last executing test programs: 18m1.712939363s ago: executing program 3 (id=888): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/input/event0\x00', 0x3496c2, 0x0) r0 = socket(0x2, 0x1, 0x106) setsockopt$auto(r0, 0x1, 0xd, &(0x7f0000000000)='\'-+\x00\x10\xa4#\x92`\xdb\xafL\x0f\xfbUV\xa6KH]Cv\xbf\xf2a\v', 0x9) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_USBDEVFS_CONTROL32(0xffffffffffffffff, 0xc0105500, &(0x7f0000000100)={0x0, 0x4e, 0xff03, 0x9, 0x4, 0x1, 0x7ff}) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0xc2841, 0x0) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0x9000aea4, &(0x7f0000000040)={0x7}) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f00000000c0), r3) 18m1.269097814s ago: executing program 3 (id=891): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) socket(0x3, 0xa, 0x2) r1 = open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) close_range$auto(0xffffffffffffffff, r0, 0x7) mmap$auto(0x8, 0x3a02, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000180)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x9, 0x0, 0x4000000000007, 0xa505}, 0x800}, 0x4, 0x4008) r2 = socket(0xf, 0xa, 0xf) setsockopt$auto(r2, 0x1, 0xc, 0x0, 0x7fffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x1, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x22240, 0x154) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, &(0x7f0000000200)=""/53, 0x35) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\xfe\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') execveat$auto(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) rename$auto(&(0x7f0000000000)='./file0\x00', &(0x7f00000002c0)='./file1\x00') inotify_init1$auto(0x0) socket(0x22, 0x2, 0xfe) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/module/zswap/parameters/compressor\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r4, &(0x7f0000000340)="5fa5", 0x2) 17m59.460228122s ago: executing program 3 (id=898): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) unshare$auto(0x5) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) (async) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) r3 = openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/tracing/trace_marker\x00', 0x8000, 0x0) flistxattr$auto(r3, &(0x7f00000001c0)='(\xde+\'}{+*\x00', 0x7f0) read$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000d40)=""/16, 0x10) (async) read$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) (async) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) (async) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) (async) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/250:0/read_ahead_kb\x00', 0x5e30523b26a2a748, 0x0) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty19\x00', 0x800, 0x0) ioctl$auto(r5, 0x4b62, r4) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) capset$auto(0x0, 0x0) capget$auto(0x0, &(0x7f0000000040)={0x0, 0x2000001, 0x3}) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xc00caee0, r4) close_range$auto(0x2, 0x8, 0x0) 17m58.239630423s ago: executing program 3 (id=902): r0 = fanotify_init$auto(0x2208, 0x2) mmap$auto(0x0, 0x20009, 0xe2, 0x13, 0x405, 0x8000) r1 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mixer\x00', 0x902, 0x0) ioctl$auto(0x3, 0x80004508, 0x10000000000402) r2 = socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x20007, 0x4000000000df, 0x11, 0x401, 0x8000) socket(0x2, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a) r3 = socket(0x2c, 0x80003, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x14, 0x941, 0x9, 0x3, 0x9, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x81, 0x5, 0x3, 0x4, 0x7, 0x20, 0x309, 0x8, 0xfffffffc, 0x7fffffff, 0x3, 0x0, 0x0, 0x1, 0x1, 0x0, [0xb6, 0x0, 0x0, 0x4, 0x100000009, 0xa, 0x100000, 0x4, 0xffffffffffffffff, 0x1, 0x0, 0x4000000000000, 0x2000000000000000, 0xfffffffffffffffe, 0x2, 0x0, 0x0, 0x0, 0x4, 0x0, 0x7ffc, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x2, 0x4, 0x10, 0xfffffffffffffffe, 0xffffffffffffd059, 0x0, 0x0, 0x0, 0x2961, 0x45e0, 0x8]}, 0x1fb, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000900)=ANY=[@ANYRESOCT=r3, @ANYRESOCT=r2, @ANYBLOB, @ANYBLOB="dd5582bb33c176e90cd9786bf507ddbc0b9caa28daa3d4c5d98f7a5f1853ee6ad2d2b0b127471b6e0852a9495b040267b40aee12600241b5f6031c9f9b6d0d3f534c81a48f55513bff87f3e1c2a1d44de45fee795264ac52d3e81f78f92d423ed78db52431a58577fbd88d1e2bdc4ff43f9c4f0d83caa629d01e36eccca28b7bf0db73938703793a1f9b54157b456834c073f4dc0377e81d6726d5dda4e6b884dfd627252515bc54bee6eebc3f51e7e9eaa5755deae62101a6937fdc5483a997895616cacd39b4c6da1b7e64951ab65c6da56cd56a91b5898d043ae29453f80bca94c3817fbb7a83a881c1c5388ce88f1524986031989e00000000", @ANYBLOB="38107ff0ee9499cbc659bd15dca26cbbbd31c73e47a290c3201bf1276e507e74f4d49ad4e1f7d0b99d9d5ec702dced2724be66a611683c4bed522fa4a51251c751bea14542c9364948ff9f51ce1047303a77f312685f9d979bbef4591f03558d50820459ff91d1dbc3da70cadd02dff1383a4e172bf3bb0b54", @ANYRES32=r1, @ANYRES8=r2, @ANYRES32=r2, @ANYRES32=r3, @ANYRESHEX=r0], 0x3c}}, 0xc000) mmap$auto(0x0, 0x20009, 0x3, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/slabinfo\x00', 0x80000, 0x0) r4 = epoll_create$auto(0x4e) epoll_ctl$auto(r4, 0x1, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_ovs_vport(0xfffffffffffffffe, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) close_range$auto(0x2, 0x8, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000040), 0x8006, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/per_cpu/cpu0/buffer_size_kb\x00', 0x10bb41, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/net/bond0/queues/tx-3/xps_cpus\x00', 0x181482, 0x0) read$auto(r5, 0x0, 0x80000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002ec0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000002f80)={&(0x7f0000000740)=ANY=[@ANYBLOB="2c000000c89dde512899097c8a4b88e96b678541a33894f334732441e30bf725b737965a33c5cfa2c38b2eb0526c0f3a5caf48ec0cebdd056564a2e953c1ae87d9069259f7226bcbe90f041506a9cde0541efd20c61baf6a1369c4417e34143da5cf772472e67ea29a1703c774bd0e29b47526f2fd52b1635def4022ce0456a82aa9c25a55c5c6845f85a3f96dff1b3cb54e12b09556f4b7a2618e5bbfe9712e56918781785ff08ceada51f11a4ae6a5c5abd776b7371ac0449ce64a427efe73be6d6ea6a27eb03422506811c1219207e647195dbf74e1cc71430ff3fb5ba4274ff979ac08cb53cff91fa8163dbe3fe95c5ae45ec08fcb0bcd094b5b5c07c777e2279ede395212a7dffdb9d3f027721a0653c8f7eaabd8a45026ac0c8b5154272e4a6049b48793615a094a06b138384b369a4ab1a56ed7a30c31f96e10a1a76c289f04ae7584dd25b30a093ac2c77498e6cb9835f3adda95681b5b2fdeda1914ad01f336ec5f07284e9443068ebd79d1781aa17d7c5ef6e3beff1558e93d", @ANYRES16=r7, @ANYRES16], 0x2c}, 0x1, 0x0, 0x0, 0x11}, 0x24000802) write$auto(0x3, 0x0, 0xfdef) r8 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r8, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdeb}, 0x2, 0x0, 0x7, 0xa505}, 0x10001}, 0x7, 0x4018) 17m57.963998823s ago: executing program 3 (id=904): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x1d, 0x2, 0x2) connect$auto(0x3, 0x0, 0x55) socket(0x10, 0x3, 0x6) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xc008ae88, 0x88) r2 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x408000, 0x2, 0x16}, 0x18) openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f00000000c0), 0x181080, 0x0) fanotify_mark$auto(r0, 0x6, 0x8, r2, &(0x7f0000000080)='./file0\x00') socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) write$auto(0x3, 0x0, 0x5c8) socket(0xa, 0x3, 0x3a) r3 = socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) r4 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000140), r3) sendmsg$auto_IPVS_CMD_NEW_SERVICE(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x34, r4, 0x100, 0x70bd29, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x2}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x40800}, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x848000000015, 0x805, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @loopback}, 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x1c, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) 17m57.605682266s ago: executing program 3 (id=907): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec27\x00', 0x80200, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cpu/0/cpuid\x00', 0xad80, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x2000000000}, 0x2) (async) r2 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000040), 0x400100, 0x0) r3 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC0D0c\x00', 0x105000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_PAUSE2(r3, 0x40044145, &(0x7f00000000c0)=0x6) (async) read$auto_mISDN_fops_timerdev(r2, &(0x7f0000001a00)=""/4097, 0x1001) (async) ioctl$auto_IMADDTIMER(r2, 0x80044940, 0x0) 17m42.499211926s ago: executing program 32 (id=907): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cec27\x00', 0x80200, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cpu/0/cpuid\x00', 0xad80, 0x0) readv$auto(r1, &(0x7f0000000680)={0x0, 0x2000000000}, 0x2) (async) r2 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000040), 0x400100, 0x0) r3 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC0D0c\x00', 0x105000, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_PAUSE2(r3, 0x40044145, &(0x7f00000000c0)=0x6) (async) read$auto_mISDN_fops_timerdev(r2, &(0x7f0000001a00)=""/4097, 0x1001) (async) ioctl$auto_IMADDTIMER(r2, 0x80044940, 0x0) 7.89233391s ago: executing program 4 (id=4939): mmap$auto(0x0, 0x8000009, 0x800007, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ptrace$auto(0x4206, 0x1, 0x100000000, 0xe855) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_fd=0x2, 0x80}, 0x96) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x4040481) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0xc8600, 0x0) open(&(0x7f0000000100)='.\x00', 0xa0000, 0x408) ioctl$auto(0x3, 0x4020565a, 0x38) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) readv$auto(r0, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x4000800) 5.96063652s ago: executing program 2 (id=4947): mmap$auto(0x200000000, 0x5, 0x8, 0x40009b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x89, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) openat$auto_stats_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000640), 0x88180, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000003ce50b007f8713f6863e7894e139473a8c3ada96c26f8b172235b67a57f10847e5b91f74b65eac7300b7d6709e4f23e58c747c07088474562fcf9a60b19a0169dc4d9c98c6e84c15e6afa9a19f1d59b86cc371321a38f687b8f986d8f666bd0f4055fbb46e88e21e522b2451ce43a573652594928fb191d2950b7bf3e766357765d1fb13f2c0fb76c248321fc0eea049dd5198", @ANYRES16, @ANYBLOB="010025bd7000f7dbdf250100003f"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) userfaultfd$auto(0x7ff) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) sendmsg$auto_NET_DM_CMD_CONFIG_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042cbd7000ffdbdf25060000010400010002000000050001000400000017000000e5bacd00ad45d823ecd72e25cd0eeb642ade7700040015000400140008000b000800000008000b000200000000000000fbed4938a635ec31f206ebca5e2880a5853310d747161628e0f5f83f30b63d7ff2b13459a42dd04ef1ad"], 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x8800) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)) munmap$auto(0x8000, 0xffffffff) 5.444864972s ago: executing program 0 (id=4948): socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/007/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB32(r0, 0x802c550a, &(0x7f0000000300)=ANY=[@ANYBLOB="020000060000e6ff040000000100400008"]) ioctl$auto(r0, 0x4004550c, 0xffffffffffffffff) r1 = socket(0x15, 0x5, 0x0) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmsg$auto(r1, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) r2 = socket(0x15, 0x5, 0x0) getsockopt$auto(r2, 0x114, 0x2715, 0xfffffffffffffffc, 0x0) statmount$auto(&(0x7f00000000c0)={0x4, @raw, 0x9, 0x5}, &(0x7f0000000440)={0x27, 0x6, 0x2, 0x48e9, 0x25, 0x3e72, 0x0, 0x10, 0x0, 0x500000000, 0x3, 0xc3c, 0x1ff, 0x2, 0x9, 0xfffffffffffffffd, 0x8, 0x1, 0x1, 0x8, 0x88, 0x54, 0x40, 0x7, 0x6, 0x3, 0x400, 0x9, 0x4, 0x9, 0xfffffffe, [0xfe7d, 0x3, 0x1, 0x8000, 0x400, 0x5, 0x5, 0x0, 0xd61, 0x0, 0x5, 0x0, 0x2, 0x8, 0xfffffffffffffff4, 0x9, 0x80000000, 0x101, 0x8001, 0x40, 0x6, 0xffffffffffffffe2, 0x2, 0x9a, 0x5, 0x7fff, 0x0, 0x3, 0x0, 0x8, 0x31eb6095, 0x6, 0x3, 0x8001, 0x9, 0xff, 0x800, 0x8, 0xffffffffffffff04, 0x7, 0xfffffffffffff13f, 0x1, 0x3], "f6e10492dabfea3505565c2fd70b36e3e93fffbcdeec46f0772ba7acd69cea2c1729dd377a2f0f014c35695f8da68e1290f5c57fcf1c31b568b10c6b33cb70991d21f3b11226213f57590b1ae29e1bf0dac8d61fc6ff93fe381dddbdad0606cae8018e4a776e0519b0d1edd2fa20e8f4e616473a241ba75c338e62fd47fbc1a1f5c73b7f9e2e4cc19ba26381dd249986267699e3"}, 0xf, 0x8) prctl$auto_PR_GET_TSC(0x19, 0xa, 0xd, 0x4, 0x9) write$auto(0x3, 0x0, 0xfffffdef) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) socket(0x1e, 0x1, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pidfd_open$auto(0x1, 0x80) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/trace_pipe\x00', 0x20c01, 0x0) arch_prctl$auto(0x5005, 0x200000000000006) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xa, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x4, 0x80000001, 0x7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) 5.191444318s ago: executing program 2 (id=4949): waitid$auto(0x8, 0xffffffffffffffff, &(0x7f0000000100)={@siginfo_0_0={0x5, 0x98, 0x10, @_timer={0x0, 0x2, @sival_int=0x7, 0x2}}}, 0x3, &(0x7f0000000180)={{0xfffffffffffffff9, 0x80}, {0x2, 0x6}, 0x4, 0x8, 0x1, 0x3, 0x0, 0x8000, 0x800000080000000, 0x7, 0xb7, 0x5d9, 0x5, 0x7ff, 0xf}) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x40, 0x0) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x1, 0xfd5, 0x12, 0xffffffffffffffff, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, 0x0) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x1, 0x7, 0x6, "551e7285968d8e86bd4794a0e875ee9f7b35db28d0a7e72b7a19039c336389cb57a05ba0582cc612c6c0be4beb4cc54d8337d40c93638ba34c4a0435c32a206e808194584d8c359d418662d18943a5e3c6234e712a096205457b56f0a1e5d4d19835696295a54f38117d9d751e23b5fb61daa5a6b2c75148106dc167a20061e3fe55cc53ffadf62b0945da4b27515a0102a8d2d002a842362b4744b8972a5e11e8a6aab89c7b85947f3901d696d459641aa7e6b89b73387ec5fa2d2af6c992213d82c5774c4bcd4187585bcf652af094e988e75002e01f607abf5e25ae0f5548fd13175b681fc059c1f9160aef893bae78cf6cf62c30fa3f0c5c60cbe383a9c0cc1289519b0c7cff81cc3b4fec739fad19c662b0f98d607b61d825d10e2dd3b27b0f7a6b1adc5a452f344c39da5f086ea7c5d99674ca69c4f5635776e67c151bad72f906cd65231da3a55d6056e23b00686723714fabd752f3e2c86dafdee9d379230c0abeabfde9cf88cae099f3ccc76ea7e64a3734ced5ffe749a8012db53ad4d6a5e347bdd83bb409c1bdb762f4aba145df74833d73ccd583797d4fb4ed3e0c7c29d502aacaef02e114d9e60ca6b0bcb28f825f5d49e94ccd2f830933c39a3ba3782505453e3de872ad8da84a6a22aaa62970428bb9a95d1817dbeeded1c53c5d508dea6cc53d80153b05f954c263278bb9c8bc02f3b1805dd9299dc8b97ebff0165d615ba7bf5ce8c490f4dd273642a18267b0a61a594cb1d608f3dffb292991ea32bb647a6f9b951f283e118dc73b45843b5aa883410e402e3bec9ba889ec237462042cedaed761cca0c3b7058d3ffc276c9a75e18b79804f4e21650d911edbedb9fedd31959a8783b1e39d7d6408554bddb2a5d67703d225fe4422bf2367ca483e77fe479495be3235f4c77b3872a9e33946d2602486b83e84e7d8d1742d369e2d00b9dbb552385502c0f597b3615bed54de65af106b58d2b6bebbdd3fe625152527af965b67e9424da7be2e2574e1492aed568d4faaa9da508e0a2e687876fa291e38b7c3ef38643e2c49e0d46d0f2d53352da2f184c4ced2305865ab0ad1435644419773ea82336ffdf62dd325a6a8b2d199d96dba8a13bb5a86ff65b80818ceb37ee8a2b2a8813b33e474e5b110e1ed13dbc4f52efabbce38935a8ada53a0ed5a1a01453a254a1dc528492159591aa192ff6cfa0b372caf236c78d1a0c94dc37916746358b4cf3cc1c0132657818ce6465e58936dbf5991dfb74ff97382c066ba0ceb06ac4f0c005e4c9166e94161bc08e1c23df7ed3419b10ae229aa6bafb19e6af003c9e319956723d839dc50a7edd8d80bce971ba504e0aac811d76e65acffdc4f7e9836396ba98b824be6cc704c59f5849642b191437a5cf902fc1ac491e8c59241586c6791b282b5cfae57eb7e6792048c4769b5b3f21987ec5097e530fd001da5d2999db4ded708225e9a53a2b48d2be3401a063da3c19168769eccaef710d7c2e06818bb05c4a9aa0ce2785a5a6d2846bac9836f1905a9b042029dcc59d918450b6affb522fbf78116941c5cef4ecb82a2134ee8e67ea6091170b67bfc3abec9e2cfc8208d4ba3bb732230fe6a9470c1152ebdc31bbce93cb742b4484bc1cef4298ce897a36c7e8b3ef8bd1b0e3d4dfa46da8bf89b06d67d8a5da465e8f68f999ec38ef8d1b7972125d2d8492680f6698419313afb74b5f715c90aa5ca0a6ea5561acd89a25d0fd066234b1752d6535251be347d8e69afea162f0ae84aa08a1a5475e6860af5956babe0530b6349e918fa97f14e6a83f7e2054c85ec37424757c49c6b76a889cde8473eebc495ac1088fda54f5c70bb17ef4873bf7b524ae892cd8267adfcd1e7054ac0c8b904855f816cbab8a6c5332d2221060b97931130187e1f07b0b9fad917c06f56d3f9fbca9d0ad93c300d88a6025359eb609e86c2b604d6834cde1351ccb0ba238715d6a77953f58b23a78db05bc38cf1e47d5336226a966af0a88fa19b4d992fc82310b7fceee45a202bfdf759dedee618361082881f91f85020e5282fd6a4ff376455f09bd1ca73b16549"}, 0x6, 0x3, 0xff) rseq$auto(&(0x7f0000000b80)={0x2, 0x7, 0x9, 0x9, 0x10001, 0x2}, 0x2, 0x871, 0x2e0e) r2 = socket(0xa, 0x1, 0x84) r3 = getsockopt$auto(r2, 0x84, 0x3, 0x0, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r4, 0x0, 0xfffffdf1) linkat$auto(r4, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) timer_create$auto_CLOCK_BOOTTIME(0x7, &(0x7f00000003c0)={@sival_ptr=&(0x7f0000000240)="4fa110d7712f55a82b2fffe2326caef0392be26695a49217aaecee2c7d6140125ba08680c87ffd5c60c3928cbd412feb89ba0d4a", @inferred, 0x4, @_sigev_thread={&(0x7f0000000300)=&(0x7f00000002c0)=0xe, &(0x7f0000000340)="840321bda1bc8aa3d538e4ff8cca4f5e0d682d9ad20602cd9a111fb9251fd72b3933189a422bf40136ac6c1907b69411dee306973d12b4995840f7943c60da00f8f846f973c99fc248dd238f381806ea1a9b0a0e"}}, &(0x7f0000000400)=0xfffffc01) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x154) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x8) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8600, 0x0) read$auto_fragmentation_threshold_ops_(r3, &(0x7f0000000440)=""/75, 0x4b) 5.001016322s ago: executing program 4 (id=4950): mmap$auto(0x0, 0x8000009, 0x800007, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ptrace$auto(0x4206, 0x1, 0x100000000, 0xe855) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_fd=0x2, 0x80}, 0x96) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x4040481) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0xc8600, 0x0) open(&(0x7f0000000100)='.\x00', 0xa0000, 0x408) ioctl$auto(0x3, 0x4020565a, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) readv$auto(r0, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x4000800) 4.215966538s ago: executing program 1 (id=4952): openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f0000000140)="3318cb") r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x20, r1, 0x936355e497c8b7e3, 0x70bd2b, 0x25dfdbfc, {}, [@ETHTOOL_A_TSINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24004084}, 0x48000) 4.033017496s ago: executing program 0 (id=4953): mmap$auto(0x0, 0x8000009, 0x800007, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ptrace$auto(0x4206, 0x1, 0x100000000, 0xe855) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_fd=0x2, 0x80}, 0x96) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x4040481) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0xc8600, 0x0) open(&(0x7f0000000100)='.