last executing test programs: 14m31.975146s ago: executing program 3 (id=1335): read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) unshare$auto(0x40000080) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket(0x3, 0x3, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pwritev$auto(0xffffffffffffffff, 0x0, 0x2, 0xfffffffffffff274, 0x6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x60742, 0x0) msgget$auto(0xc, 0x77d9) msgrcv$auto(0x0, 0x0, 0xff9, 0x1, 0x3) io_uring_setup$auto(0x59, 0x0) setsockopt$auto(0xffffffffffffffff, 0x11, 0x64, 0x0, 0x7) msgsnd$auto(0x0, &(0x7f0000000000)={0x1, 0x5}, 0x8, 0x9) 14m25.901479019s ago: executing program 3 (id=1347): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x8001, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x1e, 0x4, 0x0) socket(0x1d, 0x2, 0x7) setsockopt$auto(0x3, 0x6b, 0x3, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0x10eb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) getcwd$auto(0x0, 0xffffffffffffffff) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) 14m23.893827025s ago: executing program 3 (id=1359): mmap$auto(0x0, 0xb, 0x6, 0xeb1, 0x3ff, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) pipe$auto(0x0) r0 = socket(0x11, 0x80003, 0x200300) setsockopt$auto(r0, 0x107, 0x18, 0x0, 0x9) 14m23.341840727s ago: executing program 3 (id=1363): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) io_uring_setup$auto(0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101c81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mlock$auto(0x800, 0x85fc) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xc01, 0x1, 0x6d, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS2\x00', 0x101f81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) 14m22.383707783s ago: executing program 3 (id=1368): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x161782, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x0, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@NL80211_ATTR_BSS_CTS_PROT={0x5, 0x1c, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x845}, 0x97a64b66617a15c7) getrlimit$auto(0x3, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x100eb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) ioctl$auto_SNDRV_PCM_IOCTL_RESET2(r2, 0x4141, 0x0) 14m18.198667545s ago: executing program 3 (id=1393): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/run\x00', 0x88b02, 0x0) read$auto(0x3, 0x0, 0x80) write$auto(0x3, 0x0, 0xfdef) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2b, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x112, 0x80006) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) mlock$auto(0x9, 0xffff) 14m3.13101162s ago: executing program 32 (id=1393): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x15, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/ksm/run\x00', 0x88b02, 0x0) read$auto(0x3, 0x0, 0x80) write$auto(0x3, 0x0, 0xfdef) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2b, 0x1, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mlock$auto(0x112, 0x80006) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) mlock$auto(0x9, 0xffff) 2m20.487924298s ago: executing program 2 (id=3324): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2b, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_UPD_RXSA(r1, 0x0, 0x0) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000003fc0), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_GET(0xffffffffffffffff, &(0x7f0000004540)={0x0, 0x0, &(0x7f0000004500)={0x0, 0x18}, 0x1, 0x0, 0x0, 0x40081}, 0x20000c50) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x42000}, 0x804) close_range$auto(0x2, 0x8, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000180), 0x80a040, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = socket(0x2, 0x1, 0x0) fcntl$auto(0x3, 0x8, 0x0) bind$auto(r2, &(0x7f0000000040)=@in={0x2, 0x4e25, @remote}, 0x6d) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x5, 0x20000000) sendmsg$auto_NFSD_CMD_THREADS_SET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x51}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x80009, 0x0, 0x1, 0x0, 0x4, 0x9}, 0x3}, 0x3, 0x9) sendmsg$auto_SEG6_CMD_SETHMAC(r2, &(0x7f0000000400)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x20008060}, 0x9c1e69dda35d178a) shutdown$auto(0x200000003, 0x2) recvfrom$auto(r0, 0x0, 0x800000000c, 0x1003, 0x0, 0xfffffffffffffffd) 2m20.05234237s ago: executing program 2 (id=3326): mmap$auto(0x0, 0x9bc, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) syz_clone3(0x0, 0x0) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_fd=0x2, 0x80}, 0x96) r1 = socket(0x1d, 0x2, 0x6) setsockopt$auto(r1, 0x6a, 0x5, 0x0, 0x3) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) syslog$auto(0x2, 0x0, 0xcf) mmap$auto(0x0, 0x202000b, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8001) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) capset$auto(0x0, 0x0) close_range$auto(r0, 0x8, 0x0) mmap$auto(0x8, 0x400000, 0xe2, 0x9b72, 0xffffffffffffffff, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) madvise$auto(0x0, 0x200007, 0x8) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x8080, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card1\x00', 0x80802, 0x0) openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) acct$auto(&(0x7f0000002380)='/sys/kernel/debug/dri/vkms/crtc-0/crc/data\x00') 2m19.511555141s ago: executing program 2 (id=3328): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) read$auto(0x3, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, 0x0) write$auto(0x3, 0x0, 0x100082) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/040/001\x00', 0x802, 0x0) prctl$auto(0x4, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) read$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x5, 0x9, &(0x7f0000001480)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0xfffeffff) 2m18.107477862s ago: executing program 2 (id=3332): r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/set_event\x00', 0x121000, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001400)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002bbd7000fcdbdf2504000000040010"], 0x20}, 0x1, 0x0, 0x0, 0x24040000}, 0x18800) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f00000009c0)='/sys/kernel/tracing/uprobe_events\x00', 0x302, 0x0) write$auto_uprobe_events_ops_trace_uprobe(r3, &(0x7f0000000000)="0a23b9", 0x3) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r1) sendmsg$auto_NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={0x0}, 0x1, 0x0, 0x0, 0x40000}, 0x24000000) madvise$auto(0x0, 0xff7fffffffff0001, 0x15) close_range$auto(r0, 0x8, 0x0) open(&(0x7f0000000000)='.\x00', 0xc00, 0x409) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0) pread64$auto(r4, 0x0, 0x800003, 0x270) mlockall$auto(0x7) mprotect$auto(0x110c230000, 0xa588, 0x6) mremap$auto(0x110c231000, 0x0, 0x101, 0x3, 0x0) msgctl$auto_IPC_RMID(0x1, 0x0, 0x0) r5 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r5, 0x402, 0x0) 2m16.750693787s ago: executing program 2 (id=3336): socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x18, 0x3, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) fcntl$auto(0x0, 0x408, 0x100000) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, &(0x7f0000000080)='nlctrl\x00', 0x2) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) 2m15.1785859s ago: executing program 2 (id=3339): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x5, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) mlockall$auto(0x7) migrate_pages$auto(0x0, 0xa, 0x0, &(0x7f0000000140)=0x2) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) listen$auto(0x3, 0x81) 2m0.133257844s ago: executing program 33 (id=3339): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x5, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) shutdown$auto(0x200000003, 0x2) mlockall$auto(0x7) migrate_pages$auto(0x0, 0xa, 0x0, &(0x7f0000000140)=0x2) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) listen$auto(0x3, 0x81) 1m26.063200634s ago: executing program 0 (id=3579): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r1 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r1, &(0x7f00000020c0)=""/4093, 0xffd) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) 1m24.08178175s ago: executing program 0 (id=3584): sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x40004) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r0, 0x0, 0x20000084) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f00000001c0)=0x6) r1 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$auto_PPPIOCSMRU(r1, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000180)={0x35, 0x0, 0x1}}) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptmx\x00', 0x2200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socket(0x10, 0x2, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3b, 0x0, 0x948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0xf08f, 0x6d3f, 0x9, 0x8, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000001ff, 0x7, 0xd, 0x1, 0x3, 0x3, 0x15f4da0a, 0x2, 0x3, 0x62, 0x80000023, 0x7, 0x6d3e, 0xd, 0xd, 0x1]}, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 1m23.929713106s ago: executing program 0 (id=3586): ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_dfs_global_fops_debug(0xffffffffffffff9c, 0x0, 0x426a2, 0x0) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x60240, 0x0) ioctl$auto_EVIOCGREP(r0, 0x80084503, 0x0) mmap$auto(0x0, 0xf569, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_nfc(0x0, 0xffffffffffffffff) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, r1, 0x28000) r2 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) sendmsg$auto(r2, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1e, 0x4, 0x8de9, 0x0) r3 = socket(0x2, 0x80802, 0x0) setsockopt$auto(r3, 0x11, 0x64, 0x0, 0x8) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) unshare$auto(0x40000080) 1m22.657744771s ago: executing program 0 (id=3592): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x11, 0x80000, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) mount$auto(0x0, 0x0, 0x0, 0x0, 0x0) fspick$auto(0xffffffffffffffff, 0x0, 0x9) mmap$auto(0x4, 0x40009, 0x4, 0x9b72, 0x7, 0x27ffe) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, 0x0, 0x6a) sendmmsg$auto(r0, 0x0, 0x5, 0x311) io_uring_setup$auto(0x2, 0x0) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x101, 0x103) read$auto(0xffffffffffffffff, 0x0, 0x400006) 1m21.718735641s ago: executing program 0 (id=3596): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x10000007, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) read$auto_vhci_fops_hci_vhci(r2, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) unshare$auto(0x0) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) 1m20.2499958s ago: executing program 0 (id=3603): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) read$auto(0x3, 0x0, 0x8080) bpf$auto(0x7, &(0x7f00000000c0)=@raw_tracepoint={0x9, 0x0, 0x0, 0x6}, 0x3d) socket(0xa, 0x1, 0x100) set_mempolicy$auto(0x1, &(0x7f0000000000)=0x4, 0x21) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x8) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2000000008000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x222c0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x20, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty18\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x5457, r1) 1m4.928653195s ago: executing program 34 (id=3603): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) read$auto(0x3, 0x0, 0x8080) bpf$auto(0x7, &(0x7f00000000c0)=@raw_tracepoint={0x9, 0x0, 0x0, 0x6}, 0x3d) socket(0xa, 0x1, 0x100) set_mempolicy$auto(0x1, &(0x7f0000000000)=0x4, 0x21) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x8) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2000000008000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x222c0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x20, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty18\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x5457, r1) 40.236194137s ago: executing program 1 (id=3767): mmap$auto(0x0, 0x220009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x400000000065f, 0x1ffde, 0x40007, 0x7f, 0x20000005, 0x9, 0x3, 0x6, 0x400000004, 0xb5, 0x4, 0x6, 0x2, 0x1, 0xfff, 0xfffffff7, 0x7, 0x1fff, 0x203, 0x838b, 0x84, 0x2, 0x8, 0x5, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000000, 0x1, 0xffffffffffffffff, 0x0, 0x1, 0x400, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10007, 0x0, 0x81, 0x9e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x251, 0x3, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffff7cc, 0x9, 0x400000000000002, 0x1, 0x0, 0x1, 0x0, 0x9, 0x8, 0x2000]}, 0x1fa, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x48080) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop10/mq/0/nr_tags\x00', 0x20000, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x10002c, 0x7f, 0x0, @inferred=r1}, 0x287) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=@bpf_attr_7={@start_id=0x7, 0x2, 0x10000, r2}, 0xac) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) close_range$auto(r3, r3, 0x6) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/icmp/ratemask\x00', 0xa0202, 0x0) socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) 40.090006181s ago: executing program 1 (id=3768): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd4\x00', 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) read$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) 36.653194161s ago: executing program 1 (id=3775): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/geneve0/disable_policy\x00', 0x40180, 0x0) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) write$auto(r1, 0x0, 0x5) r3 = socket(0x11, 0xa, 0x9) bind$auto(r3, &(0x7f0000000140)=@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x38}}, 0x9) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) sendmsg$auto_OVS_FLOW_CMD_SET(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 34.40581742s ago: executing program 1 (id=3785): setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), r1) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/rt_acct\x00', 0x840, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) fsconfig$auto(r1, 0x2, &(0x7f0000000180)='\x00', &(0x7f0000000580)="10ab6b39a25e5d9c4947936e05c1ebf9895356b0a5fc915241b26bebe1bf3648ecb6260c4d40bcaaf9620450e0f236d9cf2e9bfa15663032904f14a0bfebeb6f41d8f77bd0bca982dfe6b49e308e606721133b53711ed21bb9e1e32f4be7a7c60b1e11a84523b8f0f030b169292f0b65a26107a850d0b970a474f1e71b47e5ca3b8343ea7d7b90f3557fd5f312dc8058", 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f000000c180), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(0x0, 0x800) read$auto(0x4, 0x0, 0x80) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000080), r1) sendmsg$auto_TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, 0x0, 0x4) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) r3 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000280), 0x802, 0x0) ioctl$auto_SW_SYNC_GET_DEADLINE(r3, 0xc0105702, &(0x7f00000002c0)={0x3ff, 0x0, r2}) 33.31374924s ago: executing program 1 (id=3789): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) io_uring_register$auto(0xffffffffffffffff, 0x15, 0x0, 0x9) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0x1, 0x0, 0x80000000) io_uring_setup$auto(0x6, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001100), 0xffffffffffffffff) openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) 33.034809396s ago: executing program 1 (id=3792): unshare$auto(0x40000080) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) read$auto(r0, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, &(0x7f00000001c0)="624d1bfe", 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) read$auto(0x3, 0x0, 0x7fffffff) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(0xffffffffffffffff, 0x0, 0x2fb) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/card0/pcm0c/sub0/status\x00', 0x100, 0x0) pread64$auto(r1, 0x0, 0x40000000f42c, 0x80002) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_GET_RADIO(r2, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="cf772801000000dbdf25668892"], 0x14}, 0x1, 0x0, 0x0, 0x884}, 0x8020) 17.993128434s ago: executing program 35 (id=3792): unshare$auto(0x40000080) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) read$auto(r0, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, &(0x7f00000001c0)="624d1bfe", 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) ioctl$auto(0x3, 0x80000541b, 0x38) read$auto(0x3, 0x0, 0x7fffffff) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4}, 0x400c000) write$auto(0xffffffffffffffff, 0x0, 0x2fb) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000300)='/proc/asound/card0/pcm0c/sub0/status\x00', 0x100, 0x0) pread64$auto(r1, 0x0, 0x40000000f42c, 0x80002) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000540), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_GET_RADIO(r2, &(0x7f0000001900)={0x0, 0x0, &(0x7f00000018c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3, @ANYBLOB="cf772801000000dbdf25668892"], 0x14}, 0x1, 0x0, 0x0, 0x884}, 0x8020) 4.988258445s ago: executing program 6 (id=3921): ioctl$auto_FS_IOC_RESVSP64(0xffffffffffffffff, 0x4030582a, 0xfffffffffffffffc) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x20480, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0x100085) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 4.417686449s ago: executing program 6 (id=3930): sendmsg$auto_IEEE802154_ASSOCIATE_RESP(0xffffffffffffffff, 0x0, 0x20000881) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, r0, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x288202, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0xa, 0x0) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\x00\x80\x00\x00\x00\x00\x00\x00j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0) getdents$auto(r1, 0x0, 0x3f1) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) r2 = socket(0x2, 0x5, 0x0) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) io_uring_setup$auto(0x2, 0x0) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket(0x2, 0x1, 0x0) 3.914798714s ago: executing program 7 (id=3924): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) io_uring_register$auto(0xffffffffffffffff, 0x15, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0x1, 0x0, 0x80000000) io_uring_setup$auto(0x6, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001100), 0xffffffffffffffff) openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) 3.65485913s ago: executing program 7 (id=3926): syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) setresuid$auto(0x0, 0x0, 0x0) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x40000008000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) sendmsg$auto_NL80211_CMD_GET_MPATH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x10000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x41811}, 0x20000000) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000080)={0xc0}) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/fail_over_mac\x00', 0x103b02, 0x0) sendfile$auto(r3, r3, 0x0, 0x8080000001) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xfdef) 3.512343418s ago: executing program 5 (id=3927): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r1, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) readv$auto(0x3, &(0x7f0000000600)={0x0, 0xfdf3}, 0x1da) write$auto(0x3, 0x0, 0xfdf3) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) write$auto_console_fops_tty_io(r2, 0x0, 0x0) mmap$auto(0x200000000, 0x5, 0x8, 0x40009b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) write$auto(0x3, 0x0, 0x7fffffff) bind$auto(0xffffffffffffffff, 0x0, 0x68) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) munmap$auto(0x8, 0xffffffff) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 2.87425571s ago: executing program 6 (id=3929): ioctl$auto_FS_IOC_RESVSP64(0xffffffffffffffff, 0x4030582a, 0xfffffffffffffffc) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x20480, 0x0) read$auto_mISDN_fops_timerdev(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r1 = socket(0x2, 0x1, 0x0) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0x100085) 2.649760968s ago: executing program 7 (id=3931): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x11, 0x80000, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) mount$auto(0x0, 0x0, 0x0, 0x0, 0x0) fspick$auto(0xffffffffffffffff, 0x0, 0x9) mmap$auto(0x4, 0x40009, 0x4, 0x9b72, 0x7, 0x27ffe) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) r0 = socket(0x2, 0x5, 0x0) sendmmsg$auto(r0, 0x0, 0x5, 0x311) io_uring_setup$auto(0x2, 0x0) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x101, 0x103) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/devices/system/cpu/vulnerabilities/spectre_v2\x00', 0x40780, 0x0) read$auto(r1, 0x0, 0x400006) 2.599914418s ago: executing program 6 (id=3932): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D3\x00', 0x200a41, 0x0) bpf$auto(0x8000000, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000002c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1d\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"P\x8a\xbbY8@Z5`\xa2\x9aSVd\x1d\xac\xe8\x90e\x9d\x03tm\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7.