan: entered promiscuous mode [ 512.651666][T11886] veth0_macvtap: entered promiscuous mode [ 512.685120][T11886] veth1_macvtap: entered promiscuous mode [ 512.735905][T11979] NFSD: Failed to start, no listeners configured. [ 512.749208][T11886] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 512.788704][T11886] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 512.807557][T11723] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.849927][T11723] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.865814][T11723] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 512.938097][T11553] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 513.069095][T11593] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.092135][T11593] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.236262][T11553] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 513.250979][T11553] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 513.383341][T11536] Bluetooth: hci4: command tx timeout [ 513.636583][ T30] audit: type=1806 audit(1770462844.915:16): xattr="." res=0 [ 513.737434][T12003] FAULT_INJECTION: forcing a failure. [ 513.737434][T12003] name failslab, interval 1, probability 0, space 0, times 0 [ 513.797225][T12003] CPU: 0 UID: 0 PID: 12003 Comm: syz.0.1448 Tainted: G L syzkaller #0 PREEMPT(full) [ 513.797263][T12003] Tainted: [L]=SOFTLOCKUP [ 513.797272][T12003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 513.797285][T12003] Call Trace: [ 513.797293][T12003] [ 513.797301][T12003] dump_stack_lvl+0x100/0x190 [ 513.797334][T12003] should_fail_ex.cold+0x5/0xa [ 513.797374][T12003] should_failslab+0xc2/0x120 [ 513.797408][T12003] ? tomoyo_encode2+0xfb/0x3c0 [ 513.797430][T12003] __kmalloc_noprof+0xf6/0x9c0 [ 513.797462][T12003] ? tomoyo_encode2+0xfb/0x3c0 [ 513.797483][T12003] tomoyo_encode2+0xfb/0x3c0 [ 513.797510][T12003] tomoyo_encode+0x29/0x50 [ 513.797531][T12003] tomoyo_realpath_from_path+0x18c/0x690 [ 513.797563][T12003] tomoyo_path_number_perm+0x23c/0x580 [ 513.797598][T12003] ? tomoyo_path_number_perm+0x22e/0x580 [ 513.797635][T12003] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 513.797706][T12003] ? find_held_lock+0x2b/0x80 [ 513.797729][T12003] ? hook_file_ioctl_common+0x146/0x410 [ 513.797765][T12003] ? __fget_files+0x215/0x3d0 [ 513.797797][T12003] ? __fget_files+0x21f/0x3d0 [ 513.797827][T12003] security_file_ioctl+0xd3/0x230 [ 513.797865][T12003] __x64_sys_ioctl+0xb7/0x210 [ 513.797906][T12003] do_syscall_64+0xc9/0xf80 [ 513.797938][T12003] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.797962][T12003] RIP: 0033:0x7f2e31f9aeb9 [ 513.797980][T12003] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.798003][T12003] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 513.798025][T12003] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 513.798041][T12003] RDX: 0000000000000000 RSI: 00000000000007af RDI: 0000000000000003 [ 513.798054][T12003] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 513.798068][T12003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 513.798082][T12003] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 513.798112][T12003] [ 513.798131][T12003] ERROR: Out of memory at tomoyo_realpath_from_path. [ 514.060553][T12005] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1418'. [ 515.020091][T12021] NFSD: Failed to start, no listeners configured. [ 515.197136][T12027] FAULT_INJECTION: forcing a failure. [ 515.197136][T12027] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 515.232823][T12027] CPU: 0 UID: 0 PID: 12027 Comm: syz.1.1456 Tainted: G L syzkaller #0 PREEMPT(full) [ 515.232895][T12027] Tainted: [L]=SOFTLOCKUP [ 515.232910][T12027] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 515.232930][T12027] Call Trace: [ 515.232940][T12027] [ 515.232952][T12027] dump_stack_lvl+0x100/0x190 [ 515.232995][T12027] should_fail_ex.cold+0x5/0xa [ 515.233048][T12027] _copy_to_user+0x32/0xd0 [ 515.233101][T12027] simple_read_from_buffer+0xcb/0x170 [ 515.233138][T12027] proc_fail_nth_read+0x1af/0x230 [ 515.233177][T12027] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 515.233218][T12027] ? rw_verify_area+0xce/0x6d0 [ 515.233248][T12027] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 515.233287][T12027] vfs_read+0x1e4/0xb30 [ 515.233328][T12027] ? __pfx_vfs_read+0x10/0x10 [ 515.233365][T12027] ? find_held_lock+0x2b/0x80 [ 515.233397][T12027] ? __fget_files+0x215/0x3d0 [ 515.233439][T12027] ? __fget_files+0x21f/0x3d0 [ 515.233485][T12027] ksys_read+0x12a/0x250 [ 515.233520][T12027] ? __pfx_ksys_read+0x10/0x10 [ 515.233568][T12027] do_syscall_64+0xc9/0xf80 [ 515.233612][T12027] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 515.233644][T12027] RIP: 0033:0x7f387235b78e [ 515.233669][T12027] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 515.233701][T12027] RSP: 002b:00007f3873320fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 515.233731][T12027] RAX: ffffffffffffffda RBX: 00007f38733216c0 RCX: 00007f387235b78e [ 515.233752][T12027] RDX: 000000000000000f RSI: 00007f38733210a0 RDI: 0000000000000004 [ 515.233771][T12027] RBP: 00007f3873321090 R08: 0000000000000000 R09: 0000000000000000 [ 515.233790][T12027] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 515.233818][T12027] R13: 00007f3872616038 R14: 00007f3872615fa0 R15: 00007fffdb558f58 [ 515.233862][T12027] [ 515.461790][T11536] Bluetooth: hci4: command tx timeout [ 529.192880][T11888] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 529.207455][T11888] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 529.217895][T11888] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 529.228760][T11888] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 529.237483][T11888] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 529.273278][T11888] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 529.285309][T11888] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 529.294955][T11888] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 529.306623][T11888] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 529.316560][T11888] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 529.700202][T12061] chnl_net:caif_netlink_parms(): no params data found [ 529.717915][T12063] Bluetooth: hci3: command 0x0406 tx timeout [ 529.865184][T12062] chnl_net:caif_netlink_parms(): no params data found [ 530.067534][T12082] FAULT_INJECTION: forcing a failure. [ 530.067534][T12082] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 530.080937][T12082] CPU: 0 UID: 0 PID: 12082 Comm: syz.0.1469 Tainted: G L syzkaller #0 PREEMPT(full) [ 530.080995][T12082] Tainted: [L]=SOFTLOCKUP [ 530.081006][T12082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 530.081024][T12082] Call Trace: [ 530.081034][T12082] [ 530.081045][T12082] dump_stack_lvl+0x100/0x190 [ 530.081089][T12082] should_fail_ex.cold+0x5/0xa [ 530.081140][T12082] _copy_from_user+0x2e/0xd0 [ 530.081189][T12082] vmci_host_unlocked_ioctl+0x1284/0x2070 [ 530.081232][T12082] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 530.081273][T12082] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 530.081322][T12082] ? do_vfs_ioctl+0x226/0x13e0 [ 530.081374][T12082] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 530.081438][T12082] ? find_held_lock+0x2b/0x80 [ 530.081470][T12082] ? hook_file_ioctl_common+0x146/0x410 [ 530.081527][T12082] ? __fget_files+0x21f/0x3d0 [ 530.081569][T12082] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 530.081612][T12082] __x64_sys_ioctl+0x18e/0x210 [ 530.081665][T12082] do_syscall_64+0xc9/0xf80 [ 530.081709][T12082] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 530.081741][T12082] RIP: 0033:0x7f2e31f9aeb9 [ 530.081766][T12082] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 530.081799][T12082] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 530.081829][T12082] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 530.081849][T12082] RDX: 0000000000000000 RSI: 00000000000007af RDI: 0000000000000003 [ 530.081868][T12082] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 530.081886][T12082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 530.081905][T12082] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 530.081947][T12082] [ 530.089834][T12061] bridge0: port 1(bridge_slave_0) entered blocking state [ 530.281142][T12061] bridge0: port 1(bridge_slave_0) entered disabled state [ 530.288464][T12061] bridge_slave_0: entered allmulticast mode [ 530.344612][T12061] bridge_slave_0: entered promiscuous mode [ 530.382984][T12062] bridge0: port 1(bridge_slave_0) entered blocking state [ 530.412423][T12062] bridge0: port 1(bridge_slave_0) entered disabled state [ 530.419775][T12062] bridge_slave_0: entered allmulticast mode [ 530.443643][T12062] bridge_slave_0: entered promiscuous mode [ 530.462368][T12061] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.469758][T12061] bridge0: port 2(bridge_slave_1) entered disabled state [ 530.491775][T12061] bridge_slave_1: entered allmulticast mode [ 530.510227][T12061] bridge_slave_1: entered promiscuous mode [ 530.522826][T12062] bridge0: port 2(bridge_slave_1) entered blocking state [ 530.530136][T12062] bridge0: port 2(bridge_slave_1) entered disabled state [ 530.551444][T12062] bridge_slave_1: entered allmulticast mode [ 530.559511][T12062] bridge_slave_1: entered promiscuous mode [ 530.714446][T12061] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 530.749560][T12062] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 530.802900][T12062] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 530.829642][T12061] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 530.964187][T12062] team0: Port device team_slave_0 added [ 531.031908][T12062] team0: Port device team_slave_1 added [ 531.047404][T12061] team0: Port device team_slave_0 added [ 531.080826][T12061] team0: Port device team_slave_1 added [ 531.142200][T12062] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 