\x00', 0xa0000, 0x408) ioctl$auto(0x3, 0x4020565a, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) r0 = openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000040)='/dev/cpu/0/msr\x00', 0x181f82, 0x0) readv$auto(r0, &(0x7f00000000c0)={0x0, 0x101d0}, 0x400) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, 0x0, 0x4000800) 3.878152847s ago: executing program 1 (id=4954): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth0/accept_ra_pinfo\x00', 0x2000, 0x0) read$auto(r1, 0x0, 0x1ff) process_madvise$auto_MADV_DONTNEED_LOCKED(r0, &(0x7f0000000000)={&(0x7f00000000c0)="e4688101d7426b1eae9f4fe95f0784cd81f0e2593ad1f23295f06d102fc2133c7eb258dd7b04b1b04941960328b8c277c9f59ec3d1a2a9c8122df93fd5f8dbb7e0834671bb933e48093f5ecbfa7f236d15d75bc5086e4418e5e36c891c00484ce518fc00aabb0c7791efb97fd4a765c9a883f7aa2930a55f4144792420cd8b91b3b62c92fc69362ca9fc18ea66ea2fe9335b8547970c137cfb9d7a06bdca837913894e33d65c88a64062b8d708c64409d85e7c5b4f879b8dd62e3c78a5516e28a705e4281eeba000b2fcb3c8ce247564ae8036b4f2e0534d466099908c1d280c3a67", 0x8}, 0xa, 0x18, 0xc) socket$nl_generic(0x10, 0x3, 0x10) setreuid$auto(0x0, 0x0) msgctl$auto(0x4bd0, 0x5, 0x0) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r2, r2, 0x0) sendmsg$auto_NL802154_CMD_SET_MAX_FRAME_RETRIES(r0, &(0x7f00000004c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000240)=ANY=[@ANYBLOB="0f000000", @ANYRES16=0x0, @ANYBLOB="000128bd7000fbdbdf250f00000008002700080000000500290000000000050011000700000005000f000600000008000c0003000000"], 0x3c}, 0x1, 0x0, 0x0, 0x4005}, 0x2d81dfc4bcafbd77) prctl$auto(0x3e, 0x4000000000001, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) nanosleep$auto(0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x18, 0x2, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x0, 0x0, 0x1c) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x84d, 0x0) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_iommufd_fops_main(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8000, 0x0) ioctl$auto_PPPIOCSNPMODE(r0, 0x4008744b, &(0x7f00000001c0)={0x7, 0x2}) 3.450275571s ago: executing program 2 (id=4955): madvise$auto(0x0, 0x7fffffffffffffff, 0xd) clone$auto(0x21002, 0xfffffffffffffffb, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xff) 3.00023781s ago: executing program 2 (id=4956): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x80000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) remap_file_pages$auto(0x40, 0x2000fff, 0x0, 0xdc, 0x100000) 2.826219099s ago: executing program 4 (id=4957): mmap$auto(0x200000000, 0x5, 0x8, 0x40009b72, 0x2, 0x8000) io_uring_setup$auto(0x89, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) openat$auto_stats_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000640), 0x88180, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/tracing/per_cpu/cpu1/trace\x00', 0x100, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) vmsplice$auto(0x2, &(0x7f00000000c0)={0x0, 0x7ff}, 0x8000000000000001, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000003ce50b007f8713f6863e7894e139473a8c3ada96c26f8b172235b67a57f10847e5b91f74b65eac7300b7d6709e4f23e58c747c07088474562fcf9a60b19a0169dc4d9c98c6e84c15e6afa9a19f1d59b86cc371321a38f687b8f986d8f666bd0f4055fbb46e88e21e522b2451ce43a573652594928fb191d2950b7bf3e766357765d1fb13f2c0fb76c248321fc0eea049dd5198", @ANYRES16, @ANYBLOB="010025bd7000f7dbdf250100003f"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) r0 = socket(0x10, 0x2, 0x0) userfaultfd$auto(0x7ff) bind$auto(r0, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) sendmsg$auto_NET_DM_CMD_CONFIG_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00042cbd7000ffdbdf25060000010400010002000000050001000400000017000000e5bacd00ad45d823ecd72e25cd0eeb642ade7700040015000400140008000b000800000008000b000200000000000000fbed4938a635ec31f206ebca5e2880a5853310d747161628e0f5f83f30b63d7ff2b13459a42dd04ef1ad"], 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x8800) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) munmap$auto(0x8000, 0xffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) 2.233880704s ago: executing program 4 (id=4958): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x1, 0xfd5, 0x12, 0xffffffffffffffff, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, 0x0) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x1, 0x7, 0x6, "551e7285968d8e86bd4794a0e875ee9f7b35db28d0a7e72b7a19039c336389cb57a05ba0582cc612c6c0be4beb4cc54d8337d40c93638ba34c4a0435c32a206e808194584d8c359d418662d18943a5e3c6234e712a096205457b56f0a1e5d4d19835696295a54f38117d9d751e23b5fb61daa5a6b2c75148106dc167a20061e3fe55cc53ffadf62b0945da4b27515a0102a8d2d002a842362b4744b8972a5e11e8a6aab89c7b85947f3901d696d459641aa7e6b89b73387ec5fa2d2af6c992213d82c5774c4bcd4187585bcf652af094e988e75002e01f607abf5e25ae0f5548fd13175b681fc059c1f9160aef893bae78cf6cf62c30fa3f0c5c60cbe383a9c0cc1289519b0c7cff81cc3b4fec739fad19c662b0f98d607b61d825d10e2dd3b27b0f7a6b1adc5a452f344c39da5f086ea7c5d99674ca69c4f5635776e67c151bad72f906cd65231da3a55d6056e23b00686723714fabd752f3e2c86dafdee9d379230c0abeabfde9cf88cae099f3ccc76ea7e64a3734ced5ffe749a8012db53ad4d6a5e347bdd83bb409c1bdb762f4aba145df74833d73ccd583797d4fb4ed3e0c7c29d502aacaef02e114d9e60ca6b0bcb28f825f5d49e94ccd2f830933c39a3ba3782505453e3de872ad8da84a6a22aaa62970428bb9a95d1817dbeeded1c53c5d508dea6cc53d80153b05f954c263278bb9c8bc02f3b1805dd9299dc8b97ebff0165d615ba7bf5ce8c490f4dd273642a18267b0a61a594cb1d608f3dffb292991ea32bb647a6f9b951f283e118dc73b45843b5aa883410e402e3bec9ba889ec237462042cedaed761cca0c3b7058d3ffc276c9a75e18b79804f4e21650d911edbedb9fedd31959a8783b1e39d7d6408554bddb2a5d67703d225fe4422bf2367ca483e77fe479495be3235f4c77b3872a9e33946d2602486b83e84e7d8d1742d369e2d00b9dbb552385502c0f597b3615bed54de65af106b58d2b6bebbdd3fe625152527af965b67e9424da7be2e2574e1492aed568d4faaa9da508e0a2e687876fa291e38b7c3ef38643e2c49e0d46d0f2d53352da2f184c4ced2305865ab0ad1435644419773ea82336ffdf62dd325a6a8b2d199d96dba8a13bb5a86ff65b80818ceb37ee8a2b2a8813b33e474e5b110e1ed13dbc4f52efabbce38935a8ada53a0ed5a1a01453a254a1dc528492159591aa192ff6cfa0b372caf236c78d1a0c94dc37916746358b4cf3cc1c0132657818ce6465e58936dbf5991dfb74ff97382c066ba0ceb06ac4f0c005e4c9166e94161bc08e1c23df7ed3419b10ae229aa6bafb19e6af003c9e319956723d839dc50a7edd8d80bce971ba504e0aac811d76e65acffdc4f7e9836396ba98b824be6cc704c59f5849642b191437a5cf902fc1ac491e8c59241586c6791b282b5cfae57eb7e6792048c4769b5b3f21987ec5097e530fd001da5d2999db4ded708225e9a53a2b48d2be3401a063da3c19168769eccaef710d7c2e06818bb05c4a9aa0ce2785a5a6d2846bac9836f1905a9b042029dcc59d918450b6affb522fbf78116941c5cef4ecb82a2134ee8e67ea6091170b67bfc3abec9e2cfc8208d4ba3bb732230fe6a9470c1152ebdc31bbce93cb742b4484bc1cef4298ce897a36c7e8b3ef8bd1b0e3d4dfa46da8bf89b06d67d8a5da465e8f68f999ec38ef8d1b7972125d2d8492680f6698419313afb74b5f715c90aa5ca0a6ea5561acd89a25d0fd066234b1752d6535251be347d8e69afea162f0ae84aa08a1a5475e6860af5956babe0530b6349e918fa97f14e6a83f7e2054c85ec37424757c49c6b76a889cde8473eebc495ac1088fda54f5c70bb17ef4873bf7b524ae892cd8267adfcd1e7054ac0c8b904855f816cbab8a6c5332d2221060b97931130187e1f07b0b9fad917c06f56d3f9fbca9d0ad93c300d88a6025359eb"}, 0x6, 0x3, 0xff) rseq$auto(&(0x7f0000000b80)={0x2, 0x7, 0x9, 0x9, 0x10001, 0x2}, 0x2, 0x871, 0x2e0e) r2 = socket(0xa, 0x1, 0x84) r3 = getsockopt$auto(r2, 0x84, 0x3, 0x0, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r4, 0x0, 0xfffffdf1) linkat$auto(r4, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) timer_create$auto_CLOCK_BOOTTIME(0x7, &(0x7f00000003c0)={@sival_ptr=&(0x7f0000000240)="4fa110d7712f55a82b2fffe2326caef0392be26695a49217aaecee2c7d6140125ba08680c87ffd5c60c3928cbd412f", @inferred, 0x4, @_sigev_thread={&(0x7f0000000300)=&(0x7f00000002c0)=0xe, &(0x7f0000000340)="840321bda1bc8aa3d538e4ff8cca4f5e0d682d9ad20602cd9a111fb9251fd72b3933189a422bf40136ac6c1907b69411dee306973d12b4995840f7943c60da00f8f846f973c99fc248dd238f381806ea1a9b0a0e"}}, &(0x7f0000000400)=0xfffffc01) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x154) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x8) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8600, 0x0) read$auto_fragmentation_threshold_ops_(r3, &(0x7f0000000440)=""/75, 0x4b) 1.326698447s ago: executing program 2 (id=4959): openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x1, 0x100) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/oom_score\x00', 0x0, 0x0) semctl$auto_IPC_INFO(0x3, 0x3, 0x3, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x250800, 0x0) r3 = socket(0x23, 0x80805, 0x0) listen$auto(r3, 0x4) poll$auto(&(0x7f0000000000)={r3, 0x1963, 0x81}, 0x5, 0x10001) r5 = socket(0x25, 0x1, 0x2) setsockopt$auto(r5, 0x119, 0x80, 0xfffffffffffffffd, 0x10004) setsockopt$auto(r4, 0x113, 0x3, 0x0, 0x79ad226b) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/tty/ptyq3/power/runtime_suspended_time\x00', 0x48701, 0x0) write$auto(r2, &(0x7f0000000000)='/sys/bus/netdevsim/new_device\x00', 0x792fe55c) writev$auto(r6, &(0x7f0000000200)={0x0, 0x9}, 0x7) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae78, r0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r7, 0xae01, 0x0) 1.226302352s ago: executing program 4 (id=4960): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000", @ANYBLOB="040006"], 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x800) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000280), r0) r1 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000005c0), r0) sendmsg$auto_MACSEC_CMD_ADD_RXSC(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000400)={0x1c, r1, 0x8ff972b65c311bf5, 0x70bd26, 0x25dfdbfe, {}, [@MACSEC_ATTR_IFINDEX={0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8090}, 0x4000) 1.085612255s ago: executing program 0 (id=4961): write$auto(0x3, 0x0, 0x81) 1.043153168s ago: executing program 1 (id=4962): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = gettid() rt_sigtimedwait$auto(&(0x7f0000000000)={0x86e}, 0x0, 0x0, 0x8) bpf$auto(0x6, &(0x7f0000000100)=@bpf_attr_7={@btf_id=0x86, 0x5, 0x10}, 0x6f4) tkill$auto(r1, 0x4) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) open$dir(0x0, 0xb6f93ca6bcc1b738, 0x8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_dma_buf_debug_fops_(0xffffffffffffff9c, 0x0, 0x90203, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) semctl$auto(0xa, 0x2, 0x13, 0x21) r2 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) ioctl$auto(r2, 0x3b82, 0x38) socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x9, 0xdf, 0xeb1, 0x401, 0x8000) getsockopt$auto(0x4, 0x6, 0x1b, 0xfffffffffffffffc, 0x0) mmap$auto(0xfffffffffffffffe, 0x400006, 0x400000000df, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x3, 0x0, 0xffd8) ioctl$auto_SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) 843.435768ms ago: executing program 0 (id=4963): open(&(0x7f0000000000)='./file0\x00', 0x2000, 0x100) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/tasks\x00', 0x63102, 0x0) sendfile$auto(r0, r0, 0x0, 0x1) 806.494534ms ago: executing program 4 (id=4964): mmap$auto(0x0, 0x2020009, 0x3, 0xeb9, 0xfffffffffffffffa, 0x48003) close_range$auto(0xffffffffffffffff, 0x8, 0xfffffffc) prctl$auto_PR_SCHED_CORE_CREATE(0x4a95f9a7, 0x1, 0xffffffffffffffff, 0x2, 0x5) socket$nl_generic(0x10, 0x3, 0x10) socket(0x22, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x20040884) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) prctl$auto(0x59616d61, 0xffffffffffffffff, 0x1, 0x1004, 0xfffffffffffffffb) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) 746.460694ms ago: executing program 2 (id=4965): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) socketpair$auto(0xbf, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x422640, 0x55) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f00000000c0), 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x300) r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="24000000a2866abb751d4fac5e456851cfd5867d00154442ce7a814dd8f504e3d945b0c85b36d3d598725e1d73554e673b4d1b5a2ab78e5ca95ba53fb40b1b043c1795d9d0544d97ad73c0cfc49fdf46ebb46fc2", @ANYRES16=r1, @ANYBLOB="010025bd7000448c7a615b4f911af64b286394f053b5e702dcdf25030000ff8d5bea8a0ced508328254299664fc11337a667e8d71173cc615143c8be6fcbbfcf0ac5fec0940b59dde227a6ff43790c8053cfb534187416448da8a0aad7dde8d64157cbb4098ad4d64494af4696a46d7774837453789a06397fa28bcbc8da08432283c95b3e83489bf34144eb109b4456f4d688258412be1e0f24bb79fc48587591e466a8b1fde884c1ed2a1621552997b87f6ca1985ba8402628eb744bb9903aa3087936768317e0c26a4fa3c3a9c2e4bfa3460dbba37b9cd58fef47baa5672ab2c57874c946945f4d5d071db50a20dc53229fcc069738ed0abc41d9a449d0e44069bbc273d0b4eda2c90a46ec3a3a3791e76352984c8df028001a564f47cfac9466112e699ccf3a9e570e23670cdd3a3e2bd5066e530bc8b754ff7e1296f7bcc71c33a4d3a36180d1bf62b0f5"], 0x24}, 0x1, 0x0, 0x0, 0x240400f0}, 0x880) fcntl$auto_F_RDLCK(r0, 0x1001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_wakeup_sources_stats_fops_wakeup(0xffffffffffffff9c, 0x0, 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) write$auto(0x3, 0x0, 0x34000) accept$auto(0x3, 0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb2, r2, 0x8000) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8}, 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/mm/lru_gen/enabled\x00', 0x2062, 0x0) write$auto(r3, 0x0, 0x81) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0xfffffffd) 655.272787ms ago: executing program 0 (id=4966): mmap$auto(0x0, 0x100000020009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2a, 0x80002, 0x73) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) r0 = open(0x0, 0x0, 0x408) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) open(0x0, 0x64842, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/ptyq3\x00', 0x40001, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto(0x3, 0x8926, 0x10000000000402) mprotect$auto(0x200000000000, 0x1f, 0x5) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)='4', 0x1) io_uring_register$auto(0xffffffffffffffff, 0x3, &(0x7f0000000500)="dbbb5bd4687464cb56dddb1111f4580c3448292485d8853270eee1f62ebaaffebda5fb8d6f49f2c5c836e2d28d27423e88131a23927ebe1599d7938df73599890fd825b23f3170c8e827309909db6e4ebfbe17c1f2aea769095ebb21099c768775b22ca7f913fa605370b33ae2c79b3cce608dbf3dbfa06353eda72db908584d94d18644ae9abbd225ba803675cba5276428b5a665f5682ee39926b63d3447929778515e0cc4f164ee7ef1fb57c6ff8244b2cc0e6942183bdbfb4b0d6b9de1b38d822a4fdc8d0b3182a3adb94e9b95aefe43a938e069f98cd9b22b582e94d86bd5217314a1a1ad7f964cd7dc06e50f8021956cd92d208c1a1967df6969f93a094cad983231d7e0bd96876c8822f0d65930a71215e2dc04f2ccd9e7a69b2ae933aef345a9e28eb560b66d26a2969267a61116ef8fb7cd48e239a748d06f2d9bed018189064fb90b81e12a488e9aab4153582b3aff4f3146e932a4b41945cae11f3e2c29cefafa48f52d6c89dd2646fecae44004d8fcddee5eb293cd5d23bf270d36b948cc24ca63516f1bb41c73f5146e5b805ea89d559f39fe2e1d99906927", 0x1000) unshare$auto(0x40000080) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/scsi/device_info\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r3, &(0x7f0000000140)="f1", 0x1) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd15/queue/scheduler\x00', 0x103a42, 0x0) mmap$auto(0x0, 0x400008, 0x4, 0x40009b72, 0x2, 0x8000) r4 = socket(0xa, 0x3, 0x3a) r5 = prctl$auto(0x23, 0x8, 0x2008, 0x0, 0x0) setsockopt$auto_SO_ATTACH_FILTER(r5, 0x7, 0x1a, &(0x7f0000000000)='&g\x00', 0x9) ioctl$auto_FBIOPAN_DISPLAY(r0, 0x4606, &(0x7f0000000280)="54afb7165d158a91dd0b00543a7d5ab8d587ad420b0c8a24d1bfe6abc8e9778a76340695b56a88383ab556f79966f55987152e291d864d4116d7700ee97bfbc3fbbbe5427ca38577a7794abf964fbb1317829e76f135caa4e37657fa35d824e903b40adfc422f263a879fe08b4b0f536f9578bab19af19725e9de81b4c38ee159f4f02a76d296ad5b14fd39b109d3248ce92882862d618348299319aaf10669d6e54215f878ef03910817cc9d8a3cb2391edcc65aea236597853770478afa4bccfdaa6d75516dfc339d68139c9a577e33fcf9826389a9637b23142660b6d9d23276686135f734562792b9257dca8f6") r6 = socket(0x3, 0x5, 0x0) setsockopt$auto(r6, 0x29, 0x2f, 0x0, 0x22) setsockopt$auto_SO_TIMESTAMPNS_OLD(r6, 0x401, 0x23, &(0x7f0000000080)='/dev/ptyq3\x00', 0x1b) ioctl$auto(r4, 0x8982, 0x1) 541.35283ms ago: executing program 1 (id=4967): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x1d, 0x5, 0x200) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) 300.996243ms ago: executing program 1 (id=4968): remap_file_pages$auto(0x40, 0x2000fff, 0x0, 0xdc, 0x100000) 7.174297ms ago: executing program 1 (id=4969): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x1, 0xfd5, 0x12, 0xffffffffffffffff, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r1, 0x4008af25, 0x0) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0x602, 0x300000000000) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x1, 0x7, 0x6, "551e7285968d8e86bd4794a0e875ee9f7b35db28d0a7e72b7a19039c336389cb57a05ba0582cc612c6c0be4beb4cc54d8337d40c93638ba34c4a0435c32a206e808194584d8c359d418662d18943a5e3c6234e712a096205457b56f0a1e5d4d19835696295a54f38117d9d751e23b5fb61daa5a6b2c75148106dc167a20061e3fe55cc53ffadf62b0945da4b27515a0102a8d2d002a842362b4744b8972a5e11e8a6aab89c7b85947f3901d696d459641aa7e6b89b73387ec5fa2d2af6c992213d82c5774c4bcd4187585bcf652af094e988e75002e01f607abf5e25ae0f5548fd13175b681fc059c1f9160aef893bae78cf6cf62c30fa3f0c5c60cbe383a9c0cc1289519b0c7cff81cc3b4fec739fad19c662b0f98d607b61d825d10e2dd3b27b0f7a6b1adc5a452f344c39da5f086ea7c5d99674ca69c4f5635776e67c151bad72f906cd65231da3a55d6056e23b00686723714fabd752f3e2c86dafdee9d379230c0abeabfde9cf88cae099f3ccc76ea7e64a3734ced5ffe749a8012db53ad4d6a5e347bdd83bb409c1bdb762f4aba145df74833d73ccd583797d4fb4ed3e0c7c29d502aacaef02e114d9e60ca6b0bcb28f825f5d49e94ccd2f830933c39a3ba3782505453e3de872ad8da84a6a22aaa62970428bb9a95d1817dbeeded1c53c5d508dea6cc53d80153b05f954c263278bb9c8bc02f3b1805dd9299dc8b97ebff0165d615ba7bf5ce8c490f4dd273642a18267b0a61a594cb1d608f3dffb292991ea32bb647a6f9b951f283e118dc73b45843b5aa883410e402e3bec9ba889ec237462042cedaed761cca0c3b7058d3ffc276c9a75e18b79804f4e21650d911edbedb9fedd31959a8783b1e39d7d6408554bddb2a5d67703d225fe4422bf2367ca483e77fe479495be3235f4c77b3872a9e33946d2602486b83e84e7d8d1742d369e2d00b9dbb552385502c0f597b3615bed54de65af106b58d2b6bebbdd3fe625152527af965b67e9424da7be2e2574e1492aed568d4faaa9da508e0a2e687876fa291e38b7c3ef38643e2c49e0d46d0f2d53352da2f184c4ced2305865ab0ad1435644419773ea82336ffdf62dd325a6a8b2d199d96dba8a13bb5a86ff65b80818ceb37ee8a2b2a8813b33e474e5b110e1ed13dbc4f52efabbce38935a8ada53a0ed5a1a01453a254a1dc528492159591aa192ff6cfa0b372caf236c78d1a0c94dc37916746358b4cf3cc1c0132657818ce6465e58936dbf5991dfb74ff97382c066ba0ceb06ac4f0c005e4c9166e94161bc08e1c23df7ed3419b10ae229aa6bafb19e6af003c9e319956723d839dc50a7edd8d80bce971ba504e0aac811d76e65acffdc4f7e9836396ba98b824be6cc704c59f5849642b191437a5cf902fc1ac491e8c59241586c6791b282b5cfae57eb7e6792048c4769b5b3f21987ec5097e530fd001da5d2999db4ded708225e9a53a2b48d2be3401a063da3c19168769eccaef710d7c2e06818bb05c4a9aa0ce2785a5a6d2846bac9836f1905a9b042029dcc59d918450b6affb522fbf78116941c5cef4ecb82a2134ee8e67ea6091170b67bfc3abec9e2cfc8208d4ba3bb732230fe6a9470c1152ebdc31bbce93cb742b4484bc1cef4298ce897a36c7e8b3ef8bd1b0e3d4dfa46da8bf89b06d67d8a5da465e8f68f999ec38ef8d1b7972125d2d8492680f6698419313afb74b5f715c90aa5ca0a6ea5561acd89a25d0fd066234b1752d6535251be347d8e69afea162f0ae84aa08a1a5475e6860af5956babe0530b6349e918fa97f14e6a83f7e2054c85ec37424757c49c6b76a889cde8473eebc495ac1088fda54f5c70bb17ef4873bf7b524ae892cd8267adfcd1e7054ac0c8b904855f816cbab8a6c5332d2221060b97931130187e1f07b0b9fad917c06f56d3f9fbca9d0ad93c300d88a6025359eb"}, 0x6, 0x3, 0xff) rseq$auto(&(0x7f0000000b80)={0x2, 0x7, 0x9, 0x9, 0x10001, 0x2}, 0x2, 0x871, 0x2e0e) r2 = socket(0xa, 0x1, 0x84) r3 = getsockopt$auto(r2, 0x84, 0x3, 0x0, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r4, 0x0, 0xfffffdf1) linkat$auto(r4, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) timer_create$auto_CLOCK_BOOTTIME(0x7, &(0x7f00000003c0)={@sival_ptr=&(0x7f0000000240)="4fa110d7712f55a82b2fffe2326caef0392be26695a49217aaecee2c7d6140125ba08680c87ffd5c60c3928cbd412f", @inferred, 0x4, @_sigev_thread={&(0x7f0000000300)=&(0x7f00000002c0)=0xe, &(0x7f0000000340)="840321bda1bc8aa3d538e4ff8cca4f5e0d682d9ad20602cd9a111fb9251fd72b3933189a422bf40136ac6c1907b69411dee306973d12b4995840f7943c60da00f8f846f973c99fc248dd238f381806ea1a9b0a0e"}}, &(0x7f0000000400)=0xfffffc01) open(&(0x7f0000000040)='./file0\x00', 0x0, 0x154) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x0) mprotect$auto(0x0, 0x8000000000000001, 0x8) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8600, 0x0) read$auto_fragmentation_threshold_ops_(r3, &(0x7f0000000440)=""/75, 0x4b) 0s ago: executing program 0 (id=4970): mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptyc9\x00', 0x22000, 0x0) (async) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/ptyc9\x00', 0x22000, 0x0) write$auto(0x3, 0x0, 0x7fffffff) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0x20004000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) (async) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810005, 0xffb, 0x8100000008011, 0x3, 0x8000) preadv2$auto(r1, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x410441, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000000c0)={0x60, 0x0, 0xfffffffffffffff9, 0x7fffffffefff, 0x2, 0x100002001, 0xb, 0xbff, 0x2c, 0x2c, 0x0, 0x2}) setsockopt$auto(0x3, 0x10000000084, 0x84, 0x0, 0x90) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r3 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r3, 0xc040564a, r3) (async) ioctl$auto(r3, 0xc040564a, r3) init_module$auto(&(0x7f0000000240)="e4101cdd8c357cc18843b2395f565e92d64729d8a6c76f1d5f60a10f0f2b9caee9601080d1c90545ccb4addb366066ed99f6e811837987c99b3d", 0x5, &(0x7f0000000280)='\\@\x00') (async) init_module$auto(&(0x7f0000000240)="e4101cdd8c357cc18843b2395f565e92d64729d8a6c76f1d5f60a10f0f2b9caee9601080d1c90545ccb4addb366066ed99f6e811837987c99b3d", 0x5, &(0x7f0000000280)='\\@\x00') r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr5/queues/rx-0/rps_cpus\x00', 0x42401, 0x0) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000180)=@bpf_attr_0={0x80000001, 0x7d7b8765, 0x6, 0x2ad9, 0x9, r0, 0x8ad, "0d018ee270602fa37fe2ae1643dc4522", 0x0, r2, 0x2535, 0x50b, 0x6, 0x10001, r2, r2}, 0x1) ioctl$auto_NVRAM_INIT(r5, 0x7040, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) epoll_create1$auto(0x1) (async) epoll_create1$auto(0x1) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) (async) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) r7 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r6, r7, 0x0, 0x1) write$auto(r4, &(0x7f0000000140)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) (async) write$auto(r4, &(0x7f0000000140)='0\x81=\"\xad\xff\x8d\xf9P\x18\xa4\xb0\xb4\xd9\x82=\xe1P\x05\x00\xfb&\xe8\xbf\x901\a2\xa2X`\a\xf1y\xb3\"=', 0xd4d0) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x400240, 0x0) sysfs$auto(0x2ba, 0x9, 0x3) (async) sysfs$auto(0x2ba, 0x9, 0x3) kernel console output (not intermixed with test programs): 39] [ 1267.482343][T24939] dump_stack_lvl+0x16c/0x1f0 [ 1267.482388][T24939] should_fail_ex+0x512/0x640 [ 1267.482417][T24939] ? __kmalloc_noprof+0xca/0x910 [ 1267.482450][T24939] should_failslab+0xc2/0x120 [ 1267.482492][T24939] __kmalloc_noprof+0xeb/0x910 [ 1267.482520][T24939] ? rcu_is_watching+0x12/0xc0 [ 1267.482555][T24939] ? trace_parser_get_init+0x30/0xc0 [ 1267.482601][T24939] ? trace_parser_get_init+0x30/0xc0 [ 1267.482640][T24939] trace_parser_get_init+0x30/0xc0 [ 1267.482682][T24939] trace_pid_write+0xef/0x4b0 [ 1267.482709][T24939] ? __pfx_trace_pid_write+0x10/0x10 [ 1267.482730][T24939] ? __pfx_aa_file_perm+0x10/0x10 [ 1267.482770][T24939] ? update_last_data+0xaa/0x510 [ 1267.482810][T24939] event_pid_write.isra.0+0x1e4/0x7f0 [ 1267.482851][T24939] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 1267.482896][T24939] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 1267.482946][T24939] vfs_write+0x2a0/0x11d0 [ 1267.482985][T24939] ? __pfx___mutex_lock+0x10/0x10 [ 1267.483029][T24939] ? __pfx_vfs_write+0x10/0x10 [ 1267.483074][T24939] ? __fget_files+0x20e/0x3c0 [ 1267.483119][T24939] ksys_write+0x12a/0x250 [ 1267.483155][T24939] ? __pfx_ksys_write+0x10/0x10 [ 1267.483199][T24939] do_syscall_64+0xcd/0xf80 [ 1267.483240][T24939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1267.483266][T24939] RIP: 0033:0x7faa40b8f7c9 [ 1267.483287][T24939] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1267.483312][T24939] RSP: 002b:00007faa419f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1267.483335][T24939] RAX: ffffffffffffffda RBX: 00007faa40de6090 RCX: 00007faa40b8f7c9 [ 1267.483353][T24939] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1267.483369][T24939] RBP: 00007faa40c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1267.483385][T24939] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1267.483401][T24939] R13: 00007faa40de6128 R14: 00007faa40de6090 R15: 00007ffc29bf0618 [ 1267.483434][T24939] [ 1270.171616][T24968] vivid-007: ================= START STATUS ================= [ 1270.214759][T24968] vivid-007: Generate PTS: true [ 1270.250001][T24968] vivid-007: Generate SCR: true [ 1270.255052][T24968] tpg source WxH: 320x240 (Y'CbCr) [ 1270.294003][T24968] tpg field: 1 [ 1270.328745][T24968] tpg crop: (0,0)/320x240 [ 1270.338847][T24968] tpg compose: (0,0)/320x240 [ 1270.364214][T24968] tpg colorspace: 8 [ 1270.418948][T24968] tpg transfer function: 0/0 [ 1270.424104][T24968] tpg Y'CbCr encoding: 0/0 [ 1270.442489][T24968] tpg quantization: 0/0 [ 1270.462731][T24968] tpg RGB range: 0/2 [ 1270.482265][T24968] vivid-007: ================== END STATUS ================== [ 1273.368696][T24993] FAULT_INJECTION: forcing a failure. [ 1273.368696][T24993] name failslab, interval 1, probability 393216, space 0, times 0 [ 1273.550932][T24993] CPU: 0 UID: 0 PID: 24993 Comm: syz.0.4298 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1273.550976][T24993] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1273.550985][T24993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1273.551001][T24993] Call Trace: [ 1273.551009][T24993] [ 1273.551018][T24993] dump_stack_lvl+0x16c/0x1f0 [ 1273.551061][T24993] should_fail_ex+0x512/0x640 [ 1273.551090][T24993] ? fs_reclaim_acquire+0xae/0x150 [ 1273.551132][T24993] should_failslab+0xc2/0x120 [ 1273.551172][T24993] __kmalloc_noprof+0xeb/0x910 [ 1273.551206][T24993] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1273.551247][T24993] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1273.551279][T24993] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1273.551316][T24993] ? tomoyo_profile+0x47/0x60 [ 1273.551355][T24993] tomoyo_path_number_perm+0x245/0x580 [ 1273.551382][T24993] ? tomoyo_path_number_perm+0x237/0x580 [ 1273.551412][T24993] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1273.551442][T24993] ? find_held_lock+0x2b/0x80 [ 1273.551504][T24993] ? find_held_lock+0x2b/0x80 [ 1273.551533][T24993] ? hook_file_ioctl_common+0x144/0x410 [ 1273.551570][T24993] ? __fget_files+0x20e/0x3c0 [ 1273.551611][T24993] security_file_ioctl+0x9b/0x240 [ 1273.551643][T24993] __x64_sys_ioctl+0xb7/0x210 [ 1273.551675][T24993] do_syscall_64+0xcd/0xf80 [ 1273.551715][T24993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1273.551741][T24993] RIP: 0033:0x7f856778f7c9 [ 1273.551760][T24993] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1273.551784][T24993] RSP: 002b:00007f85685cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1273.551808][T24993] RAX: ffffffffffffffda RBX: 00007f85679e5fa0 RCX: 00007f856778f7c9 [ 1273.551824][T24993] RDX: 0000000000000000 RSI: 00000000c0386106 RDI: 0000000000000004 [ 1273.551839][T24993] RBP: 00007f85685cd090 R08: 0000000000000000 R09: 0000000000000000 [ 1273.551854][T24993] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1273.551869][T24993] R13: 00007f85679e6038 R14: 00007f85679e5fa0 R15: 00007ffc7cc08498 [ 1273.551901][T24993] [ 1273.551911][T24993] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1274.157362][T24999] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1274.197932][T24999] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1274.271583][T24999] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1274.277694][T24999] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1276.300759][T20797] Bluetooth: hci0: command 0x0c1a tx timeout [ 1276.306948][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 1276.385014][T20797] Bluetooth: hci2: command 0x0c1a tx timeout [ 1276.391580][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 1276.445455][T25029] delete_channel: no stack [ 1276.940647][T25038] delete_channel: no stack [ 1277.971382][T25049] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1278.062053][T25049] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1278.130670][T25049] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1278.158581][T25049] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1278.793033][T25067] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1278.930427][T25067] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1279.180297][T25067] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.2.4313: bg 4: bad block bitmap checksum [ 1279.197961][T25076] vmstat_refresh: nr_hugetlb -1536 [ 1279.355430][T25067] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 74 [ 1279.552723][T25067] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1279.552723][T25067] [ 1279.979969][T20797] Bluetooth: hci3: command 0x0c1a tx timeout [ 1280.139958][T16575] Bluetooth: hci0: command 0x0c1a tx timeout [ 1280.146061][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 1280.156653][T20797] Bluetooth: hci2: command 0x0c1a tx timeout [ 1282.705553][T25099] delete_channel: no stack [ 1284.750790][T25121] FAULT_INJECTION: forcing a failure. [ 1284.750790][T25121] name failslab, interval 1, probability 393216, space 0, times 0 [ 1284.919846][T25121] CPU: 0 UID: 0 PID: 25121 Comm: syz.0.4323 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1284.919886][T25121] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1284.919896][T25121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1284.919911][T25121] Call Trace: [ 1284.919919][T25121] [ 1284.919929][T25121] dump_stack_lvl+0x16c/0x1f0 [ 1284.919975][T25121] should_fail_ex+0x512/0x640 [ 1284.920008][T25121] should_failslab+0xc2/0x120 [ 1284.920046][T25121] __kmalloc_noprof+0xeb/0x910 [ 1284.920072][T25121] ? __lock_acquire+0x436/0x2890 [ 1284.920095][T25121] ? ___neigh_create+0x14ec/0x2920 [ 1284.920125][T25121] ? ___neigh_create+0x14ec/0x2920 [ 1284.920146][T25121] ___neigh_create+0x14ec/0x2920 [ 1284.920174][T25121] ? find_held_lock+0x2b/0x80 [ 1284.920207][T25121] ? ipv6_chk_mcast_addr+0x331/0x9a0 [ 1284.920248][T25121] ? __pfx____neigh_create+0x10/0x10 [ 1284.920277][T25121] ip6_finish_output2+0x11aa/0x1cf0 [ 1284.920306][T25121] ? ip6_dst_mtu_maybe_forward.constprop.0+0x1be/0x530 [ 1284.920357][T25121] __ip6_finish_output+0x3cd/0x1010 [ 1284.920388][T25121] ip6_output+0x253/0x710 [ 1284.920419][T25121] ip6_mr_output+0x233/0x11b0 [ 1284.920454][T25121] ? __pfx_nf_nat_ipv6_local_fn+0x10/0x10 [ 1284.920484][T25121] ? nf_nat_ipv6_local_fn+0x38a/0x530 [ 1284.920514][T25121] ? __pfx_ip6_mr_output+0x10/0x10 [ 1284.920547][T25121] ? __ip6_local_out+0x45b/0xa80 [ 1284.920581][T25121] ? nf_hook_slow+0x132/0x200 [ 1284.920617][T25121] ? __ip6_local_out+0x2f1/0xa80 [ 1284.920657][T25121] ? __pfx_dst_output+0x10/0x10 [ 1284.920697][T25121] ? ip6_local_out+0x2a9/0x4d0 [ 1284.920729][T25121] ip6_local_out+0x2a9/0x4d0 [ 1284.920765][T25121] ip6_send_skb+0x112/0x460 [ 1284.920794][T25121] udp_v6_send_skb+0x96f/0x1910 [ 1284.920845][T25121] udpv6_sendmsg+0x23b1/0x2d30 [ 1284.920877][T25121] ? aa_label_sk_perm+0x194/0x5f0 [ 1284.920908][T25121] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 1284.920956][T25121] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 1284.920995][T25121] ? __lock_acquire+0x436/0x2890 [ 1284.921028][T25121] ? __pfx___might_resched+0x10/0x10 [ 1284.921062][T25121] ? __lock_acquire+0x436/0x2890 [ 1284.921095][T25121] ? iovec_from_user+0xbb/0x140 [ 1284.921130][T25121] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 1284.921166][T25121] ? inet6_sendmsg+0x105/0x140 [ 1284.921201][T25121] inet6_sendmsg+0x105/0x140 [ 1284.921237][T25121] ____sys_sendmsg+0x705/0xc30 [ 1284.921279][T25121] ? copy_msghdr_from_user+0x10a/0x160 [ 1284.921311][T25121] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1284.921355][T25121] ? __pfx__kstrtoull+0x10/0x10 [ 1284.921395][T25121] ___sys_sendmsg+0x134/0x1d0 [ 1284.921428][T25121] ? __pfx____sys_sendmsg+0x10/0x10 [ 1284.921474][T25121] ? find_held_lock+0x2b/0x80 [ 1284.921523][T25121] __sys_sendmmsg+0x200/0x420 [ 1284.921559][T25121] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1284.921601][T25121] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1284.921653][T25121] ? fput+0x70/0xf0 [ 1284.921678][T25121] ? ksys_write+0x1ac/0x250 [ 1284.921712][T25121] ? __pfx_ksys_write+0x10/0x10 [ 1284.921753][T25121] __x64_sys_sendmmsg+0x9c/0x100 [ 1284.921785][T25121] ? lockdep_hardirqs_on+0x7c/0x110 [ 1284.921826][T25121] do_syscall_64+0xcd/0xf80 [ 1284.921864][T25121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1284.921890][T25121] RIP: 0033:0x7f856778f7c9 [ 1284.921909][T25121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1284.921932][T25121] RSP: 002b:00007f85685ac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1284.921955][T25121] RAX: ffffffffffffffda RBX: 00007f85679e6090 RCX: 00007f856778f7c9 [ 1284.921971][T25121] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 1284.921986][T25121] RBP: 00007f85685ac090 R08: 0000000000000000 R09: 0000000000000000 [ 1284.922001][T25121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1284.922016][T25121] R13: 00007f85679e6128 R14: 00007f85679e6090 R15: 00007ffc7cc08498 [ 1284.922047][T25121] [ 1288.034192][T25169] vivid-007: ================= START STATUS ================= [ 1288.075340][T25169] vivid-007: Generate PTS: true [ 1288.103247][T25169] vivid-007: Generate SCR: true [ 1288.125503][T25169] tpg source WxH: 320x240 (Y'CbCr) [ 1288.157960][T25169] tpg field: 1 [ 1288.175617][T25169] tpg crop: (0,0)/320x240 [ 1288.200252][T25169] tpg compose: (0,0)/320x240 [ 1288.221907][T25169] tpg colorspace: 8 [ 1288.239457][T25169] tpg transfer function: 0/0 [ 1288.261337][T25169] tpg Y'CbCr encoding: 0/0 [ 1288.283036][T25169] tpg quantization: 0/0 [ 1288.307370][T25169] tpg RGB range: 0/2 [ 1288.324198][T25169] vivid-007: ================== END STATUS ================== [ 1288.816386][ T4326] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1288.940031][ T4326] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1288.940031][ T4326] [ 1289.366932][T25192] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1289.420759][T25192] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1289.427213][T25192] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1289.546478][T25192] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1290.829271][T25211] delete_channel: no stack [ 1291.167580][ T30] audit: type=1800 audit(4294967861.579:232): pid=25216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4343" name="dbroot" dev="configfs" ino=112691 res=0 errno=0 [ 1291.420013][T20797] Bluetooth: hci3: command 0x0c1a tx timeout [ 1291.506248][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 1291.512480][T20797] Bluetooth: hci0: command 0x0c1a tx timeout [ 1291.582067][T20797] Bluetooth: hci2: command 0x0c1a tx timeout [ 1293.076273][T25225] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1293.098680][T25225] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1293.124191][T25225] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1293.160679][T25225] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1293.837874][T25256] delete_channel: no stack [ 1293.887179][T25261] FAULT_INJECTION: forcing a failure. [ 1293.887179][T25261] name failslab, interval 1, probability 393216, space 0, times 0 [ 1293.955669][T25261] CPU: 0 UID: 0 PID: 25261 Comm: syz.1.4352 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1293.955710][T25261] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1293.955719][T25261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1293.955735][T25261] Call Trace: [ 1293.955744][T25261] [ 1293.955753][T25261] dump_stack_lvl+0x16c/0x1f0 [ 1293.955800][T25261] should_fail_ex+0x512/0x640 [ 1293.955827][T25261] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 1293.955862][T25261] should_failslab+0xc2/0x120 [ 1293.955908][T25261] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 1293.955938][T25261] ? __lock_acquire+0x436/0x2890 [ 1293.955960][T25261] ? alloc_inode+0xc3/0x240 [ 1293.955991][T25261] ? alloc_inode+0xc3/0x240 [ 1293.956016][T25261] alloc_inode+0xc3/0x240 [ 1293.956041][T25261] new_inode+0x22/0x1c0 [ 1293.956076][T25261] configfs_new_inode+0x24/0x4a0 [ 1293.956109][T25261] configfs_create+0xd9/0x3a0 [ 1293.956142][T25261] configfs_lookup+0x38f/0x780 [ 1293.956181][T25261] ? __pfx_configfs_lookup+0x10/0x10 [ 1293.956215][T25261] lookup_open.isra.0+0x4e2/0x1780 [ 1293.956254][T25261] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1293.956303][T25261] ? mnt_get_write_access+0x1e9/0x2f0 [ 1293.956335][T25261] path_openat+0x12bb/0x3140 [ 1293.956379][T25261] ? __pfx_path_openat+0x10/0x10 [ 1293.956425][T25261] do_filp_open+0x20b/0x470 [ 1293.956461][T25261] ? __pfx_do_filp_open+0x10/0x10 [ 1293.956516][T25261] ? alloc_fd+0x471/0x7d0 [ 1293.956558][T25261] do_sys_openat2+0x121/0x290 [ 1293.956584][T25261] ? __pfx_do_sys_openat2+0x10/0x10 [ 1293.956614][T25261] ? __fget_files+0x20e/0x3c0 [ 1293.956652][T25261] __x64_sys_openat+0x174/0x210 [ 1293.956679][T25261] ? __pfx___x64_sys_openat+0x10/0x10 [ 1293.956713][T25261] ? ksys_write+0x1ac/0x250 [ 1293.956757][T25261] do_syscall_64+0xcd/0xf80 [ 1293.956801][T25261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1293.956826][T25261] RIP: 0033:0x7faa40b8f7c9 [ 1293.956845][T25261] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1293.956869][T25261] RSP: 002b:00007faa41a1a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1293.956892][T25261] RAX: ffffffffffffffda RBX: 00007faa40de5fa0 RCX: 00007faa40b8f7c9 [ 1293.956909][T25261] RDX: 0000000000109103 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1293.956925][T25261] RBP: 00007faa41a1a090 R08: 0000000000000000 R09: 0000000000000000 [ 1293.956940][T25261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1293.956955][T25261] R13: 00007faa40de6038 R14: 00007faa40de5fa0 R15: 00007ffc29bf0618 [ 1293.956986][T25261] [ 1294.232018][T20797] Bluetooth: hci3: command 0x0c1a tx timeout [ 1295.101071][T20797] Bluetooth: hci0: command 0x0c1a tx timeout [ 1295.179899][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 1295.186188][T20797] Bluetooth: hci2: command 0x0c1a tx timeout [ 1295.394258][T25263] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1295.425471][T25263] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1295.473441][T25263] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1295.519893][T25263] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1297.425498][T20797] Bluetooth: hci3: command 0x0c1a tx timeout [ 1297.507442][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 1297.514409][T20797] Bluetooth: hci1: command 0x0c1a tx timeout [ 1297.581992][T20797] Bluetooth: hci2: command 0x0c1a tx timeout [ 1300.278645][T25354] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 1301.206193][T25365] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1301.279972][T25365] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1301.302554][T25365] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1301.344633][T25365] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1301.406729][ T30] audit: type=1800 audit(4294967871.819:233): pid=25375 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4374" name="dbroot" dev="configfs" ino=113238 res=0 errno=0 [ 1302.148559][T25388] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4379'. [ 1302.213694][T25390] delete_channel: no stack [ 1302.221783][T25388] FAULT_INJECTION: forcing a failure. [ 1302.221783][T25388] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1302.324381][T25388] CPU: 0 UID: 0 PID: 25388 Comm: syz.2.4379 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1302.324423][T25388] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1302.324432][T25388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1302.324447][T25388] Call Trace: [ 1302.324455][T25388] [ 1302.324465][T25388] dump_stack_lvl+0x16c/0x1f0 [ 1302.324506][T25388] should_fail_ex+0x512/0x640 [ 1302.324546][T25388] _copy_from_user+0x2e/0xd0 [ 1302.324573][T25388] copy_msghdr_from_user+0x98/0x160 [ 1302.324605][T25388] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1302.324643][T25388] ? __lock_acquire+0x436/0x2890 [ 1302.324672][T25388] ___sys_recvmsg+0xdb/0x1a0 [ 1302.324703][T25388] ? __pfx____sys_recvmsg+0x10/0x10 [ 1302.324749][T25388] ? __pfx___might_resched+0x10/0x10 [ 1302.324789][T25388] do_recvmmsg+0x2fe/0x750 [ 1302.324824][T25388] ? __pfx_do_recvmmsg+0x10/0x10 [ 1302.324861][T25388] ? __mutex_unlock_slowpath+0x161/0x790 [ 1302.324909][T25388] ? __fget_files+0x20e/0x3c0 [ 1302.324952][T25388] __x64_sys_recvmmsg+0x22a/0x280 [ 1302.324987][T25388] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 1302.325028][T25388] do_syscall_64+0xcd/0xf80 [ 1302.325066][T25388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1302.325094][T25388] RIP: 0033:0x7f84f1f8f7c9 [ 1302.325113][T25388] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1302.325137][T25388] RSP: 002b:00007f84f2df9038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 1302.325159][T25388] RAX: ffffffffffffffda RBX: 00007f84f21e6090 RCX: 00007f84f1f8f7c9 [ 1302.325176][T25388] RDX: 0000000000010000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1302.325190][T25388] RBP: 00007f84f2df9090 R08: 0000000000000000 R09: 0000000000000000 [ 1302.325205][T25388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1302.325219][T25388] R13: 00007f84f21e6128 R14: 00007f84f21e6090 R15: 00007ffe388cba88 [ 1302.325250][T25388] [ 1302.701479][T25394] FAULT_INJECTION: forcing a failure. [ 1302.701479][T25394] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1302.714821][T25394] CPU: 0 UID: 0 PID: 25394 Comm: syz.4.4380 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1302.714863][T25394] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1302.714873][T25394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1302.714888][T25394] Call Trace: [ 1302.714897][T25394] [ 1302.714907][T25394] dump_stack_lvl+0x16c/0x1f0 [ 1302.714957][T25394] should_fail_ex+0x512/0x640 [ 1302.714989][T25394] _copy_from_iter+0x2a4/0x16c0 [ 1302.715024][T25394] ? __pfx__copy_from_iter+0x10/0x10 [ 1302.715057][T25394] ? __pfx___might_resched+0x10/0x10 [ 1302.715097][T25394] file_tty_write.constprop.0+0x487/0x9b0 [ 1302.715143][T25394] redirected_tty_write+0xd4/0x120 [ 1302.715178][T25394] vfs_write+0x7d3/0x11d0 [ 1302.715216][T25394] ? __pfx_redirected_tty_write+0x10/0x10 [ 1302.715255][T25394] ? __pfx_vfs_write+0x10/0x10 [ 1302.715287][T25394] ? find_held_lock+0x2b/0x80 [ 1302.715336][T25394] ksys_write+0x12a/0x250 [ 1302.715370][T25394] ? __pfx_ksys_write+0x10/0x10 [ 1302.715412][T25394] do_syscall_64+0xcd/0xf80 [ 1302.715451][T25394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1302.715476][T25394] RIP: 0033:0x7fef9af8f7c9 [ 1302.715495][T25394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1302.715519][T25394] RSP: 002b:00007fef9be3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1302.715541][T25394] RAX: ffffffffffffffda RBX: 00007fef9b1e5fa0 RCX: 00007fef9af8f7c9 [ 1302.715558][T25394] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 1302.715573][T25394] RBP: 00007fef9be3d090 R08: 0000000000000000 R09: 0000000000000000 [ 1302.715587][T25394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1302.715602][T25394] R13: 00007fef9b1e6038 R14: 00007fef9b1e5fa0 R15: 00007ffe816526e8 [ 1302.715633][T25394] [ 1303.175285][T25402] zswap: compressor not available [ 1303.267736][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 1303.344277][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 1303.344336][T20797] Bluetooth: hci1: command 0x0c1a tx timeout [ 1303.421774][T20797] Bluetooth: hci2: command 0x0c1a tx timeout [ 1303.667517][T25412] FAULT_INJECTION: forcing a failure. [ 1303.667517][T25412] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1303.786110][T25412] CPU: 0 UID: 0 PID: 25412 Comm: syz.1.4384 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1303.786154][T25412] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1303.786163][T25412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1303.786179][T25412] Call Trace: [ 1303.786187][T25412] [ 1303.786196][T25412] dump_stack_lvl+0x16c/0x1f0 [ 1303.786245][T25412] should_fail_ex+0x512/0x640 [ 1303.786278][T25412] strncpy_from_user+0x3b/0x2e0 [ 1303.786306][T25412] getname_flags.part.0+0x8f/0x550 [ 1303.786337][T25412] getname_flags+0x93/0xf0 [ 1303.786369][T25412] user_path_at+0x24/0x60 [ 1303.786401][T25412] do_fchownat+0xf9/0x200 [ 1303.786427][T25412] ? __pfx_do_fchownat+0x10/0x10 [ 1303.786448][T25412] ? ksys_write+0x1ac/0x250 [ 1303.786482][T25412] ? __pfx_ksys_write+0x10/0x10 [ 1303.786520][T25412] __x64_sys_lchown+0x7e/0xc0 [ 1303.786543][T25412] ? lockdep_hardirqs_on+0x7c/0x110 [ 1303.786579][T25412] do_syscall_64+0xcd/0xf80 [ 1303.786617][T25412] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1303.786642][T25412] RIP: 0033:0x7faa40b8f7c9 [ 1303.786661][T25412] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1303.786684][T25412] RSP: 002b:00007faa419f9038 EFLAGS: 00000246 ORIG_RAX: 000000000000005e [ 1303.786707][T25412] RAX: ffffffffffffffda RBX: 00007faa40de6090 RCX: 00007faa40b8f7c9 [ 1303.786723][T25412] RDX: 000000000000ee00 RSI: 000000000000ee01 RDI: 0000200000000080 [ 1303.786738][T25412] RBP: 00007faa419f9090 R08: 0000000000000000 R09: 0000000000000000 [ 1303.786763][T25412] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1303.786778][T25412] R13: 00007faa40de6128 R14: 00007faa40de6090 R15: 00007ffc29bf0618 [ 1303.786809][T25412] [ 1304.696195][T25427] futex_wake_op: syz.2.4388 tries to shift op by -2048; fix this program [ 1304.739078][T25427] futex_wake_op: syz.2.4388 tries to shift op by -2048; fix this program [ 1304.783984][T25427] ubi1: attaching mtd0 [ 1304.808122][T25427] ubi1: scanning is finished [ 1304.853017][T25427] ubi1 error: ubi_read_volume_table: the layout volume was not found [ 1305.133186][T25427] ubi1 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1305.268805][T25435] lo: entered allmulticast mode [ 1305.364456][ T30] audit: type=1800 audit(4294967875.769:234): pid=25437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4390" name="dbroot" dev="configfs" ino=113406 