\xbe\x01\x98\xd7l\x00\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa\xf0\xd9\xc0K\x8b\xa3c\x00'/160, 0xa9) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054) write$auto(0xffffffffffffffff, 0x0, 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000d, 0x4, 0xeb1, 0xffffffffffffffff, 0x6000000000) shmctl$auto_SHM_LOCK(0x2, 0xb, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4c2080, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x400008000) r1 = socketpair$auto(0x0, 0x1000, 0x7fffffff, &(0x7f0000000040)=0x4) close_range$auto(r1, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) ioctl$auto(0x3, 0x6f50, 0xffffffffffffffff) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r0, 0x8000) ioctl$auto_BLKRRPART(r0, 0x125f, 0x0) madvise$auto(0x0, 0x400053, 0x9) 2.513821923s ago: executing program 5 (id=3933): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) unshare$auto(0x2) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, 0x0}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) madvise$auto(0x4, 0x3, 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x102, 0x0) bpf$auto(0x2, 0x0, 0x1) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) 2.302256783s ago: executing program 4 (id=3934): openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r0, 0x540a, 0x0) unshare$auto(0x40000080) unshare$auto(0x6) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/ieee80211/phy1/statistics/dot11RTSSuccessCount\x00', 0x800, 0x0) link$auto(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='./file0\x00') prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket(0xa, 0x5, 0x84) init_module$auto(0x0, 0xffff9, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/tty6\x00', 0x0, 0x0) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r2, 0x0, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000180), r1) geteuid() r3 = openat$auto_proc_page_owner_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000000), 0x101002, 0x0) pread64$auto(r3, 0x0, 0x0, 0x7fff) setgroups$auto(0xe32, 0x0) get_mempolicy$auto(0x0, 0x0, 0x400, 0x0, 0x1) 1.5930244s ago: executing program 7 (id=3935): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) getcwd$auto(0x0, 0x7) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0x1, 0x0, 0x80000000) io_uring_setup$auto(0x6, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001100), 0xffffffffffffffff) openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) 1.343496251s ago: executing program 5 (id=3936): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) io_uring_register$auto(0xffffffffffffffff, 0x15, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0x1, 0x0, 0x80000000) io_uring_setup$auto(0x6, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001100), 0xffffffffffffffff) openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) 1.340227562s ago: executing program 4 (id=3937): mmap$auto(0x0, 0x220009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/virt_wifi0/router_solicitations\x00', 0x101202, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x7352, 0x34, 0x400000000065f, 0x1ffde, 0x40007, 0x7f, 0x20000005, 0x9, 0x3, 0x6, 0x400000004, 0xb5, 0x4, 0x6, 0x2, 0x1, 0xfff, 0xfffffff7, 0x7, 0x1fff, 0x203, 0x838b, 0x84, 0x2, 0x8, 0x5, 0x0, 0x0, [0x0, 0x0, 0x0, 0x40000000000, 0x1, 0xffffffffffffffff, 0x0, 0x1, 0x400, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10007, 0x0, 0x81, 0x9e, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x251, 0x3, 0x0, 0x0, 0x8, 0x0, 0xfffffffffffff7cc, 0x9, 0x400000000000002, 0x1, 0x0, 0x1, 0x0, 0x9, 0x8, 0x2000]}, 0x1fa, 0x8) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x48080) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop10/mq/0/nr_tags\x00', 0x20000, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=@bpf_attr_7={@start_id=0x7, 0x2, 0x10000, r1}, 0xac) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) close_range$auto(r2, r2, 0x6) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/icmp/ratemask\x00', 0xa0202, 0x0) socket(0x2, 0x801, 0x106) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.197246611s ago: executing program 7 (id=3938): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x40001, 0x0) fcntl$auto(0x3, 0x4, 0xa553) swapon$auto(0x0, 0x4) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x24) close_range$auto(0x2, r0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0x8000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x60980, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_snd_mixer_oss_f_ops_mixer_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer2\x00', 0x101001, 0x0) getsockopt$auto_SO_NO_CHECK(r3, 0x4, 0xb, &(0x7f0000000040)='/dev/kvm\x00', &(0x7f0000000080)=0x1) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r1) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0xae41, r4) 1.101285776s ago: executing program 5 (id=3939): socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x2c82, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0x15, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) pipe2$auto(0x0, 0x0) io_uring_setup$auto(0x7e1b, 0x0) socket(0x2, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x14) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyxe\x00', 0x2e8a83, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyde\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) ioctl$auto(0x3, 0x1, 0x38) 1.029162431s ago: executing program 4 (id=3940): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x5, 0x12020006, 0x5, 0xeb1, 0xfffffffffffffffa, 0x9) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_VHOST_SET_BACKEND_FEATURES(r0, 0x4008af25, 0x0) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, 0xffffffffffffffff, 0x300000000000) rseq$auto(0x0, 0x6, 0x0, 0x2) socket(0x2c, 0x80003, 0x0) write$auto(0xca, &(0x7f0000000040)='\x04\x1c\xdc\xec7z\xdf3\xf2\xd3!\v\xb0M\xf8Q\x15\f', 0x2d8) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d9) socket(0x2b, 0x1, 0x0) r2 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x30, r2, 0x1, 0x70bd29, 0x25dfdc02, {}, [@OVS_FLOW_ATTR_PROBE={0x4}, @OVS_FLOW_ATTR_KEY={0x18, 0x1, 0x0, 0x1, [@nested={0x14, 0x10, 0x0, 0x1, [@typed={0x8, 0x8, 0x0, 0x0, @ipv4=@remote}, @typed={0x8, 0x8, 0x0, 0x0, @uid}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x2, 0x2020009, 0x2, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) 964.237641ms ago: executing program 6 (id=3941): ioctl$auto_FS_IOC_RESVSP64(0xffffffffffffffff, 0x4030582a, 0xfffffffffffffffc) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000080), 0x20480, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0x100085) 772.351351ms ago: executing program 5 (id=3942): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) read$auto(0x3, 0x0, 0x8080) bpf$auto(0x7, &(0x7f00000000c0)=@raw_tracepoint={0x9, 0x0, 0x0, 0x6}, 0x3d) socket(0xa, 0x1, 0x100) set_mempolicy$auto(0x1, &(0x7f0000000000)=0x4, 0x21) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) write$auto(0x3, 0x0, 0x100082) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x8) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x2000000008000) r1 = open(&(0x7f0000000000)='./file0\x00', 0x222c0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x20, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty18\x00', 0x40001, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto(0x3, 0x5457, r1) 602.262522ms ago: executing program 6 (id=3943): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0x2, 0x3, 0x2) setsockopt$auto(0x3, 0x0, 0xc8, 0xfffffffffffffffc, 0x4) madvise$auto(0x400, 0x8, 0xffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/dummy_hcd.6/usb7/devnum\x00', 0x102, 0x0) ioctl$auto(0x3, 0x80108907, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) migrate_pages$auto(0x0, 0x2b59, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$auto_SOUND_MIXER_READ_RECSRC(0xffffffffffffffff, 0x80044dff, &(0x7f00000012c0)) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x23, 0x0) r0 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r0, 0x0, 0x4) socket(0x10, 0x2, 0x4) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, 0x0, 0x80240, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd, 0x5, 0x9487, 0x445f, 0x15f4da0a, 0x1, 0x81, 0xf8bd, 0x100, 0x4, 0x392, 0xfffffffffffffffd, 0x2, 0x2]}, 0x0) mmap$auto(0x0, 0xffff, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x84) 418.570755ms ago: executing program 4 (id=3944): ioctl$auto_FS_IOC_RESVSP64(0xffffffffffffffff, 0x4030582a, 0xfffffffffffffffc) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x84) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = socket(0x2, 0x1, 0x0) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x2b}}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c00, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x3}, 0x7}, 0x3, 0xcad7) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) write$auto(0x3, 0x0, 0x100085) close_range$auto(0x2, 0xffffffffffffffff, 0x0) 266.67288ms ago: executing program 4 (id=3945): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x11, 0x80000, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) mount$auto(0x0, 0x0, 0x0, 0x0, 0x0) fspick$auto(0xffffffffffffffff, 0x0, 0x9) mmap$auto(0x4, 0x40009, 0x4, 0x9b72, 0x7, 0x27ffe) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6a) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x5, 0x311) io_uring_setup$auto(0x2, 0x0) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x101, 0x103) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000004c0)='/sys/devices/system/cpu/vulnerabilities/spectre_v2\x00', 0x40780, 0x0) read$auto(r0, 0x0, 0x400006) 128.019385ms ago: executing program 5 (id=3946): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x29, 0xa, 0xb) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mremap$auto(0x1ff000, 0x100005, 0x843, 0x3, 0x2) mremap$auto(0xfffff000, 0x4, 0x4, 0x6, 0x1001ff000) r3 = prctl$auto(0x38, 0x1, 0x4, 0xd73, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) fgetxattr$auto(r0, &(0x7f0000000280)='\\@--*\x86\\#]:+]\xc5\x00', 0x0, 0x0) getsockopt$auto(r3, 0x0, 0x2, 0xffffffffffffffff, 0x0) connect$auto(0x3, 0x0, 0x54) r4 = socket(0x2b, 0x1, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/nbd13/trace/pid\x00', 0x62142, 0x0) setsockopt$auto_SO_BSDCOMPAT(r4, 0x6, 0xe, 0x0, 0x80001) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmsg$auto_CTRL_CMD_GETPOLICY(r1, 0x0, 0x10) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, 0x0, 0x40000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 86.032126ms ago: executing program 4 (id=3947): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r0 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) mmap$auto(0x0, 0x20009, 0x4000000000db, 0xeb1, 0x400, 0x8000) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) getcwd$auto(0x0, 0x7) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0x1, 0x0, 0x80000000) io_uring_setup$auto(0x6, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001100), 0xffffffffffffffff) openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xe0180, 0x0) 0s ago: executing program 7 (id=3948): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/netfilter/nf_log/6\x00', 0xa0202, 0x0) sendfile$auto(r0, r0, 0x0, 0x2004) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) keyctl$auto(0x1c, 0x0, 0x0, 0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000280), 0x6082, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$auto_OVS_FLOW_CMD_DEL(r3, &(0x7f0000000240)={0x0, 0xfffffffffffffd7c, &(0x7f0000000200)={&(0x7f0000000180)={0x24, r4, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_KEY={0x4}, @OVS_FLOW_ATTR_KEY={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x105, 0x0, 0x0, @fd=r3}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x800) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x73) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x5) r5 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmsg$auto_IPVS_CMD_GET_DEST(r5, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000040)={0xd4, 0x0, 0x100, 0x70bd29, 0x2, {}, [@IPVS_CMD_ATTR_DAEMON={0xa2, 0x3, 0x0, 0x1, [@generic="e3187676f562d8ef2167ee5ae9114568e80ca9e3c331336024c3394b1a0a71dd394bd4b39b7877fd8957dc48c98b488f5913877ee9af71cdf84d3e77682cb794a61ac070d4176ccd723ea8a780d852facf459ed6498c4849d66b94f43281", @generic="b00b2f0aee50dce6365dc7242c84b4442c2403c1d239fee37fc18a3df7718ee612de0e1cca551cb39e572479c2b8109521c68aacb362688b1e48896e", @nested={0x4, 0x6f}]}, @IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@nested={0x8, 0x6b, 0x0, 0x1, [@generic, @nested={0x4, 0xdf}]}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}]}, 0xd4}, 0x1, 0x0, 0x0, 0x8845}, 0x0) setdomainname$auto(0x0, 0x7) kernel console output (not intermixed with test programs): /0x10 [ 540.587490][T12864] nci_register_device+0x511/0xb80 [ 540.587521][T12864] ? __pfx_nci_register_device+0x10/0x10 [ 540.587566][T12864] ? lockdep_init_map_type+0x5c/0x250 [ 540.587608][T12864] virtual_ncidev_open+0x141/0x220 [ 540.587656][T12864] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 540.587694][T12864] misc_open+0x26d/0x450 [ 540.587727][T12864] ? __pfx_misc_open+0x10/0x10 [ 540.587758][T12864] chrdev_open+0x234/0x6a0 [ 540.587797][T12864] ? __pfx_apparmor_file_open+0x10/0x10 [ 540.587825][T12864] ? __pfx_chrdev_open+0x10/0x10 [ 540.587867][T12864] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 540.587916][T12864] do_dentry_open+0x6d8/0x1660 [ 540.587955][T12864] ? __pfx_chrdev_open+0x10/0x10 [ 540.588004][T12864] vfs_open+0x82/0x3f0 [ 540.588036][T12864] path_openat+0x208c/0x31a0 [ 540.588089][T12864] ? __pfx_path_openat+0x10/0x10 [ 540.588144][T12864] do_file_open+0x20e/0x430 [ 540.588184][T12864] ? __pfx_do_file_open+0x10/0x10 [ 540.588251][T12864] ? alloc_fd+0x476/0x790 [ 540.588293][T12864] ? do_getname+0x191/0x390 [ 540.588325][T12864] do_sys_openat2+0x10d/0x1e0 [ 540.588355][T12864] ? __pfx_do_sys_openat2+0x10/0x10 [ 540.588399][T12864] __x64_sys_openat+0x12d/0x210 [ 540.588431][T12864] ? __pfx___x64_sys_openat+0x10/0x10 [ 540.588477][T12864] do_syscall_64+0x106/0xf80 [ 540.588511][T12864] ? clear_bhb_loop+0x40/0x90 [ 540.588545][T12864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.588573][T12864] RIP: 0033:0x7fada8b9bf79 [ 540.588597][T12864] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 540.588626][T12864] RSP: 002b:00007fada99b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 540.588659][T12864] RAX: ffffffffffffffda RBX: 00007fada8e15fa0 RCX: 00007fada8b9bf79 [ 540.588678][T12864] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 540.588696][T12864] RBP: 00007fada8c327e0 R08: 0000000000000000 R09: 0000000000000000 [ 540.588713][T12864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 540.588730][T12864] R13: 00007fada8e16038 R14: 00007fada8e15fa0 R15: 00007ffd17a47e88 [ 540.588769][T12864] [ 541.179832][T12869] [U] [ 541.183095][T12869] [U] [ 541.185836][T12869] [U] [ 541.188559][T12869] [U] [ 541.344389][T12869] [U] [ 541.347148][T12869] [U] [ 541.349882][T12869] [U] [ 541.352607][T12869] [U] [ 541.358724][T12869] [U] [ 541.361507][T12869] [U] [ 541.364221][T12869] [U] [ 541.366927][T12869] [U] [ 541.408265][T12869] [U] [ 541.411037][T12869] [U] [ 541.413763][T12869] [U] [ 541.416511][T12869] [U] [ 541.438486][T12869] [U] [ 541.717655][T12878] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2024'. [ 541.989495][T12883] FAULT_INJECTION: forcing a failure. [ 541.989495][T12883] name failslab, interval 1, probability 0, space 0, times 0 [ 542.087343][T12883] CPU: 0 UID: 0 PID: 12883 Comm: syz.4.2027 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 542.087405][T12883] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 542.087420][T12883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 542.087436][T12883] Call Trace: [ 542.087444][T12883] [ 542.087455][T12883] dump_stack_lvl+0x100/0x190 [ 542.087502][T12883] should_fail_ex.cold+0x5/0xa [ 542.087534][T12883] should_failslab+0xc2/0x120 [ 542.087622][T12883] __kmalloc_cache_noprof+0x7a/0x6f0 [ 542.087650][T12883] ? blk_mq_init_allocated_queue+0xcf/0x1440 [ 542.087704][T12883] blk_mq_init_allocated_queue+0xcf/0x1440 [ 542.087753][T12883] ? blk_alloc_queue+0x627/0x790 [ 542.087787][T12883] ? blk_alloc_queue+0x1a3/0x790 [ 542.087819][T12883] ? __kmalloc_node_noprof+0x324/0x850 [ 542.087859][T12883] blk_mq_alloc_queue+0x1bd/0x290 [ 542.087902][T12883] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 542.087962][T12883] ? blk_mq_alloc_tag_set+0xdc0/0x1260 [ 542.088007][T12883] __blk_mq_alloc_disk+0x29/0x120 [ 542.088046][T12883] loop_add+0x498/0xb60 [ 542.088079][T12883] ? __pfx_loop_add+0x10/0x10 [ 542.088130][T12883] ? find_held_lock+0x2b/0x80 [ 542.088166][T12883] ? __fget_files+0x215/0x3d0 [ 542.088202][T12883] loop_control_ioctl+0xae/0x620 [ 542.088236][T12883] ? __pfx_loop_control_ioctl+0x10/0x10 [ 542.088274][T12883] ? __pfx_loop_control_ioctl+0x10/0x10 [ 542.088309][T12883] __x64_sys_ioctl+0x18e/0x210 [ 542.088341][T12883] do_syscall_64+0x106/0xf80 [ 542.088371][T12883] ? clear_bhb_loop+0x40/0x90 [ 542.088402][T12883] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 542.088428][T12883] RIP: 0033:0x7fd523b9bf79 [ 542.088449][T12883] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 542.088474][T12883] RSP: 002b:00007fd524a6c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 542.088497][T12883] RAX: ffffffffffffffda RBX: 00007fd523e15fa0 RCX: 00007fd523b9bf79 [ 542.088514][T12883] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 542.088530][T12883] RBP: 00007fd523c327e0 R08: 0000000000000000 R09: 0000000000000000 [ 542.088553][T12883] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 542.088568][T12883] R13: 00007fd523e16038 R14: 00007fd523e15fa0 R15: 00007ffeecf3bce8 [ 542.088602][T12883] [ 543.173508][T12888] FAULT_INJECTION: forcing a failure. [ 543.173508][T12888] name fail_futex, interval 1, probability 0, space 0, times 0 [ 543.277797][T12888] CPU: 0 UID: 0 PID: 12888 Comm: syz.0.2029 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 543.277857][T12888] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 543.277872][T12888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 543.277888][T12888] Call Trace: [ 543.277896][T12888] [ 543.277907][T12888] dump_stack_lvl+0x100/0x190 [ 543.277953][T12888] should_fail_ex.cold+0x5/0xa [ 543.277985][T12888] get_futex_key+0x1d2/0x1620 [ 543.278019][T12888] ? __pfx_get_futex_key+0x10/0x10 [ 543.278050][T12888] ? kasan_quarantine_put+0x104/0x240 [ 543.278085][T12888] ? lockdep_hardirqs_on+0x78/0x100 [ 543.278127][T12888] futex_wake+0xea/0x530 [ 543.278163][T12888] ? find_held_lock+0x2b/0x80 [ 543.278206][T12888] ? __pfx_futex_wake+0x10/0x10 [ 543.278246][T12888] ? ksys_write+0x190/0x250 [ 543.278282][T12888] ? ksys_write+0x190/0x250 [ 543.278323][T12888] do_futex+0x32b/0x350 [ 543.278355][T12888] ? __pfx_do_futex+0x10/0x10 [ 543.278397][T12888] __x64_sys_futex+0x34f/0x4d0 [ 543.278431][T12888] ? fput+0x79/0x100 [ 543.278455][T12888] ? __pfx___x64_sys_futex+0x10/0x10 [ 543.278498][T12888] ? ksys_write+0x1ac/0x250 [ 543.278535][T12888] ? __pfx_ksys_write+0x10/0x10 [ 543.278584][T12888] do_syscall_64+0x106/0xf80 [ 543.278618][T12888] ? clear_bhb_loop+0x40/0x90 [ 543.278652][T12888] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.278680][T12888] RIP: 0033:0x7fada8b9bf79 [ 543.278704][T12888] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 543.278732][T12888] RSP: 002b:00007fada99b60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 543.278759][T12888] RAX: ffffffffffffffda RBX: 00007fada8e15fa8 RCX: 00007fada8b9bf79 [ 543.278778][T12888] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fada8e15fac [ 543.278796][T12888] RBP: 00007fada8e15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 543.278812][T12888] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000000 [ 543.278828][T12888] R13: 00007fada8e16038 R14: 00007ffd17a47da0 R15: 00007ffd17a47e88 [ 543.278864][T12888] [ 544.763502][T12914] netlink: 186 bytes leftover after parsing attributes in process `syz.0.2036'. [ 545.178040][T12918] FAULT_INJECTION: forcing a failure. [ 545.178040][T12918] name failslab, interval 1, probability 0, space 0, times 0 [ 545.260935][T12918] CPU: 0 UID: 0 PID: 12918 Comm: syz.4.2038 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 545.261000][T12918] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 545.261016][T12918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 545.261032][T12918] Call Trace: [ 545.261041][T12918] [ 545.261052][T12918] dump_stack_lvl+0x100/0x190 [ 545.261098][T12918] should_fail_ex.cold+0x5/0xa [ 545.261131][T12918] should_failslab+0xc2/0x120 [ 545.261174][T12918] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 545.261211][T12918] ? __alloc_skb+0x140/0x710 [ 545.261249][T12918] __alloc_skb+0x140/0x710 [ 545.261279][T12918] ? __alloc_skb+0x5b7/0x710 [ 545.261323][T12918] ? __pfx___alloc_skb+0x10/0x10 [ 545.261366][T12918] skb_copy+0x1ca/0x3a0 [ 545.261403][T12918] tipc_buf_append+0x921/0xc50 [ 545.261435][T12918] ? __asan_memcpy+0x3c/0x60 [ 545.261466][T12918] ? __pfx_tipc_buf_append+0x10/0x10 [ 545.261496][T12918] ? __asan_memmove+0x10/0x60 [ 545.261542][T12918] tipc_msg_reassemble+0x178/0x4f0 [ 545.261573][T12918] ? __pfx_tipc_msg_reassemble+0x10/0x10 [ 545.261610][T12918] ? lockdep_init_map_type+0x5c/0x250 [ 545.261651][T12918] tipc_mcast_xmit+0x56b/0xfc0 [ 545.261685][T12918] ? __pfx_tipc_mcast_xmit+0x10/0x10 [ 545.261710][T12918] ? __asan_memset+0x23/0x50 [ 545.261741][T12918] ? skb_put+0x138/0x180 [ 545.261815][T12918] ? tipc_send_group_bcast+0x76b/0xa20 [ 545.261852][T12918] tipc_send_group_bcast+0x76b/0xa20 [ 545.261903][T12918] ? __pfx_tipc_send_group_bcast+0x10/0x10 [ 545.261942][T12918] ? update_cfs_rq_load_avg+0x51/0x550 [ 545.261977][T12918] ? __pfx_woken_wake_function+0x10/0x10 [ 545.262028][T12918] ? aa_label_sk_perm+0x194/0x5f0 [ 545.262075][T12918] ? __lock_acquire+0x4a5/0x2630 [ 545.262112][T12918] __tipc_sendmsg+0x4a3/0x1ae0 [ 545.262151][T12918] ? __pfx___tipc_sendmsg+0x10/0x10 [ 545.262179][T12918] ? __lock_acquire+0x4a5/0x2630 [ 545.262209][T12918] ? __lock_acquire+0x4a5/0x2630 [ 545.262270][T12918] ? __local_bh_enable_ip+0x9e/0x120 [ 545.262316][T12918] tipc_sendmsg+0x4f/0x70 [ 545.262345][T12918] sock_write_iter+0x566/0x610 [ 545.262390][T12918] ? __pfx_sock_write_iter+0x10/0x10 [ 545.262429][T12918] ? futex_unqueue+0x133/0x2c0 [ 545.262459][T12918] ? futex_unqueue+0x133/0x2c0 [ 545.262500][T12918] ? __futex_wait+0x256/0x300 [ 545.262545][T12918] do_iter_readv_writev+0x6ee/0x920 [ 545.262585][T12918] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 545.262619][T12918] ? common_file_perm+0x1ab/0x4f0 [ 545.262656][T12918] ? bpf_lsm_file_permission+0x9/0x10 [ 545.262693][T12918] ? security_file_permission+0x76/0x210 [ 545.262729][T12918] ? rw_verify_area+0xce/0x6d0 [ 545.262766][T12918] vfs_writev+0x360/0xe10 [ 545.262810][T12918] ? __pfx_vfs_writev+0x10/0x10 [ 545.262872][T12918] ? __fget_files+0x21f/0x3d0 [ 545.262919][T12918] ? do_writev+0x28a/0x340 [ 545.262951][T12918] do_writev+0x28a/0x340 [ 545.262987][T12918] ? __pfx_do_writev+0x10/0x10 [ 545.263032][T12918] do_syscall_64+0x106/0xf80 [ 545.263066][T12918] ? clear_bhb_loop+0x40/0x90 [ 545.263100][T12918] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.263129][T12918] RIP: 0033:0x7fd523b9bf79 [ 545.263154][T12918] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 545.263181][T12918] RSP: 002b:00007fd524a6c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 545.263209][T12918] RAX: ffffffffffffffda RBX: 00007fd523e15fa0 RCX: 00007fd523b9bf79 [ 545.263228][T12918] RDX: 0000000000000008 RSI: 0000200000000100 RDI: 0000000000000003 [ 545.263246][T12918] RBP: 00007fd523c327e0 R08: 0000000000000000 R09: 0000000000000000 [ 545.263263][T12918] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 545.263279][T12918] R13: 00007fd523e16038 R14: 00007fd523e15fa0 R15: 00007ffeecf3bce8 [ 545.263327][T12918] [ 545.263342][T12918] tipc: Failed do clone local mcast rcv buffer [ 545.435371][T12922] netlink: 86 bytes leftover after parsing attributes in process `syz.0.2040'. [ 547.074771][T12936] lo: entered allmulticast mode [ 547.156137][T12936] lo: left allmulticast mode [ 547.434407][T12938] zswap: compressor û not available [ 547.460375][T12942] Setting dangerous option i915.mitigations - tainting kernel [ 547.538109][T12940] Setting dangerous option i915.mitigations - tainting kernel [ 548.823328][T12949] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2046'. [ 548.881613][T12950] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2046'. [ 548.937537][T12950] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2046'. [ 548.950936][T12949] netlink: 306 bytes leftover after parsing attributes in process `syz.1.2046'. [ 549.003259][T12950] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2046'. [ 549.038599][T12950] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2046'. [ 549.100953][T12950] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2046'. [ 549.140964][T12950] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2046'. [ 550.955834][T12974] [U] [ 550.958670][T12974] [U] [ 550.961372][T12974] [U] [ 550.964076][T12974] [U] [ 551.017962][T12974] [U] [ 551.020713][T12974] [U] [ 551.023426][T12974] [U] [ 551.026131][T12974] [U] [ 551.131801][T12974] [U] [ 551.134563][T12974] [U] [ 551.137297][T12974] [U] [ 551.140018][T12974] [U] [ 551.223045][T12974] [U] [ 551.827760][T12969] nvme_fabrics: missing parameter 'transport=%s' [ 551.834273][T12969] nvme_fabrics: missing parameter 'nqn=%s' [ 553.072604][T13002] __nla_validate_parse: 1 callbacks suppressed [ 553.072625][T13002] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2059'. [ 553.775939][T13010] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2061'. [ 554.784196][T13022] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2063'. [ 554.997486][T13016] zswap: compressor not available [ 556.516633][T13043] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2070'. [ 556.614306][T13043] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2070'. [ 557.721960][T13055] zram0: detected capacity change from 0 to 8 [ 559.786873][T13077] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 559.798378][T13077] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 559.804490][T13077] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 560.026921][T13077] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 560.127565][T13077] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 560.133585][T13077] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 560.403489][T13090] FAULT_INJECTION: forcing a failure. [ 560.403489][T13090] name fail_futex, interval 1, probability 0, space 0, times 0 [ 560.493761][T13090] CPU: 0 UID: 0 PID: 13090 Comm: syz.1.2081 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 560.493823][T13090] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 560.493837][T13090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 560.493852][T13090] Call Trace: [ 560.493861][T13090] [ 560.493873][T13090] dump_stack_lvl+0x100/0x190 [ 560.493919][T13090] should_fail_ex.cold+0x5/0xa [ 560.493951][T13090] get_futex_key+0x1d2/0x1620 [ 560.493986][T13090] ? __pfx_get_futex_key+0x10/0x10 [ 560.494018][T13090] ? kasan_quarantine_put+0x104/0x240 [ 560.494054][T13090] ? lockdep_hardirqs_on+0x78/0x100 [ 560.494095][T13090] futex_wake+0xea/0x530 [ 560.494132][T13090] ? find_held_lock+0x2b/0x80 [ 560.494174][T13090] ? __pfx_futex_wake+0x10/0x10 [ 560.494216][T13090] ? ksys_write+0x190/0x250 [ 560.494304][T13090] ? ksys_write+0x190/0x250 [ 560.494349][T13090] do_futex+0x32b/0x350 [ 560.494383][T13090] ? __pfx_do_futex+0x10/0x10 [ 560.494425][T13090] __x64_sys_futex+0x34f/0x4d0 [ 560.494460][T13090] ? fput+0x79/0x100 [ 560.494485][T13090] ? __pfx___x64_sys_futex+0x10/0x10 [ 560.494515][T13090] ? ksys_write+0x1ac/0x250 [ 560.494551][T13090] ? __pfx_ksys_write+0x10/0x10 [ 560.494598][T13090] do_syscall_64+0x106/0xf80 [ 560.494633][T13090] ? clear_bhb_loop+0x40/0x90 [ 560.494666][T13090] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.494695][T13090] RIP: 0033:0x7f707719bf79 [ 560.494718][T13090] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 560.494745][T13090] RSP: 002b:00007f707805b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 560.494773][T13090] RAX: ffffffffffffffda RBX: 00007f7077416098 RCX: 00007f707719bf79 [ 560.494792][T13090] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f707741609c [ 560.494810][T13090] RBP: 00007f7077416090 R08: 0000000000000000 R09: 0000000000000000 [ 560.494827][T13090] R10: 0000000000001000 R11: 0000000000000246 R12: 0000000000000000 [ 560.494844][T13090] R13: 00007f7077416128 R14: 00007ffd284f9b70 R15: 00007ffd284f9c58 [ 560.494882][T13090] [ 561.727305][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 561.736551][T13100] Dead loop on virtual device ip6_vti0, fix it urgently! [ 561.807333][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 561.838157][T13100] Dead loop on virtual device ip6_vti0, fix it urgently! [ 561.845753][T13100] Dead loop on virtual device ip6_vti0, fix it urgently! [ 561.917951][T13100] Dead loop on virtual device ip6_vti0, fix it urgently! [ 561.926173][T13100] Dead loop on virtual device ip6_vti0, fix it urgently! [ 561.984891][T13100] Dead loop on virtual device ip6_vti0, fix it urgently! [ 562.047492][ T51] Bluetooth: hci3: command 0x0c1a tx timeout [ 562.207593][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 562.571538][T13083] Process accounting resumed [ 562.777088][T13107] netlink: 'syz.2.2087': attribute type 1 has an invalid length. [ 562.934968][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.942393][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.890528][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 564.287353][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 565.200642][T13125] FAULT_INJECTION: forcing a failure. [ 565.200642][T13125] name failslab, interval 1, probability 0, space 0, times 0 [ 565.262861][T13125] CPU: 1 UID: 0 PID: 13125 Comm: syz.0.2091 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 565.262933][T13125] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 565.262949][T13125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 565.262967][T13125] Call Trace: [ 565.262975][T13125] [ 565.262986][T13125] dump_stack_lvl+0x100/0x190 [ 565.263033][T13125] should_fail_ex.cold+0x5/0xa [ 565.263066][T13125] should_failslab+0xc2/0x120 [ 565.263107][T13125] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 565.263142][T13125] ? dup_fd+0x4d/0xd10 [ 565.263177][T13125] ? trace_kmalloc+0x101/0x130 [ 565.263222][T13125] dup_fd+0x4d/0xd10 [ 565.263264][T13125] ? apparmor_task_alloc+0x2c1/0x3b0 [ 565.263312][T13125] copy_process+0x2631/0x7a10 [ 565.263363][T13125] ? __pfx_copy_process+0x10/0x10 [ 565.263409][T13125] kernel_clone+0xfc/0x9a0 [ 565.263437][T13125] ? __pfx_futex_wait+0x10/0x10 [ 565.263477][T13125] ? __pfx_kernel_clone+0x10/0x10 [ 565.263526][T13125] __do_sys_clone+0xd9/0x120 [ 565.263556][T13125] ? __pfx___do_sys_clone+0x10/0x10 [ 565.263587][T13125] ? __fget_files+0x21f/0x3d0 [ 565.263651][T13125] do_syscall_64+0x106/0xf80 [ 565.263686][T13125] ? clear_bhb_loop+0x40/0x90 [ 565.263721][T13125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 565.263755][T13125] RIP: 0033:0x7fada8b9bf79 [ 565.263780][T13125] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 565.263808][T13125] RSP: 002b:00007fada99b5fd8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 565.263835][T13125] RAX: ffffffffffffffda RBX: 00007fada8e15fa0 RCX: 00007fada8b9bf79 [ 565.263853][T13125] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 565.263870][T13125] RBP: 00007fada8c327e0 R08: 0000000000000000 R09: 0000000000000000 [ 565.263887][T13125] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 565.263912][T13125] R13: 00007fada8e16038 R14: 00007fada8e15fa0 R15: 00007ffd17a47e88 [ 565.263950][T13125] [ 565.481770][T13130] netlink: 504 bytes leftover after parsing attributes in process `syz.2.2092'. [ 565.492348][T13130] netlink: 350 bytes leftover after parsing attributes in process `syz.2.2092'. [ 566.619518][T13147] vhci_hcd vhci_hcd.2: invalid port number 16 [ 566.639988][T13147] vhci_hcd vhci_hcd.2: invalid port number 16 [ 568.828490][T13176] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 573.180481][T13222] netlink: 'syz.4.2111': attribute type 1 has an invalid length. [ 574.637404][ T51] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 574.637429][ T51] Bluetooth: hci3: unexpected subevent 0x03 length: 725 > 9 [ 574.903688][T13229] netlink: 504 bytes leftover after parsing attributes in process `syz.0.2117'. [ 575.037791][T13229] netlink: 350 bytes leftover after parsing attributes in process `syz.0.2117'. [ 575.145880][T13234] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2119'. [ 575.540286][T13234] i: entered promiscuous mode [ 576.093007][T13243] HfR: entered promiscuous mode [ 588.299151][T13359] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2150'. [ 592.190226][T13395] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2160'. [ 592.233128][T13395] i: entered promiscuous mode [ 592.281073][T13401] openvswitch: HfR: Dropping previously announced user features [ 593.166439][T13411] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2163'. [ 593.346870][T13403] Process accounting paused [ 593.617579][T13415] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2165'. [ 593.689091][T13415] netlink: 'syz.0.2165': attribute type 1 has an invalid length. [ 593.696862][T13415] netlink: 13 bytes leftover after parsing attributes in process `syz.0.2165'. [ 596.236912][T13432] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 597.129971][T13450] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2171'. [ 599.423582][T13473] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2177'. [ 599.704634][T13473] veth1_macvtap: entered allmulticast mode [ 599.982340][T13478] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2180'. [ 605.839914][T13524] netlink: 'syz.1.2186': attribute type 1 has an invalid length. [ 605.978713][T13524] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2186'. [ 606.233297][T13521] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2188'. [ 613.590169][T13594] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2203'. [ 622.144946][T13660] ======================================================= [ 622.144946][T13660] WARNING: The mand mount option has been deprecated and [ 622.144946][T13660] and is ignored by this kernel. Remove the mand [ 622.144946][T13660] option from the mount to silence this warning. [ 622.144946][T13660] ======================================================= [ 624.374849][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.382314][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.458394][T13715] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2231'. [ 629.547337][T13715] veth1_macvtap: entered promiscuous mode [ 629.555155][T13715] veth1_macvtap: entered allmulticast mode [ 633.099645][T13752] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2240'. [ 633.159277][T13750] can: request_module (can-proto-5) failed. [ 645.422746][T13833] netlink: 'syz.0.2261': attribute type 1 has an invalid length. [ 645.500299][T13833] netlink: 17 bytes leftover after parsing attributes in process `syz.0.2261'. [ 656.827931][T13913] : Can't lookup blockdev [ 657.059512][T13915] netlink: 'syz.1.2284': attribute type 4 has an invalid length. [ 657.117427][T13915] netlink: 'syz.1.2284': attribute type 5 has an invalid length. [ 657.125208][T13915] netlink: 10 bytes leftover after parsing attributes in process `syz.1.2284'. [ 659.198532][T13930] Invalid ELF header magic: != ELF [ 660.032963][T13945] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2289'. [ 661.651942][T13955] netlink: 350 bytes leftover after parsing attributes in process `syz.4.2294'. [ 663.912040][T13973] FAULT_INJECTION: forcing a failure. [ 663.912040][T13973] name failslab, interval 1, probability 0, space 0, times 0 [ 664.011708][T13973] CPU: 1 UID: 0 PID: 13973 Comm: syz.1.2299 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 664.011772][T13973] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 664.011787][T13973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 664.011804][T13973] Call Trace: [ 664.011813][T13973] [ 664.011824][T13973] dump_stack_lvl+0x100/0x190 [ 664.011873][T13973] should_fail_ex.cold+0x5/0xa [ 664.011917][T13973] should_failslab+0xc2/0x120 [ 664.011959][T13973] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 664.011996][T13973] ? __d_alloc+0x34/0xa80 [ 664.012038][T13973] ? lockdep_init_map_type+0x5c/0x250 [ 664.012079][T13973] __d_alloc+0x34/0xa80 [ 664.012124][T13973] d_alloc_pseudo+0x1c/0xc0 [ 664.012157][T13973] alloc_file_pseudo+0xcf/0x230 [ 664.012189][T13973] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 664.012219][T13973] ? alloc_fd+0x476/0x790 [ 664.012263][T13973] sock_alloc_file+0x50/0x210 [ 664.012302][T13973] __sys_socket+0x1c0/0x260 [ 664.012331][T13973] ? __pfx___sys_socket+0x10/0x10 [ 664.012368][T13973] __x64_sys_socket+0x72/0xb0 [ 664.012394][T13973] ? lockdep_hardirqs_on+0x78/0x100 [ 664.012430][T13973] do_syscall_64+0x106/0xf80 [ 664.012465][T13973] ? clear_bhb_loop+0x40/0x90 [ 664.012503][T13973] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 664.012532][T13973] RIP: 0033:0x7f707719bf79 [ 664.012555][T13973] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 664.012584][T13973] RSP: 002b:00007f707807c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 664.012611][T13973] RAX: ffffffffffffffda RBX: 00007f7077415fa0 RCX: 00007f707719bf79 [ 664.012630][T13973] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 664.012646][T13973] RBP: 00007f70772327e0 R08: 0000000000000000 R09: 0000000000000000 [ 664.012663][T13973] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 664.012679][T13973] R13: 00007f7077416038 R14: 00007f7077415fa0 R15: 00007ffd284f9c58 [ 664.012716][T13973] [ 665.010032][T13993] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2305'. [ 665.072962][T13988] openvswitch: HfR: Dropping previously announced user features [ 665.089497][T13993] netlink: 'syz.0.2305': attribute type 1 has an invalid length. [ 665.107737][T13993] netlink: 'syz.0.2305': attribute type 6 has