last executing test programs: 2m29.558341327s ago: executing program 3 (id=586): sendmmsg$auto(0x3, &(0x7f0000000140)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0x20000c4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x43, 0x0) r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto(0x1, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x81, r0, 0x2, 0x8}, 0x100000cf) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89f3, 0x24) 2m28.440687712s ago: executing program 3 (id=597): socket(0xa, 0x801, 0x84) getsockopt$auto(0x3, 0x200000000001, 0x3f, 0x0, 0x0) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) r0 = open(0x0, 0x22240, 0x154) bpf$auto(0x5, &(0x7f0000000100)=@iter_create={r0, 0x5d62}, 0x103) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x65, 0x8, 0x0, 0x5) setsockopt$auto(0x3, 0x1, 0x4a, 0x0, 0x5) 2m28.143116021s ago: executing program 3 (id=599): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) uname$auto(0x0) 2m26.164074437s ago: executing program 3 (id=606): r0 = openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, 0x0, 0x109441, 0x0) mmap$auto(0x0, 0x4, 0x404000000000df, 0x40eb1, r0, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) shutdown$auto(0x200000003, 0x1) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x2, 0x0) read$auto(r1, 0x0, 0x39b8) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f00000000c0), 0x141401, 0x0) clock_adjtime$auto(0xfffffffffffffffb, 0x0) 2m25.942781032s ago: executing program 3 (id=609): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x300) r0 = socket(0x11, 0x80003, 0x300) name_to_handle_at$auto(0xffffffffffffffff, &(0x7f00000001c0)='/\x00', &(0x7f0000000400)={0x0, 0x10}, 0x0, 0x1001) setsockopt$auto(r0, 0x107, 0x12, 0x0, 0x4) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), 0xffffffffffffffff) r1 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r1, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ae, &(0x7f0000000100)={&(0x7f0000000200)="4c0300", 0x101}, 0x5, 0x0, 0x5, 0x1}, 0x5}, 0x2, 0x100) 2m25.607727855s ago: executing program 3 (id=614): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(0x0, r0) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES16=r1], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40800) getpid() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000000200)={0x14, r4, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x48080) sendmsg$auto_NFSD_CMD_LISTENER_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r4, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000804}, 0x50) 2m13.327854159s ago: executing program 1 (id=699): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) semctl$auto(0x1ff, 0x100000001, 0x13, 0x9) setsockopt$auto(0x3, 0x10000000084, 0x10, 0x0, 0xc) 2m12.994813049s ago: executing program 1 (id=704): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/nbd15\x00', 0x14fa02, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000010c0)='/sys/bus/scsi/drivers/st/debug_flag\x00', 0xa000, 0x0) mmap$auto(0x1, 0x2020009, 0x2, 0x20eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x5, 0x4439) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x5600, r0) 2m12.795099471s ago: executing program 1 (id=707): openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/input/event1\x00', 0x34d802, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x109802, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000500)={0x40, 0x0, [{0xe1, 0x42, 0x6}]}) 2m12.602863976s ago: executing program 1 (id=711): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) setfsgid$auto(0x9) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x1, 0x4) lstat$auto(&(0x7f0000000500)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x0) socketpair$auto(0xffffff6c, 0x4, 0x8000000, 0x0) r0 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r0, 0x8953, 0x0) 2m12.449908157s ago: executing program 1 (id=713): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0xffffffffffffffff, 0x8000) mkdir$auto(&(0x7f00000000c0)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x7, 0x0) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') r0 = open(&(0x7f0000000100)='.\x00', 0x40000, 0x0) getdents64$auto(r0, 0x0, 0xdd) r1 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents64$auto(r1, 0x0, 0x400) 2m12.280431766s ago: executing program 1 (id=715): mmap$auto(0x0, 0x6, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af20, r0) close_range$auto(0x2, 0x8, 0x0) 2m10.534540509s ago: executing program 32 (id=614): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(0x0, r0) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES16=r1], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x40800) getpid() r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_LISTENER_SET(r3, &(0x7f0000003140)={0x0, 0x0, &(0x7f0000003100)={&(0x7f0000000200)={0x14, r4, 0x1, 0x70bd26, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x48080) sendmsg$auto_NFSD_CMD_LISTENER_GET(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, r4, 0x1, 0x70bd2b, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x4000804}, 0x50) 1m56.982782698s ago: executing program 33 (id=715): mmap$auto(0x0, 0x6, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af20, r0) close_range$auto(0x2, 0x8, 0x0) 1m16.517015478s ago: executing program 0 (id=963): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) memfd_create$auto(0x0, 0xe) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) 1m15.875355649s ago: executing program 0 (id=956): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) landlock_add_rule$auto(r0, 0x3, 0x0, 0x4) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xa}, 0xfff}, 0x5, 0x311) ioctl$auto_BLKDISCARD(0xffffffffffffffff, 0x1277, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x1, 0x0, 0x14) 1m14.971019909s ago: executing program 0 (id=970): mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r0 = socket(0x2b, 0x1, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x40000002c55, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x5, 0x0, 0x8004) socketpair$auto(0xfffffffe, 0x1, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x89a0, 0x4) 1m13.370692258s ago: executing program 0 (id=969): r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) r1 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x80040, 0x40, 0xe}, 0x18) fremovexattr$auto(r1, &(0x7f0000000000)='system.posix_acl_access\x00') mmap$auto(0xea88, 0x810004, 0xd, 0x10, 0x3, 0x8000) unshare$auto(0x40000080) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r2, 0x8000) keyctl$auto_KEYCTL_INSTANTIATE_IOV(0x14, 0x80, 0x1, 0x31, 0x0) 1m13.10760981s ago: executing program 2 (id=971): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000000)={0x0, 0x80000000}, 0x5, 0x0, 0x2, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) madvise$auto(0x0, 0x2003f2, 0x15) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0x4, 0x0) 1m11.716284498s ago: executing program 2 (id=977): unshare$auto(0x40000080) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) socket(0x1, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) 1m11.712355722s ago: executing program 0 (id=978): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xf6\x04W\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xed\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\x9bg\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) mknod$auto(&(0x7f0000000040)='&&\x00', 0xcb, 0x6862) mprotect$auto(0x0, 0x8000000000000001, 0x8) 1m10.879784575s ago: executing program 0 (id=982): open(0x0, 0x0, 0x100) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0x3, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0001, 0x15) splice$auto(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) 1m10.579785929s ago: executing program 2 (id=984): mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) statmount$auto(0x0, 0x0, 0x2, 0x800000d) open(0x0, 0x101300, 0x147) readv$auto(0x3, 0x0, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) rseq$auto(0x0, 0x8000, 0x0, 0x6) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2048000}, 0x40000) kexec_load$auto(0x70, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x0, 0x8000, 0x403000}, 0x4) syz_genetlink_get_family_id$auto_macsec(0x0, 0xffffffffffffffff) 1m9.545378263s ago: executing program 2 (id=986): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000000)={0x0, 0x80000000}, 0x5, 0x0, 0x2, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) madvise$auto(0x0, 0x2003f2, 0x15) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0x4, 0x0) 1m7.996650775s ago: executing program 2 (id=990): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xf6\x04W\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xed\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\x9bg\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) mknod$auto(&(0x7f0000000040)='&&\x00', 0xcb, 0x6862) mprotect$auto(0x0, 0x8000000000000001, 0x8) 1m7.198078791s ago: executing program 2 (id=994): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) getsockopt$auto_SO_NOFCS(0xffffffffffffffff, 0x19, 0x2b, 0x0, 0x0) mmap$auto(0x0, 0xa00004, 0xfffffffffffffff7, 0x40eb1, 0x602, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xe0301, 0x0) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x4b72, r1) 1m3.132595385s ago: executing program 5 (id=1011): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x141702, 0x0) write$auto(r0, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) msync$auto(0x0, 0xe0, 0x6) r1 = landlock_create_ruleset$auto(&(0x7f0000000140)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x8) 1m1.924629636s ago: executing program 5 (id=1024): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto_KVM_GET_MSRS(r0, 0x4068aea3, &(0x7f0000000180)={0xc5}) 1m1.747180343s ago: executing program 5 (id=1018): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/icmp/ratemask\x00', 0xa0202, 0x0) sendfile$auto(r0, r0, 0x0, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) r1 = socket(0x15, 0x801, 0x0) r2 = openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f00000006c0)='/sys/kernel/debug/tracing/events/vmalloc/filter\x00', 0x103041, 0x0) write$auto(r2, &(0x7f0000000700)='!dev_vhc&\x00', 0x9) r3 = socket(0x2, 0x3, 0x2) setsockopt$auto(r3, 0x0, 0xc8, 0xfffffffffffffffc, 0xc5) getsockopt$auto(r1, 0x11c, 0x1, 0x0, 0x0) 1m1.648657577s ago: executing program 5 (id=1019): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/self/oom_adj\x00', 0x980, 0x0) read$auto(r0, 0x0, 0x4) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) bpf$auto_BPF_LINK_GET_FD_BY_ID(0x1e, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex, r1, 0x1000, 0xffffffff, r2, @relative_fd=r0, 0x8}, 0x6) pread64$auto(r2, 0x0, 0x7, 0x6) madvise$auto(0x0, 0x8000000000000001, 0x15) 1m1.448186337s ago: executing program 5 (id=1021): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_l2tp(0x0, 0xffffffffffffffff) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) write$auto(r0, 0x0, 0xfffffdf1) linkat$auto(r0, 0x0, 0xffffffffffffff9c, &(0x7f0000000080)='&&\x00', 0x1000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xf6\x04W\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xed\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\x9bg\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x7, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000180)='nfsd\x00', 0x8, 0x0) mknod$auto(&(0x7f0000000040)='&&\x00', 0xcb, 0x6862) mprotect$auto(0x0, 0x8000000000000001, 0x8) 1m0.947016165s ago: executing program 5 (id=1022): r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) ioctl$auto_SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x80440, 0x0) pselect6$auto(0x5, &(0x7f0000000400)={[0x8, 0x5, 0x0, 0x5, 0x8001, 0x6, 0xac, 0x2000009, 0x3, 0xffffffff, 0x7fffffffffffffff, 0x0, 0x1000, 0x2, 0x8, 0x3ff]}, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/032/001\x00', 0x8202, 0x0) ioctl$auto_SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x0) msgctl$auto_IPC_RMID(0x0, 0x0, &(0x7f0000000380)={{0xfa02, 0x0, 0x0, 0xee4, 0x1, 0x1, 0x6}, &(0x7f0000000000)=0xff, &(0x7f0000000140)=0x8, 0x3, 0x0, 0xdb, 0x6, 0xa99, 0x9, 0x9, 0x5, @inferred, @raw=0xfffffff2}) r1 = prctl$auto_PR_SET_MM_ENV_START(0x3c1, 0xa, 0xffffffffffffffff, 0x505, 0x8) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) 55.434949442s ago: executing program 34 (id=982): open(0x0, 0x0, 0x100) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) read$auto(0x3, 0x0, 0x8080) mmap$auto(0x0, 0x3, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0001, 0x15) splice$auto(r0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x20201, 0x0) 51.952383817s ago: executing program 35 (id=994): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) getsockopt$auto_SO_NOFCS(0xffffffffffffffff, 0x19, 0x2b, 0x0, 0x0) mmap$auto(0x0, 0xa00004, 0xfffffffffffffff7, 0x40eb1, 0x602, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0xe0301, 0x0) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x4b72, r1) 45.841553521s ago: executing program 36 (id=1022): r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x180b01, 0x0) ioctl$auto_SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x80440, 0x0) pselect6$auto(0x5, &(0x7f0000000400)={[0x8, 0x5, 0x0, 0x5, 0x8001, 0x6, 0xac, 0x2000009, 0x3, 0xffffffff, 0x7fffffffffffffff, 0x0, 0x1000, 0x2, 0x8, 0x3ff]}, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/bus/usb/032/001\x00', 0x8202, 0x0) ioctl$auto_SNAPSHOT_PREF_IMAGE_SIZE(r0, 0x3312, 0x0) msgctl$auto_IPC_RMID(0x0, 0x0, &(0x7f0000000380)={{0xfa02, 0x0, 0x0, 0xee4, 0x1, 0x1, 0x6}, &(0x7f0000000000)=0xff, &(0x7f0000000140)=0x8, 0x3, 0x0, 0xdb, 0x6, 0xa99, 0x9, 0x9, 0x5, @inferred, @raw=0xfffffff2}) r1 = prctl$auto_PR_SET_MM_ENV_START(0x3c1, 0xa, 0xffffffffffffffff, 0x505, 0x8) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) 5.093038885s ago: executing program 4 (id=1265): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x10, 0x0, 0x3a21eba4) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone$auto(0x21, 0x80000007, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x6) getsockopt$auto(0xffffffffffffffff, 0x84, 0xc, 0x0, 0x0) pread64$auto(r0, 0x0, 0x101, 0x103) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) 4.088915806s ago: executing program 4 (id=1268): r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x351d02, 0x0) ioctl$auto_TUNGETVNETBE(r0, 0x800454df, &(0x7f0000000100)=0xf7) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) openat$auto_regulator_summary_fops_(0xffffffffffffff9c, 0x0, 0x40, 0x0) getpid() mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, 0x0, 0x6a) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) write$auto(0x3, 0x0, 0x100000000) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, 0x0) 3.232825197s ago: executing program 8 (id=1274): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) getpid() socket(0x1e, 0x4, 0x0) setsockopt$auto(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x14) getpid() close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x110, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x0, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xd4, 0x0, 0x4) 2.770315933s ago: executing program 8 (id=1279): mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc2061, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000240)='/dev/usbmon32\x00', 0x80440, 0x0) ioctl$auto_MON_IOCX_GET(r0, 0x40189206, 0x0) ioctl$auto_MON_IOCQ_RING_SIZE(r0, 0x9205, 0x0) 2.456690344s ago: executing program 7 (id=1280): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x0, 0x0) read$auto(r0, 0x0, 0xfffffdef) read$auto(0x3, 0x0, 0x5) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) ioctl$auto(0x3, 0x402c542b, 0x38) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) 1.845756769s ago: executing program 6 (id=1282): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) sysfs$auto(0x2, 0x10000000000002c, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x149942, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x1, 0x84) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) write$auto(0xca, 0x0, 0xff) 1.802252961s ago: executing program 7 (id=1283): unshare$auto(0x40000080) unshare$auto(0x93a3) socket(0x2c, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f00, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$auto_NL80211_CMD_SET_COALESCE(0xffffffffffffffff, 0x0, 0x80) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.cpu/memory.limit_in_bytes\x00', 0x182b02, 0x0) sendfile$auto(r1, r1, 0x0, 0x3) close_range$auto(0x2, 0x8, 0x0) 1.752869541s ago: executing program 8 (id=1284): close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe8181, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) r0 = socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) epoll_create$auto(0x200006) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vbi22\x00', 0x1, 0x0) ioctl$auto(0x3, 0xc0585609, r0) 1.651525227s ago: executing program 6 (id=1285): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x2042, 0x0) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = socket(0x10, 0x2, 0xf) r1 = bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@iter_create={r1, 0x98}, 0x5) 1.482962075s ago: executing program 6 (id=1286): write$auto_seq_oss_f_ops_seq_oss(0xffffffffffffffff, &(0x7f0000000040)="5f74ab2fc43781e047140a5cbc3ac5229b90633d9cddda9efb1f2c3d5d1e63f3fb5acf079b9336319d009cb514679a42eaca52b81c166d19625d173c26ece6542f2fb29712f4fb9072fc432b4cf3e6f5a7f3c9f91ee88ba5fa11d48fd3658e8f44f8423b4cd02bbec912ed34f9f4b19b03d4c62b24ede44c0c76c34edf7bde061903c2ee4c64110ac668239fa53ba42933ae74c3d173663248ff0945dd2e405e0d378b5a8e4643a7bc3b35a7248431450ca8901467ea6dc5d86de1e90f869f6a04ac10043676f3b2c7f1339b2d7468133fb8447d17846b6b78079ecc31d7d0f74caa4a3db1ac4d312bfdb34bd331f1f771a2396108561a52153d63a7b2a3a077a7e4c1a22bcb23e1f3e511fee310baa67904d2aad4d6671e8b77c7720e37e84e0efecb60a35f188cbe8b8b2fb3967b78aa482aabb103f23083baa9b2ae653731d5993db4054233dea4af25795e12eb4d6b046bdeea6adce8626e0def15dd32b0ec16a85d93e1dea980794033f4b46973062c64c0209f9d3efc6ea7704c8e8dfea8cdfbe2cb1e367bf634a1952190e0660994f79f0c622d47ee8f93ce1c2852db907ae68a29bcc960b26e0e634173287fd012c4bb3063c41d35c92e896b44080bc5a98e90907cd1d01cc0708019cc1c93c71f29bfe841c873ad", 0x1d9) close_range$auto(0x2, 0x8, 0x0) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/input/event0\x00', 0x0, 0x0) socket(0xa, 0x5, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4140aecd, &(0x7f0000000100)={0x7}) 1.204545378s ago: executing program 6 (id=1287): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x262180, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) mmap$auto(0x0, 0x400008, 0x9, 0x10011, r0, 0x8000000000008000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) 989.853397ms ago: executing program 6 (id=1289): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x0, 0x401, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x0) landlock_restrict_self$auto(r0, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00', &(0x7f0000000080)='nfsd\x00', 0x3, 0x0) 830.081818ms ago: executing program 6 (id=1290): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) listen$auto(0x3, 0x81) accept$auto(0x3, 0x0, 0x0) 804.06139ms ago: executing program 4 (id=1291): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x12, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) statx$auto(r0, 0x0, 0x1003, 0x4005, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 784.759974ms ago: executing program 8 (id=1292): r0 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x2, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xa}, 0xfff}, 0x5, 0x311) syz_genetlink_get_family_id$auto_nl80211(0x0, r0) sendmsg$auto_NL80211_CMD_DEL_TX_TS(r0, &(0x7f0000000bc0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x4008000) pipe$auto(0x0) sendmsg$auto_SMC_NETLINK_DUMP_HS_LIMITATION(r0, 0x0, 0x0) 655.282309ms ago: executing program 7 (id=1293): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, &(0x7f0000000040)={0x0, 0xfffffffc, 0x38, 0xffffff01, 0x7b, 0x9, 0x80000009, 0x7, 0x10000000008, 0x5, 0xd, 0x7e, 0x2, 0x8, 0x5, 0xf, 0xffffffffffffffff, 0x9, 0x1, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x800, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0xa, 0x5, 0x0) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000426bd7000fddbdf250300000004000800040003374b0008"], 0x20}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="db002cbd7000fbdbdf250a"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="18"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 348.119371ms ago: executing program 4 (id=1294): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x60020000) io_uring_setup$auto(0x6, 0x0) mknod$auto(0x0, 0x1081, 0x3) open(0x0, 0xa240, 0x15e) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0xa00, 0x100) sysfs$auto(0x2, 0x1e, 0x0) setuid$auto(0xe) 277.956688ms ago: executing program 7 (id=1295): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r1, r1, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xd1d, 0x3, 0x7}, 0x9, 0x0) landlock_restrict_self$auto(r1, 0x1) close_range$auto(r0, 0xffffffffffffffff, 0x0) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400000000000400, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) symlink$auto(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') rename$auto(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00') 201.986924ms ago: executing program 8 (id=1296): mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) timer_create$auto(0x9, 0x0, 0x0) timer_settime$auto(0x0, 0x9, &(0x7f00000000c0)={{0x0, 0x10007}, {0x2000c}}, 0x0) timer_gettime$auto(0x0, 0x0) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x5) ioctl$auto(r1, 0x4008af22, r0) 160.766903ms ago: executing program 4 (id=1297): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x5ac, &(0x7f00000000c0)={&(0x7f0000000080), 0x3}, 0x2, 0x0, 0x1, 0x1}, 0x5}, 0x8002, 0x100) sysfs$auto(0x2, 0x1f, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$auto(r0, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x101d0, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 148.960797ms ago: executing program 7 (id=1298): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) socket(0x28, 0x801, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe\x00', 0x400, 0x0) r1 = epoll_create$auto(0x8800001) epoll_ctl$auto(r1, 0x1, r0, 0x0) 70.234102ms ago: executing program 8 (id=1299): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x595002, 0x408) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) socket$nl_generic(0x10, 0x3, 0x10) write$auto(r0, 0x0, 0xfffffdf1) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mprotect$auto(0x0, 0x8000000000000001, 0x8) 173.627µs ago: executing program 7 (id=1300): r0 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x351d02, 0x0) ioctl$auto_TUNGETVNETBE(r0, 0x800454df, &(0x7f0000000100)=0xf7) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) openat$auto_regulator_summary_fops_(0xffffffffffffff9c, 0x0, 0x40, 0x0) getpid() mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, 0x0, 0x6a) syz_open_procfs$namespace(0xffffffffffffffff, 0x0) write$auto(0x3, 0x0, 0x100000000) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, 0x0) 0s ago: executing program 4 (id=1301): mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r1}, 0x6a) sendto$auto(r0, 0x0, 0xc, 0xfffffff8, &(0x7f0000000440)=@can={0x1d, r2}, 0x36) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) kernel console output (not intermixed with test programs): from eth2 [ 93.911864][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 93.931383][ T5628] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 93.944876][ T5628] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.025515][ T5635] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.037333][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.046444][ T5635] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.060631][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.074298][ T5635] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.084959][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.096722][ T5635] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.107466][ T5635] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.198492][ T5636] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.216693][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.233051][ T5636] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.244422][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.261428][ T5636] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.272616][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.281246][ T5636] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.291003][ T5636] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.300858][ T5641] Bluetooth: hci3: command tx timeout [ 94.379292][ T5630] Bluetooth: hci0: command tx timeout [ 94.380659][ T50] Bluetooth: hci1: command tx timeout [ 94.385930][ T5641] Bluetooth: hci2: command tx timeout [ 94.437319][ T5632] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 94.448290][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 94.469355][ T5632] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 94.483518][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 94.494234][ T5632] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 94.506809][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 94.517675][ T5628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.534382][ T5632] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 94.544838][ T5632] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 94.601384][ T5628] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.642662][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.650310][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.682194][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.689441][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.737281][ T5635] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.798357][ T5636] 8021q: adding VLAN 0 to HW filter on device bond0 [ 94.840524][ T5635] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.876810][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.884034][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.904565][ T5636] 8021q: adding VLAN 0 to HW filter on device team0 [ 94.916446][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.923642][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.953611][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.960950][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.991431][ T81] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.998653][ T81] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.062656][ T5632] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.166455][ T5632] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.216823][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.224085][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.288025][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.295282][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.024053][ T5628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.196456][ T5628] veth0_vlan: entered promiscuous mode [ 96.230661][ T5628] veth1_vlan: entered promiscuous mode [ 96.381819][ T5641] Bluetooth: hci3: command tx timeout [ 96.395180][ T5628] veth0_macvtap: entered promiscuous mode [ 96.427436][ T5628] veth1_macvtap: entered promiscuous mode [ 96.448499][ T5636] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.461587][ T5641] Bluetooth: hci2: command tx timeout [ 96.467095][ T5630] Bluetooth: hci0: command tx timeout [ 96.469240][ T50] Bluetooth: hci1: command tx timeout [ 96.500474][ T5635] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.546950][ T5632] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.560884][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.595982][ T5628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.633695][ T81] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.643467][ T81] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.666101][ T81] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.697464][ T81] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.782735][ T5636] veth0_vlan: entered promiscuous mode [ 96.796623][ T5635] veth0_vlan: entered promiscuous mode [ 96.826637][ T5632] veth0_vlan: entered promiscuous mode [ 96.853848][ T5636] veth1_vlan: entered promiscuous mode [ 96.884285][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.887214][ T5635] veth1_vlan: entered promiscuous mode [ 96.907533][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.954958][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 96.964306][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 96.991098][ T5632] veth1_vlan: entered promiscuous mode [ 97.071755][ T5636] veth0_macvtap: entered promiscuous mode [ 97.076774][ T5628] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.092182][ T5635] veth0_macvtap: entered promiscuous mode [ 97.111903][ T5636] veth1_macvtap: entered promiscuous mode [ 97.124882][ T5635] veth1_macvtap: entered promiscuous mode [ 97.175702][ T5632] veth0_macvtap: entered promiscuous mode [ 97.213452][ T5632] veth1_macvtap: entered promiscuous mode [ 97.237253][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.264310][ T5782] FAULT_INJECTION: forcing a failure. [ 97.264310][ T5782] name failslab, interval 1, probability 0, space 0, times 1 [ 97.277259][ T5782] CPU: 1 UID: 0 PID: 5782 Comm: syz.0.1 Not tainted syzkaller #0 PREEMPT(full) [ 97.277301][ T5782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 97.277329][ T5782] Call Trace: [ 97.277341][ T5782] [ 97.277354][ T5782] dump_stack_lvl+0x100/0x190 [ 97.277401][ T5782] should_fail_ex.cold+0x5/0xa [ 97.277446][ T5782] should_failslab+0xc2/0x120 [ 97.277488][ T5782] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 97.277544][ T5782] ? __d_alloc+0x34/0xa40 [ 97.277589][ T5782] ? __pfx_inode_set_ctime_to_ts+0x10/0x10 [ 97.277644][ T5782] ? lockdep_hardirqs_on+0x78/0x100 [ 97.277704][ T5782] __d_alloc+0x34/0xa40 [ 97.277755][ T5782] d_alloc+0x4a/0x1e0 [ 97.277805][ T5782] d_alloc_name+0x83/0xb0 [ 97.277850][ T5782] ? __pfx_d_alloc_name+0x10/0x10 [ 97.277900][ T5782] ? dput.part.0+0xdd/0x570 [ 97.277956][ T5782] simple_fill_super+0x4c3/0x680 [ 97.278007][ T5782] ? __pfx_nfsd_fill_super+0x10/0x10 [ 97.278065][ T5782] nfsd_fill_super+0x98/0x560 [ 97.278137][ T5782] ? __pfx_set_anon_super_fc+0x10/0x10 [ 97.278172][ T5782] ? __pfx_nfsd_fill_super+0x10/0x10 [ 97.278224][ T5782] get_tree_keyed+0x10e/0x1d0 [ 97.278264][ T5782] vfs_get_tree+0x92/0x320 [ 97.278296][ T5782] path_mount+0x7d0/0x23d0 [ 97.278352][ T5782] ? __pfx_path_mount+0x10/0x10 [ 97.278398][ T5782] ? lockdep_hardirqs_on+0x78/0x100 [ 97.278481][ T5782] ? putname+0xb1/0x110 [ 97.278525][ T5782] ? kmem_cache_free+0x127/0x6c0 [ 97.278590][ T5782] ? __x64_sys_mount+0x293/0x310 [ 97.278646][ T5782] __x64_sys_mount+0x293/0x310 [ 97.278700][ T5782] ? __pfx___x64_sys_mount+0x10/0x10 [ 97.278753][ T5782] ? rcu_is_watching+0x12/0xc0 [ 97.278799][ T5782] do_syscall_64+0x10b/0xf80 [ 97.278850][ T5782] ? clear_bhb_loop+0x40/0x90 [ 97.278891][ T5782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 97.278926][ T5782] RIP: 0033:0x7ff4edb9ce59 [ 97.278953][ T5782] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 97.278984][ T5782] RSP: 002b:00007ff4eead1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 97.279024][ T5782] RAX: ffffffffffffffda RBX: 00007ff4ede15fa0 RCX: 00007ff4edb9ce59 [ 97.279045][ T5782] RDX: 0000200000000140 