531.151812][T12062] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 531.191137][T12062] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 531.214392][T12062] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 531.231161][T12062] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 531.293673][T12062] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 531.322892][T11536] Bluetooth: hci5: command tx timeout [ 531.381104][T11536] Bluetooth: hci6: command tx timeout [ 531.504205][T12061] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 531.517802][T12061] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 531.555425][T12061] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 531.708790][T12061] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 531.731424][T12061] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 531.758149][T12061] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 531.857760][T12062] hsr_slave_0: entered promiscuous mode [ 531.878407][T12062] hsr_slave_1: entered promiscuous mode [ 531.893744][T12062] debugfs: 'hsr0' already exists in 'hsr' [ 531.936692][T12062] Cannot create hsr debugfs directory [ 532.100248][T12061] hsr_slave_0: entered promiscuous mode [ 532.110106][T12061] hsr_slave_1: entered promiscuous mode [ 532.117656][T12061] debugfs: 'hsr0' already exists in 'hsr' [ 532.124109][T12061] Cannot create hsr debugfs directory [ 532.922493][T12062] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 532.938727][T12062] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 532.953121][T12062] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 532.966563][T12062] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 533.157108][T12061] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 533.182544][T12061] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 533.204608][T12061] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 533.241140][T12061] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 533.382391][T11536] Bluetooth: hci5: command tx timeout [ 533.425431][T12062] 8021q: adding VLAN 0 to HW filter on device bond0 [ 533.462235][T12063] Bluetooth: hci6: command tx timeout [ 533.488541][T12062] 8021q: adding VLAN 0 to HW filter on device team0 [ 533.519701][T12105] bridge0: port 1(bridge_slave_0) entered blocking state [ 533.527320][T12105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 533.568461][T12105] bridge0: port 2(bridge_slave_1) entered blocking state [ 533.575930][T12105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 533.669797][T12061] 8021q: adding VLAN 0 to HW filter on device bond0 [ 533.730646][T12061] 8021q: adding VLAN 0 to HW filter on device team0 [ 533.773613][T11553] bridge0: port 1(bridge_slave_0) entered blocking state [ 533.781775][T11553] bridge0: port 1(bridge_slave_0) entered forwarding state [ 533.848842][T11553] bridge0: port 2(bridge_slave_1) entered blocking state [ 533.856321][T11553] bridge0: port 2(bridge_slave_1) entered forwarding state [ 534.405576][T12062] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 534.590278][T12061] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 535.428103][T12062] veth0_vlan: entered promiscuous mode [ 535.461685][T12063] Bluetooth: hci5: command tx timeout [ 535.474143][T12062] veth1_vlan: entered promiscuous mode [ 535.547109][T12063] Bluetooth: hci6: command tx timeout [ 535.569979][T12061] veth0_vlan: entered promiscuous mode [ 535.589027][T12061] veth1_vlan: entered promiscuous mode [ 535.648731][T12062] veth0_macvtap: entered promiscuous mode [ 535.687740][T12062] veth1_macvtap: entered promiscuous mode [ 535.766868][T12061] veth0_macvtap: entered promiscuous mode [ 535.788742][T12062] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 535.832560][T12062] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 535.864249][T12061] veth1_macvtap: entered promiscuous mode [ 535.908809][T11543] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.918953][T11543] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 535.969313][T11543] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 536.007856][T11543] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 536.074037][T12061] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 536.137270][T12061] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 536.213388][T11553] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 536.241436][T11553] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 536.276931][T11543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.293298][T11553] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 536.332240][T11543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.361673][T11553] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 536.485203][T11723] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.503838][T11723] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.523475][T11553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.551139][T11553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 536.636345][T11532] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 536.659841][T11532] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 537.056473][T12160] NFSD: Failed to start, no listeners configured. [ 537.379201][T12170] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1487'. [ 537.404798][T12173] FAULT_INJECTION: forcing a failure. [ 537.404798][T12173] name failslab, interval 1, probability 0, space 0, times 0 [ 537.440760][T12171] netlink: 338 bytes leftover after parsing attributes in process `syz.0.1487'. [ 537.440788][T12173] CPU: 1 UID: 0 PID: 12173 Comm: syz.1.1488 Tainted: G L syzkaller #0 PREEMPT(full) [ 537.440884][T12173] Tainted: [L]=SOFTLOCKUP [ 537.440925][T12173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 537.440981][T12173] Call Trace: [ 537.440992][T12173] [ 537.441033][T12173] dump_stack_lvl+0x100/0x190 [ 537.441156][T12173] should_fail_ex.cold+0x5/0xa [ 537.441278][T12173] should_failslab+0xc2/0x120 [ 537.441394][T12173] __kmalloc_cache_noprof+0x80/0x810 [ 537.441481][T12173] ? vmci_ctx_get+0x17e/0x300 [ 537.441589][T12173] ? vmci_ctx_add_notification+0x15b/0x670 [ 537.441744][T12173] ? vmci_ctx_add_notification+0x15b/0x670 [ 537.441864][T12173] vmci_ctx_add_notification+0x15b/0x670 [ 537.442002][T12173] vmci_host_unlocked_ioctl+0x1303/0x2070 [ 537.442107][T12173] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 537.442205][T12173] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 537.442308][T12173] ? do_vfs_ioctl+0x226/0x13e0 [ 537.442476][T12173] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 537.442634][T12173] ? find_held_lock+0x2b/0x80 [ 537.442732][T12173] ? hook_file_ioctl_common+0x146/0x410 [ 537.442872][T12173] ? __fget_files+0x21f/0x3d0 [ 537.442974][T12173] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 537.443079][T12173] __x64_sys_ioctl+0x18e/0x210 [ 537.443220][T12173] do_syscall_64+0xc9/0xf80 [ 537.443335][T12173] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 537.443423][T12173] RIP: 0033:0x7f387239aeb9 [ 537.443488][T12173] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 537.443565][T12173] RSP: 002b:00007f3873321028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 537.443628][T12173] RAX: ffffffffffffffda RBX: 00007f3872615fa0 RCX: 00007f387239aeb9 [ 537.443683][T12173] RDX: 0000000000000000 RSI: 00000000000007af RDI: 0000000000000003 [ 537.443758][T12173] RBP: 00007f3873321090 R08: 0000000000000000 R09: 0000000000000000 [ 537.443825][T12173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 537.443876][T12173] R13: 00007f3872616038 R14: 00007f3872615fa0 R15: 00007fffdb558f58 [ 537.443976][T12173] [ 537.686612][T12063] Bluetooth: hci5: command tx timeout [ 537.686680][T12063] Bluetooth: hci6: command tx timeout [ 537.731266][T12170] netlink: 210 bytes leftover after parsing attributes in process `syz.0.1487'. [ 538.097905][T12186] Debayer A: ================= START STATUS ================= [ 538.117018][T12186] Debayer A: Debayer Mean Window Size: 3 [ 538.143016][T12186] Debayer A: ================== END STATUS ================== [ 538.751963][T12199] FAULT_INJECTION: forcing a failure. [ 538.751963][T12199] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 538.797438][T12199] CPU: 1 UID: 0 PID: 12199 Comm: syz.1.1499 Tainted: G L syzkaller #0 PREEMPT(full) [ 538.797486][T12199] Tainted: [L]=SOFTLOCKUP [ 538.797495][T12199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 538.797513][T12199] Call Trace: [ 538.797522][T12199] [ 538.797533][T12199] dump_stack_lvl+0x100/0x190 [ 538.797575][T12199] should_fail_ex.cold+0x5/0xa [ 538.797629][T12199] _copy_from_user+0x2e/0xd0 [ 538.797676][T12199] __sys_bpf+0x243/0x5050 [ 538.797717][T12199] ? __pfx___sys_bpf+0x10/0x10 [ 538.797748][T12199] ? proc_fail_nth_write+0x9f/0x220 [ 538.797784][T12199] ? find_held_lock+0x2b/0x80 [ 538.797822][T12199] ? find_held_lock+0x2b/0x80 [ 538.797849][T12199] ? ksys_write+0x190/0x250 [ 538.797893][T12199] ? __mutex_unlock_slowpath+0x15c/0x790 [ 538.797953][T12199] ? fput+0x79/0x100 [ 538.797992][T12199] ? ksys_write+0x1ac/0x250 [ 538.798025][T12199] ? __pfx_ksys_write+0x10/0x10 [ 538.798065][T12199] __x64_sys_bpf+0x7b/0xc0 [ 538.798100][T12199] ? lockdep_hardirqs_on+0x78/0x100 [ 538.798136][T12199] do_syscall_64+0xc9/0xf80 [ 538.798176][T12199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.798206][T12199] RIP: 0033:0x7f387239aeb9 [ 538.798229][T12199] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 538.798258][T12199] RSP: 002b:00007f3873321028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 538.798287][T12199] RAX: ffffffffffffffda RBX: 00007f3872615fa0 RCX: 00007f387239aeb9 [ 538.798307][T12199] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000000 [ 538.798325][T12199] RBP: 00007f3873321090 R08: 0000000000000000 R09: 0000000000000000 [ 538.798342][T12199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 