an invalid length. [ 667.749359][ T51] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 668.288120][T14032] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2315'. [ 669.521589][T14045] : Can't lookup blockdev [ 669.620919][T14043] netlink: 'syz.1.2319': attribute type 2 has an invalid length. [ 669.663680][T14043] netlink: 'syz.1.2319': attribute type 3 has an invalid length. [ 669.707474][T14043] netlink: 158 bytes leftover after parsing attributes in process `syz.1.2319'. [ 669.768770][T14043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2319'. [ 673.029873][T14095] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2328'. [ 674.072843][T14105] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2335'. [ 675.404991][ T51] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 680.019600][T14179] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2358'. [ 680.975439][T14183] netlink: 2468 bytes leftover after parsing attributes in process `syz.4.2360'. [ 683.908497][T14218] zram: Cannot change disksize for initialized device [ 684.727419][T14224] zswap: compressor not available [ 685.615862][T14245] random: crng reseeded on system resumption [ 685.810627][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.817081][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 685.908250][T14251] futex_wake_op: syz.2.2376 tries to shift op by -2048; fix this program [ 685.935271][T14251] futex_wake_op: syz.2.2376 tries to shift op by -2048; fix this program [ 685.978576][T14245] hub 1-0:1.0: USB hub found [ 686.004302][T14245] hub 1-0:1.0: 1 port detected [ 691.770255][T14275] delete_channel: no stack [ 695.971725][T14349] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2400'. [ 696.945896][T14358] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2402'. [ 697.023984][T14358] hsr_slave_0 (unregistering): left promiscuous mode [ 700.347847][T14380] Invalid ELF header magic: != ELF [ 701.359805][T14394] netlink: 13 bytes leftover after parsing attributes in process `syz.1.2415'. [ 701.625306][T14397] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 702.367647][T14404] netlink: 62 bytes leftover after parsing attributes in process `syz.4.2418'. [ 703.336284][T14426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2424'. [ 712.485738][T14524] netlink: 'syz.1.2448': attribute type 12 has an invalid length. [ 713.550678][T14528] kexec: Could not allocate control_code_buffer [ 719.960980][T14600] netlink: 'syz.4.2468': attribute type 4 has an invalid length. [ 719.996674][T14600] netlink: 314 bytes leftover after parsing attributes in process `syz.4.2468'. [ 720.103928][T14600] IPv6: NLM_F_CREATE should be specified when creating new route [ 721.941829][ T51] Bluetooth: hci3: Malformed Event: 0x13 [ 728.355729][T14705] random: crng reseeded on system resumption [ 731.401273][T14741] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2500'. [ 731.588813][T14744] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2500'. [ 732.762670][T14758] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2509'. [ 733.950808][T14780] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2516'. [ 734.041877][T14780] bond0: entered promiscuous mode [ 734.053481][T14780] bond_slave_0: entered promiscuous mode [ 734.100154][T14780] bond_slave_1: entered promiscuous mode [ 734.134038][T14780] bond0: entered allmulticast mode [ 734.162718][T14780] bond_slave_0: entered allmulticast mode [ 734.211269][T14780] bond_slave_1: entered allmulticast mode [ 734.290601][T14780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 734.447803][T14776] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 735.660152][T14786] kexec: Could not allocate control_code_buffer [ 742.692206][T14858] netlink: 354 bytes leftover after parsing attributes in process `syz.2.2536'. [ 743.075093][T14860] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2537'. [ 743.163039][T14865] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2537'. [ 743.260949][T14862] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2539'. [ 744.499689][T14879] FAULT_INJECTION: forcing a failure. [ 744.499689][T14879] name failslab, interval 1, probability 0, space 0, times 0 [ 744.605496][T14882] netlink: 158 bytes leftover after parsing attributes in process `syz.2.2544'. [ 744.637581][T14879] CPU: 0 UID: 0 PID: 14879 Comm: syz.1.2541 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 744.637643][T14879] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 744.637659][T14879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 744.637675][T14879] Call Trace: [ 744.637684][T14879] [ 744.637696][T14879] dump_stack_lvl+0x100/0x190 [ 744.637744][T14879] should_fail_ex.cold+0x5/0xa [ 744.637778][T14879] should_failslab+0xc2/0x120 [ 744.637820][T14879] __kmalloc_cache_noprof+0x7a/0x6f0 [ 744.637850][T14879] ? refill_pi_state_cache+0x91/0x260 [ 744.637896][T14879] refill_pi_state_cache+0x91/0x260 [ 744.637941][T14879] futex_lock_pi+0x177/0x7b0 [ 744.637984][T14879] ? __pfx_futex_lock_pi+0x10/0x10 [ 744.638025][T14879] ? __pfx___futex_wait+0x10/0x10 [ 744.638063][T14879] ? lockdep_hardirqs_on+0x78/0x100 [ 744.638133][T14879] ? __pfx_futex_wake_mark+0x10/0x10 [ 744.638180][T14879] ? __get_user_nocheck_8+0x20/0x20 [ 744.638212][T14879] ? do_vfs_ioctl+0x226/0x13e0 [ 744.638251][T14879] do_futex+0x18a/0x350 [ 744.638284][T14879] ? __pfx_do_futex+0x10/0x10 [ 744.638319][T14879] ? find_held_lock+0x2b/0x80 [ 744.638366][T14879] __x64_sys_futex+0x34f/0x4d0 [ 744.638404][T14879] ? __pfx___x64_sys_futex+0x10/0x10 [ 744.638451][T14879] do_syscall_64+0x106/0xf80 [ 744.638485][T14879] ? clear_bhb_loop+0x40/0x90 [ 744.638520][T14879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 744.638549][T14879] RIP: 0033:0x7f707719bf79 [ 744.638573][T14879] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 744.638601][T14879] RSP: 002b:00007f707803a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 744.638630][T14879] RAX: ffffffffffffffda RBX: 00007f7077416180 RCX: 00007f707719bf79 [ 744.638650][T14879] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 744.638667][T14879] RBP: 00007f70772327e0 R08: 0000000000000000 R09: 000000008000fff5 [ 744.638684][T14879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 744.638701][T14879] R13: 00007f7077416218 R14: 00007f7077416180 R15: 00007ffd284f9c58 [ 744.638739][T14879] [ 744.657805][T14883] snd_virmidi snd_virmidi.0: control 61678:131081:3:yªƒ>oÆ[k<÷:1 is already present [ 746.445312][T14895] HSR: entered promiscuous mode [ 747.268989][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.275333][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 751.054682][T14950] kexec: Could not allocate control_code_buffer [ 752.569539][T14981] netlink: 186 bytes leftover after parsing attributes in process `syz.2.2571'. [ 754.004564][T14956] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 755.294692][T15012] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2577'. [ 762.088815][T15071] futex_wake_op: syz.0.2594 tries to shift op by -2048; fix this program [ 762.148463][T15071] futex_wake_op: syz.0.2594 tries to shift op by -2048; fix this program [ 762.384750][T15069] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2592'. [ 763.268392][T15075] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2595'. [ 763.542030][T15075] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 763.596666][T15075] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 765.030886][T15101] netlink: 'syz.0.2602': attribute type 3 has an invalid length. [ 765.039443][T15101] netlink: 306 bytes leftover after parsing attributes in process `syz.0.2602'. [ 765.916971][T15113] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2607'. [ 769.589952][T15153] netlink: 13 bytes leftover after parsing attributes in process `syz.4.2617'. [ 770.455336][T15159] netlink: 30 bytes leftover after parsing attributes in process `syz.0.2620'. [ 770.861014][T15168] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2622'. [ 774.059491][T15196] synth uevent: /module/orangefs: unknown uevent action string [ 779.583236][T15228] futex_wake_op: syz.1.2633 tries to shift op by -2048; fix this program [ 779.698517][T15228] futex_wake_op: syz.1.2633 tries to shift op by -2048; fix this program [ 780.487951][T15235] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2637'. [ 780.596052][T15232] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2637'. [ 782.471326][T15253] tipc: Started in network mode [ 782.476290][T15253] tipc: Node identity ee00, cluster identity 4711 [ 782.520428][T15253] tipc: Node number set to 60928 [ 784.902941][T15282] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2647'. [ 786.069027][T15294] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2649'. [ 787.963324][T15318] netlink: 306 bytes leftover after parsing attributes in process `syz.4.2658'. [ 790.260852][T15336] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 791.545421][T15360] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2667'. [ 791.600429][T15360] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 791.879267][T15360] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 794.591375][T15380] zram0: detected capacity change from 8 to 0 [ 795.717057][T15391] FAULT_INJECTION: forcing a failure. [ 795.717057][T15391] name failslab, interval 1, probability 0, space 0, times 0 [ 795.767448][T15391] CPU: 0 UID: 0 PID: 15391 Comm: syz.1.2675 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 795.767485][T15391] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 795.767494][T15391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 795.767503][T15391] Call Trace: [ 795.767509][T15391] [ 795.767515][T15391] dump_stack_lvl+0x100/0x190 [ 795.767542][T15391] should_fail_ex.cold+0x5/0xa [ 795.767561][T15391] should_failslab+0xc2/0x120 [ 795.767584][T15391] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 795.767604][T15391] ? __alloc_skb+0x140/0x710 [ 795.767625][T15391] __alloc_skb+0x140/0x710 [ 795.767642][T15391] ? __pfx___alloc_skb+0x10/0x10 [ 795.767659][T15391] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 795.767676][T15391] ? trace_sched_exit_tp+0x13a/0x180 [ 795.767697][T15391] tcp_stream_alloc_skb+0x34/0x660 [ 795.767723][T15391] tcp_sendmsg_locked+0x133b/0x45f0 [ 795.767747][T15391] ? aa_file_perm+0x268/0x1530 [ 795.767767][T15391] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 795.767783][T15391] ? do_raw_spin_lock+0x128/0x260 [ 795.767803][T15391] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 795.767828][T15391] ? __local_bh_enable_ip+0x9e/0x120 [ 795.767845][T15391] tcp_sendmsg+0x2e/0x50 [ 795.767858][T15391] ? __pfx_tcp_sendmsg+0x10/0x10 [ 795.767874][T15391] inet_sendmsg+0xb9/0x140 [ 795.767899][T15391] sock_write_iter+0x509/0x610 [ 795.767938][T15391] ? __pfx_sock_write_iter+0x10/0x10 [ 795.767986][T15391] ? bpf_lsm_file_permission+0x9/0x10 [ 795.768014][T15391] ? security_file_permission+0x76/0x210 [ 795.768034][T15391] ? rw_verify_area+0xce/0x6d0 [ 795.768053][T15391] vfs_write+0x6ac/0x1070 [ 795.768073][T15391] ? __pfx_sock_write_iter+0x10/0x10 [ 795.768097][T15391] ? __pfx_vfs_write+0x10/0x10 [ 795.768114][T15391] ? find_held_lock+0x2b/0x80 [ 795.768149][T15391] ksys_write+0x1f8/0x250 [ 795.768168][T15391] ? __pfx_ksys_write+0x10/0x10 [ 795.768192][T15391] do_syscall_64+0x106/0xf80 [ 795.768211][T15391] ? clear_bhb_loop+0x40/0x90 [ 795.768237][T15391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.768253][T15391] RIP: 0033:0x7f707719bf79 [ 795.768267][T15391] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.768282][T15391] RSP: 002b:00007f707807c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 795.768298][T15391] RAX: ffffffffffffffda RBX: 00007f7077415fa0 RCX: 00007f707719bf79 [ 795.768307][T15391] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 795.768316][T15391] RBP: 00007f70772327e0 R08: 0000000000000000 R09: 0000000000000000 [ 795.768325][T15391] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.768337][T15391] R13: 00007f7077416038 R14: 00007f7077415fa0 R15: 00007ffd284f9c58 [ 795.768357][T15391] [ 801.822468][T15443] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2687'. [ 803.377439][ T51] Bluetooth: hci4: ISO packet for unknown connection handle 0 [ 805.035527][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032f15000: rx timeout, send abort [ 805.543981][ C0] vcan0: j1939_tp_rxtimer: 0xffff888032f15000: abort rx timeout. Force session deactivation [ 805.748428][T15488] usb usb13: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 805.878295][T15492] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2698'. [ 806.279002][T15497] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 807.292328][T15513] random: crng reseeded on system resumption [ 808.007031][T15519] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2710'. [ 808.695543][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.701964][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 813.573851][T15566] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2722'. [ 814.710278][T15588] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2727'. [ 815.435249][T15598] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2731'. [ 820.321758][T15640] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2740'. [ 820.403176][T15635] Invalid ELF header magic: != ELF [ 821.917937][T15665] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 830.635403][T15739] bond0: option slaves: interface -Âô]àæ©=,Dço does not exist! [ 831.488769][T15747] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2767'. [ 831.499905][T15747] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2767'. [ 837.696951][T15793] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2781'. [ 839.244482][T15813] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2785'. [ 843.476182][T15829] kexec: Could not allocate control_code_buffer [ 844.629896][T15853] netlink: 'syz.0.2797': attribute type 64 has an invalid length. [ 844.672741][T15853] netlink: 74 bytes leftover after parsing attributes in process `syz.0.2797'. [ 845.206797][T15857] Invalid ELF header magic: != ELF [ 845.345342][T15857] delete_channel: no stack [ 845.514175][T15864] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2800'. [ 846.373638][T15876] hub 1-0:1.0: USB hub found [ 846.404569][T15876] hub 1-0:1.0: 1 port detected [ 852.184507][T15937] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2816'. [ 855.310730][ C0] vcan0: j1939_tp_rxtimer: 0xffff888058d19000: rx timeout, send abort [ 855.325598][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888058d19000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 857.174276][ C0] vcan0: j1939_tp_rxtimer: 0xffff888058d1ac00: rx timeout, send abort [ 857.682708][ C0] vcan0: j1939_tp_rxtimer: 0xffff888058d1ac00: abort rx timeout. Force session deactivation [ 858.033558][T15963] FAULT_INJECTION: forcing a failure. [ 858.033558][T15963] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 858.249716][T15963] CPU: 0 UID: 0 PID: 15963 Comm: syz.1.2820 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 858.249773][T15963] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 858.249788][T15963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 858.249804][T15963] Call Trace: [ 858.249813][T15963] [ 858.249823][T15963] dump_stack_lvl+0x100/0x190 [ 858.249870][T15963] should_fail_ex.cold+0x5/0xa [ 858.249901][T15963] _copy_from_user+0x2e/0xd0 [ 858.249936][T15963] do_sock_getsockopt+0x30b/0x3d0 [ 858.249981][T15963] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 858.250036][T15963] __sys_getsockopt+0x133/0x1d0 [ 858.250077][T15963] ? __x64_sys_getsockopt+0xbd/0x160 [ 858.250112][T15963] __x64_sys_getsockopt+0xbd/0x160 [ 858.250147][T15963] ? do_syscall_64+0x95/0xf80 [ 858.250182][T15963] ? lockdep_hardirqs_on+0x78/0x100 [ 858.250219][T15963] do_syscall_64+0x106/0xf80 [ 858.250254][T15963] ? clear_bhb_loop+0x40/0x90 [ 858.250288][T15963] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 858.250315][T15963] RIP: 0033:0x7f707719bf79 [ 858.250338][T15963] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 858.250364][T15963] RSP: 002b:00007f707805b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 858.250390][T15963] RAX: ffffffffffffffda RBX: 00007f7077416090 RCX: 00007f707719bf79 [ 858.250409][T15963] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000004 [ 858.250426][T15963] RBP: 00007f70772327e0 R08: 0000200000000280 R09: 0000000000000000 [ 858.250445][T15963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 858.250462][T15963] R13: 00007f7077416128 R14: 00007f7077416090 R15: 00007ffd284f9c58 [ 858.250499][T15963] [ 860.075638][T15989] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2834'. [ 860.405122][T15989] bond0 (unregistering): (slave ›): Releasing backup interface [ 860.511664][T15989] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 860.619298][T15989] bond0 (unregistering): Released all slaves [ 861.462120][T16003] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2830'. [ 861.773684][T16008] netlink: 25 bytes leftover after parsing attributes in process `syz.4.2832'. [ 867.325152][ T30] audit: type=1326 audit(4294967330.910:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16064 comm="syz.2.2850" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f197cd9bf79 code=0x0 [ 869.716078][T16098] can0: slcan on ptm0. [ 870.047423][T16097] can0 (unregistered): slcan off ptm0. [ 870.071285][T16100] kexec: Could not allocate control_code_buffer [ 870.163293][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.169645][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 874.326896][T16142] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input17 [ 874.682389][T16151] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2867'. [ 876.334496][ T51] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 879.690809][T16216] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2881'. [ 881.490055][T16235] FAULT_INJECTION: forcing a failure. [ 881.490055][T16235] name failslab, interval 1, probability 0, space 0, times 0 [ 881.503127][T16235] CPU: 0 UID: 0 PID: 16235 Comm: syz.1.2885 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 881.503162][T16235] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 881.503171][T16235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 881.503181][T16235] Call Trace: [ 881.503187][T16235] [ 881.503193][T16235] dump_stack_lvl+0x100/0x190 [ 881.503220][T16235] should_fail_ex.cold+0x5/0xa [ 881.503239][T16235] should_failslab+0xc2/0x120 [ 881.503262][T16235] __kmalloc_cache_noprof+0x7a/0x6f0 [ 881.503279][T16235] ? ip6addrlbl_add+0xe0/0xdb0 [ 881.503298][T16235] ip6addrlbl_add+0xe0/0xdb0 [ 881.503318][T16235] ip6addrlbl_net_init+0x10a/0x330 [ 881.503334][T16235] ? __pfx_ip6addrlbl_net_init+0x10/0x10 [ 881.503349][T16235] ops_init+0x1e2/0x5f0 [ 881.503371][T16235] setup_net+0x118/0x3a0 [ 881.503391][T16235] ? __pfx_setup_net+0x10/0x10 [ 881.503409][T16235] ? lockdep_init_map_type+0x5c/0x250 [ 881.503430][T16235] ? mutex_init_lockep+0x110/0x150 [ 881.503451][T16235] copy_net_ns+0x46f/0x7c0 [ 881.503474][T16235] create_new_namespaces+0x3ea/0xac0 [ 881.503502][T16235] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 881.503519][T16235] ksys_unshare+0x455/0xab0 [ 881.503538][T16235] ? __pfx_ksys_unshare+0x10/0x10 [ 881.503563][T16235] __x64_sys_unshare+0x31/0x40 [ 881.503580][T16235] do_syscall_64+0x106/0xf80 [ 881.503602][T16235] ? clear_bhb_loop+0x40/0x90 [ 881.503621][T16235] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.503637][T16235] RIP: 0033:0x7f707719bf79 [ 881.503650][T16235] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 881.503666][T16235] RSP: 002b:00007f707807c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 881.503681][T16235] RAX: ffffffffffffffda RBX: 00007f7077415fa0 RCX: 00007f707719bf79 [ 