last executing test programs: 23m11.987028516s ago: executing program 0 (id=410): close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x4) socket(0x10, 0x2, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x1, 0x100, 0x2ec, 0x5, 0x2, 0x1ff, 0xffffffff, 0x1000, 0x8, 0x2, 0xced80000000003, 0x9, 0x800000003, 0x0, 0x1, 0x7fffffff]}, 0x0, 0x0) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) r0 = openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, &(0x7f0000000180), 0x28400, 0x0) readv$auto(r0, &(0x7f0000000040)={&(0x7f0000000200)="2f36287139474c0a12000000000000", 0xfff}, 0x8) openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, 0x0, 0x2000, 0x0) openat$auto_userio_fops_userio(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x40000b, 0xdf, 0x9b72, 0x2, 0x108000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/wakeup_count\x00', 0xc0082, 0x0) sendfile$auto(r1, r1, 0x0, 0x800400000000ef0) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) madvise$auto(0x1ffff000, 0x7, 0x100000000) mmap$auto(0xfffffffffffffffe, 0x40000c, 0xb, 0x9b72, 0x2, 0xfffffffffffffff7) 23m10.368537622s ago: executing program 0 (id=412): r0 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000002640), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) sendmsg$auto_TIPC_NL_NET_SET(r1, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000040)={0x20, r2, 0x1, 0x70bd2c, 0x25dfdbff, {}, [@TIPC_NLA_NET={0xc, 0x7, 0x0, 0x1, [@typed={0x8, 0x2, 0x0, 0x0, @fd}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x44050}, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) semctl$auto(0x3, 0x7, 0x13, 0x7) r3 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r3, 0x29, 0x20, 0x0, 0x20) ioctl$auto_USB_RAW_IOCTL_INIT(r0, 0x41015500, &(0x7f0000000140)={"a7a018b09bb196a05739a38a73473b93f5452886bc599ef976c54a71a5ce72a9af15390e93a8760df83859e16320e8d0b1161f13d12afae66b1d900a49586aa98d3504ca431aabab1964249251e57fa70517cc19b0e3974dc2a89e90c932b8859c767780d65e849700", "e600d778e82f8b8db7e27a036e39a8ac08de7e036d650e2184857e6b64f6a2c7fb08c6f5ce3828fb4e9498c076bef49c99c9cd91332e12b53664dc20fa879020fbd184c0d300c13be6047a70685ce029fb2385ae6e132c1c6adbcfbd873a3b925d397a08e8733e19ef5ec4f40b0b473c72efd18b8a9e9f3d12c5e44468922beb", 0x3}) socket(0x10, 0x2, 0x0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TEMP(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=ANY=[@ANYBLOB="770e", @ANYRES16=0x0, @ANYBLOB="080028bd7000fddbdf250300000008000600020000000c0014"], 0x28}, 0x1, 0x0, 0x0, 0x4}, 0x405b) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0xbc, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x4000000000009, 0xa505}, 0x800}, 0x4, 0x4008) r4 = socket(0x29, 0x2, 0x0) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[], 0x1ac}}, 0x40000) recvmmsg$auto(r5, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r4, 0x89fb, 0x24) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) epoll_create$auto(0xffffffff) io_pgetevents$auto(0x7, 0x9, 0x7ff, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x1}}) close_range$auto(0x2, 0x8, 0x1f) 23m9.362210246s ago: executing program 0 (id=415): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/43:480/min_ratio\x00', 0x2062, 0x0) openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000000040), 0x821c1, 0x0) mmap$auto(0x1, 0xd, 0x1, 0xeb1, 0x1, 0x8001) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xffffffffffffffff, 0x4, 0x8, 0x9b70, 0x2, 0xe8) r2 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/uid_map\x00', 0x12000, 0x0) setsockopt$auto_SO_NOFCS(r2, 0x3, 0x2b, &(0x7f0000000080)='+\x00', 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) syslog$auto(0x3, 0x0, 0x5) syz_open_procfs$namespace(0x0, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) bpf$auto(0x9, &(0x7f0000000100)=@token_create={0x2}, 0x9) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20007fff, 0x5, 0x100000eb1, 0x405, 0x81) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) ioctl$sock_SIOCGIFINDEX(r1, 0x89fc, &(0x7f0000000000)={'ip_vti0\x00'}) write$auto(r0, &(0x7f0000000200)='1\x00\\GL\'\xb4\xb7\xb5tF\\\n\xd5\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket(0xa, 0x3, 0xff) setsockopt$auto(0x400000000000003, 0x29, 0x16, 0x0, 0x20056b) close_range$auto(0x2, 0x8, 0x0) write$auto(r0, &(0x7f00000005c0)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) 23m9.066669316s ago: executing program 0 (id=417): madvise$auto_MADV_GUARD_REMOVE(0x4, 0x6, 0x67) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) io_uring_setup$auto(0x6, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) socket(0xa, 0x2, 0x88) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) munmap$auto(0x200000008000, 0xffffffff) (async) bpf$auto(0x100, &(0x7f00000000c0)=@link_detach={r0}, 0xf) (async) r1 = open(0x0, 0x221c2, 0x84) (async, rerun: 32) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000280)='/dev/dsp1\x00', 0x48080, 0x0) (rerun: 32) ioctl$auto_SNDCTL_DSP_GETTRIGGER(r2, 0x80045010, &(0x7f00000002c0)) r3 = bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0xc) (async, rerun: 32) r5 = clone$auto(0x20003b4a, 0x8, 0x0, 0x0, 0x2) (rerun: 32) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001780), r4) sendmsg$auto_NETDEV_CMD_QSTATS_GET(r3, &(0x7f0000001880)={&(0x7f0000001740)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000001840)={&(0x7f00000017c0)={0x58, r7, 0x200, 0x70bd25, 0x25dfdbfe, {}, [@NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0x7}, @NETDEV_A_QSTATS_IFINDEX={0x8}, @NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0x3}, @NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0x6}, @NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0xfffffffffffffff7}, @NETDEV_A_QSTATS_SCOPE={0xc, 0x4, 0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0xc001}, 0x4000004) (async) r8 = socket(0x10, 0x2, 0x0) (async) r9 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r8, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000500)={0x20, r9, 0x1, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_WOL_MODES={0xc, 0x2, 0x0, 0x1, [@nested={0x8, 0xa, 0x0, 0x1, [@generic="7b45aec0"]}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x801}, 0x40) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000180), 0xffffffffffffffff) (async, rerun: 64) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000000)={'ip6gre0\x00', 0x0}) (async, rerun: 64) ioctl$auto_XFS_IOC_ALLOCSP64(0xffffffffffffffff, 0x40305824, &(0x7f0000000040)={0x5c0b, 0x9, 0x81, 0x7, 0x2f2, 0xffffffffffffffff}) sendmsg$auto_OVS_DP_CMD_NEW(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000004540)={&(0x7f00000002c0)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r11, @ANYBLOB="01002bbd7000ffdbdf250100000008000900", @ANYRES32=r12, @ANYBLOB="08000200", @ANYRES32=r13, @ANYBLOB="110001006f76735f12120000000007000000000008000200", @ANYBLOB="b26e1dd5426ede2a709f359e8e96beee7e5145a2ba9f638080092694299c2e7b4772fb370c9160913d5ab61b3e181e2eebbe97cec7695c75ff7479cce602371db272049e9632ca7df2177e6de1ed61663da6f1456e05ef29000c7a7ce86d497d54ed1e8477623f28701f504b68dd0ca119"], 0x40}, 0x1, 0x0, 0x0, 0x4015}, 0x2000000) (async) msgctl$auto_MSG_STAT(0x40, 0xb, &(0x7f00000002c0)={{0x4000, 0x0, 0xffffffffffffffff, 0x1c, 0x3, 0xfffffffc, 0x8}, &(0x7f0000000040), &(0x7f0000000080)=0x5, 0x4, 0x8001, 0x2fe, 0x2, 0x8, 0x3, 0x5, 0x7, @inferred=r5, @raw=0x1}) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r6, &(0x7f0000001700)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)={0x1394, r9, 0x2, 0x70bd2d, 0x25dfdbfb, {}, [@ETHTOOL_A_WOL_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xc9}]}, @ETHTOOL_A_WOL_SOPASS={0x8, 0x3, "3588a552"}, @ETHTOOL_A_WOL_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_WOL_HEADER={0x4}, @ETHTOOL_A_WOL_SOPASS={0x6, 0x3, "cf63"}, @ETHTOOL_A_WOL_MODES={0x14, 0x2, 0x0, 0x1, [@typed={0xe, 0x8a, 0x0, 0x0, @str='s\x00ev/dsp1\x00'}]}, @ETHTOOL_A_WOL_MODES={0x1160, 0x2, 0x0, 0x1, [@nested={0x1050, 0x13d, 0x0, 0x1, [@typed={0x1004, 0x12b, 0x0, 0x0, @binary="aae517e2d859fd8c74cb1c0a9436995003e15b5450d637dd278672d352209d56ec22038a6d08e28dfafb1adb9f2f13c1535b7b0f3bb16f9ec237eac2d4b173c9716adb60761622c8d60d2d2513d97b2e1821c764a72355ca84ec5cf2ced1fe6405859dfde042b64fb313e803121f7d0afa2dc0b910ec58501d8678ef77c709d492c66cd5754b6047ef79ba541e85ffb9f813f2ab6d8d2f0636fede9d4001191894d1868f3cb2ba272cff177755ae58c1c377b5c50c75baa376cd2eb2139f014000842166b00726524ca62ee0865d752e3fbe4a72f22d687bbc8b934ad7ba60bfb9b352caf03c5f7b487f57d44295a0bb39885263bbf6a417ff27186ae3de9b802449d0607dd81540ca91b1f321b4136218f839131a3712a0e7a7d8f06593304e8f7e57a9afc1d26637e7c0328288a9460ee88d2a144b93afed05633dce4f27d350b805c0e9c9e8882d7ffe6a24282ba4ae2bacece35ff69850dd0bf90c3921f9092961ccd333d6a02229a4828edfd527003b5530cfc1762eb128c85a84ae19c79e5b03eb2d734c96eb9c7a225e908ed8b12c9bc5333ef50e48b6a4ab239d01c8f33f6504ec4ee83afa227470c34a8b6adc06a7a2c90fe2da69cfb6ea78c054cfc6ce076bdaf4a2ce1bb1561193c0e0db760346aeaa5d0526ae79e1551d22bd1a986be0c54d016454dd8acb66ba40557c02303b946e60903f3b43d51e7fe13fe83e2695cc8dbcca806485e943e28530e519dc793dabb11b873b2e2ab3e0f6d4f6f0e938692eb78ec7c34a94ca519b19be88ee4ebbff7d6f9cd064dd401336a828a998162407b14586b8cc1d7731915e35c56067240e8a56c7b3c020d2f39b39d68ac60e8545e1ec6a636de8a02fa68a24db657db2a30a11fd2694fdf6a22c36c24904c5c239b14e7129cc04688998706d231a6b3e9c9c110fced65f4fd4d259ff428d8c11db5506cb1b75dcb7849fcb19e9baa40c2842196d2757144342c1af91f0790387e5805e95ed52d2c909f6cb4efd878817583345bf5493a0cdd99d9573a1e3d9bcf90aa5f5a068ce00db1ddcb62d8a164e537c089b52bc280c68d359ea4e89c078462888bc3e53bb2accd7a20360f4eba2424760404d9238fce3e4c6316a3b432a45d203672d690fb011562414b53b5b2b9797324b5256956c84b15ad272dab93ff75ff9b81c283820d6b3f2e1b1fcfbd21babc945aed1360055cc12837f96c0e5fc24cb205965b3428607fd52cec3da28bc5881d3123c5d4d3460f419a3320e2c74757149e4e7c7807e4c7344aad72eda0dcc603c778c09d3b8b06bc02628da540884253f8fcd4084780076082bef797071d2ee57a9276ee9f1a598d4434b877840fee23b97ccd9a32317e8afcc45aad2485cae10beb6ac577723bd69aa0072b58aa5ca315bcfb6ff5e677546a03ca80cfbef19edab4413f19ddce5cff6938f039d3cb702bdc72deb57f33e35f0f52b8a872903f28bf43d34eb21a769d2675fc596e4157cf2a4a3cbbdc4bf3d35b1eaed884bf8b1e10fbf2cd3ce70bc7f9601a82cfbeb10d51ebd4facda2e5d03ad6f27a0879f34fcf146b702169c310747c9898fe52c2dca9815198686b22c5ff8d36c9618ab064f841894385bfeee3b062c09df4b1f441ea606aee94e1e7c07f2ee0eaae31241adc228dbb626751cddc1fc358b5353190894043a6516e631208d4de9de5e4cd800b09f341fb1d601ce3974bf515d3c51c592c79e8f7bca7339c0fe2a8252fc09d094c27ccf5ada32b39207e38397cdd8dcc31f36efe790e183153f0f529cb49807bb1f8ad1b766b8d42d4e846202bb346287fc989069f6cf8a9aa0b845b6a9df5ad10a6fac06842eaff47d110ae6bff1445ebd472ab66fa4f05a7fb8f9dba46a0f93727c69533861200e6ee4f82d40991ab0109b49b0849e4795e5542434963dcdfd2a252305c47ce6c325b6502844dd88b71c138ea419fc25f2e90bd1ef2679c00394f9fe4cb71c67a223193f9a80d8705f3429ea5c6fb32a9632c3a01296729ab3128a6043219057c032e56da39c2f69e6e3fe8ea9072619d99417e1559802ea3e955a07779965c7e172490da97fa63db4f2263b1d04a5c4a9613118d3314f8d23e0fcfe83956ea648ed72a0f49be0f1981540c8429e8509e16c15b0e4d34465e596d7e75aa8b6095e69479377dc4465473f978b48c091a84d9dbf56505a655cd170ed3e293e391b1213e0b628f140ab33742d8695b6517359c7c56db9f67da8f1b5356ae81f1aa56310095dc30cff3ac593d0e3df99d99dc91b69d3111bebdd2ea2ad782f807a31d6998291db375404fae98218623bb572124daddf531bcfd2c6ec0734360eec6484b87ff0e76c191e64cf52bdbe8aeccd5290ab64384c62e82f8b08f85a19ee4a2c3f5ebf8c236b905703bf648fa1243ec6e8d26c0cd89821b09de5142ada0f6de26223fd0d83639aff581ce0b9a4f85e9b4e0962b8b0cf2a55482b81390b3facf1b2417c38174ff693d1c94a1cff9d6194569756b33549a21973cb673d5f7c470517f86804fddcd96920fcedce8bc943574748a6e050dcf4057c5e4962498fcb1c0def1d93a21ff7236fff68099d78fa1a3d9633b231c1d56db0448861c769e37b3d4a5d3a91d241c727a41cfac9a32fe47263a6125c13bb595065884a976e06ec4d7d6c8e467e73dac632176eff0a15d18edf393abb91250f6995889d91eba9ef2358939e445f2d8f0d16bda4dbff47e33db25b94527bad90e138a5f61faafa3c3688d9a4d16612f8cad5b87cf860843081649356c9f069ba7d26c5290b87e8647c38fbb0ea61503dc32c8a2e27ff0256ed3413248743662ff9566997d60c9b81b48da4e291202e5e7f3287f0ed36d6deb5525412aab203091e320d6bad565d937ac33bf3e29f2f851801756f647855db1cf94d0106e81b6fc32773863453abb6a054f125868d90e62bb87b4d070e382c4e25c24fe32f42d8206d83fd7844c0e88dde8acf932259eaae788726e7d04b5090ed2f317ff6b8d89e0fffc5b0d301992c06db8256c25bfaf0dbae48dc40bca3aca4cec6f3a24fe4c7045c55a81a1d28b245072a7b66c59a3df02a3eef044470b591118a1cec50e3c577ffddbe806258ed9a7567948c414160c5173fcfbd7315a50a99f590af94b4a6420538f72a371db21240caaaceea523c968900df7e9a36115b8c1680bc273c45f762981b8b84bbd5de1c7f3da5a73681b615f384a45e2b2d18c5f0457a4fb967778ca1df3862163d74de777e3a0a06c883c1ae90eb1c4666e6d0148b0350cd6a2c2c4f7ed15ab8fe1907d065a1e8738ba3e1187f92eef9c0030da2f5b0e3d812acf2878db3ffea6eca5ed99ed9c314a16a89829ad9d91680e391c018363cccb615b6e7a22ed66348f9f12d0d5860d8d48bdd8a8ef42a49e1d3e62b5e4ac7d859393df8d8a75dc992c93770e6ebc6bee3300dfacda3345abee5f839ec51d375dfc551f2a8d38082bb12cca35c5db47887e172c881ee65d5bb93add27b4fe592a6e90fafadd5a9c1931298df7303895be7bdb104430dfcc6fdeb4cfb5cd0dd54e8c5331aeb886dbe8ea5f9d076ae4c3453029c3d97636fc16d31726efaeb36886e27ad349d7fe095b306bc965657721a8f20f485016368e37ad0cba868e8f5872c8dadcd367850997e6297bb75db4114f9f55b534f812848ec113d8e14ccd1e1caf43bb7241a14a28764e69ec2230f630a999ddfbd6491b53dc2dd088ca1e3e246afd637d9f86d53dabbd6746048bb54ce2b851b5ff809f25c96faf81628c72300481211de39abcb9dd3f96cb9ef31f290d487450610d4abef54181ba028c3e62b672e853e8e8bc13849b48b5b463b82ee66ec38c2f323106feb444b9a1435528886a6229c838792db97160394d74ad66d5431ebef6979556562d98b81c2e8505f43135a1f6136ae0b0416c861216b1b441304231f30f9234fa02f15bdc79111ac52e05abefabb5c5ce39807fa3c2c974d86667df11194869f4dfb4d46eb0b185d9458ebb039811bf5ba9b7577533a321db58e8c4bd0af62f40a7818789c18860c5c8d77ded33cfe2708917b34bb025398dfe7c05b824641bb4d552b1812dd76da973b7d181f7ace291c395c4397a7ab65085e6623f63fd33aabcf6277b0152681fa7b04ecbab0070c63675f99fe9b53c7e16091a4cd336cceaa76ee1d9dc8439f825c14f806fb42764d2eb7f5643d6550b5e9c95f17a40ba5ca09cdc29712f298a44d8f6798566c09611951a4faed0ade65113517c7cc6965c2c2754e5bafa310ab4c09924c330b1f9dd2bf774880cc816d3de1fd54bbf494043d031935974ae09605acf69fb2b5361b448c73724019f31e1b624823cf76f009b51457e0ced2805d3614529bd22898372c6f51cf47f3d60e989cf9acff7e0741b6f74655a723f751d07915b98f3e07eedbefc6c5d06b89a89924da4d95a92f9a768c676a44707a4613853f3c18fa4878e4ac828b2c6c96cf1d3ce08002f59ff4c4a144381ed43913d594de738fbe35d267443db9c40f1bdc4dca8515039c194af27b2b6ae06547039985acb870bad1b44938112c00d2dd3d62197989bb38045355bb59d846831426ecc3c2cc6a7fc77c3e69157dece11e1dbfad87708bb30304592f796b1ded52f077f06ec392693d5e2f7c64804e3f7897f0531a66f8226038b973e73a2eac33aff37c6f8916f43e4990994954b785b1cccec8a01ab022a07a67dea1a8c4c8a09a41b8e5d0b5ab0d070d49eba1b63c27b148267dccf0388a71c3ae313920a636e968b8fd2f5b0b831d091819b170eb36fb74efaa0edddfde370499b658d77dbe6902571f95aaf18dc8a171c8930192f7e0c30596d4c2b74744c52a978ea48901efbbcd76629bf7b03a6a3bf57f6a3c8ac79f21658ed584c9aeeadfe1553fd06ba8532c9ec2132aa5aac626372dbd79452fc3f407f2fa2b0726e0624aeea3db6a18ba7a39f358e5543eb099520184ac8c728d10b901a0a42b97deb61a2ba46ddb9921ac68377898166a63f32e15bfe5ceb3821bbda22f6114b34c4c1a2cc4edc2d4ace95a15a86e6f8fefaed7249f7f611d7953931495bbbe471652315c47502afe5b3660f687b983b9cb0bd88eb3a32eb1cf597fb13a1a6dd07c5ca59b44c7e874bbdb73b0d80fd65d303af6b205a11474cb660cb924f010c020224db0fc50813ba86b8e5cc413fa23c3770bf672ca9bd9cb4b7bee0c9afb42dcf852966682ef2df515a069fc5aee74b316f9de817a989a8cb47a75e0a2396632b1909ca2628e5a41b4dbf4ccdd72a49db1a4b2c1c97805cd2d79336b42c41c362d917b9e38bf58b402301fec42a3ebd262ed765a3aaa87559bfa3ce8f8da19e0f4d171d6bdbf62076c8348bfd67692dc1c6fde3ac0492864a6c16cd491e308e58f5d0e7b07e968382fd32d5c01165deb5d791affa22b24ee2573164dadc2c54a49861ea8b3a54ee03b1ffd945d38fdb02cd01d3d656deaace3a6ecaa8abddce94477f67c0594a5a23e1c111b77799c4de1ddf3dbbd5fd9c8d6426bd339488fd11874255e385108f03aef22ae6239a05a6a770535ad1d500348853e7e648d62016420d0be1265dd91b11b319a1aa1098bc89a09d38e34385372e291a187ccb222e54f1985b86401528ae3d58164c0437e4b630187d85e034aebc3b8d3ab14763e540a7c2f7f337b5dedc32425f80b668dffc1930d9619825e4bd6f3d7348768156af191005b2a6555cbfd963499324555d5733cad60855f846cfa59cd88856171bd72afafa6699d540269d5"}, @generic="bd1b87c036ac5d4021ce586427f6c0364c1cf66abae59e2819cbfba2ec", @typed={0x8, 0x85, 0x0, 0x0, @pid=r5}, @nested={0x4, 0x8b}, @nested={0x4, 0x9c}, @nested={0x4, 0x3d}, @generic="c222ebebda42c8373ea83d", @nested={0x4, 0x5c}, @nested={0x4, 0xdf}, @nested={0x4, 0xe6}]}, @typed={0x8, 0xfc, 0x0, 0x0, @fd=r4}, @nested={0x75, 0x118, 0x0, 0x1, [@generic="bb9a2d2f675e4408c59124e166ccfc5f510914076ed84887cbceced7ed4a4a7c47cb59ffc6d8dbcfbe213be75fe0962815fdc30e98feb4d34ec5a83b7f0f48720c98f6b61acf41de396dff65f6e671169f3cbbc714", @nested={0x4, 0x1f}, @nested={0x4, 0x86}, @typed={0xc, 0x87, 0x0, 0x0, @u64=0x478}, @nested={0x4, 0x109}, @nested={0x4, 0x14e}]}, @typed={0x5c, 0x128, 0x0, 0x0, @binary="81efb068c9dab12d25d53dc5b3f146948c3c4d888e172362820e430cc28031353839989d081381c5c7e6c74a0e36067b82e3e217695a7cc3a90323c24a585c2d51e997b6de079de4d06fd90892667253227ecdc5a4380042"}, @typed={0x8, 0xe5, 0x0, 0x0, @uid=r14}, @nested={0x28, 0x78, 0x0, 0x1, [@typed={0x4, 0x104}, @nested={0x4, 0xa9}, @nested={0x4, 0x14e}, @nested={0x4, 0x9e}, @typed={0x14, 0x123, 0x0, 0x0, @ipv6=@mcast2}]}]}, @ETHTOOL_A_WOL_MODES={0x1c2, 0x2, 0x0, 0x1, [@generic="f261a84b0134db840f67b0ccd0921bee7c6ccf443c24a2d62e1d25d437341c2251e16d764bd6aa8bd8ae1ef71bacba921f52c5529f95aff98a8d9f0ee405dd2d3b56eeb1410c39bc21465f5376e3b5e4d8ffa2b9dc5f5f144f250a119c2792b9e7e07d8f010fc90ab19ea92fe18ff652e0defc1338557ed47f90f815d8b924b9394adda43430cf401865e4b724e46957a101a785066a5467db174aadb938030305aedefb5fe4033f23a4b7c199da690cab6ae1ff5eb17e090a220409c16aa3b67b6076ec59cffdebd3e375acbc4c46f93820161d5e6a069a5b11f613f00df83e15fe7bfb5f72efb33f8dd9fed94b81e4d43d659d734574ff60e9ba90cb9d", @nested={0x95, 0x11e, 0x0, 0x1, [@typed={0x8, 0x140, 0x0, 0x0, @str='.+-\x00'}, @nested={0x4, 0x4a}, @typed={0x14, 0x1d, 0x0, 0x0, @ipv6=@empty}, @generic="6d8466e7528fed1e3d10adf0211c28129fad6d8c27ebdaa941cfa20b263a3e2dc31adf7b249dbe76c96ecce8b415c0e9dd12430ece7898c6a8124f83799eba9888b953321f92051a230c7fd31c5575e8b985ffa00f9b271ad7f72ec723acb2f10c750c582877706986e727f51bdfc6a75d"]}, @typed={0x14, 0x96, 0x0, 0x0, @ipv6=@dev={0xfe, 0x80, '\x00', 0x3e}}, @typed={0xc, 0x22, 0x0, 0x0, @u64}, @typed={0x8, 0x85, 0x0, 0x0, @pid=r5}]}]}, 0x1394}, 0x1, 0x0, 0x0, 0x8000}, 0x20009884) 23m7.859689967s ago: executing program 0 (id=420): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) lgetxattr$auto(0x0, &(0x7f0000000780)='\xda--\x00', 0x0, 0x100) r0 = ioctl$auto_TUNSETVNETBE2(0xffffffffffffffff, 0x400454de, 0x0) ioctl$auto_TIOCGPGRP(r0, 0x540f, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r0, 0x28000) mmap$auto(0x8f0c, 0xb5, 0xdd, 0x10, 0xffffffffffffffff, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/dirty_writeback_centisecs\x00', 0x163041, 0x0) write$auto(0x3, 0x0, 0xfdef) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000140), 0x1fffffffb}, 0x6, 0xfffffffffffffffc) kill$auto(r1, 0x6) socketpair$auto(0xfffffffb, 0x8, 0x7, &(0x7f0000000140)=0x80) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptydc\x00', 0x800, 0x0) mmap$auto(0xfffffffffffff, 0xfffffffffffffffd, 0x4400000000e3, 0x40eb1, 0x401, 0x2fffffffffff) write$auto(0x3, 0x0, 0xffd8) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) futex$auto(&(0x7f00000003c0)=0x58, 0x5, 0x3, 0x0, &(0x7f0000000080)=0x3, 0xfffffffb) mmap$auto(0x0, 0x4000d, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/kernel/perf_event_max_sample_rate\x00', 0x2300, 0x0) openat$auto_proc_coredump_filter_operations_base(0xffffffffffffff9c, &(0x7f0000000100), 0x344902, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000e40)='/sys/devices/pci0000:00/0000:00:01.3/config\x00', 0x2, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)=""/231, 0xe7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'hsr0\x00'}) close_range$auto(0xffffffffffffffff, r0, 0x8000) 23m2.7469004s ago: executing program 0 (id=434): ioctl$auto_NS_GET_MNTNS_ID(0xffffffffffffffff, 0x8008b705, &(0x7f0000000000)=0x8) setfsgid$auto(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x8}) 22m47.659144566s ago: executing program 32 (id=434): ioctl$auto_NS_GET_MNTNS_ID(0xffffffffffffffff, 0x8008b705, &(0x7f0000000000)=0x8) setfsgid$auto(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) capget$auto(0x0, 0xfffffffffffffffe) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x8}) 7.908458639s ago: executing program 4 (id=6812): r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/graphics/fbcon/rotate_all\x00', 0xa001, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x80) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="0100dbdf2597000000d494bebd14381d1ff02053f68c1f0bf84c470964f5d3ffa4eef3d4fcb09c16847597aeea455c076817da6297301472394bfa0000000000000000b4593744b299191a1ec15a4aa9858c4bc5b4aedf9d7dd28c762aef9224e5e49994a4c5de32aed895e32950fdb4f9785e900d816f22f80af768c380ac91cbf4dfe6ebdc51b22b59eb863fb2a013181016b2e615308dbbfa01c2308913630be0964fc9307d933bbae5b4ee2232f6be35b8d9beb66707ee227294a2b60b1098d4c681abe88dfc12d3480ee172b8421a7a08"], 0x14}, 0x1, 0x0, 0x0, 0x4004080}, 0x448c4) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) socket(0x1e, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/bdi/7:5/strict_limit\x00', 0x62, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r3, 0x0, 0x24000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msgget$auto(0xc, 0x77d9) msgrcv$auto(0x0, 0x0, 0x4, 0x9, 0x3) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) msgctl$auto(0x0, 0x1, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="ed03667ddcd6d026df250a00000a00000200252f00e2a85c41e75a02715b2d"], 0x51}, 0x1, 0x0, 0x0, 0x24050803}, 0x10004010) 6.811505396s ago: executing program 4 (id=6817): mremap$auto(0x110c230000, 0x0, 0xffff, 0x3, 0x0) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) madvise$auto(0xffef00f5, 0x400053, 0x9) madvise$auto(0x0, 0x100000000, 0x3) 6.666572897s ago: executing program 4 (id=6818): socket(0x2, 0x1, 0x0) mmap$auto(0x4000000000000000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x3, 0x5, 0x7, 0x0) setsockopt$auto(0x3, 0x0, 0x18, 0x0, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) bind$auto(0x3, 0x0, 0x6a) 6.610619723s ago: executing program 2 (id=6819): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) r0 = openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ubifs/chk_orphans\x00', 0x1a3080, 0x0) read$auto_dfs_global_fops_debug(r0, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) mmap$auto(0x0, 0x20007, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) ustat$auto(0x801, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(r1, 0x7ab, 0x0) socket(0x10, 0x2, 0x2) r2 = socket(0x2a, 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) timer_create$auto(0x7, 0x0, &(0x7f0000000140)=0x6) timer_delete$auto(0x0) select$auto(0xd, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x4, 0x7fff, 0x1a000, 0x80000948b, 0x0, 0x8, 0x400000006, 0x100000000003, 0xc, 0x9, 0x3, 0x6, 0x400005, 0x5]}, 0x0) r3 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sequencer\x00', 