res=0 errno=0 [ 1305.615818][T25435] zswap: compressor ú not available [ 1305.626173][T25442] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1305.644690][T25434] lo: left allmulticast mode [ 1305.661750][T25442] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1305.708784][T25442] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1305.738698][T25442] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1306.025788][T25450] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1306.053800][T25450] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1306.139888][T25450] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1306.185107][T25450] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1306.556009][T25464] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4396'. [ 1307.578832][T25478] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1307.646822][T25478] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1307.646822][T25478] [ 1308.061719][ T5150] Bluetooth: hci3: command 0x0c1a tx timeout [ 1308.068020][T20797] Bluetooth: hci0: command 0x0c1a tx timeout [ 1308.144134][T20797] Bluetooth: hci1: command 0x0c1a tx timeout [ 1308.220171][T20797] Bluetooth: hci2: command 0x0c1a tx timeout [ 1308.569345][ T30] audit: type=1800 audit(4294967878.979:235): pid=25497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4402" name="dbroot" dev="configfs" ino=113717 res=0 errno=0 [ 1309.956297][ T30] audit: type=1800 audit(4294967880.369:236): pid=25511 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4405" name="dbroot" dev="configfs" ino=113775 res=0 errno=0 [ 1310.946961][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1310.953868][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1311.604871][ T30] audit: type=1800 audit(4294967882.019:237): pid=25532 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4410" name="discovery_nqn" dev="configfs" ino=113820 res=0 errno=0 [ 1311.647062][T25532] aoe: could not set interface list: too many interfaces [ 1313.364073][T25565] nvme_fabrics: missing parameter 'transport=%s' [ 1313.435602][T25565] nvme_fabrics: missing parameter 'nqn=%s' [ 1313.891040][T25576] zswap: compressor not available [ 1314.452511][T25595] FAULT_INJECTION: forcing a failure. [ 1314.452511][T25595] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1314.452555][T25595] CPU: 0 UID: 0 PID: 25595 Comm: syz.2.4425 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1314.452593][T25595] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1314.452602][T25595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1314.452618][T25595] Call Trace: [ 1314.452626][T25595] [ 1314.452636][T25595] dump_stack_lvl+0x16c/0x1f0 [ 1314.452680][T25595] should_fail_ex+0x512/0x640 [ 1314.452714][T25595] get_futex_key+0x1d0/0x15f0 [ 1314.452746][T25595] ? __pfx_get_futex_key+0x10/0x10 [ 1314.452782][T25595] futex_wake+0xea/0x530 [ 1314.452823][T25595] ? __pfx_futex_wake+0x10/0x10 [ 1314.452861][T25595] ? do_raw_spin_lock+0x12c/0x2b0 [ 1314.452897][T25595] do_futex+0x1e3/0x350 [ 1314.452925][T25595] ? __pfx_do_futex+0x10/0x10 [ 1314.452961][T25595] __x64_sys_futex+0x1e0/0x4c0 [ 1314.452991][T25595] ? fdget_pos+0x2b8/0x370 [ 1314.453037][T25595] ? __pfx___x64_sys_futex+0x10/0x10 [ 1314.453065][T25595] ? ksys_write+0x1ac/0x250 [ 1314.453102][T25595] ? __pfx_ksys_write+0x10/0x10 [ 1314.453147][T25595] do_syscall_64+0xcd/0xf80 [ 1314.453188][T25595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1314.453214][T25595] RIP: 0033:0x7f84f1f8f7c9 [ 1314.453233][T25595] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1314.453259][T25595] RSP: 002b:00007f84f2e1a0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1314.453284][T25595] RAX: ffffffffffffffda RBX: 00007f84f21e5fa8 RCX: 00007f84f1f8f7c9 [ 1314.453300][T25595] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f84f21e5fac [ 1314.453316][T25595] RBP: 00007f84f21e5fa0 R08: 00007f84f2e1b000 R09: 0000000000000000 [ 1314.453331][T25595] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1314.453347][T25595] R13: 00007f84f21e6038 R14: 00007ffe388cb9a0 R15: 00007ffe388cba88 [ 1314.453378][T25595] [ 1314.720235][T25597] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1314.720461][T25597] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1314.720645][T25597] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1314.727708][T25597] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1315.710899][T25607] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1315.711098][T25607] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1315.711280][T25607] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1315.711488][T25607] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1317.273160][T25615] FAULT_INJECTION: forcing a failure. [ 1317.273160][T25615] name failslab, interval 1, probability 393216, space 0, times 0 [ 1317.370203][T25617] tc_dump_action: action bad kind [ 1317.406186][T25615] CPU: 0 UID: 0 PID: 25615 Comm: syz.4.4430 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1317.406230][T25615] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1317.406239][T25615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1317.406254][T25615] Call Trace: [ 1317.406262][T25615] [ 1317.406273][T25615] dump_stack_lvl+0x16c/0x1f0 [ 1317.406317][T25615] should_fail_ex+0x512/0x640 [ 1317.406345][T25615] ? __kvmalloc_node_noprof+0x129/0xa40 [ 1317.406383][T25615] should_failslab+0xc2/0x120 [ 1317.406422][T25615] __kvmalloc_node_noprof+0x14a/0xa40 [ 1317.406454][T25615] ? __pfx___mutex_lock+0x10/0x10 [ 1317.406494][T25615] ? traverse.part.0.constprop.0+0x397/0x650 [ 1317.406536][T25615] ? traverse.part.0.constprop.0+0x397/0x650 [ 1317.406568][T25615] traverse.part.0.constprop.0+0x397/0x650 [ 1317.406603][T25615] ? find_held_lock+0x2b/0x80 [ 1317.406648][T25615] seq_read_iter+0x93c/0x12d0 [ 1317.406680][T25615] ? aa_file_perm+0x2ad/0x1560 [ 1317.406726][T25615] seq_read+0x3a3/0x570 [ 1317.406758][T25615] ? __pfx_seq_read+0x10/0x10 [ 1317.406796][T25615] ? get_pid_task+0xfc/0x250 [ 1317.406828][T25615] ? __pfx_seq_read+0x10/0x10 [ 1317.406859][T25615] proc_reg_read+0x240/0x330 [ 1317.406890][T25615] ? __pfx_proc_reg_read+0x10/0x10 [ 1317.406921][T25615] vfs_read+0x1e4/0xcf0 [ 1317.406961][T25615] ? __pfx_vfs_read+0x10/0x10 [ 1317.406992][T25615] ? find_held_lock+0x2b/0x80 [ 1317.407023][T25615] ? __fget_files+0x204/0x3c0 [ 1317.407062][T25615] ? __fget_files+0x20e/0x3c0 [ 1317.407094][T25615] ? __fget_files+0x170/0x3c0 [ 1317.407135][T25615] __x64_sys_pread64+0x1eb/0x250 [ 1317.407173][T25615] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1317.407220][T25615] do_syscall_64+0xcd/0xf80 [ 1317.407259][T25615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1317.407286][T25615] RIP: 0033:0x7fef9af8f7c9 [ 1317.407305][T25615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1317.407330][T25615] RSP: 002b:00007fef9be3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1317.407352][T25615] RAX: ffffffffffffffda RBX: 00007fef9b1e5fa0 RCX: 00007fef9af8f7c9 [ 1317.407369][T25615] RDX: 0000000000000202 RSI: 0000000000000000 RDI: 0000000000000003 [ 1317.407383][T25615] RBP: 00007fef9be3d090 R08: 0000000000000000 R09: 0000000000000000 [ 1317.407398][T25615] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 1317.407413][T25615] R13: 00007fef9b1e6038 R14: 00007fef9b1e5fa0 R15: 00007ffe816526e8 [ 1317.407443][T25615] [ 1318.084203][T20797] Bluetooth: hci2: command 0x0c1a tx timeout [ 1318.090645][T20797] Bluetooth: hci0: command 0x0c1a tx timeout [ 1318.096711][T20797] Bluetooth: hci3: command 0x0c1a tx timeout [ 1318.103840][ T5150] Bluetooth: hci1: command 0x0c1a tx timeout [ 1318.400016][T25621] delete_channel: no stack [ 1318.756650][T25629] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1318.756781][T25629] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1318.756781][T25629] [ 1318.896742][T25624] zswap: compressor not available [ 1319.542335][ T7605] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1319.593757][ T7605] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1319.593757][ T7605] [ 1320.833559][ T30] audit: type=1800 audit(4294967891.249:238): pid=25648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4437" name="dbroot" dev="configfs" ino=114365 res=0 errno=0 [ 1324.528389][T25696] FAULT_INJECTION: forcing a failure. [ 1324.528389][T25696] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1324.670358][T25696] CPU: 0 UID: 0 PID: 25696 Comm: syz.0.4448 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1324.670402][T25696] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1324.670412][T25696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1324.670427][T25696] Call Trace: [ 1324.670435][T25696] [ 1324.670445][T25696] dump_stack_lvl+0x16c/0x1f0 [ 1324.670489][T25696] should_fail_ex+0x512/0x640 [ 1324.670521][T25696] _copy_to_user+0x32/0xd0 [ 1324.670549][T25696] simple_read_from_buffer+0xcb/0x170 [ 1324.670586][T25696] proc_fail_nth_read+0x197/0x240 [ 1324.670627][T25696] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1324.670668][T25696] ? rw_verify_area+0xcf/0x6c0 [ 1324.670699][T25696] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1324.670737][T25696] vfs_read+0x1e4/0xcf0 [ 1324.670771][T25696] ? __pfx___mutex_lock+0x10/0x10 [ 1324.670811][T25696] ? __pfx_vfs_read+0x10/0x10 [ 1324.670856][T25696] ? __fget_files+0x20e/0x3c0 [ 1324.670899][T25696] ksys_read+0x12a/0x250 [ 1324.670933][T25696] ? __pfx_ksys_read+0x10/0x10 [ 1324.670976][T25696] do_syscall_64+0xcd/0xf80 [ 1324.671021][T25696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1324.671047][T25696] RIP: 0033:0x7f856778e1dc [ 1324.671067][T25696] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1324.671090][T25696] RSP: 002b:00007f85685ac030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1324.671113][T25696] RAX: ffffffffffffffda RBX: 00007f85679e6090 RCX: 00007f856778e1dc [ 1324.671129][T25696] RDX: 000000000000000f RSI: 00007f85685ac0a0 RDI: 0000000000000004 [ 1324.671143][T25696] RBP: 00007f85685ac090 R08: 0000000000000000 R09: 0000000000000000 [ 1324.671158][T25696] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 1324.671173][T25696] R13: 00007f85679e6128 R14: 00007f85679e6090 R15: 00007ffc7cc08498 [ 1324.671203][T25696] [ 1326.414764][T25710] zswap: compressor not available [ 1327.799438][T25724] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1327.852918][T25724] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1327.910990][T25724] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1327.981206][T25724] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1328.372219][T25736] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1328.412399][T25736] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1328.473639][T25736] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1328.524657][T25736] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1330.111223][T25756] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4463'. [ 1330.381025][T16575] Bluetooth: hci3: command 0x0c1a tx timeout [ 1330.459943][T16575] Bluetooth: hci0: command 0x0c1a tx timeout [ 1330.539990][T25619] Bluetooth: hci1: command 0x0c1a tx timeout [ 1330.546127][T16575] Bluetooth: hci2: command 0x0c1a tx timeout [ 1333.203447][T25785] sp0: Synchronizing with TNC [ 1335.707717][T25813] tc_dump_action: action bad kind [ 1336.489737][T25819] zswap: compressor not available [ 1340.491900][T25878] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1340.628315][T25878] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1340.700321][T25878] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1340.820376][T25878] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1341.522510][T25892] lo: entered allmulticast mode [ 1341.586731][T25895] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1341.620438][T25896] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1341.644799][T25895] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1341.644799][T25895] [ 1341.660557][T25896] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1341.681647][T25896] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1341.715551][T25896] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1341.745940][T25891] lo: left allmulticast mode [ 1342.016139][T25903] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4497'. [ 1342.435578][T25913] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1342.537598][T25913] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1342.537598][T25913] [ 1343.660025][T25619] Bluetooth: hci3: command 0x0c1a tx timeout [ 1343.667422][T16575] Bluetooth: hci0: command 0x0c1a tx timeout [ 1343.747488][T25619] Bluetooth: hci1: command 0x0c1a tx timeout [ 1343.753972][T16575] Bluetooth: hci2: command 0x0c1a tx timeout [ 1344.241968][T25943] futex_wake_op: syz.1.4507 tries to shift op by -2048; fix this program [ 1344.303585][T25943] futex_wake_op: syz.1.4507 tries to shift op by -2048; fix this program [ 1344.345711][T25943] ubi1: attaching mtd0 [ 1344.383091][T25943] ubi1: scanning is finished [ 1344.428885][T25943] ubi1 error: ubi_read_volume_table: the layout volume was not found [ 1344.441032][T25941] lo: entered allmulticast mode [ 1344.813863][T25937] lo: left allmulticast mode [ 1344.823658][T25943] ubi1 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1345.493149][T25960] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4511'. [ 1345.595890][T25960] bond0: entered promiscuous mode [ 1345.619148][T25960] bond_slave_0: entered promiscuous mode [ 1345.658423][T25960] bond_slave_1: entered promiscuous mode [ 1345.720118][T25960] bond0: entered allmulticast mode [ 1345.725328][T25960] bond_slave_0: entered allmulticast mode [ 1345.801107][T25960] bond_slave_1: entered allmulticast mode [ 1346.300623][T25971] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1346.348222][T25971] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1346.401355][T25971] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1346.446005][T25971] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1347.632750][T25995] futex_wake_op: syz.2.4517 tries to shift op by -2048; fix this program [ 1347.706301][T25999] ubi0: attaching mtd0 [ 1347.749923][T25995] futex_wake_op: syz.2.4517 tries to shift op by -2048; fix this program [ 1347.784139][T25999] ubi0: scanning is finished [ 1347.788908][T25999] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1348.332725][T25999] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1348.384714][T25619] Bluetooth: hci3: command 0x0c1a tx timeout [ 1348.391033][T16575] Bluetooth: hci0: command 0x0c1a tx timeout [ 1348.459980][T16575] Bluetooth: hci1: command 0x0c1a tx timeout [ 1348.466096][T25619] Bluetooth: hci2: command 0x0c1a tx timeout [ 1348.901539][T26016] usb usb36: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1348.945656][T26016] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 1349.109009][T26022] FAULT_INJECTION: forcing a failure. [ 1349.109009][T26022] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1349.194953][T26022] CPU: 0 UID: 0 PID: 26022 Comm: syz.1.4524 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1349.195001][T26022] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1349.195010][T26022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1349.195025][T26022] Call Trace: [ 1349.195034][T26022] [ 1349.195043][T26022] dump_stack_lvl+0x16c/0x1f0 [ 1349.195086][T26022] should_fail_ex+0x512/0x640 [ 1349.195119][T26022] _copy_to_user+0x32/0xd0 [ 1349.195149][T26022] simple_read_from_buffer+0xcb/0x170 [ 1349.195186][T26022] proc_fail_nth_read+0x197/0x240 [ 1349.195230][T26022] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1349.195272][T26022] ? rw_verify_area+0xcf/0x6c0 [ 1349.195303][T26022] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1349.195342][T26022] vfs_read+0x1e4/0xcf0 [ 1349.195378][T26022] ? __pfx___mutex_lock+0x10/0x10 [ 1349.195420][T26022] ? __pfx_vfs_read+0x10/0x10 [ 1349.195461][T26022] ? __fget_files+0x20e/0x3c0 [ 1349.195505][T26022] ksys_read+0x12a/0x250 [ 1349.195539][T26022] ? __pfx_ksys_read+0x10/0x10 [ 1349.195581][T26022] do_syscall_64+0xcd/0xf80 [ 1349.195620][T26022] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.195646][T26022] RIP: 0033:0x7faa40b8e1dc [ 1349.195664][T26022] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1349.195688][T26022] RSP: 002b:00007faa419f9030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1349.195710][T26022] RAX: ffffffffffffffda RBX: 00007faa40de6090 RCX: 00007faa40b8e1dc [ 1349.195728][T26022] RDX: 000000000000000f RSI: 00007faa419f90a0 RDI: 0000000000000007 [ 1349.195743][T26022] RBP: 00007faa419f9090 R08: 0000000000000000 R09: 0000000000000000 [ 1349.195758][T26022] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1349.195773][T26022] R13: 00007faa40de6128 R14: 00007faa40de6090 R15: 00007ffc29bf0618 [ 1349.195805][T26022] [ 1350.472240][T21409] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1350.535461][T21409] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1350.535461][T21409] [ 1354.794718][T26094] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1354.825486][T26094] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1354.855169][T26094] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1354.900642][T26094] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1355.882371][T26124] FAULT_INJECTION: forcing a failure. [ 1355.882371][T26124] name failslab, interval 1, probability 393216, space 0, times 0 [ 1355.953312][T26124] CPU: 0 UID: 0 PID: 26124 Comm: syz.0.4547 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1355.953355][T26124] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1355.953365][T26124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1355.953380][T26124] Call Trace: [ 1355.953388][T26124] [ 1355.953398][T26124] dump_stack_lvl+0x16c/0x1f0 [ 1355.953442][T26124] should_fail_ex+0x512/0x640 [ 1355.953470][T26124] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1355.953504][T26124] should_failslab+0xc2/0x120 [ 1355.953542][T26124] kmem_cache_alloc_noprof+0x83/0x770 [ 1355.953571][T26124] ? getname_flags.part.0+0x4c/0x550 [ 1355.953604][T26124] ? getname_flags.part.0+0x4c/0x550 [ 1355.953629][T26124] getname_flags.part.0+0x4c/0x550 [ 1355.953659][T26124] getname_flags+0x93/0xf0 [ 1355.953691][T26124] do_sys_openat2+0xb9/0x290 [ 1355.953720][T26124] ? __pfx_do_sys_openat2+0x10/0x10 [ 1355.953757][T26124] ? __fget_files+0x20e/0x3c0 [ 1355.953799][T26124] __x64_sys_openat+0x174/0x210 [ 1355.953830][T26124] ? __pfx___x64_sys_openat+0x10/0x10 [ 1355.953859][T26124] ? ksys_write+0x1ac/0x250 [ 1355.953904][T26124] do_syscall_64+0xcd/0xf80 [ 1355.953946][T26124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1355.953973][T26124] RIP: 0033:0x7f856778f7c9 [ 1355.953993][T26124] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1355.954017][T26124] RSP: 002b:00007f85685cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1355.954040][T26124] RAX: ffffffffffffffda RBX: 00007f85679e5fa0 RCX: 00007f856778f7c9 [ 1355.954057][T26124] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1355.954072][T26124] RBP: 00007f85685cd090 R08: 0000000000000000 R09: 0000000000000000 [ 1355.954088][T26124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1355.954102][T26124] R13: 00007f85679e6038 R14: 00007f85679e5fa0 R15: 00007ffc7cc08498 [ 1355.954132][T26124] [ 1356.419050][T26128] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1356.426283][T26128] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1356.435163][T26128] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1356.442113][T26128] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1358.147582][T26174] FAULT_INJECTION: forcing a failure. [ 1358.147582][T26174] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1358.217720][T26174] CPU: 0 UID: 0 PID: 26174 Comm: syz.4.4558 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1358.217762][T26174] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1358.217785][T26174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1358.217800][T26174] Call Trace: [ 1358.217811][T26174] [ 1358.217822][T26174] dump_stack_lvl+0x16c/0x1f0 [ 1358.217864][T26174] should_fail_ex+0x512/0x640 [ 1358.217905][T26174] _copy_from_user+0x2e/0xd0 [ 1358.217933][T26174] kstrtoint_from_user+0xd6/0x1d0 [ 1358.217968][T26174] ? __pfx_kstrtoint_from_user+0x10/0x10 [ 1358.218006][T26174] ? __pfx_aa_file_perm+0x10/0x10 [ 1358.218041][T26174] ? __lock_acquire+0x436/0x2890 [ 1358.218072][T26174] ? __lock_acquire+0x436/0x2890 [ 1358.218098][T26174] nsim_dev_hwstats_do_write+0xb6/0xbb0 [ 1358.218147][T26174] ? __debugfs_file_get+0x1fe/0x840 [ 1358.218181][T26174] ? __pfx_nsim_dev_hwstats_do_write+0x10/0x10 [ 1358.218227][T26174] short_proxy_write+0x135/0x1a0 [ 1358.218263][T26174] ? __pfx_short_proxy_write+0x10/0x10 [ 1358.218296][T26174] vfs_write+0x2a0/0x11d0 [ 1358.218333][T26174] ? __pfx___mutex_lock+0x10/0x10 [ 1358.218375][T26174] ? __pfx_vfs_write+0x10/0x10 [ 1358.218416][T26174] ? __fget_files+0x20e/0x3c0 [ 1358.218460][T26174] ksys_write+0x12a/0x250 [ 1358.218494][T26174] ? __pfx_ksys_write+0x10/0x10 [ 1358.218544][T26174] do_syscall_64+0xcd/0xf80 [ 1358.218584][T26174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.218609][T26174] RIP: 0033:0x7fef9af8f7c9 [ 1358.218629][T26174] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1358.218653][T26174] RSP: 002b:00007fef9be3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1358.218676][T26174] RAX: ffffffffffffffda RBX: 00007fef9b1e5fa0 RCX: 00007fef9af8f7c9 [ 1358.218693][T26174] RDX: 0000000000000005 RSI: 0000000000000000 RDI: 0000000000000004 [ 1358.218708][T26174] RBP: 00007fef9be3d090 R08: 0000000000000000 R09: 0000000000000000 [ 1358.218723][T26174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1358.218741][T26174] R13: 00007fef9b1e6038 R14: 00007fef9b1e5fa0 R15: 00007ffe816526e8 [ 1358.218773][T26174] [ 