881.503691][T16235] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 881.503700][T16235] RBP: 00007f70772327e0 R08: 0000000000000000 R09: 0000000000000000 [ 881.503710][T16235] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 881.503718][T16235] R13: 00007f7077416038 R14: 00007f7077415fa0 R15: 00007ffd284f9c58 [ 881.503738][T16235] [ 883.628997][T16256] netlink: set zone limit has 8 unknown bytes [ 883.749536][T16256] netlink: zone id is out of range [ 883.811257][T16256] netlink: zone id is out of range [ 883.867775][T16256] netlink: zone id is out of range [ 883.893764][T16256] netlink: zone id is out of range [ 883.914554][T16256] netlink: zone id is out of range [ 883.973772][T16256] netlink: zone id is out of range [ 884.165973][T16256] netlink: zone id is out of range [ 884.171133][T16256] netlink: zone id is out of range [ 884.312685][T16256] netlink: zone id is out of range [ 885.493473][T16276] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2896'. [ 885.573110][T16271] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2896'. [ 889.873207][T16307] random: crng reseeded on system resumption [ 890.213932][T16307] hub 1-0:1.0: USB hub found [ 890.258069][T16307] hub 1-0:1.0: 1 port detected [ 893.725236][ T5834] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 896.514640][T16354] futex_wake_op: syz.4.2912 tries to shift op by -2048; fix this program [ 896.543336][T16354] futex_wake_op: syz.4.2912 tries to shift op by -2048; fix this program [ 896.653543][T16354] 0x000000000001-0x000000020000 : "" [ 896.686319][T16354] ftl_cs: FTL header corrupt! [ 897.655522][T16358] Invalid ELF header magic: != ELF [ 899.473819][T16383] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input19 [ 902.763355][T16395] netlink: 'syz.4.2921': attribute type 2 has an invalid length. [ 905.002012][T16412] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2927'. [ 905.113328][T16414] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2927'. [ 906.267328][T16425] random: crng reseeded on system resumption [ 906.414588][T16429] hub 1-0:1.0: USB hub found [ 906.502812][T16429] hub 1-0:1.0: 1 port detected [ 907.625634][ T30] audit: type=1800 audit(4294967371.210:21): pid=16440 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2933" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 909.454478][ C0] vcan0: j1939_tp_rxtimer: 0xffff888078741800: rx timeout, send abort [ 909.483950][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888078741800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 911.656050][ C0] vcan0: j1939_tp_rxtimer: 0xffff888078742800: rx timeout, send abort [ 912.164721][ C0] vcan0: j1939_tp_rxtimer: 0xffff888078742800: abort rx timeout. Force session deactivation [ 913.196953][T16490] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2945'. [ 914.477884][T16501] zswap: compressor not available [ 915.596695][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805c9bac00: rx timeout, send abort [ 915.625318][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c9bac00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 917.346800][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880203ad000: rx timeout, send abort [ 917.734877][T16533] random: crng reseeded on system resumption [ 917.855163][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880203ad000: abort rx timeout. Force session deactivation [ 917.895973][T16534] hub 1-0:1.0: USB hub found [ 917.933070][T16534] hub 1-0:1.0: 1 port detected [ 924.148795][T16587] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2970'. [ 924.205362][T16588] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 926.677007][T16615] futex_wake_op: syz.0.2975 tries to shift op by -2048; fix this program [ 926.719510][T16615] futex_wake_op: syz.0.2975 tries to shift op by -2048; fix this program [ 928.275564][T16631] netlink: 'syz.4.2988': attribute type 1 has an invalid length. [ 929.864703][T16647] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2992'. [ 931.569476][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.575982][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.756410][T16698] ptrace attach of "./syz-executor exec"[5822] was attempted by "¶P½ã®o1Q[¥bP\x0d fàÌ€è=ô¶æðd\x0c„}vmÝ;å½âï=㧚‚ƽ¿\x22›øÝ¡û\x0c\x0cÔbê®\x0aBåâç…½bJÒɽÍZd\x0bSC[u‰š.¤°ñ0\x1b…¡W­4aÇžO%¬ŸÓ“_×ׇ?ôåÆù15¹A«ußKÔî§äv½‚raWi\x5c0ø5EéÏ«ìîÊÔÑoÆþ|EÌd¡Ykæ‘gâ…ñ*ņÍE*ݘ’oÅ‹ævŠõ$gKÏËã\x0aÖ ¯ wP fþÑœ¢Ì[šLYùx%\x0b;áŒlý\x09‹&ª°›ÍKG…0n}ÒRw^·¡ [ 935.184560][T16715] Invalid ELF header magic: != ELF [ 940.424314][T16763] zswap: compressor not available [ 941.527614][T16770] kexec: Could not allocate control_code_buffer [ 947.155866][T16843] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3025'. [ 947.396136][T16843] macsec0: entered promiscuous mode [ 947.450180][T16843] macsec0: entered allmulticast mode [ 947.482435][T16843] veth1_macvtap: entered allmulticast mode [ 947.843181][T16851] binder: 16850:16851 ioctl c018620c 0 returned -1 [ 947.890829][T16851] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3028'. [ 952.630926][T16904] kexec: Could not allocate control_code_buffer [ 953.464885][T16912] kexec: Could not allocate control_code_buffer [ 954.243345][T16931] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input21 [ 957.015543][T16966] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3052'. [ 968.561711][ T5834] Bluetooth: hci0: ACL packet too small [ 969.212350][T17085] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3075'. [ 969.397302][T17090] netlink: 'syz.1.3075': attribute type 1 has an invalid length. [ 969.575575][T17090] netlink: 51505 bytes leftover after parsing attributes in process `syz.1.3075'. [ 970.326595][ T30] audit: type=1800 audit(4294967433.890:22): pid=17101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3077" name="dbroot" dev="configfs" ino=632640 res=0 errno=0 [ 978.821892][T17171] FAULT_INJECTION: forcing a failure. [ 978.821892][T17171] name failslab, interval 1, probability 0, space 0, times 0 [ 978.866432][T17171] CPU: 1 UID: 0 PID: 17171 Comm: syz.1.3094 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 978.866479][T17171] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 978.866491][T17171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 978.866501][T17171] Call Trace: [ 978.866507][T17171] [ 978.866513][T17171] dump_stack_lvl+0x100/0x190 [ 978.866540][T17171] should_fail_ex.cold+0x5/0xa [ 978.866559][T17171] should_failslab+0xc2/0x120 [ 978.866581][T17171] __kvmalloc_node_noprof+0xfa/0xa00 [ 978.866601][T17171] ? alloc_fdtable+0x17f/0x2d0 [ 978.866625][T17171] alloc_fdtable+0x17f/0x2d0 [ 978.866646][T17171] dup_fd+0x995/0xd10 [ 978.866669][T17171] ? apparmor_task_alloc+0x2c1/0x3b0 [ 978.866696][T17171] copy_process+0x2631/0x7a10 [ 978.866722][T17171] ? __pfx_copy_process+0x10/0x10 [ 978.866747][T17171] ? find_held_lock+0x2b/0x80 [ 978.866779][T17171] kernel_clone+0xfc/0x9a0 [ 978.866795][T17171] ? __pfx_futex_wait+0x10/0x10 [ 978.866818][T17171] ? __pfx_kernel_clone+0x10/0x10 [ 978.866844][T17171] __do_sys_clone+0xd9/0x120 [ 978.866861][T17171] ? __pfx___do_sys_clone+0x10/0x10 [ 978.866877][T17171] ? find_held_lock+0x2b/0x80 [ 978.866914][T17171] do_syscall_64+0x106/0xf80 [ 978.866933][T17171] ? clear_bhb_loop+0x40/0x90 [ 978.866951][T17171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 978.866966][T17171] RIP: 0033:0x7f707719bf79 [ 978.866980][T17171] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 978.866995][T17171] RSP: 002b:00007f707807bfd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 978.867010][T17171] RAX: ffffffffffffffda RBX: 00007f7077415fa0 RCX: 00007f707719bf79 [ 978.867020][T17171] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000004001000 [ 978.867029][T17171] RBP: 00007f70772327e0 R08: 0000000000000000 R09: 0000000000000000 [ 978.867038][T17171] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 978.867047][T17171] R13: 00007f7077416038 R14: 00007f7077415fa0 R15: 00007ffd284f9c58 [ 978.867066][T17171] [ 979.768497][T17176] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3096'. [ 981.104518][ T5834] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 981.104558][ T5834] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 981.119487][ T5834] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 981.119554][ T5834] Bluetooth: hci0: adv larger than maximum supported [ 981.127201][ T5834] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 981.135171][ T5834] Bluetooth: hci0: adv larger than maximum supported [ 981.145282][ T5834] Bluetooth: hci0: adv larger than maximum supported [ 981.152009][ T5834] Bluetooth: hci0: Malformed LE Event: 0x0d [ 982.562980][T17202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3101'. [ 982.614980][T17202] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3101'. [ 983.333827][ T30] audit: type=1326 audit(4294967446.910:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17209 comm="syz.4.3103" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd523b9bf79 code=0x0 [ 985.219432][T17214] kexec: Could not allocate control_code_buffer [ 985.818475][T17234] Console: switching to colour VGA+ 80x25 [ 991.377405][ T30] audit: type=1326 audit(4294967454.960:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17259 comm="syz.2.3115" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f197cd9bf79 code=0x0 [ 992.514376][T17280] netlink: 5 bytes leftover after parsing attributes in process `syz.1.3119'. [ 993.005690][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.012315][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1006.655937][T17420] zswap: compressor not available [ 1009.987265][T17454] netlink: 'syz.4.3154': attribute type 2 has an invalid length. [ 1009.995165][T17454] netlink: 5 bytes leftover after parsing attributes in process `syz.4.3154'. [ 1010.304764][T17425] kexec: Could not allocate control_code_buffer [ 1010.918047][T17466] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3157'. [ 1014.166699][T17500] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3168'. [ 1014.178584][T17500] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3168'. [ 1014.474867][T17507] futex_wake_op: syz.4.3169 tries to shift op by -2048; fix this program [ 1014.534933][T17507] futex_wake_op: syz.4.3169 tries to shift op by -2048; fix this program [ 1015.002760][T17519] random: crng reseeded on system resumption [ 1019.448740][T17559] random: crng reseeded on system resumption [ 1020.479573][ T30] audit: type=1800 audit(4294967484.060:25): pid=17573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3185" name="features" dev="configfs" ino=681428 res=0 errno=0 [ 1024.861739][T17617] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3196'. [ 1025.990841][T17631] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3200'. [ 1026.064458][T17631] netlink: 'syz.4.3200': attribute type 1 has an invalid length. [ 1026.072234][T17631] netlink: 'syz.4.3200': attribute type 6 has an invalid length. [ 1030.555098][T17682] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3213'. [ 1033.668404][T17706] FAULT_INJECTION: forcing a failure. [ 1033.668404][T17706] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1033.681340][T17706] CPU: 1 UID: 0 PID: 17706 Comm: syz.1.3219 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1033.681376][T17706] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1033.681385][T17706] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1033.681396][T17706] Call Trace: [ 1033.681401][T17706] [ 1033.681408][T17706] dump_stack_lvl+0x100/0x190 [ 1033.681434][T17706] should_fail_ex.cold+0x5/0xa [ 1033.681494][T17706] should_fail_futex+0x4c/0x60 [ 1033.681512][T17706] futex_lock_pi_atomic+0xe7/0xaf0 [ 1033.681537][T17706] futex_lock_pi+0x246/0x7b0 [ 1033.681560][T17706] ? __pfx_futex_lock_pi+0x10/0x10 [ 1033.681582][T17706] ? __pfx___futex_wait+0x10/0x10 [ 1033.681620][T17706] ? __pfx_futex_wake_mark+0x10/0x10 [ 1033.681645][T17706] ? ksys_write+0x190/0x250 [ 1033.681664][T17706] ? ksys_write+0x190/0x250 [ 1033.681687][T17706] do_futex+0x18a/0x350 [ 1033.681705][T17706] ? __pfx_do_futex+0x10/0x10 [ 1033.681726][T17706] __x64_sys_futex+0x34f/0x4d0 [ 1033.681746][T17706] ? __pfx___x64_sys_futex+0x10/0x10 [ 1033.681770][T17706] do_syscall_64+0x106/0xf80 [ 1033.681788][T17706] ? clear_bhb_loop+0x40/0x90 [ 1033.681806][T17706] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1033.681822][T17706] RIP: 0033:0x7f707719bf79 [ 1033.681836][T17706] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1033.681851][T17706] RSP: 002b:00007f707807c028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1033.681867][T17706] RAX: ffffffffffffffda RBX: 00007f7077415fa0 RCX: 00007f707719bf79 [ 1033.681877][T17706] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 1033.681886][T17706] RBP: 00007f70772327e0 R08: 0000000000000000 R09: 000000008000fff5 [ 1033.681895][T17706] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1033.681903][T17706] R13: 00007f7077416038 R14: 00007f7077415fa0 R15: 00007ffd284f9c58 [ 1033.681923][T17706] [ 1042.682722][ T5834] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1043.259383][T17806] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3237'. [ 1044.338723][T17817] __vm_enough_memory: pid: 17817, comm: syz.0.3238, bytes: 8589938688 not enough memory for the allocation [ 1044.372060][T17799] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888078000680 pfn:0x78000 [ 1044.430999][T17799] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1044.467175][T17799] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 1044.542000][T17799] raw: ffff888078000680 0000000000000000 00000001ffffffff 0000000000000000 [ 1044.688979][T17799] page dumped because: unmovable page [ 1044.776560][T17799] page_owner tracks the page as allocated [ 1044.782331][T17799] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x92c00(GFP_NOIO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC), pid 6488, tgid 6485 (syz.1.191), ts 122356825038, free_ts 122179454783 [ 1044.917662][T17799] register_dummy_stack+0x74/0xb0 [ 1044.947855][T17799] init_page_owner+0x42/0xa20 [ 1044.995960][T17799] page_ext_init+0x71d/0x780 [ 1045.000633][T17799] mm_core_init+0x1e5/0x230 [ 1045.071936][T17799] page last free pid 6500 tgid 6499 stack trace: [ 1045.092805][T17799] __free_frozen_pages+0x7ca/0x10a0 [ 1045.123873][T17799] qlist_free_all+0x47/0xe0 [ 1045.153070][T17799] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1045.202633][T17799] __kasan_slab_alloc+0x69/0x90 [ 1045.207554][T17799] kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 1045.253810][T17799] __alloc_skb+0x140/0x710 [ 1045.258302][T17799] netlink_dump+0x19b/0xd30 [ 1045.368948][T17799] netlink_recvmsg+0x7dc/0xa90 [ 1045.400413][T17799] ____sys_recvmsg+0x5f7/0x6b0 [ 1045.430997][T17799] ___sys_recvmsg+0x16a/0x1a0 [ 1045.471744][T17799] do_recvmmsg+0x301/0x760 [ 1045.492685][T17799] __x64_sys_recvmmsg+0x22a/0x280 [ 1045.522843][T17799] do_syscall_64+0x106/0xf80 [ 1045.527509][T17799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1046.147831][T17839] can0: slcan on ttyS2. [ 1046.476146][T17838] can0 (unregistered): slcan off ttyS2. [ 1048.320949][T17868] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3248'. [ 1048.424517][T17873] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3249'. [ 1048.874295][ T30] audit: type=1800 audit(4294967512.450:26): pid=17881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3250" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1051.295475][T17905] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1051.483750][T17905] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1051.524077][T17905] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1051.530256][T17905] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1051.687506][T17905] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1053.332930][ T5834] Bluetooth: hci0: command 0x0c1a tx timeout [ 1053.563008][ T5834] Bluetooth: hci4: command 0x0406 tx timeout [ 1053.569066][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 1053.575196][ T51] Bluetooth: hci1: command 0x0c1a tx timeout [ 1054.448889][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.473169][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.078979][T17944] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3259'. [ 1055.276531][T17944] netlink: 354 bytes leftover after parsing attributes in process `syz.0.3259'. [ 1055.645601][ T5834] Bluetooth: hci4: command 0x0406 tx timeout [ 1056.254220][T17927] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1056.972185][T17947] kexec: Could not allocate control_code_buffer [ 1060.314163][T18001] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input22 [ 1065.380631][T18036] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3281'. [ 1067.825821][T18069] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3288'. [ 1073.635916][ T5834] Bluetooth: hci1: Malformed Event: 0x02 [ 1078.136438][T18174] Bluetooth: hci0: Malformed Event: 0x02 [ 1079.658907][T18216] can0: slcan on pty83. [ 1079.793689][T18215] can0 (unregistered): slcan off pty83. [ 1080.058200][T18226] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3321'. [ 1080.068943][T18226] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3321'. [ 1080.845918][T18239] hub 1-0:1.0: USB hub found [ 1080.886582][T18239] hub 1-0:1.0: 1 port detected [ 1082.786698][T18290] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3332'. [ 1083.832426][T18301] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3343'. [ 1087.173274][T18349] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3346'. [ 1089.266414][T18381] misc userio: Invalid payload size [ 1091.674034][T18408] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 1091.951239][T18424] random: crng reseeded on system resumption [ 1093.371783][T18455] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3373'. [ 1094.553306][T18462] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1094.559375][T18462] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1094.587461][T18462] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1094.609350][T18462] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1095.550444][T18488] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3381'. [ 1095.882917][T18174] Bluetooth: hci0: command 0x0c1a tx timeout [ 1096.114146][T18502] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2570843302 (329067942656 ns) > initial count (145675149184 ns). Using initial count to start timer. [ 1096.614087][T18174] Bluetooth: hci3: command 0x0c1a tx timeout [ 1096.625086][T18161] Bluetooth: hci1: command 0x0c1a tx timeout [ 1096.682895][T18161] Bluetooth: hci4: command 0x0406 tx timeout [ 1099.759116][T18568] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3403'. [ 1099.773228][T18568] netlink: 'syz.1.3403': attribute type 1 has an invalid length. [ 1099.812694][T18568] netlink: 'syz.1.3403': attribute type 6 has an invalid length. [ 1101.058160][T18516] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1101.068625][T18516] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1101.077720][T18516] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1101.090783][T18516] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1101.103353][T18516] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1101.515020][T18616] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3413'. [ 1101.541066][T18613] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3413'. [ 1101.561878][T18616] netlink: 93 bytes leftover after parsing attributes in process `syz.0.3413'. [ 1101.631747][T18599] chnl_net:caif_netlink_parms(): no params data found [ 1101.797893][T18599] bridge0: port 1(bridge_slave_0) entered blocking state [ 1101.811321][T18599] bridge0: port 1(bridge_slave_0) entered disabled state [ 1101.820405][T18599] bridge_slave_0: entered allmulticast mode [ 1101.827711][T18599] bridge_slave_0: entered