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r3, &(0x7f0000000c80)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba4291bae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d7b519a855da7ac6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc000cd84061c93c71f29bfe841c873ad2aa0565dfaeb86c8b8e58ea2075de2a562ba1b5dc4ca452df21f25453b7c7f9a3e31547f4e803cefbac3b94715f2ab1f9fc66570244472f2f29deb9bdf6dc5b18d54e3c2264f9598f2ea749d170a66d351acf003c3f37fe74a09a8a964ce2818e4b4efd1eb0e3bca5dfd2a053eeb5735b96d282d2e03866bd6581b5e5e541c74f0b92b932b234ac117342f156b4b23fc6dcbc92ada00ce404f54443b6e7fdac9acb79e5258a865ced633ff5356d13a3e9923bcd8e6d177c9fb8618f9393798d90d70c78207e40f95bb2b0a9308f29f4331bbdfc1021dface5a740473b462c47286fee1c9d0036c78134e108b5b218d3022fd277e1cdf0cdf8cd4b37d74c8dd47e00e50fcf8d336978a0e7624f94b8fdcd1c9459201231f", 0x2f7) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000001c0), r2) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14040141}, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto_BPF_PROG_GET_FD_BY_ID(0xd, 0x0, 0x7fff) 6.498640956s ago: executing program 4 (id=6820): close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x40080, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/controlC2\x00', 0x361101, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0x5452, &(0x7f0000000080)={0x80, 0xbed0}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = io_uring_setup$auto(0x401, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) ioctl$auto_MEMLOCK(r1, 0x40084d05, &(0x7f00000000c0)={0xfffffffe, 0x7fffffff}) timer_gettime$auto(0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xcff, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) munmap$auto(0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) bind$auto(0x3, 0x0, 0x68) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000240), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000840)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_DEL_PMK(r4, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000880)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="01002c010000fbdbdf257bfffff208000300", @ANYRES32=r6], 0x1c}, 0x1, 0x0, 0x0, 0x48880}, 0x80) ioctl$auto_KVM_GET_MSRS(r2, 0x4008ae90, &(0x7f0000000440)={0x3, 0x0, [{0x4, 0x71f, 0x1}, {0x10002, 0x6, 0xa}, {0x0, 0x2, 0x7}, {0x487f, 0x2, 0xfffffffffffffff7}]}) 5.646679574s ago: executing program 2 (id=6824): mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0x400eb1, 0xfffffffffffffffa, 0x8000) r0 = getpgrp(0x0) syz_open_procfs$namespace(r0, &(0x7f00000001c0)='ns/user\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/block/nbd3/queue/iosched/front_merges\x00', 0x2041, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000240)={"ef65ce6c000700", 0x3ff, 0x408, 0xc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) madvise$auto(0x0, 0x5, 0x15) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000000000)="351ff6218163cce8505bf40fca856149f185354f86f6766b73aeb066b2a65290e689cb5a9cd45a63766508ae821ea42a555887244ce3a5676c4a8f62c1dadfd6efc8b8dd0eae0c03292f536b2b5042c923", 0x51) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="180027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) r3 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0x217102, 0x0) recvmmsg$auto(r3, 0x0, 0xd, 0xc, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0xca, 0x0, 0x2d9) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, 0x0, 0x40800) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 4.40172166s ago: executing program 1 (id=6825): mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2a, 0x2, 0x1) connect$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x1, 0xfffffffe}, 0x55) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x10002}, 0x1) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0xa, 0x801, 0x106) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xe0a80, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0x4030ae7b, r1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x200000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0xffffffffffffffff, 0x0) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0x280, 0x0) pread64$auto(r3, 0x0, 0x8, 0x8) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r4, 0x560e, r4) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0d566b3dd008e4edd9650200000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x200000c4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/pm_async\x00', 0x183941, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="010600bd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) r5 = socket(0xa, 0x2, 0x9) sendmmsg$auto(r5, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x6, 0x1}, 0x5}, 0x3, 0x0) 4.351832371s ago: executing program 4 (id=6826): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sda\x00', 0x14fa42, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x22a001, 0x0) socket(0x10, 0x2, 0x0) r0 = openat$auto_fragmentation_threshold_ops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/fragmentation_threshold\x00', 0x400, 0x0) read$auto_fragmentation_threshold_ops_(r0, 0x0, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1001ff000) fsopen$auto(0x0, 0x1) prctl$auto(0x1000000003b, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0xfffffffffffffffa, 0x9, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, r2) mmap$auto(0x2, 0x1, 0x4000000000df, 0x78, r2, 0x300000000000) r4 = socket(0x1d, 0x3, 0x1) getsockopt$auto(r4, 0x65, 0x6, 0xffffffffffffffff, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r5, r5, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) 4.331957627s ago: executing program 2 (id=6827): r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0xe, 0x1, 0x0, 0x5eaf, 0x8) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x8) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010026bd7000ffdbdf250400000014001a80ffff04800c0001"], 0x28}, 0x1, 0x0, 0x0, 0x894}, 0x4) openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000000), 0x82000, 0x0) futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4002, 0x4}, 0x77, 0xfffffffc, 0x0, 0x62bd) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c003b", @ANYRES8], 0x1ac}, 0x1, 0x0, 0x0, 0x800}, 0x40000) mmap$auto(0x0, 0x1, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) mmap$auto(0x1, 0x20009, 0xdf, 0xeb1, 0x401, 0x1000008000) r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x580, 0x0) sendfile$auto(0x1, r3, 0x0, 0x1f) (fail_nth: 3) prctl$auto(0x3e, 0x4000000000001, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0xffffffffffffffff, 0x4b45, 0xffffffffffffffff) getsockopt$auto_SO_RCVBUF(r2, 0x1, 0x8, &(0x7f0000000000)='/sys/fs/o2cb/logmask/DLMFS\x00', &(0x7f00000001c0)=0x2) socket(0x18, 0x2, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) close_range$auto(0x2, 0xa, 0x0) fanotify_init$auto(0x9, 0x2c9) dup2$auto(0x5, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 3.870869157s ago: executing program 1 (id=6828): socket(0x11, 0x80003, 0x300) r0 = socket(0x10, 0x2, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'dummy0\x00'}) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x100842, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r2, 0x5404, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r2, 0x5404, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000180), r0) 3.617248883s ago: executing program 1 (id=6829): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/execdomains\x00', 0x40500, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/250, 0xfa) sendmsg$auto_NL80211_CMD_START_NAN(0xffffffffffffffff, 0x0, 0x0) (async) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000140), 0x8800, 0x0) (async) sysfs$auto(0x2, 0x10000000000002d, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) (async) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, 0x0) ioctl$auto_IOCTL_VMCI_CTX_ADD_NOTIFICATION(r1, 0x7af, 0x0) (async) r2 = memfd_create$auto(0x0, 0x4) statx$auto(r2, 0x0, 0x1000, 0xbdf9, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/dummy_udc.4/udc/dummy_udc.4/function\x00', 0x0, 0x0) r3 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5r5, 0x4, 0x5}, 0x7, 0x0, 0x0, 0x8) setsockopt$auto(r6, 0x6, 0x13, &(0x7f0000000040)=')[\x00', 0x9) r7 = openat$auto_rfkill_fops_core(0xffffffffffffff9c, 0x0, 0x40, 0x0) r8 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r4) sendmsg$auto_NL80211_CMD_DEL_INTERFACE(r2, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="18005aeeeab543709765593cb2d0a2281f030000", @ANYRES16=r8, @ANYBLOB="00012dbd7000fddbdf250800000004004400"], 0x18}, 0x1, 0x0, 0x0, 0x840}, 0x8004800) ioctl$auto(0x3, 0xc0086202, r7) connect$auto(r4, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x23}}, 0x54) read$auto(0x3, 0x0, 0x7fffffff) setsockopt$auto_SO_KEEPALIVE(0xffffffffffffffff, 0x9, 0x9, &(0x7f0000000080)='%&+#*\xfa*\xfc\x00', 0x8) 534.405712ms ago: executing program 3 (id=6839): socket(0x3, 0x6, 0x20000a) connect$auto(0x3, &(0x7f0000000080)=@qipcrtr={0x2a, 0xffffffff}, 0x53) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x8}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0xe981, 0x6, 0x16, 0xffffffffffffffff, 0x3) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(r2, 0x0, 0x9a4, 0x6fffffd) mmap$auto(0x3, 0x10000000000088, 0xdf, 0x13, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x7, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x10001, 0x7, 0x8001, 0x7ffffff8, 0x5, 0x7, 0x5, 0x61, 0x103}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 407.985096ms ago: executing program 3 (id=6840): mmap$auto(0x0, 0x2020007, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000340)="000000000000000008d57137b670548072a564ef92511eb134ea109407e098217afaf01967a2abb4f9f862f8ebd2941bb068", 0xffffffff}, 0x6, 0x0) move_pages$auto(0x0, 0x1001, 0x0, 0x0, 0x0, 0x0) r1 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r2 = socket(0x2, 0x3, 0x6) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) memfd_create$auto(0x0, 0x2) ioctl$sock_SIOCGIFINDEX(r2, 0x401c5820, 0x0) ioctl$auto(0xffffffffffffffff, 0x5393, r1) 342.409631ms ago: executing program 3 (id=6841): r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/maps\x00', 0x40302, 0x0) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000080)={0x101, 0x34, 0x7fff, 0x5, 0x80000000009, 0x1, 0x800, 0x101, 0x5, 0x207f93, 0xfffffffe, 0x7ffffffd, 0x3, 0x7, 0x5}) r1 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f0000000080)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) lsm_list_modules$auto(0x0, 0x0, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x80000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, 0x0) socket(0x11, 0x2, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x7, 0x10000006, 0x48}) prctl$auto(0x59616d61, 0xffffffffffffffff, 0x1, 0x1004, 0xfffffffffffffffb) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0xac2e6400, 0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) adjtimex$auto(0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) close_range$auto(0x2, 0x8, 0x0) r3 = io_uring_setup$auto(0x1, 0x0) close_range$auto(r3, r3, 0x0) ioctl$auto_TUNSETSNDBUF2(r3, 0x400454d4, &(0x7f0000000000)=0x200) clone$auto(0x2000020003b4a, 0x6, 0x0, 0x0, 0x103) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/mm/ksm/merge_across_nodes\x00', 0x808882, 0x0) write$auto(r4, &(0x7f00000004c0)='1\x00\\\xa0\x04|\xfd\xca\x12\xfa\b\x1c\xc7k\x923\xe05\"3n\x84n#\xd1\xcaso\v\xf0\xda\xbb\x86\xbcX\xb4\x999\\\xa8&;<\xca\xa8\x05\x9d\x9e-\xc3\x93\xaa\xda\x02\x03\xddUbHu\x01\x00\n\x00\xac\xa7\x93T\aA\xbd\xc0\xb8K\xd7\xed\xcbP\xa1\xfe\xc7\xa1\x8b\xa7\x02\xad\xbc\xfaq*0F\xff&\xbb+\x9b\xe2\xbfd\xf7\xde\xb40\x1d=\x99\xe2\x06\xbf\x9cNS\xbf\x82\x9c\xfb', 0x3) 83.395786ms ago: executing program 1 (id=6842): r0 = socket(0x10, 0x2, 0xc) r1 = syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/virtual/graphics/fbcon/rotate_all\x00', 0xa001, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_WIPHY(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x80) sendmsg$auto_NL80211_CMD_MODIFY_LINK_STA(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4004080}, 0x448c4) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) socket(0x1e, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/bdi/7:5/strict_limit\x00', 0x62, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r3, 0x0, 0x24000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) msgget$auto(0xc, 0x77d9) msgrcv$auto(0x0, 0x0, 0x4, 0x9, 0x3) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) msgctl$auto(0x0, 0x1, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="ed03667ddcd6d026df250a00000a00000200252f00e2a85c41e75a02715b2d"], 0x51}, 0x1, 0x0, 0x0, 0x24050803}, 0x10004010) 0s ago: executing program 4 (id=6843): r0 = socket(0x10, 0x2, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon1\x00', 0x1e3880, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty48\x00', 0x40000, 0x0) ioctl$auto_TIOCSWINSZ2(r3, 0x5414, &(0x7f0000000080)="d82acbd815") mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r4 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r4, 0xffffffffc0603d0f, 0x0) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'dummy0\x00'}) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/cgroup\x00') sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(r0, &(0x7f0000000000)='-\x00', 0x2fb) kernel console output (not intermixed with test programs): es in process `syz.3.6091'. [ 1428.850087][T31258] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6096'. [ 1428.957140][T31262] futex_wake_op: syz.1.6095 tries to shift op by -2048; fix this program [ 1429.077576][T31259] 0x000000000001-0x000000020000 : "" [ 1429.107837][T31262] futex_wake_op: syz.1.6095 tries to shift op by -2048; fix this program [ 1429.185669][T31259] ftl_cs: FTL header corrupt! [ 1429.389697][T31273] block nbd8: shutting down sockets [ 1430.719915][T31302] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6105'. [ 1431.080209][T31310] netlink: 'syz.3.6110': attribute type 5 has an invalid length. [ 1431.128976][T31310] netlink: 'syz.3.6110': attribute type 1 has an invalid length. [ 1431.183446][T31314] netlink: 'syz.3.6110': attribute type 5 has an invalid length. [ 1431.213110][T31310] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6110'. [ 1431.255938][T31314] netlink: 'syz.3.6110': attribute type 1 has an invalid length. [ 1431.287252][T31314] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6110'. [ 1431.557493][T31328] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1433.282250][T31365] block nbd8: shutting down sockets [ 1433.810987][T31384] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6127'. [ 1433.869638][T31387] netlink: 'syz.3.6129': attribute type 4 has an invalid length. [ 1434.223452][T31391] block nbd8: shutting down sockets [ 1435.555618][T31419] block nbd8: shutting down sockets [ 1436.573703][T31436] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1437.955997][T31454] block nbd8: shutting down sockets [ 1438.005659][T31461] FAULT_INJECTION: forcing a failure. [ 1438.005659][T31461] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1438.084905][T31461] CPU: 0 UID: 0 PID: 31461 Comm: syz.4.6149 Tainted: G L syzkaller #0 PREEMPT(full) [ 1438.084935][T31461] Tainted: [L]=SOFTLOCKUP [ 1438.084942][T31461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1438.084952][T31461] Call Trace: [ 1438.084959][T31461] [ 1438.084966][T31461] dump_stack_lvl+0x100/0x190 [ 1438.084995][T31461] should_fail_ex.cold+0x5/0xa [ 1438.085015][T31461] _copy_from_user+0x2e/0xd0 [ 1438.085036][T31461] sg_new_write.isra.0+0x44e/0xb10 [ 1438.085063][T31461] ? __pfx_sg_new_write.isra.0+0x10/0x10 [ 1438.085109][T31461] sg_write+0x9c9/0xdb0 [ 1438.085134][T31461] ? __pfx_sg_write+0x10/0x10 [ 1438.085159][T31461] ? __pfx_aa_file_perm+0x10/0x10 [ 1438.085199][T31461] ? bpf_lsm_file_permission+0x9/0x10 [ 1438.085220][T31461] ? security_file_permission+0x76/0x210 [ 1438.085241][T31461] ? rw_verify_area+0xce/0x6d0 [ 1438.085270][T31461] vfs_write+0x2aa/0x1070 [ 1438.085289][T31461] ? __pfx_sg_write+0x10/0x10 [ 1438.085312][T31461] ? __pfx_vfs_write+0x10/0x10 [ 1438.085328][T31461] ? find_held_lock+0x2b/0x80 [ 1438.085351][T31461] ? __fget_files+0x215/0x3d0 [ 1438.085369][T31461] ? __fget_files+0x215/0x3d0 [ 1438.085389][T31461] ? __fget_files+0x21f/0x3d0 [ 1438.085413][T31461] ksys_write+0x12a/0x250 [ 1438.085430][T31461] ? __pfx_ksys_write+0x10/0x10 [ 1438.085454][T31461] do_syscall_64+0x106/0xf80 [ 1438.085470][T31461] ? clear_bhb_loop+0x40/0x90 [ 1438.085492][T31461] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1438.085510][T31461] RIP: 0033:0x7f3c2eb9bf79 [ 1438.085526][T31461] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1438.085544][T31461] RSP: 002b:00007f3c2fad2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1438.085562][T31461] RAX: ffffffffffffffda RBX: 00007f3c2ee15fa0 RCX: 00007f3c2eb9bf79 [ 1438.085573][T31461] RDX: 0000000000008587 RSI: 0000200000000040 RDI: 0000000000000004 [ 1438.085584][T31461] RBP: 00007f3c2fad2090 R08: 0000000000000000 R09: 0000000000000000 [ 1438.085595][T31461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1438.085605][T31461] R13: 00007f3c2ee16038 R14: 00007f3c2ee15fa0 R15: 00007fffe1022468 [ 1438.085627][T31461] [ 1439.470973][T31485] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6155'. [ 1439.793942][T31479] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1440.416042][T15939] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1440.423839][T15939] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1440.464380][T15939] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1440.510207][T15939] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1440.558436][T15939] rtc rtc0: __rtc_set_alarm: err=-22 [ 1441.194924][T31506] futex_wake_op: syz.4.6161 tries to shift op by -2048; fix this program [ 1441.237336][T31506] futex_wake_op: syz.4.6161 tries to shift op by -2048; fix this program [ 1441.295713][T31507] 0x000000000001-0x000000020000 : "" [ 1441.368262][T31507] ftl_cs: FTL header corrupt! [ 1441.586022][T31488] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1441.753575][T31513] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6163'. [ 1441.868872][T31515] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6164'. [ 1441.940586][T31515] FAULT_INJECTION: forcing a failure. [ 1441.940586][T31515] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1442.008683][T31515] CPU: 0 UID: 0 PID: 31515 Comm: syz.4.6164 Tainted: G L syzkaller #0 PREEMPT(full) [ 1442.008717][T31515] Tainted: [L]=SOFTLOCKUP [ 1442.008723][T31515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1442.008734][T31515] Call Trace: [ 1442.008740][T31515] [ 1442.008748][T31515] dump_stack_lvl+0x100/0x190 [ 1442.008779][T31515] should_fail_ex.cold+0x5/0xa [ 1442.008799][T31515] get_futex_key+0x1d2/0x1620 [ 1442.008831][T31515] ? __pfx_get_futex_key+0x10/0x10 [ 1442.008861][T31515] ? __pfx____sys_sendmsg+0x10/0x10 [ 1442.008893][T31515] futex_wake+0xea/0x530 [ 1442.008917][T31515] ? __pfx_futex_wake+0x10/0x10 [ 1442.008947][T31515] do_futex+0x32b/0x350 [ 1442.008965][T31515] ? __pfx_do_futex+0x10/0x10 [ 1442.008983][T31515] ? fput+0x79/0x100 [ 1442.009004][T31515] ? __sys_sendmsg+0x18f/0x220 [ 1442.009028][T31515] __x64_sys_futex+0x34f/0x4d0 [ 1442.009048][T31515] ? __pfx___x64_sys_futex+0x10/0x10 [ 1442.009065][T31515] ? xfd_validate_state+0x129/0x190 [ 1442.009095][T31515] do_syscall_64+0x106/0xf80 [ 1442.009112][T31515] ? clear_bhb_loop+0x40/0x90 [ 1442.009134][T31515] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1442.009153][T31515] RIP: 0033:0x7f3c2eb9bf79 [ 1442.009168][T31515] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1442.009186][T31515] RSP: 002b:00007f3c2fad20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1442.009204][T31515] RAX: ffffffffffffffda RBX: 00007f3c2ee15fa8 RCX: 00007f3c2eb9bf79 [ 1442.009216][T31515] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3c2ee15fac [ 1442.009227][T31515] RBP: 00007f3c2ee15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1442.009238][T31515] R10: 0000000000000040 R11: 0000000000000246 R12: 0000000000000000 [ 1442.009249][T31515] R13: 00007f3c2ee16038 R14: 00007fffe1022380 R15: 00007fffe1022468 [ 1442.009271][T31515] [ 1442.430748][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1442.450908][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1442.472935][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1442.495564][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1442.511024][ T797] rtc rtc0: __rtc_set_alarm: err=-22 [ 1443.188302][T31530] zswap: compressor not available [ 1443.610379][T31542] futex_wake_op: syz.1.6173 tries to shift op by -2048; fix this program [ 1443.652325][T31542] futex_wake_op: syz.1.6173 tries to shift op by -2048; fix this program [ 1443.691369][T31542] 0x000000000001-0x000000020000 : "" [ 1443.733960][T31542] ftl_cs: FTL header corrupt! [ 1444.035171][T31552] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6175'. [ 1444.045194][T31546] ptrace attach of "./syz-executor exec"[26235] was attempted by ""[31546] [ 1444.464226][T31564] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6177'. [ 1444.617865][T31572] netlink: 16 bytes leftover after parsing attributes in process `syz.1.6176'. [ 1444.659789][T31573] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1445.516635][T31579] zswap: compressor not available [ 1445.719618][T31597] vivid-007: ================= START STATUS ================= [ 1445.754738][T31597] vivid-007: Generate PTS: true [ 1445.773993][T31597] vivid-007: Generate SCR: true [ 1445.783885][T31591] futex_wake_op: syz.1.6184 tries to shift op by -2048; fix this program [ 1445.798098][T31597] tpg source WxH: 320x240 (Y'CbCr) [ 1445.808903][T31591] futex_wake_op: syz.1.6184 tries to shift op by -2048; fix this program [ 1445.818629][T31597] tpg field: 1 [ 1445.830825][T31597] tpg crop: (0,0)/320x240 [ 1445.838487][T31597] tpg compose: (0,0)/320x240 [ 1445.849002][T31591] 0x000000000001-0x000000020000 : "" [ 1445.856660][T31597] tpg colorspace: 8 [ 1445.865106][T31597] tpg transfer function: 0/0 [ 1445.880869][T31591] ftl_cs: FTL header corrupt! [ 1445.893493][T31597] tpg Y'CbCr encoding: 0/0 [ 1445.914174][T31597] tpg quantization: 0/0 [ 1445.932810][T31597] tpg RGB range: 0/2 [ 1445.948613][T31597] vivid-007: ================== END STATUS ================== [ 1446.510653][T31605] ptrace attach of "./syz-executor exec"[26533] was attempted by ""[31605] [ 1446.712619][T31625] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6191'. [ 1447.001888][T31633] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1447.232753][T31636] zswap: compressor not available [ 1448.461382][T31680] zswap: compressor not available [ 1448.722212][T31692] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6212'. [ 1448.958681][T31671] Process accounting paused [ 1449.313509][T31707] block nbd8: shutting down sockets [ 1450.818977][T31734] zswap: compressor not available [ 1452.115035][T31758] netlink: 16 bytes leftover after parsing attributes in process `syz.4.6227'. [ 1452.774567][T31771] openvswitch: netlink: Duplicate key (type 15). [ 1453.068661][T31781] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6235'. [ 