1358.748013][T25619] Bluetooth: hci2: command 0x0c1a tx timeout [ 1358.754387][T25619] Bluetooth: hci3: command 0x0c1a tx timeout [ 1358.763494][ T5150] Bluetooth: hci0: command 0x0c1a tx timeout [ 1358.770069][T16575] Bluetooth: hci1: command 0x0c1a tx timeout [ 1359.029214][T26182] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1359.051442][T26182] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1359.064233][T26182] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1359.095729][T26182] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1360.595964][T26212] futex_wake_op: syz.4.4564 tries to shift op by -2048; fix this program [ 1360.679140][T26215] ubi0: attaching mtd0 [ 1360.720664][T26212] futex_wake_op: syz.4.4564 tries to shift op by -2048; fix this program [ 1360.781677][T26215] ubi0: scanning is finished [ 1360.831058][T26215] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1360.860297][T26218] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1360.883283][T26218] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1360.930557][T26218] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1360.964171][T26218] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1361.199337][T26215] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1361.356570][T26232] FAULT_INJECTION: forcing a failure. [ 1361.356570][T26232] name failslab, interval 1, probability 393216, space 0, times 0 [ 1361.457564][T26232] CPU: 0 UID: 0 PID: 26232 Comm: syz.0.4569 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1361.457605][T26232] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1361.457614][T26232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1361.457629][T26232] Call Trace: [ 1361.457637][T26232] [ 1361.457647][T26232] dump_stack_lvl+0x16c/0x1f0 [ 1361.457697][T26232] should_fail_ex+0x512/0x640 [ 1361.457725][T26232] ? __kmalloc_noprof+0xca/0x910 [ 1361.457754][T26232] should_failslab+0xc2/0x120 [ 1361.457791][T26232] __kmalloc_noprof+0xeb/0x910 [ 1361.457817][T26232] ? iter_file_splice_write+0x1cc/0x12b0 [ 1361.457858][T26232] ? iter_file_splice_write+0x1cc/0x12b0 [ 1361.457893][T26232] iter_file_splice_write+0x1cc/0x12b0 [ 1361.457934][T26232] ? kfree+0x2f8/0x6e0 [ 1361.457962][T26232] ? copy_splice_read+0x897/0xc20 [ 1361.458005][T26232] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1361.458043][T26232] ? __lock_acquire+0x436/0x2890 [ 1361.458069][T26232] ? __pfx_copy_splice_read+0x10/0x10 [ 1361.458118][T26232] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1361.458157][T26232] direct_splice_actor+0x192/0x6c0 [ 1361.458196][T26232] splice_direct_to_actor+0x345/0xa30 [ 1361.458234][T26232] ? __pfx_direct_splice_actor+0x10/0x10 [ 1361.458275][T26232] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1361.458309][T26232] ? get_pid_task+0xfc/0x250 [ 1361.458344][T26232] do_splice_direct+0x174/0x240 [ 1361.458383][T26232] ? __pfx_do_splice_direct+0x10/0x10 [ 1361.458419][T26232] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1361.458458][T26232] ? rw_verify_area+0xcf/0x6c0 [ 1361.458492][T26232] do_sendfile+0xb06/0xe50 [ 1361.458530][T26232] ? __pfx_do_sendfile+0x10/0x10 [ 1361.458564][T26232] ? __fget_files+0x20e/0x3c0 [ 1361.458606][T26232] __x64_sys_sendfile64+0x1d8/0x220 [ 1361.458630][T26232] ? ksys_write+0x1ac/0x250 [ 1361.458670][T26232] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1361.458702][T26232] do_syscall_64+0xcd/0xf80 [ 1361.458740][T26232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1361.458764][T26232] RIP: 0033:0x7f856778f7c9 [ 1361.458783][T26232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1361.458806][T26232] RSP: 002b:00007f85685cd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1361.458831][T26232] RAX: ffffffffffffffda RBX: 00007f85679e5fa0 RCX: 00007f856778f7c9 [ 1361.458849][T26232] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 1361.458865][T26232] RBP: 00007f85685cd090 R08: 0000000000000000 R09: 0000000000000000 [ 1361.458880][T26232] R10: 000000007ffff000 R11: 0000000000000246 R12: 0000000000000001 [ 1361.458895][T26232] R13: 00007f85679e6038 R14: 00007f85679e5fa0 R15: 00007ffc7cc08498 [ 1361.458925][T26232] [ 1361.459352][T26232] Setting dangerous option i915.mitigations - tainting kernel [ 1361.882973][T26238] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1362.940088][T16575] Bluetooth: hci3: command 0x0c1a tx timeout [ 1362.946300][T26180] Bluetooth: hci0: command 0x0c1a tx timeout [ 1362.956539][T20797] Bluetooth: hci1: command 0x0c1a tx timeout [ 1363.021167][T20797] Bluetooth: hci2: command 0x0c1a tx timeout [ 1363.954531][ T30] audit: type=1800 audit(4294967934.369:239): pid=26278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4576" name="discovery_nqn" dev="configfs" ino=116782 res=0 errno=0 [ 1365.052292][T26305] futex_wake_op: syz.4.4579 tries to shift op by -2048; fix this program [ 1365.134778][T26305] futex_wake_op: syz.4.4579 tries to shift op by -2048; fix this program [ 1365.162948][T26299] zswap: compressor not available [ 1365.203121][T26310] ubi1: attaching mtd0 [ 1365.244848][T26310] ubi1: scanning is finished [ 1365.307776][T26310] ubi1 error: ubi_read_volume_table: the layout volume was not found [ 1365.732764][T26310] ubi1 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1366.972973][T26339] scsi_dev_info_list_add_str: bad dev info string 'ñ' '' '' [ 1367.255457][T26333] FAULT_INJECTION: forcing a failure. [ 1367.255457][T26333] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1367.391298][T26333] CPU: 0 UID: 0 PID: 26333 Comm: syz.4.4586 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1367.391343][T26333] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1367.391353][T26333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1367.391369][T26333] Call Trace: [ 1367.391378][T26333] [ 1367.391387][T26333] dump_stack_lvl+0x16c/0x1f0 [ 1367.391430][T26333] should_fail_ex+0x512/0x640 [ 1367.391457][T26333] ? finish_task_switch.isra.0+0x207/0xbd0 [ 1367.391502][T26333] get_futex_key+0x1d0/0x15f0 [ 1367.391533][T26333] ? __pfx_get_futex_key+0x10/0x10 [ 1367.391569][T26333] futex_wake+0xea/0x530 [ 1367.391604][T26333] ? __pfx_futex_wake+0x10/0x10 [ 1367.391649][T26333] do_futex+0x1e3/0x350 [ 1367.391675][T26333] ? __pfx_do_futex+0x10/0x10 [ 1367.391700][T26333] ? __might_fault+0xe3/0x190 [ 1367.391737][T26333] mm_release+0x24e/0x300 [ 1367.391771][T26333] do_exit+0x69e/0x2bd0 [ 1367.391799][T26333] ? __pfx_do_exit+0x10/0x10 [ 1367.391821][T26333] ? do_raw_spin_lock+0x12c/0x2b0 [ 1367.391848][T26333] ? find_held_lock+0x2b/0x80 [ 1367.391884][T26333] do_group_exit+0xd3/0x2a0 [ 1367.391909][T26333] get_signal+0x2671/0x26d0 [ 1367.391942][T26333] ? full_proxy_read+0x141/0x1a0 [ 1367.391975][T26333] ? __pfx_full_proxy_read+0x10/0x10 [ 1367.392008][T26333] ? vfs_read+0x23b/0xcf0 [ 1367.392048][T26333] ? __pfx_get_signal+0x10/0x10 [ 1367.392093][T26333] ? __pfx_vfs_read+0x10/0x10 [ 1367.392124][T26333] ? find_held_lock+0x2b/0x80 [ 1367.392158][T26333] arch_do_signal_or_restart+0x8f/0x7a0 [ 1367.392248][T26333] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1367.392285][T26333] ? __fget_files+0x20e/0x3c0 [ 1367.392325][T26333] ? fput+0x70/0xf0 [ 1367.392349][T26333] ? __x64_sys_pread64+0x196/0x250 [ 1367.392389][T26333] exit_to_user_mode_loop+0x8c/0x540 [ 1367.392422][T26333] do_syscall_64+0x4ee/0xf80 [ 1367.392460][T26333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1367.392484][T26333] RIP: 0033:0x7fef9af8f7c9 [ 1367.392504][T26333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1367.392529][T26333] RSP: 002b:00007fef9be3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1367.392552][T26333] RAX: fffffffffffffffc RBX: 00007fef9b1e5fa0 RCX: 00007fef9af8f7c9 [ 1367.392573][T26333] RDX: 0000000000000101 RSI: 0000000000000000 RDI: 0000000000000004 [ 1367.392588][T26333] RBP: 00007fef9be3d090 R08: 0000000000000000 R09: 0000000000000000 [ 1367.392603][T26333] R10: 0000000000000103 R11: 0000000000000246 R12: 0000000000000001 [ 1367.392618][T26333] R13: 00007fef9b1e6038 R14: 00007fef9b1e5fa0 R15: 00007ffe816526e8 [ 1367.392650][T26333] [ 1368.946298][T26361] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1369.012641][T26361] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1369.140262][T26361] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1369.191538][T26361] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1369.791729][T26378] FAULT_INJECTION: forcing a failure. [ 1369.791729][T26378] name failslab, interval 1, probability 393216, space 0, times 0 [ 1369.954191][T26378] CPU: 0 UID: 0 PID: 26378 Comm: syz.4.4596 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1369.954238][T26378] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1369.954248][T26378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1369.954264][T26378] Call Trace: [ 1369.954273][T26378] [ 1369.954284][T26378] dump_stack_lvl+0x16c/0x1f0 [ 1369.954328][T26378] should_fail_ex+0x512/0x640 [ 1369.954366][T26378] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1369.954400][T26378] should_failslab+0xc2/0x120 [ 1369.954441][T26378] __kmalloc_cache_noprof+0x80/0x800 [ 1369.954471][T26378] ? snd_seq_timer_new+0x44/0x1b0 [ 1369.954509][T26378] ? snd_seq_timer_new+0x44/0x1b0 [ 1369.954540][T26378] snd_seq_timer_new+0x44/0x1b0 [ 1369.954572][T26378] snd_seq_queue_alloc+0x177/0x5a0 [ 1369.954605][T26378] snd_seq_ioctl_create_queue+0xa9/0x390 [ 1369.954644][T26378] call_seq_client_ctl+0xa3/0x130 [ 1369.954683][T26378] snd_seq_kernel_client_ctl+0x7a/0xc0 [ 1369.954722][T26378] alloc_seq_queue+0xda/0x180 [ 1369.954762][T26378] ? __pfx_alloc_seq_queue+0x10/0x10 [ 1369.954815][T26378] ? mark_held_locks+0x49/0x80 [ 1369.954839][T26378] ? _raw_spin_unlock_irq+0x23/0x50 [ 1369.954874][T26378] ? lockdep_hardirqs_on+0x7c/0x110 [ 1369.954915][T26378] snd_seq_oss_open+0x38c/0xa40 [ 1369.954967][T26378] odev_open+0x79/0xc0 [ 1369.955003][T26378] ? __pfx_odev_open+0x10/0x10 [ 1369.955039][T26378] soundcore_open+0x40c/0x580 [ 1369.955082][T26378] ? __pfx_soundcore_open+0x10/0x10 [ 1369.955120][T26378] chrdev_open+0x234/0x6a0 [ 1369.955161][T26378] ? __pfx_apparmor_file_open+0x10/0x10 [ 1369.955187][T26378] ? __pfx_chrdev_open+0x10/0x10 [ 1369.955233][T26378] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1369.955282][T26378] do_dentry_open+0x748/0x1590 [ 1369.955320][T26378] ? __pfx_chrdev_open+0x10/0x10 [ 1369.955375][T26378] vfs_open+0x82/0x3f0 [ 1369.955405][T26378] path_openat+0x2078/0x3140 [ 1369.955455][T26378] ? __pfx_path_openat+0x10/0x10 [ 1369.955507][T26378] do_filp_open+0x20b/0x470 [ 1369.955547][T26378] ? __pfx_do_filp_open+0x10/0x10 [ 1369.955606][T26378] ? alloc_fd+0x471/0x7d0 [ 1369.955652][T26378] do_sys_openat2+0x121/0x290 [ 1369.955680][T26378] ? __pfx_do_sys_openat2+0x10/0x10 [ 1369.955706][T26378] ? arch_do_signal_or_restart+0x211/0x7a0 [ 1369.955745][T26378] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1369.955795][T26378] __x64_sys_openat+0x174/0x210 [ 1369.955824][T26378] ? __pfx___x64_sys_openat+0x10/0x10 [ 1369.955866][T26378] do_syscall_64+0xcd/0xf80 [ 1369.955908][T26378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1369.955935][T26378] RIP: 0033:0x7fef9af8f7c9 [ 1369.955957][T26378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1369.955983][T26378] RSP: 002b:00007fef9be3d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1369.956008][T26378] RAX: ffffffffffffffda RBX: 00007fef9b1e5fa0 RCX: 00007fef9af8f7c9 [ 1369.956025][T26378] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1369.956042][T26378] RBP: 00007fef9b013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1369.956059][T26378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1369.956075][T26378] R13: 00007fef9b1e6038 R14: 00007fef9b1e5fa0 R15: 00007ffe816526e8 [ 1369.956107][T26378] [ 1371.069879][T26180] Bluetooth: hci3: command 0x0c1a tx timeout [ 1371.076129][T20797] Bluetooth: hci0: command 0x0c1a tx timeout [ 1371.199912][T26180] Bluetooth: hci1: command 0x0c1a tx timeout [ 1371.299976][T26180] Bluetooth: hci2: command 0x0c1a tx timeout [ 1371.471057][T26404] nfsd: Unknown parameter '^BÔ-' [ 1373.762408][T26439] nvme_fabrics: missing parameter 'transport=%s' [ 1373.810027][T26439] nvme_fabrics: missing parameter 'nqn=%s' [ 1374.431892][T26455] scsi_dev_info_list_add_str: bad dev info string 'ñ' '' '' [ 1376.280404][T26472] FAULT_INJECTION: forcing a failure. [ 1376.280404][T26472] name failslab, interval 1, probability 393216, space 0, times 0 [ 1376.433027][T26472] CPU: 0 UID: 0 PID: 26472 Comm: syz.1.4615 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1376.433071][T26472] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1376.433081][T26472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1376.433097][T26472] Call Trace: [ 1376.433105][T26472] [ 1376.433115][T26472] dump_stack_lvl+0x16c/0x1f0 [ 1376.433160][T26472] should_fail_ex+0x512/0x640 [ 1376.433189][T26472] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 1376.433230][T26472] should_failslab+0xc2/0x120 [ 1376.433268][T26472] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 1376.433304][T26472] ? debugfs_create_symlink+0x29/0x260 [ 1376.433334][T26472] ? kstrdup+0x53/0x100 [ 1376.433364][T26472] kstrdup+0x53/0x100 [ 1376.433393][T26472] debugfs_create_symlink+0x29/0x260 [ 1376.433419][T26472] ref_tracker_dir_symlink+0x255/0x3c0 [ 1376.433452][T26472] ? __pfx_ref_tracker_dir_symlink+0x10/0x10 [ 1376.433484][T26472] ? __lock_acquire+0x436/0x2890 [ 1376.433530][T26472] ? lockdep_hardirqs_on+0x7c/0x110 [ 1376.433567][T26472] ? crng_make_state+0x48e/0x6c0 [ 1376.433601][T26472] ? __pfx_net_ns_net_init+0x10/0x10 [ 1376.433636][T26472] net_ns_net_init+0xd2/0x120 [ 1376.433670][T26472] ops_init+0x1e2/0x5f0 [ 1376.433712][T26472] setup_net+0x11d/0x3a0 [ 1376.433746][T26472] ? __pfx_setup_net+0x10/0x10 [ 1376.433776][T26472] ? lockdep_init_map_type+0x5c/0x270 [ 1376.433800][T26472] ? mutex_init_lockep+0x110/0x150 [ 1376.433829][T26472] copy_net_ns+0x351/0x7c0 [ 1376.433866][T26472] create_new_namespaces+0x3ea/0xab0 [ 1376.433906][T26472] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1376.433942][T26472] ksys_unshare+0x45b/0xa40 [ 1376.433981][T26472] ? __pfx_ksys_unshare+0x10/0x10 [ 1376.434023][T26472] ? xfd_validate_state+0x61/0x180 [ 1376.434054][T26472] __x64_sys_unshare+0x31/0x40 [ 1376.434092][T26472] do_syscall_64+0xcd/0xf80 [ 1376.434131][T26472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1376.434157][T26472] RIP: 0033:0x7faa40b8f7c9 [ 1376.434176][T26472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1376.434200][T26472] RSP: 002b:00007faa419f9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1376.434223][T26472] RAX: ffffffffffffffda RBX: 00007faa40de6090 RCX: 00007faa40b8f7c9 [ 1376.434240][T26472] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1376.434254][T26472] RBP: 00007faa40c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1376.434270][T26472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1376.434284][T26472] R13: 00007faa40de6128 R14: 00007faa40de6090 R15: 00007ffc29bf0618 [ 1376.434315][T26472] [ 1377.103439][T26477] vivid-002: kernel_thread() failed [ 1377.940414][T26489] usb usb36: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1377.968564][T26489] vhci_hcd vhci_hcd.1: default hub control req: 0000 v0000 i0000 l0 [ 1381.031253][T22652] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1381.055932][T26511] futex_wake_op: syz.4.4624 tries to shift op by -2048; fix this program [ 1381.105218][T22652] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1381.105218][T22652] [ 1381.191860][T26511] futex_wake_op: syz.4.4624 tries to shift op by -2048; fix this program [ 1382.100477][T26526] FAULT_INJECTION: forcing a failure. [ 1382.100477][T26526] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1382.170031][T26526] CPU: 0 UID: 0 PID: 26526 Comm: syz.1.4629 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1382.170076][T26526] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1382.170086][T26526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1382.170101][T26526] Call Trace: [ 1382.170110][T26526] [ 1382.170119][T26526] dump_stack_lvl+0x16c/0x1f0 [ 1382.170164][T26526] should_fail_ex+0x512/0x640 [ 1382.170197][T26526] _copy_from_user+0x2e/0xd0 [ 1382.170224][T26526] copy_msghdr_from_user+0x98/0x160 [ 1382.170261][T26526] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1382.170306][T26526] ___sys_sendmsg+0xfe/0x1d0 [ 1382.170340][T26526] ? __pfx____sys_sendmsg+0x10/0x10 [ 1382.170406][T26526] __sys_sendmsg+0x16d/0x220 [ 1382.170438][T26526] ? __pfx___sys_sendmsg+0x10/0x10 [ 1382.170487][T26526] do_syscall_64+0xcd/0xf80 [ 1382.170527][T26526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1382.170554][T26526] RIP: 0033:0x7faa40b8f7c9 [ 1382.170573][T26526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1382.170598][T26526] RSP: 002b:00007faa41a1a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1382.170621][T26526] RAX: ffffffffffffffda RBX: 00007faa40de5fa0 RCX: 00007faa40b8f7c9 [ 1382.170637][T26526] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 1382.170652][T26526] RBP: 00007faa41a1a090 R08: 0000000000000000 R09: 0000000000000000 [ 1382.170666][T26526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1382.170681][T26526] R13: 00007faa40de6038 R14: 00007faa40de5fa0 R15: 00007ffc29bf0618 [ 1382.170713][T26526] [ 1388.486053][T26597] futex_wake_op: syz.0.4645 tries to shift op by -2048; fix this program [ 1388.540619][T26597] futex_wake_op: syz.0.4645 tries to shift op by -2048; fix this program [ 1388.601686][T26597] 0x000000000001-0x000000020000 : "" [ 1388.743496][T26597] ftl_cs: FTL header corrupt! [ 1390.711535][ T30] audit: type=1800 audit(4294967961.129:240): pid=26622 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4651" name="dbroot" dev="configfs" ino=118199 res=0 errno=0 [ 1391.728057][T26633] futex_wake_op: syz.0.4656 tries to shift op by -2048; fix this program [ 1391.774888][T26633] futex_wake_op: syz.0.4656 tries to shift op by -2048; fix this program [ 1392.212819][T26635] loop6: detected capacity change from 0 to 4194304 [ 1393.754747][T26662] FAULT_INJECTION: forcing a failure. [ 1393.754747][T26662] name failslab, interval 1, probability 393216, space 0, times 0 [ 1393.890444][T26662] CPU: 0 UID: 0 PID: 26662 Comm: syz.1.4661 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1393.890488][T26662] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1393.890498][T26662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1393.890513][T26662] Call Trace: [ 1393.890521][T26662] [ 1393.890531][T26662] dump_stack_lvl+0x16c/0x1f0 [ 1393.890575][T26662] should_fail_ex+0x512/0x640 [ 1393.890604][T26662] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1393.890637][T26662] should_failslab+0xc2/0x120 [ 1393.890676][T26662] kmem_cache_alloc_noprof+0x83/0x770 [ 1393.890705][T26662] ? ptlock_alloc+0x1f/0x70 [ 1393.890735][T26662] ? ptlock_alloc+0x1f/0x70 [ 1393.890757][T26662] ptlock_alloc+0x1f/0x70 [ 1393.890781][T26662] pte_alloc_one+0x84/0x3d0 [ 1393.890816][T26662] __do_fault+0x320/0x490 [ 1393.890888][T26662] do_fault+0x302/0x1ad0 [ 1393.890924][T26662] ? __pfx_filemap_map_pages+0x10/0x10 [ 1393.890953][T26662] ? __pmd_alloc+0x6aa/0x9c0 [ 1393.890999][T26662] __handle_mm_fault+0x1919/0x2bb0 [ 1393.891031][T26662] ? __pfx___handle_mm_fault+0x10/0x10 [ 1393.891081][T26662] handle_mm_fault+0x3fe/0xad0 [ 1393.891111][T26662] __get_user_pages+0x54e/0x3590 [ 1393.891157][T26662] ? down_read_killable+0x313/0x4c0 [ 1393.891185][T26662] ? __pfx___get_user_pages+0x10/0x10 [ 1393.891229][T26662] __gup_longterm_locked+0xa92/0x17e0 [ 1393.891267][T26662] ? find_held_lock+0x2b/0x80 [ 1393.891300][T26662] ? process_measurement+0x4a6/0x22d0 [ 1393.891342][T26662] ? __pfx___gup_longterm_locked+0x10/0x10 [ 1393.891388][T26662] ? find_held_lock+0x2b/0x80 [ 1393.891426][T26662] gup_fast_fallback+0xf5f/0x2350 [ 1393.891470][T26662] ? __lock_acquire+0x436/0x2890 [ 1393.891504][T26662] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1393.891542][T26662] ? find_held_lock+0x2b/0x80 [ 1393.891575][T26662] ? is_bpf_text_address+0x8a/0x1a0 [ 1393.891609][T26662] ? bpf_ksym_find+0x124/0x1c0 [ 1393.891639][T26662] get_user_pages_fast+0xa7/0xf0 [ 1393.891676][T26662] ? __pfx_get_user_pages_fast+0x10/0x10 [ 1393.891722][T26662] get_futex_key+0x2c6/0x15f0 [ 1393.891753][T26662] ? __pfx_get_futex_key+0x10/0x10 [ 1393.891782][T26662] ? _kstrtoull+0x145/0x200 [ 1393.891821][T26662] futex_wait_requeue_pi+0x1f6/0x830 [ 1393.891860][T26662] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 1393.891894][T26662] ? __lock_acquire+0x436/0x2890 [ 1393.891946][T26662] ? __pfx_futex_wake_mark+0x10/0x10 [ 1393.891991][T26662] ? find_held_lock+0x2b/0x80 [ 1393.892022][T26662] ? ksys_write+0x190/0x250 [ 1393.892062][T26662] do_futex+0x2ae/0x350 [ 1393.892090][T26662] ? __pfx_do_futex+0x10/0x10 [ 1393.892125][T26662] __x64_sys_futex+0x1e0/0x4c0 [ 1393.892155][T26662] ? fput+0x70/0xf0 [ 1393.892177][T26662] ? __pfx___x64_sys_futex+0x10/0x10 [ 1393.892203][T26662] ? ksys_write+0x1ac/0x250 [ 1393.892236][T26662] ? __pfx_ksys_write+0x10/0x10 [ 1393.892278][T26662] do_syscall_64+0xcd/0xf80 [ 1393.892317][T26662] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1393.892343][T26662] RIP: 0033:0x7faa40b8f7c9 [ 1393.892362][T26662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1393.892387][T26662] RSP: 002b:00007faa419f9038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1393.892410][T26662] RAX: ffffffffffffffda RBX: 00007faa40de6090 RCX: 00007faa40b8f7c9 [ 1393.892427][T26662] RDX: 0000000000000001 RSI: 000000000000000b RDI: 0000200000000080 [ 1393.892442][T26662] RBP: 00007faa419f9090 R08: 0000000000000000 R09: 00000000fffffffa [ 1393.892458][T26662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1393.892473][T26662] R13: 00007faa40de6128 R14: 00007faa40de6090 R15: 00007ffc29bf0618 [ 1393.892505][T26662] [ 