promiscuous mode [ 1101.836668][T18599] bridge0: port 2(bridge_slave_1) entered blocking state [ 1101.843957][T18599] bridge0: port 2(bridge_slave_1) entered disabled state [ 1101.851490][T18599] bridge_slave_1: entered allmulticast mode [ 1101.859570][T18599] bridge_slave_1: entered promiscuous mode [ 1101.921585][T18599] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1101.936634][T18599] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1101.973491][T18599] team0: Port device team_slave_0 added [ 1101.983910][T18599] team0: Port device team_slave_1 added [ 1102.027270][T18599] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1102.034577][T18599] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1102.061654][T18599] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1102.077025][T18599] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1102.084573][T18599] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1102.110934][T18599] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1102.182533][T18599] hsr_slave_0: entered promiscuous mode [ 1102.189082][T18599] hsr_slave_1: entered promiscuous mode [ 1102.195599][T18599] debugfs: 'hsr0' already exists in 'hsr' [ 1102.201317][T18599] Cannot create hsr debugfs directory [ 1102.746356][T18599] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1102.826036][T18599] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1102.866175][T18599] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1102.929959][T18599] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1103.163836][T18161] Bluetooth: hci2: command tx timeout [ 1103.308890][T18599] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1103.343946][T18599] 8021q: adding VLAN 0 to HW filter on device team0 [ 1103.367972][T18183] bridge0: port 1(bridge_slave_0) entered blocking state [ 1103.375109][T18183] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1103.409842][T18183] bridge0: port 2(bridge_slave_1) entered blocking state [ 1103.416976][T18183] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1103.706580][T18599] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1104.085960][T18599] veth0_vlan: entered promiscuous mode [ 1104.100498][T18599] veth1_vlan: entered promiscuous mode [ 1104.134319][T18599] veth0_macvtap: entered promiscuous mode [ 1104.145432][T18599] veth1_macvtap: entered promiscuous mode [ 1104.164329][T18599] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1104.181473][T18599] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1104.246820][T18183] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.425988][T18183] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.508070][T18183] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.535932][T18183] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1104.711086][T18681] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1104.735629][T18681] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1104.817017][T18681] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1104.825301][T18681] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1105.243627][T18516] Bluetooth: hci2: command tx timeout [ 1107.324393][T18516] Bluetooth: hci2: command tx timeout [ 1109.402867][T18516] Bluetooth: hci2: command tx timeout [ 1111.276978][T18834] random: crng reseeded on system resumption [ 1112.112200][T18853] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 1112.909960][T18878] misc userio: Invalid payload size [ 1114.997871][T18941] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=2570843302 (329067942656 ns) > initial count (145675149184 ns). Using initial count to start timer. [ 1115.889228][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.919161][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1115.992463][T18958] smpboot: CPU 1 is now offline [ 1117.563740][T18516] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1118.791735][T19018] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3505'. [ 1118.847895][T19016] base or size exceeds the MTRR width [ 1122.698283][T19064] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1122.736550][T19064] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1122.772013][T19064] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1122.798689][T19064] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1122.840720][T19064] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1122.864526][T19064] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1122.893353][T19064] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1123.482960][T18516] Bluetooth: hci0: command 0x0c1a tx timeout [ 1124.764320][T18516] Bluetooth: hci1: command 0x0c1a tx timeout [ 1124.845338][T18516] Bluetooth: hci2: command 0x0c1a tx timeout [ 1124.851365][T18161] Bluetooth: hci4: command 0x0406 tx timeout [ 1124.857952][T18516] Bluetooth: hci3: command 0x0c1a tx timeout [ 1126.922944][T19128] Bluetooth: hci2: command 0x0c1a tx timeout [ 1129.004422][T19128] Bluetooth: hci2: command 0x0c1a tx timeout [ 1129.689203][T19223] netlink: 314 bytes leftover after parsing attributes in process `syz.0.3562'. [ 1132.351375][T19278] Invalid ELF header magic: != ELF [ 1132.938201][T19296] zswap: compressor not available [ 1133.045070][T19305] binder: BINDER_SET_CONTEXT_MGR already set [ 1133.063330][T19305] binder: 19304:19305 ioctl 4018620d 9 returned -16 [ 1136.315762][T19338] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1136.342715][T19338] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1136.348767][T19338] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1136.392855][T19338] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1136.422834][T19338] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1136.999876][T19371] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 1137.163446][T18174] Bluetooth: hci0: command 0x0c1a tx timeout [ 1138.362749][T19128] Bluetooth: hci1: command 0x0c1a tx timeout [ 1138.369115][T18174] Bluetooth: hci3: command 0x0c1a tx timeout [ 1138.442841][T18174] Bluetooth: hci2: command 0x0c1a tx timeout [ 1138.448943][T19128] Bluetooth: hci4: command 0x0406 tx timeout [ 1139.103980][T19393] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1139.135691][T19393] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1139.175899][T19393] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1139.205309][T19393] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1139.250185][T19393] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1140.608037][T18174] Bluetooth: hci0: command 0x0c1a tx timeout [ 1140.854044][T19465] serio: Serial port pty6 [ 1141.162979][T18174] Bluetooth: hci1: command 0x0c1a tx timeout [ 1141.243333][T18174] Bluetooth: hci4: command 0x0406 tx timeout [ 1141.249504][T19128] Bluetooth: hci3: command 0x0c1a tx timeout [ 1141.323583][T18174] Bluetooth: hci2: command 0x0c1a tx timeout [ 1142.448692][T19496] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3607'. [ 1142.701903][T19503] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3609'. [ 1144.274700][T19525] netlink: 'syz.5.3613': attribute type 1 has an invalid length. [ 1144.414192][T19526] FAULT_INJECTION: forcing a failure. [ 1144.414192][T19526] name failslab, interval 1, probability 0, space 0, times 0 [ 1144.582133][T19526] CPU: 0 UID: 0 PID: 19526 Comm: syz.5.3613 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1144.582171][T19526] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1144.582180][T19526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1144.582190][T19526] Call Trace: [ 1144.582196][T19526] [ 1144.582203][T19526] dump_stack_lvl+0x100/0x190 [ 1144.582231][T19526] should_fail_ex.cold+0x5/0xa [ 1144.582250][T19526] should_failslab+0xc2/0x120 [ 1144.582273][T19526] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1144.582305][T19526] ? key_alloc+0x423/0x1310 [ 1144.582325][T19526] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 1144.582351][T19526] kmemdup_noprof+0x29/0x60 [ 1144.582378][T19526] key_alloc+0x423/0x1310 [ 1144.582408][T19526] ? __pfx_key_alloc+0x10/0x10 [ 1144.582432][T19526] keyring_alloc+0x44/0xc0 [ 1144.582459][T19526] lookup_user_key+0x9b8/0x1300 [ 1144.582480][T19526] ? __pfx_lookup_user_key+0x10/0x10 [ 1144.582498][T19526] ? do_futex+0x192/0x350 [ 1144.582516][T19526] ? __pfx_do_futex+0x10/0x10 [ 1144.582535][T19526] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 1144.582561][T19526] ? __x64_sys_futex+0x34f/0x4d0 [ 1144.582577][T19526] ? __x64_sys_futex+0x358/0x4d0 [ 1144.582599][T19526] keyctl_watch_key+0x52/0x500 [ 1144.582617][T19526] __do_sys_keyctl+0x29f/0x5a0 [ 1144.582633][T19526] do_syscall_64+0x106/0xf80 [ 1144.582652][T19526] ? clear_bhb_loop+0x40/0x90 [ 1144.582671][T19526] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1144.582687][T19526] RIP: 0033:0x7f802fd9bf79 [ 1144.582702][T19526] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1144.582718][T19526] RSP: 002b:00007f8030c3a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1144.582733][T19526] RAX: ffffffffffffffda RBX: 00007f8030016180 RCX: 00007f802fd9bf79 [ 1144.582743][T19526] RDX: 0000000000000005 RSI: ffffffffffffffff RDI: 0200000000000020 [ 1144.582753][T19526] RBP: 00007f802fe327e0 R08: 0000000000000008 R09: 0000000000000000 [ 1144.582762][T19526] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000000 [ 1144.582771][T19526] R13: 00007f8030016218 R14: 00007f8030016180 R15: 00007fff7ea9ca48 [ 1144.582791][T19526] [ 1144.813637][T19528] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3614'. [ 1144.824422][T19528] netlink: 'syz.1.3614': attribute type 1 has an invalid length. [ 1144.832150][T19528] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3614'. [ 1146.363977][T18174] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1148.715859][T19583] netlink: 504 bytes leftover after parsing attributes in process `syz.5.3629'. [ 1148.949084][T19586] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1149.357143][T19604] tipc: Started in network mode [ 1149.357161][T19604] tipc: Node identity ee00, cluster identity 4711 [ 1149.357172][T19604] tipc: Node number set to 60928 [ 1150.950102][T19623] Invalid ELF header magic: != ELF [ 1151.170162][T19628] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3642'. [ 1152.060335][T19640] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3646'. [ 1153.039216][T19654] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3650'. [ 1153.206018][T19656] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3651'. [ 1153.223883][T19658] netlink: 354 bytes leftover after parsing attributes in process `syz.4.3652'. [ 1153.242504][T19656] netlink: 354 bytes leftover after parsing attributes in process `syz.5.3651'. [ 1153.454120][T19665] blktrace: Concurrent blktraces are not allowed on loop2 [ 1153.472753][T19664] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3653'. [ 1154.486971][T19680] netlink: 'syz.5.3658': attribute type 33 has an invalid length. [ 1154.512951][T19680] netlink: 322 bytes leftover after parsing attributes in process `syz.5.3658'. [ 1156.217773][T19128] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1156.228084][T19128] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1156.237213][T19128] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1156.245970][T19128] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1156.253645][T19128] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1156.950146][T19724] chnl_net:caif_netlink_parms(): no params data found [ 1157.329815][T19737] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1157.389482][T19724] bridge0: port 1(bridge_slave_0) entered blocking state [ 1157.443092][T19724] bridge0: port 1(bridge_slave_0) entered disabled state [ 1157.456114][T19737] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1157.479131][T19724] bridge_slave_0: entered allmulticast mode [ 1157.532932][T19724] bridge_slave_0: entered promiscuous mode [ 1157.564136][T19737] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1157.570136][T19737] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1157.581275][T19724] bridge0: port 2(bridge_slave_1) entered blocking state [ 1157.629395][T19724] bridge0: port 2(bridge_slave_1) entered disabled state [ 1157.669423][T19724] bridge_slave_1: entered allmulticast mode [ 1157.712818][T19724] bridge_slave_1: entered promiscuous mode [ 1157.795812][T19737] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1157.837470][T19724] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1157.857412][T19737] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1157.899241][T19724] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1157.978901][T19737] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1158.087496][T19724] team0: Port device team_slave_0 added [ 1158.104597][T19767] zswap: compressor not available [ 1158.126006][T19724] team0: Port device team_slave_1 added [ 1158.191863][T19737] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1158.253106][T19724] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1158.295108][T19724] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1158.409278][T19724] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1158.583650][T19724] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1158.591167][T19724] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1158.720486][T19724] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1158.836370][T19781] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3673'. [ 1159.003068][T18174] Bluetooth: hci0: command 0x0c1a tx timeout [ 1159.025614][T19724] hsr_slave_0: entered promiscuous mode [ 1159.048105][T19724] hsr_slave_1: entered promiscuous mode [ 1159.073928][T19724] debugfs: 'hsr0' already exists in 'hsr' [ 1159.098225][T19724] Cannot create hsr debugfs directory [ 1159.485035][T18174] Bluetooth: hci1: command 0x0c1a tx timeout [ 1159.645683][T18174] Bluetooth: hci4: command 0x0406 tx timeout [ 1159.651878][T18174] Bluetooth: hci3: command 0x0c1a tx timeout [ 1159.767572][T19793] futex_wake_op: syz.4.3678 tries to shift op by -2048; fix this program [ 1159.805098][T18174] Bluetooth: hci2: command 0x0c1a tx timeout [ 1159.813759][T19793] futex_wake_op: syz.4.3678 tries to shift op by -2048; fix this program [ 1159.865952][T19793] 0x000000000001-0x000000020000 : "" [ 1159.884573][T18174] Bluetooth: hci5: command 0x041b tx timeout [ 1159.906987][T19793] ftl_cs: FTL header corrupt! [ 1159.911743][T19724] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1159.967472][T19724] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1160.049348][T19724] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1160.069234][T19799] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 1160.111040][T19724] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1160.611779][T19724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1160.707522][T19724] 8021q: adding VLAN 0 to HW filter on device team0 [ 1160.753155][T18164] bridge0: port 1(bridge_slave_0) entered blocking state [ 1160.760320][T18164] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1160.808151][T18164] bridge0: port 2(bridge_slave_1) entered blocking state [ 1160.815306][T18164] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1161.507951][T19833] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3683'. [ 1161.538585][T19724] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1161.967741][T18174] Bluetooth: hci5: command 0x041b tx timeout [ 1162.367396][T19724] veth0_vlan: entered promiscuous mode [ 1162.436465][T19724] veth1_vlan: entered promiscuous mode [ 1162.614927][T19724] veth0_macvtap: entered promiscuous mode [ 1162.672582][T19724] veth1_macvtap: entered promiscuous mode [ 1162.696859][T19857] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3689'. [ 1162.841356][T19724] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1162.906061][T19724] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1163.098464][T18681] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.126721][T18681] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.126780][T18681] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.126806][T18681] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1163.651793][T18183] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1163.698959][T18183] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1163.798793][T18165] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1163.844149][T18165] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1163.971565][T19885] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input25 [ 1164.043221][T18174] Bluetooth: hci5: command 0x041b tx timeout [ 1164.838329][T19914] random: crng reseeded on system resumption [ 1165.039206][T19903] bond0: invalid ARP target specified [ 1166.127432][T18174] Bluetooth: hci5: command 0x041b tx timeout [ 1167.155092][T19962] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1168.202844][T18174] Bluetooth: hci5: command 0x041b tx timeout [ 1168.642688][T19978] bond0: invalid ARP target specified [ 1168.891457][T19999] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3711'. [ 1169.605239][T20016] Invalid ELF header magic: != ELF [ 1170.283814][T19128] Bluetooth: hci5: command 0x041b tx timeout [ 1170.938287][T20045] FAULT_INJECTION: forcing a failure. [ 1170.938287][T20045] name failslab, interval 1, probability 0, space 0, times 0 [ 1171.006414][T20045] CPU: 0 UID: 0 PID: 20045 Comm: syz.6.3721 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1171.006483][T20045] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1171.006502][T20045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1171.006522][T20045] Call Trace: [ 1171.006529][T20045] [ 1171.006535][T20045] dump_stack_lvl+0x100/0x190 [ 1171.006562][T20045] should_fail_ex.cold+0x5/0xa [ 1171.006581][T20045] should_failslab+0xc2/0x120 [ 1171.006614][T20045] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1171.006632][T20045] ? apply_wqattrs_prepare+0x136/0xbb0 [ 1171.006660][T20045] apply_wqattrs_prepare+0x136/0xbb0 [ 1171.006683][T20045] ? __alloc_workqueue+0x901/0x1880 [ 1171.006709][T20045] apply_workqueue_attrs_locked+0x64/0xe0 [ 1171.006734][T20045] __alloc_workqueue+0xe25/0x1880 [ 1171.006753][T20045] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1171.006774][T20045] alloc_workqueue_noprof+0xd2/0x200 [ 1171.006791][T20045] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1171.006813][T20045] ? __pfx___debug_object_init+0x10/0x10 [ 1171.006835][T20045] nci_register_device+0x511/0xb80 [ 1171.006853][T20045] ? __pfx_nci_register_device+0x10/0x10 [ 1171.006871][T20045] ? lockdep_init_map_type+0x5c/0x250 [ 1171.006894][T20045] virtual_ncidev_open+0x141/0x220 [ 1171.006915][T20045] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1171.006935][T20045] misc_open+0x26d/0x450 [ 1171.006953][T20045] ? __pfx_misc_open+0x10/0x10 [ 1171.006970][T20045] chrdev_open+0x234/0x6a0 [ 1171.006990][T20045] ? __pfx_apparmor_file_open+0x10/0x10 [ 1171.007006][T20045] ? __pfx_chrdev_open+0x10/0x10 [ 1171.007028][T20045] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1171.007054][T20045] do_dentry_open+0x6d8/0x1660 [ 1171.007075][T20045] ? __pfx_chrdev_open+0x10/0x10 [ 1171.007101][T20045] vfs_open+0x82/0x3f0 [ 1171.007119][T20045] path_openat+0x208c/0x31a0 [ 1171.007146][T20045] ? __pfx_path_openat+0x10/0x10 [ 1171.007175][T20045] do_file_open+0x20e/0x430 [ 1171.007198][T20045] ? __pfx_do_file_open+0x10/0x10 [ 1171.007233][T20045] ? alloc_fd+0x476/0x790 [ 1171.007255][T20045] ? do_getname+0x191/0x390 [ 1171.007272][T20045] do_sys_openat2+0x10d/0x1e0 [ 1171.007289][T20045] ? __pfx_do_sys_openat2+0x10/0x10 [ 1171.007313][T20045] __x64_sys_openat+0x12d/0x210 [ 1171.007330][T20045] ? __pfx___x64_sys_openat+0x10/0x10 [ 1171.007354][T20045] do_syscall_64+0x106/0xf80 [ 1171.007373][T20045] ? clear_bhb_loop+0x40/0x90 [ 1171.007391][T20045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1171.007407][T20045] RIP: 