RSI: 00002000000000c0 RDI: 0000000000000000 [ 97.279066][ T5782] RBP: 00007ff4edc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 97.279085][ T5782] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000000 [ 97.279103][ T5782] R13: 00007ff4ede16038 R14: 00007ff4ede15fa0 R15: 00007ffd2d136ac8 [ 97.279146][ T5782] [ 97.284216][ T5635] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.560942][ T5636] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.587606][ T5635] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.596839][ T57] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.606992][ T57] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.620587][ T57] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.643175][ T57] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.675363][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.683023][ T1174] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.692990][ T1174] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.717058][ T5787] netlink: 326 bytes leftover after parsing attributes in process `syz.0.5'. [ 97.736237][ T1174] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.746783][ T1174] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.756676][ T5787] Zero length message leads to an empty skb [ 97.762177][ T5632] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.807684][ T57] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.821149][ T57] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.854568][ T57] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.883020][ T57] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.026753][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.046780][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.103465][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.124350][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.145323][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.160368][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.255274][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.285255][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.343160][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.351885][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.457114][ T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.468076][ T50] Bluetooth: hci3: command tx timeout [ 98.478648][ T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.540335][ T50] Bluetooth: hci1: command tx timeout [ 98.543306][ T5630] Bluetooth: hci0: command tx timeout [ 98.545823][ T50] Bluetooth: hci2: command tx timeout [ 98.845660][ T5798] futex_wake_op: syz.3.4 tries to shift op by -2048; fix this program [ 98.845988][ T5798] futex_wake_op: syz.3.4 tries to shift op by -2048; fix this program [ 98.894627][ T5798] 0x000000000001-0x000000020000 : "" [ 98.931299][ T5798] ftl_cs: FTL header corrupt! [ 99.413202][ T5813] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 101.160077][ T5842] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 101.438113][ T5846] syz.0.24 uses obsolete (PF_INET,SOCK_PACKET) [ 102.893621][ T5880] FAULT_INJECTION: forcing a failure. [ 102.893621][ T5880] name failslab, interval 1, probability 0, space 0, times 0 [ 102.920787][ T5880] CPU: 1 UID: 0 PID: 5880 Comm: syz.2.36 Tainted: G L syzkaller #0 PREEMPT(full) [ 102.920845][ T5880] Tainted: [L]=SOFTLOCKUP [ 102.920856][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 102.920875][ T5880] Call Trace: [ 102.920886][ T5880] [ 102.920898][ T5880] dump_stack_lvl+0x100/0x190 [ 102.920941][ T5880] should_fail_ex.cold+0x5/0xa [ 102.920984][ T5880] should_failslab+0xc2/0x120 [ 102.921023][ T5880] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 102.921079][ T5880] ? proc_alloc_inode+0x25/0x200 [ 102.921123][ T5880] ? __pfx_proc_alloc_inode+0x10/0x10 [ 102.921165][ T5880] proc_alloc_inode+0x25/0x200 [ 102.921210][ T5880] alloc_inode+0x68/0x250 [ 102.921265][ T5880] new_inode+0x22/0x1c0 [ 102.921330][ T5880] proc_pid_make_inode+0x22/0x160 [ 102.921381][ T5880] proc_pident_instantiate+0x85/0x310 [ 102.921424][ T5880] proc_pident_lookup+0x1e3/0x270 [ 102.921473][ T5880] __lookup_slow+0x251/0x460 [ 102.921532][ T5880] ? __pfx___lookup_slow+0x10/0x10 [ 102.921622][ T5880] lookup_slow+0x50/0x70 [ 102.921674][ T5880] link_path_walk+0x1377/0x1cc0 [ 102.921730][ T5880] path_openat+0x1be/0x31a0 [ 102.921770][ T5880] ? kasan_save_stack+0x3f/0x50 [ 102.921802][ T5880] ? kasan_save_stack+0x30/0x50 [ 102.921833][ T5880] ? kasan_save_track+0x14/0x30 [ 102.921865][ T5880] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 102.921930][ T5880] ? __pfx_path_openat+0x10/0x10 [ 102.921988][ T5880] do_file_open+0x20e/0x430 [ 102.922034][ T5880] ? __pfx_do_file_open+0x10/0x10 [ 102.922092][ T5880] ? __pfx_kfree_link+0x10/0x10 [ 102.922139][ T5880] ? alloc_fd+0x476/0x790 [ 102.922192][ T5880] ? do_getname+0x191/0x390 [ 102.922248][ T5880] do_sys_openat2+0x10d/0x1e0 [ 102.922302][ T5880] ? __pfx_do_sys_openat2+0x10/0x10 [ 102.922372][ T5880] __x64_sys_openat+0x12d/0x210 [ 102.922427][ T5880] ? __pfx___x64_sys_openat+0x10/0x10 [ 102.922490][ T5880] ? rcu_is_watching+0x12/0xc0 [ 102.922538][ T5880] do_syscall_64+0x10b/0xf80 [ 102.922590][ T5880] ? clear_bhb_loop+0x40/0x90 [ 102.922632][ T5880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 102.922667][ T5880] RIP: 0033:0x7f0a17f5d68e [ 102.922695][ T5880] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 102.922727][ T5880] RSP: 002b:00007f0a18eb5ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 102.922760][ T5880] RAX: ffffffffffffffda RBX: 00007f0a18eb66c0 RCX: 00007f0a17f5d68e [ 102.922782][ T5880] RDX: 0000000000000002 RSI: 00007f0a18eb5f90 RDI: ffffffffffffff9c [ 102.922802][ T5880] RBP: 00007f0a18032d6f R08: 0000000000000000 R09: 0000000000000000 [ 102.922822][ T5880] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 102.922842][ T5880] R13: 00007f0a18216038 R14: 00007f0a18215fa0 R15: 00007ffe8d4763b8 [ 102.922885][ T5880] [ 105.893702][ T5935] capability: warning: `syz.3.55' uses 32-bit capabilities (legacy support in use) [ 105.947738][ T5935] netlink: 146 bytes leftover after parsing attributes in process `syz.3.55'. [ 106.003211][ T5939] random: crng reseeded on system resumption [ 107.417671][ T5963] netlink: 146 bytes leftover after parsing attributes in process `syz.0.64'. [ 107.643144][ T5971] unsupported nla_type 113 [ 109.597958][ T6008] process 'syz.0.80' launched ':,' with NULL argv: empty string added [ 110.201026][ T6011] netlink: 'syz.3.82': attribute type 33 has an invalid length. [ 110.211768][ T6011] netlink: 322 bytes leftover after parsing attributes in process `syz.3.82'. [ 110.880881][ T6033] netlink: 98 bytes leftover after parsing attributes in process `syz.1.89'. [ 111.306615][ T6046] netlink: 326 bytes leftover after parsing attributes in process `syz.2.95'. [ 112.177067][ T30] audit: type=1800 audit(1779312063.105:2): pid=6067 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.100" name="file0" dev="tmpfs" ino=135 res=0 errno=0 [ 112.472439][ T6071] netlink: 326 bytes leftover after parsing attributes in process `syz.3.102'. [ 112.503897][ T6073] netlink: 342 bytes leftover after parsing attributes in process `syz.1.101'. [ 114.079871][ T6108] netlink: 12 bytes leftover after parsing attributes in process `syz.0.112'. [ 114.121795][ T6108] unsupported nlmsg_type 40 [ 114.365976][ T6117] netlink: 330 bytes leftover after parsing attributes in process `syz.0.115'. [ 114.381701][ T6117] \: renamed from lo (while UP) [ 115.237642][ T6130] netlink: 314 bytes leftover after parsing attributes in process `syz.0.120'. [ 115.353325][ T6132] random: crng reseeded on system resumption [ 116.260366][ T6147] netlink: 290 bytes leftover after parsing attributes in process `syz.1.127'. [ 118.600915][ T6201] netlink: 'syz.1.146': attribute type 1 has an invalid length. [ 118.622860][ T6201] netlink: 'syz.1.146': attribute type 6 has an invalid length. [ 118.731763][ T6206] netlink: 342 bytes leftover after parsing attributes in process `syz.1.148'. [ 118.744595][ T6206] netlink: 342 bytes leftover after parsing attributes in process `syz.1.148'. [ 118.755462][ T6206] netlink: 342 bytes leftover after parsing attributes in process `syz.1.148'. [ 118.785263][ T6206] netlink: 342 bytes leftover after parsing attributes in process `syz.1.148'. [ 118.822919][ T6206] netlink: 'syz.1.148': attribute type 3 has an invalid length. [ 118.867251][ T6206] netlink: 218 bytes leftover after parsing attributes in process `syz.1.148'. [ 119.068290][ T6212] netlink: 'syz.1.150': attribute type 33 has an invalid length. [ 122.353434][ T6273] netlink: 4 bytes leftover after parsing attributes in process `syz.1.171'. [ 122.378667][ T6273] netlink: 25 bytes leftover after parsing attributes in process `syz.1.171'. [ 122.503319][ T6277] netlink: 16 bytes leftover after parsing attributes in process `syz.1.173'. [ 122.678033][ T6275] futex_wake_op: syz.2.172 tries to shift op by -2048; fix this program [ 122.866780][ T50] Bluetooth: hci1: unexpected event 0x04 length: 435 > 10 [ 122.868018][ T50] Bluetooth: hci1: connection err: -111 [ 125.565967][ T6331] sctp: [Deprecated]: syz.2.193 (pid 6331) Use of struct sctp_assoc_value in delayed_ack socket option. [ 125.565967][ T6331] Use struct sctp_sack_info instead [ 126.140995][ T6349] FAULT_INJECTION: forcing a failure. [ 126.140995][ T6349] name failslab, interval 1, probability 0, space 0, times 0 [ 126.168940][ T6349] CPU: 1 UID: 0 PID: 6349 Comm: syz.3.200 Tainted: G L syzkaller #0 PREEMPT(full) [ 126.168995][ T6349] Tainted: [L]=SOFTLOCKUP [ 126.169007][ T6349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 126.169026][ T6349] Call Trace: [ 126.169036][ T6349] [ 126.169049][ T6349] dump_stack_lvl+0x100/0x190 [ 126.169115][ T6349] should_fail_ex.cold+0x5/0xa [ 126.169159][ T6349] should_failslab+0xc2/0x120 [ 126.169200][ T6349] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 126.169257][ T6349] ? shmem_alloc_inode+0x25/0x50 [ 126.169304][ T6349] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 126.169349][ T6349] shmem_alloc_inode+0x25/0x50 [ 126.169389][ T6349] alloc_inode+0x68/0x250 [ 126.169444][ T6349] new_inode+0x22/0x1c0 [ 126.169500][ T6349] shmem_get_inode+0x1e3/0xfb0 [ 126.169550][ T6349] ? __pfx_shmem_get_inode+0x10/0x10 [ 126.169599][ T6349] ? do_raw_spin_unlock+0x145/0x1e0 [ 126.169647][ T6349] shmem_mknod+0x217/0x480 [ 126.169707][ T6349] ? __pfx_shmem_mknod+0x10/0x10 [ 126.169752][ T6349] ? bpf_lsm_inode_create+0x9/0x10 [ 126.169810][ T6349] ? __pfx_shmem_create+0x10/0x10 [ 126.169857][ T6349] lookup_open.isra.0+0xc47/0x11b0 [ 126.169901][ T6349] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 126.169949][ T6349] ? __pfx___might_resched+0x10/0x10 [ 126.169986][ T6349] ? mnt_get_write_access+0x52/0x2f0 [ 126.170049][ T6349] ? __pfx_down_write+0x10/0x10 [ 126.170083][ T6349] ? mnt_get_write_access+0x1e9/0x2f0 [ 126.170142][ T6349] path_openat+0x2291/0x31a0 [ 126.170197][ T6349] ? __pfx_path_openat+0x10/0x10 [ 126.170253][ T6349] do_file_open+0x20e/0x430 [ 126.170300][ T6349] ? __pfx_do_file_open+0x10/0x10 [ 126.170367][ T6349] ? alloc_fd+0x476/0x790 [ 126.170410][ T6349] ? do_getname+0x191/0x390 [ 126.170463][ T6349] do_sys_openat2+0x10d/0x1e0 [ 126.170515][ T6349] ? __pfx_do_sys_openat2+0x10/0x10 [ 126.170578][ T6349] __x64_sys_openat+0x12d/0x210 [ 126.170628][ T6349] ? __pfx___x64_sys_openat+0x10/0x10 [ 126.170690][ T6349] ? ksys_write+0x1ac/0x250 [ 126.170735][ T6349] ? rcu_is_watching+0x12/0xc0 [ 126.170780][ T6349] do_syscall_64+0x10b/0xf80 [ 126.170830][ T6349] ? clear_bhb_loop+0x40/0x90 [ 126.170873][ T6349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.170907][ T6349] RIP: 0033:0x7f3e64f9ce59 [ 126.170944][ T6349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.170982][ T6349] RSP: 002b:00007f3e65d7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 126.171014][ T6349] RAX: ffffffffffffffda RBX: 00007f3e65215fa0 RCX: 00007f3e64f9ce59 [ 126.171036][ T6349] RDX: 0000000000183841 RSI: 0000000000000000 RDI: ffffffffffffff9c [ 126.171057][ T6349] RBP: 00007f3e65032d6f R08: 0000000000000000 R09: 0000000000000000 [ 126.171077][ T6349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.171096][ T6349] R13: 00007f3e65216038 R14: 00007f3e65215fa0 R15: 00007ffe813374c8 [ 126.171141][ T6349] [ 126.817984][ T6357] FAULT_INJECTION: forcing a failure. [ 126.817984][ T6357] name failslab, interval 1, probability 0, space 0, times 0 [ 126.847809][ T6357] CPU: 1 UID: 0 PID: 6357 Comm: syz.1.202 Tainted: G L syzkaller #0 PREEMPT(full) [ 126.847864][ T6357] Tainted: [L]=SOFTLOCKUP [ 126.847876][ T6357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 126.847896][ T6357] Call Trace: [ 126.847907][ T6357] [ 126.847919][ T6357] dump_stack_lvl+0x100/0x190 [ 126.847963][ T6357] should_fail_ex.cold+0x5/0xa [ 126.848007][ T6357] should_failslab+0xc2/0x120 [ 126.848047][ T6357] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 126.848103][ T6357] ? xas_split_alloc+0x11c/0x4a0 [ 126.848167][ T6357] xas_split_alloc+0x11c/0x4a0 [ 126.848232][ T6357] __folio_split+0x5e5/0x1690 [ 126.848295][ T6357] ? __pfx___folio_split+0x10/0x10 [ 126.848358][ T6357] ? __pfx___might_resched+0x10/0x10 [ 126.848406][ T6357] madvise_cold_or_pageout_pte_range+0xf8c/0x2620 [ 126.848482][ T6357] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 126.848535][ T6357] ? __lock_acquire+0x4a5/0x2630 [ 126.848567][ T6357] ? css_rstat_updated+0x1ce/0x5a0 [ 126.848621][ T6357] ? __pfx_css_rstat_updated+0x10/0x10 [ 126.848684][ T6357] ? register_lock_class+0x40/0x560 [ 126.848723][ T6357] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 126.848771][ T6357] walk_pgd_range+0xc1a/0x1dd0 [ 126.848814][ T6357] ? rcu_read_unlock+0x17/0x60 [ 126.848873][ T6357] ? __pfx_walk_pgd_range+0x10/0x10 [ 126.848910][ T6357] ? folios_put_refs+0x716/0xa90 [ 126.848948][ T6357] __walk_page_range+0x163/0x820 [ 126.848984][ T6357] ? find_held_lock+0x2b/0x80 [ 126.849042][ T6357] walk_page_range_vma_unsafe+0x209/0x8f0 [ 126.849084][ T6357] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 126.849129][ T6357] ? find_held_lock+0x2b/0x80 [ 126.849171][ T6357] ? mlock_drain_local+0x254/0x4e0 [ 126.849201][ T6357] ? mlock_drain_local+0x254/0x4e0 [ 126.849239][ T6357] walk_page_range_vma+0x63/0x90 [ 126.849279][ T6357] madvise_pageout+0x259/0x540 [ 126.849324][ T6357] ? __pfx_madvise_pageout+0x10/0x10 [ 126.849367][ T6357] ? rcu_is_watching+0x12/0xc0 [ 126.849425][ T6357] ? mtree_range_walk+0x72b/0xb70 [ 126.849478][ T6357] madvise_vma_behavior+0x4f7/0x2200 [ 126.849530][ T6357] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 126.849589][ T6357] ? find_vma_prev+0xd8/0x150 [ 126.849627][ T6357] ? futex_unqueue+0x133/0x2c0 [ 126.849671][ T6357] ? __pfx_find_vma_prev+0x10/0x10 [ 126.849725][ T6357] ? __futex_wait+0x256/0x300 [ 126.849778][ T6357] madvise_walk_vmas+0x2fe/0xa90 [ 126.849831][ T6357] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 126.849889][ T6357] madvise_do_behavior+0x1ea/0x510 [ 126.849936][ T6357] ? __pfx_madvise_do_behavior+0x10/0x10 [ 126.849980][ T6357] ? down_read+0x13b/0x450 [ 126.850035][ T6357] do_madvise+0x195/0x240 [ 126.850078][ T6357] ? __pfx_do_madvise+0x10/0x10 [ 126.850122][ T6357] ? do_futex+0x192/0x350 [ 126.850184][ T6357] ? ksys_write+0x1ac/0x250 [ 126.850224][ T6357] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 126.850281][ T6357] __x64_sys_madvise+0xa9/0x110 [ 126.850325][ T6357] ? lockdep_hardirqs_on+0x78/0x100 [ 126.850376][ T6357] do_syscall_64+0x10b/0xf80 [ 126.850426][ T6357] ? clear_bhb_loop+0x40/0x90 [ 126.850469][ T6357] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 126.850504][ T6357] RIP: 0033:0x7fb74c79ce59 [ 126.850531][ T6357] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 126.850565][ T6357] RSP: 