1394.840571][T26658] zswap: compressor not available [ 1395.585257][T26674] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4667'. [ 1397.462882][T20797] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1397.477077][T20797] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1397.500169][T20797] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1397.508160][T20797] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1397.516616][T20797] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1398.792932][T26711] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4675'. [ 1399.581411][T20797] Bluetooth: hci4: command tx timeout [ 1399.750369][T26695] chnl_net:caif_netlink_parms(): no params data found [ 1400.317275][T26695] bridge0: port 1(bridge_slave_0) entered blocking state [ 1400.373028][T26695] bridge0: port 1(bridge_slave_0) entered disabled state [ 1400.427771][T26695] bridge_slave_0: entered allmulticast mode [ 1400.466182][T26695] bridge_slave_0: entered promiscuous mode [ 1400.727267][T26695] bridge0: port 2(bridge_slave_1) entered blocking state [ 1400.774447][T26695] bridge0: port 2(bridge_slave_1) entered disabled state [ 1400.818888][T26695] bridge_slave_1: entered allmulticast mode [ 1400.857148][T26695] bridge_slave_1: entered promiscuous mode [ 1400.919026][ T30] audit: type=1800 audit(4294967971.329:241): pid=26723 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4677" name="dbroot" dev="configfs" ino=118691 res=0 errno=0 [ 1401.345392][T26695] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1401.462371][T26695] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1401.659929][T20797] Bluetooth: hci4: command tx timeout [ 1401.732135][T26695] team0: Port device team_slave_0 added [ 1401.784649][T26695] team0: Port device team_slave_1 added [ 1402.061079][T26695] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1402.109996][T26695] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1402.266669][T26695] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1402.543717][T26695] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1402.592649][T26695] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1402.620390][T26739] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4681'. [ 1402.723379][T26695] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1403.123855][T26695] hsr_slave_0: entered promiscuous mode [ 1403.168984][T26695] hsr_slave_1: entered promiscuous mode [ 1403.222060][T26695] debugfs: 'hsr0' already exists in 'hsr' [ 1403.227848][T26695] Cannot create hsr debugfs directory [ 1403.740154][T20797] Bluetooth: hci4: command tx timeout [ 1405.087424][T26695] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1405.819845][T20797] Bluetooth: hci4: command tx timeout [ 1405.850424][T26695] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1406.405756][T26695] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1406.952057][T26695] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1407.472098][T26695] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1407.515934][T26695] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1407.641340][T26695] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1407.714007][T26695] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1408.048215][T26782] zswap: compressor not available [ 1408.165926][T26695] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1408.265931][T26695] 8021q: adding VLAN 0 to HW filter on device team0 [ 1408.323297][ T7624] bridge0: port 1(bridge_slave_0) entered blocking state [ 1408.330542][ T7624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1408.414328][T22652] bridge0: port 2(bridge_slave_1) entered blocking state [ 1408.421624][T22652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1409.410994][T26695] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1409.738055][T26695] veth0_vlan: entered promiscuous mode [ 1409.801918][T26695] veth1_vlan: entered promiscuous mode [ 1409.946749][T26695] veth0_macvtap: entered promiscuous mode [ 1409.993853][T26695] veth1_macvtap: entered promiscuous mode [ 1410.103991][T26695] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1410.171614][T26695] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1410.261130][T19541] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1410.299299][T19541] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1410.430547][T19541] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1410.565576][T26816] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078006600 pfn:0x78000 [ 1410.645317][T19541] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1410.662870][T26816] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1410.763485][T26816] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1410.853561][T26816] raw: ffff888078006600 0000000000000000 00000001ffffffff 0000000000000000 [ 1410.878900][ T7605] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1410.927002][ T7605] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1410.957353][T26816] page dumped because: unmovable page [ 1411.038610][ T7622] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1411.047754][ T7622] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1411.073841][T26816] page_owner tracks the page as allocated [ 1411.121195][T26816] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 16151, tgid 16151 (syz-executor), ts 719147258119, free_ts 718720648641 [ 1411.183242][T26816] post_alloc_hook+0x1af/0x220 [ 1411.188093][T26816] get_page_from_freelist+0xd0b/0x31a0 [ 1411.237306][T26816] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 1411.249953][T26816] alloc_pages_bulk_noprof+0x77a/0x1410 [ 1411.287724][T26816] __kasan_populate_vmalloc+0xfb/0x220 [ 1411.310510][T26816] alloc_vmap_area+0x98d/0x2a50 [ 1411.330283][T26816] __get_vm_area_node+0x1ca/0x330 [ 1411.335660][T26816] __vmalloc_node_range_noprof+0x247/0x16b0 [ 1411.393719][T26816] vmalloc_user_noprof+0x9e/0xe0 [ 1411.398742][T26816] kcov_ioctl+0x4c/0x6e0 [ 1411.429920][T26816] __x64_sys_ioctl+0x18e/0x210 [ 1411.449906][T26816] do_syscall_64+0xcd/0xf80 [ 1411.465101][T26816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1411.507964][T26816] page last free pid 8338 tgid 8338 stack trace: [ 1411.529837][T26816] __free_frozen_pages+0x7df/0x1170 [ 1411.535201][T26816] vfree+0x1fd/0xb50 [ 1411.585211][ T1167] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1411.604091][T26816] delayed_vfree_work+0x56/0x70 [ 1411.619624][T26816] process_one_work+0x9ba/0x1b20 [ 1411.639882][ T1167] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1411.639882][ T1167] [ 1411.650016][T26816] worker_thread+0x6c8/0xf10 [ 1411.686854][T26816] kthread+0x3c5/0x780 [ 1411.697063][T26816] ret_from_fork+0x983/0xb10 [ 1411.727476][T26816] ret_from_fork_asm+0x1a/0x30 [ 1413.757283][T26180] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1413.772444][T26180] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1413.781267][T26180] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1413.789402][T26180] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1413.797938][T26180] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1414.844739][T26863] futex_wake_op: syz.2.4705 tries to shift op by -2048; fix this program [ 1414.910155][T26863] futex_wake_op: syz.2.4705 tries to shift op by -2048; fix this program [ 1415.637782][ T7606] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1415.900723][T26180] Bluetooth: hci0: command tx timeout [ 1416.024787][ T7606] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1416.288484][ T7606] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1416.386146][T26852] chnl_net:caif_netlink_parms(): no params data found [ 1416.767374][ T7606] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1417.238552][T26852] bridge0: port 1(bridge_slave_0) entered blocking state [ 1417.286943][T26852] bridge0: port 1(bridge_slave_0) entered disabled state [ 1417.311317][T26852] bridge_slave_0: entered allmulticast mode [ 1417.372100][T26852] bridge_slave_0: entered promiscuous mode [ 1417.416326][T26852] bridge0: port 2(bridge_slave_1) entered blocking state [ 1417.476513][T26852] bridge0: port 2(bridge_slave_1) entered disabled state [ 1417.518936][T26852] bridge_slave_1: entered allmulticast mode [ 1417.570022][T26852] bridge_slave_1: entered promiscuous mode [ 1417.980002][T26180] Bluetooth: hci0: command tx timeout [ 1418.025496][T26852] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1418.120839][T26852] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1418.301942][ T7606] bridge_slave_1: left allmulticast mode [ 1418.307649][ T7606] bridge_slave_1: left promiscuous mode [ 1418.338451][ T7606] bridge0: port 2(bridge_slave_1) entered disabled state [ 1418.371837][ T7606] bridge_slave_0: left allmulticast mode [ 1418.408923][ T7606] bridge_slave_0: left promiscuous mode [ 1418.440531][ T7606] bridge0: port 1(bridge_slave_0) entered disabled state [ 1419.215733][ T7606] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1419.240665][ T7606] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1419.262673][ T7606] bond0 (unregistering): Released all slaves [ 1419.285959][T26852] team0: Port device team_slave_0 added [ 1419.305487][T26913] tc_dump_action: action bad kind [ 1419.358023][T26852] team0: Port device team_slave_1 added [ 1419.536547][T26852] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1419.590215][T26852] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1419.709440][T26852] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1419.780680][T26925] tc_dump_action: action bad kind [ 1419.840645][T26852] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1419.875794][T26852] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1420.002997][T26852] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1420.063171][T26180] Bluetooth: hci0: command tx timeout [ 1420.462082][ T7606] hsr_slave_0: left promiscuous mode [ 1420.485566][ T7606] hsr_slave_1: left promiscuous mode [ 1420.524254][ T7606] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1420.572144][ T7606] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1420.612508][ T7606] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1420.670051][ T7606] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1420.776036][ T7606] veth1_macvtap: left promiscuous mode [ 1420.821736][ T7606] veth0_macvtap: left promiscuous mode [ 1420.877141][ T7606] veth1_vlan: left promiscuous mode [ 1420.911836][T26942] nvme_fabrics: missing parameter 'transport=%s' [ 1420.918606][T26942] nvme_fabrics: missing parameter 'nqn=%s' [ 1420.926013][ T7606] veth0_vlan: left promiscuous mode [ 1422.141042][T26180] Bluetooth: hci0: command tx timeout [ 1423.343949][ T7606] team0 (unregistering): Port device team_slave_1 removed [ 1423.471449][ T7606] team0 (unregistering): Port device team_slave_0 removed [ 1424.289152][T26852] hsr_slave_0: entered promiscuous mode [ 1424.307162][T26852] hsr_slave_1: entered promiscuous mode [ 1424.380624][T26977] tc_dump_action: action bad kind [ 1425.440781][T26998] FAULT_INJECTION: forcing a failure. [ 1425.440781][T26998] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1425.576492][T26998] CPU: 0 UID: 0 PID: 26998 Comm: syz.2.4728 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1425.576537][T26998] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1425.576547][T26998] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1425.576563][T26998] Call Trace: [ 1425.576573][T26998] [ 1425.576584][T26998] dump_stack_lvl+0x16c/0x1f0 [ 1425.576631][T26998] should_fail_ex+0x512/0x640 [ 1425.576664][T26998] get_futex_key+0x1d0/0x15f0 [ 1425.576695][T26998] ? __pfx_get_futex_key+0x10/0x10 [ 1425.576719][T26998] ? kasan_save_stack+0x42/0x60 [ 1425.576752][T26998] ? kasan_save_stack+0x33/0x60 [ 1425.576782][T26998] ? kasan_record_aux_stack+0xa7/0xc0 [ 1425.576808][T26998] ? __call_rcu_common.constprop.0+0xa5/0xa10 [ 1425.576838][T26998] ? destroy_inode+0x12c/0x1b0 [ 1425.576862][T26998] ? evict+0x599/0xad0 [ 1425.576882][T26998] ? iput.part.0+0x621/0x1190 [ 1425.576905][T26998] ? iput+0x35/0x40 [ 1425.576926][T26998] ? __sock_release+0x20b/0x270 [ 1425.576963][T26998] futex_wait_setup+0x9d/0x570 [ 1425.577005][T26998] __futex_wait+0x193/0x2f0 [ 1425.577039][T26998] ? __pfx___futex_wait+0x10/0x10 [ 1425.577077][T26998] ? __pfx_futex_wake_mark+0x10/0x10 [ 1425.577113][T26998] ? futex_hash+0x2c5/0x380 [ 1425.577140][T26998] ? futex_private_hash_put+0x160/0x1b0 [ 1425.577177][T26998] futex_wait+0xe8/0x380 [ 1425.577211][T26998] ? __pfx_futex_wait+0x10/0x10 [ 1425.577265][T26998] do_futex+0x229/0x350 [ 1425.577294][T26998] ? __pfx_do_futex+0x10/0x10 [ 1425.577320][T26998] ? iput.part.0+0x621/0x1190 [ 1425.577350][T26998] __x64_sys_futex+0x1e0/0x4c0 [ 1425.577378][T26998] ? __sys_socket+0xac/0x260 [ 1425.577401][T26998] ? __pfx___x64_sys_futex+0x10/0x10 [ 1425.577440][T26998] do_syscall_64+0xcd/0xf80 [ 1425.577482][T26998] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1425.577508][T26998] RIP: 0033:0x7fc6a318f7c9 [ 1425.577528][T26998] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1425.577553][T26998] RSP: 002b:00007fc6a40a20e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1425.577576][T26998] RAX: ffffffffffffffda RBX: 00007fc6a33e5fa8 RCX: 00007fc6a318f7c9 [ 1425.577600][T26998] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fc6a33e5fa8 [ 1425.577615][T26998] RBP: 00007fc6a33e5fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1425.577630][T26998] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1425.577645][T26998] R13: 00007fc6a33e6038 R14: 00007fff3414cf90 R15: 00007fff3414d078 [ 1425.577675][T26998] [ 1426.751673][T27020] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1426.771314][ T1167] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1426.899975][ T1167] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1426.899975][ T1167] [ 1428.461197][T26852] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1428.585555][T26852] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1428.711693][T26852] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1428.762631][T26852] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1429.189369][T26852] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1429.251970][T26852] 8021q: adding VLAN 0 to HW filter on device team0 [ 1429.281381][ T7624] bridge0: port 1(bridge_slave_0) entered blocking state [ 1429.281475][ T7624] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1429.302433][ T7624] bridge0: port 2(bridge_slave_1) entered blocking state [ 1429.302522][ T7624] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1429.916753][T27066] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1430.179228][T27066] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1430.179228][T27066] [ 1431.003889][T26852] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1431.012844][T27067] kexec: Could not allocate control_code_buffer [ 1431.343171][T26852] veth0_vlan: entered promiscuous mode [ 1431.407687][T26852] veth1_vlan: entered promiscuous mode [ 1431.498952][T27104] futex_wake_op: syz.1.4745 tries to shift op by -2048; fix this program [ 1431.780016][T26852] veth0_macvtap: entered promiscuous mode [ 1431.842015][T26852] veth1_macvtap: entered promiscuous mode [ 1431.997367][T26852] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1432.096071][T26852] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1432.211177][ T7622] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1432.261100][ T7622] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1432.526442][ T7622] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1432.637042][ T7622] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1433.132132][T21409] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1433.186855][T21409] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1433.333697][T19541] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1433.390065][T19541] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1434.637795][T27157] futex_wake_op: syz.4.4754 tries to shift op by -2048; fix this program [ 1436.060392][T27182] tc_dump_action: action bad kind [ 1436.307140][T27186] tc_dump_action: action bad kind [ 1436.827160][T27191] queue_state_write: unsupported operation '' [ 1436.864259][T27191] queue_state_write: use 'run', 'start' or 'kick' [ 1439.198874][ T30] audit: type=1800 audit(4294968009.609:242): pid=27220 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4768" name="dbroot" dev="configfs" ino=122008 res=0 errno=0 [ 1441.783599][T27267] tc_dump_action: action bad kind [ 1442.722689][T27273] zswap: compressor not available [ 1442.750610][T27280] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4780'. [ 1442.811413][T27281] FAULT_INJECTION: forcing a failure. [ 1442.811413][T27281] name failslab, interval 1, probability 393216, space 0, times 0 [ 1442.910938][T27281] CPU: 0 UID: 0 PID: 27281 Comm: syz.1.4780 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1442.910982][T27281] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1442.910992][T27281] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1442.911007][T27281] Call Trace: [ 1442.911015][T27281] [ 1442.911024][T27281] dump_stack_lvl+0x16c/0x1f0 [ 1442.911068][T27281] should_fail_ex+0x512/0x640 [ 1442.911096][T27281] ? __kmalloc_noprof+0xca/0x910 [ 1442.911126][T27281] should_failslab+0xc2/0x120 [ 1442.911165][T27281] __kmalloc_noprof+0xeb/0x910 [ 1442.911189][T27281] ? __pfx___mutex_lock+0x10/0x10 [ 1442.911228][T27281] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 1442.911278][T27281] ? genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 1442.911321][T27281] genl_family_rcv_msg_attrs_parse.constprop.0+0xc8/0x290 [ 1442.911369][T27281] genl_start+0x18f/0x980 [ 1442.911411][T27281] __netlink_dump_start+0x60e/0x990 [ 1442.911450][T27281] genl_family_rcv_msg_dumpit+0x1e2/0x2e0 [ 1442.911477][T27281] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 1442.911501][T27281] ? consume_skb+0xcc/0x100 [ 1442.911542][T27281] ? __pfx_genl_get_cmd+0x10/0x10 [ 1442.911577][T27281] ? __pfx_genl_start+0x10/0x10 [ 1442.911614][T27281] ? __pfx_genl_dumpit+0x10/0x10 [ 1442.911639][T27281] ? __pfx_genl_done+0x10/0x10 [ 1442.911664][T27281] ? __radix_tree_lookup+0x21f/0x2c0 [ 1442.911708][T27281] genl_rcv_msg+0x46e/0x800 [ 1442.911764][T27281] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1442.911788][T27281] ? __pfx_netdev_nl_qstats_get_dumpit+0x10/0x10 [ 1442.911836][T27281] netlink_rcv_skb+0x158/0x420 [ 1442.911872][T27281] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1442.911895][T27281] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1442.911943][T27281] ? netlink_deliver_tap+0x1ae/0xd30 [ 1442.911987][T27281] genl_rcv+0x28/0x40 [ 1442.912025][T27281] netlink_unicast+0x5aa/0x870 [ 1442.912065][T27281] ? __pfx_netlink_unicast+0x10/0x10 [ 1442.912101][T27281] ? __pfx___might_resched+0x10/0x10 [ 1442.912136][T27281] ? __lock_acquire+0x436/0x2890 [ 1442.912167][T27281] netlink_sendmsg+0x8c8/0xdd0 [ 1442.912208][T27281] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1442.912247][T27281] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 1442.912296][T27281] ____sys_sendmsg+0xa5d/0xc30 [ 1442.912336][T27281] ? copy_msghdr_from_user+0x10a/0x160 [ 1442.912368][T27281] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1442.912421][T27281] ___sys_sendmsg+0x134/0x1d0 [ 1442.912454][T27281] ? __pfx____sys_sendmsg+0x10/0x10 [ 1442.912521][T27281] __sys_sendmsg+0x16d/0x220 [ 1442.912553][T27281] ? __pfx___sys_sendmsg+0x10/0x10 [ 1442.912623][T27281] do_syscall_64+0xcd/0xf80 [ 1442.912662][T27281] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1442.912687][T27281] RIP: 0033:0x7faa40b8f7c9 [ 1442.912712][T27281] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1442.912736][T27281] RSP: 002b:00007faa419d8038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1442.912758][T27281] RAX: ffffffffffffffda RBX: 00007faa40de6180 RCX: 00007faa40b8f7c9 [ 1442.912775][T27281] RDX: 0000000000040000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1442.912790][T27281] RBP: 00007faa419d8090 R08: 0000000000000000 R09: 0000000000000000 [ 1442.912806][T27281] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1442.912821][T27281] R13: 00007faa40de6218 R14: 00007faa40de6180 R15: 00007ffc29bf0618 [ 1442.912852][T27281] [ 1446.318155][T27333] FAULT_INJECTION: forcing a failure. [ 1446.318155][T27333] name failslab, interval 1, probability 393216, space 0, times 0 [ 1446.365791][T27333] CPU: 0 UID: 0 PID: 27333 Comm: syz.4.4793 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1446.365835][T27333] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1446.365845][T27333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1446.365860][T27333] Call Trace: [ 1446.365869][T27333] [ 1446.365878][T27333] dump_stack_lvl+0x16c/0x1f0 [ 1446.365923][T27333] should_fail_ex+0x512/0x640 [ 1446.365952][T27333] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1446.365987][T27333] should_failslab+0xc2/0x120 [ 1446.366029][T27333] kmem_cache_alloc_noprof+0x83/0x770 [ 1446.366060][T27333] ? security_file_alloc+0x34/0x2b0 [ 1446.366099][T27333] ? security_file_alloc+0x34/0x2b0 [ 1446.366130][T27333] security_file_alloc+0x34/0x2b0 [ 1446.366163][T27333] init_file+0x93/0x4c0 [ 1446.366190][T27333] alloc_empty_file+0x73/0x1e0 [ 1446.366217][T27333] alloc_file_pseudo+0x13a/0x230 [ 1446.366246][T27333] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1446.366282][T27333] sock_alloc_file+0x50/0x210 [ 1446.366320][T27333] do_accept+0x240/0x530 [ 1446.366345][T27333] ? do_raw_spin_lock+0x12c/0x2b0 [ 1446.366376][T27333] ? __pfx_do_accept+0x10/0x10 [ 1446.366420][T27333] __sys_accept4_file+0xcd/0x210 [ 1446.366447][T27333] ? __pfx___sys_accept4_file+0x10/0x10 [ 1446.366483][T27333] __x64_sys_accept+0xb0/0x140 [ 1446.366510][T27333] do_syscall_64+0xcd/0xf80 [ 