538.798359][T12199] R13: 00007f3872616038 R14: 00007f3872615fa0 R15: 00007fffdb558f58 [ 538.798397][T12199] [ 541.946202][T12244] FAULT_INJECTION: forcing a failure. [ 541.946202][T12244] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 541.975835][T12244] CPU: 0 UID: 0 PID: 12244 Comm: syz.6.1514 Tainted: G L syzkaller #0 PREEMPT(full) [ 541.975884][T12244] Tainted: [L]=SOFTLOCKUP [ 541.975895][T12244] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 541.975912][T12244] Call Trace: [ 541.975922][T12244] [ 541.975932][T12244] dump_stack_lvl+0x100/0x190 [ 541.975975][T12244] should_fail_ex.cold+0x5/0xa [ 541.976028][T12244] _copy_to_user+0x32/0xd0 [ 541.976078][T12244] simple_read_from_buffer+0xcb/0x170 [ 541.976112][T12244] proc_fail_nth_read+0x1af/0x230 [ 541.976152][T12244] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 541.976199][T12244] ? rw_verify_area+0xce/0x6d0 [ 541.976230][T12244] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 541.976266][T12244] vfs_read+0x1e4/0xb30 [ 541.976314][T12244] ? __pfx_vfs_read+0x10/0x10 [ 541.976348][T12244] ? find_held_lock+0x2b/0x80 [ 541.976381][T12244] ? __fget_files+0x215/0x3d0 [ 541.976425][T12244] ? __fget_files+0x21f/0x3d0 [ 541.976469][T12244] ksys_read+0x12a/0x250 [ 541.976511][T12244] ? __pfx_ksys_read+0x10/0x10 [ 541.976547][T12244] ? fput+0x79/0x100 [ 541.976593][T12244] do_syscall_64+0xc9/0xf80 [ 541.976634][T12244] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.976666][T12244] RIP: 0033:0x7fb96375b78e [ 541.976692][T12244] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 541.976724][T12244] RSP: 002b:00007fb964634fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 541.976755][T12244] RAX: ffffffffffffffda RBX: 00007fb9646356c0 RCX: 00007fb96375b78e [ 541.976776][T12244] RDX: 000000000000000f RSI: 00007fb9646350a0 RDI: 0000000000000005 [ 541.976797][T12244] RBP: 00007fb964635090 R08: 0000000000000000 R09: 0000000000000000 [ 541.976816][T12244] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.976834][T12244] R13: 00007fb963a16038 R14: 00007fb963a15fa0 R15: 00007ffeef241c28 [ 541.976877][T12244] [ 547.136869][T11536] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 547.144679][T11536] Bluetooth: hci5: Invalid handle: 0x3a4a > 0x0eff [ 548.063683][T12375] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1557'. [ 549.827534][T12411] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1568'. [ 550.269599][T12411] bond0: (slave bond_slave_0): Releasing backup interface [ 550.692515][T12429] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 552.571191][T12436] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1576'. [ 553.024924][T12468] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1582'. [ 553.327246][T12468] bond0: (slave bond_slave_0): Releasing backup interface [ 554.355322][T12497] netlink: 342 bytes leftover after parsing attributes in process `syz.6.1590'. [ 555.882452][T12521] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1596'. [ 556.247958][T12521] bond0: (slave bond_slave_0): Releasing backup interface [ 558.698673][T12569] program syz.6.1610 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 559.286430][T12578] netlink: 24 bytes leftover after parsing attributes in process `syz.6.1615'. [ 559.368140][T12583] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1612'. [ 559.671642][T12583] bond0: (slave bond_slave_0): Releasing backup interface [ 560.162326][T12601] program syz.1.1620 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 562.391410][T12638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1630'. [ 562.712263][T12653] program syz.0.1634 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 563.269854][T12663] FAULT_INJECTION: forcing a failure. [ 563.269854][T12663] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 563.351126][T12663] CPU: 0 UID: 0 PID: 12663 Comm: syz.1.1638 Tainted: G L syzkaller #0 PREEMPT(full) [ 563.351176][T12663] Tainted: [L]=SOFTLOCKUP [ 563.351187][T12663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 563.351206][T12663] Call Trace: [ 563.351215][T12663] [ 563.351226][T12663] dump_stack_lvl+0x100/0x190 [ 563.351270][T12663] should_fail_ex.cold+0x5/0xa [ 563.351322][T12663] _copy_from_user+0x2e/0xd0 [ 563.351378][T12663] get_timespec64+0x8b/0x1b0 [ 563.351419][T12663] ? __pfx_get_timespec64+0x10/0x10 [ 563.351457][T12663] ? ktime_get+0x200/0x300 [ 563.351505][T12663] __x64_sys_futex+0x21a/0x4d0 [ 563.351556][T12663] ? __pfx___x64_sys_futex+0x10/0x10 [ 563.351601][T12663] ? xfd_validate_state+0x129/0x190 [ 563.351677][T12663] do_syscall_64+0xc9/0xf80 [ 563.351720][T12663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 563.351753][T12663] RIP: 0033:0x7f387239aeb9 [ 563.351778][T12663] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 563.351809][T12663] RSP: 002b:00007fffdb5590b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 563.351839][T12663] RAX: ffffffffffffffda RBX: 0000000000089808 RCX: 00007f387239aeb9 [ 563.351859][T12663] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f387261609c [ 563.351877][T12663] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 563.351895][T12663] R10: 00007fffdb5591c0 R11: 0000000000000246 R12: 00007fffdb5591e0 [ 563.351914][T12663] R13: 00007f387261609c R14: 000000000008983a R15: 00007fffdb5591c0 [ 563.351955][T12663] [ 564.080293][T12680] binder: 12679:12680 ioctl c0585604 38 returned -22 [ 564.179992][T12680] random: crng reseeded on system resumption [ 564.220099][T12682] FAULT_INJECTION: forcing a failure. [ 564.220099][T12682] name failslab, interval 1, probability 0, space 0, times 0 [ 564.278482][T12682] CPU: 0 UID: 0 PID: 12682 Comm: syz.6.1644 Tainted: G L syzkaller #0 PREEMPT(full) [ 564.278541][T12682] Tainted: [L]=SOFTLOCKUP [ 564.278552][T12682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 564.278571][T12682] Call Trace: [ 564.278582][T12682] [ 564.278594][T12682] dump_stack_lvl+0x100/0x190 [ 564.278636][T12682] should_fail_ex.cold+0x5/0xa [ 564.278689][T12682] should_failslab+0xc2/0x120 [ 564.278741][T12682] ? tomoyo_realpath_from_path+0xb6/0x690 [ 564.278774][T12682] __kmalloc_noprof+0xf6/0x9c0 [ 564.278824][T12682] ? tomoyo_realpath_from_path+0xb6/0x690 [ 564.278855][T12682] tomoyo_realpath_from_path+0xb6/0x690 [ 564.278897][T12682] tomoyo_path_number_perm+0x23c/0x580 [ 564.278944][T12682] ? tomoyo_path_number_perm+0x22e/0x580 [ 564.278995][T12682] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 564.279084][T12682] ? find_held_lock+0x2b/0x80 [ 564.279116][T12682] ? hook_file_ioctl_common+0x146/0x410 [ 564.279159][T12682] ? __fget_files+0x215/0x3d0 [ 564.279198][T12682] ? __fget_files+0x21f/0x3d0 [ 564.279234][T12682] security_file_ioctl+0xd3/0x230 [ 564.279279][T12682] __x64_sys_ioctl+0xb7/0x210 [ 564.279327][T12682] do_syscall_64+0xc9/0xf80 [ 564.279365][T12682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 564.279394][T12682] RIP: 0033:0x7fb96379aeb9 [ 564.279420][T12682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 564.279449][T12682] RSP: 002b:00007fb964635028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 564.279479][T12682] RAX: ffffffffffffffda RBX: 00007fb963a15fa0 RCX: 00007fb96379aeb9 [ 564.279499][T12682] RDX: 0000000000000000 RSI: 00000000000007af RDI: 0000000000000003 [ 564.279519][T12682] RBP: 00007fb964635090 R08: 0000000000000000 R09: 0000000000000000 [ 564.279537][T12682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 564.279555][T12682] R13: 00007fb963a16038 R14: 00007fb963a15fa0 R15: 00007ffeef241c28 [ 564.279599][T12682] [ 564.279611][T12682] ERROR: Out of memory at tomoyo_realpath_from_path. [ 564.690809][T12687] netlink: 326 bytes leftover after parsing attributes in process `syz.0.1654'. [ 564.729515][T12689] program syz.5.1646 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 564.798203][T12691] vhci_hcd vhci_hcd.2: Wrong hub descriptor type for USB 3.0 roothub. [ 565.364194][T12706] FAULT_INJECTION: forcing a failure. [ 565.364194][T12706] name failslab, interval 1, probability 0, space 0, times 0 [ 565.378491][T12706] CPU: 1 UID: 0 PID: 12706 Comm: syz.5.1650 Tainted: G L syzkaller #0 PREEMPT(full) [ 565.378545][T12706] Tainted: [L]=SOFTLOCKUP [ 565.378554][T12706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 565.378569][T12706] Call Trace: [ 565.378576][T12706] [ 565.378586][T12706] dump_stack_lvl+0x100/0x190 [ 565.378620][T12706] should_fail_ex.cold+0x5/0xa [ 565.378663][T12706] should_failslab+0xc2/0x120 [ 565.378700][T12706] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 565.378737][T12706] ? proc_alloc_inode+0x25/0x200 [ 565.378812][T12706] ? __pfx_proc_alloc_inode+0x10/0x10 [ 565.378857][T12706] ? proc_alloc_inode+0x25/0x200 [ 565.378908][T12706] proc_alloc_inode+0x25/0x200 [ 565.378944][T12706] alloc_inode+0x68/0x250 [ 565.378982][T12706] new_inode+0x22/0x1c0 [ 565.379017][T12706] ? proc_sys_lookup+0x266/0x430 [ 565.379058][T12706] proc_sys_make_inode+0x47/0x5c0 [ 565.379098][T12706] proc_sys_lookup+0x307/0x430 [ 565.379137][T12706] ? __pfx_proc_sys_lookup+0x10/0x10 [ 565.379178][T12706] ? lockdep_init_map_type+0x5c/0x250 [ 565.379215][T12706] ? lockdep_init_map_type+0x5c/0x250 [ 565.379255][T12706] __lookup_slow+0x251/0x460 [ 565.379294][T12706] ? __pfx___lookup_slow+0x10/0x10 [ 565.379348][T12706] ? __d_lookup+0x266/0x4a0 [ 565.379376][T12706] lookup_slow+0x50/0x70 [ 565.379419][T12706] link_path_walk+0x1377/0x1cc0 [ 565.379456][T12706] path_openat+0x1be/0x3120 [ 565.379484][T12706] ? getname_flags+0x93/0xf0 [ 565.379512][T12706] ? do_sys_openat2+0xc5/0x220 [ 565.379549][T12706] ? __x64_sys_openat+0x12d/0x210 [ 565.379588][T12706] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.379621][T12706] ? __pfx_path_openat+0x10/0x10 [ 565.379664][T12706] do_filp_open+0x1f7/0x420 [ 565.379698][T12706] ? __pfx_do_filp_open+0x10/0x10 [ 565.379749][T12706] ? _raw_spin_unlock+0x28/0x50 [ 565.379774][T12706] ? alloc_fd+0x476/0x790 [ 565.379811][T12706] do_sys_openat2+0x12e/0x220 [ 565.379850][T12706] ? __pfx_do_sys_openat2+0x10/0x10 [ 565.379901][T12706] __x64_sys_openat+0x12d/0x210 [ 565.379941][T12706] ? __pfx___x64_sys_openat+0x10/0x10 [ 565.379980][T12706] ? xfd_validate_state+0x129/0x190 [ 565.380031][T12706] do_syscall_64+0xc9/0xf80 [ 565.380069][T12706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.380094][T12706] RIP: 0033:0x7f6862f9aeb9 [ 565.380114][T12706] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 565.380139][T12706] RSP: 002b:00007f6863e87028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 565.380163][T12706] RAX: ffffffffffffffda RBX: 00007f6863215fa0 RCX: 00007f6862f9aeb9 [ 565.380180][T12706] RDX: 0000000000000202 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 565.380196][T12706] RBP: 00007f6863008c1f R08: 0000000000000000 R09: 0000000000000000 [ 565.380211][T12706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 565.380226][T12706] R13: 00007f6863216038 R14: 00007f6863215fa0 R15: 00007ffe32cebb98 [ 565.380258][T12706] [ 566.472512][T12718] binder: 12717:12718 ioctl c0585604 38 returned -22 [ 566.558799][T12718] random: crng reseeded on system resumption [ 566.801227][T12727] TCP: TCP_TX_DELAY enabled [ 567.038686][T12731] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1660'. [ 567.159193][T12740] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 568.562874][T12731] kexec: Could not allocate control_code_buffer [ 569.349753][T12773] binder: 12772:12773 ioctl c0585604 38 returned -22 [ 569.442123][T12775] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1672'. [ 569.476403][T12773] random: crng reseeded on system resumption [ 570.196452][T12789] FAULT_INJECTION: forcing a failure. [ 570.196452][T12789] name failslab, interval 1, probability 0, space 0, times 0 [ 570.215537][T12789] CPU: 1 UID: 8 PID: 12789 Comm: syz.6.1674 Tainted: G L syzkaller #0 PREEMPT(full) [ 570.215591][T12789] Tainted: [L]=SOFTLOCKUP [ 570.215604][T12789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 570.215624][T12789] Call Trace: [ 570.215634][T12789] [ 570.215646][T12789] dump_stack_lvl+0x100/0x190 [ 570.215694][T12789] should_fail_ex.cold+0x5/0xa [ 570.215754][T12789] should_failslab+0xc2/0x120 [ 570.215803][T12789] __kmalloc_cache_noprof+0x80/0x810 [ 570.215842][T12789] ? assoc_array_insert+0x10b/0x32c0 [ 570.215882][T12789] ? __pfx___might_resched+0x10/0x10 [ 570.215941][T12789] ? assoc_array_insert+0x10b/0x32c0 [ 570.215979][T12789] assoc_array_insert+0x10b/0x32c0 [ 570.216021][T12789] ? lockdep_hardirqs_on+0x78/0x100 [ 570.216061][T12789] ? __key_link_lock+0x92/0xb0 [ 570.216107][T12789] ? __pfx___mutex_lock+0x10/0x10 [ 570.216156][T12789] ? __pfx_assoc_array_insert+0x10/0x10 [ 570.216203][T12789] ? down_write+0x146/0x1f0 [ 570.216249][T12789] ? __pfx_down_write+0x10/0x10 [ 570.216311][T12789] __key_link_begin+0xf5/0x260 [ 570.216352][T12789] key_instantiate_and_link+0x201/0x4b0 [ 570.216412][T12789] ? __pfx_key_instantiate_and_link+0x10/0x10 [ 570.216488][T12789] ? __pfx_keyring_search_iterator+0x10/0x10 [ 570.216533][T12789] keyring_alloc+0x7a/0xc0 [ 570.216570][T12789] look_up_user_keyrings+0x465/0x790 [ 570.216627][T12789] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 570.216675][T12789] ? futex_wait+0x125/0x380 [ 570.216709][T12789] ? __pfx_futex_wait+0x10/0x10 [ 570.216751][T12789] lookup_user_key+0xbb1/0x1300 [ 570.216805][T12789] ? __pfx_lookup_user_key+0x10/0x10 [ 570.216868][T12789] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 570.216925][T12789] ? __x64_sys_futex+0x34f/0x4d0 [ 570.216971][T12789] ? __x64_sys_futex+0x358/0x4d0 [ 570.217028][T12789] keyctl_session_to_parent+0x28/0xae0 [ 570.217084][T12789] __do_sys_keyctl+0x2b1/0x5a0 [ 570.217131][T12789] do_syscall_64+0xc9/0xf80 [ 570.217176][T12789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.217210][T12789] RIP: 0033:0x7fb96379aeb9 [ 570.217237][T12789] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 570.217271][T12789] RSP: 002b:00007fb964635028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 570.217311][T12789] RAX: ffffffffffffffda RBX: 00007fb963a15fa0 RCX: 00007fb96379aeb9 [ 570.217335][T12789] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 570.217356][T12789] RBP: 00007fb963808c1f R08: 0000000000000001 R09: 0000000000000000 [ 570.217377][T12789] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 570.217398][T12789] R13: 00007fb963a16038 R14: 00007fb963a15fa0 R15: 00007ffeef241c28 [ 570.217444][T12789] [ 571.158093][T12800] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1678'. [ 571.272705][T12808] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 571.302376][T12808] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 572.219305][T12816] zram0: detected capacity change from 0 to 8 [ 572.727291][T12827] binder: 12826:12827 ioctl c0585604 38 returned -22 [ 572.742825][T12827] random: crng reseeded on system resumption [ 572.775175][T12800] kexec: Could not allocate control_code_buffer [ 573.707082][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 573.715371][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 574.185950][T12843] FAULT_INJECTION: forcing a failure. [ 574.185950][T12843] name failslab, interval 1, probability 0, space 0, times 0 [ 574.199470][T12843] CPU: 1 UID: 8 PID: 12843 Comm: syz.1.1687 Tainted: G L syzkaller #0 PREEMPT(full) [ 574.199522][T12843] Tainted: [L]=SOFTLOCKUP [ 574.199533][T12843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 574.199553][T12843] Call Trace: [ 574.199564][T12843] [ 574.199576][T12843] dump_stack_lvl+0x100/0x190 [ 574.199622][T12843] should_fail_ex.cold+0x5/0xa [ 574.199691][T12843] should_failslab+0xc2/0x120 [ 574.199742][T12843] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 574.199786][T12843] ? rcu_is_watching+0x12/0xc0 [ 574.199822][T12843] ? key_alloc+0x423/0x1310 [ 574.199882][T12843] ? kmemdup_noprof+0x29/0x60 [ 574.199922][T12843] kmemdup_noprof+0x29/0x60 [ 574.199966][T12843] key_alloc+0x423/0x1310 [ 574.200034][T12843] ? __pfx_key_alloc+0x10/0x10 [ 574.200093][T12843] ? __pfx_key_default_cmp+0x10/0x10 [ 574.200130][T12843] ? __pfx_keyring_search_iterator+0x10/0x10 [ 574.200179][T12843] keyring_alloc+0x44/0xc0 [ 574.200216][T12843] look_up_user_keyrings+0x465/0x790 [ 574.200272][T12843] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 574.200319][T12843] ? futex_wait+0x125/0x380 [ 574.200352][T12843] ? __pfx_futex_wait+0x10/0x10 [ 574.200399][T12843] lookup_user_key+0xbb1/0x1300 [ 574.200452][T12843] ? __pfx_lookup_user_key+0x10/0x10 [ 574.200515][T12843] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 574.200574][T12843] ? __x64_sys_futex+0x34f/0x4d0 [ 574.200619][T12843] ? __x64_sys_futex+0x358/0x4d0 [ 574.200682][T12843] keyctl_session_to_parent+0x28/0xae0 [ 574.200738][T12843] __do_sys_keyctl+0x2b1/0x5a0 [ 574.200787][T12843] do_syscall_64+0xc9/0xf80 [ 574.200833][T12843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.200869][T12843] RIP: 0033:0x7f387239aeb9 [ 574.200897][T12843] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 574.200933][T12843] RSP: 002b:00007f3873321028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 574.200964][T12843] RAX: ffffffffffffffda RBX: 00007f3872615fa0 RCX: 00007f387239aeb9 [ 574.200985][T12843] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 574.201006][T12843] RBP: 00007f3872408c1f R08: 0000000000000001 R09: 0000000000000000 [ 574.201026][T12843] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 574.201047][T12843] R13: 00007f3872616038 R14: 00007f3872615fa0 R15: 00007fffdb558f58 [ 574.201091][T12843] [ 574.687907][T12851] FAULT_INJECTION: forcing a failure. [ 574.687907][T12851] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 574.687961][T12851] CPU: 0 UID: 0 PID: 12851 Comm: syz.0.1689 Tainted: G L syzkaller #0 PREEMPT(full) [ 574.688006][T12851] Tainted: [L]=SOFTLOCKUP [ 574.688018][T12851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 574.688036][T12851] Call Trace: [ 574.688047][T12851] [ 574.688058][T12851] dump_stack_lvl+0x100/0x190 [ 574.688101][T12851] should_fail_ex.cold+0x5/0xa [ 574.688155][T12851] _copy_from_user+0x2e/0xd0 [ 574.688206][T12851] vmci_host_unlocked_ioctl+0x1284/0x2070 [ 574.688250][T12851] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 574.688291][T12851] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 574.688330][T12851] ? do_vfs_ioctl+0x226/0x13e0 [ 574.688384][T12851] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 574.688448][T12851] ? find_held_lock+0x2b/0x80 [ 574.688480][T12851] ? hook_file_ioctl_common+0x146/0x410 [ 574.688540][T12851] ? __fget_files+0x21f/0x3d0 [ 574.688583][T12851] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 574.688625][T12851] __x64_sys_ioctl+0x18e/0x210 [ 574.688688][T12851] do_syscall_64+0xc9/0xf80 [ 574.688732][T12851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.688765][T12851] RIP: 0033:0x7f2e31f9aeb9 [ 574.688790][T12851] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 574.688821][T12851] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 574.688852][T12851] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 574.688873][T12851] RDX: 0000000000000000 RSI: 00000000000007af RDI: 0000000000000003 [ 574.688891][T12851] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 574.688911][T12851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 574.688931][T12851] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 574.688974][T12851] [ 575.169593][T12863] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1693'. [ 575.232653][T12867] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 576.408853][T12863] kexec: Could not allocate control_code_buffer [ 585.480912][T12063] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 585.510840][T12063] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 585.527487][T12063] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 