002b:00007fb74d5d1028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 126.850598][ T6357] RAX: ffffffffffffffda RBX: 00007fb74ca15fa0 RCX: 00007fb74c79ce59 [ 126.850621][ T6357] RDX: 0000000000000015 RSI: 0000000000000081 RDI: 0000000000000000 [ 126.850648][ T6357] RBP: 00007fb74c832d6f R08: 0000000000000000 R09: 0000000000000000 [ 126.850669][ T6357] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 126.850689][ T6357] R13: 00007fb74ca16038 R14: 00007fb74ca15fa0 R15: 00007ffd6f7fbbc8 [ 126.850734][ T6357] [ 127.829583][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807c79d800: rx timeout, send abort [ 127.840456][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807c79d800: 0x0ffff: (3) A timeout occurred and this is the connection abort to close the session. [ 128.125770][ T6375] netlink: 146 bytes leftover after parsing attributes in process `syz.3.209'. [ 129.191003][ T50] Bluetooth: hci1: unexpected event 0x06 length: 6 > 3 [ 130.479360][ T6423] FAULT_INJECTION: forcing a failure. [ 130.479360][ T6423] name failslab, interval 1, probability 0, space 0, times 0 [ 130.510651][ T6423] CPU: 0 UID: 0 PID: 6423 Comm: syz.1.226 Tainted: G L syzkaller #0 PREEMPT(full) [ 130.510704][ T6423] Tainted: [L]=SOFTLOCKUP [ 130.510714][ T6423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 130.510733][ T6423] Call Trace: [ 130.510744][ T6423] [ 130.510757][ T6423] dump_stack_lvl+0x100/0x190 [ 130.510804][ T6423] should_fail_ex.cold+0x5/0xa [ 130.510847][ T6423] ? usb_hcd_submit_urb+0x601/0x2150 [ 130.510890][ T6423] should_failslab+0xc2/0x120 [ 130.510928][ T6423] __kmalloc_noprof+0xe0/0x850 [ 130.510959][ T6423] ? mark_held_locks+0x40/0x70 [ 130.510998][ T6423] usb_hcd_submit_urb+0x601/0x2150 [ 130.511058][ T6423] usb_submit_urb+0x8aa/0x1910 [ 130.511113][ T6423] ? __init_swait_queue_head+0xca/0x150 [ 130.511159][ T6423] usb_start_wait_urb+0x10e/0x580 [ 130.511212][ T6423] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 130.511278][ T6423] ? __asan_memset+0x23/0x50 [ 130.511337][ T6423] usb_control_msg+0x328/0x4b0 [ 130.511388][ T6423] ? __pfx_usb_control_msg+0x10/0x10 [ 130.511455][ T6423] ? lockdep_unlock+0x5a/0xc0 [ 130.511508][ T6423] ? __lock_acquire+0xd73/0x2630 [ 130.511549][ T6423] hub_ext_port_status+0x152/0x600 [ 130.511612][ T6423] hub_activate+0x6d8/0x1d50 [ 130.511674][ T6423] ? __pfx_hub_activate+0x10/0x10 [ 130.511723][ T6423] ? usb_generic_driver_resume+0x70/0xa0 [ 130.511772][ T6423] ? usbdev_ioctl+0x3570/0x3aa0 [ 130.511831][ T6423] hub_resume+0xb0/0x400 [ 130.511880][ T6423] ? usb_hub_find_child+0x1d6/0x240 [ 130.511925][ T6423] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 130.511961][ T6423] ? __pfx_hub_resume+0x10/0x10 [ 130.512015][ T6423] ? __pfx_hcd_bus_resume+0x10/0x10 [ 130.512069][ T6423] usb_resume_interface.isra.0+0x2ce/0x3d0 [ 130.512112][ T6423] usb_resume_both+0x53a/0x7f0 [ 130.512155][ T6423] ? __pfx_usb_resume_both+0x10/0x10 [ 130.512194][ T6423] ? mark_held_locks+0x40/0x70 [ 130.512229][ T6423] ? __pfx_usb_runtime_resume+0x10/0x10 [ 130.512271][ T6423] __rpm_callback+0xc8/0x620 [ 130.512311][ T6423] ? ktime_get_mono_fast_ns+0x1c3/0x3f0 [ 130.512363][ T6423] ? __pfx_usb_runtime_resume+0x10/0x10 [ 130.512408][ T6423] rpm_callback+0x16a/0x1b0 [ 130.512445][ T6423] ? __pfx_usb_runtime_resume+0x10/0x10 [ 130.512496][ T6423] rpm_resume+0xd22/0x1330 [ 130.512546][ T6423] ? __pfx_rpm_resume+0x10/0x10 [ 130.512582][ T6423] ? do_raw_spin_lock+0x128/0x260 [ 130.512621][ T6423] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 130.512663][ T6423] ? _raw_spin_lock_irqsave+0x52/0x60 [ 130.512721][ T6423] __pm_runtime_resume+0xb6/0x170 [ 130.512766][ T6423] usb_autoresume_device+0x23/0xe0 [ 130.512810][ T6423] usb_set_configuration+0xb9/0x1c60 [ 130.512843][ T6423] ? kernfs_fop_write_iter+0x2c2/0x5f0 [ 130.512912][ T6423] ? __pfx_remove_store+0x10/0x10 [ 130.512944][ T6423] remove_store+0x9b/0xc0 [ 130.512977][ T6423] dev_attr_store+0x58/0x80 [ 130.513024][ T6423] ? __pfx_dev_attr_store+0x10/0x10 [ 130.513070][ T6423] sysfs_kf_write+0xf2/0x150 [ 130.513105][ T6423] kernfs_fop_write_iter+0x3e0/0x5f0 [ 130.513151][ T6423] ? __pfx_sysfs_kf_write+0x10/0x10 [ 130.513188][ T6423] vfs_write+0x6ac/0x1070 [ 130.513229][ T6423] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 130.513281][ T6423] ? __pfx_vfs_write+0x10/0x10 [ 130.513345][ T6423] ksys_write+0x12a/0x250 [ 130.513389][ T6423] ? __pfx_ksys_write+0x10/0x10 [ 130.513424][ T6423] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 130.513477][ T6423] ? syscall_user_dispatch+0x76/0x130 [ 130.513531][ T6423] do_syscall_64+0x10b/0xf80 [ 130.513583][ T6423] ? clear_bhb_loop+0x40/0x90 [ 130.513625][ T6423] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.513659][ T6423] RIP: 0033:0x7fb74c79ce59 [ 130.513687][ T6423] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 130.513720][ T6423] RSP: 002b:00007fb74d5d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 130.513753][ T6423] RAX: ffffffffffffffda RBX: 00007fb74ca15fa0 RCX: 00007fb74c79ce59 [ 130.513774][ T6423] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 130.513795][ T6423] RBP: 00007fb74c832d6f R08: 0000000000000000 R09: 0000000000000000 [ 130.513816][ T6423] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 130.513835][ T6423] R13: 00007fb74ca16038 R14: 00007fb74ca15fa0 R15: 00007ffd6f7fbbc8 [ 130.513880][ T6423] [ 130.515653][ T6423] hub 8-0:1.0: hub_ext_port_status failed (err = -12) [ 131.220115][ T6436] netlink: 330 bytes leftover after parsing attributes in process `syz.3.229'. [ 132.028017][ T6444] syz.0.232 (6444) used greatest stack depth: 19720 bytes left [ 132.246578][ T6460] random: crng reseeded on system resumption [ 132.861552][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.870538][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.307966][ T6471] netlink: 342 bytes leftover after parsing attributes in process `syz.1.242'. [ 133.851334][ T6483] mmap: syz.1.245 (6483) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 134.026522][ T6496] netlink: 338 bytes leftover after parsing attributes in process `syz.0.250'. [ 135.680713][ T6521] random: crng reseeded on system resumption [ 135.858365][ T6521] hub 1-0:1.0: USB hub found [ 135.867695][ T6521] hub 1-0:1.0: 1 port detected [ 136.114382][ T6532] netlink: 326 bytes leftover after parsing attributes in process `syz.3.263'. [ 136.223031][ T6534] netlink: 342 bytes leftover after parsing attributes in process `syz.1.264'. [ 136.336319][ T6536] netlink: 342 bytes leftover after parsing attributes in process `syz.3.265'. [ 136.349747][ T6536] IPv6: NLM_F_CREATE should be specified when creating new route [ 136.358440][ T6536] IPv6: Can't replace route, no match found [ 136.358440][ T6538] netlink: 342 bytes leftover after parsing attributes in process `syz.1.266'. [ 136.383790][ T6538] netlink: 342 bytes leftover after parsing attributes in process `syz.1.266'. [ 136.388394][ T6536] netlink: 342 bytes leftover after parsing attributes in process `syz.3.265'. [ 136.403444][ T6536] IPv6: Can't replace route, no match found [ 136.417140][ T6538] netlink: 342 bytes leftover after parsing attributes in process `syz.1.266'. [ 136.435348][ T6539] netlink: 146 bytes leftover after parsing attributes in process `syz.1.266'. [ 136.696479][ T6548] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 138.542613][ T6579] __nla_validate_parse: 1 callbacks suppressed [ 138.542640][ T6579] netlink: 146 bytes leftover after parsing attributes in process `syz.2.279'. [ 138.816567][ T6586] netlink: 334 bytes leftover after parsing attributes in process `syz.0.282'. [ 139.031521][ T6588] can: request_module (can-proto-4) failed. [ 139.220325][ T6599] netlink: 186 bytes leftover after parsing attributes in process `syz.1.287'. [ 139.486788][ T50] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 140.576290][ T6632] netlink: 504 bytes leftover after parsing attributes in process `syz.3.298'. [ 141.581300][ T50] Bluetooth: hci2: command 0x2016 tx timeout [ 141.671325][ T6652] zswap: compressor not available [ 141.960424][ T50] Bluetooth: hci3: unexpected event 0x07 length: 435 > 255 [ 143.660462][ T50] Bluetooth: hci2: command 0x2016 tx timeout [ 144.038625][ T6688] FAULT_INJECTION: forcing a failure. [ 144.038625][ T6688] name failslab, interval 1, probability 0, space 0, times 0 [ 144.085003][ T6688] CPU: 1 UID: 0 PID: 6688 Comm: syz.3.315 Tainted: G L syzkaller #0 PREEMPT(full) [ 144.085056][ T6688] Tainted: [L]=SOFTLOCKUP [ 144.085067][ T6688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 144.085086][ T6688] Call Trace: [ 144.085097][ T6688] [ 144.085109][ T6688] dump_stack_lvl+0x100/0x190 [ 144.085149][ T6688] should_fail_ex.cold+0x5/0xa [ 144.085192][ T6688] should_failslab+0xc2/0x120 [ 144.085240][ T6688] __kmalloc_cache_noprof+0x7a/0x6f0 [ 144.085290][ T6688] ? tipc_conn_alloc+0x48/0x590 [ 144.085336][ T6688] ? net_generic+0xea/0x2a0 [ 144.085385][ T6688] ? net_generic+0xea/0x2a0 [ 144.085437][ T6688] tipc_conn_alloc+0x48/0x590 [ 144.085487][ T6688] tipc_topsrv_kern_subscr+0x11c/0x3c0 [ 144.085538][ T6688] ? __pfx_tipc_topsrv_kern_subscr+0x10/0x10 [ 144.085592][ T6688] ? net_generic+0xea/0x2a0 [ 144.085649][ T6688] tipc_group_create+0x4ab/0x660 [ 144.085708][ T6688] tipc_setsockopt+0x611/0xe30 [ 144.085751][ T6688] ? __pfx_tipc_setsockopt+0x10/0x10 [ 144.085808][ T6688] ? __pfx_tipc_setsockopt+0x10/0x10 [ 144.085848][ T6688] do_sock_setsockopt+0xf3/0x1d0 [ 144.085901][ T6688] __sys_setsockopt+0x119/0x190 [ 144.085971][ T6688] __x64_sys_setsockopt+0xbd/0x160 [ 144.086010][ T6688] ? do_syscall_64+0x90/0xf80 [ 144.086063][ T6688] ? lockdep_hardirqs_on+0x78/0x100 [ 144.086117][ T6688] do_syscall_64+0x10b/0xf80 [ 144.086168][ T6688] ? clear_bhb_loop+0x40/0x90 [ 144.086205][ T6688] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.086242][ T6688] RIP: 0033:0x7f3e64f9ce59 [ 144.086266][ T6688] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 144.086295][ T6688] RSP: 002b:00007f3e65d7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 144.086323][ T6688] RAX: ffffffffffffffda RBX: 00007f3e65215fa0 RCX: 00007f3e64f9ce59 [ 144.086343][ T6688] RDX: 0000000000000087 RSI: 000000000000010f RDI: 0000000000000003 [ 144.086360][ T6688] RBP: 00007f3e65032d6f R08: 0000000000000014 R09: 0000000000000000 [ 144.086378][ T6688] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.086395][ T6688] R13: 00007f3e65216038 R14: 00007f3e65215fa0 R15: 00007ffe813374c8 [ 144.086434][ T6688] [ 144.947895][ T6690] FAULT_INJECTION: forcing a failure. [ 144.947895][ T6690] name failslab, interval 1, probability 0, space 0, times 0 [ 144.978816][ T6690] CPU: 1 UID: 0 PID: 6690 Comm: syz.1.316 Tainted: G L syzkaller #0 PREEMPT(full) [ 144.978866][ T6690] Tainted: [L]=SOFTLOCKUP [ 144.978878][ T6690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 144.978897][ T6690] Call Trace: [ 144.978908][ T6690] [ 144.978919][ T6690] dump_stack_lvl+0x100/0x190 [ 144.978963][ T6690] should_fail_ex.cold+0x5/0xa [ 144.979007][ T6690] should_failslab+0xc2/0x120 [ 144.979046][ T6690] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 144.979100][ T6690] ? __kernfs_new_node+0xd2/0x9f0 [ 144.979148][ T6690] __kernfs_new_node+0xd2/0x9f0 [ 144.979190][ T6690] ? __pfx___kernfs_new_node+0x10/0x10 [ 144.979238][ T6690] ? find_held_lock+0x2b/0x80 [ 144.979280][ T6690] ? kernfs_root+0xee/0x2a0 [ 144.979314][ T6690] ? kernfs_root+0xee/0x2a0 [ 144.979360][ T6690] kernfs_new_node+0x11b/0x1a0 [ 144.979408][ T6690] __kernfs_create_file+0x53/0x350 [ 144.979466][ T6690] sysfs_add_file_mode_ns+0x207/0x3c0 [ 144.979511][ T6690] sysfs_merge_group+0x194/0x340 [ 144.979553][ T6690] ? __pfx_sysfs_merge_group+0x10/0x10 [ 144.979591][ T6690] ? bus_add_device+0x368/0x6b0 [ 144.979629][ T6690] ? __pfx_bus_add_device+0x10/0x10 [ 144.979668][ T6690] ? __pfx_dev_add_physical_location+0x10/0x10 [ 144.979726][ T6690] dpm_sysfs_add+0x237/0x280 [ 144.979774][ T6690] device_add+0x9ef/0x1950 [ 144.979824][ T6690] ? __pfx_device_add+0x10/0x10 [ 144.979869][ T6690] ? lockdep_init_map_type+0x5c/0x250 [ 144.979905][ T6690] ? __init_waitqueue_head+0xca/0x150 [ 144.979955][ T6690] netdev_register_kobject+0x1a9/0x3d0 [ 144.980013][ T6690] register_netdevice+0x151c/0x24b0 [ 144.980065][ T6690] ? __pfx_register_netdevice+0x10/0x10 [ 144.980106][ T6690] ? net_generic+0xea/0x2a0 [ 144.980169][ T6690] ppp_dev_configure+0x986/0xcb0 [ 144.980248][ T6690] ppp_ioctl+0x9d7/0x27c0 [ 144.980281][ T6690] ? find_held_lock+0x2b/0x80 [ 144.980323][ T6690] ? __pfx_ppp_ioctl+0x10/0x10 [ 144.980361][ T6690] ? __fget_files+0x21f/0x3d0 [ 144.980405][ T6690] ? __pfx_ppp_ioctl+0x10/0x10 [ 144.980437][ T6690] __x64_sys_ioctl+0x18e/0x210 [ 144.980472][ T6690] do_syscall_64+0x10b/0xf80 [ 144.980522][ T6690] ? clear_bhb_loop+0x40/0x90 [ 144.980561][ T6690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.980593][ T6690] RIP: 0033:0x7fb74c79ce59 [ 144.980619][ T6690] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 144.980657][ T6690] RSP: 002b:00007fb74d5d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 144.980687][ T6690] RAX: ffffffffffffffda RBX: 00007fb74ca15fa0 RCX: 00007fb74c79ce59 [ 144.980709][ T6690] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000006 [ 144.980728][ T6690] RBP: 00007fb74c832d6f R08: 0000000000000000 R09: 0000000000000000 [ 144.980746][ T6690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.980765][ T6690] R13: 00007fb74ca16038 R14: 00007fb74ca15fa0 R15: 00007ffd6f7fbbc8 [ 144.980808][ T6690] [ 145.892408][ T6707] netlink: 326 bytes leftover after parsing attributes in process `syz.3.322'. [ 145.932887][ T6707] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.942324][ T6707] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.580168][ T6722] netlink: 342 bytes leftover after parsing attributes in process `syz.1.328'. [ 146.912273][ T6730] netlink: 330 bytes leftover after parsing attributes in process `syz.3.331'. [ 147.237935][ T6731] FAULT_INJECTION: forcing a failure. [ 147.237935][ T6731] name fail_futex, interval 1, probability 0, space 0, times 1 [ 147.321316][ T6731] CPU: 0 UID: 0 PID: 6731 Comm: syz.1.330 Tainted: G L syzkaller #0 PREEMPT(full) [ 147.321368][ T6731] Tainted: [L]=SOFTLOCKUP [ 147.321380][ T6731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 147.321399][ T6731] Call Trace: [ 147.321409][ T6731] [ 147.321422][ T6731] dump_stack_lvl+0x100/0x190 [ 147.321465][ T6731] should_fail_ex.cold+0x5/0xa [ 147.321502][ T6731] ? rcu_is_watching+0x12/0xc0 [ 147.321549][ T6731] get_futex_key+0x1d2/0x1510 [ 147.321588][ T6731] ? __pfx_get_futex_key+0x10/0x10 [ 147.321638][ T6731] futex_wait_setup+0x83/0x510 [ 147.321695][ T6731] __futex_wait+0x19f/0x300 [ 147.321742][ T6731] ? __pfx___futex_wait+0x10/0x10 [ 147.321794][ T6731] ? __pfx_futex_wake_mark+0x10/0x10 [ 147.321846][ T6731] ? find_held_lock+0x2b/0x80 [ 147.321890][ T6731] ? futex_wake+0x456/0x530 [ 147.321943][ T6731] futex_wait+0xe6/0x370 [ 147.321998][ T6731] ? __pfx_futex_wait+0x10/0x10 [ 147.322054][ T6731] ? madvise_unlock+0xa9/0x220 [ 147.322107][ T6731] do_futex+0x1ef/0x350 [ 147.322144][ T6731] ? __pfx_do_futex+0x10/0x10 [ 147.322184][ T6731] ? __sys_sendmsg+0x18f/0x220 [ 147.322231][ T6731] __x64_sys_futex+0x34f/0x4d0 [ 147.322274][ T6731] ? __pfx___x64_sys_futex+0x10/0x10 [ 147.322320][ T6731] ? rcu_is_watching+0x12/0xc0 [ 147.322364][ T6731] do_syscall_64+0x10b/0xf80 [ 147.322415][ T6731] ? clear_bhb_loop+0x40/0x90 [ 147.322456][ T6731] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.322490][ T6731] RIP: 0033:0x7fb74c79ce59 [ 147.322516][ T6731] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.322548][ T6731] RSP: 002b:00007fb74d5b00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 147.322579][ T6731] RAX: ffffffffffffffda RBX: 00007fb74ca16098 RCX: 00007fb74c79ce59 [ 147.322608][ T6731] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb74ca16098 [ 147.322634][ T6731] RBP: 00007fb74ca16090 R08: 0000000000000000 R09: 0000000000000000 [ 147.322654][ T6731] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.322673][ T6731] R13: 00007fb74ca16128 R14: 00007ffd6f7fbae0 R15: 00007ffd6f7fbbc8 [ 147.322722][ T6731] [ 151.660836][ T6796] futex_wake_op: syz.2.353 tries to shift op by -2048; fix this program [ 151.670502][ T6796] futex_wake_op: syz.2.353 tries to shift op by -2048; fix this program [ 151.933508][ T6800] raw_sendmsg: syz.2.354 forgot to set AF_INET. Fix it! [ 152.077292][ T6806] sctp: [Deprecated]: syz.1.356 (pid 6806) Use of struct sctp_assoc_value in delayed_ack socket option. [ 152.077292][ T6806] Use struct sctp_sack_info instead [ 152.230832][ T6809] netlink: 330 bytes leftover after parsing attributes in process `syz.0.358'. [ 153.037912][ T6827] netlink: 'syz.2.365': attribute type 10 has an invalid length. [ 153.059424][ T6827] netlink: 330 bytes leftover after parsing attributes in process `syz.2.365'. [ 153.221110][ T6830] kvm: kvm [6829]: vcpu2, guest rIP: 0xfff0 Unhandled WRMSR(0x186) = 0x8003 [ 154.221540][ T6850] No such timeout policy "" [ 154.240376][ T6850] netlink: Failed to associated timeout policy '' [ 154.849109][ T6865] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 155.303181][ T6876] netlink: 342 bytes leftover after parsing attributes in process `syz.3.383'. [ 155.314307][ T6874] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 155.845760][ T6893] netlink: 'syz.1.390': attribute type 1 has an invalid length. [ 155.864585][ T6893] netlink: 306 bytes leftover after parsing attributes in process `syz.1.390'. [ 156.144301][ T6897] FAULT_INJECTION: forcing a failure. [ 156.144301][ T6897] name failslab, interval 1, probability 0, space 0, times 0 [ 156.192216][ T6897] CPU: 0 UID: 0 PID: 6897 Comm: syz.2.392 Tainted: G L syzkaller #0 PREEMPT(full) [ 156.192273][ T6897] Tainted: [L]=SOFTLOCKUP [ 156.192285][ T6897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 156.192304][ T6897] Call Trace: [ 156.192315][ T6897] [ 156.192327][ T6897] dump_stack_lvl+0x100/0x190 [ 156.192371][ T6897] should_fail_ex.cold+0x5/0xa [ 156.192416][ T6897] should_failslab+0xc2/0x120 [ 156.192457][ T6897] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 156.192513][ T6897] ? inet_twsk_alloc+0x124/0xa20 [ 156.192570][ T6897] inet_twsk_alloc+0x124/0xa20 [ 156.192622][ T6897] tcp_time_wait+0x5d/0xed0 [ 156.192672][ T6897] tcp_rcv_state_process+0x2585/0x7160 [ 156.192737][ T6897] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 156.192782][ T6897] ? find_held_lock+0x2b/0x80 [ 156.192827][ T6897] ? __queue_work+0x436/0x1270 [ 156.192880][ T6897] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 156.192920][ T6897] ? tcp_v4_do_rcv+0x691/0x1260 [ 156.192956][ T6897] tcp_v4_do_rcv+0x691/0x1260 [ 156.192998][ T6897] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 156.193036][ T6897] __release_sock+0x35a/0x440 [ 156.193077][ T6897] ? __pfx_mptcp_schedule_work+0x10/0x10 [ 156.193134][ T6897] release_sock+0x1e5/0x280 [ 156.193175][ T6897] mptcp_check_send_data_fin+0x36a/0x470 [ 156.193238][ T6897] __mptcp_close+0xaa9/0xc70 [ 156.193291][ T6897] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 156.193339][ T6897] ? __pfx___mptcp_close+0x10/0x10 [ 156.193392][ T6897] ? __local_bh_enable_ip+0x9e/0x120 [ 156.193442][ T6897] mptcp_close+0x28/0xe0 [ 156.193495][ T6897] inet_release+0xed/0x200 [ 156.193533][ T6897] __sock_release+0xb3/0x260 [ 156.193576][ T6897] ? __pfx_sock_close+0x10/0x10 [ 156.193619][ T6897] sock_close+0x1c/0x30 [ 156.193659][ T6897] __fput+0x3ff/0xb50 [ 156.193720][ T6897] ? _raw_spin_unlock_irq+0x23/0x50 [ 156.193776][ T6897] task_work_run+0x150/0x240 [ 156.193813][ T6897] ? __pfx_task_work_run+0x10/0x10 [ 156.193852][ T6897] ? rcu_is_watching+0x12/0xc0 [ 156.193899][ T6897] exit_to_user_mode_loop+0x107/0x4f0 [ 156.193932][ T6897] ? rcu_is_watching+0x12/0xc0 [ 156.193978][ T6897] do_syscall_64+0x6f2/0xf80 [ 156.194030][ T6897] ? clear_bhb_loop+0x40/0x90 [ 156.194071][ T6897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 156.194105][ T6897] RIP: 0033:0x7f0a17f9ce59 [ 156.194132][ T6897] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 156.194164][ T6897] RSP: 002b:00007f0a18eb6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 156.194196][ T6897] RAX: 0000000000000000 RBX: 00007f0a18215fa0 RCX: 00007f0a17f9ce59 [ 156.194218][ T6897] RDX: 0004000000000002 RSI: fffffffffffff000 RDI: 0000000000000000 [ 156.194239][ T6897] RBP: 00007f0a18032d6f R08: 0000000000000000 R09: 0000000000000000 [ 156.194259][ T6897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 156.194279][ T6897] R13: 00007f0a18216038 R14: 00007f0a18215fa0 R15: 00007ffe8d4763b8 [ 156.194324][ T6897] [ 157.387441][ T6916] zswap: compressor not available [ 158.783820][ T6949] Falling back ldisc for ttyS2. [ 159.134271][ T6956] [U] 0 [ 159.138507][ T6955] [U] QUI [ 159.166834][ T6960] FAULT_INJECTION: forcing a failure. [ 159.166834][ T6960] name failslab, interval 1, probability 0, space 0, times 0 [ 159.199122][ T6960] CPU: 1 UID: 0 PID: 6960 Comm: syz.1.410 Tainted: G L syzkaller #0 PREEMPT(full) [ 159.199176][ T6960] Tainted: [L]=SOFTLOCKUP [ 159.199188][ T6960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 159.199208][ T6960] Call Trace: [ 159.199217][ T6960] [ 159.199229][ T6960] dump_stack_lvl+0x100/0x190 [ 159.199273][ T6960] should_fail_ex.cold+0x5/0xa [ 159.199317][ T6960] should_failslab+0xc2/0x120 [ 159.199358][ T6960] __kmalloc_cache_noprof+0x7a/0x6f0 [ 159.199407][ T6960] ? resv_map_alloc+0x7e/0x400 [ 159.199449][ T6960] resv_map_alloc+0x7e/0x400 [ 159.199486][ T6960] hugetlbfs_get_inode+0x385/0x700 [ 159.199540][ T6960] ? do_raw_spin_lock+0x128/0x260 [ 159.199586][ T6960] hugetlb_file_setup+0x15b/0x5b0 [ 159.199643][ T6960] memfd_alloc_file+0xc2/0x610 [ 159.199696][ T6960] ? _raw_spin_unlock+0x28/0x50 [ 159.199744][ T6960] ? __pfx_memfd_alloc_file+0x10/0x10 [ 159.199811][ T6960] __do_sys_memfd_create+0x236/0x3d0 [ 159.199871][ T6960] do_syscall_64+0x10b/0xf80 [ 159.199924][ T6960] ? clear_bhb_loop+0x40/0x90 [ 159.199976][ T6960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.200012][ T6960] RIP: 0033:0x7fb74c79ce59 [ 159.200040][ T6960] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.200073][ T6960] RSP: 002b:00007fb74d5b0028 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 159.200105][ T6960] RAX: ffffffffffffffda RBX: 00007fb74ca16090 RCX: 00007fb74c79ce59 [ 159.200127][ T6960] RDX: 0000000000000000 RSI: 0000000000000007 RDI: 0000000000000000 [ 159.200147][ T6960] RBP: 00007fb74c832d6f R08: 0000000000000000 R09: 0000000000000000 [ 159.200167][ T6960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 159.200186][ T6960] R13: 00007fb74ca16128 R14: 00007fb74ca16090 R15: 00007ffd6f7fbbc8 [ 159.200226][ T6960] [ 162.055955][ T7033] FAULT_INJECTION: forcing a failure. [ 162.055955][ T7033] name failslab, interval 1, probability 0, space 0, times 0 [ 162.119224][ T7033] CPU: 0 UID: 0 PID: 7033 Comm: syz.2.431 Tainted: G L syzkaller #0 PREEMPT(full) [ 162.119281][ T7033] Tainted: [L]=SOFTLOCKUP [ 162.119294][ T7033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 162.119322][ T7033] Call Trace: [ 162.119333][ T7033] [ 162.119346][ T7033] dump_stack_lvl+0x100/0x190 [ 162.119389][ T7033] should_fail_ex.cold+0x5/0xa [ 162.119432][ T7033] should_failslab+0xc2/0x120 [ 162.119473][ T7033] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 162.119530][ T7033] ? security_inode_alloc+0x3b/0x2c0 [ 162.119566][ T7033] ? lockdep_init_map_type+0x5c/0x250 [ 162.119607][ T7033] security_inode_alloc+0x3b/0x2c0 [ 162.119645][ T7033] inode_init_always_gfp+0xcc0/0x1000 [ 162.119697][ T7033] alloc_inode+0x8e/0x250 [ 162.119752][ T7033] path_from_stashed+0x25b/0x750 [ 162.119810][ T7033] pidfs_alloc_file+0xf8/0x290 [ 162.119852][ T7033] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 162.119907][ T7033] pidfd_prepare+0x10c/0x1b0 [ 162.119959][ T7033] __x64_sys_pidfd_open+0x105/0x1a0 [ 162.119994][ T7033] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 162.120031][ T7033] ? rcu_is_watching+0x12/0xc0 [ 162.120078][ T7033] do_syscall_64+0x10b/0xf80 [ 162.120132][ T7033] ? clear_bhb_loop+0x40/0x90 [ 162.120175][ T7033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.120211][ T7033] RIP: 0033:0x7f0a17f9ce59 [ 162.120239][ T7033] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 162.120271][ T7033] RSP: 002b:00007f0a18eb6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 162.120311][ T7033] RAX: ffffffffffffffda RBX: 00007f0a18215fa0 RCX: 00007f0a17f9ce59 [ 162.120334][ T7033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 162.120354][ T7033] RBP: 00007f0a18032d6f R08: 0000000000000000 R09: 0000000000000000 [ 162.120375][ T7033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 162.120394][ T7033] R13: 00007f0a18216038 R14: 00007f0a18215fa0 R15: 00007ffe8d4763b8 [ 162.120438][ T7033] [ 163.520444][ C1] sd 0:0:1:0: [sda] tag#6627 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 163.530999][ C1] sd 0:0:1:0: [sda] tag#6627 CDB: Read(6) 08 00 00 00 09 00 00 00 00 00 00 00 [ 164.157378][ T7069] netlink: 'syz.1.444': attribute type 16 has an invalid length. [ 164.177037][ T7069] netlink: 330 bytes leftover after parsing attributes in process `syz.1.444'. [ 165.469897][ T7096] netlink: 322 bytes leftover after parsing attributes in process `syz.2.453'. [ 165.618049][ T7098] netlink: 330 bytes leftover after parsing attributes in process `syz.1.454'. [ 165.920686][ T7104] netlink: 4 bytes leftover after parsing attributes in process `syz.1.465'. [ 165.943942][ T7104] netlink: 25 bytes leftover after parsing attributes in process `syz.1.465'. [ 166.905885][ T7134] netlink: 354 bytes leftover after parsing attributes in process `syz.2.469'. [ 167.378384][ T7146] netlink: 346 bytes leftover after parsing attributes in process `syz.2.481'. [ 167.930005][ T7157] netlink: 266 bytes leftover after parsing attributes in process `syz.1.476'. [ 167.939251][ T7157] IPv6: NLM_F_CREATE should be specified when creating new route [ 168.324951][ T7161] futex_wake_op: syz.1.478 tries to shift op by -2048; fix this program [ 169.102930][ T7186] netlink: 334 bytes leftover after parsing attributes in process `syz.3.489'. [ 169.406990][ T7194] netlink: 330 bytes leftover after parsing attributes in process `syz.0.492'. [ 169.679013][ T7202] FAULT_INJECTION: forcing a failure. [ 169.679013][ T7202] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 169.716787][ T7202] CPU: 1 UID: 0 PID: 7202 Comm: syz.1.496 Tainted: G L syzkaller #0 PREEMPT(full) [ 169.716835][ T7202] Tainted: [L]=SOFTLOCKUP [ 169.716845][ T7202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 169.716862][ T7202] Call Trace: [ 169.716872][ T7202] [ 169.716882][ T7202] dump_stack_lvl+0x100/0x190 [ 169.716920][ T7202] should_fail_ex.cold+0x5/0xa [ 169.716951][ T7202] ? prepare_alloc_pages+0x16d/0x5f0 [ 169.716992][ T7202] should_fail_alloc_page+0xeb/0x140 [ 169.717028][ T7202] prepare_alloc_pages+0x1f0/0x5f0 [ 169.717064][ T7202] ? rcu_is_watching+0x12/0xc0 [ 169.717107][ T7202] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 169.717163][ T7202] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 169.717235][ T7202] ? find_held_lock+0x2b/0x80 [ 169.717275][ T7202] ? rcu_read_unlock+0x17/0x60 [ 169.717317][ T7202] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 169.717370][ T7202] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 169.717429][ T7202] ? rcu_is_watching+0x12/0xc0 [ 169.717478][ T7202] ? trace_mm_page_alloc+0x163/0x1d0 [ 169.717519][ T7202] ? __lock_acquire+0x4a5/0x2630 [ 169.717546][ T7202] ? css_rstat_updated+0x1ce/0x5a0 [ 169.717611][ T7202] ? __lock_acquire+0x4a5/0x2630 [ 169.717639][ T7202] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 169.717688][ T7202] ? policy_nodemask+0xed/0x4f0 [ 169.717728][ T7202] alloc_pages_mpol+0x1fb/0x540 [ 169.717765][ T7202] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 169.717803][ T7202] ? find_held_lock+0x2b/0x80 [ 169.717841][ T7202] ? __pud_alloc+0x4f6/0x690 [ 169.717879][ T7202] ? __pud_alloc+0x4f6/0x690 [ 169.717922][ T7202] alloc_pages_noprof+0x1a/0x160 [ 169.717965][ T7202] __pmd_alloc+0x3b/0x950 [ 169.718002][ T7202] ? __pud_alloc+0x4fb/0x690 [ 169.718042][ T7202] walk_to_pmd+0x3a3/0x4c0 [ 169.718082][ T7202] get_locked_pte+0x25/0xc0 [ 169.718119][ T7202] map_ldt_struct+0x3c1/0xa70 [ 169.718166][ T7202] ? __pfx_map_ldt_struct+0x10/0x10 [ 169.718204][ T7202] ? alloc_pages_noprof+0xf9/0x160 [ 169.718248][ T7202] write_ldt+0x6d3/0xd40 [ 169.718292][ T7202] ? __pfx_write_ldt+0x10/0x10 [ 169.718332][ T7202] ? xfd_validate_state+0x129/0x190 [ 169.718363][ T7202] ? ksys_write+0x1ac/0x250 [ 169.718406][ T7202] __x64_sys_modify_ldt+0xb1/0x170 [ 169.718439][ T7202] do_syscall_64+0x10b/0xf80 [ 169.718477][ T7202] ? clear_bhb_loop+0x40/0x90 [ 169.718511][ T7202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.718539][ T7202] RIP: 0033:0x7fb74c79ce59 [ 169.718561][ T7202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 169.718588][ T7202] RSP: 002b:00007fb74d5d1028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 169.718626][ T7202] RAX: ffffffffffffffda RBX: 00007fb74ca15fa0 RCX: 00007fb74c79ce59 [ 169.718644][ T7202] RDX: 0000000000000010 RSI: 0000200000000140 RDI: 0000000000000001 [ 169.718661][ T7202] RBP: 00007fb74c832d6f R08: 0000000000000000 R09: 0000000000000000 [ 169.718680][ T7202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 169.718698][ T7202] R13: 00007fb74ca16038 R14: 00007fb74ca15fa0 R15: 00007ffd6f7fbbc8 [ 169.718739][ T7202] [ 171.149798][ T7226] netlink: 330 bytes leftover after parsing attributes in process `syz.3.504'. [ 173.277614][ T7269] FAULT_INJECTION: forcing a failure. [ 173.277614][ T7269] name failslab, interval 1, probability 0, space 0, times 0 [ 173.337301][ T7269] CPU: 1 UID: 0 PID: 7269 Comm: syz.1.525 Tainted: G L syzkaller #0 PREEMPT(full) [ 173.337354][ T7269] Tainted: [L]=SOFTLOCKUP [ 173.337366][ T7269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 173.337385][ T7269] Call Trace: [ 173.337397][ T7269] [ 173.337411][ T7269] dump_stack_lvl+0x100/0x190 [ 173.337456][ T7269] should_fail_ex.cold+0x5/0xa [ 173.337500][ T7269] should_failslab+0xc2/0x120 [ 173.337541][ T7269] __kmalloc_cache_noprof+0x7a/0x6f0 [ 173.337590][ T7269] ? __request_module+0x2c3/0x6c0 [ 173.337630][ T7269] ? lockdep_hardirqs_on+0x78/0x100 [ 173.337692][ T7269] __request_module+0x2c3/0x6c0 [ 173.337732][ T7269] ? __pfx___request_module+0x10/0x10 [ 173.337814][ T7269] xt_request_find_table_lock+0x9f/0xf0 [ 173.337881][ T7269] get_info+0x1a4/0x600 [ 173.337927][ T7269] ? __pfx_get_info+0x10/0x10 [ 173.337975][ T7269] ? lock_acquire+0x1b1/0x370 [ 173.338015][ T7269] ? rcu_is_watching+0x12/0xc0 [ 173.338058][ T7269] ? rcu_is_watching+0x12/0xc0 [ 173.338106][ T7269] ? bpf_lsm_capable+0x9/0x10 [ 173.338144][ T7269] ? security_capable+0x80/0x260 [ 173.338203][ T7269] do_arpt_get_ctl+0x168/0x900 [ 173.338251][ T7269] ? __pfx_do_arpt_get_ctl+0x10/0x10 [ 173.338315][ T7269] ? nf_sockopt_find.isra.0+0x222/0x290 [ 173.338356][ T7269] nf_getsockopt+0x7c/0xe0 [ 173.338391][ T7269] ip_getsockopt+0x192/0x1e0 [ 173.338432][ T7269] ? __pfx_ip_getsockopt+0x10/0x10 [ 173.338483][ T7269] tcp_getsockopt+0xa1/0x110 [ 173.338534][ T7269] smc_getsockopt+0x165/0x390 [ 173.338577][ T7269] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 173.338629][ T7269] ? __pfx_smc_getsockopt+0x10/0x10 [ 173.338669][ T7269] ? __pfx_copy_from_sockptr_offset.constprop.0+0x10/0x10 [ 173.338729][ T7269] ? __pfx_smc_getsockopt+0x10/0x10 [ 173.338774][ T7269] do_sock_getsockopt+0x50a/0x6e0 [ 173.338821][ T7269] ? __lock_acquire+0x4a5/0x2630 [ 173.338868][ T7269] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 