1446.366562][T27333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1446.366588][T27333] RIP: 0033:0x7fef9af8f7c9 [ 1446.366607][T27333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1446.366632][T27333] RSP: 002b:00007fef9be3d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002b [ 1446.366655][T27333] RAX: ffffffffffffffda RBX: 00007fef9b1e5fa0 RCX: 00007fef9af8f7c9 [ 1446.366671][T27333] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004 [ 1446.366686][T27333] RBP: 00007fef9b013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1446.366701][T27333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1446.366715][T27333] R13: 00007fef9b1e6038 R14: 00007fef9b1e5fa0 R15: 00007ffe816526e8 [ 1446.366746][T27333] [ 1449.696946][T27380] futex_wake_op: syz.0.4804 tries to shift op by -2048; fix this program [ 1449.773952][T27380] futex_wake_op: syz.0.4804 tries to shift op by -2048; fix this program [ 1449.958049][T27389] FAULT_INJECTION: forcing a failure. [ 1449.958049][T27389] name failslab, interval 1, probability 393216, space 0, times 0 [ 1450.040663][T27389] CPU: 0 UID: 0 PID: 27389 Comm: syz.2.4807 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1450.040706][T27389] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1450.040716][T27389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1450.040731][T27389] Call Trace: [ 1450.040739][T27389] [ 1450.040748][T27389] dump_stack_lvl+0x16c/0x1f0 [ 1450.040791][T27389] should_fail_ex+0x512/0x640 [ 1450.040817][T27389] ? fs_reclaim_acquire+0xae/0x150 [ 1450.040859][T27389] should_failslab+0xc2/0x120 [ 1450.040897][T27389] __kmalloc_noprof+0xeb/0x910 [ 1450.040921][T27389] ? find_held_lock+0x2b/0x80 [ 1450.040953][T27389] ? ext4_find_extent+0x844/0xa70 [ 1450.040990][T27389] ? ext4_find_extent+0x844/0xa70 [ 1450.041020][T27389] ext4_find_extent+0x844/0xa70 [ 1450.041050][T27389] ? is_bpf_text_address+0x94/0x1a0 [ 1450.041097][T27389] ext4_ext_map_blocks+0x290/0x5f10 [ 1450.041141][T27389] ? stack_trace_save+0x8e/0xc0 [ 1450.041180][T27389] ? __pfx_stack_trace_save+0x10/0x10 [ 1450.041224][T27389] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 1450.041265][T27389] ? kasan_save_stack+0x33/0x60 [ 1450.041297][T27389] ? __kasan_slab_alloc+0x89/0x90 [ 1450.041331][T27389] ? ext4_alloc_io_end_vec+0x2b/0x1c0 [ 1450.041370][T27389] ? do_writepages+0x27a/0x600 [ 1450.041417][T27389] ? __pfx___might_resched+0x10/0x10 [ 1450.041461][T27389] ? __pfx_down_write+0x10/0x10 [ 1450.041493][T27389] ext4_map_blocks+0x573/0x1350 [ 1450.041524][T27389] ? __pfx_ext4_map_blocks+0x10/0x10 [ 1450.041553][T27389] ? trace_kmem_cache_alloc+0x28/0xb0 [ 1450.041589][T27389] ? kmem_cache_alloc_noprof+0x2af/0x770 [ 1450.041618][T27389] ? ext4_alloc_io_end_vec+0x2b/0x1c0 [ 1450.041664][T27389] ? ext4_ext_index_trans_blocks+0x159/0x190 [ 1450.041699][T27389] ? __ext4_journal_ensure_credits+0x25e/0x2f0 [ 1450.041733][T27389] ext4_do_writepages+0x1fa9/0x3c80 [ 1450.041785][T27389] ? __pfx_ext4_do_writepages+0x10/0x10 [ 1450.041831][T27389] ? ext4_writepages+0x37a/0x7d0 [ 1450.041858][T27389] ext4_writepages+0x37a/0x7d0 [ 1450.041888][T27389] ? __pfx_ext4_writepages+0x10/0x10 [ 1450.041934][T27389] ? do_writepages+0x4b7/0x600 [ 1450.041970][T27389] ? __pfx_ext4_writepages+0x10/0x10 [ 1450.042001][T27389] do_writepages+0x27a/0x600 [ 1450.042038][T27389] ? __pfx_do_writepages+0x10/0x10 [ 1450.042071][T27389] ? do_raw_spin_unlock+0x172/0x230 [ 1450.042099][T27389] ? _raw_spin_unlock+0x28/0x50 [ 1450.042133][T27389] filemap_writeback+0x225/0x2d0 [ 1450.042171][T27389] ? __pfx_filemap_writeback+0x10/0x10 [ 1450.042207][T27389] ? __lock_acquire+0x436/0x2890 [ 1450.042264][T27389] ? __pfx_mt_find+0x10/0x10 [ 1450.042297][T27389] file_write_and_wait_range+0xcd/0x140 [ 1450.042326][T27389] ext4_sync_file+0x310/0xeb0 [ 1450.042355][T27389] ? __pfx___up_read+0x10/0x10 [ 1450.042383][T27389] ? __pfx_ext4_sync_file+0x10/0x10 [ 1450.042408][T27389] vfs_fsync_range+0x142/0x230 [ 1450.042452][T27389] __do_sys_msync+0x3cb/0x590 [ 1450.042489][T27389] do_syscall_64+0xcd/0xf80 [ 1450.042529][T27389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1450.042559][T27389] RIP: 0033:0x7fc6a318f7c9 [ 1450.042583][T27389] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1450.042608][T27389] RSP: 002b:00007fc6a40a2038 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 1450.042631][T27389] RAX: ffffffffffffffda RBX: 00007fc6a33e5fa0 RCX: 00007fc6a318f7c9 [ 1450.042647][T27389] RDX: 0000000400000004 RSI: 01800000000000fe RDI: 000000001ffff000 [ 1450.042663][T27389] RBP: 00007fc6a40a2090 R08: 0000000000000000 R09: 0000000000000000 [ 1450.042678][T27389] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1450.042693][T27389] R13: 00007fc6a33e6038 R14: 00007fc6a33e5fa0 R15: 00007fff3414d078 [ 1450.042725][T27389] [ 1450.418829][T27389] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1450.432624][T27389] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1450.432624][T27389] [ 1451.900259][T27419] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1452.179646][T27429] futex_wake_op: syz.4.4817 tries to shift op by -2048; fix this program [ 1452.201792][T27430] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4816'. [ 1453.070695][T20797] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1453.085025][T20797] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1453.094052][T20797] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1453.102334][T20797] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1453.113381][T20797] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1454.185768][ T4326] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1454.305116][T27443] chnl_net:caif_netlink_parms(): no params data found [ 1454.516260][ T4326] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1454.729692][T27469] nvme_fabrics: missing parameter 'transport=%s' [ 1454.736773][T27469] nvme_fabrics: missing parameter 'nqn=%s' [ 1454.798927][ T4326] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1455.164007][ T4326] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1455.185819][T20797] Bluetooth: hci3: command tx timeout [ 1455.424489][T27443] bridge0: port 1(bridge_slave_0) entered blocking state [ 1455.451931][T27443] bridge0: port 1(bridge_slave_0) entered disabled state [ 1455.480573][T27443] bridge_slave_0: entered allmulticast mode [ 1455.514718][T27443] bridge_slave_0: entered promiscuous mode [ 1455.544095][T27443] bridge0: port 2(bridge_slave_1) entered blocking state [ 1455.573813][T27443] bridge0: port 2(bridge_slave_1) entered disabled state [ 1455.602823][T27443] bridge_slave_1: entered allmulticast mode [ 1455.629682][T27443] bridge_slave_1: entered promiscuous mode [ 1456.001747][T27443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1456.087134][T27443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1456.181505][T27479] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1456.265356][ T4326] bridge_slave_1: left allmulticast mode [ 1456.298522][ T4326] bridge_slave_1: left promiscuous mode [ 1456.331270][ T4326] bridge0: port 2(bridge_slave_1) entered disabled state [ 1456.393019][ T4326] bridge_slave_0: left allmulticast mode [ 1456.398745][ T4326] bridge_slave_0: left promiscuous mode [ 1456.440579][ T4326] bridge0: port 1(bridge_slave_0) entered disabled state [ 1457.269832][T20797] Bluetooth: hci3: command tx timeout [ 1457.507061][ T4326] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1457.528263][ T4326] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1457.556317][ T4326] bond0 (unregistering): Released all slaves [ 1457.575266][T27443] team0: Port device team_slave_0 added [ 1457.635174][T27443] team0: Port device team_slave_1 added [ 1457.894874][T27443] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1457.942651][T27443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1458.056697][T27443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1458.150926][T27443] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1458.174088][T27443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1458.263682][T27443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1458.671511][T27443] hsr_slave_0: entered promiscuous mode [ 1458.705777][T27443] hsr_slave_1: entered promiscuous mode [ 1458.733396][T27443] debugfs: 'hsr0' already exists in 'hsr' [ 1458.739278][T27443] Cannot create hsr debugfs directory [ 1458.806527][ T4326] hsr_slave_0: left promiscuous mode [ 1458.853793][ T4326] hsr_slave_1: left promiscuous mode [ 1458.893434][ T4326] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1458.932906][ T4326] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1458.981448][ T4326] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1459.042386][ T4326] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1459.119577][T21409] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1459.159386][ T4326] veth1_macvtap: left promiscuous mode [ 1459.181253][T21409] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1459.181253][T21409] [ 1459.213617][ T4326] veth0_macvtap: left promiscuous mode [ 1459.219300][ T4326] veth1_vlan: left promiscuous mode [ 1459.255185][ T4326] veth0_vlan: left promiscuous mode [ 1459.340281][T20797] Bluetooth: hci3: command tx timeout [ 1459.952141][T27534] zswap: compressor ú not available [ 1460.961222][ T4326] team0 (unregistering): Port device team_slave_1 removed [ 1461.059308][ T4326] team0 (unregistering): Port device team_slave_0 removed [ 1461.141262][T27544] FAULT_INJECTION: forcing a failure. [ 1461.141262][T27544] name failslab, interval 1, probability 393216, space 0, times 0 [ 1461.164351][T27544] CPU: 0 UID: 0 PID: 27544 Comm: syz.2.4838 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1461.164392][T27544] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1461.164401][T27544] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1461.164416][T27544] Call Trace: [ 1461.164424][T27544] [ 1461.164435][T27544] dump_stack_lvl+0x16c/0x1f0 [ 1461.164475][T27544] should_fail_ex+0x512/0x640 [ 1461.164502][T27544] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1461.164534][T27544] should_failslab+0xc2/0x120 [ 1461.164572][T27544] kmem_cache_alloc_noprof+0x83/0x770 [ 1461.164601][T27544] ? security_file_alloc+0x34/0x2b0 [ 1461.164637][T27544] ? security_file_alloc+0x34/0x2b0 [ 1461.164667][T27544] security_file_alloc+0x34/0x2b0 [ 1461.164698][T27544] init_file+0x93/0x4c0 [ 1461.164722][T27544] alloc_empty_file+0x73/0x1e0 [ 1461.164748][T27544] path_openat+0xde/0x3140 [ 1461.164784][T27544] ? do_syscall_64+0xcd/0xf80 [ 1461.164819][T27544] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.164859][T27544] ? __pfx_path_openat+0x10/0x10 [ 1461.164900][T27544] ? __lock_acquire+0x436/0x2890 [ 1461.164927][T27544] do_filp_open+0x20b/0x470 [ 1461.164964][T27544] ? __pfx_do_filp_open+0x10/0x10 [ 1461.165021][T27544] ? _raw_spin_unlock+0x28/0x50 [ 1461.165053][T27544] ? alloc_fd+0x471/0x7d0 [ 1461.165098][T27544] do_sys_openat2+0x121/0x290 [ 1461.165126][T27544] ? __pfx_do_sys_openat2+0x10/0x10 [ 1461.165155][T27544] ? __fget_files+0x20e/0x3c0 [ 1461.165195][T27544] __x64_sys_open+0x153/0x1e0 [ 1461.165223][T27544] ? __pfx___x64_sys_open+0x10/0x10 [ 1461.165262][T27544] ? rcu_is_watching+0x12/0xc0 [ 1461.165299][T27544] do_syscall_64+0xcd/0xf80 [ 1461.165336][T27544] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.165360][T27544] RIP: 0033:0x7fc6a318f7c9 [ 1461.165379][T27544] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1461.165403][T27544] RSP: 002b:00007fc6a40a2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 1461.165426][T27544] RAX: ffffffffffffffda RBX: 00007fc6a33e5fa0 RCX: 00007fc6a318f7c9 [ 1461.165443][T27544] RDX: 0000000000000100 RSI: 0000000000002000 RDI: 0000200000000000 [ 1461.165458][T27544] RBP: 00007fc6a40a2090 R08: 0000000000000000 R09: 0000000000000000 [ 1461.165473][T27544] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1461.165487][T27544] R13: 00007fc6a33e6038 R14: 00007fc6a33e5fa0 R15: 00007fff3414d078 [ 1461.165518][T27544] [ 1461.734070][T20797] Bluetooth: hci3: command tx timeout [ 1461.876615][T27533] lo: entered allmulticast mode [ 1461.883432][T27533] lo: left allmulticast mode [ 1463.555929][T27586] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4842'. [ 1464.004061][T27443] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1464.071662][T27443] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1464.112229][T27443] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1464.162345][T27443] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1464.846489][T27617] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1465.266759][T27443] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1465.462566][T27443] 8021q: adding VLAN 0 to HW filter on device team0 [ 1465.535347][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 1465.542619][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1465.863053][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 1465.870329][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1467.044433][T27654] nvme_fabrics: missing parameter 'transport=%s' [ 1467.109911][T27654] nvme_fabrics: missing parameter 'nqn=%s' [ 1467.219658][T27443] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1467.555419][T27443] veth0_vlan: entered promiscuous mode [ 1467.654553][T27443] veth1_vlan: entered promiscuous mode [ 1467.847513][T27443] veth0_macvtap: entered promiscuous mode [ 1467.902766][T27443] veth1_macvtap: entered promiscuous mode [ 1467.997674][T27443] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1468.098943][T27443] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1468.449602][ T7604] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1468.533821][ T7604] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1468.622136][ T7604] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1468.684318][ T7604] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1468.866296][T27690] zswap: compressor not available [ 1469.126510][ T7624] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1469.209864][ T7624] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1469.322101][ T4326] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1469.365460][ T4326] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1470.890078][T27720] vhci_hcd vhci_hcd.2: invalid port number 16 [ 1470.896251][T27720] vhci_hcd vhci_hcd.2: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 1473.087156][T27750] zswap: compressor not available [ 1473.442692][T27765] Invalid ELF header magic: != ELF [ 1475.673745][T27809] binder: 27806:27809 ioctl c018620c 0 returned -22 [ 1477.601907][T27802] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1477.889908][T27822] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1477.940980][T27822] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1479.913055][T27860] FAULT_INJECTION: forcing a failure. [ 1479.913055][T27860] name failslab, interval 1, probability 393216, space 0, times 0 [ 1479.976111][T27860] CPU: 0 UID: 0 PID: 27860 Comm: syz.1.4889 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1479.976153][T27860] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1479.976162][T27860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1479.976181][T27860] Call Trace: [ 1479.976189][T27860] [ 1479.976198][T27860] dump_stack_lvl+0x16c/0x1f0 [ 1479.976241][T27860] should_fail_ex+0x512/0x640 [ 1479.976268][T27860] ? fs_reclaim_acquire+0xae/0x150 [ 1479.976309][T27860] should_failslab+0xc2/0x120 [ 1479.976347][T27860] __kmalloc_noprof+0xeb/0x910 [ 1479.976374][T27860] ? tomoyo_encode2+0x100/0x3e0 [ 1479.976412][T27860] ? tomoyo_encode2+0x100/0x3e0 [ 1479.976444][T27860] tomoyo_encode2+0x100/0x3e0 [ 1479.976483][T27860] tomoyo_encode+0x29/0x50 [ 1479.976513][T27860] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1479.976553][T27860] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1479.976585][T27860] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1479.976642][T27860] ? do_raw_spin_lock+0x12c/0x2b0 [ 1479.976679][T27860] tomoyo_file_open+0x6b/0x90 [ 1479.976717][T27860] security_file_open+0x84/0x1e0 [ 1479.976749][T27860] do_dentry_open+0x597/0x1590 [ 1479.976788][T27860] ? security_inode_permission+0xbf/0x260 [ 1479.976828][T27860] vfs_open+0x82/0x3f0 [ 1479.976858][T27860] path_openat+0x2078/0x3140 [ 1479.976905][T27860] ? __pfx_path_openat+0x10/0x10 [ 1479.976951][T27860] do_filp_open+0x20b/0x470 [ 1479.976988][T27860] ? __pfx_do_filp_open+0x10/0x10 [ 1479.977045][T27860] ? alloc_fd+0x471/0x7d0 [ 1479.977087][T27860] do_sys_openat2+0x121/0x290 [ 1479.977113][T27860] ? __pfx_do_sys_openat2+0x10/0x10 [ 1479.977144][T27860] ? __fget_files+0x20e/0x3c0 [ 1479.977183][T27860] __x64_sys_openat+0x174/0x210 [ 1479.977210][T27860] ? __pfx___x64_sys_openat+0x10/0x10 [ 1479.977237][T27860] ? ksys_write+0x1ac/0x250 [ 1479.977281][T27860] do_syscall_64+0xcd/0xf80 [ 1479.977320][T27860] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1479.977345][T27860] RIP: 0033:0x7fd44dd8f7c9 [ 1479.977364][T27860] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1479.977388][T27860] RSP: 002b:00007fd44ecb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1479.977411][T27860] RAX: ffffffffffffffda RBX: 00007fd44dfe6090 RCX: 00007fd44dd8f7c9 [ 1479.977427][T27860] RDX: 000000000004c000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1479.977443][T27860] RBP: 00007fd44ecb2090 R08: 0000000000000000 R09: 0000000000000000 [ 1479.977458][T27860] R10: 000000000000ebff R11: 0000000000000246 R12: 0000000000000001 [ 1479.977473][T27860] R13: 00007fd44dfe6128 R14: 00007fd44dfe6090 R15: 00007fff7a18b038 [ 1479.977504][T27860] [ 1479.977918][T27860] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1480.456365][T27866] ptp ptp0: only physical clock in use now [ 1483.181509][ T30] audit: type=1800 audit(4294968053.599:243): pid=27915 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4900" name="dbroot" dev="configfs" ino=125191 res=0 errno=0 [ 1484.541670][T27938] netlink: 'syz.0.4903': attribute type 1 has an invalid length. [ 1487.105819][T27964] FAULT_INJECTION: forcing a failure. [ 1487.105819][T27964] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1487.118908][T27964] CPU: 0 UID: 0 PID: 27964 Comm: syz.4.4911 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1487.118951][T27964] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1487.118962][T27964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1487.118978][T27964] Call Trace: [ 1487.118988][T27964] [ 1487.118998][T27964] dump_stack_lvl+0x16c/0x1f0 [ 1487.119044][T27964] should_fail_ex+0x512/0x640 [ 1487.119078][T27964] should_fail_futex+0x4c/0x60 [ 1487.119105][T27964] futex_lock_pi_atomic+0x127/0xc50 [ 1487.119145][T27964] futex_lock_pi+0x23f/0x7c0 [ 1487.119183][T27964] ? __pfx_futex_lock_pi+0x10/0x10 [ 1487.119215][T27964] ? __futex_wait+0x24b/0x2f0 [ 1487.119270][T27964] ? futex_private_hash_put+0x160/0x1b0 [ 1487.119300][T27964] ? __pfx_futex_wake_mark+0x10/0x10 [ 1487.119342][T27964] ? ksys_write+0x190/0x250 [ 1487.119383][T27964] do_futex+0x11a/0x350 [ 1487.119412][T27964] ? __pfx_do_futex+0x10/0x10 [ 1487.119447][T27964] __x64_sys_futex+0x1e0/0x4c0 [ 1487.119478][T27964] ? fput+0x70/0xf0 [ 1487.119500][T27964] ? __pfx___x64_sys_futex+0x10/0x10 [ 1487.119529][T27964] ? xfd_validate_state+0x61/0x180 [ 1487.119551][T27964] ? __pfx_ksys_write+0x10/0x10 [ 1487.119594][T27964] do_syscall_64+0xcd/0xf80 [ 1487.119634][T27964] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1487.119660][T27964] RIP: 0033:0x7fef9af8f7c9 [ 1487.119681][T27964] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1487.119712][T27964] RSP: 002b:00007fef9be3d038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1487.119737][T27964] RAX: ffffffffffffffda RBX: 00007fef9b1e5fa0 RCX: 00007fef9af8f7c9 [ 1487.119756][T27964] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1487.119772][T27964] RBP: 00007fef9b013f91 R08: 0000000000000000 R09: 000000008000fff5 [ 1487.119788][T27964] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1487.119804][T27964] R13: 00007fef9b1e6038 R14: 00007fef9b1e5fa0 R15: 00007ffe816526e8 [ 1487.119837][T27964] [ 1489.014449][T27999] FAULT_INJECTION: forcing a failure. [ 1489.014449][T27999] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1489.196225][T27999] CPU: 0 UID: 0 PID: 27999 Comm: syz.0.4917 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1489.196269][T27999] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1489.196279][T27999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1489.196294][T27999] Call Trace: [ 1489.196302][T27999] [ 1489.196312][T27999] dump_stack_lvl+0x16c/0x1f0 [ 1489.196357][T27999] should_fail_ex+0x512/0x640 [ 1489.196389][T27999] should_fail_alloc_page+0xe7/0x130 [ 1489.196431][T27999] prepare_alloc_pages+0x401/0x670 [ 1489.196475][T27999] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 1489.196514][T27999] ? kasan_save_stack+0x42/0x60 [ 1489.196547][T27999] ? kasan_save_stack+0x33/0x60 [ 1489.196577][T27999] ? kasan_save_track+0x14/0x30 [ 1489.196608][T27999] ? __kasan_slab_alloc+0x89/0x90 [ 1489.196641][T27999] ? kmem_cache_alloc_noprof+0x25e/0x770 [ 1489.196668][T27999] ? __pmd_alloc+0xbf/0x9c0 [ 1489.196704][T27999] ? __handle_mm_fault+0xbeb/0x2bb0 [ 1489.196727][T27999] ? handle_mm_fault+0x3fe/0xad0 [ 1489.196757][T27999] ? do_user_addr_fault+0x7a6/0x1370 [ 1489.196788][T27999] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1489.196817][T27999] ? _copy_from_user+0x98/0xd0 [ 1489.196843][T27999] ? ___sys_sendmsg+0x134/0x1d0 [ 1489.196874][T27999] ? __x64_sys_sendmmsg+0x9c/0x100 [ 1489.196904][T27999] ? do_syscall_64+0xcd/0xf80 [ 1489.196939][T27999] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1489.196979][T27999] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1489.197020][T27999] ? policy_nodemask+0xea/0x4e0 [ 1489.197059][T27999] alloc_pages_mpol+0x1fb/0x550 [ 