585.542682][T12063] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 585.581091][T12063] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 586.234813][T12903] FAULT_INJECTION: forcing a failure. [ 586.234813][T12903] name failslab, interval 1, probability 0, space 0, times 0 [ 586.273414][T12903] CPU: 1 UID: 8 PID: 12903 Comm: syz.0.1700 Tainted: G L syzkaller #0 PREEMPT(full) [ 586.273468][T12903] Tainted: [L]=SOFTLOCKUP [ 586.273480][T12903] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 586.273500][T12903] Call Trace: [ 586.273511][T12903] [ 586.273524][T12903] dump_stack_lvl+0x100/0x190 [ 586.273572][T12903] should_fail_ex.cold+0x5/0xa [ 586.273626][T12903] should_failslab+0xc2/0x120 [ 586.273676][T12903] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 586.273732][T12903] ? rcu_is_watching+0x12/0xc0 [ 586.273769][T12903] ? key_alloc+0x423/0x1310 [ 586.273832][T12903] ? kmemdup_noprof+0x29/0x60 [ 586.273879][T12903] kmemdup_noprof+0x29/0x60 [ 586.273925][T12903] key_alloc+0x423/0x1310 [ 586.273994][T12903] ? __pfx_key_alloc+0x10/0x10 [ 586.274048][T12903] ? __pfx_key_default_cmp+0x10/0x10 [ 586.274084][T12903] ? __pfx_keyring_search_iterator+0x10/0x10 [ 586.274126][T12903] keyring_alloc+0x44/0xc0 [ 586.274165][T12903] look_up_user_keyrings+0x465/0x790 [ 586.274221][T12903] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 586.274268][T12903] ? futex_wait+0x125/0x380 [ 586.274301][T12903] ? __pfx_futex_wait+0x10/0x10 [ 586.274342][T12903] lookup_user_key+0xbb1/0x1300 [ 586.274394][T12903] ? __pfx_lookup_user_key+0x10/0x10 [ 586.274456][T12903] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 586.274515][T12903] ? __x64_sys_futex+0x34f/0x4d0 [ 586.274561][T12903] ? __x64_sys_futex+0x358/0x4d0 [ 586.274616][T12903] keyctl_session_to_parent+0x28/0xae0 [ 586.274671][T12903] __do_sys_keyctl+0x2b1/0x5a0 [ 586.274730][T12903] do_syscall_64+0xc9/0xf80 [ 586.274777][T12903] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 586.274813][T12903] RIP: 0033:0x7f2e31f9aeb9 [ 586.274841][T12903] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 586.274875][T12903] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 586.274909][T12903] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 586.274932][T12903] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 586.274954][T12903] RBP: 00007f2e32008c1f R08: 0000000000000001 R09: 0000000000000000 [ 586.274976][T12903] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 586.274996][T12903] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 586.275040][T12903] [ 586.538301][T12894] chnl_net:caif_netlink_parms(): no params data found [ 586.839582][T12894] bridge0: port 1(bridge_slave_0) entered blocking state [ 586.849508][T12894] bridge0: port 1(bridge_slave_0) entered disabled state [ 586.864832][T12894] bridge_slave_0: entered allmulticast mode [ 586.879740][T12894] bridge_slave_0: entered promiscuous mode [ 586.892172][T12894] bridge0: port 2(bridge_slave_1) entered blocking state [ 586.899509][T12894] bridge0: port 2(bridge_slave_1) entered disabled state [ 586.909696][T12894] bridge_slave_1: entered allmulticast mode [ 586.918572][T12894] bridge_slave_1: entered promiscuous mode [ 586.972417][T12894] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 586.997906][T12894] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 587.045165][T12894] team0: Port device team_slave_0 added [ 587.055254][T12894] team0: Port device team_slave_1 added [ 587.108386][T12894] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 587.116137][T12894] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 587.145740][T12894] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 587.165356][T12894] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 587.172527][T12894] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 587.199620][T12894] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 587.283924][T12894] hsr_slave_0: entered promiscuous mode [ 587.291699][T12894] hsr_slave_1: entered promiscuous mode [ 587.298453][T12894] debugfs: 'hsr0' already exists in 'hsr' [ 587.304900][T12894] Cannot create hsr debugfs directory [ 587.600084][T12894] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 587.615192][T12894] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 587.623001][T12063] Bluetooth: hci7: command tx timeout [ 587.640622][T12894] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 587.660470][T12894] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 587.852485][T12894] 8021q: adding VLAN 0 to HW filter on device bond0 [ 587.898023][T12894] 8021q: adding VLAN 0 to HW filter on device team0 [ 587.915734][T12105] bridge0: port 1(bridge_slave_0) entered blocking state [ 587.922975][T12105] bridge0: port 1(bridge_slave_0) entered forwarding state [ 587.948378][T12105] bridge0: port 2(bridge_slave_1) entered blocking state [ 587.955645][T12105] bridge0: port 2(bridge_slave_1) entered forwarding state [ 588.054158][T12894] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 588.379338][T12894] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 588.837962][T12894] veth0_vlan: entered promiscuous mode [ 588.854834][T12894] veth1_vlan: entered promiscuous mode [ 588.923587][T12894] veth0_macvtap: entered promiscuous mode [ 588.937244][T12894] veth1_macvtap: entered promiscuous mode [ 588.972369][T12894] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 589.015170][T12894] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 589.043769][T11553] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.055246][T11553] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.074354][T11553] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.085888][T11553] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 589.292009][T11553] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 589.301754][T11553] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.375117][T11538] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 589.392868][T11538] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 589.713337][T12063] Bluetooth: hci7: command tx timeout [ 591.512088][T12945] FAULT_INJECTION: forcing a failure. [ 591.512088][T12945] name failslab, interval 1, probability 0, space 0, times 0 [ 591.526226][T12945] CPU: 0 UID: 0 PID: 12945 Comm: syz.0.1714 Tainted: G L syzkaller #0 PREEMPT(full) [ 591.526289][T12945] Tainted: [L]=SOFTLOCKUP [ 591.526300][T12945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 591.526320][T12945] Call Trace: [ 591.526330][T12945] [ 591.526341][T12945] dump_stack_lvl+0x100/0x190 [ 591.526387][T12945] should_fail_ex.cold+0x5/0xa [ 591.526441][T12945] should_failslab+0xc2/0x120 [ 591.526489][T12945] __kmalloc_cache_noprof+0x80/0x810 [ 591.526523][T12945] ? vmci_ctx_get+0x17e/0x300 [ 591.526566][T12945] ? vmci_ctx_add_notification+0x15b/0x670 [ 591.526622][T12945] ? vmci_ctx_add_notification+0x15b/0x670 [ 591.526670][T12945] vmci_ctx_add_notification+0x15b/0x670 [ 591.526727][T12945] vmci_host_unlocked_ioctl+0x1303/0x2070 [ 591.526770][T12945] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 591.526811][T12945] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 591.526847][T12945] ? do_vfs_ioctl+0x226/0x13e0 [ 591.526899][T12945] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 591.526961][T12945] ? find_held_lock+0x2b/0x80 [ 591.526991][T12945] ? hook_file_ioctl_common+0x146/0x410 [ 591.527049][T12945] ? __fget_files+0x21f/0x3d0 [ 591.527089][T12945] ? __pfx_vmci_host_unlocked_ioctl+0x10/0x10 [ 591.527132][T12945] __x64_sys_ioctl+0x18e/0x210 [ 591.527186][T12945] do_syscall_64+0xc9/0xf80 [ 591.527229][T12945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.527270][T12945] RIP: 0033:0x7f2e31f9aeb9 [ 591.527295][T12945] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 591.527327][T12945] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 591.527359][T12945] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 591.527380][T12945] RDX: 0000000000000000 RSI: 00000000000007af RDI: 0000000000000003 [ 591.527399][T12945] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 591.527418][T12945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 591.527437][T12945] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 591.527479][T12945] [ 592.028191][T12063] Bluetooth: hci7: command tx timeout [ 592.091100][T12953] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 592.101724][T12953] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 593.152836][T12950] kexec: Could not allocate control_code_buffer [ 593.682677][T12970] netlink: 326 bytes leftover after parsing attributes in process `syz.1.1711'. [ 594.102588][T12063] Bluetooth: hci7: command tx timeout [ 594.145269][T12984] tipc: Started in network mode [ 594.170714][T12984] tipc: Node identity ffffffff, cluster identity 4711 [ 594.384300][T12984] tipc: Node number set to 4294967295 [ 594.463458][T12983] FAULT_INJECTION: forcing a failure. [ 594.463458][T12983] name failslab, interval 1, probability 0, space 0, times 0 [ 594.633890][T12983] CPU: 1 UID: 8 PID: 12983 Comm: syz.7.1713 Tainted: G L syzkaller #0 PREEMPT(full) [ 594.633942][T12983] Tainted: [L]=SOFTLOCKUP [ 594.633951][T12983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 594.633966][T12983] Call Trace: [ 594.633975][T12983] [ 594.633984][T12983] dump_stack_lvl+0x100/0x190 [ 594.634020][T12983] should_fail_ex.cold+0x5/0xa [ 594.634068][T12983] should_failslab+0xc2/0x120 [ 594.634105][T12983] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 594.634138][T12983] ? rcu_is_watching+0x12/0xc0 [ 594.634189][T12983] ? key_alloc+0x423/0x1310 [ 594.634247][T12983] ? kmemdup_noprof+0x29/0x60 [ 594.634287][T12983] kmemdup_noprof+0x29/0x60 [ 594.634332][T12983] key_alloc+0x423/0x1310 [ 594.634399][T12983] ? __pfx_key_alloc+0x10/0x10 [ 594.634451][T12983] ? __pfx_key_default_cmp+0x10/0x10 [ 594.634488][T12983] ? __pfx_keyring_search_iterator+0x10/0x10 [ 594.634530][T12983] keyring_alloc+0x44/0xc0 [ 594.634570][T12983] look_up_user_keyrings+0x465/0x790 [ 594.634626][T12983] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 594.634672][T12983] ? futex_wait+0x125/0x380 [ 594.634704][T12983] ? __pfx_futex_wait+0x10/0x10 [ 594.634746][T12983] lookup_user_key+0xbb1/0x1300 [ 594.634799][T12983] ? __pfx_lookup_user_key+0x10/0x10 [ 594.634861][T12983] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 594.634918][T12983] ? __x64_sys_futex+0x34f/0x4d0 [ 594.634964][T12983] ? __x64_sys_futex+0x358/0x4d0 [ 594.635021][T12983] keyctl_session_to_parent+0x28/0xae0 [ 594.635085][T12983] __do_sys_keyctl+0x2b1/0x5a0 [ 594.635134][T12983] do_syscall_64+0xc9/0xf80 [ 594.635178][T12983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 594.635213][T12983] RIP: 0033:0x7fee3419aeb9 [ 594.635239][T12983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 594.635273][T12983] RSP: 002b:00007fee34ffa028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 594.635306][T12983] RAX: ffffffffffffffda RBX: 00007fee34415fa0 RCX: 00007fee3419aeb9 [ 594.635329][T12983] RDX: fffffffffffffffd RSI: fffffffffffffffc RDI: 0000000000000012 [ 594.635351][T12983] RBP: 00007fee34208c1f R08: 0000000000000001 R09: 0000000000000000 [ 594.635371][T12983] R10: fffffffffffffffd R11: 0000000000000246 R12: 0000000000000000 [ 594.635392][T12983] R13: 00007fee34416038 R14: 00007fee34415fa0 R15: 00007fff24406a08 [ 594.635437][T12983] [ 596.129204][T13010] FAULT_INJECTION: forcing a failure. [ 596.129204][T13010] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 596.169848][T13015] tipc: Started in network mode [ 596.177402][T13015] tipc: Node identity ffffffff, cluster identity 4711 [ 596.197661][T13015] tipc: Node number set to 4294967295 [ 596.231290][T13010] CPU: 1 UID: 0 PID: 13010 Comm: syz.7.1727 Tainted: G L syzkaller #0 PREEMPT(full) [ 596.231340][T13010] Tainted: [L]=SOFTLOCKUP [ 596.231350][T13010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 596.231369][T13010] Call Trace: [ 596.231379][T13010] [ 596.231391][T13010] dump_stack_lvl+0x100/0x190 [ 596.231436][T13010] should_fail_ex.cold+0x5/0xa [ 596.231488][T13010] _copy_to_user+0x32/0xd0 [ 596.231540][T13010] simple_read_from_buffer+0xcb/0x170 [ 596.231578][T13010] proc_fail_nth_read+0x1af/0x230 [ 596.231619][T13010] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 596.231661][T13010] ? rw_verify_area+0xce/0x6d0 [ 596.231698][T13010] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 596.231738][T13010] vfs_read+0x1e4/0xb30 [ 596.231779][T13010] ? __pfx_vfs_read+0x10/0x10 [ 596.231810][T13010] ? find_held_lock+0x2b/0x80 [ 596.231844][T13010] ? __fget_files+0x215/0x3d0 [ 596.231887][T13010] ? __fget_files+0x21f/0x3d0 [ 596.231934][T13010] ksys_read+0x12a/0x250 [ 596.231969][T13010] ? __pfx_ksys_read+0x10/0x10 [ 596.232008][T13010] ? fput+0x79/0x100 [ 596.232058][T13010] do_syscall_64+0xc9/0xf80 [ 596.232103][T13010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.232142][T13010] RIP: 0033:0x7fee3415b78e [ 596.232168][T13010] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 596.232200][T13010] RSP: 002b:00007fee34ff9fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 596.232229][T13010] RAX: ffffffffffffffda RBX: 00007fee34ffa6c0 RCX: 00007fee3415b78e [ 596.232249][T13010] RDX: 000000000000000f RSI: 00007fee34ffa0a0 RDI: 0000000000000004 [ 596.232268][T13010] RBP: 00007fee34ffa090 R08: 0000000000000000 R09: 0000000000000000 [ 596.232287][T13010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 596.232305][T13010] R13: 00007fee34416038 R14: 00007fee34415fa0 R15: 00007fff24406a08 [ 596.232348][T13010] [ 597.027740][T13023] netlink: 'syz.7.1730': attribute type 1 has an invalid length. [ 597.068552][T13023] FAULT_INJECTION: forcing a failure. [ 597.068552][T13023] name fail_futex, interval 1, probability 0, space 0, times 0 [ 597.140403][T13023] CPU: 1 UID: 0 PID: 13023 Comm: syz.7.1730 Tainted: G L syzkaller #0 PREEMPT(full) [ 597.140459][T13023] Tainted: [L]=SOFTLOCKUP [ 597.140471][T13023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 597.140490][T13023] Call Trace: [ 597.140500][T13023] [ 597.140513][T13023] dump_stack_lvl+0x100/0x190 [ 597.140561][T13023] should_fail_ex.cold+0x5/0xa [ 597.140616][T13023] get_futex_key+0x1d2/0x1620 [ 597.140664][T13023] ? __pfx_get_futex_key+0x10/0x10 [ 597.140724][T13023] futex_wake+0xea/0x530 [ 597.140780][T13023] ? __lock_acquire+0x4a5/0x2630 [ 597.140826][T13023] ? __pfx_futex_wake+0x10/0x10 [ 597.140899][T13023] do_futex+0x32b/0x350 [ 597.140952][T13023] ? __pfx_do_futex+0x10/0x10 [ 597.141008][T13023] __x64_sys_futex+0x34f/0x4d0 [ 597.141065][T13023] ? fput+0x79/0x100 [ 597.141147][T13023] ? __pfx___x64_sys_futex+0x10/0x10 [ 597.141210][T13023] do_syscall_64+0xc9/0xf80 [ 597.141255][T13023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 597.141288][T13023] RIP: 0033:0x7fee3419aeb9 [ 597.141315][T13023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 597.141350][T13023] RSP: 002b:00007fee34fd90e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 597.141383][T13023] RAX: ffffffffffffffda RBX: 00007fee34416098 RCX: 00007fee3419aeb9 [ 597.141404][T13023] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fee3441609c [ 597.141424][T13023] RBP: 00007fee34416090 R08: 0000000000000001 R09: 0000000000000000 [ 597.141444][T13023] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 597.141464][T13023] R13: 00007fee34416128 R14: 00007fff24406920 R15: 00007fff24406a08 [ 597.141509][T13023] [ 598.668027][T13042] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1737'. [ 598.807454][T13049] .^: entered promiscuous mode [ 599.123395][T13059] tipc: Started in network mode [ 599.155447][T13059] tipc: Node identity ffffffff, cluster identity 4711 [ 599.173170][T13059] tipc: Node number set to 4294967295 [ 601.901218][T13100] mkiss: ax0: crc mode is auto. [ 602.476082][T13108] tipc: Started in network mode [ 602.509292][T13108] tipc: Node identity ffffffff, cluster identity 4711 [ 602.571561][T13108] tipc: Node number set to 4294967295 [ 607.792126][T13194] FAULT_INJECTION: forcing a failure. [ 607.792126][T13194] name fail_futex, interval 1, probability 0, space 0, times 0 [ 607.871037][T13194] CPU: 1 UID: 0 PID: 13194 Comm: syz.0.1770 Tainted: G L syzkaller #0 PREEMPT(full) [ 607.871090][T13194] Tainted: [L]=SOFTLOCKUP [ 607.871101][T13194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 607.871121][T13194] Call Trace: [ 607.871131][T13194] [ 607.871144][T13194] dump_stack_lvl+0x100/0x190 [ 607.871190][T13194] should_fail_ex.cold+0x5/0xa [ 607.871258][T13194] get_futex_key+0x1d2/0x1620 [ 607.871307][T13194] ? __pfx_get_futex_key+0x10/0x10 [ 607.871367][T13194] futex_wake+0xea/0x530 [ 607.871418][T13194] ? rcu_is_watching+0x12/0xc0 [ 607.871453][T13194] ? lockdep_hardirqs_on+0x78/0x100 [ 607.871494][T13194] ? __pfx_futex_wake+0x10/0x10 [ 607.871554][T13194] ? find_held_lock+0x2b/0x80 [ 607.871586][T13194] ? putname+0xf5/0x1a0 [ 607.871641][T13194] do_futex+0x32b/0x350 [ 607.871689][T13194] ? __pfx_do_futex+0x10/0x10 [ 607.871734][T13194] ? __pfx_do_sys_openat2+0x10/0x10 [ 607.871790][T13194] ? __sys_sendmsg+0x18f/0x220 [ 607.871846][T13194] __x64_sys_futex+0x34f/0x4d0 [ 607.871896][T13194] ? __x64_sys_openat+0x12d/0x210 [ 607.871951][T13194] ? __pfx___x64_sys_futex+0x10/0x10 [ 607.871997][T13194] ? xfd_validate_state+0x129/0x190 [ 607.872064][T13194] do_syscall_64+0xc9/0xf80 [ 607.872111][T13194] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.872145][T13194] RIP: 0033:0x7f2e31f9aeb9 [ 607.872170][T13194] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 607.872211][T13194] RSP: 002b:00007f2e2f96e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 607.872244][T13194] RAX: ffffffffffffffda RBX: 00007f2e32216368 RCX: 00007f2e31f9aeb9 [ 607.872267][T13194] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f2e3221636c [ 607.872288][T13194] RBP: 00007f2e32216360 R08: 0000000000000000 R09: 0000000000000000 [ 607.872309][T13194] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 607.872331][T13194] R13: 00007f2e322163f8 R14: 00007ffd2d861fd0 R15: 00007ffd2d8620b8 [ 607.872374][T13194] [ 609.228457][T13217] netlink: 'syz.6.1779': attribute type 11 has an invalid length. [ 610.353515][T13234] NFSD: Failed to start, no listeners configured. [ 610.766424][T13245] FAULT_INJECTION: forcing a failure. [ 610.766424][T13245] name failslab, interval 1, probability 0, space 0, times 0 [ 610.779945][T13245] CPU: 0 UID: 0 PID: 13245 Comm: syz.1.1788 Tainted: G L syzkaller #0 PREEMPT(full) [ 610.779985][T13245] Tainted: [L]=SOFTLOCKUP [ 610.779994][T13245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 610.780009][T13245] Call Trace: [ 610.780016][T13245] [ 610.780025][T13245] dump_stack_lvl+0x100/0x190 [ 610.780059][T13245] should_fail_ex.cold+0x5/0xa [ 610.780102][T13245] should_failslab+0xc2/0x120 [ 610.780137][T13245] kmem_cache_alloc_noprof+0x83/0x780 [ 610.780171][T13245] ? security_file_alloc+0x34/0x2c0 [ 610.780217][T13245] ? security_file_alloc+0x34/0x2c0 [ 610.780255][T13245] security_file_alloc+0x34/0x2c0 [ 610.780296][T13245] init_file+0x93/0x4c0 [ 610.780332][T13245] alloc_empty_file+0x73/0x1c0 [ 610.780369][T13245] alloc_file_pseudo+0x13a/0x230 [ 610.780408][T13245] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 610.780447][T13245] ? alloc_fd+0x476/0x790 [ 610.780480][T13245] sock_alloc_file+0x50/0x210 [ 610.780542][T13245] __sys_socket+0x1c0/0x260 [ 610.780572][T13245] ? __pfx___sys_socket+0x10/0x10 [ 610.780605][T13245] ? do_user_addr_fault+0x8d6/0x12f0 [ 610.780638][T13245] __x64_sys_socket+0x72/0xb0 [ 610.780668][T13245] ? lockdep_hardirqs_on+0x78/0x100 [ 610.780698][T13245] do_syscall_64+0xc9/0xf80 [ 610.780731][T13245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.780756][T13245] RIP: 0033:0x7f387239c747 [ 610.780776][T13245] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 