173.338931][ T7269] ? find_held_lock+0x2b/0x80 [ 173.338982][ T7269] ? __fget_files+0x21f/0x3d0 [ 173.339031][ T7269] __sys_getsockopt+0x133/0x1d0 [ 173.339081][ T7269] ? __x64_sys_getsockopt+0xbd/0x160 [ 173.339127][ T7269] __x64_sys_getsockopt+0xbd/0x160 [ 173.339162][ T7269] ? do_syscall_64+0x90/0xf80 [ 173.339212][ T7269] ? lockdep_hardirqs_on+0x78/0x100 [ 173.339263][ T7269] do_syscall_64+0x10b/0xf80 [ 173.339310][ T7269] ? clear_bhb_loop+0x40/0x90 [ 173.339350][ T7269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.339384][ T7269] RIP: 0033:0x7fb74c79ce59 [ 173.339411][ T7269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 173.339442][ T7269] RSP: 002b:00007fb74d5d1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 173.339472][ T7269] RAX: ffffffffffffffda RBX: 00007fb74ca15fa0 RCX: 00007fb74c79ce59 [ 173.339492][ T7269] RDX: 0000000000000060 RSI: 0000000000000000 RDI: 0000000000000005 [ 173.339510][ T7269] RBP: 00007fb74c832d6f R08: 00002000000000c0 R09: 0000000000000000 [ 173.339529][ T7269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 173.339546][ T7269] R13: 00007fb74ca16038 R14: 00007fb74ca15fa0 R15: 00007ffd6f7fbbc8 [ 173.339587][ T7269] [ 173.930063][ T7275] netlink: 'syz.2.519': attribute type 4 has an invalid length. [ 173.938130][ T7275] netlink: 314 bytes leftover after parsing attributes in process `syz.2.519'. [ 173.965425][ T7278] [U] [ 173.968185][ T7278] [U] [ 173.981775][ T7276] [U] [ 174.405340][ T7293] bond0: option arp_interval: invalid value () [ 174.412731][ T7293] bond0: option arp_interval: allowed values 0 - 2147483647 [ 175.107569][ T7311] netlink: 16 bytes leftover after parsing attributes in process `syz.0.532'. [ 175.647460][ T7321] netlink: 342 bytes leftover after parsing attributes in process `syz.3.537'. [ 175.673747][ T7321] IPv6: NLM_F_CREATE should be specified when creating new route [ 175.695557][ T7321] IPv6: Can't replace route, no match found [ 175.903009][ T7325] FAULT_INJECTION: forcing a failure. [ 175.903009][ T7325] name failslab, interval 1, probability 0, space 0, times 0 [ 175.937719][ T7325] CPU: 1 UID: 0 PID: 7325 Comm: syz.3.539 Tainted: G L syzkaller #0 PREEMPT(full) [ 175.937773][ T7325] Tainted: [L]=SOFTLOCKUP [ 175.937785][ T7325] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 175.937805][ T7325] Call Trace: [ 175.937816][ T7325] [ 175.937828][ T7325] dump_stack_lvl+0x100/0x190 [ 175.937874][ T7325] should_fail_ex.cold+0x5/0xa [ 175.937918][ T7325] ? usb_hcd_submit_urb+0x601/0x2150 [ 175.937961][ T7325] should_failslab+0xc2/0x120 [ 175.938003][ T7325] __kmalloc_noprof+0xe0/0x850 [ 175.938034][ T7325] ? mark_held_locks+0x40/0x70 [ 175.938073][ T7325] usb_hcd_submit_urb+0x601/0x2150 [ 175.938145][ T7325] usb_submit_urb+0x8aa/0x1910 [ 175.938202][ T7325] ? __init_swait_queue_head+0xca/0x150 [ 175.938249][ T7325] usb_start_wait_urb+0x10e/0x580 [ 175.938302][ T7325] ? __pfx_usb_start_wait_urb+0x10/0x10 [ 175.938368][ T7325] ? __asan_memset+0x23/0x50 [ 175.938428][ T7325] usb_control_msg+0x328/0x4b0 [ 175.938480][ T7325] ? __pfx_usb_control_msg+0x10/0x10 [ 175.938542][ T7325] usb_control_msg_send+0xca/0x130 [ 175.938604][ T7325] usb_set_configuration+0xb8f/0x1c60 [ 175.938644][ T7325] ? kernfs_fop_write_iter+0x2c2/0x5f0 [ 175.938718][ T7325] ? __pfx_remove_store+0x10/0x10 [ 175.938751][ T7325] remove_store+0x9b/0xc0 [ 175.938785][ T7325] dev_attr_store+0x58/0x80 [ 175.938832][ T7325] ? __pfx_dev_attr_store+0x10/0x10 [ 175.938878][ T7325] sysfs_kf_write+0xf2/0x150 [ 175.938914][ T7325] kernfs_fop_write_iter+0x3e0/0x5f0 [ 175.938962][ T7325] ? __pfx_sysfs_kf_write+0x10/0x10 [ 175.938999][ T7325] vfs_write+0x6ac/0x1070 [ 175.939040][ T7325] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 175.939104][ T7325] ? __pfx_vfs_write+0x10/0x10 [ 175.939177][ T7325] ksys_write+0x12a/0x250 [ 175.939219][ T7325] ? __pfx_ksys_write+0x10/0x10 [ 175.939259][ T7325] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 175.939316][ T7325] ? syscall_user_dispatch+0x76/0x130 [ 175.939360][ T7325] do_syscall_64+0x10b/0xf80 [ 175.939414][ T7325] ? clear_bhb_loop+0x40/0x90 [ 175.939455][ T7325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.939490][ T7325] RIP: 0033:0x7f3e64f9ce59 [ 175.939519][ T7325] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 175.939552][ T7325] RSP: 002b:00007f3e65d7e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 175.939584][ T7325] RAX: ffffffffffffffda RBX: 00007f3e65215fa0 RCX: 00007f3e64f9ce59 [ 175.939606][ T7325] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 175.939626][ T7325] RBP: 00007f3e65032d6f R08: 0000000000000000 R09: 0000000000000000 [ 175.939645][ T7325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 175.939664][ T7325] R13: 00007f3e65216038 R14: 00007f3e65215fa0 R15: 00007ffe813374c8 [ 175.939707][ T7325] [ 179.080648][ T7392] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 179.129846][ T7397] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.2.563: 1 [ 179.711198][ T7418] netlink: 4 bytes leftover after parsing attributes in process `syz.3.572'. [ 179.750746][ T7418] netlink: 13 bytes leftover after parsing attributes in process `syz.3.572'. [ 180.105467][ T7428] FAULT_INJECTION: forcing a failure. [ 180.105467][ T7428] name fail_futex, interval 1, probability 0, space 0, times 0 [ 180.141701][ T7428] CPU: 1 UID: 0 PID: 7428 Comm: syz.1.577 Tainted: G L syzkaller #0 PREEMPT(full) [ 180.141757][ T7428] Tainted: [L]=SOFTLOCKUP [ 180.141769][ T7428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 180.141789][ T7428] Call Trace: [ 180.141803][ T7428] [ 180.141815][ T7428] dump_stack_lvl+0x100/0x190 [ 180.141857][ T7428] should_fail_ex.cold+0x5/0xa [ 180.141899][ T7428] get_futex_key+0x1d2/0x1510 [ 180.141950][ T7428] ? __pfx_get_futex_key+0x10/0x10 [ 180.141998][ T7428] futex_wait_setup+0x83/0x510 [ 180.142073][ T7428] __futex_wait+0x19f/0x300 [ 180.142122][ T7428] ? __pfx___futex_wait+0x10/0x10 [ 180.142175][ T7428] ? __pfx_futex_wake_mark+0x10/0x10 [ 180.142229][ T7428] ? futex_hash+0x2ad/0x370 [ 180.142264][ T7428] ? futex_hash+0x141/0x370 [ 180.142302][ T7428] futex_wait+0xe6/0x370 [ 180.142347][ T7428] ? __pfx_futex_wait+0x10/0x10 [ 180.142389][ T7428] ? path_setxattrat+0x21c/0x3b0 [ 180.142457][ T7428] do_futex+0x1ef/0x350 [ 180.142495][ T7428] ? __pfx_do_futex+0x10/0x10 [ 180.142544][ T7428] __x64_sys_futex+0x34f/0x4d0 [ 180.142588][ T7428] ? __pfx___x64_sys_futex+0x10/0x10 [ 180.142624][ T7428] ? ksys_write+0x1ac/0x250 [ 180.142665][ T7428] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 180.142712][ T7428] ? rcu_is_watching+0x12/0xc0 [ 180.142760][ T7428] do_syscall_64+0x10b/0xf80 [ 180.142814][ T7428] ? clear_bhb_loop+0x40/0x90 [ 180.142855][ T7428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 180.142890][ T7428] RIP: 0033:0x7fb74c79ce59 [ 180.142916][ T7428] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 180.142964][ T7428] RSP: 002b:00007fb74d5d10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 180.142996][ T7428] RAX: ffffffffffffffda RBX: 00007fb74ca15fa8 RCX: 00007fb74c79ce59 [ 180.143018][ T7428] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb74ca15fa8 [ 180.143038][ T7428] RBP: 00007fb74ca15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 180.143059][ T7428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 180.143078][ T7428] R13: 00007fb74ca16038 R14: 00007ffd6f7fbae0 R15: 00007ffd6f7fbbc8 [ 180.143120][ T7428] [ 180.931693][ T7439] netlink: 4 bytes leftover after parsing attributes in process `syz.3.581'. [ 180.970321][ T7439] netlink: 5 bytes leftover after parsing attributes in process `syz.3.581'. [ 180.993911][ T7439] netlink: 16 bytes leftover after parsing attributes in process `syz.3.581'. [ 181.354954][ T7445] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 182.067837][ T30] audit: type=1800 audit(1779313155.995:3): pid=7462 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.588" name="dbroot" dev="configfs" ino=18192 res=0 errno=0 [ 182.372059][ T7464] netlink: 334 bytes leftover after parsing attributes in process `syz.2.590'. [ 182.393122][ T7469] netlink: 'syz.1.591': attribute type 5 has an invalid length. [ 182.401511][ T7469] netlink: 314 bytes leftover after parsing attributes in process `syz.1.591'. [ 182.843352][ T7480] netlink: 18 bytes leftover after parsing attributes in process `syz.1.596'. [ 182.910441][ T7481] ubi0: attaching mtd0 [ 182.954161][ T7481] ubi0: scanning is finished [ 182.963464][ T7481] ubi0: empty MTD device detected [ 183.492938][ T7481] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 183.501779][ T7481] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 183.521546][ T7481] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 183.540117][ T7481] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 183.572452][ T7481] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 183.588637][ T7481] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 183.600493][ T7481] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3329655169 [ 183.636715][ T7481] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 183.670185][ T7495] ubi0: background thread "ubi_bgt0d" started, PID 7495 [ 184.681027][ T7507] netlink: 326 bytes leftover after parsing attributes in process `syz.0.603'. [ 185.671439][ T7530] netlink: 346 bytes leftover after parsing attributes in process `syz.0.613'. [ 186.219123][ T7543] netlink: 146 bytes leftover after parsing attributes in process `syz.1.617'. [ 187.774822][ T7564] netlink: 'syz.2.625': attribute type 33 has an invalid length. [ 189.785944][ T5630] Bluetooth: hci2: unexpected subevent 0x01 length: 3 < 18 [ 190.354082][ T7631] netlink: 146 bytes leftover after parsing attributes in process `syz.1.646'. [ 193.226411][ T7683] FAULT_INJECTION: forcing a failure. [ 193.226411][ T7683] name failslab, interval 1, probability 0, space 0, times 0 [ 193.252538][ T7683] CPU: 0 UID: 0 PID: 7683 Comm: syz.2.664 Tainted: G L syzkaller #0 PREEMPT(full) [ 193.252590][ T7683] Tainted: [L]=SOFTLOCKUP [ 193.252602][ T7683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 193.252620][ T7683] Call Trace: [ 193.252637][ T7683] [ 193.252650][ T7683] dump_stack_lvl+0x100/0x190 [ 193.252693][ T7683] should_fail_ex.cold+0x5/0xa [ 193.252737][ T7683] should_failslab+0xc2/0x120 [ 193.252794][ T7683] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 193.252851][ T7683] ? xas_split_alloc+0x11c/0x4a0 [ 193.252917][ T7683] xas_split_alloc+0x11c/0x4a0 [ 193.252984][ T7683] __folio_split+0x5e5/0x1690 [ 193.253048][ T7683] ? __pfx___folio_split+0x10/0x10 [ 193.253111][ T7683] ? __pfx___might_resched+0x10/0x10 [ 193.253159][ T7683] madvise_cold_or_pageout_pte_range+0xf8c/0x2620 [ 193.253227][ T7683] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 193.253279][ T7683] ? stack_trace_save+0x8e/0xc0 [ 193.253335][ T7683] ? register_lock_class+0x40/0x560 [ 193.253371][ T7683] ? __pfx_madvise_cold_or_pageout_pte_range+0x10/0x10 [ 193.253422][ T7683] walk_pgd_range+0xc1a/0x1dd0 [ 193.253486][ T7683] ? __pfx_walk_pgd_range+0x10/0x10 [ 193.253533][ T7683] __walk_page_range+0x163/0x820 [ 193.253569][ T7683] ? do_raw_spin_lock+0x128/0x260 [ 193.253625][ T7683] walk_page_range_vma_unsafe+0x209/0x8f0 [ 193.253675][ T7683] ? __pfx_walk_page_range_vma_unsafe+0x10/0x10 [ 193.253721][ T7683] ? find_held_lock+0x2b/0x80 [ 193.253765][ T7683] ? mlock_drain_local+0x254/0x4e0 [ 193.253797][ T7683] ? mlock_drain_local+0x254/0x4e0 [ 193.253838][ T7683] walk_page_range_vma+0x63/0x90 [ 193.253878][ T7683] madvise_pageout+0x259/0x540 [ 193.253924][ T7683] ? __pfx_madvise_pageout+0x10/0x10 [ 193.253968][ T7683] ? rcu_is_watching+0x12/0xc0 [ 193.254028][ T7683] ? mtree_range_walk+0x72b/0xb70 [ 193.254083][ T7683] madvise_vma_behavior+0x4f7/0x2200 [ 193.254136][ T7683] ? __pfx_madvise_vma_behavior+0x10/0x10 [ 193.254201][ T7683] ? find_vma_prev+0xd8/0x150 [ 193.254241][ T7683] ? futex_unqueue+0x133/0x2c0 [ 193.254276][ T7683] ? __pfx_find_vma_prev+0x10/0x10 [ 193.254334][ T7683] ? __futex_wait+0x256/0x300 [ 193.254387][ T7683] madvise_walk_vmas+0x2fe/0xa90 [ 193.254441][ T7683] ? __pfx_madvise_walk_vmas+0x10/0x10 [ 193.254500][ T7683] madvise_do_behavior+0x1ea/0x510 [ 193.254551][ T7683] ? __pfx_madvise_do_behavior+0x10/0x10 [ 193.254599][ T7683] ? down_read+0x13b/0x450 [ 193.254662][ T7683] do_madvise+0x195/0x240 [ 193.254708][ T7683] ? __pfx_do_madvise+0x10/0x10 [ 193.254754][ T7683] ? do_futex+0x192/0x350 [ 193.254800][ T7683] ? __sys_sendmsg+0x18f/0x220 [ 193.254858][ T7683] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 193.254919][ T7683] __x64_sys_madvise+0xa9/0x110 [ 193.254964][ T7683] ? lockdep_hardirqs_on+0x78/0x100 [ 193.255017][ T7683] do_syscall_64+0x10b/0xf80 [ 193.255069][ T7683] ? clear_bhb_loop+0x40/0x90 [ 193.255111][ T7683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 193.255146][ T7683] RIP: 0033:0x7f0a17f9ce59 [ 193.255172][ T7683] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 193.255204][ T7683] RSP: 002b:00007f0a18eb6028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 193.255237][ T7683] RAX: ffffffffffffffda RBX: 00007f0a18215fa0 RCX: 00007f0a17f9ce59 [ 193.255259][ T7683] RDX: 0000000000000015 RSI: 0000000000000081 RDI: 0000000000000000 [ 193.255278][ T7683] RBP: 00007f0a18032d6f R08: 0000000000000000 R09: 0000000000000000 [ 193.255298][ T7683] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 193.255317][ T7683] R13: 00007f0a18216038 R14: 00007f0a18215fa0 R15: 00007ffe8d4763b8 [ 193.255361][ T7683] [ 193.706795][ T7668] kexec: Could not allocate control_code_buffer [ 194.311145][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.318716][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.996147][ T7733] netlink: 4 bytes leftover after parsing attributes in process `syz.1.683'. [ 196.023771][ T7733] netlink: 13 bytes leftover after parsing attributes in process `syz.1.683'. [ 196.861744][ T7748] netlink: 346 bytes leftover after parsing attributes in process `syz.0.689'. [ 197.353834][ T7759] netlink: 504 bytes leftover after parsing attributes in process `syz.1.692'. [ 197.465734][ T7755] netlink: 'syz.2.691': attribute type 8 has an invalid length. [ 198.366304][ T7788] netlink: 'syz.0.705': attribute type 21 has an invalid length. [ 198.404310][ T7788] netlink: 334 bytes leftover after parsing attributes in process `syz.0.705'. [ 199.847320][ T7818] block nbd2: not configured, cannot reconfigure [ 200.855911][ T50] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 200.866067][ T50] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 200.877086][ T50] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 200.887867][ T50] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 200.896185][ T50] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 202.000340][ T7832] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.007964][ T7832] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.015340][ T7832] bridge_slave_0: entered allmulticast mode [ 202.023121][ T7832] bridge_slave_0: entered promiscuous mode [ 202.032176][ T7832] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.039684][ T7832] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.047147][ T7832] bridge_slave_1: entered allmulticast mode [ 202.055443][ T7832] bridge_slave_1: entered promiscuous mode [ 202.110409][ T7832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.137256][ T7832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 202.182258][ T7832] team0: Port device team_slave_0 added [ 202.191400][ T7832] team0: Port device team_slave_1 added [ 202.264917][ T7832] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 202.282983][ T7832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 202.310370][ T7832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 202.330247][ T7832] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 