1453.560430][T31791] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1453.843048][T31796] ptrace attach of "./syz-executor exec"[27784] was attempted by ""[31796] [ 1454.003235][T31807] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6240'. [ 1454.299894][T31813] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6242'. [ 1455.088996][T31836] block nbd8: shutting down sockets [ 1456.109015][T31857] ptrace attach of "./syz-executor exec"[26533] was attempted by ""[31857] [ 1456.742365][T31868] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6255'. [ 1457.606888][T31881] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1457.922351][T31888] zswap: compressor not available [ 1458.021704][T31897] netlink: 342 bytes leftover after parsing attributes in process `syz.2.6262'. [ 1458.399989][T31900] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6263'. [ 1458.418212][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1458.450296][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1458.505103][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1458.512659][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1458.601708][ T797] rtc rtc0: __rtc_set_alarm: err=-22 [ 1458.654978][T31879] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1459.416313][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1459.455160][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1459.511939][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1459.549803][ T797] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1459.621777][ T797] rtc rtc0: __rtc_set_alarm: err=-22 [ 1459.792134][T31930] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6269'. [ 1460.545519][T31944] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6273'. [ 1460.625052][T31946] FAULT_INJECTION: forcing a failure. [ 1460.625052][T31946] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1460.639848][ T29] audit: type=1804 audit(1843104913.275:38): pid=31947 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.6272" name="/newroot/329/file0" dev="tmpfs" ino=1711 res=1 errno=0 [ 1460.704087][T31946] CPU: 0 UID: 0 PID: 31946 Comm: syz.4.6274 Tainted: G L syzkaller #0 PREEMPT(full) [ 1460.704119][T31946] Tainted: [L]=SOFTLOCKUP [ 1460.704126][T31946] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1460.704136][T31946] Call Trace: [ 1460.704143][T31946] [ 1460.704150][T31946] dump_stack_lvl+0x100/0x190 [ 1460.704179][T31946] should_fail_ex.cold+0x5/0xa [ 1460.704200][T31946] _copy_to_user+0x32/0xd0 [ 1460.704221][T31946] simple_read_from_buffer+0xcb/0x170 [ 1460.704253][T31946] proc_fail_nth_read+0x1af/0x230 [ 1460.704274][T31946] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1460.704295][T31946] ? rw_verify_area+0xce/0x6d0 [ 1460.704322][T31946] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1460.704341][T31946] vfs_read+0x1e4/0xb30 [ 1460.704362][T31946] ? __pfx_vfs_read+0x10/0x10 [ 1460.704379][T31946] ? __fget_files+0x215/0x3d0 [ 1460.704401][T31946] ? __fget_files+0x21f/0x3d0 [ 1460.704425][T31946] ksys_read+0x12a/0x250 [ 1460.704442][T31946] ? __pfx_ksys_read+0x10/0x10 [ 1460.704465][T31946] do_syscall_64+0x106/0xf80 [ 1460.704482][T31946] ? clear_bhb_loop+0x40/0x90 [ 1460.704504][T31946] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1460.704522][T31946] RIP: 0033:0x7f3c2eb5c84e [ 1460.704537][T31946] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1460.704555][T31946] RSP: 002b:00007f3c2fad1fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1460.704573][T31946] RAX: ffffffffffffffda RBX: 00007f3c2fad26c0 RCX: 00007f3c2eb5c84e [ 1460.704585][T31946] RDX: 000000000000000f RSI: 00007f3c2fad20a0 RDI: 0000000000000003 [ 1460.704603][T31946] RBP: 00007f3c2fad2090 R08: 0000000000000000 R09: 0000000000000000 [ 1460.704614][T31946] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1460.704624][T31946] R13: 00007f3c2ee16038 R14: 00007f3c2ee15fa0 R15: 00007fffe1022468 [ 1460.704647][T31946] [ 1460.983082][ T29] audit: type=1804 audit(1843104913.336:39): pid=31948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.6272" name="/newroot/329/file0" dev="tmpfs" ino=1711 res=1 errno=0 [ 1461.850155][T31955] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1462.568056][T31980] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6284'. [ 1463.124847][T31994] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6287'. [ 1463.516656][T31996] zswap: compressor not available [ 1465.032028][T22041] Bluetooth: hci5: unexpected event 0x33 length: 124 > 10 [ 1465.560204][T32059] netlink: 'syz.1.6305': attribute type 5 has an invalid length. [ 1465.647988][T32059] netlink: 'syz.1.6305': attribute type 1 has an invalid length. [ 1465.655749][T32059] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6305'. [ 1465.750255][T32064] netlink: 'syz.1.6305': attribute type 5 has an invalid length. [ 1465.786411][T32064] netlink: 'syz.1.6305': attribute type 1 has an invalid length. [ 1465.831492][T32064] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6305'. [ 1466.583851][T32068] ptrace attach of "./syz-executor exec"[25314] was attempted by ""[32068] [ 1466.816355][T32080] sp0: Synchronizing with TNC [ 1467.717565][T32057] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1468.063245][T32099] block nbd8: shutting down sockets [ 1468.424012][ T5875] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1468.455619][ T5875] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1468.504604][ T5875] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1468.548905][ T5875] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1468.595764][ T5875] rtc rtc0: __rtc_set_alarm: err=-22 [ 1473.210729][T32168] bridge0: port 3(team0) entered blocking state [ 1473.340388][T32168] bridge0: port 3(team0) entered disabled state [ 1473.497106][T32168] team0: entered allmulticast mode [ 1473.611926][T32168] team_slave_0: entered allmulticast mode [ 1473.710405][T32168] team_slave_1: entered allmulticast mode [ 1473.778113][T32168] team0: entered promiscuous mode [ 1473.846200][T32168] team_slave_0: entered promiscuous mode [ 1473.852069][T32168] team_slave_1: entered promiscuous mode [ 1473.945181][T32168] bridge0: port 3(team0) entered blocking state [ 1473.951537][T32168] bridge0: port 3(team0) entered forwarding state [ 1475.898085][T32215] futex_wake_op: syz.4.6344 tries to shift op by -2048; fix this program [ 1476.030339][T32215] futex_wake_op: syz.4.6344 tries to shift op by -2048; fix this program [ 1476.186601][T32211] 0x000000000001-0x000000020000 : "" [ 1476.314789][T32211] ftl_cs: FTL header corrupt! [ 1476.841830][T32223] ptrace attach of "./syz-executor exec"[25314] was attempted by ""[32223] [ 1478.318041][T32253] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1478.541087][T32259] netlink: 28 bytes leftover after parsing attributes in process `syz.3.6359'. [ 1478.602306][T32259] ima: policy update failed [ 1478.606931][ T29] audit: type=1802 audit(1843104931.359:40): pid=32259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.6359" res=0 errno=0 [ 1479.111201][T32270] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6362'. [ 1479.459688][T32255] Process accounting resumed [ 1479.475216][T32269] ptrace attach of "./syz-executor exec"[26533] was attempted by ""[32269] [ 1480.248710][T32285] block nbd8: shutting down sockets [ 1481.266566][T32316] i2c i2c-0: delete_device: Can't find device in list [ 1482.314696][T32327] block nbd8: shutting down sockets [ 1483.009394][T32341] ptrace attach of "./syz-executor exec"[26533] was attempted by ""[32341] [ 1483.077103][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1483.091208][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1483.295653][T32348] block nbd8: shutting down sockets [ 1484.261671][T32359] futex_wake_op: syz.3.6388 tries to shift op by -2048; fix this program [ 1484.301429][T32359] futex_wake_op: syz.3.6388 tries to shift op by -2048; fix this program [ 1485.193399][T32376] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6391'. [ 1485.245033][T32376] netlink: 'syz.3.6391': attribute type 1 has an invalid length. [ 1485.280840][T32376] netlink: 13 bytes leftover after parsing attributes in process `syz.3.6391'. [ 1485.794621][T32389] unchecked MSR access error: WRMSR to 0x418 (tried to write 0x0000000000000322) at rIP: 0xffffffff81b0181a (__mcheck_cpu_init_prepare_banks+0x18a/0x380) [ 1485.810652][T32389] Call Trace: [ 1485.813964][T32389] [ 1485.816905][T32389] ? __pfx___mcheck_cpu_init_prepare_banks+0x10/0x10 [ 1485.823594][T32389] ? debug_object_deactivate+0x2e4/0x3b0 [ 1485.829256][T32389] ? __pfx_debug_object_deactivate+0x10/0x10 [ 1485.835260][T32389] mce_cpu_restart+0xd5/0x1f0 [ 1485.839964][T32389] ? __pfx_mce_cpu_restart+0x10/0x10 [ 1485.845252][T32389] smp_call_function_many_cond+0x119e/0x14a0 [ 1485.851242][T32389] ? __pfx_mce_cpu_restart+0x10/0x10 [ 1485.856543][T32389] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1485.862368][T32389] ? lockdep_hardirqs_on+0x78/0x100 [ 1485.867576][T32389] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1485.873390][T32389] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 1485.879730][T32389] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 1485.885725][T32389] ? __timer_delete_sync+0x151/0x1c0 [ 1485.891103][T32389] ? __pfx_mce_cpu_restart+0x10/0x10 [ 1485.896392][T32389] on_each_cpu_cond_mask+0x40/0x90 [ 1485.901515][T32389] set_bank+0x240/0x3a0 [ 1485.905699][T32389] ? __pfx_set_bank+0x10/0x10 [ 1485.910381][T32389] ? find_held_lock+0x2b/0x80 [ 1485.915084][T32389] ? sysfs_file_kobj+0xe4/0x290 [ 1485.919955][T32389] ? sysfs_file_kobj+0xe4/0x290 [ 1485.924817][T32389] ? __pfx_set_bank+0x10/0x10 [ 1485.929498][T32389] dev_attr_store+0x58/0x80 [ 1485.934008][T32389] ? __pfx_dev_attr_store+0x10/0x10 [ 1485.939206][T32389] sysfs_kf_write+0xf2/0x150 [ 1485.943805][T32389] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1485.949099][T32389] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1485.954315][T32389] vfs_write+0x6ac/0x1070 [ 1485.958662][T32389] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1485.964516][T32389] ? __pfx_vfs_write+0x10/0x10 [ 1485.969316][T32389] ksys_write+0x12a/0x250 [ 1485.973673][T32389] ? __pfx_ksys_write+0x10/0x10 [ 1485.978538][T32389] do_syscall_64+0x106/0xf80 [ 1485.983140][T32389] ? clear_bhb_loop+0x40/0x90 [ 1485.987823][T32389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1485.993720][T32389] RIP: 0033:0x7fbcf599bf79 [ 1485.998135][T32389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1486.017760][T32389] RSP: 002b:00007fbcf68a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1486.026190][T32389] RAX: ffffffffffffffda RBX: 00007fbcf5c15fa0 RCX: 00007fbcf599bf79 [ 1486.034162][T32389] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000003 [ 1486.042132][T32389] RBP: 00007fbcf5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1486.050104][T32389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1486.058080][T32389] R13: 00007fbcf5c16038 R14: 00007fbcf5c15fa0 R15: 00007fff39824b48 [ 1486.066062][T32389] [ 1486.278671][T32391] i2c i2c-0: delete_device: Can't find device in list [ 1486.343096][T32386] block nbd8: shutting down sockets [ 1486.879190][T32404] __vm_enough_memory: pid: 32404, comm: syz.3.6396, bytes: 4398046511104 not enough memory for the allocation [ 1488.088643][T32423] futex_wake_op: syz.4.6406 tries to shift op by -2048; fix this program [ 1488.116301][T32423] futex_wake_op: syz.4.6406 tries to shift op by -2048; fix this program [ 1488.151984][T32424] 0x000000000001-0x000000020000 : "" [ 1488.199527][T32424] ftl_cs: FTL header corrupt! [ 1489.588303][T32446] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6415'. [ 1489.801605][T22041] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 1490.196751][T32464] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1490.846725][T32475] futex_wake_op: syz.3.6420 tries to shift op by -2048; fix this program [ 1490.879219][T32475] futex_wake_op: syz.3.6420 tries to shift op by -2048; fix this program [ 1491.364534][T32479] ptrace attach of "./syz-executor exec"[27784] was attempted by ""[32479] [ 1494.008227][T32550] ptrace attach of "./syz-executor exec"[26235] was attempted by ""[32550] [ 1494.409978][T32567] netlink: 'syz.2.6438': attribute type 5 has an invalid length. [ 1494.435630][T32567] netlink: 'syz.2.6438': attribute type 1 has an invalid length. [ 1494.468834][T32567] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6438'. [ 1494.496505][T32568] netlink: 'syz.2.6438': attribute type 5 has an invalid length. [ 1494.527430][T32568] netlink: 'syz.2.6438': attribute type 1 has an invalid length. [ 1494.562763][T32568] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6438'. [ 1496.276666][T32599] block nbd8: shutting down sockets [ 1496.664550][T32608] netlink: 334 bytes leftover after parsing attributes in process `syz.4.6449'. [ 1496.990703][ T29] audit: type=1800 audit(1843104949.834:41): pid=32618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6451" name="lu_gp_id" dev="configfs" ino=163131 res=0 errno=0 [ 1497.741573][T32633] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6453'. [ 1498.007598][T32640] vivid-007: ================= START STATUS ================= [ 1498.055810][T32640] vivid-007: Generate PTS: true [ 1498.079131][T32640] vivid-007: Generate SCR: true [ 1498.116522][T32640] tpg source WxH: 320x240 (Y'CbCr) [ 1498.161973][T32640] tpg field: 1 [ 1498.175699][T32640] tpg crop: (0,0)/320x240 [ 1498.212011][T32640] tpg compose: (0,0)/320x240 [ 1498.216656][T32640] tpg colorspace: 8 [ 1498.313103][T32640] tpg transfer function: 0/0 [ 1498.317726][T32640] tpg Y'CbCr encoding: 0/0 [ 1498.430310][T32640] tpg quantization: 0/0 [ 1498.527388][T32640] tpg RGB range: 0/2 [ 1498.531342][T32640] vivid-007: ================== END STATUS ================== [ 1498.644333][T32638] ptrace attach of "./syz-executor exec"[26533] was attempted by ""[32638] [ 1499.207170][T32656] block nbd8: shutting down sockets [ 1499.263925][T32604] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1499.416112][ T5875] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1499.458987][ T5875] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1499.512137][ T5875] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1499.548782][ T5875] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1499.604949][ T5875] rtc rtc0: __rtc_set_alarm: err=-22 [ 1499.883858][T32664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6461'. [ 1500.515268][T32682] bridge0: port 4(gretap0) entered blocking state [ 1500.566831][T32682] bridge0: port 4(gretap0) entered disabled state [ 1500.594395][T32682] gretap0: entered allmulticast mode [ 1500.613492][T32682] FAULT_INJECTION: forcing a failure. [ 1500.613492][T32682] name failslab, interval 1, probability 0, space 0, times 0 [ 1500.641423][T32682] CPU: 0 UID: 0 PID: 32682 Comm: syz.3.6462 Tainted: G L syzkaller #0 PREEMPT(full) [ 1500.641456][T32682] Tainted: [L]=SOFTLOCKUP [ 1500.641463][T32682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1500.641474][T32682] Call Trace: [ 1500.641480][T32682] [ 1500.641488][T32682] dump_stack_lvl+0x100/0x190 [ 1500.641525][T32682] should_fail_ex.cold+0x5/0xa [ 1500.641546][T32682] should_failslab+0xc2/0x120 [ 1500.641570][T32682] kmem_cache_alloc_noprof+0x83/0x780 [ 1500.641592][T32682] ? __kernfs_new_node+0xd2/0x960 [ 1500.641626][T32682] ? __kernfs_new_node+0xd2/0x960 [ 1500.641648][T32682] __kernfs_new_node+0xd2/0x960 [ 1500.641674][T32682] ? __pfx___kernfs_new_node+0x10/0x10 [ 1500.641704][T32682] ? find_held_lock+0x2b/0x80 [ 1500.641728][T32682] ? kernfs_root+0xee/0x2a0 [ 1500.641750][T32682] ? kernfs_root+0xee/0x2a0 [ 1500.641779][T32682] kernfs_new_node+0x11b/0x1a0 [ 1500.641809][T32682] __kernfs_create_file+0x53/0x350 [ 1500.641831][T32682] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1500.641859][T32682] sysfs_create_file_ns+0x145/0x1e0 [ 1500.641882][T32682] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 1500.641903][T32682] ? kernfs_create_link+0x1bd/0x240 [ 1500.641923][T32682] ? kernfs_put+0x3f/0x60 [ 1500.641946][T32682] ? sysfs_do_create_link_sd+0xbb/0x140 [ 1500.641973][T32682] br_sysfs_addif+0xe4/0x210 [ 1500.641998][T32682] br_add_if+0x701/0x1b40 [ 1500.642020][T32682] ? security_capable+0x80/0x260 [ 1500.642050][T32682] add_del_if+0x114/0x160 [ 1500.642072][T32682] br_dev_siocdevprivate+0x8ac/0x1650 [ 1500.642094][T32682] ? __lock_acquire+0x4a5/0x2630 [ 1500.642112][T32682] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1500.642143][T32682] ? do_raw_spin_lock+0x128/0x260 [ 1500.642170][T32682] ? mark_held_locks+0x40/0x70 [ 1500.642191][T32682] ? netdev_name_node_lookup+0x107/0x150 [ 1500.642210][T32682] ? __mutex_lock+0x26a/0x1b90 [ 1500.642231][T32682] dev_ifsioc+0xc15/0x1eb0 [ 1500.642254][T32682] ? __pfx_dev_ifsioc+0x10/0x10 [ 1500.642273][T32682] ? __pfx___mutex_lock+0x10/0x10 [ 1500.642299][T32682] ? dev_load+0x8e/0x240 [ 1500.642317][T32682] ? dev_load+0x8e/0x240 [ 1500.642341][T32682] dev_ioctl+0x70e/0x1070 [ 1500.642363][T32682] sock_ioctl+0x494/0x6b0 [ 1500.642382][T32682] ? __pfx_sock_ioctl+0x10/0x10 [ 1500.642397][T32682] ? hook_file_ioctl_common+0x146/0x410 [ 1500.642421][T32682] ? __fget_files+0x21f/0x3d0 [ 1500.642443][T32682] ? __pfx_sock_ioctl+0x10/0x10 [ 1500.642460][T32682] __x64_sys_ioctl+0x18e/0x210 [ 1500.642490][T32682] do_syscall_64+0x106/0xf80 [ 1500.642506][T32682] ? clear_bhb_loop+0x40/0x90 [ 1500.642528][T32682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1500.642548][T32682] RIP: 0033:0x7fbcf599bf79 [ 1500.642563][T32682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1500.642582][T32682] RSP: 002b:00007fbcf6886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1500.642601][T32682] RAX: ffffffffffffffda RBX: 00007fbcf5c16090 RCX: 00007fbcf599bf79 [ 1500.642619][T32682] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000007 [ 1500.642630][T32682] RBP: 00007fbcf5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1500.642641][T32682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1500.642652][T32682] R13: 00007fbcf5c16128 R14: 00007fbcf5c16090 R15: 00007fff39824b48 [ 1500.642678][T32682] [ 1500.644230][T32682] gretap0: left allmulticast mode [ 1501.682274][T32700] block nbd8: shutting down sockets [ 1502.006667][T32702] netlink: 330 bytes leftover after parsing attributes in process `syz.3.6472'. [ 1502.187232][T32739] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6474'. [ 1502.242174][T32706] cgroup: fork rejected by pids controller in /syz2 [ 1502.729443][T32764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6476'. [ 1502.773349][T32764] netlink: 354 bytes leftover after parsing attributes in process `syz.1.6476'. [ 1503.819338][ T315] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 1505.602206][ T341] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6487'. [ 1506.088810][ T343] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6489'. [ 1506.242522][ T316] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 1508.654656][ T373] 0x000000000001-0x000000020000 : "" [ 1508.699715][ T373] ftl_cs: FTL header corrupt! [ 1510.400064][ T383] workqueue: Failed to create a rescuer kthread for wq "nfc21_nci_tx_wq": -EINTR [ 1511.725644][ T471] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6506'. [ 1511.798024][ T470] futex_wake_op: syz.4.6505 tries to shift op by -2048; fix this program [ 1511.817440][ T470] futex_wake_op: syz.4.6505 tries to shift op by -2048; fix this program [ 1511.848006][ T470] 0x000000000001-0x000000020000 : "" [ 1511.871433][ T470] ftl_cs: FTL header corrupt! [ 1515.028215][ T513] 0x000000000001-0x000000020000 : "" [ 1515.058494][ T513] ftl_cs: FTL header corrupt! [ 1515.479208][ T346] Process accounting paused [ 1515.752357][ T520] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6517'. [ 1516.750271][ T534] bridge0: port 3(bond0) entered blocking state [ 1516.762434][ T534] bridge0: port 3(bond0) entered disabled state [ 1516.790789][ T534] bond0: entered allmulticast mode [ 1516.800725][ T534] bond_slave_0: entered allmulticast mode [ 1516.820860][ T534] bond_slave_1: entered allmulticast mode [ 1516.847161][ T534] bond0: entered promiscuous mode [ 1516.862150][ T535] FAULT_INJECTION: forcing a failure. [ 1516.862150][ T535] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1516.881387][ T534] bond_slave_0: entered promiscuous mode [ 1516.901448][ T534] bond_slave_1: entered promiscuous mode [ 1516.907187][ T535] CPU: 0 UID: 0 PID: 535 Comm: syz.1.6523 Tainted: G L syzkaller #0 PREEMPT(full) [ 1516.907214][ T535] Tainted: [L]=SOFTLOCKUP [ 1516.907221][ T535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1516.907231][ T535] Call Trace: [ 1516.907237][ T535] [ 1516.907244][ T535] dump_stack_lvl+0x100/0x190 [ 1516.907273][ T535] should_fail_ex.cold+0x5/0xa [ 1516.907293][ T535] _copy_from_user+0x2e/0xd0 [ 1516.907314][ T535] get_timespec64+0x8b/0x1b0 [ 1516.907341][ T535] ? __pfx_get_timespec64+0x10/0x10 [ 1516.907370][ T535] ? common_nsleep+0xa1/0xd0 [ 1516.907399][ T535] __x64_sys_clock_nanosleep+0x1ce/0x480 [ 1516.907425][ T535] ? __pfx___x64_sys_clock_nanosleep+0x10/0x10 [ 1516.907455][ T535] do_syscall_64+0x106/0xf80 [ 1516.907472][ T535] ? clear_bhb_loop+0x40/0x90 [ 1516.907494][ T535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1516.907513][ T535] RIP: 0033:0x7f05c3f5c84e [ 1516.907528][ T535] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1516.907546][ T535] RSP: 002b:00007ffcecab8af8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e6 [ 1516.907564][ T535] RAX: ffffffffffffffda RBX: 000055558be12500 RCX: 00007f05c3f5c84e [ 1516.907575][ T535] RDX: 00007ffcecab8b50 RSI: 0000000000000000 RDI: 0000000000000000 [ 1516.907586][ T535] RBP: 00007f05c4217da0 R08: 0000000000000000 R09: 0000000000000000 [ 1516.907596][ T535] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000001742bc [ 1516.907607][ T535] R13: 00007f05c421609c R14: 0000000000174026 R15: 00007f05c4216090 [ 1516.907629][ T535] [ 1517.085065][ T534] bridge0: port 3(bond0) entered blocking state [ 1517.091446][ T534] bridge0: port 3(bond0) entered forwarding state [ 1518.599130][ T559] block nbd8: shutting down sockets [ 1518.792402][ T568] 0x000000000001-0x000000020000 : "" [ 1518.860421][ T568] ftl_cs: FTL header corrupt! [ 1519.746744][ T587] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6535'. [ 1519.967829][ T595] FAULT_INJECTION: forcing a failure. [ 1519.967829][ T595] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1519.993696][T32720] syz.2.6473 invoked oom-killer: gfp_mask=0xcc0(GFP_KERNEL), order=0, oom_score_adj=1000 [ 1520.005788][ T595] CPU: 0 UID: 0 PID: 595 Comm: syz.3.6537 Tainted: G L syzkaller #0 PREEMPT(full) [ 1520.005818][ T595] Tainted: [L]=SOFTLOCKUP [ 1520.005824][ T595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1520.005834][ T595] Call Trace: [ 1520.005842][ T595] [ 1520.005849][ T595] dump_stack_lvl+0x100/0x190 [ 1520.005879][ T595] should_fail_ex.cold+0x5/0xa [ 1520.005908][ T595] _copy_from_user+0x2e/0xd0 [ 1520.005928][ T595] __sys_bpf+0x243/0x4b90 [ 1520.005957][ T595] ? __pfx___sys_bpf+0x10/0x10 [ 1520.005981][ T595] ? __handle_mm_fault+0x4ec/0x2b50 [ 1520.006011][ T595] ? __lock_acquire+0x4a5/0x2630 [ 1520.006029][ T595] ? css_rstat_updated+0x1ce/0x5a0 [ 1520.006054][ T595] ? __pfx___handle_mm_fault+0x10/0x10 [ 1520.006104][ T595] ? exc_page_fault+0x6f/0xd0 [ 1520.006130][ T595] ? exc_page_fault+0x6f/0xd0 [ 1520.006164][ T595] __x64_sys_bpf+0x7b/0xc0 [ 1520.006190][ T595] ? lockdep_hardirqs_on+0x78/0x100 [ 1520.006218][ T595] do_syscall_64+0x106/0xf80 [ 1520.006234][ T595] ? clear_bhb_loop+0x40/0x90 [ 1520.006256][ T595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1520.006275][ T595] RIP: 0033:0x7fbcf599bf79 [ 1520.006291][ T595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1520.006309][ T595] RSP: 002b:00007fbcf68a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1520.006327][ T595] RAX: ffffffffffffffda RBX: 00007fbcf5c15fa0 RCX: 00007fbcf599bf79 [ 1520.006339][ T595] RDX: 00000000000006f4 RSI: 0000200000000380 RDI: 0000000000000000 [ 1520.006350][ T595] RBP: 00007fbcf68a7090 R08: 0000000000000000 R09: 0000000000000000 [ 1520.006360][ T595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1520.006371][ T595] R13: 00007fbcf5c16038 R14: 00007fbcf5c15fa0 R15: 00007fff39824b48 [ 1520.006394][ T595] [ 1520.324119][T32720] CPU: 0 UID: 0 PID: 32720 Comm: syz.2.6473 Tainted: G L syzkaller #0 PREEMPT(full) [ 1520.324153][T32720] Tainted: [L]=SOFTLOCKUP [ 1520.324160][T32720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1520.324170][T32720] Call Trace: [ 1520.324177][T32720] [ 1520.324184][T32720] dump_stack_lvl+0x100/0x190 [ 1520.324215][T32720] dump_header+0xfb/0x606 [ 1520.324235][T32720] oom_kill_process.cold+0xd/0x321 [ 1520.324257][T32720] out_of_memory+0x340/0x14f0 [ 1520.324281][T32720] ? __pfx_out_of_memory+0x10/0x10 [ 1520.324307][T32720] mem_cgroup_out_of_memory+0xc6/0x130 [ 1520.324334][T32720] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 1520.324360][T32720] ? find_held_lock+0x2b/0x80 [ 1520.324388][T32720] ? do_raw_spin_unlock+0x145/0x1e0 [ 1520.324410][T32720] ? _raw_spin_unlock+0x28/0x50 [ 1520.324438][T32720] try_charge_memcg+0x652/0xc90 [ 1520.324465][T32720] ? __pfx_try_charge_memcg+0x10/0x10 [ 1520.324486][T32720] ? find_held_lock+0x2b/0x80 [ 1520.324509][T32720] ? rcu_read_unlock+0x17/0x60 [ 1520.324531][T32720] ? rcu_read_unlock+0x17/0x60 [ 1520.324561][T32720] charge_memcg+0xa6/0x280 [ 1520.324582][T32720] __mem_cgroup_charge+0x2b/0x1e0 [ 1520.324608][T32720] shmem_alloc_and_add_folio+0x451/0xd40 [ 1520.324638][T32720] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 1520.324659][T32720] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 1520.324684][T32720] shmem_get_folio_gfp+0x6ab/0x1900 [ 1520.324708][T32720] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 1520.324733][T32720] shmem_write_begin+0x1a4/0x420 [ 1520.324754][T32720] ? __pfx_shmem_write_begin+0x10/0x10 [ 1520.324775][T32720] ? balance_dirty_pages_ratelimited_flags+0x91/0x1170 [ 1520.324801][T32720] ? lockdep_hardirqs_on+0x78/0x100 [ 1520.324832][T32720] generic_perform_write+0x292/0xa40 [ 1520.324858][T32720] ? __pfx_generic_perform_write+0x10/0x10 [ 1520.324880][T32720] ? file_update_time_flags+0x373/0x500 [ 1520.324907][T32720] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 1520.324929][T32720] shmem_file_write_iter+0x10e/0x140 [ 1520.324953][T32720] __kernel_write_iter+0x2ac/0x920 [ 1520.324974][T32720] ? __pfx___kernel_write_iter+0x10/0x10 [ 1520.324992][T32720] ? __up_read+0x2c5/0x700 [ 1520.325014][T32720] ? dump_user_range+0x73b/0xb50 [ 1520.325037][T32720] dump_user_range+0x3f9/0xb50 [ 1520.325060][T32720] ? __pfx_dump_user_range+0x10/0x10 [ 1520.325085][T32720] ? __pfx_writenote+0x10/0x10 [ 1520.325110][T32720] elf_core_dump+0x2d16/0x3c60 [ 1520.325143][T32720] ? __pfx_elf_core_dump+0x10/0x10 [ 1520.325162][T32720] ? __pick_eevdf+0x14c/0x440 [ 1520.325188][T32720] ? wakeup_preempt_fair+0x531/0xd20 [ 1520.325216][T32720] ? find_held_lock+0x2b/0x80 [ 1520.325240][T32720] ? 0xffffffffff600000 [ 1520.325256][T32720] ? rcu_is_watching+0x12/0xc0 [ 1520.325278][T32720] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1520.325305][T32720] ? lockdep_hardirqs_on+0x78/0x100 [ 1520.325364][T32720] ? vfs_coredump+0x27b4/0x5570 [ 1520.325381][T32720] vfs_coredump+0x27b4/0x5570 [ 1520.325408][T32720] ? __pfx_vfs_coredump+0x10/0x10 [ 1520.325425][T32720] ? __lock_acquire+0x4a5/0x2630 [ 1520.325448][T32720] ? __lock_acquire+0x4a5/0x2630 [ 1520.325468][T32720] ? lock_acquire+0x17c/0x330 [ 1520.325490][T32720] ? lock_acquire+0x17c/0x330 [ 1520.325512][T32720] ? bpf_ksym_find+0x124/0x1c0 [ 1520.325539][T32720] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1520.325572][T32720] ? arch_stack_walk+0xa6/0xf0 [ 1520.325606][T32720] ? stack_trace_save+0x8e/0xc0 [ 1520.325636][T32720] ? __pfx_stack_trace_save+0x10/0x10 [ 1520.325661][T32720] ? stack_depot_save_flags+0x27/0x9d0 [ 1520.325682][T32720] ? __lock_acquire+0x4a5/0x2630 [ 1520.325738][T32720] ? proc_coredump_connector+0x2d3/0x4f0 [ 1520.325761][T32720] ? __pfx_proc_coredump_connector+0x10/0x10 [ 1520.325790][T32720] ? rcu_is_watching+0x12/0xc0 [ 1520.325815][T32720] get_signal+0x1f2a/0x21e0 [ 1520.325850][T32720] ? __pfx_get_signal+0x10/0x10 [ 1520.325875][T32720] ? __pfx_force_sig_fault+0x10/0x10 [ 1520.325907][T32720] arch_do_signal_or_restart+0x91/0x770 [ 1520.325927][T32720] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1520.325953][T32720] ? do_user_addr_fault+0x8d6/0x12f0 [ 1520.325984][T32720] irqentry_exit+0x1f8/0x670 [ 1520.326002][T32720] asm_exc_page_fault+0x26/0x30 [ 1520.326020][T32720] RIP: 0033:0x10000000 [ 1520.326039][T32720] Code: Unable to access opcode bytes at 0xfffffd6. [ 1520.326047][T32720] RSP: 002b:000000000000000a EFLAGS: 00010217 [ 1520.326063][T32720] RAX: 0000000000000000 RBX: 00007f6dd1816090 RCX: 00007f6dd159bf79 [ 1520.326074][T32720] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000020003b46 [ 1520.326085][T32720] RBP: 00007f6dd16327e0 R08: 0000000000000002 R09: 0000000000000000 [ 1520.326095][T32720] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1520.326106][T32720] R13: 00007f6dd1816128 R14: 00007f6dd1816090 R15: 00007ffffbf25998 [ 1520.326130][T32720] [ 1520.326137][T32720] memory: usage 307200kB, limit 307200kB, failcnt 27280 [ 1521.204855][ T599] block nbd8: shutting down sockets [ 1521.645601][ T617] futex_wake_op: syz.4.6543 tries to shift op by -2048; fix this program [ 1521.676686][T32720] memory+swap: usage 432004kB, limit 9007199254740988kB, failcnt 0 [ 1521.711128][T32720] kmem: usage 4336kB, limit 9007199254740988kB, failcnt 0 [ 1521.746711][T32720] Memory cgroup stats for /syz2: [ 1521.747001][T32720] cache 307834880 [ 1521.801680][T32720] rss 2297856 [ 1521.818191][T32720] rss_huge 2097152 [ 1521.849876][T32720] shmem 307834880 [ 1521.866089][T32720] mapped_file 21712896 [ 1521.899700][T32720] dirty 0 [ 1521.927647][T32720] writeback 0 [ 1521.944018][T32720] workingset_refault_anon 25252 [ 1521.984618][T32720] workingset_refault_file 2497 [ 1522.021783][T32720] swap 127799296 [ 1522.031668][T32720] swapcached 0 [ 1522.051209][T32720] pgpgin 1393573 [ 1522.075447][T32720] pgpgout 1374578 [ 1522.095878][T32720] pgfault 961686 [ 1522.103518][T32720] pgmajfault 8342 [ 1522.122036][T32720] inactive_anon 309796864 [ 1522.132066][T32720] active_anon 335872 [ 1522.149337][T32720] inactive_file 0 [ 1522.157110][T32720] active_file 0 [ 1522.173465][ T627] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6545'. [ 1522.183090][T32720] unevictable 0 [ 1522.187344][T32720] hierarchical_memory_limit 314572800 [ 1522.202031][T32720] hierarchical_memsw_limit 9223372036854771712 [ 1522.223641][T32720] total_cache 307834880 [ 1522.241367][T32720] total_rss 2297856 [ 1522.248814][T32720] total_rss_huge 2097152 [ 1522.265371][T32720] total_shmem 307834880 [ 1522.284174][T32720] total_mapped_file 21712896 [ 1522.293940][T32720] total_dirty 0 [ 1522.309913][T32720] total_writeback 0 [ 1522.325701][T32720] total_workingset_refault_anon 25252 [ 1522.337712][T32720] total_workingset_refault_file 2497 [ 1522.356661][T32720] total_swap 127799296 [ 1522.374904][T32720] total_swapcached 0 [ 1522.395240][T32720] total_pgpgin 1393573 [ 1522.403313][T32720] total_pgpgout 1374578 [ 1522.436794][T32720] total_pgfault 961686 [ 1522.465098][T32720] total_pgmajfault 8342 [ 1522.469284][T32720] total_inactive_anon 309796864 [ 1522.520706][T32720] total_active_anon 335872 [ 1522.545363][T32720] total_inactive_file 0 [ 1522.564622][T32720] total_active_file 0 [ 1522.591030][T32720] total_unevictable 0 [ 1522.607655][T32720] anon_cost 8346 [ 1522.611251][T32720] file_cost 8055 [ 1522.647957][T32720] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz2,task_memcg=/syz2,task=syz.2.6473,pid=32741,uid=0 [ 1522.722738][T32720] Memory cgroup out of memory: Killed process 32741 (syz.2.6473) total-vm:132072kB, anon-rss:5464kB, file-rss:20736kB, shmem-rss:21120kB, UID:0 pgtables:172kB oom_score_adj:1000 [ 1522.886279][ T634] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6547'. [ 1523.524236][ T647] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6548'. [ 1524.974460][ T673] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6557'. [ 1525.165159][ T673] FAULT_INJECTION: forcing a failure. [ 1525.165159][ T673] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1525.211205][ T673] CPU: 0 UID: 0 PID: 673 Comm: syz.4.6557 Tainted: G L syzkaller #0 PREEMPT(full) [ 1525.211241][ T673] Tainted: [L]=SOFTLOCKUP [ 1525.211248][ T673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1525.211260][ T673] Call Trace: [ 1525.211269][ T673] [ 1525.211277][ T673] dump_stack_lvl+0x100/0x190 [ 1525.211310][ T673] should_fail_ex.cold+0x5/0xa [ 1525.211328][ T673] ? prepare_alloc_pages+0x16d/0x5f0 [ 1525.211356][ T673] should_fail_alloc_page+0xeb/0x140 [ 1525.211381][ T673] prepare_alloc_pages+0x1f0/0x5f0 [ 1525.211410][ T673] __alloc_frozen_pages_noprof+0x193/0x2410 [ 1525.211433][ T673] ? xa_load+0x153/0x2c0 [ 1525.211454][ T673] ? __pfx_xa_load+0x10/0x10 [ 1525.211475][ T673] ? find_held_lock+0x2b/0x80 [ 1525.211501][ T673] ? workingset_test_recent+0x42d/0xe90 [ 1525.211529][ T673] ? workingset_test_recent+0x42d/0xe90 [ 1525.211551][ T673] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1525.211576][ T673] ? __lock_acquire+0x4a5/0x2630 [ 1525.211597][ T673] ? __lock_acquire+0x4a5/0x2630 [ 1525.211620][ T673] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1525.211655][ T673] ? policy_nodemask+0xed/0x4f0 [ 1525.211681][ T673] alloc_pages_mpol+0x1fb/0x550 [ 1525.211706][ T673] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1525.211731][ T673] ? swap_entry_swapped+0x1df/0x290 [ 1525.211754][ T673] ? __pfx_swap_entry_swapped+0x10/0x10 [ 1525.211780][ T673] folio_alloc_mpol_noprof+0x36/0x340 [ 1525.211809][ T673] __read_swap_cache_async+0x20a/0x610 [ 1525.211842][ T673] ? __pfx___read_swap_cache_async+0x10/0x10 [ 1525.211874][ T673] ? __pfx_get_swap_device+0x10/0x10 [ 1525.211896][ T673] ? mpol_shared_policy_lookup+0xf6/0x150 [ 1525.211919][ T673] ? __pfx_shmem_get_policy+0x10/0x10 [ 1525.211945][ T673] read_swap_cache_async+0xdc/0x480 [ 1525.211977][ T673] ? __pfx_read_swap_cache_async+0x10/0x10 [ 1525.212014][ T673] ? find_held_lock+0x2b/0x80 [ 1525.212039][ T673] ? madvise_vma_behavior+0x1d9e/0x2a40 [ 1525.212065][ T673] ? madvise_vma_behavior+0x1d9e/0x2a40 [ 1525.212095][ T673] madvise_vma_behavior+0x1dda/0x2a40 [ 1525.212125][ T673] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 1525.212152][ T673] ? mas_prev+0x9b/0xf0 [ 1525.212180][ T673] ? futex_unqueue+0x133/0x2c0 [ 1525.212210][ T673] ? __pfx_find_vma_prev+0x10/0x10 [ 1525.212241][ T673] ? __futex_wait+0x256/0x300 [ 1525.212269][ T673] madvise_walk_vmas+0x2fe/0xa90 [ 1525.212299][ T673] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1525.212331][ T673] madvise_do_behavior+0x1ea/0x510 [ 1525.212359][ T673] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1525.212386][ T673] ? down_read+0x13b/0x460 [ 1525.212418][ T673] do_madvise+0x195/0x240 [ 1525.212443][ T673] ? __pfx_do_madvise+0x10/0x10 [ 1525.212468][ T673] ? do_futex+0x192/0x350 [ 1525.212491][ T673] ? __fget_files+0x21f/0x3d0 [ 1525.212519][ T673] ? xfd_validate_state+0x129/0x190 [ 1525.212549][ T673] __x64_sys_madvise+0xa9/0x110 [ 1525.212575][ T673] ? lockdep_hardirqs_on+0x78/0x100 [ 1525.212605][ T673] do_syscall_64+0x106/0xf80 [ 1525.212623][ T673] ? clear_bhb_loop+0x40/0x90 [ 1525.212656][ T673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1525.212678][ T673] RIP: 0033:0x7f3c2eb9bf79 [ 1525.212696][ T673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1525.212716][ T673] RSP: 002b:00007f3c2fad2028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1525.212737][ T673] RAX: ffffffffffffffda RBX: 00007f3c2ee15fa0 RCX: 00007f3c2eb9bf79 [ 1525.212749][ T673] RDX: 0000000100000003 RSI: 0000000001010001 RDI: 0000000000000000 [ 1525.212761][ T673] RBP: 00007f3c2ec327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1525.212773][ T673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1525.212784][ T673] R13: 00007f3c2ee16038 R14: 00007f3c2ee15fa0 R15: 00007fffe1022468 [ 1525.212809][ T673] [ 1526.487813][ T677] futex_wake_op: syz.2.6555 tries to shift op by -2048; fix this program [ 1526.777602][ T677] futex_wake_op: syz.2.6555 tries to shift op by -2048; fix this program [ 1526.886043][ T664] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1526.896485][ T664] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1526.903014][ T664] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1526.915277][ T664] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1527.400369][ T692] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6558'. [ 1527.479005][ T693] bridge0: port 4(gretap0) entered blocking state [ 1527.485523][ T693] bridge0: port 4(gretap0) entered disabled state [ 1527.570374][ T693] gretap0: entered allmulticast mode [ 1527.596477][ T693] FAULT_INJECTION: forcing a failure. [ 1527.596477][ T693] name failslab, interval 1, probability 0, space 0, times 0 [ 1527.657941][ T693] CPU: 0 UID: 0 PID: 693 Comm: syz.4.6560 Tainted: G L syzkaller #0 PREEMPT(full) [ 1527.657974][ T693] Tainted: [L]=SOFTLOCKUP [ 1527.657982][ T693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1527.657992][ T693] Call Trace: [ 1527.657999][ T693] [ 1527.658007][ T693] dump_stack_lvl+0x100/0x190 [ 1527.658037][ T693] should_fail_ex.cold+0x5/0xa [ 1527.658058][ T693] should_failslab+0xc2/0x120 [ 1527.658081][ T693] kmem_cache_alloc_noprof+0x83/0x780 [ 1527.658103][ T693] ? __kernfs_new_node+0xd2/0x960 [ 1527.658132][ T693] ? __kernfs_new_node+0xd2/0x960 [ 1527.658154][ T693] __kernfs_new_node+0xd2/0x960 [ 1527.658180][ T693] ? __pfx___kernfs_new_node+0x10/0x10 [ 1527.658210][ T693] ? find_held_lock+0x2b/0x80 [ 1527.658234][ T693] ? kernfs_root+0xee/0x2a0 [ 1527.658256][ T693] ? kernfs_root+0xee/0x2a0 [ 1527.658284][ T693] kernfs_new_node+0x11b/0x1a0 [ 1527.658314][ T693] __kernfs_create_file+0x53/0x350 [ 1527.658336][ T693] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1527.658364][ T693] sysfs_create_file_ns+0x145/0x1e0 [ 1527.658386][ T693] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 1527.658408][ T693] ? kernfs_create_link+0x1bd/0x240 [ 1527.658427][ T693] ? kernfs_put+0x3f/0x60 [ 1527.658451][ T693] ? sysfs_do_create_link_sd+0xbb/0x140 [ 1527.658478][ T693] br_sysfs_addif+0xe4/0x210 [ 1527.658504][ T693] br_add_if+0x701/0x1b40 [ 1527.658526][ T693] ? security_capable+0x80/0x260 [ 1527.658556][ T693] add_del_if+0x114/0x160 [ 1527.658577][ T693] br_dev_siocdevprivate+0x8ac/0x1650 [ 1527.658599][ T693] ? __lock_acquire+0x4a5/0x2630 [ 1527.658624][ T693] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1527.658653][ T693] ? do_raw_spin_lock+0x128/0x260 [ 1527.658679][ T693] ? mark_held_locks+0x40/0x70 [ 1527.658700][ T693] ? netdev_name_node_lookup+0x107/0x150 [ 1527.658719][ T693] ? __mutex_lock+0x26a/0x1b90 [ 1527.658741][ T693] dev_ifsioc+0xc15/0x1eb0 [ 1527.658763][ T693] ? __pfx_dev_ifsioc+0x10/0x10 [ 1527.658782][ T693] ? __pfx___mutex_lock+0x10/0x10 [ 1527.658807][ T693] ? dev_load+0x8e/0x240 [ 1527.658824][ T693] ? dev_load+0x8e/0x240 [ 1527.658848][ T693] dev_ioctl+0x70e/0x1070 [ 1527.658871][ T693] sock_ioctl+0x494/0x6b0 [ 1527.658889][ T693] ? __pfx_sock_ioctl+0x10/0x10 [ 1527.658903][ T693] ? hook_file_ioctl_common+0x146/0x410 [ 1527.658927][ T693] ? __fget_files+0x21f/0x3d0 [ 1527.658953][ T693] ? __pfx_sock_ioctl+0x10/0x10 [ 1527.658971][ T693] __x64_sys_ioctl+0x18e/0x210 [ 1527.659000][ T693] do_syscall_64+0x106/0xf80 [ 1527.659017][ T693] ? clear_bhb_loop+0x40/0x90 [ 1527.659039][ T693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1527.659058][ T693] RIP: 0033:0x7f3c2eb9bf79 [ 1527.659074][ T693] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1527.659093][ T693] RSP: 002b:00007f3c2fab1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1527.659111][ T693] RAX: ffffffffffffffda RBX: 00007f3c2ee16090 RCX: 00007f3c2eb9bf79 [ 1527.659124][ T693] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000007 [ 1527.659135][ T693] RBP: 00007f3c2ec327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1527.659146][ T693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1527.659156][ T693] R13: 00007f3c2ee16128 R14: 00007f3c2ee16090 R15: 00007fffe1022468 [ 1527.659181][ T693] [ 1527.994485][ T693] gretap0: left allmulticast mode [ 1528.627361][ T702] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6561'. [ 1528.918874][T18405] Bluetooth: hci2: command 0x0c1a tx timeout [ 1528.924931][T22041] Bluetooth: hci1: command 0x0c1a tx timeout [ 1528.932472][T28053] Bluetooth: hci0: command 0x0c1a tx timeout [ 1528.938497][T28053] Bluetooth: hci5: command 0x0c1a tx timeout [ 1529.280235][ T715] FAULT_INJECTION: forcing a failure. [ 1529.280235][ T715] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1529.323975][ T715] CPU: 0 UID: 0 PID: 715 Comm: syz.1.6566 Tainted: G L syzkaller #0 PREEMPT(full) [ 1529.324009][ T715] Tainted: [L]=SOFTLOCKUP [ 1529.324016][ T715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1529.324028][ T715] Call Trace: [ 1529.324035][ T715] [ 1529.324042][ T715] dump_stack_lvl+0x100/0x190 [ 1529.324073][ T715] should_fail_ex.cold+0x5/0xa [ 1529.324090][ T715] ? prepare_alloc_pages+0x16d/0x5f0 [ 1529.324117][ T715] should_fail_alloc_page+0xeb/0x140 [ 1529.324142][ T715] prepare_alloc_pages+0x1f0/0x5f0 [ 1529.324170][ T715] __alloc_frozen_pages_noprof+0x193/0x2410 [ 1529.324193][ T715] ? xa_load+0x153/0x2c0 [ 1529.324212][ T715] ? __pfx_xa_load+0x10/0x10 [ 1529.324234][ T715] ? find_held_lock+0x2b/0x80 [ 1529.324257][ T715] ? workingset_test_recent+0x42d/0xe90 [ 1529.324277][ T715] ? workingset_test_recent+0x42d/0xe90 [ 1529.324297][ T715] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1529.324320][ T715] ? __lock_acquire+0x4a5/0x2630 [ 1529.324340][ T715] ? __lock_acquire+0x4a5/0x2630 [ 1529.324361][ T715] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1529.324388][ T715] ? policy_nodemask+0xed/0x4f0 [ 1529.324413][ T715] alloc_pages_mpol+0x1fb/0x550 [ 1529.324436][ T715] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1529.324459][ T715] ? swap_entry_swapped+0x1df/0x290 [ 1529.324480][ T715] ? __pfx_swap_entry_swapped+0x10/0x10 [ 1529.324504][ T715] folio_alloc_mpol_noprof+0x36/0x340 [ 1529.324531][ T715] __read_swap_cache_async+0x20a/0x610 [ 1529.324562][ T715] ? __pfx___read_swap_cache_async+0x10/0x10 [ 1529.324601][ T715] ? __pfx_get_swap_device+0x10/0x10 [ 1529.324621][ T715] ? mpol_shared_policy_lookup+0xf6/0x150 [ 1529.324642][ T715] ? __pfx_shmem_get_policy+0x10/0x10 [ 1529.324668][ T715] read_swap_cache_async+0xdc/0x480 [ 1529.324698][ T715] ? __pfx_read_swap_cache_async+0x10/0x10 [ 1529.324727][ T715] ? find_held_lock+0x2b/0x80 [ 1529.324751][ T715] ? madvise_vma_behavior+0x1d9e/0x2a40 [ 1529.324776][ T715] ? madvise_vma_behavior+0x1d9e/0x2a40 [ 1529.324805][ T715] madvise_vma_behavior+0x1dda/0x2a40 [ 1529.324833][ T715] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 1529.324859][ T715] ? mas_prev+0x9b/0xf0 [ 1529.324885][ T715] ? futex_unqueue+0x133/0x2c0 [ 1529.324913][ T715] ? __pfx_find_vma_prev+0x10/0x10 [ 1529.324943][ T715] ? __futex_wait+0x256/0x300 [ 1529.324969][ T715] madvise_walk_vmas+0x2fe/0xa90 [ 1529.324997][ T715] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1529.325028][ T715] madvise_do_behavior+0x1ea/0x510 [ 1529.325055][ T715] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1529.325080][ T715] ? down_read+0x13b/0x460 [ 1529.325110][ T715] do_madvise+0x195/0x240 [ 1529.325135][ T715] ? __pfx_do_madvise+0x10/0x10 [ 1529.325158][ T715] ? do_futex+0x192/0x350 [ 1529.325179][ T715] ? __fget_files+0x21f/0x3d0 [ 1529.325205][ T715] ? xfd_validate_state+0x129/0x190 [ 1529.325234][ T715] __x64_sys_madvise+0xa9/0x110 [ 1529.325258][ T715] ? lockdep_hardirqs_on+0x78/0x100 [ 1529.325287][ T715] do_syscall_64+0x106/0xf80 [ 1529.325303][ T715] ? clear_bhb_loop+0x40/0x90 [ 1529.325326][ T715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1529.325345][ T715] RIP: 0033:0x7f05c3f9bf79 [ 1529.325360][ T715] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1529.325379][ T715] RSP: 002b:00007f05c4d93028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1529.325398][ T715] RAX: ffffffffffffffda RBX: 00007f05c4215fa0 RCX: 00007f05c3f9bf79 [ 1529.325410][ T715] RDX: 0000000100000003 RSI: 0000000001010001 RDI: 0000000000000000 [ 1529.325421][ T715] RBP: 00007f05c40327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1529.325432][ T715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1529.325443][ T715] R13: 00007f05c4216038 R14: 00007f05c4215fa0 R15: 00007ffcecab8a18 [ 1529.325467][ T715] [ 1529.770455][ T710] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1530.437420][T15939] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1530.490822][T15939] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1530.530616][T15939] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1530.560854][T15939] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1530.568173][T15939] rtc rtc0: __rtc_set_alarm: err=-22 [ 1531.002617][ T737] block nbd8: shutting down sockets [ 1531.738534][ T748] netlink: 'syz.3.6573': attribute type 5 has an invalid length. [ 1531.780990][ T748] netlink: 'syz.3.6573': attribute type 1 has an invalid length. [ 1531.815242][ T753] netlink: 'syz.3.6573': attribute type 5 has an invalid length. [ 1531.847704][ T748] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6573'. [ 1531.866124][ T754] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6574'. [ 1531.912610][ T753] netlink: 'syz.3.6573': attribute type 1 has an invalid length. [ 1531.959386][ T753] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6573'. [ 1532.343259][ T766] bridge0: port 4(gretap0) entered blocking state [ 1532.371136][ T766] bridge0: port 4(gretap0) entered disabled state [ 1532.405992][ T766] gretap0: entered allmulticast mode [ 1532.444925][ T766] FAULT_INJECTION: forcing a failure. [ 1532.444925][ T766] name failslab, interval 1, probability 0, space 0, times 0 [ 1532.512401][ T766] CPU: 0 UID: 0 PID: 766 Comm: syz.3.6575 Tainted: G L syzkaller #0 PREEMPT(full) [ 1532.512434][ T766] Tainted: [L]=SOFTLOCKUP [ 1532.512440][ T766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1532.512452][ T766] Call Trace: [ 1532.512459][ T766] [ 1532.512466][ T766] dump_stack_lvl+0x100/0x190 [ 1532.512497][ T766] should_fail_ex.cold+0x5/0xa [ 1532.512518][ T766] should_failslab+0xc2/0x120 [ 1532.512541][ T766] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 1532.512561][ T766] ? bpf_ksym_find+0x124/0x1c0 [ 1532.512590][ T766] ? kstrdup_const+0x63/0x80 [ 1532.512620][ T766] ? kstrdup+0x51/0xe0 [ 1532.512638][ T766] kstrdup+0x51/0xe0 [ 1532.512658][ T766] kstrdup_const+0x63/0x80 [ 1532.512677][ T766] __kernfs_new_node+0x9b/0x960 [ 1532.512705][ T766] ? __pfx___kernfs_new_node+0x10/0x10 [ 1532.512739][ T766] ? find_held_lock+0x2b/0x80 [ 1532.512764][ T766] ? kernfs_root+0xee/0x2a0 [ 1532.512786][ T766] ? kernfs_root+0xee/0x2a0 [ 1532.512814][ T766] kernfs_new_node+0x11b/0x1a0 [ 1532.512845][ T766] kernfs_create_link+0xcc/0x240 [ 1532.512867][ T766] sysfs_do_create_link_sd+0x90/0x140 [ 1532.512893][ T766] sysfs_create_link+0x61/0xc0 [ 1532.512916][ T766] __netdev_adjacent_dev_insert+0x819/0xbf0 [ 1532.512941][ T766] ? __pfx___netdev_adjacent_dev_insert+0x10/0x10 [ 1532.512971][ T766] __netdev_upper_dev_link+0x3d8/0x7e0 [ 1532.513002][ T766] ? __pfx___netdev_upper_dev_link+0x10/0x10 [ 1532.513030][ T766] ? kernfs_root+0xf8/0x2a0 [ 1532.513054][ T766] ? kernfs_add_one+0x214/0x850 [ 1532.513087][ T766] netdev_master_upper_dev_link+0x9f/0xd0 [ 1532.513116][ T766] ? __pfx_netdev_master_upper_dev_link+0x10/0x10 [ 1532.513146][ T766] ? lockdep_rtnl_is_held+0x26/0x40 [ 1532.513164][ T766] ? netdev_is_rx_handler_busy+0x83/0x140 [ 1532.513191][ T766] br_add_if+0x9fd/0x1b40 [ 1532.513214][ T766] ? security_capable+0x80/0x260 [ 1532.513249][ T766] add_del_if+0x114/0x160 [ 1532.513271][ T766] br_dev_siocdevprivate+0x8ac/0x1650 [ 1532.513293][ T766] ? __lock_acquire+0x4a5/0x2630 [ 1532.513311][ T766] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1532.513341][ T766] ? do_raw_spin_lock+0x128/0x260 [ 1532.513367][ T766] ? mark_held_locks+0x40/0x70 [ 1532.513389][ T766] ? netdev_name_node_lookup+0x107/0x150 [ 1532.513407][ T766] ? __mutex_lock+0x26a/0x1b90 [ 1532.513429][ T766] dev_ifsioc+0xc15/0x1eb0 [ 1532.513452][ T766] ? __pfx_dev_ifsioc+0x10/0x10 [ 1532.513470][ T766] ? __pfx___mutex_lock+0x10/0x10 [ 1532.513496][ T766] ? dev_load+0x8e/0x240 [ 1532.513514][ T766] ? dev_load+0x8e/0x240 [ 1532.513538][ T766] dev_ioctl+0x70e/0x1070 [ 1532.513561][ T766] sock_ioctl+0x494/0x6b0 [ 1532.513579][ T766] ? __pfx_sock_ioctl+0x10/0x10 [ 1532.513594][ T766] ? hook_file_ioctl_common+0x146/0x410 [ 1532.513623][ T766] ? __fget_files+0x21f/0x3d0 [ 1532.513645][ T766] ? __pfx_sock_ioctl+0x10/0x10 [ 1532.513663][ T766] __x64_sys_ioctl+0x18e/0x210 [ 1532.513692][ T766] do_syscall_64+0x106/0xf80 [ 1532.513708][ T766] ? clear_bhb_loop+0x40/0x90 [ 1532.513731][ T766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1532.513750][ T766] RIP: 0033:0x7fbcf599bf79 [ 1532.513766][ T766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1532.513784][ T766] RSP: 002b:00007fbcf6886028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1532.513803][ T766] RAX: ffffffffffffffda RBX: 00007fbcf5c16090 RCX: 00007fbcf599bf79 [ 1532.513815][ T766] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000007 [ 1532.513826][ T766] RBP: 00007fbcf5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1532.513838][ T766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1532.513849][ T766] R13: 00007fbcf5c16128 R14: 00007fbcf5c16090 R15: 00007fff39824b48 [ 1532.513873][ T766] [ 1532.518850][ T766] gretap0: left allmulticast mode [ 1532.946524][ T772] block nbd8: shutting down sockets [ 1534.712464][ T815] hub 3-0:1.0: USB hub found [ 1534.766212][ T815] hub 3-0:1.0: 1 port detected [ 1534.981271][ T819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6588'. [ 1535.011016][ T815] usb usb3: authorized to connect [ 1535.029049][ T819] netlink: 'syz.2.6588': attribute type 1 has an invalid length. [ 1535.059597][ T819] netlink: 13 bytes leftover after parsing attributes in process `syz.2.6588'. [ 1535.917629][ T821] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1535.943783][ T821] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1535.992805][ T821] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1536.010704][ T821] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1536.491957][ T29] audit: type=1107 audit(1843104989.550:42): pid=851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='g/d' [ 1536.604480][ T863] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6598'. [ 1536.641333][ T29] audit: type=1107 audit(1843104989.691:43): pid=851 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='g/dri/vkms/Virtual-1/vrr_ran' [ 1536.704461][ T860] netlink: 'syz.2.6597': attribute type 9 has an invalid length. [ 1536.901014][ T870] netlink: 342 bytes leftover after parsing attributes in process `syz.1.6599'. [ 1537.742869][ T711] Bluetooth: hci5: command 0x0c1a tx timeout [ 1537.982861][ T711] Bluetooth: hci0: command 0x0c1a tx timeout [ 1538.063337][ T711] Bluetooth: hci2: command 0x0c1a tx timeout [ 1538.069405][ T711] Bluetooth: hci1: command 0x0c1a tx timeout [ 1540.364571][ T926] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6609'. [ 1540.501547][ T929] ubi0: attaching mtd1 [ 1540.543203][ T929] ubi0 error: ubi_attach_mtd_dev: bad VID header (63) or data offsets (127) [ 1541.661196][ T955] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6615'. [ 1541.824034][ T964] netlink: 'syz.3.6616': attribute type 5 has an invalid length. [ 1541.875691][ T955] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1541.891652][ T965] netlink: 'syz.3.6616': attribute type 5 has an invalid length. [ 1541.925781][ T955] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1541.940964][ T964] netlink: 'syz.3.6616': attribute type 1 has an invalid length. [ 1541.948704][ T964] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6616'. [ 1541.992392][ T955] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1542.022258][ T955] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1542.050834][ T965] netlink: 'syz.3.6616': attribute type 1 has an invalid length. [ 1542.083640][ T965] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6616'. [ 1542.926794][ T979] futex_wake_op: syz.3.6623 tries to shift op by -2048; fix this program [ 1542.980862][ T979] futex_wake_op: syz.3.6623 tries to shift op by -2048; fix this program [ 1543.037055][ T988] 0x000000000001-0x000000020000 : "" [ 1543.075915][ T979] futex_wake_op: syz.3.6623 tries to shift op by -2048; fix this program [ 1543.181367][ T988] ftl_cs: FTL header corrupt! [ 1544.203916][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1544.210330][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1545.054450][ T1021] futex_wake_op: syz.1.6628 tries to shift op by -2048; fix this program [ 1545.654038][ T1023] Process accounting resumed [ 1546.155656][ T1042] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6632'. [ 1546.426994][ T1033] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1546.456083][ T1033] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1546.503609][ T1033] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1546.549945][ T1033] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1546.643642][ T1055] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6634'. [ 1547.636873][ T1074] FAULT_INJECTION: forcing a failure. [ 1547.636873][ T1074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1547.670803][ T1076] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6641'. [ 1547.692896][ T1076] netlink: 'syz.4.6641': attribute type 1 has an invalid length. [ 1547.734159][ T1076] netlink: 13 bytes leftover after parsing attributes in process `syz.4.6641'. [ 1547.744387][ T1074] CPU: 0 UID: 0 PID: 1074 Comm: syz.1.6640 Tainted: G L syzkaller #0 PREEMPT(full) [ 1547.744417][ T1074] Tainted: [L]=SOFTLOCKUP [ 1547.744424][ T1074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1547.744434][ T1074] Call Trace: [ 1547.744441][ T1074] [ 1547.744449][ T1074] dump_stack_lvl+0x100/0x190 [ 1547.744478][ T1074] should_fail_ex.cold+0x5/0xa [ 1547.744498][ T1074] _copy_from_user+0x2e/0xd0 [ 1547.744518][ T1074] copy_msghdr_from_user+0x9f/0x4f0 [ 1547.744549][ T1074] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1547.744587][ T1074] ___sys_sendmsg+0x106/0x1e0 [ 1547.744617][ T1074] ? __pfx____sys_sendmsg+0x10/0x10 [ 1547.744675][ T1074] __sys_sendmsg+0x170/0x220 [ 1547.744698][ T1074] ? __pfx___sys_sendmsg+0x10/0x10 [ 1547.744733][ T1074] do_syscall_64+0x106/0xf80 [ 1547.744749][ T1074] ? clear_bhb_loop+0x40/0x90 [ 1547.744771][ T1074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1547.744790][ T1074] RIP: 0033:0x7f05c3f9bf79 [ 1547.744805][ T1074] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1547.744824][ T1074] RSP: 002b:00007f05c4d72028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1547.744841][ T1074] RAX: ffffffffffffffda RBX: 00007f05c4216090 RCX: 00007f05c3f9bf79 [ 1547.744853][ T1074] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 1547.744864][ T1074] RBP: 00007f05c4d72090 R08: 0000000000000000 R09: 0000000000000000 [ 1547.744875][ T1074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1547.744885][ T1074] R13: 00007f05c4216128 R14: 00007f05c4216090 R15: 00007ffcecab8a18 [ 1547.744907][ T1074] [ 1548.089952][ T1084] netlink: 342 bytes leftover after parsing attributes in process `syz.3.6644'. [ 1548.105090][ T711] Bluetooth: hci5: command 0x0c1a tx timeout [ 1548.232223][ T1084] FAULT_INJECTION: forcing a failure. [ 1548.232223][ T1084] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1548.265169][ T1084] CPU: 0 UID: 0 PID: 1084 Comm: syz.3.6644 Tainted: G L syzkaller #0 PREEMPT(full) [ 1548.265204][ T1084] Tainted: [L]=SOFTLOCKUP [ 1548.265211][ T1084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1548.265224][ T1084] Call Trace: [ 1548.265231][ T1084] [ 1548.265239][ T1084] dump_stack_lvl+0x100/0x190 [ 1548.265270][ T1084] should_fail_ex.cold+0x5/0xa [ 1548.265288][ T1084] ? prepare_alloc_pages+0x16d/0x5f0 [ 1548.265316][ T1084] should_fail_alloc_page+0xeb/0x140 [ 1548.265341][ T1084] prepare_alloc_pages+0x1f0/0x5f0 [ 1548.265370][ T1084] __alloc_frozen_pages_noprof+0x193/0x2410 [ 1548.265395][ T1084] ? xa_load+0x153/0x2c0 [ 1548.265415][ T1084] ? __pfx_xa_load+0x10/0x10 [ 1548.265437][ T1084] ? find_held_lock+0x2b/0x80 [ 1548.265462][ T1084] ? workingset_test_recent+0x42d/0xe90 [ 1548.265483][ T1084] ? workingset_test_recent+0x42d/0xe90 [ 1548.265506][ T1084] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1548.265530][ T1084] ? __lock_acquire+0x4a5/0x2630 [ 1548.265550][ T1084] ? __lock_acquire+0x4a5/0x2630 [ 1548.265573][ T1084] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1548.265610][ T1084] ? policy_nodemask+0xed/0x4f0 [ 1548.265638][ T1084] alloc_pages_mpol+0x1fb/0x550 [ 1548.265663][ T1084] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1548.265688][ T1084] ? swap_entry_swapped+0x1df/0x290 [ 1548.265711][ T1084] ? __pfx_swap_entry_swapped+0x10/0x10 [ 1548.265737][ T1084] folio_alloc_mpol_noprof+0x36/0x340 [ 1548.265766][ T1084] __read_swap_cache_async+0x20a/0x610 [ 1548.265800][ T1084] ? __pfx___read_swap_cache_async+0x10/0x10 [ 1548.265831][ T1084] ? __pfx_get_swap_device+0x10/0x10 [ 1548.265853][ T1084] ? mpol_shared_policy_lookup+0xf6/0x150 [ 1548.265876][ T1084] ? __pfx_shmem_get_policy+0x10/0x10 [ 1548.265903][ T1084] read_swap_cache_async+0xdc/0x480 [ 1548.265935][ T1084] ? __pfx_read_swap_cache_async+0x10/0x10 [ 1548.265966][ T1084] ? find_held_lock+0x2b/0x80 [ 1548.265992][ T1084] ? madvise_vma_behavior+0x1d9e/0x2a40 [ 1548.266018][ T1084] ? madvise_vma_behavior+0x1d9e/0x2a40 [ 1548.266048][ T1084] madvise_vma_behavior+0x1dda/0x2a40 [ 1548.266078][ T1084] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 1548.266104][ T1084] ? mas_prev+0x9b/0xf0 [ 1548.266132][ T1084] ? futex_unqueue+0x133/0x2c0 [ 1548.266161][ T1084] ? __pfx_find_vma_prev+0x10/0x10 [ 1548.266192][ T1084] ? __futex_wait+0x256/0x300 [ 1548.266220][ T1084] madvise_walk_vmas+0x2fe/0xa90 [ 1548.266250][ T1084] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 1548.266282][ T1084] madvise_do_behavior+0x1ea/0x510 [ 1548.266310][ T1084] ? __pfx_madvise_do_behavior+0x10/0x10 [ 1548.266337][ T1084] ? down_read+0x13b/0x460 [ 1548.266368][ T1084] do_madvise+0x195/0x240 [ 1548.266393][ T1084] ? __pfx_do_madvise+0x10/0x10 [ 1548.266418][ T1084] ? do_futex+0x192/0x350 [ 1548.266441][ T1084] ? __fget_files+0x21f/0x3d0 [ 1548.266468][ T1084] ? xfd_validate_state+0x129/0x190 [ 1548.266497][ T1084] __x64_sys_madvise+0xa9/0x110 [ 1548.266523][ T1084] ? lockdep_hardirqs_on+0x78/0x100 [ 1548.266553][ T1084] do_syscall_64+0x106/0xf80 [ 1548.266570][ T1084] ? clear_bhb_loop+0x40/0x90 [ 1548.266594][ T1084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1548.266623][ T1084] RIP: 0033:0x7fbcf599bf79 [ 1548.266639][ T1084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1548.266660][ T1084] RSP: 002b:00007fbcf68a7028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 1548.266680][ T1084] RAX: ffffffffffffffda RBX: 00007fbcf5c15fa0 RCX: 00007fbcf599bf79 [ 1548.266693][ T1084] RDX: 0000000100000003 RSI: 0000000001010001 RDI: 0000000000000000 [ 1548.266705][ T1084] RBP: 00007fbcf5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1548.266717][ T1084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1548.266728][ T1084] R13: 00007fbcf5c16038 R14: 00007fbcf5c15fa0 R15: 00007fff39824b48 [ 1548.266753][ T1084] [ 1548.772289][ T1088] Invalid ELF header magic: != ELF [ 1548.910074][T18543] Bluetooth: hci0: command 0x0c1a tx timeout [ 1548.916164][T18543] Bluetooth: hci2: command 0x0c1a tx timeout [ 1548.922181][T18543] Bluetooth: hci1: command 0x0c1a tx timeout [ 1550.152630][ T1109] futex_wake_op: syz.3.6649 tries to shift op by -2048; fix this program [ 1550.246090][ T1109] futex_wake_op: syz.3.6649 tries to shift op by -2048; fix this program [ 1550.306100][ T1113] queue_state_write: unsupported operation '' [ 1550.334821][ T1113] queue_state_write: use 'run', 'start' or 'kick' [ 1550.343409][ T1105] 0x000000000001-0x000000020000 : "" [ 1550.374421][ T1105] ftl_cs: FTL header corrupt! [ 1551.123993][ T1131] FAULT_INJECTION: forcing a failure. [ 1551.123993][ T1131] name failslab, interval 1, probability 0, space 0, times 0 [ 1551.328609][ T1131] CPU: 0 UID: 0 PID: 1131 Comm: syz.4.6655 Tainted: G L syzkaller #0 PREEMPT(full) [ 1551.328642][ T1131] Tainted: [L]=SOFTLOCKUP [ 1551.328649][ T1131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1551.328660][ T1131] Call Trace: [ 1551.328667][ T1131] [ 1551.328682][ T1131] dump_stack_lvl+0x100/0x190 [ 1551.328715][ T1131] should_fail_ex.cold+0x5/0xa [ 1551.328735][ T1131] should_failslab+0xc2/0x120 [ 1551.328759][ T1131] kmem_cache_alloc_noprof+0x83/0x780 [ 1551.328780][ T1131] ? __pfx_map_id_range_down+0x10/0x10 [ 1551.328804][ T1131] ? security_inode_alloc+0x3b/0x2c0 [ 1551.328837][ T1131] ? security_inode_alloc+0x3b/0x2c0 [ 1551.328864][ T1131] security_inode_alloc+0x3b/0x2c0 [ 1551.328895][ T1131] inode_init_always_gfp+0xced/0x1040 [ 1551.328919][ T1131] alloc_inode+0x8e/0x250 [ 1551.328944][ T1131] new_inode+0x22/0x1c0 [ 1551.328971][ T1131] proc_pid_make_inode+0x22/0x160 [ 1551.328996][ T1131] proc_pident_instantiate+0x85/0x310 [ 1551.329023][ T1131] proc_pident_lookup+0x1e3/0x270 [ 1551.329052][ T1131] __lookup_slow+0x251/0x460 [ 1551.329078][ T1131] ? __pfx___lookup_slow+0x10/0x10 [ 1551.329121][ T1131] lookup_slow+0x50/0x70 [ 1551.329145][ T1131] link_path_walk+0x1377/0x1cc0 [ 1551.329182][ T1131] path_openat+0x1be/0x31a0 [ 1551.329200][ T1131] ? kasan_save_track+0x14/0x30 [ 1551.329218][ T1131] ? __kasan_slab_alloc+0x89/0x90 [ 1551.329237][ T1131] ? kmem_cache_alloc_noprof+0x2ad/0x780 [ 1551.329256][ T1131] ? do_sys_openat2+0xc5/0x1e0 [ 1551.329285][ T1131] ? __pfx_path_openat+0x10/0x10 [ 1551.329313][ T1131] do_file_open+0x20e/0x430 [ 1551.329334][ T1131] ? __pfx_do_file_open+0x10/0x10 [ 1551.329362][ T1131] ? __pfx_kfree_link+0x10/0x10 [ 1551.329394][ T1131] ? alloc_fd+0x476/0x790 [ 1551.329415][ T1131] ? do_getname+0x191/0x390 [ 1551.329440][ T1131] do_sys_openat2+0x10d/0x1e0 [ 1551.329466][ T1131] ? __pfx_do_sys_openat2+0x10/0x10 [ 1551.329492][ T1131] ? __fget_files+0x21f/0x3d0 [ 1551.329515][ T1131] __x64_sys_openat+0x12d/0x210 [ 1551.329541][ T1131] ? __pfx___x64_sys_openat+0x10/0x10 [ 1551.329565][ T1131] ? xfd_validate_state+0x129/0x190 [ 1551.329594][ T1131] do_syscall_64+0x106/0xf80 [ 1551.329611][ T1131] ? clear_bhb_loop+0x40/0x90 [ 1551.329633][ T1131] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1551.329652][ T1131] RIP: 0033:0x7f3c2eb9bf79 [ 1551.329668][ T1131] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1551.329693][ T1131] RSP: 002b:00007f3c2fa6f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1551.329711][ T1131] RAX: ffffffffffffffda RBX: 00007f3c2ee16270 RCX: 00007f3c2eb9bf79 [ 1551.329723][ T1131] RDX: 0000000000000480 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1551.329734][ T1131] RBP: 00007f3c2ec327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1551.329746][ T1131] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1551.329757][ T1131] R13: 00007f3c2ee16308 R14: 00007f3c2ee16270 R15: 00007fffe1022468 [ 1551.329780][ T1131] [ 1552.782992][ T1154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6661'. [ 1552.964658][ T1159] openvswitch: netlink: Key type 29 is not supported [ 1552.972137][ T1160] openvswitch: netlink: Key type 29 is not supported [ 1553.177320][ T711] Bluetooth: hci5: unexpected subevent 0x18 length: 123 > 19 [ 1553.184903][ T711] Bluetooth: hci5: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 1553.250143][ T1167] netlink: 'syz.4.6666': attribute type 5 has an invalid length. [ 1553.281550][ T1167] netlink: 'syz.4.6666': attribute type 1 has an invalid length. [ 1553.314569][ T1169] netlink: 'syz.4.6666': attribute type 5 has an invalid length. [ 1553.350116][ T1167] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6666'. [ 1553.380208][ T1169] netlink: 'syz.4.6666': attribute type 1 has an invalid length. [ 1553.409142][ T1169] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6666'. [ 1553.838289][ T1181] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6670'. [ 1554.361213][ T1206] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6678'. [ 1555.165118][ T1236] vhci_hcd: not connected 4 [ 1555.511863][ T1245] random: crng reseeded on system resumption [ 1555.721920][ T1249] netlink: 342 bytes leftover after parsing attributes in process `syz.4.6689'. [ 1556.222010][ T1266] netlink: 'syz.1.6692': attribute type 3 has an invalid length. [ 1556.311367][ T1266] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6692'. [ 1557.340774][ T1304] FAULT_INJECTION: forcing a failure. [ 1557.340774][ T1304] name failslab, interval 1, probability 0, space 0, times 0 [ 1557.400786][ T1304] CPU: 0 UID: 0 PID: 1304 Comm: syz.4.6696 Tainted: G L syzkaller #0 PREEMPT(full) [ 1557.400817][ T1304] Tainted: [L]=SOFTLOCKUP [ 1557.400824][ T1304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1557.400834][ T1304] Call Trace: [ 1557.400841][ T1304] [ 1557.400848][ T1304] dump_stack_lvl+0x100/0x190 [ 1557.400878][ T1304] should_fail_ex.cold+0x5/0xa [ 1557.400899][ T1304] should_failslab+0xc2/0x120 [ 1557.400921][ T1304] ? copy_splice_read+0x1a3/0xb90 [ 1557.400937][ T1304] __kmalloc_noprof+0xf6/0x9c0 [ 1557.400969][ T1304] ? copy_splice_read+0x1a3/0xb90 [ 1557.400985][ T1304] copy_splice_read+0x1a3/0xb90 [ 1557.401007][ T1304] ? __pfx_copy_splice_read+0x10/0x10 [ 1557.401027][ T1304] ? look_up_lock_class+0x55/0x120 [ 1557.401055][ T1304] ? alloc_pipe_info+0x1ec/0x590 [ 1557.401078][ T1304] ? lockdep_init_map_type+0x5c/0x250 [ 1557.401098][ T1304] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1557.401118][ T1304] ? __pfx_copy_splice_read+0x10/0x10 [ 1557.401135][ T1304] do_splice_read+0x285/0x370 [ 1557.401156][ T1304] splice_direct_to_actor+0x2a1/0xa30 [ 1557.401176][ T1304] ? __pfx_direct_splice_actor+0x10/0x10 [ 1557.401199][ T1304] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1557.401224][ T1304] do_splice_direct+0x174/0x240 [ 1557.401243][ T1304] ? __pfx_do_splice_direct+0x10/0x10 [ 1557.401260][ T1304] ? common_file_perm+0x1ab/0x4f0 [ 1557.401279][ T1304] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1557.401300][ T1304] ? rw_verify_area+0xce/0x6d0 [ 1557.401329][ T1304] do_sendfile+0xadc/0xe20 [ 1557.401349][ T1304] ? __pfx_do_sendfile+0x10/0x10 [ 1557.401366][ T1304] ? __fget_files+0x21f/0x3d0 [ 1557.401389][ T1304] __x64_sys_sendfile64+0x1d8/0x220 [ 1557.401410][ T1304] ? ksys_write+0x1ac/0x250 [ 1557.401428][ T1304] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1557.401455][ T1304] do_syscall_64+0x106/0xf80 [ 1557.401472][ T1304] ? clear_bhb_loop+0x40/0x90 [ 1557.401493][ T1304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1557.401511][ T1304] RIP: 0033:0x7f3c2eb9bf79 [ 1557.401527][ T1304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1557.401544][ T1304] RSP: 002b:00007f3c2fad2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1557.401562][ T1304] RAX: ffffffffffffffda RBX: 00007f3c2ee15fa0 RCX: 00007f3c2eb9bf79 [ 1557.401574][ T1304] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 1557.401585][ T1304] RBP: 00007f3c2fad2090 R08: 0000000000000000 R09: 0000000000000000 [ 1557.401603][ T1304] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 1557.401613][ T1304] R13: 00007f3c2ee16038 R14: 00007f3c2ee15fa0 R15: 00007fffe1022468 [ 1557.401635][ T1304] [ 1557.728224][ T1311] netlink: 354 bytes leftover after parsing attributes in process `syz.4.6699'. [ 1558.119359][ T1329] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1558.141500][ T1329] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1558.166925][ T1329] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1558.196091][ T1329] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1558.646430][ T1353] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1559.636163][ T1388] netlink: 'syz.2.6718': attribute type 5 has an invalid length. [ 1559.689273][ T1389] netlink: 'syz.2.6718': attribute type 5 has an invalid length. [ 1559.744387][ T1388] netlink: 'syz.2.6718': attribute type 1 has an invalid length. [ 1559.797691][ T1389] netlink: 'syz.2.6718': attribute type 1 has an invalid length. [ 1559.837984][ T1388] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6718'. [ 1559.900076][ T1389] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6718'. [ 1560.106959][ T711] Bluetooth: hci5: command 0x0c1a tx timeout [ 1560.186103][T18543] Bluetooth: hci0: command 0x0c1a tx timeout [ 1560.192203][ T711] Bluetooth: hci1: command 0x0c1a tx timeout [ 1560.265739][ T711] Bluetooth: hci2: command 0x0c1a tx timeout [ 1560.553273][ T1406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6724'. [ 1560.590668][ T1406] FAULT_INJECTION: forcing a failure. [ 1560.590668][ T1406] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.643768][ T1406] CPU: 0 UID: 0 PID: 1406 Comm: syz.4.6724 Tainted: G L syzkaller #0 PREEMPT(full) [ 1560.643800][ T1406] Tainted: [L]=SOFTLOCKUP [ 1560.643806][ T1406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1560.643817][ T1406] Call Trace: [ 1560.643824][ T1406] [ 1560.643831][ T1406] dump_stack_lvl+0x100/0x190 [ 1560.643860][ T1406] should_fail_ex.cold+0x5/0xa [ 1560.643876][ T1406] ? __netlink_lookup+0x652/0x900 [ 1560.643900][ T1406] should_failslab+0xc2/0x120 [ 1560.643922][ T1406] kmem_cache_alloc_noprof+0x83/0x780 [ 1560.643943][ T1406] ? skb_clone+0x190/0x400 [ 1560.643968][ T1406] ? skb_clone+0x190/0x400 [ 1560.643988][ T1406] skb_clone+0x190/0x400 [ 1560.644010][ T1406] netlink_deliver_tap+0xaed/0xcc0 [ 1560.644038][ T1406] netlink_unicast+0x650/0x870 [ 1560.644064][ T1406] ? __pfx_netlink_unicast+0x10/0x10 [ 1560.644087][ T1406] ? __asan_memset+0x23/0x50 [ 1560.644114][ T1406] ? __build_skb_around+0x278/0x390 [ 1560.644132][ T1406] ? is_vmalloc_addr+0x86/0xa0 [ 1560.644153][ T1406] netlink_sendmsg+0x8b0/0xda0 [ 1560.644180][ T1406] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1560.644206][ T1406] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1560.644238][ T1406] sock_write_iter+0x566/0x610 [ 1560.644265][ T1406] ? __pfx_sock_write_iter+0x10/0x10 [ 1560.644300][ T1406] ? bpf_lsm_file_permission+0x9/0x10 [ 1560.644321][ T1406] ? security_file_permission+0x76/0x210 [ 1560.644342][ T1406] ? rw_verify_area+0xce/0x6d0 [ 1560.644371][ T1406] vfs_write+0x6ac/0x1070 [ 1560.644390][ T1406] ? __pfx_sock_write_iter+0x10/0x10 [ 1560.644419][ T1406] ? __pfx_vfs_write+0x10/0x10 [ 1560.644435][ T1406] ? find_held_lock+0x2b/0x80 [ 1560.644472][ T1406] ksys_write+0x1f8/0x250 [ 1560.644490][ T1406] ? __pfx_ksys_write+0x10/0x10 [ 1560.644513][ T1406] do_syscall_64+0x106/0xf80 [ 1560.644529][ T1406] ? clear_bhb_loop+0x40/0x90 [ 1560.644552][ T1406] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1560.644570][ T1406] RIP: 0033:0x7f3c2eb9bf79 [ 1560.644593][ T1406] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1560.644612][ T1406] RSP: 002b:00007f3c2fad2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1560.644629][ T1406] RAX: ffffffffffffffda RBX: 00007f3c2ee15fa0 RCX: 00007f3c2eb9bf79 [ 1560.644640][ T1406] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000007 [ 1560.644651][ T1406] RBP: 00007f3c2fad2090 R08: 0000000000000000 R09: 0000000000000000 [ 1560.644662][ T1406] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1560.644672][ T1406] R13: 00007f3c2ee16038 R14: 00007f3c2ee15fa0 R15: 00007fffe1022468 [ 1560.644695][ T1406] [ 1560.644749][ T1406] netlink: 'syz.4.6724': attribute type 1 has an invalid length. [ 1561.201345][ T1416] FAULT_INJECTION: forcing a failure. [ 1561.201345][ T1416] name failslab, interval 1, probability 0, space 0, times 0 [ 1561.230905][ T1416] CPU: 0 UID: 0 PID: 1416 Comm: syz.3.6728 Tainted: G L syzkaller #0 PREEMPT(full) [ 1561.230937][ T1416] Tainted: [L]=SOFTLOCKUP [ 1561.230944][ T1416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1561.230954][ T1416] Call Trace: [ 1561.230961][ T1416] [ 1561.230968][ T1416] dump_stack_lvl+0x100/0x190 [ 1561.230998][ T1416] should_fail_ex.cold+0x5/0xa [ 1561.231018][ T1416] should_failslab+0xc2/0x120 [ 1561.231040][ T1416] ? tomoyo_encode2+0xfb/0x3c0 [ 1561.231061][ T1416] __kmalloc_noprof+0xf6/0x9c0 [ 1561.231094][ T1416] ? tomoyo_encode2+0xfb/0x3c0 [ 1561.231114][ T1416] tomoyo_encode2+0xfb/0x3c0 [ 1561.231138][ T1416] tomoyo_encode+0x29/0x50 [ 1561.231159][ T1416] tomoyo_realpath_from_path+0x18c/0x690 [ 1561.231188][ T1416] tomoyo_path_number_perm+0x23c/0x580 [ 1561.231205][ T1416] ? tomoyo_path_number_perm+0x22e/0x580 [ 1561.231226][ T1416] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1561.231266][ T1416] ? find_held_lock+0x2b/0x80 [ 1561.231290][ T1416] ? __fget_files+0x215/0x3d0 [ 1561.231306][ T1416] ? hook_file_ioctl_common+0x146/0x410 [ 1561.231335][ T1416] ? __fget_files+0x21f/0x3d0 [ 1561.231356][ T1416] security_file_ioctl+0xd3/0x230 [ 1561.231377][ T1416] __x64_sys_ioctl+0xb7/0x210 [ 1561.231406][ T1416] do_syscall_64+0x106/0xf80 [ 1561.231423][ T1416] ? clear_bhb_loop+0x40/0x90 [ 1561.231445][ T1416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1561.231464][ T1416] RIP: 0033:0x7fbcf599bf79 [ 1561.231479][ T1416] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1561.231497][ T1416] RSP: 002b:00007fbcf68a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1561.231514][ T1416] RAX: ffffffffffffffda RBX: 00007fbcf5c15fa0 RCX: 00007fbcf599bf79 [ 1561.231526][ T1416] RDX: 0000000000000000 RSI: 0000000080045505 RDI: 0000000000000003 [ 1561.231537][ T1416] RBP: 00007fbcf68a7090 R08: 0000000000000000 R09: 0000000000000000 [ 1561.231548][ T1416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1561.231559][ T1416] R13: 00007fbcf5c16038 R14: 00007fbcf5c15fa0 R15: 00007fff39824b48 [ 1561.231582][ T1416] [ 1561.231620][ T1416] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1561.688432][ T1406] netlink: 13 bytes leftover after parsing attributes in process `syz.4.6724'. [ 1561.979025][ T1416] usb usb3: usbfs: interface 0 claimed by hub while 'syz.3.6728' sets config #0 [ 1562.080245][ T1425] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6730'. [ 1562.080788][ T1425] netlink: 25 bytes leftover after parsing attributes in process `syz.4.6730'. [ 1562.981198][ T1418] FAULT_INJECTION: forcing a failure. [ 1562.981198][ T1418] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1563.028838][ T1418] CPU: 0 UID: 0 PID: 1418 Comm: syz.2.6729 Tainted: G L syzkaller #0 PREEMPT(full) [ 1563.028869][ T1418] Tainted: [L]=SOFTLOCKUP [ 1563.028875][ T1418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1563.028886][ T1418] Call Trace: [ 1563.028892][ T1418] [ 1563.028899][ T1418] dump_stack_lvl+0x100/0x190 [ 1563.028928][ T1418] should_fail_ex.cold+0x5/0xa [ 1563.028948][ T1418] _copy_from_user+0x2e/0xd0 [ 1563.028968][ T1418] snd_rawmidi_kernel_write1+0x390/0x7c0 [ 1563.028997][ T1418] snd_rawmidi_write+0x2dc/0xc60 [ 1563.029022][ T1418] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 1563.029040][ T1418] ? common_file_perm+0x1ab/0x4f0 [ 1563.029060][ T1418] ? __pfx_default_wake_function+0x10/0x10 [ 1563.029087][ T1418] ? bpf_lsm_file_permission+0x9/0x10 [ 1563.029108][ T1418] ? security_file_permission+0x76/0x210 [ 1563.029130][ T1418] ? rw_verify_area+0xce/0x6d0 [ 1563.029158][ T1418] vfs_write+0x2aa/0x1070 [ 1563.029176][ T1418] ? __pfx_snd_rawmidi_write+0x10/0x10 [ 1563.029198][ T1418] ? __pfx_vfs_write+0x10/0x10 [ 1563.029214][ T1418] ? find_held_lock+0x2b/0x80 [ 1563.029237][ T1418] ? __fget_files+0x215/0x3d0 [ 1563.029255][ T1418] ? __fget_files+0x215/0x3d0 [ 1563.029276][ T1418] ? __fget_files+0x21f/0x3d0 [ 1563.029299][ T1418] ksys_write+0x1f8/0x250 [ 1563.029316][ T1418] ? __pfx_ksys_write+0x10/0x10 [ 1563.029340][ T1418] do_syscall_64+0x106/0xf80 [ 1563.029356][ T1418] ? clear_bhb_loop+0x40/0x90 [ 1563.029379][ T1418] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1563.029397][ T1418] RIP: 0033:0x7f6dd159bf79 [ 1563.029412][ T1418] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1563.029430][ T1418] RSP: 002b:00007f6dcf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1563.029448][ T1418] RAX: ffffffffffffffda RBX: 00007f6dd1815fa0 RCX: 00007f6dd159bf79 [ 1563.029460][ T1418] RDX: 000000100000a3d9 RSI: 00002000000000c0 RDI: 0000000000000004 [ 1563.029471][ T1418] RBP: 00007f6dd16327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1563.029482][ T1418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1563.029492][ T1418] R13: 00007f6dd1816038 R14: 00007f6dd1815fa0 R15: 00007ffffbf25998 [ 1563.029515][ T1418] [ 1564.607724][ T1468] bridge0: port 3(gretap0) entered blocking state [ 1564.639270][ T1468] bridge0: port 3(gretap0) entered disabled state [ 1564.672394][ T1468] gretap0: entered allmulticast mode [ 1564.699038][ T1468] gretap0: entered promiscuous mode [ 1564.745694][ T1468] FAULT_INJECTION: forcing a failure. [ 1564.745694][ T1468] name failslab, interval 1, probability 0, space 0, times 0 [ 1564.830587][ T1468] CPU: 0 UID: 0 PID: 1468 Comm: syz.2.6742 Tainted: G L syzkaller #0 PREEMPT(full) [ 1564.830620][ T1468] Tainted: [L]=SOFTLOCKUP [ 1564.830627][ T1468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1564.830639][ T1468] Call Trace: [ 1564.830646][ T1468] [ 1564.830654][ T1468] dump_stack_lvl+0x100/0x190 [ 1564.830685][ T1468] should_fail_ex.cold+0x5/0xa [ 1564.830707][ T1468] should_failslab+0xc2/0x120 [ 1564.830730][ T1468] __kmalloc_cache_noprof+0x80/0x810 [ 1564.830758][ T1468] ? __pfx_br_vlan_lookup+0x10/0x10 [ 1564.830786][ T1468] ? nbp_vlan_add+0x1eb/0x3e0 [ 1564.830808][ T1468] ? nbp_vlan_add+0x1eb/0x3e0 [ 1564.830825][ T1468] nbp_vlan_add+0x1eb/0x3e0 [ 1564.830846][ T1468] nbp_vlan_init+0x373/0x500 [ 1564.830866][ T1468] ? __pfx_nbp_vlan_init+0x10/0x10 [ 1564.830888][ T1468] ? __local_bh_enable_ip+0x9e/0x120 [ 1564.830917][ T1468] ? lockdep_hardirqs_on+0x78/0x100 [ 1564.830946][ T1468] ? br_fdb_add_local+0x43/0x60 [ 1564.830973][ T1468] ? __local_bh_enable_ip+0x9e/0x120 [ 1564.831004][ T1468] br_add_if+0xf79/0x1b40 [ 1564.831023][ T1468] ? veth_get_iflink+0x213/0x2c0 [ 1564.831057][ T1468] add_del_if+0x114/0x160 [ 1564.831079][ T1468] br_dev_siocdevprivate+0x8ac/0x1650 [ 1564.831104][ T1468] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1564.831134][ T1468] ? lock_acquire+0x17c/0x330 [ 1564.831155][ T1468] ? __pfx___might_resched+0x10/0x10 [ 1564.831181][ T1468] ? netdev_name_node_lookup+0x107/0x150 [ 1564.831201][ T1468] ? __mutex_lock+0x26a/0x1b90 [ 1564.831221][ T1468] dev_ifsioc+0xc15/0x1eb0 [ 1564.831244][ T1468] ? __pfx_dev_ifsioc+0x10/0x10 [ 1564.831263][ T1468] ? __pfx___mutex_lock+0x10/0x10 [ 1564.831288][ T1468] ? dev_load+0x8e/0x240 [ 1564.831306][ T1468] ? dev_load+0x8e/0x240 [ 1564.831330][ T1468] dev_ioctl+0x70e/0x1070 [ 1564.831353][ T1468] sock_ioctl+0x494/0x6b0 [ 1564.831370][ T1468] ? __pfx_sock_ioctl+0x10/0x10 [ 1564.831386][ T1468] ? hook_file_ioctl_common+0x146/0x410 [ 1564.831411][ T1468] ? __fget_files+0x21f/0x3d0 [ 1564.831433][ T1468] ? __pfx_sock_ioctl+0x10/0x10 [ 1564.831450][ T1468] __x64_sys_ioctl+0x18e/0x210 [ 1564.831480][ T1468] do_syscall_64+0x106/0xf80 [ 1564.831496][ T1468] ? clear_bhb_loop+0x40/0x90 [ 1564.831519][ T1468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1564.831537][ T1468] RIP: 0033:0x7f6dd159bf79 [ 1564.831553][ T1468] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1564.831572][ T1468] RSP: 002b:00007f6dcf7d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1564.831596][ T1468] RAX: ffffffffffffffda RBX: 00007f6dd1816090 RCX: 00007f6dd159bf79 [ 1564.831613][ T1468] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000007 [ 1564.831625][ T1468] RBP: 00007f6dd16327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1564.831636][ T1468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1564.831647][ T1468] R13: 00007f6dd1816128 R14: 00007f6dd1816090 R15: 00007ffffbf25998 [ 1564.831671][ T1468] [ 1565.439572][ T1468] gretap0: failed to initialize vlan filtering on this port [ 1565.492509][ T1468] gretap0: left allmulticast mode [ 1565.524326][ T1472] netlink: 330 bytes leftover after parsing attributes in process `syz.4.6744'. [ 1566.541510][ T1520] futex_wake_op: syz.1.6753 tries to shift op by -2048; fix this program [ 1566.624790][ T1519] 0x000000000001-0x000000020000 : "" [ 1566.640950][ T1520] futex_wake_op: syz.1.6753 tries to shift op by -2048; fix this program [ 1566.733128][ T1519] ftl_cs: FTL header corrupt! [ 1567.880865][ T1541] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1568.354039][ T1553] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1568.920418][ T1567] bridge0: port 4(gretap0) entered blocking state [ 1568.958454][ T1567] bridge0: port 4(gretap0) entered disabled state [ 1568.999393][ T1567] gretap0: entered allmulticast mode [ 1569.009610][ T1567] gretap0: entered promiscuous mode [ 1569.061289][ T1567] bridge0: port 4(gretap0) entered blocking state [ 1569.067811][ T1567] bridge0: port 4(gretap0) entered forwarding state [ 1569.465491][ T1580] futex_wake_op: syz.1.6769 tries to shift op by -2048; fix this program [ 1569.465562][ T1580] futex_wake_op: syz.1.6769 tries to shift op by -2048; fix this program [ 1569.512251][ T1580] 0x000000000001-0x000000020000 : "" [ 1569.567637][ T1580] ftl_cs: FTL header corrupt! [ 1570.691835][ T1606] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6775'. [ 1570.796993][ T1609] FAULT_INJECTION: forcing a failure. [ 1570.796993][ T1609] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1570.964392][ T1609] CPU: 0 UID: 0 PID: 1609 Comm: syz.4.6775 Tainted: G L syzkaller #0 PREEMPT(full) [ 1570.964423][ T1609] Tainted: [L]=SOFTLOCKUP [ 1570.964430][ T1609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1570.964440][ T1609] Call Trace: [ 1570.964447][ T1609] [ 1570.964454][ T1609] dump_stack_lvl+0x100/0x190 [ 1570.964485][ T1609] should_fail_ex.cold+0x5/0xa [ 1570.964506][ T1609] _copy_from_iter+0x1f4/0x1690 [ 1570.964528][ T1609] ? rcu_is_watching+0x12/0xc0 [ 1570.964552][ T1609] ? __pfx__copy_from_iter+0x10/0x10 [ 1570.964572][ T1609] ? __asan_memset+0x23/0x50 [ 1570.964600][ T1609] ? __build_skb_around+0x278/0x390 [ 1570.964626][ T1609] ? is_vmalloc_addr+0x86/0xa0 [ 1570.964645][ T1609] netlink_sendmsg+0x808/0xda0 [ 1570.964673][ T1609] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1570.964699][ T1609] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1570.964729][ T1609] sock_write_iter+0x566/0x610 [ 1570.964757][ T1609] ? __pfx_sock_write_iter+0x10/0x10 [ 1570.964791][ T1609] ? bpf_lsm_file_permission+0x9/0x10 [ 1570.964812][ T1609] ? security_file_permission+0x76/0x210 [ 1570.964833][ T1609] ? rw_verify_area+0xce/0x6d0 [ 1570.964862][ T1609] vfs_write+0x6ac/0x1070 [ 1570.964880][ T1609] ? __pfx_sock_write_iter+0x10/0x10 [ 1570.964909][ T1609] ? __pfx_vfs_write+0x10/0x10 [ 1570.964924][ T1609] ? find_held_lock+0x2b/0x80 [ 1570.964961][ T1609] ksys_write+0x1f8/0x250 [ 1570.964979][ T1609] ? __pfx_ksys_write+0x10/0x10 [ 1570.964997][ T1609] ? do_user_addr_fault+0x8d6/0x12f0 [ 1570.965027][ T1609] do_syscall_64+0x106/0xf80 [ 1570.965043][ T1609] ? clear_bhb_loop+0x40/0x90 [ 1570.965064][ T1609] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1570.965082][ T1609] RIP: 0033:0x7f3c2eb9bf79 [ 1570.965098][ T1609] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1570.965116][ T1609] RSP: 002b:00007f3c2fab1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1570.965135][ T1609] RAX: ffffffffffffffda RBX: 00007f3c2ee16090 RCX: 00007f3c2eb9bf79 [ 1570.965147][ T1609] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000002 [ 1570.965158][ T1609] RBP: 00007f3c2fab1090 R08: 0000000000000000 R09: 0000000000000000 [ 1570.965169][ T1609] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1570.965179][ T1609] R13: 00007f3c2ee16128 R14: 00007f3c2ee16090 R15: 00007fffe1022468 [ 1570.965201][ T1609] [ 1571.575456][ T1612] FAULT_INJECTION: forcing a failure. [ 1571.575456][ T1612] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1571.667642][ T1612] CPU: 0 UID: 0 PID: 1612 Comm: syz.2.6776 Tainted: G L syzkaller #0 PREEMPT(full) [ 1571.667674][ T1612] Tainted: [L]=SOFTLOCKUP [ 1571.667682][ T1612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1571.667693][ T1612] Call Trace: [ 1571.667700][ T1612] [ 1571.667708][ T1612] dump_stack_lvl+0x100/0x190 [ 1571.667739][ T1612] should_fail_ex.cold+0x5/0xa [ 1571.667756][ T1612] ? prepare_alloc_pages+0x16d/0x5f0 [ 1571.667783][ T1612] should_fail_alloc_page+0xeb/0x140 [ 1571.667808][ T1612] prepare_alloc_pages+0x1f0/0x5f0 [ 1571.667837][ T1612] __alloc_frozen_pages_noprof+0x193/0x2410 [ 1571.667859][ T1612] ? stack_trace_save+0x8e/0xc0 [ 1571.667898][ T1612] ? __lock_acquire+0x4a5/0x2630 [ 1571.667916][ T1612] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1571.667938][ T1612] ? __lock_acquire+0x4a5/0x2630 [ 1571.667960][ T1612] ? __lock_acquire+0x4a5/0x2630 [ 1571.667980][ T1612] ? find_held_lock+0x2b/0x80 [ 1571.668003][ T1612] ? local_lock_release+0x99/0x130 [ 1571.668027][ T1612] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1571.668054][ T1612] ? policy_nodemask+0xed/0x4f0 [ 1571.668078][ T1612] alloc_pages_mpol+0x1fb/0x550 [ 1571.668101][ T1612] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1571.668129][ T1612] alloc_pages_noprof+0x131/0x390 [ 1571.668152][ T1612] pgd_alloc+0x4d/0x640 [ 1571.668168][ T1612] ? mutex_init_lockep+0x110/0x150 [ 1571.668190][ T1612] mm_init+0x6da/0x10d0 [ 1571.668219][ T1612] mm_alloc+0x97/0xd0 [ 1571.668246][ T1612] alloc_bprm+0x2af/0x710 [ 1571.668276][ T1612] do_execveat_common.isra.0+0x19c/0x580 [ 1571.668306][ T1612] ? do_getname+0x191/0x390 [ 1571.668331][ T1612] __x64_sys_execve+0x93/0xd0 [ 1571.668350][ T1612] do_syscall_64+0x106/0xf80 [ 1571.668367][ T1612] ? clear_bhb_loop+0x40/0x90 [ 1571.668390][ T1612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1571.668408][ T1612] RIP: 0033:0x7f6dd159bf79 [ 1571.668424][ T1612] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1571.668442][ T1612] RSP: 002b:00007f6dcf7f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 1571.668461][ T1612] RAX: ffffffffffffffda RBX: 00007f6dd1815fa0 RCX: 00007f6dd159bf79 [ 1571.668473][ T1612] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 1571.668484][ T1612] RBP: 00007f6dd16327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1571.668495][ T1612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1571.668506][ T1612] R13: 00007f6dd1816038 R14: 00007f6dd1815fa0 R15: 00007ffffbf25998 [ 1571.668528][ T1612] [ 1573.209813][ T1629] netlink: 28 bytes leftover after parsing attributes in process `syz.1.6780'. [ 1574.110495][ T1633] input: jJǸ-9%vJ86 as /devices/virtual/input/input25 [ 1575.633546][ T1650] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6785'. [ 1575.842176][ T1650] Process accounting paused [ 1577.176482][ T1668] netlink: 4128 bytes leftover after parsing attributes in process `syz.3.6790'. [ 1577.247199][ T1665] futex_wake_op: syz.2.6789 tries to shift op by -2048; fix this program [ 1577.284870][ T1665] futex_wake_op: syz.2.6789 tries to shift op by -2048; fix this program [ 1577.324565][ T1665] 0x000000000001-0x000000020000 : "" [ 1577.420746][ T1665] ftl_cs: FTL header corrupt! [ 1577.914801][ T1688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6792'. [ 1578.710352][ T1697] futex_wake_op: syz.3.6795 tries to shift op by -2048; fix this program [ 1578.756395][ T1697] futex_wake_op: syz.3.6795 tries to shift op by -2048; fix this program [ 1578.800028][ T1697] 0x000000000001-0x000000020000 : "" [ 1578.837531][ T1697] ftl_cs: FTL header corrupt! [ 1578.870968][ T1700] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6796'. [ 1579.581433][ T1706] FAULT_INJECTION: forcing a failure. [ 1579.581433][ T1706] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1579.687852][ T1712] block nbd8: Unsupported socket: should be TCP or UNIX. [ 1579.739926][ T1706] CPU: 0 UID: 0 PID: 1706 Comm: syz.1.6797 Tainted: G L syzkaller #0 PREEMPT(full) [ 1579.739960][ T1706] Tainted: [L]=SOFTLOCKUP [ 1579.739968][ T1706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1579.739979][ T1706] Call Trace: [ 1579.739986][ T1706] [ 1579.739994][ T1706] dump_stack_lvl+0x100/0x190 [ 1579.740025][ T1706] should_fail_ex.cold+0x5/0xa [ 1579.740046][ T1706] get_futex_key+0x1d2/0x1620 [ 1579.740078][ T1706] ? __pfx_get_futex_key+0x10/0x10 [ 1579.740106][ T1706] ? kasan_quarantine_put+0x104/0x240 [ 1579.740124][ T1706] ? lockdep_hardirqs_on+0x78/0x100 [ 1579.740159][ T1706] futex_wake+0xea/0x530 [ 1579.740180][ T1706] ? find_held_lock+0x2b/0x80 [ 1579.740205][ T1706] ? __pfx_futex_wake+0x10/0x10 [ 1579.740229][ T1706] ? ksys_write+0x190/0x250 [ 1579.740246][ T1706] ? ksys_write+0x190/0x250 [ 1579.740267][ T1706] do_futex+0x32b/0x350 [ 1579.740285][ T1706] ? __pfx_do_futex+0x10/0x10 [ 1579.740308][ T1706] __x64_sys_futex+0x34f/0x4d0 [ 1579.740327][ T1706] ? fput+0x79/0x100 [ 1579.740349][ T1706] ? __pfx___x64_sys_futex+0x10/0x10 [ 1579.740366][ T1706] ? xfd_validate_state+0x129/0x190 [ 1579.740395][ T1706] do_syscall_64+0x106/0xf80 [ 1579.740411][ T1706] ? clear_bhb_loop+0x40/0x90 [ 1579.740433][ T1706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1579.740452][ T1706] RIP: 0033:0x7f05c3f9bf79 [ 1579.740468][ T1706] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1579.740486][ T1706] RSP: 002b:00007f05c4d930e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1579.740505][ T1706] RAX: ffffffffffffffda RBX: 00007f05c4215fa8 RCX: 00007f05c3f9bf79 [ 1579.740517][ T1706] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f05c4215fac [ 1579.740528][ T1706] RBP: 00007f05c4215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1579.740540][ T1706] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000000 [ 1579.740551][ T1706] R13: 00007f05c4216038 R14: 00007ffcecab8930 R15: 00007ffcecab8a18 [ 1579.740573][ T1706] [ 1580.689355][ T1726] FAULT_INJECTION: forcing a failure. [ 1580.689355][ T1726] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1580.752028][ T1726] CPU: 0 UID: 0 PID: 1726 Comm: syz.3.6801 Tainted: G L syzkaller #0 PREEMPT(full) [ 1580.752059][ T1726] Tainted: [L]=SOFTLOCKUP [ 1580.752066][ T1726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1580.752077][ T1726] Call Trace: [ 1580.752083][ T1726] [ 1580.752091][ T1726] dump_stack_lvl+0x100/0x190 [ 1580.752121][ T1726] should_fail_ex.cold+0x5/0xa [ 1580.752141][ T1726] get_futex_key+0x295/0x1620 [ 1580.752171][ T1726] ? __pfx_get_futex_key+0x10/0x10 [ 1580.752197][ T1726] ? lock_acquire+0x17c/0x330 [ 1580.752222][ T1726] futex_wake+0xea/0x530 [ 1580.752244][ T1726] ? __pfx_futex_wake+0x10/0x10 [ 1580.752266][ T1726] ? exit_mm_release+0x19/0x30 [ 1580.752290][ T1726] do_futex+0x32b/0x350 [ 1580.752308][ T1726] ? __pfx_do_futex+0x10/0x10 [ 1580.752324][ T1726] ? __might_fault+0xc5/0x140 [ 1580.752345][ T1726] mm_release+0x24a/0x2f0 [ 1580.752372][ T1726] do_exit+0x675/0x2a30 [ 1580.752395][ T1726] ? __pfx_do_exit+0x10/0x10 [ 1580.752415][ T1726] ? do_raw_spin_lock+0x128/0x260 [ 1580.752435][ T1726] ? find_held_lock+0x2b/0x80 [ 1580.752458][ T1726] ? get_signal+0x7e0/0x21e0 [ 1580.752486][ T1726] do_group_exit+0xd5/0x2a0 [ 1580.752508][ T1726] get_signal+0x1ec7/0x21e0 [ 1580.752539][ T1726] ? ksys_write+0x190/0x250 [ 1580.752558][ T1726] ? __pfx_get_signal+0x10/0x10 [ 1580.752585][ T1726] ? do_futex+0x192/0x350 [ 1580.752605][ T1726] arch_do_signal_or_restart+0x91/0x770 [ 1580.752633][ T1726] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1580.752658][ T1726] ? __pfx___x64_sys_futex+0x10/0x10 [ 1580.752675][ T1726] ? xfd_validate_state+0x129/0x190 [ 1580.752700][ T1726] exit_to_user_mode_loop+0x86/0x4a0 [ 1580.752718][ T1726] ? rcu_is_watching+0x12/0xc0 [ 1580.752742][ T1726] do_syscall_64+0x668/0xf80 [ 1580.752758][ T1726] ? clear_bhb_loop+0x40/0x90 [ 1580.752779][ T1726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1580.752799][ T1726] RIP: 0033:0x7fbcf599bf79 [ 1580.752814][ T1726] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1580.752832][ T1726] RSP: 002b:00007fbcf68a70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1580.752850][ T1726] RAX: fffffffffffffe00 RBX: 00007fbcf5c15fa8 RCX: 00007fbcf599bf79 [ 1580.752862][ T1726] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fbcf5c15fa8 [ 1580.752873][ T1726] RBP: 00007fbcf5c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1580.752884][ T1726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1580.752894][ T1726] R13: 00007fbcf5c16038 R14: 00007fff39824a60 R15: 00007fff39824b48 [ 1580.752916][ T1726] [ 1581.426660][ T1729] netlink: 'syz.2.6803': attribute type 5 has an invalid length. [ 1581.457161][ T1729] netlink: 'syz.2.6803': attribute type 1 has an invalid length. [ 1581.464996][ T1729] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6803'. [ 1581.503788][ T1731] netlink: 'syz.2.6803': attribute type 5 has an invalid length. [ 1581.525274][ T1731] netlink: 'syz.2.6803': attribute type 1 has an invalid length. [ 1581.545051][ T1731] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6803'. [ 1581.752154][ T1735] bridge0: port 3(gretap0) entered blocking state [ 1581.773371][ T1735] bridge0: port 3(gretap0) entered disabled state [ 1581.783661][ T1735] gretap0: entered allmulticast mode [ 1581.804641][ T1735] FAULT_INJECTION: forcing a failure. [ 1581.804641][ T1735] name failslab, interval 1, probability 0, space 0, times 0 [ 1581.843528][ T1735] CPU: 0 UID: 0 PID: 1735 Comm: syz.2.6805 Tainted: G L syzkaller #0 PREEMPT(full) [ 1581.843560][ T1735] Tainted: [L]=SOFTLOCKUP [ 1581.843567][ T1735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1581.843579][ T1735] Call Trace: [ 1581.843585][ T1735] [ 1581.843593][ T1735] dump_stack_lvl+0x100/0x190 [ 1581.843624][ T1735] should_fail_ex.cold+0x5/0xa [ 1581.843654][ T1735] should_failslab+0xc2/0x120 [ 1581.843676][ T1735] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 1581.843700][ T1735] ? __alloc_skb+0x156/0x410 [ 1581.843724][ T1735] ? __alloc_skb+0x156/0x410 [ 1581.843742][ T1735] __alloc_skb+0x156/0x410 [ 1581.843760][ T1735] ? __alloc_skb+0x35d/0x410 [ 1581.843779][ T1735] ? __pfx___alloc_skb+0x10/0x10 [ 1581.843800][ T1735] ? rtnl_prop_list_size+0x144/0x2c0 [ 1581.843822][ T1735] ? if_nlmsg_size+0x4a4/0xb30 [ 1581.843848][ T1735] rtmsg_ifinfo_build_skb+0x81/0x260 [ 1581.843878][ T1735] rtnetlink_event+0x137/0x1f0 [ 1581.843905][ T1735] notifier_call_chain+0x99/0x3b0 [ 1581.843928][ T1735] call_netdevice_notifiers_info+0xbe/0x110 [ 1581.843957][ T1735] __netdev_upper_dev_link+0x43c/0x7e0 [ 1581.843988][ T1735] ? __pfx___netdev_upper_dev_link+0x10/0x10 [ 1581.844015][ T1735] ? kernfs_root+0xf8/0x2a0 [ 1581.844041][ T1735] ? kernfs_add_one+0x214/0x850 [ 1581.844073][ T1735] netdev_master_upper_dev_link+0x9f/0xd0 [ 1581.844102][ T1735] ? __pfx_netdev_master_upper_dev_link+0x10/0x10 [ 1581.844133][ T1735] ? lockdep_rtnl_is_held+0x26/0x40 [ 1581.844149][ T1735] ? netdev_is_rx_handler_busy+0x83/0x140 [ 1581.844176][ T1735] br_add_if+0x9fd/0x1b40 [ 1581.844199][ T1735] ? security_capable+0x80/0x260 [ 1581.844229][ T1735] add_del_if+0x114/0x160 [ 1581.844250][ T1735] br_dev_siocdevprivate+0x8ac/0x1650 [ 1581.844274][ T1735] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1581.844305][ T1735] ? lock_acquire+0x17c/0x330 [ 1581.844325][ T1735] ? __pfx___might_resched+0x10/0x10 [ 1581.844351][ T1735] ? netdev_name_node_lookup+0x107/0x150 [ 1581.844371][ T1735] ? __mutex_lock+0x26a/0x1b90 [ 1581.844392][ T1735] dev_ifsioc+0xc15/0x1eb0 [ 1581.844415][ T1735] ? __pfx_dev_ifsioc+0x10/0x10 [ 1581.844433][ T1735] ? __pfx___mutex_lock+0x10/0x10 [ 1581.844458][ T1735] ? dev_load+0x8e/0x240 [ 1581.844476][ T1735] ? dev_load+0x8e/0x240 [ 1581.844505][ T1735] dev_ioctl+0x70e/0x1070 [ 1581.844527][ T1735] sock_ioctl+0x494/0x6b0 [ 1581.844545][ T1735] ? __pfx_sock_ioctl+0x10/0x10 [ 1581.844560][ T1735] ? hook_file_ioctl_common+0x146/0x410 [ 1581.844584][ T1735] ? __fget_files+0x21f/0x3d0 [ 1581.844607][ T1735] ? __pfx_sock_ioctl+0x10/0x10 [ 1581.844625][ T1735] __x64_sys_ioctl+0x18e/0x210 [ 1581.844660][ T1735] do_syscall_64+0x106/0xf80 [ 1581.844677][ T1735] ? clear_bhb_loop+0x40/0x90 [ 1581.844700][ T1735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1581.844719][ T1735] RIP: 0033:0x7f6dd159bf79 [ 1581.844738][ T1735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1581.844758][ T1735] RSP: 002b:00007f6dcf7f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1581.844777][ T1735] RAX: ffffffffffffffda RBX: 00007f6dd1815fa0 RCX: 00007f6dd159bf79 [ 1581.844789][ T1735] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000007 [ 1581.844800][ T1735] RBP: 00007f6dd16327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1581.844811][ T1735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1581.844821][ T1735] R13: 00007f6dd1816038 R14: 00007f6dd1815fa0 R15: 00007ffffbf25998 [ 1581.844845][ T1735] [ 1581.849824][ T1735] bridge0: port 3(gretap0) entered blocking state [ 1582.197621][ T1735] bridge0: port 3(gretap0) entered forwarding state [ 1582.562763][ T1750] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6809'. [ 1582.590228][ T1750] netlink: 'syz.4.6809': attribute type 1 has an invalid length. [ 1582.608332][ T1750] netlink: 13 bytes leftover after parsing attributes in process `syz.4.6809'. [ 1582.623568][ T1750] FAULT_INJECTION: forcing a failure. [ 1582.623568][ T1750] name failslab, interval 1, probability 0, space 0, times 0 [ 1582.668427][ T1750] CPU: 0 UID: 0 PID: 1750 Comm: syz.4.6809 Tainted: G L syzkaller #0 PREEMPT(full) [ 1582.668460][ T1750] Tainted: [L]=SOFTLOCKUP [ 1582.668466][ T1750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1582.668476][ T1750] Call Trace: [ 1582.668484][ T1750] [ 1582.668491][ T1750] dump_stack_lvl+0x100/0x190 [ 1582.668521][ T1750] should_fail_ex.cold+0x5/0xa [ 1582.668540][ T1750] should_failslab+0xc2/0x120 [ 1582.668563][ T1750] kmem_cache_alloc_node_noprof+0x8c/0x880 [ 1582.668586][ T1750] ? __alloc_skb+0x156/0x410 [ 1582.668604][ T1750] ? __alloc_skb+0x35d/0x410 [ 1582.668634][ T1750] ? __alloc_skb+0x156/0x410 [ 1582.668653][ T1750] __alloc_skb+0x156/0x410 [ 1582.668671][ T1750] ? __alloc_skb+0x35d/0x410 [ 1582.668689][ T1750] ? __pfx___alloc_skb+0x10/0x10 [ 1582.668717][ T1750] netlink_ack+0x117/0xb80 [ 1582.668746][ T1750] netlink_rcv_skb+0x333/0x420 [ 1582.668770][ T1750] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1582.668790][ T1750] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1582.668823][ T1750] ? ns_capable+0xd2/0xf0 [ 1582.668850][ T1750] nfnetlink_rcv+0x1b3/0x440 [ 1582.668868][ T1750] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1582.668884][ T1750] ? netlink_deliver_tap+0x1ae/0xcc0 [ 1582.668910][ T1750] netlink_unicast+0x5aa/0x870 [ 1582.668937][ T1750] ? __pfx_netlink_unicast+0x10/0x10 [ 1582.668959][ T1750] ? __asan_memset+0x23/0x50 [ 1582.668986][ T1750] ? __build_skb_around+0x278/0x390 [ 1582.669005][ T1750] ? is_vmalloc_addr+0x86/0xa0 [ 1582.669024][ T1750] netlink_sendmsg+0x8b0/0xda0 [ 1582.669051][ T1750] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1582.669082][ T1750] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1582.669113][ T1750] sock_write_iter+0x566/0x610 [ 1582.669141][ T1750] ? __pfx_sock_write_iter+0x10/0x10 [ 1582.669175][ T1750] ? bpf_lsm_file_permission+0x9/0x10 [ 1582.669196][ T1750] ? security_file_permission+0x76/0x210 [ 1582.669217][ T1750] ? rw_verify_area+0xce/0x6d0 [ 1582.669246][ T1750] vfs_write+0x6ac/0x1070 [ 1582.669265][ T1750] ? __pfx_sock_write_iter+0x10/0x10 [ 1582.669293][ T1750] ? __pfx_vfs_write+0x10/0x10 [ 1582.669309][ T1750] ? find_held_lock+0x2b/0x80 [ 1582.669347][ T1750] ksys_write+0x1f8/0x250 [ 1582.669365][ T1750] ? __pfx_ksys_write+0x10/0x10 [ 1582.669389][ T1750] do_syscall_64+0x106/0xf80 [ 1582.669406][ T1750] ? clear_bhb_loop+0x40/0x90 [ 1582.669428][ T1750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1582.669447][ T1750] RIP: 0033:0x7f3c2eb9bf79 [ 1582.669462][ T1750] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1582.669480][ T1750] RSP: 002b:00007f3c2fad2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1582.669498][ T1750] RAX: ffffffffffffffda RBX: 00007f3c2ee15fa0 RCX: 00007f3c2eb9bf79 [ 1582.669510][ T1750] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000007 [ 1582.669521][ T1750] RBP: 00007f3c2fad2090 R08: 0000000000000000 R09: 0000000000000000 [ 1582.669532][ T1750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1582.669542][ T1750] R13: 00007f3c2ee16038 R14: 00007f3c2ee15fa0 R15: 00007fffe1022468 [ 1582.669565][ T1750] [ 1583.701771][ T1754] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6810'. [ 1583.821693][ T1757] FAULT_INJECTION: forcing a failure. [ 1583.821693][ T1757] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1583.885147][ T1757] CPU: 0 UID: 0 PID: 1757 Comm: syz.1.6811 Tainted: G L syzkaller #0 PREEMPT(full) [ 1583.885178][ T1757] Tainted: [L]=SOFTLOCKUP [ 1583.885185][ T1757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1583.885195][ T1757] Call Trace: [ 1583.885201][ T1757] [ 1583.885208][ T1757] dump_stack_lvl+0x100/0x190 [ 1583.885238][ T1757] should_fail_ex.cold+0x5/0xa [ 1583.885255][ T1757] ? prepare_alloc_pages+0x16d/0x5f0 [ 1583.885281][ T1757] should_fail_alloc_page+0xeb/0x140 [ 1583.885305][ T1757] prepare_alloc_pages+0x1f0/0x5f0 [ 1583.885332][ T1757] __alloc_frozen_pages_noprof+0x193/0x2410 [ 1583.885354][ T1757] ? __lock_acquire+0x4a5/0x2630 [ 1583.885376][ T1757] ? __lock_acquire+0x4a5/0x2630 [ 1583.885399][ T1757] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1583.885420][ T1757] ? __lock_acquire+0x4a5/0x2630 [ 1583.885447][ T1757] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1583.885472][ T1757] ? policy_nodemask+0xed/0x4f0 [ 1583.885496][ T1757] alloc_pages_mpol+0x1fb/0x550 [ 1583.885519][ T1757] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1583.885541][ T1757] ? widen_string+0xdb/0x2f0 [ 1583.885568][ T1757] alloc_pages_noprof+0x131/0x390 [ 1583.885592][ T1757] __pmd_alloc+0x3b/0x9c0 [ 1583.885618][ T1757] __handle_mm_fault+0xa99/0x2b50 [ 1583.885656][ T1757] ? mt_find+0x45e/0x8e0 [ 1583.885675][ T1757] ? __pfx___handle_mm_fault+0x10/0x10 [ 1583.885702][ T1757] ? __pfx_mt_find+0x10/0x10 [ 1583.885732][ T1757] ? find_vma+0xbf/0x140 [ 1583.885752][ T1757] ? __pfx_find_vma+0x10/0x10 [ 1583.885776][ T1757] handle_mm_fault+0x36d/0xa20 [ 1583.885808][ T1757] do_user_addr_fault+0x74c/0x12f0 [ 1583.885841][ T1757] exc_page_fault+0x6f/0xd0 [ 1583.885869][ T1757] asm_exc_page_fault+0x26/0x30 [ 1583.885886][ T1757] RIP: 0010:__get_user_4+0x14/0x20 [ 1583.885910][ T1757] Code: 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 1583.885928][ T1757] RSP: 0018:ffffc90004927c38 EFLAGS: 00050287 [ 1583.885944][ T1757] RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffc90004927bdc [ 1583.885956][ T1757] RDX: 00007ffffffff000 RSI: ffffffff8253d381 RDI: ffffffff8bfa8e20 [ 1583.885967][ T1757] RBP: ffffc90004927ec0 R08: 0000000000000001 R09: 00000000000001c5 [ 1583.885978][ T1757] R10: 0000000000000200 R11: 0000000000000000 R12: ffff8880292ca130 [ 1583.885988][ T1757] R13: 1ffff92000924f8f R14: ffff888029299b60 R15: ffff8880328b3800 [ 1583.886007][ T1757] ? __might_fault+0x111/0x140 [ 1583.886027][ T1757] usbdev_ioctl+0x22ea/0x3aa0 [ 1583.886056][ T1757] ? __pfx_usbdev_ioctl+0x10/0x10 [ 1583.886086][ T1757] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1583.886112][ T1757] ? do_vfs_ioctl+0x226/0x13e0 [ 1583.886139][ T1757] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1583.886172][ T1757] ? find_held_lock+0x2b/0x80 [ 1583.886196][ T1757] ? __fget_files+0x215/0x3d0 [ 1583.886212][ T1757] ? hook_file_ioctl_common+0x146/0x410 [ 1583.886237][ T1757] ? __fget_files+0x21f/0x3d0 [ 1583.886258][ T1757] ? __pfx_usbdev_ioctl+0x10/0x10 [ 1583.886283][ T1757] __x64_sys_ioctl+0x18e/0x210 [ 1583.886312][ T1757] do_syscall_64+0x106/0xf80 [ 1583.886327][ T1757] ? clear_bhb_loop+0x40/0x90 [ 1583.886349][ T1757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1583.886367][ T1757] RIP: 0033:0x7f05c3f9bf79 [ 1583.886382][ T1757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1583.886399][ T1757] RSP: 002b:00007f05c4d93028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1583.886415][ T1757] RAX: ffffffffffffffda RBX: 00007f05c4215fa0 RCX: 00007f05c3f9bf79 [ 1583.886427][ T1757] RDX: 0000000000000000 RSI: 0000000080045505 RDI: 0000000000000003 [ 1583.886437][ T1757] RBP: 00007f05c4d93090 R08: 0000000000000000 R09: 0000000000000000 [ 1583.886448][ T1757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1583.886458][ T1757] R13: 00007f05c4216038 R14: 00007f05c4215fa0 R15: 00007ffcecab8a18 [ 1583.886482][ T1757] [ 1584.479215][ T1760] blktrace: Concurrent blktraces are not allowed on loop2 [ 1586.686742][ T1801] futex_wake_op: syz.1.6822 tries to shift op by -2048; fix this program [ 1586.712035][ T1803] FAULT_INJECTION: forcing a failure. [ 1586.712035][ T1803] name failslab, interval 1, probability 0, space 0, times 0 [ 1586.736502][ T1801] futex_wake_op: syz.1.6822 tries to shift op by -2048; fix this program [ 1586.767393][ T1803] CPU: 0 UID: 0 PID: 1803 Comm: syz.3.6823 Tainted: G L syzkaller #0 PREEMPT(full) [ 1586.767424][ T1803] Tainted: [L]=SOFTLOCKUP [ 1586.767432][ T1803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1586.767442][ T1803] Call Trace: [ 1586.767450][ T1803] [ 1586.767457][ T1803] dump_stack_lvl+0x100/0x190 [ 1586.767488][ T1803] should_fail_ex.cold+0x5/0xa [ 1586.767509][ T1803] should_failslab+0xc2/0x120 [ 1586.767532][ T1803] kmem_cache_alloc_noprof+0x83/0x780 [ 1586.767553][ T1803] ? __pfx_map_id_range_down+0x10/0x10 [ 1586.767575][ T1803] ? security_inode_alloc+0x3b/0x2c0 [ 1586.767608][ T1803] ? security_inode_alloc+0x3b/0x2c0 [ 1586.767644][ T1803] security_inode_alloc+0x3b/0x2c0 [ 1586.767674][ T1803] inode_init_always_gfp+0xced/0x1040 [ 1586.767698][ T1803] alloc_inode+0x8e/0x250 [ 1586.767723][ T1803] path_from_stashed+0x25b/0x750 [ 1586.767744][ T1803] ? do_raw_spin_unlock+0x145/0x1e0 [ 1586.767776][ T1803] ns_get_path+0x60/0x80 [ 1586.767796][ T1803] proc_ns_get_link+0x121/0x230 [ 1586.767821][ T1803] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1586.767846][ T1803] ? atime_needs_update+0x8b/0x6b0 [ 1586.767875][ T1803] pick_link+0xd17/0x13c0 [ 1586.767901][ T1803] ? __pfx_proc_ns_get_link+0x10/0x10 [ 1586.767927][ T1803] step_into_slowpath+0x9ba/0xf90 [ 1586.767960][ T1803] ? __pfx_step_into_slowpath+0x10/0x10 [ 1586.767988][ T1803] ? find_held_lock+0x2b/0x80 [ 1586.768019][ T1803] path_openat+0xf95/0x31a0 [ 1586.768048][ T1803] ? __pfx_path_openat+0x10/0x10 [ 1586.768076][ T1803] do_file_open+0x20e/0x430 [ 1586.768099][ T1803] ? __pfx_do_file_open+0x10/0x10 [ 1586.768135][ T1803] ? alloc_fd+0x476/0x790 [ 1586.768155][ T1803] ? do_getname+0x191/0x390 [ 1586.768182][ T1803] do_sys_openat2+0x10d/0x1e0 [ 1586.768207][ T1803] ? __pfx_do_sys_openat2+0x10/0x10 [ 1586.768240][ T1803] __x64_sys_openat+0x12d/0x210 [ 1586.768266][ T1803] ? __pfx___x64_sys_openat+0x10/0x10 [ 1586.768303][ T1803] ? do_user_addr_fault+0x8d6/0x12f0 [ 1586.768334][ T1803] do_syscall_64+0x106/0xf80 [ 1586.768352][ T1803] ? clear_bhb_loop+0x40/0x90 [ 1586.768374][ T1803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1586.768393][ T1803] RIP: 0033:0x7fbcf595c84e [ 1586.768409][ T1803] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1586.768427][ T1803] RSP: 002b:00007fbcf68a6ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1586.768446][ T1803] RAX: ffffffffffffffda RBX: 00007fbcf68a76c0 RCX: 00007fbcf595c84e [ 1586.768458][ T1803] RDX: 0000000000000002 RSI: 00007fbcf68a6f90 RDI: ffffffffffffff9c [ 1586.768470][ T1803] RBP: 00007fbcf5a327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1586.768481][ T1803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1586.768492][ T1803] R13: 00007fbcf5c16038 R14: 00007fbcf5c15fa0 R15: 00007fff39824b48 [ 1586.768516][ T1803] [ 1587.342827][ T1807] 0x000000000001-0x000000020000 : "" [ 1587.497447][ T1807] ftl_cs: FTL header corrupt! [ 1588.166561][ T1821] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6827'. [ 1589.721964][ T1855] netlink: 330 bytes leftover after parsing attributes in process `syz.1.6832'. [ 1590.325145][ T1859] netlink: 330 bytes leftover after parsing attributes in process `syz.2.6833'. [ 1591.532550][ T1873] FAULT_INJECTION: forcing a failure. [ 1591.532550][ T1873] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1591.579751][ T1873] CPU: 0 UID: 0 PID: 1873 Comm: syz.3.6836 Tainted: G L syzkaller #0 PREEMPT(full) [ 1591.579781][ T1873] Tainted: [L]=SOFTLOCKUP [ 1591.579788][ T1873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1591.579798][ T1873] Call Trace: [ 1591.579804][ T1873] [ 1591.579812][ T1873] dump_stack_lvl+0x100/0x190 [ 1591.579841][ T1873] should_fail_ex.cold+0x5/0xa [ 1591.579861][ T1873] _copy_from_iter+0x1f4/0x1690 [ 1591.579884][ T1873] ? __alloc_skb+0x220/0x410 [ 1591.579902][ T1873] ? __alloc_skb+0x35d/0x410 [ 1591.579922][ T1873] ? __pfx__copy_from_iter+0x10/0x10 [ 1591.579941][ T1873] ? netlink_autobind.isra.0+0x140/0x370 [ 1591.579972][ T1873] netlink_sendmsg+0x808/0xda0 [ 1591.580000][ T1873] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1591.580026][ T1873] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1591.580056][ T1873] sock_write_iter+0x566/0x610 [ 1591.580084][ T1873] ? __pfx_sock_write_iter+0x10/0x10 [ 1591.580119][ T1873] ? bpf_lsm_file_permission+0x9/0x10 [ 1591.580140][ T1873] ? security_file_permission+0x76/0x210 [ 1591.580161][ T1873] ? rw_verify_area+0xce/0x6d0 [ 1591.580190][ T1873] vfs_write+0x6ac/0x1070 [ 1591.580208][ T1873] ? __pfx_sock_write_iter+0x10/0x10 [ 1591.580237][ T1873] ? __pfx_vfs_write+0x10/0x10 [ 1591.580253][ T1873] ? find_held_lock+0x2b/0x80 [ 1591.580289][ T1873] ksys_write+0x1f8/0x250 [ 1591.580307][ T1873] ? __pfx_ksys_write+0x10/0x10 [ 1591.580331][ T1873] do_syscall_64+0x106/0xf80 [ 1591.580347][ T1873] ? clear_bhb_loop+0x40/0x90 [ 1591.580369][ T1873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1591.580388][ T1873] RIP: 0033:0x7fbcf599bf79 [ 1591.580404][ T1873] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1591.580422][ T1873] RSP: 002b:00007fbcf68a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1591.580440][ T1873] RAX: ffffffffffffffda RBX: 00007fbcf5c15fa0 RCX: 00007fbcf599bf79 [ 1591.580452][ T1873] RDX: 00000000000002fb RSI: 0000200000000000 RDI: 0000000000000003 [ 1591.580463][ T1873] RBP: 00007fbcf68a7090 R08: 0000000000000000 R09: 0000000000000000 [ 1591.580474][ T1873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1591.580484][ T1873] R13: 00007fbcf5c16038 R14: 00007fbcf5c15fa0 R15: 00007fff39824b48 [ 1591.580506][ T1873] [ 1592.470849][ T1886] BUG: Bad rss-counter state mm:ffff8880542355c0 type:MM_FILEPAGES val:193 Comm:syz.3.6841 Pid:1886 SeaBIOS (version 1.8.2-google) Total RAM Size = 0x0000000200000000 = 8192 MiB CPUs found: 2 Max CPUs supported: 2 SeaBIOS (version 1.8.2-google) Machine UUID 7a18aca2-05e1-c491-36fa-c3e4aa5ac8fa found virtio-scsi at 0:3 virtio-scsi vendor='Google' product='PersistentDisk' rev='1' type=0 removable=0 virtio-scsi blksize=512 sectors=4194304 = 2048 MiB drive 0x000f2690: PCHS=0/0/0 translation=lba LCHS=520/128/63 s=4194304 Sending Seabios boot VM event. Booting from Hard Disk 0... [ 0.000000][ T0] Linux version syzkaller (syzkaller@syzkaller) (gcc (Debian 14.2.0-19) 14.2.0, GNU ld (GNU Binutils for Debian) 2.44) #0 SMP PREEMPT_DYNAMIC now [ 0.000000][ T0] Command line: BOOT_IMAGE=/boot/bzImage root=/dev/sda1 console=ttyS0 [ 0.000000][ T0] KERNEL supported cpus: [ 0.000000][ T0] Intel GenuineIntel [ 0.000000][ T0] AMD AuthenticAMD [ 0.000000][ T0] x86/CPU: Model not found in latest microcode list [ 0.000000][ T0] BIOS-provided physical RAM map: [ 0.000000][ T0] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] System RAM [ 0.000000][ T0] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] device reserved [ 0.000000][ T0] BIOS-e820: [gap 0x00000000000a0000-0x00000000000effff] [ 0.000000][ T0] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] device reserved [ 0.000000][ T0] BIOS-e820: [mem 0x0000000000100000-0x00000000bfffcfff] System RAM [ 0.000000][ T0] BIOS-e820: [mem 0x00000000bfffd000-0x00000000bfffffff] device reserved [ 0.000000][ T0] BIOS-e820: [gap 0x00000000c0000000-0x00000000fffbbfff] [ 0.000000][ T0] BIOS-e820: [mem 0x00000000fffbc000-0x00000000ffffffff] device reserved [ 0.000000][ T0] BIOS-e820: [mem 0x0000000100000000-0x000000023fffffff] System RAM [ 0.000000][ T0] printk: legacy bootconsole [earlyser0] enabled [ 0.000000][ T0] ERROR: earlyprintk= earlyser already used [ 0.000000][ T0] ERROR: earlyprintk= earlyser already used [ 0.000000][ T0] Hash pointers mode set to never. [ 0.000000][ T0] Malformed early option 'vsyscall' [ 0.000000][ T0] nopcid: PCID feature disabled [ 0.000000][ T0] NX (Execute Disable) protection: active [ 0.000000][ T0] APIC: Static calls initialized [ 0.000000][ T0] SMBIOS 2.4 present. [ 0.000000][ T0] DMI: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 0.000000][ T0] DMI: Memory slots populated: 1/1 [ 0.000000][ T0] Hypervisor detected: KVM [ 0.000000][ T0] last_pfn = 0xbfffd max_arch_pfn = 0x400000000 [ 0.000000][ T0] kvm-clock: Using msrs 4b564d01 and 4b564d00 [ 0.000004][ T0] kvm-clock: using sched offset of 5273703689 cycles [ 0.002377][ T0] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns [ 0.009074][ T0] tsc: Detected 2199.998 MHz processor [ 0.019692][ T0] last_pfn = 0x240000 max_arch_pfn = 0x400000000 [ 0.022277][ T0] MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs [ 0.025587][ T0] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- WT [ 0.028660][ T0] last_pfn = 0xbfffd max_arch_pfn = 0x400000000 [ 0.037337][ T0] found SMP MP-table at [mem 0x000f2950-0x000f295f] [ 0.039772][ T0] Using GB pages for direct mapping [ 0.045895][ T0] ACPI: Early table checksum verification disabled [ 0.048334][ T0] ACPI: RSDP 0x00000000000F26D0 000014 (v00 Google) [ 0.050895][ T0] ACPI: RSDT 0x00000000BFFFFFA0 000038 (v01 Google GOOGRSDT 00000001 GOOG 00000001) [ 0.054598][ T0] ACPI: FACP 0x00000000BFFFF330 0000F4 (v02 Google GOOGFACP 00000001 GOOG 00000001) [ 0.058293][ T0] ACPI: DSDT 0x00000000BFFFD8C0 001A64 (v01 Google GOOGDSDT 00000001 GOOG 00000001) [ 0.062013][ T0] ACPI: FACS 0x00000000BFFFD880 000040 [ 0.064226][ T0] ACPI: FACS 0x00000000BFFFD880 000040 [ 0.066353][ T0] ACPI: SRAT 0x00000000BFFFFE60 0000C8 (v03 Google GOOGSRAT 00000001 GOOG 00000001) [ 0.069903][ T0] ACPI: APIC 0x00000000BFFFFDB0 000076 (v05 Google GOOGAPIC 00000001 GOOG 00000001) [ 0.073502][ T0] ACPI: SSDT 0x00000000BFFFF430 000980 (v01 Google GOOGSSDT 00000001 GOOG 00000001) [ 0.077218][ T0] ACPI: WAET 0x00000000BFFFFE30 000028 (v01 Google GOOGWAET 00000001 GOOG 00000001) [ 0.080787][ T0] ACPI: Reserving FACP table memory at [mem 0xbffff330-0xbffff423] [ 0.083960][ T0] ACPI: Reserving DSDT table memory at [mem 0xbfffd8c0-0xbffff323] [ 0.087065][ T0] ACPI: Reserving FACS table memory at [mem 0xbfffd880-0xbfffd8bf] [ 0.090210][ T0] ACPI: Reserving FACS table memory at [mem 0xbfffd880-0xbfffd8bf] [ 0.093611][ T0] ACPI: Reserving SRAT table memory at [mem 0xbffffe60-0xbfffff27] [ 0.096853][ T0] ACPI: Reserving APIC table memory at [mem 0xbffffdb0-0xbffffe25] [ 0.100161][ T0] ACPI: Reserving SSDT table memory at [mem 0xbffff430-0xbffffdaf] [ 0.103597][ T0] ACPI: Reserving WAET table memory at [mem 