610.780801][T13245] RSP: 002b:00007f387331ff98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 610.780825][T13245] RAX: ffffffffffffffda RBX: 00007f3872615fa0 RCX: 00007f387239c747 [ 610.780842][T13245] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 610.780857][T13245] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 610.780872][T13245] R10: 0000200000000400 R11: 0000000000000286 R12: 0000000000000000 [ 610.780888][T13245] R13: 00007f3872616038 R14: 00007f3872615fa0 R15: 00007fffdb558f58 [ 610.780923][T13245] [ 612.705507][T13276] random: crng reseeded on system resumption [ 613.206662][T13283] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1799'. [ 613.436257][T13297] FAULT_INJECTION: forcing a failure. [ 613.436257][T13297] name fail_futex, interval 1, probability 0, space 0, times 0 [ 613.643958][T13297] CPU: 1 UID: 0 PID: 13297 Comm: syz.7.1803 Tainted: G L syzkaller #0 PREEMPT(full) [ 613.643995][T13297] Tainted: [L]=SOFTLOCKUP [ 613.644003][T13297] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 613.644017][T13297] Call Trace: [ 613.644024][T13297] [ 613.644033][T13297] dump_stack_lvl+0x100/0x190 [ 613.644065][T13297] should_fail_ex.cold+0x5/0xa [ 613.644104][T13297] get_futex_key+0x1d2/0x1620 [ 613.644139][T13297] ? __pfx_get_futex_key+0x10/0x10 [ 613.644179][T13297] futex_wake+0xea/0x530 [ 613.644219][T13297] ? __pfx_futex_wake+0x10/0x10 [ 613.644255][T13297] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 613.644298][T13297] ? kmem_cache_free+0x48f/0x720 [ 613.644326][T13297] do_futex+0x32b/0x350 [ 613.644360][T13297] ? __pfx_do_futex+0x10/0x10 [ 613.644393][T13297] ? __pfx___might_resched+0x10/0x10 [ 613.644430][T13297] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 613.644463][T13297] __x64_sys_futex+0x34f/0x4d0 [ 613.644498][T13297] ? __pfx_task_work_run+0x10/0x10 [ 613.644536][T13297] ? __pfx___x64_sys_futex+0x10/0x10 [ 613.644568][T13297] ? ksys_mmap_pgoff+0x85/0x5b0 [ 613.644612][T13297] do_syscall_64+0xc9/0xf80 [ 613.644649][T13297] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 613.644673][T13297] RIP: 0033:0x7fee3419aeb9 [ 613.644691][T13297] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 613.644712][T13297] RSP: 002b:00007fee34fb80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 613.644734][T13297] RAX: ffffffffffffffda RBX: 00007fee34416188 RCX: 00007fee3419aeb9 [ 613.644750][T13297] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fee3441618c [ 613.644764][T13297] RBP: 00007fee34416180 R08: 0000000000000000 R09: 0000000000000000 [ 613.644778][T13297] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 613.644791][T13297] R13: 00007fee34416218 R14: 00007fff24406920 R15: 00007fff24406a08 [ 613.644821][T13297] [ 614.165940][T13304] netlink: 'syz.6.1804': attribute type 1 has an invalid length. [ 614.214400][T13304] netlink: 306 bytes leftover after parsing attributes in process `syz.6.1804'. [ 616.292945][T13352] random: crng reseeded on system resumption [ 616.611110][ T30] audit: type=1804 audit(1770462947.875:17): pid=13357 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1821" name="/newroot/sys/kernel/debug/tracing/trace" dev="tracefs" ino=1253 res=1 errno=0 [ 618.100384][ T30] audit: type=1804 audit(1770462949.375:18): pid=13394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1834" name="/newroot/sys/kernel/debug/tracing/trace" dev="tracefs" ino=1253 res=1 errno=0 [ 619.235454][T13422] nvme_fabrics: missing parameter 'transport=%s' [ 619.266692][T13422] nvme_fabrics: missing parameter 'nqn=%s' [ 619.674324][T13429] random: crng reseeded on system resumption [ 620.653619][ T30] audit: type=1804 audit(1770462951.925:19): pid=13438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.6.1846" name="/newroot/sys/kernel/debug/tracing/trace" dev="tracefs" ino=1253 res=1 errno=0 [ 620.825756][T13440] [U] [ 622.328728][T13477] nvme_fabrics: missing parameter 'transport=%s' [ 622.337574][ T30] audit: type=1804 audit(1770462953.615:20): pid=13480 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.7.1859" name="/newroot/sys/kernel/debug/tracing/trace" dev="tracefs" ino=1253 res=1 errno=0 [ 622.373216][T13477] nvme_fabrics: missing parameter 'nqn=%s' [ 623.608513][T13493] random: crng reseeded on system resumption [ 625.311320][T13514] zswap: compressor not available [ 626.530464][T13545] nvme_fabrics: missing parameter 'transport=%s' [ 626.541084][T13545] nvme_fabrics: missing parameter 'nqn=%s' [ 627.762358][T13553] random: crng reseeded on system resumption [ 629.134357][T13558] FAULT_INJECTION: forcing a failure. [ 629.134357][T13558] name failslab, interval 1, probability 0, space 0, times 0 [ 629.188160][T13558] CPU: 1 UID: 0 PID: 13558 Comm: syz.0.1878 Tainted: G L syzkaller #0 PREEMPT(full) [ 629.188212][T13558] Tainted: [L]=SOFTLOCKUP [ 629.188224][T13558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 629.188243][T13558] Call Trace: [ 629.188253][T13558] [ 629.188266][T13558] dump_stack_lvl+0x100/0x190 [ 629.188310][T13558] should_fail_ex.cold+0x5/0xa [ 629.188364][T13558] should_failslab+0xc2/0x120 [ 629.188410][T13558] __kmalloc_cache_noprof+0x80/0x810 [ 629.188442][T13558] ? __lock_acquire+0x4a5/0x2630 [ 629.188484][T13558] ? sta_airtime_read+0x125/0x4b0 [ 629.188526][T13558] ? sta_airtime_read+0x125/0x4b0 [ 629.188560][T13558] sta_airtime_read+0x125/0x4b0 [ 629.188596][T13558] ? lock_acquire+0x17c/0x330 [ 629.188640][T13558] ? __debugfs_file_get+0x1fc/0x860 [ 629.188691][T13558] ? __pfx_sta_airtime_read+0x10/0x10 [ 629.188725][T13558] ? common_file_perm+0x1ab/0x4f0 [ 629.188771][T13558] ? rcu_is_watching+0x12/0xc0 [ 629.188812][T13558] short_proxy_read+0x12e/0x1a0 [ 629.188842][T13558] ? __pfx_short_proxy_read+0x10/0x10 [ 629.188874][T13558] vfs_read+0x1e4/0xb30 [ 629.188916][T13558] ? __pfx_vfs_read+0x10/0x10 [ 629.188950][T13558] ? find_held_lock+0x2b/0x80 [ 629.188981][T13558] ? __fget_files+0x215/0x3d0 [ 629.189024][T13558] ? __fget_files+0x21f/0x3d0 [ 629.189071][T13558] ksys_read+0x12a/0x250 [ 629.189107][T13558] ? __pfx_ksys_read+0x10/0x10 [ 629.189163][T13558] do_syscall_64+0xc9/0xf80 [ 629.189207][T13558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 629.189239][T13558] RIP: 0033:0x7f2e31f9aeb9 [ 629.189264][T13558] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 629.189296][T13558] RSP: 002b:00007f2e301f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 629.189326][T13558] RAX: ffffffffffffffda RBX: 00007f2e32215fa0 RCX: 00007f2e31f9aeb9 [ 629.189353][T13558] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 629.189371][T13558] RBP: 00007f2e301f6090 R08: 0000000000000000 R09: 0000000000000000 [ 629.189392][T13558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 629.189410][T13558] R13: 00007f2e32216038 R14: 00007f2e32215fa0 R15: 00007ffd2d8620b8 [ 629.189455][T13558] [ 630.661219][ T31] INFO: task kworker/u10:4:11564 blocked for more than 143 seconds. [ 630.703256][ T31] Tainted: G L syzkaller #0 [ 630.709944][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 630.771029][ T31] task:kworker/u10:4 state:D stack:26776 pid:11564 tgid:11564 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 630.813280][ T31] Workqueue: netns cleanup_net [ 630.818160][ T31] Call Trace: [ 630.837665][ T31] [ 630.840696][ T31] ? __schedule+0xf65/0x5e10 [ 630.873370][ T31] __schedule+0xfe4/0x5e10 [ 630.887117][ T31] ? __lock_acquire+0x4a5/0x2630 [ 630.904672][ T31] ? __pfx___schedule+0x10/0x10 [ 630.925485][ T31] ? find_held_lock+0x2b/0x80 [ 630.948466][ T31] ? schedule+0x2bf/0x390 [ 630.963348][ T31] schedule+0xdd/0x390 [ 630.977956][ T31] schedule_timeout+0x1b2/0x280 [ 631.001507][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 631.027748][ T31] ? mark_held_locks+0x40/0x70 [ 631.045209][ T31] __wait_for_common+0x2e7/0x4c0 [ 631.066873][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 631.095012][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 631.117689][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 631.136275][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 631.165810][ T31] __flush_workqueue+0x3f7/0x1200 [ 631.199920][ T31] ? __lock_acquire+0x4a5/0x2630 [ 631.216448][ T31] ? __lock_acquire+0x4a5/0x2630 [ 631.239086][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 631.267741][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 631.301118][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 631.320497][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 631.347804][ T31] rds_tcp_listen_stop+0x104/0x160 [ 631.365033][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 631.391045][ T31] rds_tcp_exit_net+0xcb/0x810 [ 631.410523][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 631.437554][ T31] ? __pfx___might_resched+0x10/0x10 [ 631.457010][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 631.481577][ T31] ops_undo_list+0x2ee/0xab0 [ 631.495779][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 631.508918][ T31] ? cleanup_net+0x345/0x830 [ 631.518523][ T31] ? idr_destroy+0x62/0x2e0 [ 631.529330][ T31] cleanup_net+0x419/0x830 [ 631.541184][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 631.552149][ T31] ? rcu_is_watching+0x12/0xc0 [ 631.573369][ T31] process_one_work+0x9c2/0x1840 [ 631.587920][ T31] ? __pfx_process_one_work+0x10/0x10 [ 631.604377][ T31] ? assign_work+0x19c/0x250 [ 631.626608][ T31] worker_thread+0x5da/0xe40 [ 631.646498][ T31] ? __pfx_worker_thread+0x10/0x10 [ 631.662311][ T31] ? kthread+0x17d/0x730 [ 631.680311][ T31] ? __pfx_worker_thread+0x10/0x10 [ 631.695050][ T31] kthread+0x3b3/0x730 [ 631.709603][ T31] ? __pfx_kthread+0x10/0x10 [ 631.724330][ T31] ? ret_from_fork+0x79/0xaf0 [ 631.742713][ T31] ? ret_from_fork+0x79/0xaf0 [ 631.776111][ T31] ? rcu_is_watching+0x12/0xc0 [ 631.795566][ T31] ? __pfx_kthread+0x10/0x10 [ 631.811919][ T31] ret_from_fork+0x754/0xaf0 [ 631.832674][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 631.851160][ T31] ? rcu_is_watching+0x12/0xc0 [ 631.856386][ T31] ? __switch_to+0x7b9/0x10c0 [ 631.871130][ T31] ? __pfx_kthread+0x10/0x10 [ 631.875975][ T31] ret_from_fork_asm+0x1a/0x30 [ 631.885568][ T31] [ 631.893460][ T31] [ 631.893460][ T31] Showing all locks held in the system: [ 631.912229][ T31] 1 lock held by khungtaskd/31: [ 631.925534][ T31] #0: ffffffff8e5e3120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 631.952769][ T31] 2 locks held by udevd/5195: [ 631.972359][ T31] 2 locks held by getty/5585: [ 632.000386][ T31] #0: ffff8880365020a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 632.031317][ T31] #1: ffffc9000362b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 632.064744][ T31] 3 locks held by kworker/u11:0/11536: [ 632.082965][ T31] #0: ffff8880636fa148 ((wq_completion)hci4){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 632.107071][T12063] Bluetooth: hci4: command 0x0406 tx timeout [ 632.121177][ T31] #1: ffffc9000efbfc98 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 632.159639][ T31] #2: ffff888063be4ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_cmd_sync_work+0x18a/0x470 [ 632.193190][ T31] 3 locks held by kworker/u10:4/11564: [ 632.210638][ T31] #0: ffff88801c29f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 632.244499][ T31] #1: ffffc9000f257c98 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 632.277337][ T31] #2: ffffffff903dd3b0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xab/0x830 [ 632.311120][ T31] 1 lock held by syz.3.1417/11877: [ 632.324059][ T31] #0: ffffffff903dd3b0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 632.355389][ T31] 3 locks held by kworker/0:3/11985: [ 632.373651][ T31] #0: ffff88813fe15948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 632.406030][ T31] #1: ffffc9000b37fc98 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 632.437292][ T31] #2: ffffffff8e5ef7c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 632.462492][ T31] 1 lock held by syz.2.1443/11990: [ 632.476446][ T31] #0: ffffffff903dd3b0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 632.499741][ T31] 1 lock held by syz.4.1418/11998: [ 632.512610][ T31] #0: ffffffff903dd3b0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 632.536862][ T31] 1 lock held by syz.5.1672/12781: [ 632.550981][ T31] #0: ffffffff903dd3b0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 632.572962][ T31] 2 locks held by syz.7.1860/13487: [ 632.587431][ T31] 1 lock held by syz.0.1879/13563: [ 632.599610][ T31] 3 locks held by syz.0.1879/13564: [ 632.614011][ T31] 1 lock held by syz.1.1880/13565: [ 632.628909][ T31] #0: ffffffff8e5ef7c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 632.661097][ T31] 4 locks held by syz.0.1879/13570: [ 632.671206][ T31] 2 locks held by syz.0.1883/13580: [ 632.684711][ T31] #0: ffffffff903dd3b0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 632.710733][ T31] #1: ffffffff8e5ef8f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 632.745893][ T31] [ 632.761878][ T31] ============================================= [ 632.761878][ T31] [ 632.781191][ T31] NMI backtrace for cpu 1 [ 632.781222][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 632.781267][ T31] Tainted: [L]=SOFTLOCKUP [ 632.781278][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 632.781297][ T31] Call Trace: [ 632.781307][ T31] [ 632.781319][ T31] dump_stack_lvl+0x100/0x190 [ 632.781365][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 632.781408][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 632.781462][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 632.781518][ T31] sys_info+0x141/0x190 [ 632.781562][ T31] watchdog+0xcc3/0xfe0 [ 632.781607][ T31] ? __pfx_watchdog+0x10/0x10 [ 632.781643][ T31] ? __kthread_parkme+0x18c/0x230 [ 632.781682][ T31] ? __pfx_watchdog+0x10/0x10 [ 632.781719][ T31] ? __pfx_watchdog+0x10/0x10 [ 632.781750][ T31] kthread+0x3b3/0x730 [ 632.781797][ T31] ? __pfx_kthread+0x10/0x10 [ 632.781841][ T31] ? ret_from_fork+0x79/0xaf0 [ 632.781869][ T31] ? ret_from_fork+0x79/0xaf0 [ 632.781899][ T31] ? rcu_is_watching+0x12/0xc0 [ 632.781930][ T31] ? __pfx_kthread+0x10/0x10 [ 632.781977][ T31] ret_from_fork+0x754/0xaf0 [ 632.782009][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 632.782044][ T31] ? __switch_to+0x7b9/0x10c0 [ 632.782090][ T31] ? __pfx_kthread+0x10/0x10 [ 632.782139][ T31] ret_from_fork_asm+0x1a/0x30 [ 632.782211][ T31] [ 632.782246][ T31] Sending NMI from CPU 1 to CPUs 0: [ 632.930589][ C0] NMI backtrace for cpu 0 [ 632.930614][ C0] CPU: 0 UID: 0 PID: 5195 Comm: udevd Tainted: G L syzkaller #0 PREEMPT(full) [ 632.930652][ C0] Tainted: [L]=SOFTLOCKUP [ 632.930661][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 632.930678][ C0] RIP: 0010:__rcu_read_unlock+0x4e/0x550 [ 632.930721][ C0] Code: fc ff df 48 89 fa 48 c1 ea 03 0f b6 14 02 48 89 f8 83 e0 07 83 c0 03 38 d0 7c 08 84 d2 0f 85 d8 01 00 00 83 ab 84 04 00 00 01 <75> 3b 48 8d bb 88 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa [ 632.930747][ C0] RSP: 0018:ffffc90003b7f870 EFLAGS: 00000246 [ 632.930768][ C0] RAX: 0000000000000007 RBX: ffff888064f45b80 RCX: ffffc90003b7f86c [ 632.930786][ C0] RDX: 0000000000000000 RSI: ffffffff8dc1bf08 RDI: ffff888064f46004 [ 632.930803][ C0] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000007 [ 632.930819][ C0] R10: 0000000000000200 R11: 0000000000018854 R12: ffffc90003b7f968 [ 632.930835][ C0] R13: ffffc90003b7f918 R14: ffffc90003b7fef8 R15: ffffc90003b7f94c [ 632.930854][ C0] FS: 00007f78c8f97880(0000) GS:ffff8881245e2000(0000) knlGS:0000000000000000 [ 632.930885][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 632.930902][ C0] CR2: 0000001b30dd6ff8 CR3: 000000006485c000 CR4: 00000000003526f0 [ 632.930920][ C0] Call Trace: [ 632.930933][ C0] [ 632.930945][ C0] unwind_next_frame+0x3c8/0x1ea0 [ 632.930981][ C0] ? do_unlinkat+0x285/0x6e0 [ 632.931017][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 632.931050][ C0] arch_stack_walk+0x94/0xf0 [ 632.931083][ C0] ? __x64_sys_unlink+0xc5/0x110 [ 632.931120][ C0] stack_trace_save+0x8e/0xc0 [ 632.931149][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 632.931178][ C0] ? link_path_walk+0xf28/0x1cc0 [ 632.931204][ C0] ? step_into_slowpath+0xb77/0xf50 [ 632.931231][ C0] kasan_save_stack+0x30/0x50 [ 632.931263][ C0] ? kasan_save_stack+0x30/0x50 [ 632.931294][ C0] ? kasan_save_track+0x14/0x30 [ 632.931324][ C0] ? __kasan_slab_alloc+0x89/0x90 [ 632.931358][ C0] ? kmem_cache_alloc_lru_noprof+0x2c7/0x7d0 [ 632.931393][ C0] ? __d_alloc+0x34/0xa80 [ 632.931423][ C0] ? d_alloc+0x4a/0x1e0 [ 632.931453][ C0] ? lookup_one_qstr_excl+0x175/0x250 [ 632.931491][ C0] ? do_unlinkat+0x285/0x6e0 [ 632.931548][ C0] kasan_save_track+0x14/0x30 [ 632.931580][ C0] __kasan_slab_alloc+0x89/0x90 [ 632.931615][ C0] kmem_cache_alloc_lru_noprof+0x2c7/0x7d0 [ 632.931649][ C0] ? __d_lookup+0x25c/0x4a0 [ 632.931672][ C0] ? __d_alloc+0x34/0xa80 [ 632.931706][ C0] ? __d_alloc+0x34/0xa80 [ 632.931736][ C0] __d_alloc+0x34/0xa80 [ 632.931773][ C0] d_alloc+0x4a/0x1e0 [ 632.931811][ C0] lookup_one_qstr_excl+0x175/0x250 [ 632.931854][ C0] ? mnt_want_write+0x161/0x450 [ 632.931891][ C0] do_unlinkat+0x285/0x6e0 [ 632.931929][ C0] ? __might_fault+0xc5/0x140 [ 632.931965][ C0] ? __pfx_do_unlinkat+0x10/0x10 [ 632.932013][ C0] ? getname_flags.part.0+0x1c5/0x540 [ 632.932062][ C0] __x64_sys_unlink+0xc5/0x110 [ 632.932102][ C0] do_syscall_64+0xc9/0xf80 [ 632.932143][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 632.932176][ C0] RIP: 0033:0x7f78c8915937 [ 632.932198][ C0] Code: 00 00 e9 a9 fd ff ff 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 5f 00 00 00 0f 05 c3 0f 1f 84 00 00 00 00 00 b8 57 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 8b 15 91 b4 0d 00 f7 d8 64 89 02 b8 [ 632.932224][ C0] RSP: 002b:00007ffe423b4718 EFLAGS: 00000202 ORIG_RAX: 0000000000000057 [ 632.932247][ C0] RAX: ffffffffffffffda RBX: 0000000000000bb8 RCX: 00007f78c8915937 [ 632.932265][ C0] RDX: 0000000000000000 RSI: 0000000025ab8e00 RDI: 000056079cc5902e [ 632.932282][ C0] RBP: 0000000000000000 R08: 0000000025b8d2c7 R09: 0000000000000000 [ 632.932298][ C0] R10: 00007f78c905f000 R11: 0000000000000202 R12: 0000000000000000 [ 632.932314][ C0] R13: 000056079cc74100 R14: 0000000000000001 R15: 0000000000000000 [ 632.932341][ C0] [ 633.301167][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 633.301259][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 633.301382][ T31] Tainted: [L]=SOFTLOCKUP [ 633.301412][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 633.301466][ T31] Call Trace: [ 633.301497][ T31] [ 633.301536][ T31] dump_stack_lvl+0x100/0x190 [ 633.301653][ T31] vpanic+0x20d/0x630 [ 633.301731][ T31] panic+0xd1/0xd1 [ 633.301805][ T31] ? __pfx_panic+0x10/0x10 [ 633.301892][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 633.302048][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 633.302178][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 633.302303][ T31] ? watchdog.cold+0x198/0x1ca [ 633.302394][ T31] ? watchdog+0xcd3/0xfe0 [ 633.302488][ T31] watchdog.cold+0x1a9/0x1ca [ 633.302606][ T31] ? __pfx_watchdog+0x10/0x10 [ 633.302694][ T31] ? __kthread_parkme+0x18c/0x230 [ 633.302798][ T31] ? __pfx_watchdog+0x10/0x10 [ 633.302887][ T31] ? __pfx_watchdog+0x10/0x10 [ 633.421913][ T31] kthread+0x3b3/0x730 [ 633.426070][ T31] ? __pfx_kthread+0x10/0x10 [ 633.430737][ T31] ? ret_from_fork+0x79/0xaf0 [ 633.435811][ T31] ? ret_from_fork+0x79/0xaf0 [ 633.441225][ T31] ? rcu_is_watching+0x12/0xc0 [ 633.446068][ T31] ? __pfx_kthread+0x10/0x10 [ 633.450830][ T31] ret_from_fork+0x754/0xaf0 [ 633.455679][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 633.460884][ T31] ? __switch_to+0x7b9/0x10c0 [ 633.465804][ T31] ? __pfx_kthread+0x10/0x10 [ 633.470516][ T31] ret_from_fork_asm+0x1a/0x30 [ 633.475365][ T31] [ 633.479152][ T31] Kernel Offset: disabled [ 633.483708][ T31] Rebooting in 86400 seconds..