202.337538][ T7832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 202.364051][ T7832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.453595][ T7832] hsr_slave_0: entered promiscuous mode [ 202.460756][ T7832] hsr_slave_1: entered promiscuous mode [ 202.468270][ T7832] debugfs: 'hsr0' already exists in 'hsr' [ 202.478535][ T7832] Cannot create hsr debugfs directory [ 202.707464][ T7832] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 202.718587][ T7832] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 202.726953][ T7832] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 202.738558][ T7832] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 202.747807][ T7832] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 202.759180][ T7832] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 202.767620][ T7832] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 202.782128][ T7832] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 202.881797][ T7832] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.905552][ T7832] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.918691][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.925968][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 202.943248][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.950496][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 202.960004][ T5630] Bluetooth: hci4: command tx timeout [ 203.349247][ T7893] netlink: 342 bytes leftover after parsing attributes in process `syz.0.735'. [ 203.762309][ T7832] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 204.085083][ T7911] FAULT_INJECTION: forcing a failure. [ 204.085083][ T7911] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 204.101763][ T7911] CPU: 0 UID: 0 PID: 7911 Comm: syz.2.739 Tainted: G L syzkaller #0 PREEMPT(full) [ 204.101820][ T7911] Tainted: [L]=SOFTLOCKUP [ 204.101833][ T7911] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 204.101852][ T7911] Call Trace: [ 204.101862][ T7911] [ 204.101874][ T7911] dump_stack_lvl+0x100/0x190 [ 204.101918][ T7911] should_fail_ex.cold+0x5/0xa [ 204.101962][ T7911] strncpy_from_user+0x3b/0x2d0 [ 204.102005][ T7911] do_getname+0x271/0x390 [ 204.102061][ T7911] acct_on+0x91/0x9e0 [ 204.102104][ T7911] ? __pfx_acct_on+0x10/0x10 [ 204.102147][ T7911] ? bpf_lsm_capable+0x9/0x10 [ 204.102196][ T7911] ? security_capable+0x80/0x260 [ 204.102263][ T7911] __x64_sys_acct+0x81/0x1e0 [ 204.102303][ T7911] ? lockdep_hardirqs_on+0x78/0x100 [ 204.102354][ T7911] do_syscall_64+0x10b/0xf80 [ 204.102403][ T7911] ? clear_bhb_loop+0x40/0x90 [ 204.102442][ T7911] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 204.102474][ T7911] RIP: 0033:0x7f0a17f9ce59 [ 204.102499][ T7911] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 204.102529][ T7911] RSP: 002b:00007f0a18eb6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 [ 204.102558][ T7911] RAX: ffffffffffffffda RBX: 00007f0a18215fa0 RCX: 00007f0a17f9ce59 [ 204.102578][ T7911] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000440 [ 204.102598][ T7911] RBP: 00007f0a18032d6f R08: 0000000000000000 R09: 0000000000000000 [ 204.102616][ T7911] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.102635][ T7911] R13: 00007f0a18216038 R14: 00007f0a18215fa0 R15: 00007ffe8d4763b8 [ 204.102683][ T7911] [ 204.685059][ T7832] veth0_vlan: entered promiscuous mode [ 204.718298][ T7832] veth1_vlan: entered promiscuous mode [ 204.777129][ T7832] veth0_macvtap: entered promiscuous mode [ 204.799846][ T7832] veth1_macvtap: entered promiscuous mode [ 204.840854][ T7832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 204.861513][ T7832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 204.912708][ T13] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.950458][ T13] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 204.980815][ T13] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.009815][ T13] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 205.039851][ T5630] Bluetooth: hci4: command tx timeout [ 205.170680][ T81] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.187731][ T81] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.247687][ T1174] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 205.266893][ T1174] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 205.311319][ T7933] FAULT_INJECTION: forcing a failure. [ 205.311319][ T7933] name failslab, interval 1, probability 0, space 0, times 0 [ 205.354464][ T7933] CPU: 0 UID: 0 PID: 7933 Comm: syz.2.745 Tainted: G L syzkaller #0 PREEMPT(full) [ 205.354514][ T7933] Tainted: [L]=SOFTLOCKUP [ 205.354525][ T7933] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 205.354545][ T7933] Call Trace: [ 205.354555][ T7933] [ 205.354568][ T7933] dump_stack_lvl+0x100/0x190 [ 205.354609][ T7933] should_fail_ex.cold+0x5/0xa [ 205.354653][ T7933] should_failslab+0xc2/0x120 [ 205.354692][ T7933] __kmalloc_cache_noprof+0x7a/0x6f0 [ 205.354743][ T7933] ? iommufd_fops_open+0x45/0x330 [ 205.354803][ T7933] iommufd_fops_open+0x45/0x330 [ 205.354852][ T7933] ? __pfx_iommufd_fops_open+0x10/0x10 [ 205.354915][ T7933] misc_open+0x26d/0x450 [ 205.354957][ T7933] ? __pfx_misc_open+0x10/0x10 [ 205.354998][ T7933] chrdev_open+0x234/0x6a0 [ 205.355041][ T7933] ? __pfx_apparmor_file_open+0x10/0x10 [ 205.355075][ T7933] ? __pfx_chrdev_open+0x10/0x10 [ 205.355130][ T7933] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 205.355186][ T7933] do_dentry_open+0x6d8/0x1660 [ 205.355227][ T7933] ? __pfx_chrdev_open+0x10/0x10 [ 205.355280][ T7933] vfs_open+0x82/0x3f0 [ 205.355335][ T7933] path_openat+0x208c/0x31a0 [ 205.355391][ T7933] ? __pfx_path_openat+0x10/0x10 [ 205.355448][ T7933] do_file_open+0x20e/0x430 [ 205.355512][ T7933] ? __pfx_do_file_open+0x10/0x10 [ 205.355586][ T7933] ? alloc_fd+0x476/0x790 [ 205.355632][ T7933] ? do_getname+0x191/0x390 [ 205.355687][ T7933] do_sys_openat2+0x10d/0x1e0 [ 205.355740][ T7933] ? __pfx_do_sys_openat2+0x10/0x10 [ 205.355795][ T7933] ? do_raw_spin_lock+0x128/0x260 [ 205.355845][ T7933] __x64_sys_openat+0x12d/0x210 [ 205.355904][ T7933] ? __pfx___x64_sys_openat+0x10/0x10 [ 205.355967][ T7933] ? rcu_is_watching+0x12/0xc0 [ 205.356014][ T7933] do_syscall_64+0x10b/0xf80 [ 205.356066][ T7933] ? clear_bhb_loop+0x40/0x90 [ 205.356108][ T7933] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 205.356149][ T7933] RIP: 0033:0x7f0a17f9ce59 [ 205.356176][ T7933] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 205.356209][ T7933] RSP: 002b:00007f0a18e95028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 205.356253][ T7933] RAX: ffffffffffffffda RBX: 00007f0a18216090 RCX: 00007f0a17f9ce59 [ 205.356274][ T7933] RDX: 0000000000040000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 205.356294][ T7933] RBP: 00007f0a18032d6f R08: 0000000000000000 R09: 0000000000000000 [ 205.356313][ T7933] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 205.356332][ T7933] R13: 00007f0a18216128 R14: 00007f0a18216090 R15: 00007ffe8d4763b8 [ 205.356374][ T7933] [ 205.871704][ T30] audit: type=1800 audit(1779313179.783:4): pid=7939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.746" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 207.116118][ T5630] Bluetooth: hci4: command tx timeout [ 207.430513][ T7969] netlink: 12 bytes leftover after parsing attributes in process `syz.4.757'. [ 208.397228][ T7994] hub 1-0:1.0: USB hub found [ 208.417919][ T7994] hub 1-0:1.0: 1 port detected [ 208.524298][ T7995] hub 1-0:1.0: USB hub found [ 208.530237][ T7995] hub 1-0:1.0: 1 port detected [ 209.197742][ T5630] Bluetooth: hci4: command tx timeout [ 209.726031][ T8024] netlink: 12 bytes leftover after parsing attributes in process `syz.0.785'. [ 211.026565][ T8026] kexec: Could not allocate control_code_buffer [ 214.739429][ T50] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 214.752660][ T50] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 214.769463][ T50] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 214.781206][ T50] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 214.792862][ T50] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 215.093449][ T8102] sctp: [Deprecated]: syz.0.796 (pid 8102) Use of struct sctp_assoc_value in delayed_ack socket option. [ 215.093449][ T8102] Use struct sctp_sack_info instead [ 215.603579][ T8120] hub 1-0:1.0: USB hub found [ 215.614306][ T8120] hub 1-0:1.0: 1 port detected [ 215.665921][ T8124] hub 1-0:1.0: USB hub found [ 215.672884][ T8124] hub 1-0:1.0: 1 port detected [ 216.053499][ T8091] bridge0: port 1(bridge_slave_0) entered blocking state [ 216.060894][ T8091] bridge0: port 1(bridge_slave_0) entered disabled state [ 216.068149][ T8091] bridge_slave_0: entered allmulticast mode [ 216.076615][ T8091] bridge_slave_0: entered promiscuous mode [ 216.089190][ T8091] bridge0: port 2(bridge_slave_1) entered blocking state [ 216.097727][ T8091] bridge0: port 2(bridge_slave_1) entered disabled state [ 216.105616][ T8091] bridge_slave_1: entered allmulticast mode [ 216.113414][ T8091] bridge_slave_1: entered promiscuous mode [ 216.149446][ T8091] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 216.163481][ T8091] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 216.202998][ T8091] team0: Port device team_slave_0 added [ 216.212115][ T8091] team0: Port device team_slave_1 added [ 216.244501][ T8091] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 216.252299][ T8091] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 216.279651][ T8091] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 216.294328][ T8091] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 216.302678][ T8091] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 216.328965][ T8091] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 216.383029][ T8091] hsr_slave_0: entered promiscuous mode [ 216.389476][ T8091] hsr_slave_1: entered promiscuous mode [ 216.396369][ T8091] debugfs: 'hsr0' already exists in 'hsr' [ 216.404067][ T8091] Cannot create hsr debugfs directory [ 216.887975][ T5640] Bluetooth: hci3: command 0x0406 tx timeout [ 216.888016][ T50] Bluetooth: hci1: command 0x0406 tx timeout [ 216.895307][ T5640] Bluetooth: hci0: command 0x0406 tx timeout [ 216.906556][ T5630] Bluetooth: hci5: command tx timeout [ 216.906575][ T50] Bluetooth: hci2: command 0x2016 tx timeout [ 217.023398][ T8091] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 217.036945][ T8091] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 217.050689][ T8091] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 217.062247][ T8091] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 217.070857][ T8091] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 217.082199][ T8091] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 217.090641][ T8091] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 217.106829][ T8091] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 217.244710][ T8091] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.269820][ T8091] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.286612][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.293870][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.312365][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 217.319574][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 217.931470][ T8091] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 218.217816][ T8091] veth0_vlan: entered promiscuous mode [ 218.230307][ T8091] veth1_vlan: entered promiscuous mode [ 218.268094][ T8091] veth0_macvtap: entered promiscuous mode [ 218.279782][ T8091] veth1_macvtap: entered promiscuous mode [ 218.301528][ T8091] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 218.317155][ T8091] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 218.335172][ T81] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.344782][ T81] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.362281][ T81] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.374317][ T81] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 218.465927][ T1174] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.474473][ T1174] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.539356][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 218.578166][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 218.961430][ T5644] Bluetooth: hci5: command tx timeout [ 220.568334][ T8192] syz.4.813 (8192) used greatest stack depth: 18880 bytes left [ 221.042590][ T5644] Bluetooth: hci5: command tx timeout [ 222.747539][ T8227] netlink: 206 bytes leftover after parsing attributes in process `syz.2.826'. [ 223.124190][ T5644] Bluetooth: hci5: command tx timeout [ 223.719778][ T8248] netlink: 12 bytes leftover after parsing attributes in process `syz.2.831'. [ 228.666373][ T8315] hub 1-0:1.0: USB hub found [ 228.716173][ T8315] hub 1-0:1.0: 1 port detected [ 228.813263][ T8319] hub 1-0:1.0: USB hub found [ 228.825660][ T8319] hub 1-0:1.0: 1 port detected [ 233.230932][ T8377] netlink: 12 bytes leftover after parsing attributes in process `syz.5.865'. [ 237.066627][ T5644] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 239.131998][ T5644] Bluetooth: hci0: command 0x0406 tx timeout [ 240.367652][ T8458] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 241.214478][ T5641] Bluetooth: hci0: command 0x0406 tx timeout [ 245.343659][ T8535] netlink: 330 bytes leftover after parsing attributes in process `syz.0.914'. [ 245.401828][ T8537] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 246.246424][ T8547] netlink: 146 bytes leftover after parsing attributes in process `syz.0.918'. [ 247.838562][ T8575] netlink: 25 bytes leftover after parsing attributes in process `syz.5.920'. [ 248.440565][ T8584] zswap: compressor 000 not available [ 249.042195][ T8605] netlink: 162 bytes leftover after parsing attributes in process `syz.0.928'. [ 249.747110][ T8618] netlink: 186 bytes leftover after parsing attributes in process `syz.5.933'. [ 249.802956][ T8620] netlink: 330 bytes leftover after parsing attributes in process `syz.2.932'. [ 254.106691][ T8693] ubi: mtd0 is already attached to ubi0 [ 255.781088][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.787606][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.274578][ T8750] ubi: mtd0 is already attached to ubi0 [ 258.119402][ T30] audit: type=1800 audit(1779313232.007:5): pid=8764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.969" name="file0" dev="tmpfs" ino=1311 res=0 errno=0 [ 260.648327][ T5644] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 261.842477][ T30] audit: type=1800 audit(1779313235.725:6): pid=8824 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.987" name="file0" dev="tmpfs" ino=371 res=0 errno=0 [ 262.663232][ T5641] Bluetooth: hci5: command 0x2016 tx timeout [ 263.739202][ T8851] ubi: mtd0 is already attached to ubi0 [ 264.746156][ T5644] Bluetooth: hci5: command 0x2016 tx timeout [ 267.798131][ T30] audit: type=1800 audit(1779313241.682:7): pid=8912 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1010" name="file0" dev="tmpfs" ino=332 res=0 errno=0 [ 268.327300][ T8916] zswap: compressor not available [ 275.983967][ T5644] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 275.993895][ T5644] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 276.008538][ T5644] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 276.018528][ T5644] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 276.029315][ T5644] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 277.044981][ T8969] bridge0: port 1(bridge_slave_0) entered blocking state [ 277.055666][ T8969] bridge0: port 1(bridge_slave_0) entered disabled state [ 277.065872][ T8969] bridge_slave_0: entered allmulticast mode [ 277.080739][ T8969] bridge_slave_0: entered promiscuous mode [ 277.092542][ T8969] bridge0: port 2(bridge_slave_1) entered