0033:0x7f9ebc79bf79 [ 1171.007421][T20045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1171.007436][T20045] RSP: 002b:00007f9ebd6a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1171.007452][T20045] RAX: ffffffffffffffda RBX: 00007f9ebca15fa0 RCX: 00007f9ebc79bf79 [ 1171.007462][T20045] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1171.007471][T20045] RBP: 00007f9ebc8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1171.007481][T20045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1171.007489][T20045] R13: 00007f9ebca16038 R14: 00007f9ebca15fa0 R15: 00007ffe4112c858 [ 1171.007510][T20045] [ 1171.737789][T18174] Bluetooth: hci4: unexpected subevent 0x03 length: 253 > 9 [ 1171.817664][T20055] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3722'. [ 1172.055280][ T30] audit: type=1804 audit(4295004323.640:27): pid=20040 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.3718" name="/newroot/953/file0" dev="tmpfs" ino=5012 res=1 errno=0 [ 1172.138966][ T30] audit: type=1804 audit(4295004323.720:28): pid=20046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.3718" name="/newroot/953/file0" dev="tmpfs" ino=5012 res=1 errno=0 [ 1172.362208][T20061] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3731'. [ 1172.668093][T20070] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3725'. [ 1172.708202][T20067] bond0: invalid ARP target specified [ 1173.597935][T20075] Invalid ELF header magic: != ELF [ 1175.009744][T20100] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3735'. [ 1176.819809][T20147] Invalid ELF header magic: != ELF [ 1177.333020][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.339392][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1177.425079][T20156] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3746'. [ 1177.758279][T20165] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3751'. [ 1177.781087][T20159] KVM: debugfs: duplicate directory 20159-3 [ 1178.080357][T20173] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3753'. [ 1178.156634][T20177] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1178.629280][T20185] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3755'. [ 1178.964149][T20194] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3759'. [ 1179.344063][T20206] FAULT_INJECTION: forcing a failure. [ 1179.344063][T20206] name failslab, interval 1, probability 0, space 0, times 0 [ 1179.410921][T20208] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3764'. [ 1179.468626][T20206] CPU: 0 UID: 0 PID: 20206 Comm: syz.6.3763 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1179.468667][T20206] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1179.468676][T20206] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1179.468686][T20206] Call Trace: [ 1179.468692][T20206] [ 1179.468699][T20206] dump_stack_lvl+0x100/0x190 [ 1179.468727][T20206] should_fail_ex.cold+0x5/0xa [ 1179.468746][T20206] should_failslab+0xc2/0x120 [ 1179.468777][T20206] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1179.468795][T20206] ? sctp_endpoint_new+0xfc/0xb20 [ 1179.468815][T20206] ? __debug_object_init+0x2de/0x3d0 [ 1179.468835][T20206] sctp_endpoint_new+0xfc/0xb20 [ 1179.468858][T20206] ? __pfx_sctp_endpoint_new+0x10/0x10 [ 1179.468878][T20206] ? lockdep_init_map_type+0x5c/0x250 [ 1179.468898][T20206] ? lockdep_init_map_type+0x5c/0x250 [ 1179.468916][T20206] ? lockdep_init_map_type+0x5c/0x250 [ 1179.468937][T20206] sctp_init_sock+0xe2b/0x1300 [ 1179.468956][T20206] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1179.468976][T20206] sctp_v6_init_sock+0x16/0x70 [ 1179.468997][T20206] ? __pfx_sctp_v6_init_sock+0x10/0x10 [ 1179.469017][T20206] inet6_create+0xb21/0x12b0 [ 1179.469044][T20206] ? inet6_create+0x7f/0x12b0 [ 1179.469066][T20206] __sock_create+0x339/0x860 [ 1179.469094][T20206] __sys_socket+0x14d/0x260 [ 1179.469110][T20206] ? __pfx___sys_socket+0x10/0x10 [ 1179.469130][T20206] __x64_sys_socket+0x72/0xb0 [ 1179.469143][T20206] ? lockdep_hardirqs_on+0x78/0x100 [ 1179.469162][T20206] do_syscall_64+0x106/0xf80 [ 1179.469180][T20206] ? clear_bhb_loop+0x40/0x90 [ 1179.469199][T20206] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1179.469215][T20206] RIP: 0033:0x7f9ebc79bf79 [ 1179.469228][T20206] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1179.469244][T20206] RSP: 002b:00007f9ebd686028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1179.469261][T20206] RAX: ffffffffffffffda RBX: 00007f9ebca16090 RCX: 00007f9ebc79bf79 [ 1179.469271][T20206] RDX: 0000000000000084 RSI: 0000000000000801 RDI: 000000000000000a [ 1179.469280][T20206] RBP: 00007f9ebc8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1179.469289][T20206] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1179.469298][T20206] R13: 00007f9ebca16128 R14: 00007f9ebca16090 R15: 00007ffe4112c858 [ 1179.469317][T20206] [ 1180.541457][T20217] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3767'. [ 1181.914991][T20239] FAULT_INJECTION: forcing a failure. [ 1181.914991][T20239] name failslab, interval 1, probability 0, space 0, times 0 [ 1182.075277][T20239] CPU: 0 UID: 0 PID: 20239 Comm: syz.5.3769 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1182.075313][T20239] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1182.075322][T20239] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1182.075331][T20239] Call Trace: [ 1182.075337][T20239] [ 1182.075344][T20239] dump_stack_lvl+0x100/0x190 [ 1182.075371][T20239] should_fail_ex.cold+0x5/0xa [ 1182.075390][T20239] should_failslab+0xc2/0x120 [ 1182.075413][T20239] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1182.075434][T20239] ? __alloc_skb+0x140/0x710 [ 1182.075455][T20239] __alloc_skb+0x140/0x710 [ 1182.075472][T20239] ? __pfx___alloc_skb+0x10/0x10 [ 1182.075489][T20239] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1182.075507][T20239] ? trace_sched_exit_tp+0x13a/0x180 [ 1182.075527][T20239] tcp_stream_alloc_skb+0x34/0x660 [ 1182.075553][T20239] tcp_sendmsg_locked+0x133b/0x45f0 [ 1182.075586][T20239] ? aa_file_perm+0x268/0x1530 [ 1182.075607][T20239] ? __pfx_tcp_sendmsg_locked+0x10/0x10 [ 1182.075625][T20239] ? do_raw_spin_lock+0x128/0x260 [ 1182.075646][T20239] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1182.075674][T20239] ? __local_bh_enable_ip+0x9e/0x120 [ 1182.075692][T20239] tcp_sendmsg+0x2e/0x50 [ 1182.075705][T20239] ? __pfx_tcp_sendmsg+0x10/0x10 [ 1182.075719][T20239] inet_sendmsg+0xb9/0x140 [ 1182.075734][T20239] sock_write_iter+0x509/0x610 [ 1182.075757][T20239] ? __pfx_sock_write_iter+0x10/0x10 [ 1182.075786][T20239] ? bpf_lsm_file_permission+0x9/0x10 [ 1182.075806][T20239] ? security_file_permission+0x76/0x210 [ 1182.075825][T20239] ? rw_verify_area+0xce/0x6d0 [ 1182.075845][T20239] vfs_write+0x6ac/0x1070 [ 1182.075865][T20239] ? __pfx_sock_write_iter+0x10/0x10 [ 1182.075889][T20239] ? __pfx_vfs_write+0x10/0x10 [ 1182.075907][T20239] ? find_held_lock+0x2b/0x80 [ 1182.075941][T20239] ksys_write+0x1f8/0x250 [ 1182.075961][T20239] ? __pfx_ksys_write+0x10/0x10 [ 1182.075986][T20239] do_syscall_64+0x106/0xf80 [ 1182.076005][T20239] ? clear_bhb_loop+0x40/0x90 [ 1182.076023][T20239] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1182.076038][T20239] RIP: 0033:0x7f802fd9bf79 [ 1182.076053][T20239] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1182.076067][T20239] RSP: 002b:00007f8030c5b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1182.076083][T20239] RAX: ffffffffffffffda RBX: 00007f8030016090 RCX: 00007f802fd9bf79 [ 1182.076093][T20239] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 1182.076103][T20239] RBP: 00007f802fe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1182.076113][T20239] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1182.076122][T20239] R13: 00007f8030016128 R14: 00007f8030016090 R15: 00007fff7ea9ca48 [ 1182.076143][T20239] [ 1182.792743][T19128] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 1183.568062][T20242] zswap: compressor û not available [ 1183.672085][T20247] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3771'. [ 1183.965685][T18174] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 1186.034611][T20285] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3782'. [ 1186.053456][T20286] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1186.151556][T20288] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 1187.853801][T20318] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3793'. [ 1188.628340][T20338] FAULT_INJECTION: forcing a failure. [ 1188.628340][T20338] name failslab, interval 1, probability 0, space 0, times 0 [ 1188.662732][ T30] audit: type=1804 audit(4295004340.230:29): pid=20334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.3795" name="/newroot/582/file0" dev="tmpfs" ino=3082 res=1 errno=0 [ 1188.709130][T20338] CPU: 0 UID: 0 PID: 20338 Comm: syz.6.3796 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1188.709166][T20338] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1188.709175][T20338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1188.709185][T20338] Call Trace: [ 1188.709191][T20338] [ 1188.709198][T20338] dump_stack_lvl+0x100/0x190 [ 1188.709226][T20338] should_fail_ex.cold+0x5/0xa [ 1188.709244][T20338] should_failslab+0xc2/0x120 [ 1188.709268][T20338] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1188.709288][T20338] ? audit_log_start+0x29d/0x930 [ 1188.709311][T20338] audit_log_start+0x29d/0x930 [ 1188.709332][T20338] ? __pfx_audit_log_start+0x10/0x10 [ 1188.709356][T20338] ? integrity_audit_msg+0x41/0x60 [ 1188.709385][T20338] integrity_audit_message+0x10c/0x4f0 [ 1188.709413][T20338] ? __pfx_integrity_audit_message+0x10/0x10 [ 1188.709436][T20338] ? __pfx_ima_add_template_entry+0x10/0x10 [ 1188.709462][T20338] integrity_audit_msg+0x41/0x60 [ 1188.709488][T20338] ima_add_violation+0x1b9/0x3c0 [ 1188.709508][T20338] ? __pfx_ima_add_violation+0x10/0x10 [ 1188.709523][T20338] ? ima_d_path+0x137/0x260 [ 1188.709539][T20338] ? __pfx_ima_d_path+0x10/0x10 [ 1188.709558][T20338] ? __pfx_down_write+0x10/0x10 [ 1188.709583][T20338] process_measurement+0x148f/0x2350 [ 1188.709610][T20338] ? lock_acquire+0x1cf/0x380 [ 1188.709629][T20338] ? __pfx_process_measurement+0x10/0x10 [ 1188.709655][T20338] ? trace_contention_end+0x140/0x180 [ 1188.709678][T20338] ? tracing_check_open_get_tr.part.0+0x101/0x170 [ 1188.709717][T20338] ? tracing_check_open_get_tr.part.0+0x106/0x170 [ 1188.709738][T20338] ? inode_to_bdi+0x9e/0x160 [ 1188.709761][T20338] ima_file_check+0xcc/0x120 [ 1188.709784][T20338] ? __pfx_ima_file_check+0x10/0x10 [ 1188.709815][T20338] security_file_post_open+0xc4/0x210 [ 1188.709834][T20338] path_openat+0x1418/0x31a0 [ 1188.709863][T20338] ? __pfx_path_openat+0x10/0x10 [ 1188.709891][T20338] do_file_open+0x20e/0x430 [ 1188.709914][T20338] ? __pfx_do_file_open+0x10/0x10 [ 1188.709949][T20338] ? alloc_fd+0x476/0x790 [ 1188.709971][T20338] ? do_getname+0x191/0x390 [ 1188.709988][T20338] do_sys_openat2+0x10d/0x1e0 [ 1188.710005][T20338] ? __pfx_do_sys_openat2+0x10/0x10 [ 1188.710023][T20338] ? __fget_files+0x21f/0x3d0 [ 1188.710047][T20338] __x64_sys_openat+0x12d/0x210 [ 1188.710064][T20338] ? __pfx___x64_sys_openat+0x10/0x10 [ 1188.710088][T20338] do_syscall_64+0x106/0xf80 [ 1188.710107][T20338] ? clear_bhb_loop+0x40/0x90 [ 1188.710135][T20338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1188.710151][T20338] RIP: 0033:0x7f9ebc79bf79 [ 1188.710167][T20338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1188.710182][T20338] RSP: 002b:00007f9ebd6a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1188.710196][T20338] RAX: ffffffffffffffda RBX: 00007f9ebca15fa0 RCX: 00007f9ebc79bf79 [ 1188.710207][T20338] RDX: 0000000000040000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1188.710217][T20338] RBP: 00007f9ebc8327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1188.710227][T20338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1188.710236][T20338] R13: 00007f9ebca16038 R14: 00007f9ebca15fa0 R15: 00007ffe4112c858 [ 1188.710257][T20338] [ 1188.710330][T20338] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 1189.113715][ T30] audit: type=1804 audit(4295004340.240:30): pid=20336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3795" name="/newroot/582/file0" dev="tmpfs" ino=3082 res=1 errno=0 [ 1189.684747][T20338] audit: out of memory in audit_log_start [ 1191.329947][T20365] blktrace: Concurrent blktraces are not allowed on loop2 [ 1191.701607][T20368] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1192.414043][T20377] futex_wake_op: syz.6.3807 tries to shift op by -2048; fix this program [ 1192.433719][T20377] futex_wake_op: syz.6.3807 tries to shift op by -2048; fix this program [ 1192.462329][T20377] 0x000000000001-0x000000020000 : "" [ 1192.483636][T20377] ftl_cs: FTL header corrupt! [ 1192.623767][T20381] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 1193.150942][T20386] Invalid ELF header magic: != ELF [ 1195.152443][ T30] audit: type=1804 audit(4295004346.730:31): pid=20411 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3813" name="/newroot/88/file0" dev="tmpfs" ino=486 res=1 errno=0 [ 1195.434477][ T30] audit: type=1804 audit(4295004347.020:32): pid=20409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3813" name="/newroot/88/file0" dev="tmpfs" ino=486 res=1 errno=0 [ 1196.052773][T20417] FAULT_INJECTION: forcing a failure. [ 1196.052773][T20417] name failslab, interval 1, probability 0, space 0, times 0 [ 1196.103852][T20417] CPU: 0 UID: 0 PID: 20417 Comm: syz.5.3815 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1196.103889][T20417] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1196.103898][T20417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1196.103908][T20417] Call Trace: [ 1196.103914][T20417] [ 1196.103921][T20417] dump_stack_lvl+0x100/0x190 [ 1196.103948][T20417] should_fail_ex.cold+0x5/0xa [ 1196.103967][T20417] should_failslab+0xc2/0x120 [ 1196.103989][T20417] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1196.104006][T20417] ? __alloc_workqueue+0x1a0/0x1880 [ 1196.104026][T20417] __alloc_workqueue+0x1a0/0x1880 [ 1196.104042][T20417] ? __pfx_vsnprintf+0x10/0x10 [ 1196.104061][T20417] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1196.104079][T20417] ? lockdep_hardirqs_on+0x78/0x100 [ 1196.104098][T20417] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1196.104117][T20417] alloc_workqueue_noprof+0xd2/0x200 [ 1196.104134][T20417] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1196.104157][T20417] ? __pfx___debug_object_init+0x10/0x10 [ 1196.104177][T20417] nci_register_device+0x511/0xb80 [ 1196.104194][T20417] ? __pfx_nci_register_device+0x10/0x10 [ 1196.104212][T20417] ? lockdep_init_map_type+0x5c/0x250 [ 1196.104235][T20417] virtual_ncidev_open+0x141/0x220 [ 1196.104257][T20417] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1196.104276][T20417] misc_open+0x26d/0x450 [ 1196.104298][T20417] ? __pfx_misc_open+0x10/0x10 [ 1196.104314][T20417] chrdev_open+0x234/0x6a0 [ 1196.104336][T20417] ? __pfx_apparmor_file_open+0x10/0x10 [ 1196.104351][T20417] ? __pfx_chrdev_open+0x10/0x10 [ 1196.104374][T20417] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1196.104399][T20417] do_dentry_open+0x6d8/0x1660 [ 1196.104420][T20417] ? __pfx_chrdev_open+0x10/0x10 [ 1196.104445][T20417] vfs_open+0x82/0x3f0 [ 1196.104463][T20417] path_openat+0x208c/0x31a0 [ 1196.104491][T20417] ? __pfx_path_openat+0x10/0x10 [ 1196.104519][T20417] do_file_open+0x20e/0x430 [ 1196.104542][T20417] ? __pfx_do_file_open+0x10/0x10 [ 1196.104577][T20417] ? alloc_fd+0x476/0x790 [ 1196.104600][T20417] ? do_getname+0x191/0x390 [ 1196.104625][T20417] do_sys_openat2+0x10d/0x1e0 [ 1196.104642][T20417] ? __pfx_do_sys_openat2+0x10/0x10 [ 1196.104667][T20417] __x64_sys_openat+0x12d/0x210 [ 1196.104684][T20417] ? __pfx___x64_sys_openat+0x10/0x10 [ 1196.104713][T20417] do_syscall_64+0x106/0xf80 [ 1196.104733][T20417] ? clear_bhb_loop+0x40/0x90 [ 1196.104753][T20417] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1196.104769][T20417] RIP: 0033:0x7f802fd9bf79 [ 1196.104783][T20417] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1196.104798][T20417] RSP: 002b:00007f8030c7c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1196.104814][T20417] RAX: ffffffffffffffda RBX: 00007f8030015fa0 RCX: 00007f802fd9bf79 [ 1196.104824][T20417] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1196.104834][T20417] RBP: 00007f802fe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1196.104843][T20417] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1196.104853][T20417] R13: 00007f8030016038 R14: 00007f8030015fa0 R15: 00007fff7ea9ca48 [ 1196.104873][T20417] [ 1197.000030][T20429] net_ratelimit: 5 callbacks suppressed [ 1197.000046][T20429] openvswitch: netlink: Key type 261 is out of range max 32 [ 1197.984008][ T30] audit: type=1804 audit(4295004349.570:33): pid=20441 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3821" name="/newroot/91/file0" dev="tmpfs" ino=503 res=1 errno=0 [ 1198.158398][ T30] audit: type=1804 audit(4295004349.740:34): pid=20439 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3821" name="/newroot/91/file0" dev="tmpfs" ino=503 res=1 errno=0 [ 1199.335379][T20459] Invalid ELF header magic: != ELF [ 1199.781523][T20471] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1199.836932][T20474] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3831'. [ 1199.868748][T20474] netlink: 354 bytes leftover after parsing attributes in process `syz.5.3831'. [ 1200.299555][T20488] Invalid ELF header magic: != ELF [ 1200.978894][T20493] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 1201.360766][T20502] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3838'. [ 1201.853791][T20513] Invalid ELF header magic: != ELF [ 1202.055790][T20518] bridge0: port 3(gretap0) entered blocking state [ 1202.097668][T20518] bridge0: port 3(gretap0) entered disabled state [ 1202.142013][T20518] gretap0: entered allmulticast mode [ 1202.190231][T20518] gretap0: entered promiscuous mode [ 1202.247826][T20518] bridge0: port 3(gretap0) entered blocking state [ 1202.254435][T20518] bridge0: port 3(gretap0) entered forwarding state [ 1202.370524][T18174] Bluetooth: hci5: Malformed Event: 0x02 [ 1202.911044][T20532] bridge0: port 3(gretap0) entered blocking state [ 1203.022995][T20532] bridge0: port 3(gretap0) entered disabled state [ 1203.091551][T20532] gretap0: entered allmulticast mode [ 1203.177478][T20532] gretap0: entered promiscuous mode [ 1203.192459][T18516] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1203.201761][T18516] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1203.210366][T18516] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1203.223849][T18516] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1203.231306][T18516] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1203.299303][T20532] FAULT_INJECTION: forcing a failure. [ 1203.299303][T20532] name failslab, interval 1, probability 0, space 0, times 0 [ 1203.442532][T20532] CPU: 0 UID: 0 PID: 20532 Comm: syz.5.3844 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1203.442571][T20532] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1203.442580][T20532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1203.442590][T20532] Call Trace: [ 1203.442596][T20532] [ 1203.442603][T20532] dump_stack_lvl+0x100/0x190 [ 1203.442631][T20532] should_fail_ex.cold+0x5/0xa [ 1203.442649][T20532] should_failslab+0xc2/0x120 [ 1203.442672][T20532] __kvmalloc_node_noprof+0xfa/0xa00 [ 1203.442691][T20532] ? bucket_table_alloc.isra.0+0x88/0x460 [ 1203.442713][T20532] bucket_table_alloc.isra.0+0x88/0x460 [ 1203.442730][T20532] rhashtable_init_noprof+0x43b/0x7d0 [ 1203.442749][T20532] nbp_vlan_init+0x254/0x500 [ 1203.442767][T20532] ? __pfx_nbp_vlan_init+0x10/0x10 [ 1203.442788][T20532] ? __local_bh_enable_ip+0x9e/0x120 [ 1203.442805][T20532] ? lockdep_hardirqs_on+0x78/0x100 [ 1203.442825][T20532] ? br_fdb_add_local+0x43/0x60 [ 1203.442839][T20532] ? __local_bh_enable_ip+0x9e/0x120 [ 1203.442857][T20532] br_add_if+0xf79/0x1b40 [ 1203.442874][T20532] ? veth_get_iflink+0x1e3/0x2c0 [ 1203.442899][T20532] add_del_if+0x114/0x160 [ 1203.442918][T20532] br_dev_siocdevprivate+0x8ac/0x1650 [ 1203.442940][T20532] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1203.442974][T20532] ? lock_acquire+0x1cf/0x380 [ 1203.442999][T20532] ? netdev_name_node_lookup+0x107/0x150 [ 1203.443016][T20532] ? __mutex_lock+0x26a/0x1b90 [ 1203.443039][T20532] dev_ifsioc+0xc1e/0x1e90 [ 1203.443059][T20532] ? __pfx_dev_ifsioc+0x10/0x10 [ 1203.443075][T20532] ? __pfx___mutex_lock+0x10/0x10 [ 1203.443101][T20532] ? dev_load+0x8e/0x240 [ 1203.443116][T20532] ? dev_load+0x8e/0x240 [ 1203.443136][T20532] dev_ioctl+0x70e/0x1070 [ 1203.443155][T20532] sock_ioctl+0x494/0x6b0 [ 1203.443171][T20532] ? __pfx_sock_ioctl+0x10/0x10 [ 1203.443184][T20532] ? hook_file_ioctl_common+0x146/0x410 [ 1203.443206][T20532] ? __fget_files+0x21f/0x3d0 [ 1203.443229][T20532] ? __pfx_sock_ioctl+0x10/0x10 [ 1203.443244][T20532] __x64_sys_ioctl+0x18e/0x210 [ 1203.443264][T20532] do_syscall_64+0x106/0xf80 [ 1203.443282][T20532] ? clear_bhb_loop+0x40/0x90 [ 1203.443300][T20532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1203.443315][T20532] RIP: 0033:0x7f802fd9bf79 [ 1203.443329][T20532] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1203.443344][T20532] RSP: 002b:00007f8030c3a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1203.443359][T20532] RAX: ffffffffffffffda RBX: 00007f8030016180 RCX: 00007f802fd9bf79 [ 1203.443370][T20532] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000008 [ 1203.443379][T20532] RBP: 00007f802fe327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1203.443388][T20532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1203.443398][T20532] R13: 00007f8030016218 R14: 00007f8030016180 R15: 00007fff7ea9ca48 [ 1203.443419][T20532] [ 1203.814926][T20547] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1204.393138][T20532] bridge0: port 3(gretap0) entered blocking state [ 1204.399689][T20532] bridge0: port 3(gretap0) entered forwarding state [ 1205.042470][T20538] chnl_net:caif_netlink_parms(): no params data found [ 1205.288869][T20582] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3860'. [ 1205.329883][T18516] Bluetooth: hci6: command tx timeout [ 1205.455427][T20538] bridge0: port 1(bridge_slave_0) entered blocking state [ 1205.497140][T20538] bridge0: port 1(bridge_slave_0) entered disabled state [ 1205.523766][T20538] bridge_slave_0: entered allmulticast mode [ 1205.554214][T20538] bridge_slave_0: entered promiscuous mode [ 1205.602463][T20538] bridge0: port 2(bridge_slave_1) entered blocking state [ 1205.620775][T20538] bridge0: port 2(bridge_slave_1) entered disabled state [ 1205.644557][T20594] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3863'. [ 1205.663645][T20538] bridge_slave_1: entered allmulticast mode [ 1205.687401][T20538] bridge_slave_1: entered promiscuous mode [ 1205.819566][T20538] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1205.898565][T20538] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1205.928388][T20600] input: f¬ as /devices/virtual/input/input28 [ 1206.071473][T20538] team0: Port device team_slave_0 added [ 1206.109538][T20538] team0: Port device team_slave_1 added [ 1206.238786][T20538] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1206.256069][T20538] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1206.321206][T20538] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1206.369757][T20538] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1206.393891][T20538] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1206.487680][T20538] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1206.514085][T20614] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3869'. [ 1206.624368][T20538] hsr_slave_0: entered promiscuous mode [ 1206.647062][T20538] hsr_slave_1: entered promiscuous mode [ 1206.671100][T20538] debugfs: 'hsr0' already exists in 'hsr' [ 1206.691222][T20538] Cannot create hsr debugfs directory [ 1207.144564][T20538] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1207.169827][T20538] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1207.192011][T20538] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1207.217520][T20538] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1207.374922][T20538] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1207.403472][T18516] Bluetooth: hci6: command tx timeout [ 1207.421687][T20538] 8021q: adding VLAN 0 to HW filter on device team0 [ 1207.451787][T18160] bridge0: port 1(bridge_slave_0) entered blocking state [ 1207.458954][T18160] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1207.498766][T18160] bridge0: port 2(bridge_slave_1) entered blocking state [ 1207.505912][T18160] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1207.958918][T20637] futex_wake_op: syz.6.3879 tries to shift op by -2048; fix this program [ 1208.088595][T20637] futex_wake_op: syz.6.3879 tries to shift op by -2048; fix this program [ 1208.121582][T20645] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3874'. [ 1208.166980][T20538] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1208.748126][T20660] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3878'. [ 1209.022378][T20538] veth0_vlan: entered promiscuous mode [ 1209.070388][T20538] veth1_vlan: entered promiscuous mode [ 1209.226458][T20538] veth0_macvtap: entered promiscuous mode [ 1209.309439][T20538] veth1_macvtap: entered promiscuous mode [ 1209.417903][T20538] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1209.470128][T20538] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1209.482803][T18516] Bluetooth: hci6: command tx timeout [ 1209.580100][T18183] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1209.619603][T18183] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1209.706017][T18183] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1209.757251][T18183] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1209.836277][T20677] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3884'. [ 1210.050668][T18164] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1210.122750][T18164] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1210.283734][T18681] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1210.291646][T18681] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1210.713731][T20691] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1211.206495][T20707] vivid-007: ================= START STATUS ================= [ 1211.332502][T20707] vivid-007: Generate PTS: true [ 1211.341554][T20707] vivid-007: Generate SCR: true [ 1211.503566][T20707] tpg source WxH: 320x240 (Y'CbCr) [ 1211.563038][T18516] Bluetooth: hci6: command tx timeout [ 1211.587367][T20707] tpg field: 1 [ 1211.663945][T20707] tpg crop: (0,0)/320x240 [ 1211.738837][T20707] tpg compose: (0,0)/320x240 [ 1211.817621][T20707] tpg colorspace: 8 [ 1211.863685][T20707] tpg transfer function: 0/0 [ 1211.878579][T20707] tpg Y'CbCr encoding: 0/0 [ 1211.902888][T20707] tpg quantization: 0/0 [ 1211.907064][T20707] tpg RGB range: 0/2 [ 1211.931501][T20707] vivid-007: ================== END STATUS ================== [ 1212.214348][T20724] Invalid ELF header magic: != ELF [ 1212.538914][ T30] audit: type=1804 audit(4295004364.110:35): pid=20728 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.3895" name="/newroot/614/file0" dev="tmpfs" ino=3251 res=1 errno=0 [ 1212.650681][ T30] audit: type=1804 audit(4295004364.170:36): pid=20729 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.3895" name="/newroot/614/file0" dev="tmpfs" ino=3251 res=1 errno=0 [ 1214.769336][T18516] Bluetooth: hci6: Malformed Event: 0x02 [ 1214.979796][T20785] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3914'. [ 1215.025606][T20777] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1215.271859][T20788] sock: sock_timestamping_bind_phc: sock not bind to device [ 1215.328316][T20790] netlink: 28 bytes leftover after parsing attributes in process `syz.7.3916'. [ 1215.951239][T20807] Invalid ELF header magic: != ELF [ 1216.107993][T20802] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3918'. [ 1217.084110][T20825] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3925'. [ 1218.608370][T20854] Invalid ELF header magic: != ELF [ 1219.519350][T20868] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3937'. [ 1219.763273][T20873] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1219.824878][T18516] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 1219.951959][T20880] openvswitch: netlink: Multiple metadata blocks provided [ 1220.092004][T20885] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1220.877482][T20904] FAULT_INJECTION: forcing a failure. [ 1220.877482][T20904] name failslab, interval 1, probability 0, space 0, times 0 [ 1220.939946][T20904] CPU: 0 UID: 0 PID: 20904 Comm: syz.7.3948 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1220.939982][T20904] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1220.939991][T20904] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1220.940001][T20904] Call Trace: [ 1220.940006][T20904] [ 1220.940013][T20904] dump_stack_lvl+0x100/0x190 [ 1220.940040][T20904] should_fail_ex.cold+0x5/0xa [ 1220.940058][T20904] should_failslab+0xc2/0x120 [ 1220.940080][T20904] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1220.940100][T20904] ? __d_alloc+0x34/0xa80 [ 1220.940127][T20904] __d_alloc+0x34/0xa80 [ 1220.940151][T20904] d_alloc_pseudo+0x1c/0xc0 [ 1220.940169][T20904] alloc_file_pseudo+0xcf/0x230 [ 1220.940186][T20904] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1220.940207][T20904] __shmem_file_setup+0x1a3/0x330 [ 1220.940226][T20904] shmem_zero_setup+0x93/0x1b0 [ 1220.940248][T20904] __mmap_region+0x20b5/0x2760 [ 1220.940270][T20904] ? __pfx___mmap_region+0x10/0x10 [ 1220.940302][T20904] ? finish_task_switch.isra.0+0x205/0xb80 [ 1220.940317][T20904] ? lockdep_hardirqs_on+0x78/0x100 [ 1220.940336][T20904] ? finish_task_switch.isra.0+0x205/0xb80 [ 1220.940386][T20904] ? rcu_is_watching+0x12/0xc0 [ 1220.940407][T20904] ? cap_capable+0x107/0x460 [ 1220.940433][T20904] mmap_region+0x180/0x3e0 [ 1220.940455][T20904] do_mmap+0xc63/0x12f0 [ 1220.940482][T20904] ? __pfx_do_mmap+0x10/0x10 [ 1220.940505][T20904] ? __pfx_down_write_killable+0x10/0x10 [ 1220.940531][T20904] vm_mmap_pgoff+0x29e/0x470 [ 1220.940557][T20904] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1220.940584][T20904] ? __x64_sys_futex+0x34f/0x4d0 [ 1220.940601][T20904] ? __x64_sys_futex+0x358/0x4d0 [ 1220.940620][T20904] ksys_mmap_pgoff+0x7d/0x5b0 [ 1220.940645][T20904] __x64_sys_mmap+0x125/0x190 [ 1220.940669][T20904] do_syscall_64+0x106/0xf80 [ 1220.940686][T20904] ? clear_bhb_loop+0x40/0x90 [ 1220.940705][T20904] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1220.940720][T20904] RIP: 0033:0x7fec0559bf79 [ 1220.940734][T20904] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1220.940757][T20904] RSP: 002b:00007fec06535028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1220.940773][T20904] RAX: ffffffffffffffda RBX: 00007fec05815fa0 RCX: 00007fec0559bf79 [ 1220.940783][T20904] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1220.940794][T20904] RBP: 00007fec056327e0 R08: fffffffffffffffa R09: 0000000000008000 [ 1220.940804][T20904] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1220.940814][T20904] R13: 00007fec05816038 R14: 00007fec05815fa0 R15: 00007ffe112f1228 [ 1220.940835][T20904] [ 1221.384196][T20894] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1221.513735][T20908] openvswitch: netlink: Key type 261 is out of range max 32 [ 1221.580892][ T31] INFO: task kworker/u8:8:16841 blocked for more than 143 seconds. [ 1221.612887][ T31] Tainted: G U W L XTNJ syzkaller #0 [ 1221.622625][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1221.647604][ T31] task:kworker/u8:8 state:D stack:24408 pid:16841 tgid:16841 ppid:2 task_flags:0x4208060 flags:0x00080000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1221.692614][ T31] Workqueue: netns cleanup_net [ 1221.697421][ T31] Call Trace: [ 1221.700684][ T31] [ 1221.729668][ T31] __schedule+0xfee/0x60e0 [ 1221.748606][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1221.765839][ T31] ? __pfx___schedule+0x10/0x10 [ 1221.785047][ T31] ? find_held_lock+0x2b/0x80 [ 1221.789757][ T31] ? schedule+0x2bf/0x390 [ 1221.822694][ T31] schedule+0xdd/0x390 [ 1221.827276][ T31] schedule_timeout+0x1b2/0x280 [ 1221.832125][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1221.863287][ T31] ? mark_held_locks+0x40/0x70 [ 1221.868080][ T31] __wait_for_common+0x2e7/0x4c0 [ 1221.894081][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1221.899473][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1221.927593][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1221.956810][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 1221.966832][ T31] __flush_workqueue+0x3f7/0x1200 [ 1221.992606][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1222.000174][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1222.030062][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 1222.074248][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 1222.115066][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1222.161568][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1222.186729][ T31] rds_tcp_listen_stop+0x104/0x160 [ 1222.191962][ T31] rds_tcp_exit_net+0xe0/0x870 [ 1222.203740][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1222.209132][ T31] ? __pfx___might_resched+0x10/0x10 [ 1222.232629][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1222.241200][ T31] ops_undo_list+0x2ee/0xab0 [ 1222.272731][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 1222.277901][ T31] ? cleanup_net+0x332/0x920 [ 1222.322782][ T31] ? idr_destroy+0x62/0x2e0 [ 1222.327311][ T31] cleanup_net+0x499/0x920 [ 1222.331739][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1222.362648][ T31] ? rcu_is_watching+0x12/0xc0 [ 1222.367450][ T31] process_one_work+0x9d7/0x1920 [ 1222.372401][ T31] ? __pfx_process_one_work+0x10/0x10 [ 1222.415166][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1222.432665][ T31] worker_thread+0x5da/0xe40 [ 1222.437293][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1222.452776][ T31] ? kthread+0x13a/0x450 [ 1222.457043][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1222.462140][ T31] kthread+0x370/0x450 [ 1222.475263][ T31] ? __pfx_kthread+0x10/0x10 [ 1222.479875][ T31] ret_from_fork+0x754/0xd80 [ 1222.485522][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1222.490645][ T31] ? __switch_to+0x7b4/0x1120 [ 1222.495628][ T31] ? __pfx_kthread+0x10/0x10 [ 1222.500311][ T31] ret_from_fork_asm+0x1a/0x30 [ 1222.505878][ T31] [ 1222.553718][ T31] [ 1222.553718][ T31] Showing all locks held in the system: [ 1222.561450][ T31] 1 lock held by khungtaskd/31: [ 1222.646525][ T31] #0: ffffffff8e7e92e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1222.692678][ T31] 1 lock held by syz.4.1562/11248: [ 1222.697806][ T31] 3 locks held by kworker/u8:8/16841: [ 1222.772798][ T31] #0: ffff88801c6a6948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1222.842947][ T31] #1: ffffc90004effd08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1222.912706][ T31] #2: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 1222.922056][ T31] 1 lock held by syz.2.3339/18323: [ 1222.982637][ T31] #0: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1222.992094][ T31] 3 locks held by kworker/0:3/19236: [ 1223.092747][ T31] #0: ffff88813fe5f548 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1223.152841][ T31] #1: ffffc900033d7d08 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1223.220510][ T31] #2: ffffffff8e7f4ef8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1223.256734][ T31] 1 lock held by syz.0.3603/19459: [ 1223.262370][ T31] #0: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1223.280247][ T31] 1 lock held by syz.1.3792/20326: [ 1223.287678][ T31] #0: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1223.297354][ T31] 1 lock held by syz.6.3943/20891: [ 1223.304444][ T31] #0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1223.316574][ T31] 1 lock held by syz.5.3946/20902: [ 1223.321766][ T31] #0: ffffffff9060f2e8 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 1223.334558][ T31] 5 locks held by syz.7.3948/20908: [ 1223.339746][ T31] #0: ffff888042c50ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0xb0 [ 1223.350548][ T31] #1: ffff888042c500c0 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x35c/0x1240 [ 1223.360770][ T31] #2: ffffffff908a7268 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x280 [ 1223.371426][ T31] #3: ffff88809a6c2af8 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x770 [ 1223.380954][ T31] #4: ffffffff8e7f4ef8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1223.455854][ T31] [ 1223.458204][ T31] ============================================= [ 1223.458204][ T31] [ 1223.489911][ T31] NMI backtrace for cpu 0 [ 1223.489930][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1223.489959][ T31] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1223.489966][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1223.489975][ T31] Call Trace: [ 1223.489980][ T31] [ 1223.489987][ T31] dump_stack_lvl+0x100/0x190 [ 1223.490013][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1223.490035][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1223.490056][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1223.490083][ T31] sys_info+0x141/0x190 [ 1223.490103][ T31] watchdog+0xd25/0x1050 [ 1223.490129][ T31] ? __pfx_watchdog+0x10/0x10 [ 1223.490149][ T31] ? __kthread_parkme+0x18c/0x230 [ 1223.490166][ T31] ? kthread+0x13a/0x450 [ 1223.490182][ T31] ? __pfx_watchdog+0x10/0x10 [ 1223.490201][ T31] kthread+0x370/0x450 [ 1223.490217][ T31] ? __pfx_kthread+0x10/0x10 [ 1223.490235][ T31] ret_from_fork+0x754/0xd80 [ 1223.490256][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1223.490277][ T31] ? __switch_to+0x7b4/0x1120 [ 1223.490293][ T31] ? __pfx_kthread+0x10/0x10 [ 1223.490311][ T31] ret_from_fork_asm+0x1a/0x30 [ 1223.490334][ T31] [ 1223.730994][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1223.737865][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 1223.748541][ T31] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 1223.758586][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1223.768626][ T31] Call Trace: [ 1223.771891][ T31] [ 1223.774810][ T31] dump_stack_lvl+0x100/0x190 [ 1223.779485][ T31] vpanic+0x552/0x970 [ 1223.783451][ T31] ? __pfx_vpanic+0x10/0x10 [ 1223.787940][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1223.794094][ T31] panic+0xd1/0xe0 [ 1223.797797][ T31] ? __pfx_panic+0x10/0x10 [ 1223.802205][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1223.808437][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1223.814759][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1223.820901][ T31] ? watchdog.cold+0x198/0x1ca [ 1223.825670][ T31] ? watchdog+0xd35/0x1050 [ 1223.830095][ T31] watchdog.cold+0x1a9/0x1ca [ 1223.834732][ T31] ? __pfx_watchdog+0x10/0x10 [ 1223.839397][ T31] ? __kthread_parkme+0x18c/0x230 [ 1223.844434][ T31] ? kthread+0x13a/0x450 [ 1223.848663][ T31] ? __pfx_watchdog+0x10/0x10 [ 1223.853341][ T31] kthread+0x370/0x450 [ 1223.857410][ T31] ? __pfx_kthread+0x10/0x10 [ 1223.861992][ T31] ret_from_fork+0x754/0xd80 [ 1223.866587][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1223.871699][ T31] ? __switch_to+0x7b4/0x1120 [ 1223.876418][ T31] ? __pfx_kthread+0x10/0x10 [ 1223.881001][ T31] ret_from_fork_asm+0x1a/0x30 [ 1223.885758][ T31] [ 1223.888816][ T31] Kernel Offset: disabled [ 1223.893134][ T31] Rebooting in 86400 seconds..