0xbffffe30-0xbffffe57] [ 0.106975][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00000000-0x0009ffff] [ 0.109764][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x00100000-0xbfffffff] [ 0.112629][ T0] ACPI: SRAT: Node 0 PXM 0 [mem 0x100000000-0x23fffffff] [ 0.115383][ T0] NUMA: Node 0 [mem 0x00001000-0x0009ffff] + [mem 0x00100000-0xbfffffff] -> [mem 0x00001000-0xbfffffff] [ 0.119812][ T0] NUMA: Node 0 [mem 0x00001000-0xbfffffff] + [mem 0x100000000-0x23fffffff] -> [mem 0x00001000-0x23fffffff] [ 0.124332][ T0] Faking node 0 at [mem 0x0000000000001000-0x0000000140000fff] (5120MB) [ 0.127502][ T0] Faking node 1 at [mem 0x0000000140001000-0x000000023fffffff] (4095MB) [ 0.131354][ T0] NODE_DATA(0) allocated [mem 0x13fffb400-0x140000fff] [ 0.134582][ T0] NODE_DATA(1) allocated [mem 0x23fff7400-0x23fffcfff] [ 0.166035][ T0] Zone ranges: [ 0.167302][ T0] DMA [mem 0x0000000000001000-0x0000000000ffffff] [ 0.170256][ T0] DMA32 [mem 0x0000000001000000-0x00000000ffffffff] [ 0.173177][ T0] Normal [mem 0x0000000100000000-0x000000023fffffff] [ 0.175933][ T0] Device empty [ 0.177432][ T0] Movable zone start for each node [ 0.179460][ T0] Early memory node ranges [ 0.181140][ T0] node 0: [mem 0x0000000000001000-0x000000000009efff] [ 0.183950][ T0] node 0: [mem 0x0000000000100000-0x00000000bfffcfff] [ 0.186935][ T0] node 0: [mem 0x0000000100000000-0x0000000140000fff] [ 0.189784][ T0] node 1: [mem 0x0000000140001000-0x000000023fffffff] [ 0.192683][ T0] Initmem setup node 0 [mem 0x0000000000001000-0x0000000140000fff] [ 0.196132][ T0] Initmem setup node 1 [mem 0x0000000140001000-0x000000023fffffff] [ 0.199504][ T0] On node 0, zone DMA: 1 pages in unavailable ranges [ 0.202434][ T0] On node 0, zone DMA: 97 pages in unavailable ranges [ 0.287834][ T0] On node 0, zone Normal: 3 pages in unavailable ranges [ 0.610492][ T0] KernelAddressSanitizer initialized (generic) [ 0.613930][ T0] ACPI: PM-Timer IO Port: 0xb008 [ 0.615849][ T0] ACPI: LAPIC_NMI (acpi_id[0xff] dfl dfl lint[0x1]) [ 0.618457][ T0] IOAPIC[0]: apic_id 0, version 17, address 0xfec00000, GSI 0-23 [ 0.621781][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 5 global_irq 5 high level) [ 0.624837][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 high level) [ 0.627698][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 10 global_irq 10 high level) [ 0.631819][ T0] ACPI: INT_SRC_OVR (bus 0 bus_irq 11 global_irq 11 high level) [ 0.634978][ T0] ACPI: Using ACPI (MADT) for SMP configuration information [ 0.637656][ T0] CPU topo: Max. logical packages: 1 [ 0.639821][ T0] CPU topo: Max. logical dies: 1 [ 0.642013][ T0] CPU topo: Max. dies per package: 1 [ 0.644010][ T0] CPU topo: Max. threads per core: 2 [ 0.646033][ T0] CPU topo: Num. cores per package: 1 [ 0.648108][ T0] CPU topo: Num. threads per package: 2 [ 0.650008][ T0] CPU topo: Allowing 2 present CPUs plus 0 hotplug CPUs [ 0.652743][ T0] PM: hibernation: Registered nosave memory: [mem 0x00000000-0x00000fff] [ 0.655812][ T0] PM: hibernation: Registered nosave memory: [mem 0x0009f000-0x000fffff] [ 0.658936][ T0] PM: hibernation: Registered nosave memory: [mem 0xbfffd000-0xffffffff] [ 0.662481][ T0] [gap 0xc0000000-0xfffbbfff] available for PCI devices [ 0.665383][ T0] Booting paravirtualized kernel on KVM [ 0.667573][ T0] clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 0.761515][ T0] setup_percpu: NR_CPUS:8 nr_cpumask_bits:2 nr_cpu_ids:2 nr_node_ids:2 [ 0.765779][ T0] percpu: Embedded 71 pages/cpu s250376 r8192 d32248 u1048576 [ 0.768870][ T0] kvm-guest: PV spinlocks enabled [ 0.770694][ T0] PV qspinlock hash table entries: 256 (order: 0, 4096 bytes, linear) [ 0.774009][ T0] Kernel command line: earlyprintk=serial net.ifnames=0 sysctl.kernel.hung_task_all_cpu_backtrace=1 ima_policy=tcb nf-conntrack-ftp.ports=20000 nf-conntrack-tftp.ports=20000 nf-conntrack-sip.ports=20000 nf-conntrack-irc.ports=20000 nf-conntrack-sane.ports=20000 binder.debug_mask=0 rcupdate.rcu_expedited=1 rcupdate.rcu_cpu_stall_cputime=1 no_hash_pointers page_owner=on sysctl.vm.nr_hugepages=4 sysctl.vm.nr_overcommit_hugepages=4 secretmem.enable=1 sysctl.max_rcu_stall_to_panic=1 msr.allow_writes=off coredump_filter=0xffff root=/dev/sda console=ttyS0 vsyscall=native numa=fake=2 kvm-intel.nested=1 spec_store_bypass_disable=prctl nopcid vivid.n_devs=64 vivid.multiplanar=1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2,1,2 netrom.nr_ndevs=32 rose.rose_ndevs=32 smp.csd_lock_timeout=100000 watchdog_thresh=55 workqueue.watchdog_thresh=140 sysctl.net.core.netdev_unregister_timeout_secs=140 dummy_hcd.num=32 max_loop=32 nbds_max=32 \ [ 0.808224][ T0] Kernel command line: comedi.comedi_num_legacy_minors=4 panic_on_warn=1 BOOT_IMAGE=/boot/bzImage root=/dev/sda1 console=ttyS0 [ 0.820070][ T0] Unknown kernel command line parameters "nbds_max=32", will be passed to user space. [ 0.824048][ T0] random: crng init done [ 0.825778][ T0] printk: log buffer data + meta data: 262144 + 917504 = 1179648 bytes [ 0.829353][ T0] software IO TLB: area num 2. [ 0.855138][ T0] Fallback order for Node 0: 0 1 [ 0.855166][ T0] Fallback order for Node 1: 1 0 [ 0.855186][ T0] Built 2 zonelists, mobility grouping on. Total pages: 2097051 [ 0.862395][ T0] Policy zone: Normal [ 0.864654][ T0] mem auto-init: stack:all(zero), heap alloc:on, heap free:off [ 0.867823][ T0] stackdepot: allocating hash table via alloc_large_system_hash [ 0.871012][ T0] stackdepot hash table entries: 1048576 (order: 12, 16777216 bytes, linear) [ 0.878502][ T0] stackdepot: allocating space for 8192 stack pools via memblock [ 1.560293][ T0] ********************************************************** [ 1.563323][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 1.566311][ T0] ** ** [ 1.569172][ T0] ** This system shows unhashed kernel memory addresses ** [ 1.571976][ T0] ** via the console, logs, and other interfaces. This ** [ 1.575146][ T0] ** might reduce the security of your system. ** [ 1.577984][ T0] ** ** [ 1.580928][ T0] ** If you see this message and you are not debugging ** [ 1.584034][ T0] ** the kernel, report this immediately to your system ** [ 1.586805][ T0] ** administrator! ** [ 1.589752][ T0] ** ** [ 1.592704][ T0] ** Use hash_pointers=always to force this mode off ** [ 1.595573][ T0] ** ** [ 1.598412][ T0] ** NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE NOTICE ** [ 1.601120][ T0] ********************************************************** [ 1.605924][ T0] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=2 [ 1.710497][ T0] allocated 167772160 bytes of page_ext [ 1.712842][ T0] Node 0, zone DMA: page owner found early allocated 0 pages [ 1.744240][ T0] Node 0, zone DMA32: page owner found early allocated 21120 pages [ 1.765886][ T0] Node 0, zone Normal: page owner found early allocated 102 pages [ 1.787315][ T0] Node 1, zone Normal: page owner found early allocated 19843 pages [ 1.791317][ T0] Kernel/User page tables isolation: enabled [ 1.795296][ T0] Dynamic Preempt: full [ 1.797940][ T0] Running RCU self tests [ 1.799539][ T0] Running RCU synchronous self tests [ 1.801511][ T0] rcu: Preemptible hierarchical RCU implementation. [ 1.803345][ T0] rcu: RCU lockdep checking is enabled. [ 1.804395][ T0] rcu: RCU restricting CPUs from NR_CPUS=8 to nr_cpu_ids=2. [ 1.805750][ T0] rcu: RCU callback double-/use-after-free debug is enabled. [ 1.807069][ T0] rcu: RCU debug extended QS entry/exit. [ 1.808168][ T0] All grace periods are expedited (rcu_expedited). [ 1.809539][ T0] Trampoline variant of Tasks RCU enabled. [ 1.810697][ T0] Tracing variant of Tasks RCU enabled. [ 1.811736][ T0] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies. [ 1.813276][ T0] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2 [ 1.815025][ T0] Running RCU synchronous self tests [ 1.816192][ T0] RCU Tasks: Setting shift to 1 and lim to 1 rcu_task_cb_adjust=1 rcu_task_cpu_ids=2. [ 2.021362][ T0] NR_IRQS: 4352, nr_irqs: 440, preallocated irqs: 16 [ 2.023832][ T0] rcu: srcu_init: Setting srcu_struct sizes based on contention. [ 2.025983][ T0] kfence: initialized - using 2097152 bytes for 255 objects at 0xffff88823be00000-0xffff88823c000000 [ 2.029747][ T0] Console: colour VGA+ 80x25 [ 2.030682][ T0] printk: legacy console [ttyS0] enabled [ 2.030682][ T0] printk: legacy console [ttyS0] enabled [ 2.033305][ T0] printk: legacy bootconsole [earlyser0] disabled [ 2.033305][ T0] printk: legacy bootconsole [earlyser0] disabled [ 2.035969][ T0] Lock dependency validator: Copyright (c) 2006 Red Hat, Inc., Ingo Molnar [ 2.037897][ T0] ... MAX_LOCKDEP_SUBCLASSES: 8 [ 2.039047][ T0] ... MAX_LOCK_DEPTH: 48 [ 2.040113][ T0] ... MAX_LOCKDEP_KEYS: 8192 [ 2.041490][ T0] ... CLASSHASH_SIZE: 4096 [ 2.042892][ T0] ... MAX_LOCKDEP_ENTRIES: 1048576 [ 2.044112][ T0] ... MAX_LOCKDEP_CHAINS: 1048576 [ 2.045561][ T0] ... CHAINHASH_SIZE: 524288 [ 2.046792][ T0] memory used by lock dependency info: 106625 kB [ 2.048562][ T0] memory used for stack traces: 8320 kB [ 2.049778][ T0] per task-struct memory footprint: 1920 bytes [ 2.051351][ T0] mempolicy: Enabling automatic NUMA balancing. Configure with numa_balancing= or the kernel.numa_balancing sysctl [ 2.054078][ T0] ACPI: Core revision 20251212 [ 2.056445][ T0] APIC: Switch to symmetric I/O mode setup [ 2.058575][ T0] x2apic enabled [ 2.063192][ T0] APIC: Switched APIC routing to: physical x2apic [ 2.071459][ T0] ..TIMER: vector=0x30 apic1=0 pin1=0 apic2=-1 pin2=-1 [ 2.073693][ T0] clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0x1fb63109b96, max_idle_ns: 440795265316 ns [ 2.077145][ T0] Calibrating delay loop (skipped) preset value.. 4399.99 BogoMIPS (lpj=21999980) [ 2.080925][ T0] Last level iTLB entries: 4KB 64, 2MB 8, 4MB 8 [ 2.083001][ T0] Last level dTLB entries: 4KB 64, 2MB 32, 4MB 32, 1GB 4 [ 2.085323][ T0] mitigations: Enabled attack vectors: user_kernel, user_user, guest_host, guest_guest, SMT mitigations: auto [ 2.087152][ T0] Speculative Store Bypass: Mitigation: Speculative Store Bypass disabled via prctl [ 2.089924][ T0] Spectre V2 : Mitigation: IBRS [ 2.091425][ T0] RETBleed: Mitigation: IBRS [ 2.093042][ T0] ITS: Mitigation: Aligned branch/return thunks [ 2.097142][ T0] Spectre V2 : User space: Mitigation: STIBP via prctl [ 2.099358][ T0] MDS: Mitigation: Clear CPU buffers [ 2.101055][ T0] TAA: Mitigation: Clear CPU buffers [ 2.102780][ T0] MMIO Stale Data: Vulnerable: Clear CPU buffers attempted, no microcode [ 2.105325][ T0] Spectre V1 : Mitigation: usercopy/swapgs barriers and __user pointer sanitization [ 2.107147][ T0] Spectre V2 : Spectre v2 / SpectreRSB: Filling RSB on context switch and VMEXIT [ 2.108568][ T0] Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier [ 2.109925][ T0] active return thunk: its_return_thunk [ 2.110764][ T0] Spectre V2 : Spectre BHI mitigation: SW BHB clearing on syscall and VM exit [ 2.112139][ T0] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [ 2.113996][ T0] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [ 2.117141][ T0] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' [ 2.118782][ T0] x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: 256 [ 2.120356][ T0] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format. [ 2.509875][ T0] Freeing SMP alternatives memory: 132K [ 2.511322][ T0] pid_max: default: 32768 minimum: 301 [ 2.513495][ T0] landlock: Up and running. [ 2.514391][ T0] Yama: becoming mindful. [ 2.515735][ T0] TOMOYO Linux initialized [ 2.517746][ T0] AppArmor: AppArmor initialized [ 2.520668][ T0] LSM support for eBPF active [ 2.527327][ T0] Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes, vmalloc hugepage) [ 2.531697][ T0] Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes, vmalloc hugepage) [ 2.534144][ T0] Mount-cache hash table entries: 16384 (order: 5, 131072 bytes, vmalloc) [ 2.536245][ T0] Mountpoint-cache hash table entries: 16384 (order: 5, 131072 bytes, vmalloc) [ 2.539000][ T0] VFS: Finished mounting rootfs on nullfs [ 2.543932][ T0] Running RCU synchronous self tests [ 2.545201][ T0] Running RCU synchronous self tests [ 2.668173][ T1] smpboot: CPU0: Intel(R) Xeon(R) CPU @ 2.20GHz (family: 0x6, model: 0x4f, stepping: 0x0) [ 2.674324][ T1] Performance Events: unsupported CPU family 6 model 79 no PMU driver, software events only. [ 2.676538][ T1] signal: max sigframe size: 1776 [ 2.677132][ T1] rcu: Hierarchical SRCU implementation. [ 2.677143][ T1] rcu: Max phase no-delay instances is 1000. [ 2.679361][ T1] Timer migration: 1 hierarchy levels; 8 children per group; 0 crossnode level [ 2.746215][ T1] NMI watchdog: Perf NMI watchdog permanently disabled [ 2.748053][ T1] smp: Bringing up secondary CPUs ... [ 2.751466][ T1] smpboot: x86: Booting SMP configuration: [ 2.752543][ T1] .... node #0, CPUs: #1 [ 2.752926][ T1] MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details. [ 2.757238][ T1] TAA CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/tsx_async_abort.html for more details. [ 2.760341][ T1] MMIO Stale Data CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/processor_mmio_stale_data.html for more details. [ 2.764032][ T1] smp: Brought up 2 nodes, 2 CPUs [ 2.767143][ T1] smpboot: Total of 2 processors activated (8799.99 BogoMIPS) [ 2.770291][ T1] Memory: 6448336K/8388204K available (171802K kernel code, 42638K rwdata, 41820K rodata, 27516K init, 120288K bss, 1750116K reserved, 0K cma-reserved) [ 2.777914][ T1] devtmpfs: initialized [ 2.779765][ T1] x86/mm: Memory block size: 128MB [ 2.842658][ T1] Running RCU synchronous self tests [ 2.843627][ T1] Running RCU synchronous self tests [ 2.847391][ T1] Running RCU Tasks wait API self tests [ 2.848414][ T1] Running RCU Tasks Trace wait API self tests [ 2.867459][ T1] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 2.869971][ T1] posixtimers hash table entries: 1024 (order: 5, 73728 bytes, vmalloc) [ 2.871865][ T1] futex hash table entries: 256 (32768 bytes on 2 NUMA nodes, total 64 KiB, linear). [ 2.878992][ T1] PM: RTC time: 15:57:30, date: 2026-02-11 [ 2.897152][ T1] NET: Registered PF_NETLINK/PF_ROUTE protocol family [ 2.908957][ T1] audit: initializing netlink subsys (disabled) [ 2.910608][ T30] audit: type=2000 audit(1770825450.359:1): state=initialized audit_enabled=0 res=1 [ 2.911589][ T1] thermal_sys: Registered thermal governor 'step_wise' [ 2.911589][ T1] cpuidle: using governor menu [ 2.911589][ T1] NET: Registered PF_QIPCRTR protocol family [ 2.920250][ T1] dca service started, version 1.12.1 [ 2.921436][ T1] PCI: Using configuration type 1 for base access [ 2.927201][ T10] Callback from call_rcu_tasks_trace() invoked. [ 2.957315][ T1] HugeTLB: registered 1.00 GiB page size, pre-allocated 0 pages [ 2.960054][ T1] HugeTLB: 16380 KiB vmemmap can be freed for a 1.00 GiB page [ 2.962757][ T1] HugeTLB: registered 2.00 MiB page size, pre-allocated 0 pages [ 2.965514][ T1] HugeTLB: 28 KiB vmemmap can be freed for a 2.00 MiB page [ 3.020113][ T1] raid6: skipped pq benchmark and selected avx2x4 [ 3.022478][ T1] raid6: using avx2x2 recovery algorithm [ 3.028012][ T1] ACPI: Added _OSI(Module Device) [ 3.029844][ T1] ACPI: Added _OSI(Processor Device) [ 3.031758][ T1] ACPI: Added _OSI(Processor Aggregator Device) [ 3.263225][ T1] ACPI: 2 ACPI AML tables successfully acquired and loaded [ 3.308745][ T1] ACPI: \_SB_: platform _OSC: OS support mask [000e7eee] [ 3.344913][ T1] ACPI: Interpreter enabled [ 3.347367][ T1] ACPI: PM: (supports S0 S3 S4 S5) [ 3.349205][ T1] ACPI: Using IOAPIC for interrupt routing [ 3.351886][ T1] PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug [ 3.355618][ T1] PCI: Ignoring E820 reservations for host bridge windows [ 3.364534][ T1] ACPI: Enabled 16 GPEs in block 00 to 0F [ 3.700527][ T1] ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff]) [ 3.703419][ T1] acpi PNP0A03:00: _OSC: OS supports [ASPM ClockPM Segments MSI HPX-Type3] [ 3.706530][ T1] acpi PNP0A03:00: _OSC: not requesting OS control; OS requires [ExtendedConfig ASPM ClockPM MSI] [ 3.707583][ T1] acpi PNP0A03:00: _OSC: platform retains control of PCIe features (AE_ERROR) [ 3.711591][ T1] acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended configuration space under this bridge [ 3.746985][ T1] PCI host bridge to bus 0000:00 [ 3.747150][ T1] pci_bus 0000:00: Unknown NUMA node; performance will be reduced [ 3.750507][ T1] pci_bus 0000:00: root bus resource [io 0x0000-0x0cf7 window] [ 3.753510][ T1] pci_bus 0000:00: root bus resource [io 0x0d00-0xffff window] [ 3.757169][ T1] pci_bus 0000:00: root bus resource [mem 0x000a0000-0x000bffff window] [ 3.760199][ T1] pci_bus 0000:00: root bus resource [mem 0xc0000000-0xfebfefff window] [ 3.763283][ T1] pci_bus 0000:00: root bus resource [bus 00-ff] [ 3.766116][ T1] pci 0000:00:00.0: [8086:1237] type 00 class 0x060000 conventional PCI endpoint [ 3.778408][ T1] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 3.796138][ T1] pci 0000:00:01.3: [8086:7113] type 00 class 0x068000 conventional PCI endpoint [ 3.802729][ T1] pci 0000:00:01.3: quirk: [io 0xb000-0xb03f] claimed by PIIX4 ACPI [ 3.814812][ T1] pci 0000:00:03.0: [1af4:1004] type 00 class 0x000000 conventional PCI endpoint [ 3.828699][ T1] pci 0000:00:03.0: BAR 0 [io 0xc000-0xc03f] [ 3.830755][ T1] pci 0000:00:03.0: BAR 1 [mem 0xfe800000-0xfe80007f] [ 3.841054][ T1] pci 0000:00:04.0: [1af4:1000] type 00 class 0x020000 conventional PCI endpoint [ 3.853066][ T1] pci 0000:00:04.0: BAR 0 [io 0xc040-0xc07f] [ 3.855139][ T1] pci 0000:00:04.0: BAR 1 [mem 0xfe801000-0xfe80107f] [ 3.865211][ T1] pci 0000:00:05.0: [1ae0:a002] type 00 class 0x030000 conventional PCI endpoint [ 3.877635][ T1] pci 0000:00:05.0: BAR 0 [mem 0xfe000000-0xfe7fffff] [ 3.880888][ T1] pci 0000:00:05.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff] [ 3.892569][ T1] pci 0000:00:06.0: [1af4:1002] type 00 class 0x00ff00 conventional PCI endpoint [ 3.903368][ T1] pci 0000:00:06.0: BAR 0 [io 0xc080-0xc09f] [ 3.913598][ T1] pci 0000:00:07.0: [1af4:1005] type 00 class 0x00ff00 conventional PCI endpoint [ 3.925302][ T1] pci 0000:00:07.0: BAR 0 [io 0xc0a0-0xc0bf] [ 3.927174][ T1] pci 0000:00:07.0: BAR 1 [mem 0xfe802000-0xfe80203f] [ 3.993726][ T1] ACPI: PCI: Interrupt link LNKA configured for IRQ 10 [ 4.004826][ T1] ACPI: PCI: Interrupt link LNKB configured for IRQ 10 [ 4.018546][ T1] ACPI: PCI: Interrupt link LNKC configured for IRQ 11 [ 4.030935][ T1] ACPI: PCI: Interrupt link LNKD configured for IRQ 11 [ 4.038110][ T1] ACPI: PCI: Interrupt link LNKS configured for IRQ 9 [ 4.069973][ T1] iommu: Default domain type: Translated [ 4.077156][ T1] iommu: DMA domain TLB invalidation policy: lazy mode [ 4.088906][ T1] SCSI subsystem initialized [ 4.093713][ T1] ACPI: bus type USB registered [ 4.096591][ T1] usbcore: registered new interface driver usbfs [ 4.098483][ T1] usbcore: registered new interface driver hub [ 4.100899][ T1] usbcore: registered new device driver usb [ 4.107488][ T1] mc: Linux media interface: v0.10 [ 4.109637][ T1] videodev: Linux video capture interface: v2.00 [ 4.113060][ T1] pps_core: LinuxPPS API ver. 1 registered [ 4.114965][ T1] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti [ 4.117321][ T1] PTP clock support registered [ 4.120327][ T1] EDAC MC: Ver: 3.0.0 [ 4.138321][ T1] Advanced Linux Sound Architecture Driver Initialized. [ 4.151620][ T1] Bluetooth: Core ver 2.22 [ 4.153394][ T1] NET: Registered PF_BLUETOOTH protocol family [ 4.155422][ T1] Bluetooth: HCI device and connection manager initialized [ 4.157217][ T1] Bluetooth: HCI socket layer initialized [ 4.159173][ T1] Bluetooth: L2CAP socket layer initialized [ 4.161186][ T1] Bluetooth: SCO socket layer initialized [ 4.163091][ T1] NET: Registered PF_ATMPVC protocol family [ 4.165310][ T1] NET: Registered PF_ATMSVC protocol family [ 4.167581][ T1] NetLabel: Initializing [ 4.168995][ T1] NetLabel: domain hash size = 128 [ 4.170695][ T1] NetLabel: protocols = UNLABELED CIPSOv4 CALIPSO [ 4.173864][ T1] NetLabel: unlabeled traffic allowed by default [ 4.178010][ T1] nfc: nfc_init: NFC Core ver 0.1 [ 4.178010][ T1] NET: Registered PF_NFC protocol family [ 4.178010][ T1] mctp: management component transport protocol core [ 4.178010][ T1] NET: Registered PF_MCTP protocol family [ 4.179424][ T1] PCI: Using ACPI for IRQ routing [ 4.181335][ T1] e820: register RAM buffer resource [mem 0x0009fc00-0x0009ffff] [ 4.183957][ T1] e820: register RAM buffer resource [mem 0xbfffd000-0xbfffffff] [ 4.188408][ T1] pci 0000:00:05.0: vgaarb: setting as boot VGA device [ 4.190695][ T1] pci 0000:00:05.0: vgaarb: bridge control possible [ 4.192891][ T1] pci 0000:00:05.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none [ 4.195853][ T1] vgaarb: loaded [ 4.217341][ T1] clocksource: Switched to clocksource kvm-clock [ 4.235779][ T1] VFS: Disk quotas dquot_6.6.0 [ 4.237813][ T1] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes) [ 4.257947][ T1] netfs: FS-Cache loaded [ 4.261371][ T1] CacheFiles: Loaded [ 4.263769][ T1] TOMOYO: 2.6.0 [ 4.264969][ T1] Mandatory Access Control activated. [ 4.273251][ T1] AppArmor: AppArmor Filesystem Enabled [ 4.276019][ T1] pnp: PnP ACPI init [ 4.319635][ T1] pnp: PnP ACPI: found 7 devices [ 4.421221][ T1] clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns [ 4.426430][ T1] NET: Registered PF_INET protocol family [ 4.430346][ T1] IP idents hash table entries: 131072 (order: 8, 1048576 bytes, vmalloc) [ 4.449265][ T1] tcp_listen_portaddr_hash hash table entries: 4096 (order: 7, 294912 bytes, vmalloc) [ 4.453560][ T1] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, vmalloc) [ 4.457216][ T1] TCP established hash table entries: 65536 (order: 7, 524288 bytes, vmalloc) [ 4.472825][ T1] TCP bind hash table entries: 65536 (order: 12, 9437184 bytes, vmalloc hugepage) [ 4.485876][ T1] TCP: Hash tables configured (established 65536 bind 65536) [ 4.490837][ T1] MPTCP token hash table entries: 8192 (order: 8, 720896 bytes, vmalloc) [ 4.495851][ T1] UDP hash table entries: 4096 (order: 8, 1048576 bytes, vmalloc) [ 4.500912][ T1] UDP-Lite hash table entries: 4096 (order: 8, 1048576 bytes, vmalloc) [ 4.506469][ T1] NET: Registered PF_UNIX/PF_LOCAL protocol family [ 4.514825][ T1] RPC: Registered named UNIX socket transport module. [ 4.517022][ T1] RPC: Registered udp transport module. [ 4.518701][ T1] RPC: Registered tcp transport module. [ 4.520532][ T1] RPC: Registered tcp-with-tls transport module. [ 4.522852][ T1] RPC: Registered tcp NFSv4.1 backchannel transport module. [ 4.531994][ T1] NET: Registered PF_XDP protocol family [ 4.533922][ T1] pci_bus 0000:00: resource 4 [io 0x0000-0x0cf7 window] [ 4.536091][ T1] pci_bus 0000:00: resource 5 [io 0x0d00-0xffff window] [ 4.538300][ T1] pci_bus 0000:00: resource 6 [mem 0x000a0000-0x000bffff window] [ 4.541037][ T1] pci_bus 0000:00: resource 7 [mem 0xc0000000-0xfebfefff window] [ 4.545593][ T1] pci 0000:00:00.0: Limiting direct PCI/PCI transfers [ 4.548164][ T1] PCI: CLS 0 bytes, default 64 [ 4.560114][ T1] PCI-DMA: Using software bounce buffering for IO (SWIOTLB) [ 4.562579][ T1] software IO TLB: mapped [mem 0x00000000b4400000-0x00000000b8400000] (64MB) [ 4.565576][ T1] ACPI: bus type thunderbolt registered [ 4.569811][ T60] kworker/u8:4 (60) used greatest stack depth: 27896 bytes left [ 4.579948][ T1] RAPL PMU: API unit is 2^-32 Joules, 0 fixed counters, 10737418240 ms ovfl timer