1489.197098][T27999] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1489.197143][T27999] alloc_pages_noprof+0x131/0x390 [ 1489.197182][T27999] pte_alloc_one+0x1e/0x3d0 [ 1489.197216][T27999] do_fault+0x8b8/0x1ad0 [ 1489.197253][T27999] ? __pfx_filemap_map_pages+0x10/0x10 [ 1489.197281][T27999] ? __pmd_alloc+0x6aa/0x9c0 [ 1489.197321][T27999] __handle_mm_fault+0x1919/0x2bb0 [ 1489.197353][T27999] ? __pfx___handle_mm_fault+0x10/0x10 [ 1489.197395][T27999] ? find_vma+0xbf/0x140 [ 1489.197427][T27999] ? __pfx_find_vma+0x10/0x10 [ 1489.197463][T27999] handle_mm_fault+0x3fe/0xad0 [ 1489.197494][T27999] do_user_addr_fault+0x7a6/0x1370 [ 1489.197526][T27999] ? rcu_is_watching+0x12/0xc0 [ 1489.197564][T27999] exc_page_fault+0x64/0xc0 [ 1489.197601][T27999] asm_exc_page_fault+0x26/0x30 [ 1489.197626][T27999] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 1489.197655][T27999] Code: c4 10 e9 14 81 04 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 66 [ 1489.197680][T27999] RSP: 0018:ffffc900053079c0 EFLAGS: 00050202 [ 1489.197700][T27999] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000007 [ 1489.197715][T27999] RDX: fffff52000a60f4a RSI: 0000000000000000 RDI: ffffc90005307a48 [ 1489.197731][T27999] RBP: 0000000000000007 R08: 0000000000000001 R09: fffff52000a60f49 [ 1489.197751][T27999] R10: ffffc90005307a4e R11: ffff8880788ee6b0 R12: 0000000000000000 [ 1489.197767][T27999] R13: ffffc90005307a48 R14: 1ffff92000a60f43 R15: ffffc90005307d7c [ 1489.197798][T27999] _copy_from_user+0x98/0xd0 [ 1489.197825][T27999] ____sys_sendmsg+0x607/0xc30 [ 1489.197867][T27999] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1489.197911][T27999] ? __pfx__kstrtoull+0x10/0x10 [ 1489.197951][T27999] ___sys_sendmsg+0x134/0x1d0 [ 1489.197984][T27999] ? __pfx____sys_sendmsg+0x10/0x10 [ 1489.198029][T27999] ? find_held_lock+0x2b/0x80 [ 1489.198079][T27999] __sys_sendmmsg+0x200/0x420 [ 1489.198115][T27999] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1489.198156][T27999] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1489.198208][T27999] ? native_tss_update_io_bitmap+0x3e1/0x740 [ 1489.198234][T27999] ? fput+0x70/0xf0 [ 1489.198258][T27999] ? __pfx_native_tss_update_io_bitmap+0x10/0x10 [ 1489.198283][T27999] ? ksys_write+0x1ac/0x250 [ 1489.198318][T27999] ? __pfx_ksys_write+0x10/0x10 [ 1489.198358][T27999] __x64_sys_sendmmsg+0x9c/0x100 [ 1489.198389][T27999] ? lockdep_hardirqs_on+0x7c/0x110 [ 1489.198426][T27999] do_syscall_64+0xcd/0xf80 [ 1489.198464][T27999] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1489.198488][T27999] RIP: 0033:0x7fda7a18f7c9 [ 1489.198508][T27999] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1489.198532][T27999] RSP: 002b:00007fda7aff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1489.198554][T27999] RAX: ffffffffffffffda RBX: 00007fda7a3e5fa0 RCX: 00007fda7a18f7c9 [ 1489.198570][T27999] RDX: 0000000000000024 RSI: 0000200000000200 RDI: 0000000000000006 [ 1489.198585][T27999] RBP: 00007fda7aff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1489.198600][T27999] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 1489.198614][T27999] R13: 00007fda7a3e6038 R14: 00007fda7a3e5fa0 R15: 00007ffcc9940d58 [ 1489.198645][T27999] [ 1490.547428][T21409] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1490.649870][T21409] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1490.649870][T21409] [ 1492.041998][T28029] overlayfs: missing 'lowerdir' [ 1495.730987][T28076] overlayfs: missing 'lowerdir' [ 1495.751462][T28078] random: crng reseeded on system resumption [ 1496.164914][T28078] FAULT_INJECTION: forcing a failure. [ 1496.164914][T28078] name failslab, interval 1, probability 393216, space 0, times 0 [ 1496.223151][T28073] zswap: compressor not available [ 1496.291445][T28078] CPU: 0 UID: 0 PID: 28078 Comm: syz.0.4933 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1496.291488][T28078] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1496.291498][T28078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1496.291514][T28078] Call Trace: [ 1496.291522][T28078] [ 1496.291533][T28078] dump_stack_lvl+0x16c/0x1f0 [ 1496.291578][T28078] should_fail_ex+0x512/0x640 [ 1496.291607][T28078] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1496.291642][T28078] should_failslab+0xc2/0x120 [ 1496.291683][T28078] __kmalloc_cache_noprof+0x80/0x800 [ 1496.291710][T28078] ? lockdep_init_map_type+0x5c/0x270 [ 1496.291736][T28078] ? mon_text_open+0x1d9/0x510 [ 1496.291774][T28078] ? __pfx_mon_text_open+0x10/0x10 [ 1496.291808][T28078] ? mon_text_open+0x1d9/0x510 [ 1496.291841][T28078] mon_text_open+0x1d9/0x510 [ 1496.291875][T28078] ? __pfx_mon_text_open+0x10/0x10 [ 1496.291910][T28078] ? __debugfs_file_get+0x1fe/0x840 [ 1496.291945][T28078] ? __pfx___debugfs_file_get+0x10/0x10 [ 1496.291982][T28078] ? __pfx_apparmor_file_open+0x10/0x10 [ 1496.292007][T28078] ? lockdown_is_locked_down+0x3f/0x130 [ 1496.292045][T28078] ? bpf_lsm_locked_down+0x9/0x10 [ 1496.292083][T28078] ? __pfx_mon_text_open+0x10/0x10 [ 1496.292114][T28078] full_proxy_open_regular+0x1b9/0x350 [ 1496.292155][T28078] do_dentry_open+0x748/0x1590 [ 1496.292192][T28078] ? __pfx_full_proxy_open_regular+0x10/0x10 [ 1496.292237][T28078] vfs_open+0x82/0x3f0 [ 1496.292275][T28078] path_openat+0x2078/0x3140 [ 1496.292324][T28078] ? __pfx_path_openat+0x10/0x10 [ 1496.292377][T28078] do_filp_open+0x20b/0x470 [ 1496.292415][T28078] ? __pfx_do_filp_open+0x10/0x10 [ 1496.292474][T28078] ? alloc_fd+0x471/0x7d0 [ 1496.292519][T28078] do_sys_openat2+0x121/0x290 [ 1496.292547][T28078] ? __pfx_do_sys_openat2+0x10/0x10 [ 1496.292587][T28078] __x64_sys_openat+0x174/0x210 [ 1496.292616][T28078] ? __pfx___x64_sys_openat+0x10/0x10 [ 1496.292658][T28078] do_syscall_64+0xcd/0xf80 [ 1496.292709][T28078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1496.292735][T28078] RIP: 0033:0x7fda7a18f7c9 [ 1496.292755][T28078] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1496.292779][T28078] RSP: 002b:00007fda7afd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1496.292802][T28078] RAX: ffffffffffffffda RBX: 00007fda7a3e6090 RCX: 00007fda7a18f7c9 [ 1496.292819][T28078] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1496.292835][T28078] RBP: 00007fda7a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1496.292852][T28078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1496.292867][T28078] R13: 00007fda7a3e6128 R14: 00007fda7a3e6090 R15: 00007ffcc9940d58 [ 1496.292901][T28078] [ 1498.709309][T28117] vivid-007: ================= START STATUS ================= [ 1498.737478][T28117] vivid-007: Generate PTS: true [ 1498.765719][T28117] vivid-007: Generate SCR: true [ 1498.854174][T28117] tpg source WxH: 320x240 (Y'CbCr) [ 1498.901212][T28117] tpg field: 1 [ 1498.904671][T28117] tpg crop: (0,0)/320x240 [ 1498.947091][T28117] tpg compose: (0,0)/320x240 [ 1498.982161][T28117] tpg colorspace: 8 [ 1498.986125][T28117] tpg transfer function: 0/0 [ 1499.085734][T28117] tpg Y'CbCr encoding: 0/0 [ 1499.120547][T28117] tpg quantization: 0/0 [ 1499.169239][T28117] tpg RGB range: 0/2 [ 1499.269974][T28117] vivid-007: ================== END STATUS ================== [ 1499.329836][T28126] vivid-007: ================= START STATUS ================= [ 1499.510679][T28126] vivid-007: Generate PTS: true [ 1499.554275][T28126] vivid-007: Generate SCR: true [ 1499.598216][T28126] tpg source WxH: 320x240 (Y'CbCr) [ 1499.683372][T28126] tpg field: 1 [ 1499.686820][T28126] tpg crop: (0,0)/320x240 [ 1499.789774][T28126] tpg compose: (0,0)/320x240 [ 1499.887110][T28126] tpg colorspace: 8 [ 1499.927654][T28126] tpg transfer function: 0/0 [ 1500.002919][T28126] tpg Y'CbCr encoding: 0/0 [ 1500.086234][T28126] tpg quantization: 0/0 [ 1500.108002][T28126] tpg RGB range: 0/2 [ 1500.145482][T28126] vivid-007: ================== END STATUS ================== [ 1503.792611][T28187] EXT4-fs (sda1): Delayed block allocation failed for inode 2021 at logical offset 0 with max blocks 1 with error 117 [ 1503.856379][T28187] EXT4-fs (sda1): This should not happen!! Data will be lost [ 1503.856379][T28187] [ 1505.508935][T28224] ================================================================== [ 1505.508954][T28224] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0xa03/0xc70 [ 1505.508990][T28224] Read of size 256 at addr ffff88805b276f60 by task syz.0.4970/28224 [ 1505.509010][T28224] [ 1505.509024][T28224] CPU: 0 UID: 0 PID: 28224 Comm: syz.0.4970 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1505.509061][T28224] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1505.509071][T28224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1505.509087][T28224] Call Trace: [ 1505.509095][T28224] [ 1505.509104][T28224] dump_stack_lvl+0x116/0x1f0 [ 1505.509142][T28224] print_report+0xcd/0x630 [ 1505.509178][T28224] ? __virt_addr_valid+0x81/0x610 [ 1505.509217][T28224] ? __phys_addr+0xe8/0x180 [ 1505.509254][T28224] ? fbcon_prepare_logo+0xa03/0xc70 [ 1505.509279][T28224] kasan_report+0xe0/0x110 [ 1505.509316][T28224] ? fbcon_prepare_logo+0xa03/0xc70 [ 1505.509346][T28224] kasan_check_range+0x100/0x1b0 [ 1505.509371][T28224] __asan_memcpy+0x23/0x60 [ 1505.509400][T28224] fbcon_prepare_logo+0xa03/0xc70 [ 1505.509432][T28224] fbcon_init+0xda0/0x1930 [ 1505.509458][T28224] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 1505.509488][T28224] visual_init+0x320/0x620 [ 1505.509517][T28224] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 1505.509554][T28224] store_bind+0x61d/0x760 [ 1505.509587][T28224] ? sysfs_file_kobj+0xe4/0x290 [ 1505.509611][T28224] ? __pfx_store_bind+0x10/0x10 [ 1505.509640][T28224] dev_attr_store+0x58/0x80 [ 1505.509673][T28224] ? __pfx_dev_attr_store+0x10/0x10 [ 1505.509708][T28224] sysfs_kf_write+0xf2/0x150 [ 1505.509737][T28224] kernfs_fop_write_iter+0x3af/0x570 [ 1505.509773][T28224] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1505.509797][T28224] iter_file_splice_write+0xa24/0x12b0 [ 1505.509843][T28224] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1505.509883][T28224] ? __pfx_copy_splice_read+0x10/0x10 [ 1505.509925][T28224] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1505.509963][T28224] direct_splice_actor+0x192/0x6c0 [ 1505.510000][T28224] splice_direct_to_actor+0x345/0xa30 [ 1505.510039][T28224] ? __pfx_direct_splice_actor+0x10/0x10 [ 1505.510079][T28224] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1505.510120][T28224] do_splice_direct+0x174/0x240 [ 1505.510155][T28224] ? __pfx_do_splice_direct+0x10/0x10 [ 1505.510191][T28224] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1505.510229][T28224] ? rw_verify_area+0xcf/0x6c0 [ 1505.510261][T28224] do_sendfile+0xb06/0xe50 [ 1505.510295][T28224] ? __pfx_do_sendfile+0x10/0x10 [ 1505.510330][T28224] ? __x64_sys_futex+0x1e0/0x4c0 [ 1505.510359][T28224] ? __x64_sys_futex+0x1e9/0x4c0 [ 1505.510388][T28224] __x64_sys_sendfile64+0x1d8/0x220 [ 1505.510412][T28224] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1505.510434][T28224] ? syscall_user_dispatch+0x78/0x140 [ 1505.510471][T28224] do_syscall_64+0xcd/0xf80 [ 1505.510510][T28224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1505.510534][T28224] RIP: 0033:0x7fda7a18f7c9 [ 1505.510553][T28224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1505.510577][T28224] RSP: 002b:00007fda7afd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1505.510599][T28224] RAX: ffffffffffffffda RBX: 00007fda7a3e6090 RCX: 00007fda7a18f7c9 [ 1505.510615][T28224] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000009 [ 1505.510630][T28224] RBP: 00007fda7a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1505.510645][T28224] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1505.510660][T28224] R13: 00007fda7a3e6128 R14: 00007fda7a3e6090 R15: 00007ffcc9940d58 [ 1505.510685][T28224] [ 1505.510693][T28224] [ 1505.510699][T28224] Allocated by task 27945: [ 1505.510710][T28224] kasan_save_stack+0x33/0x60 [ 1505.510748][T28224] kasan_save_track+0x14/0x30 [ 1505.510778][T28224] __kasan_kmalloc+0xaa/0xb0 [ 1505.510807][T28224] __kmalloc_noprof+0x33d/0x910 [ 1505.510831][T28224] sk_prot_alloc+0x1a8/0x2a0 [ 1505.510867][T28224] sk_alloc+0x36/0xe30 [ 1505.510891][T28224] __netlink_create+0x5e/0x2c0 [ 1505.510920][T28224] netlink_create+0x39e/0x620 [ 1505.510950][T28224] __sock_create+0x339/0x8a0 [ 1505.510970][T28224] __sys_socket+0x14d/0x260 [ 1505.510990][T28224] __x64_sys_socket+0x72/0xb0 [ 1505.511010][T28224] do_syscall_64+0xcd/0xf80 [ 1505.511045][T28224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1505.511067][T28224] [ 1505.511073][T28224] Freed by task 27945: [ 1505.511083][T28224] kasan_save_stack+0x33/0x60 [ 1505.511113][T28224] kasan_save_track+0x14/0x30 [ 1505.511143][T28224] kasan_save_free_info+0x3b/0x60 [ 1505.511167][T28224] __kasan_slab_free+0x5f/0x80 [ 1505.511199][T28224] kfree+0x2f8/0x6e0 [ 1505.511220][T28224] __sk_destruct+0x8b1/0xbc0 [ 1505.511244][T28224] sk_destruct+0xc2/0xf0 [ 1505.511269][T28224] __sk_free+0xf4/0x3e0 [ 1505.511292][T28224] sk_free+0x6a/0x90 [ 1505.511316][T28224] deferred_put_nlk_sk+0xc9/0x110 [ 1505.511343][T28224] rcu_core+0x79c/0x15f0 [ 1505.511371][T28224] handle_softirqs+0x219/0x950 [ 1505.511403][T28224] __irq_exit_rcu+0x109/0x170 [ 1505.511434][T28224] irq_exit_rcu+0x9/0x30 [ 1505.511464][T28224] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 1505.511499][T28224] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1505.511524][T28224] [ 1505.511529][T28224] Last potentially related work creation: [ 1505.511538][T28224] kasan_save_stack+0x33/0x60 [ 1505.511568][T28224] kasan_record_aux_stack+0xa7/0xc0 [ 1505.511592][T28224] __call_rcu_common.constprop.0+0xa5/0xa10 [ 1505.511620][T28224] netlink_release+0x9ce/0x2000 [ 1505.511652][T28224] __sock_release+0xb3/0x270 [ 1505.511682][T28224] sock_close+0x1c/0x30 [ 1505.511710][T28224] __fput+0x402/0xb70 [ 1505.511736][T28224] task_work_run+0x150/0x240 [ 1505.511760][T28224] get_signal+0x1d0/0x26d0 [ 1505.511791][T28224] arch_do_signal_or_restart+0x8f/0x7a0 [ 1505.511825][T28224] exit_to_user_mode_loop+0x8c/0x540 [ 1505.511852][T28224] do_syscall_64+0x4ee/0xf80 [ 1505.511885][T28224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1505.511909][T28224] [ 1505.511914][T28224] The buggy address belongs to the object at ffff88805b276000 [ 1505.511914][T28224] which belongs to the cache kmalloc-2k of size 2048 [ 1505.511934][T28224] The buggy address is located 1888 bytes to the right of [ 1505.511934][T28224] allocated 2048-byte region [ffff88805b276000, ffff88805b276800) [ 1505.511959][T28224] [ 1505.511965][T28224] The buggy address belongs to the physical page: [ 1505.511977][T28224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5b270 [ 1505.511998][T28224] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1505.512017][T28224] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1505.512039][T28224] page_type: f5(slab) [ 1505.512059][T28224] raw: 00fff00000000040 ffff88813ff27000 0000000000000000 0000000000000001 [ 1505.512081][T28224] raw: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 1505.512102][T28224] head: 00fff00000000040 ffff88813ff27000 0000000000000000 0000000000000001 [ 1505.512123][T28224] head: 0000000000000000 0000000080080008 00000000f5000000 0000000000000000 [ 1505.512145][T28224] head: 00fff00000000003 ffffea00016c9c01 00000000ffffffff 00000000ffffffff [ 1505.512167][T28224] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1505.512181][T28224] page dumped because: kasan: bad access detected [ 1505.512193][T28224] page_owner tracks the page as allocated [ 1505.512201][T28224] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 27666, tgid 27663 (syz.0.4855), ts 1467464984338, free_ts 1466613008669 [ 1505.512244][T28224] post_alloc_hook+0x1af/0x220 [ 1505.512269][T28224] get_page_from_freelist+0xd0b/0x31a0 [ 1505.512295][T28224] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 1505.512323][T28224] alloc_pages_mpol+0x1fb/0x550 [ 1505.512358][T28224] new_slab+0x2c3/0x430 [ 1505.512379][T28224] ___slab_alloc+0xe18/0x1c90 [ 1505.512401][T28224] __slab_alloc.constprop.0+0x63/0x110 [ 1505.512425][T28224] __kmalloc_node_track_caller_noprof+0x4d6/0x930 [ 1505.512459][T28224] kmalloc_reserve+0xef/0x2c0 [ 1505.512493][T28224] __alloc_skb+0x186/0x410 [ 1505.512516][T28224] rtmsg_ifinfo_build_skb+0x81/0x280 [ 1505.512553][T28224] rtmsg_ifinfo+0x9f/0x1a0 [ 1505.512586][T28224] register_netdevice+0x1b60/0x21d0 [ 1505.512625][T28224] __ip_tunnel_create+0x540/0x6b0 [ 1505.512662][T28224] ip_tunnel_init_net+0x22f/0x7d0 [ 1505.512684][T28224] ops_init+0x1e2/0x5f0 [ 1505.512713][T28224] page last free pid 26695 tgid 26695 stack trace: [ 1505.512730][T28224] __free_frozen_pages+0x7df/0x1170 [ 1505.512753][T28224] __folio_put+0x329/0x450 [ 1505.512780][T28224] skb_release_data+0x81a/0x9e0 [ 1505.512809][T28224] napi_consume_skb+0x2a0/0x300 [ 1505.512831][T28224] __free_old_xmit+0x182/0x660 [ 1505.512852][T28224] free_old_xmit+0xbe/0x1b0 [ 1505.512875][T28224] virtnet_poll_tx+0xe98/0x14b0 [ 1505.512902][T28224] __napi_poll.constprop.0+0xb3/0x540 [ 1505.512930][T28224] net_rx_action+0x9f9/0xfa0 [ 1505.512955][T28224] handle_softirqs+0x219/0x950 [ 1505.512986][T28224] __irq_exit_rcu+0x109/0x170 [ 1505.513016][T28224] irq_exit_rcu+0x9/0x30 [ 1505.513048][T28224] common_interrupt+0xbf/0xe0 [ 1505.513073][T28224] asm_common_interrupt+0x26/0x40 [ 1505.513096][T28224] [ 1505.513102][T28224] Memory state around the buggy address: [ 1505.513114][T28224] ffff88805b276e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1505.513132][T28224] ffff88805b276e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1505.513149][T28224] >ffff88805b276f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1505.513163][T28224] ^ [ 1505.513178][T28224] ffff88805b276f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1505.513195][T28224] ffff88805b277000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1505.513209][T28224] ================================================================== [ 1505.563537][ T13] bridge_slave_1: left allmulticast mode [ 1505.563583][ T13] bridge_slave_1: left promiscuous mode [ 1505.563772][ T13] bridge0: port 2(bridge_slave_1) entered disabled state [ 1505.564310][T28224] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1505.564332][T28224] CPU: 0 UID: 0 PID: 28224 Comm: syz.0.4970 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1505.564368][T28224] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1505.564378][T28224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 1505.564394][T28224] Call Trace: [ 1505.564402][T28224] [ 1505.564412][T28224] dump_stack_lvl+0x3d/0x1f0 [ 1505.564453][T28224] vpanic+0x640/0x6f0 [ 1505.564478][T28224] panic+0xca/0xd0 [ 1505.564500][T28224] ? __pfx_panic+0x10/0x10 [ 1505.564524][T28224] ? fbcon_prepare_logo+0xa03/0xc70 [ 1505.564551][T28224] ? preempt_schedule_common+0x44/0xc0 [ 1505.564588][T28224] ? preempt_schedule_thunk+0x16/0x30 [ 1505.564613][T28224] ? check_panic_on_warn+0x1f/0xb0 [ 1505.564639][T28224] check_panic_on_warn+0xab/0xb0 [ 1505.564665][T28224] end_report+0x107/0x160 [ 1505.564701][T28224] kasan_report+0xee/0x110 [ 1505.564745][T28224] ? fbcon_prepare_logo+0xa03/0xc70 [ 1505.564775][T28224] kasan_check_range+0x100/0x1b0 [ 1505.564801][T28224] __asan_memcpy+0x23/0x60 [ 1505.564831][T28224] fbcon_prepare_logo+0xa03/0xc70 [ 1505.564863][T28224] fbcon_init+0xda0/0x1930 [ 1505.564890][T28224] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 1505.564920][T28224] visual_init+0x320/0x620 [ 1505.564949][T28224] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 1505.564987][T28224] store_bind+0x61d/0x760 [ 1505.565020][T28224] ? sysfs_file_kobj+0xe4/0x290 [ 1505.565044][T28224] ? __pfx_store_bind+0x10/0x10 [ 1505.565075][T28224] dev_attr_store+0x58/0x80 [ 1505.565112][T28224] ? __pfx_dev_attr_store+0x10/0x10 [ 1505.565143][T28224] sysfs_kf_write+0xf2/0x150 [ 1505.565167][T28224] kernfs_fop_write_iter+0x3af/0x570 [ 1505.565204][T28224] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1505.565229][T28224] iter_file_splice_write+0xa24/0x12b0 [ 1505.565277][T28224] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1505.565318][T28224] ? __pfx_copy_splice_read+0x10/0x10 [ 1505.565360][T28224] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1505.565399][T28224] direct_splice_actor+0x192/0x6c0 [ 1505.565437][T28224] splice_direct_to_actor+0x345/0xa30 [ 1505.565474][T28224] ? __pfx_direct_splice_actor+0x10/0x10 [ 1505.565514][T28224] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1505.565555][T28224] do_splice_direct+0x174/0x240 [ 1505.565591][T28224] ? __pfx_do_splice_direct+0x10/0x10 [ 1505.565626][T28224] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1505.565664][T28224] ? rw_verify_area+0xcf/0x6c0 [ 1505.565696][T28224] do_sendfile+0xb06/0xe50 [ 1505.565736][T28224] ? __pfx_do_sendfile+0x10/0x10 [ 1505.565770][T28224] ? __x64_sys_futex+0x1e0/0x4c0 [ 1505.565798][T28224] ? __x64_sys_futex+0x1e9/0x4c0 [ 1505.565827][T28224] __x64_sys_sendfile64+0x1d8/0x220 [ 1505.565852][T28224] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1505.565875][T28224] ? syscall_user_dispatch+0x78/0x140 [ 1505.565910][T28224] do_syscall_64+0xcd/0xf80 [ 1505.565948][T28224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1505.565973][T28224] RIP: 0033:0x7fda7a18f7c9 [ 1505.565992][T28224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1505.566016][T28224] RSP: 002b:00007fda7afd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1505.566040][T28224] RAX: ffffffffffffffda RBX: 00007fda7a3e6090 RCX: 00007fda7a18f7c9 [ 1505.566057][T28224] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000009 [ 1505.566073][T28224] RBP: 00007fda7a213f91 R08: 0000000000000000 R09: 0000000000000000 [ 1505.566089][T28224] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1505.566104][T28224] R13: 00007fda7a3e6128 R14: 00007fda7a3e6090 R15: 00007ffcc9940d58 [ 1505.566129][T28224] [ 1505.566210][T28224] Kernel Offset: disabled