blocking state [ 277.099870][ T8969] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.109115][ T8969] bridge_slave_1: entered allmulticast mode [ 277.121519][ T8969] bridge_slave_1: entered promiscuous mode [ 277.176175][ T8969] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 277.189779][ T8969] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 277.237297][ T8969] team0: Port device team_slave_0 added [ 277.248362][ T8969] team0: Port device team_slave_1 added [ 277.296887][ T8969] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 277.304080][ T8969] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 277.331771][ T8969] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 277.348320][ T8969] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 277.356838][ T8969] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 277.387515][ T8969] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 277.460549][ T8969] hsr_slave_0: entered promiscuous mode [ 277.472340][ T8969] hsr_slave_1: entered promiscuous mode [ 277.478811][ T8969] debugfs: 'hsr0' already exists in 'hsr' [ 277.485344][ T8969] Cannot create hsr debugfs directory [ 277.818185][ T8969] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 277.843962][ T8969] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 277.854063][ T8969] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 277.882343][ T8969] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 277.891679][ T8969] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 277.910360][ T8969] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 277.923183][ T8969] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 277.939624][ T8969] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 278.087558][ T8969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 278.110911][ T5644] Bluetooth: hci6: command tx timeout [ 278.127046][ T8969] 8021q: adding VLAN 0 to HW filter on device team0 [ 278.153118][ T3296] bridge0: port 1(bridge_slave_0) entered blocking state [ 278.160342][ T3296] bridge0: port 1(bridge_slave_0) entered forwarding state [ 278.215510][ T3296] bridge0: port 2(bridge_slave_1) entered blocking state [ 278.222770][ T3296] bridge0: port 2(bridge_slave_1) entered forwarding state [ 278.847480][ T8969] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 279.110789][ T8969] veth0_vlan: entered promiscuous mode [ 279.123818][ T8969] veth1_vlan: entered promiscuous mode [ 279.155976][ T8969] veth0_macvtap: entered promiscuous mode [ 279.167228][ T8969] veth1_macvtap: entered promiscuous mode [ 279.191174][ T8969] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 279.210305][ T8969] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 279.228252][ T3296] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.243165][ T3296] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.268765][ T3296] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.285869][ T3296] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 279.450350][ T3296] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.474172][ T3296] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.518283][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 279.528392][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 279.553379][ T5641] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 279.567897][ T5641] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 279.578661][ T5641] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 279.587792][ T5641] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 279.599472][ T5641] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 280.192737][ T5641] Bluetooth: hci6: command tx timeout [ 281.088601][ T9022] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.096043][ T9022] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.103399][ T9022] bridge_slave_0: entered allmulticast mode [ 281.111503][ T9022] bridge_slave_0: entered promiscuous mode [ 281.120948][ T9022] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.129742][ T9022] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.137416][ T9022] bridge_slave_1: entered allmulticast mode [ 281.145635][ T9022] bridge_slave_1: entered promiscuous mode [ 281.194876][ T9022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.211453][ T9022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 281.257581][ T9022] team0: Port device team_slave_0 added [ 281.268158][ T9022] team0: Port device team_slave_1 added [ 281.431179][ T9022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 281.440838][ T9022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.469588][ T9022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 281.495847][ T9022] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 281.503097][ T9022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 281.540868][ T9022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 281.635995][ T5641] Bluetooth: hci7: command tx timeout [ 281.698457][ T9022] hsr_slave_0: entered promiscuous mode [ 281.712440][ T9022] hsr_slave_1: entered promiscuous mode [ 281.744103][ T9022] debugfs: 'hsr0' already exists in 'hsr' [ 281.762320][ T9022] Cannot create hsr debugfs directory [ 281.820486][ T9057] futex_wake_op: syz.4.1037 tries to shift op by -2048; fix this program [ 281.853152][ T9057] futex_wake_op: syz.4.1037 tries to shift op by -2048; fix this program [ 281.879121][ T9058] 0x000000000001-0x000000020000 : "" [ 281.911097][ T9058] ftl_cs: FTL header corrupt! [ 282.273369][ T5641] Bluetooth: hci6: command tx timeout [ 282.297890][ T9022] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 282.318109][ T9022] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 282.331620][ T9022] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 282.359073][ T9022] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 282.376189][ T9022] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 282.406739][ T9022] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 282.410948][ T9065] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1039'. [ 282.424201][ T9022] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 282.441549][ T9022] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 282.456039][ T9065] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1039'. [ 282.661634][ T9022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 282.705745][ T9022] 8021q: adding VLAN 0 to HW filter on device team0 [ 282.722945][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.730205][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 282.777551][ T36] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.784836][ T36] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.713955][ T5641] Bluetooth: hci7: command tx timeout [ 283.945209][ T9022] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.354060][ T5641] Bluetooth: hci6: command tx timeout [ 284.546090][ T9022] veth0_vlan: entered promiscuous mode [ 284.581978][ T9022] veth1_vlan: entered promiscuous mode [ 284.615310][ T9112] random: crng reseeded on system resumption [ 284.642572][ T9022] veth0_macvtap: entered promiscuous mode [ 284.669223][ T9022] veth1_macvtap: entered promiscuous mode [ 284.707999][ T9022] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 284.718063][ T9112] hub 1-0:1.0: USB hub found [ 284.731705][ T9112] hub 1-0:1.0: 1 port detected [ 284.767946][ T9022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 284.820812][ T48] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.851419][ T48] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.877887][ T48] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 284.905883][ T48] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 285.072638][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.088326][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.147932][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 285.160404][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 285.347704][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 285.766974][ T5634] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 285.782390][ T5634] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 285.790895][ T5634] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 285.798303][ T4947] Bluetooth: hci7: command tx timeout [ 285.816334][ T4947] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 285.825690][ T4947] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 287.400142][ T5641] Bluetooth: hci4: command 0x2016 tx timeout [ 287.876121][ T5641] Bluetooth: hci8: command tx timeout [ 287.876406][ T5644] Bluetooth: hci7: command tx timeout [ 288.244949][ T9128] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.252655][ T9128] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.260285][ T9128] bridge_slave_0: entered allmulticast mode [ 288.269275][ T9128] bridge_slave_0: entered promiscuous mode [ 288.289884][ T9128] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.297903][ T9128] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.305264][ T9128] bridge_slave_1: entered allmulticast mode [ 288.325083][ T9128] bridge_slave_1: entered promiscuous mode [ 288.551625][ T9128] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 288.639901][ T9128] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 288.703902][ T9187] futex_wake_op: syz.6.1065 tries to shift op by -2048; fix this program [ 288.729793][ T9187] futex_wake_op: syz.6.1065 tries to shift op by -2048; fix this program [ 288.746524][ T9187] 0x000000000001-0x000000020000 : "" [ 288.799649][ T9187] ftl_cs: FTL header corrupt! [ 288.869413][ T9128] team0: Port device team_slave_0 added [ 288.892540][ T9128] team0: Port device team_slave_1 added [ 289.045543][ T9128] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 289.054215][ T9128] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 289.085650][ T9128] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 289.103582][ T9128] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 289.111248][ T9128] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 289.206139][ T9128] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 289.312448][ T9128] hsr_slave_0: entered promiscuous mode [ 289.319803][ T9128] hsr_slave_1: entered promiscuous mode [ 289.328837][ T9128] debugfs: 'hsr0' already exists in 'hsr' [ 289.334744][ T9128] Cannot create hsr debugfs directory [ 289.479642][ T5644] Bluetooth: hci4: command 0x2016 tx timeout [ 289.957485][ T4947] Bluetooth: hci8: command tx timeout [ 290.178980][ T9128] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 290.231208][ T9128] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 290.249939][ T9128] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 290.292367][ T9128] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 290.312579][ T9128] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 290.350148][ T9128] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 290.386563][ T9128] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 290.414855][ T9128] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 290.623914][ T9211] netlink: 346 bytes leftover after parsing attributes in process `syz.4.1069'. [ 290.811847][ T9128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 290.934939][ T9128] 8021q: adding VLAN 0 to HW filter on device team0 [ 291.195571][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 291.202888][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 291.284313][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 291.291598][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 291.423735][ T9231] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 291.469326][ T9231] FAULT_INJECTION: forcing a failure. [ 291.469326][ T9231] name failslab, interval 1, probability 0, space 0, times 0 [ 291.509159][ T9231] CPU: 1 UID: 0 PID: 9231 Comm: syz.6.1076 Tainted: G L syzkaller #0 PREEMPT(full) [ 291.509208][ T9231] Tainted: [L]=SOFTLOCKUP [ 291.509220][ T9231] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 291.509237][ T9231] Call Trace: [ 291.509248][ T9231] [ 291.509259][ T9231] dump_stack_lvl+0x100/0x190 [ 291.509312][ T9231] should_fail_ex.cold+0x5/0xa [ 291.509350][ T9231] should_failslab+0xc2/0x120 [ 291.509391][ T9231] __kmalloc_cache_noprof+0x7a/0x6f0 [ 291.509438][ T9231] ? apply_subsystem_event_filter+0x444/0x17b0 [ 291.509498][ T9231] apply_subsystem_event_filter+0x444/0x17b0 [ 291.509562][ T9231] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 291.509617][ T9231] ? _copy_from_user+0x59/0xd0 [ 291.509652][ T9231] subsystem_filter_write+0x95/0x120 [ 291.509701][ T9231] vfs_write+0x2aa/0x1070 [ 291.509740][ T9231] ? __pfx_subsystem_filter_write+0x10/0x10 [ 291.509793][ T9231] ? __pfx_vfs_write+0x10/0x10 [ 291.509832][ T9231] ? __fget_files+0x215/0x3d0 [ 291.509879][ T9231] ? __fget_files+0x21f/0x3d0 [ 291.509928][ T9231] ksys_write+0x12a/0x250 [ 291.509977][ T9231] ? __pfx_ksys_write+0x10/0x10 [ 291.510020][ T9231] ? rcu_is_watching+0x12/0xc0 [ 291.510065][ T9231] do_syscall_64+0x10b/0xf80 [ 291.510117][ T9231] ? clear_bhb_loop+0x40/0x90 [ 291.510158][ T9231] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 291.510192][ T9231] RIP: 0033:0x7f375739ce59 [ 291.510219][ T9231] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 291.510251][ T9231] RSP: 002b:00007f3758194028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 291.510282][ T9231] RAX: ffffffffffffffda RBX: 00007f3757615fa0 RCX: 00007f375739ce59 [ 291.510302][ T9231] RDX: 0000000000000078 RSI: 0000200000000040 RDI: 0000000000000006 [ 291.510321][ T9231] RBP: 00007f3757432d6f R08: 0000000000000000 R09: 0000000000000000 [ 291.510340][ T9231] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 291.510358][ T9231] R13: 00007f3757616038 R14: 00007f3757615fa0 R15: 00007ffff8bd5fe8 [ 291.510400][ T9231] [ 291.799641][ T9236] netlink: 338 bytes leftover after parsing attributes in process `syz.7.1077'. [ 292.037822][ T4947] Bluetooth: hci8: command tx timeout [ 292.301633][ T9245] netlink: 146 bytes leftover after parsing attributes in process `syz.7.1080'. [ 292.979971][ T9128] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 293.588968][ T9128] veth0_vlan: entered promiscuous mode [ 293.621627][ T9128] veth1_vlan: entered promiscuous mode [ 293.714734][ T9128] veth0_macvtap: entered promiscuous mode [ 293.741096][ T9128] veth1_macvtap: entered promiscuous mode [ 293.787609][ T9128] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 293.827383][ T9128] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 293.863231][ T3296] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 293.890414][ T3296] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.029501][ T3296] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.052438][ T3296] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 294.119030][ T4947] Bluetooth: hci8: command tx timeout [ 294.372344][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.401055][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 294.479643][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 294.512044][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 297.143046][ T4947] Bluetooth: hci7: unexpected subevent 0x01 length: 123 > 18 [ 297.766865][ T4947] Bluetooth: hci8: unexpected event 0x05 length: 6 > 4 [ 297.903723][ T9341] netlink: 'syz.6.1099': attribute type 33 has an invalid length. [ 297.925696][ T9341] netlink: 322 bytes leftover after parsing attributes in process `syz.6.1099'. [ 299.161648][ T4947] Bluetooth: hci7: command 0x2016 tx timeout [ 300.480993][ T9372] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1111'. [ 301.253178][ T5644] Bluetooth: hci7: command 0x2016 tx timeout [ 301.703274][ T9400] netlink: 28 bytes leftover after parsing attributes in process `syz.7.1129'. [ 302.131977][ T9410] FAULT_INJECTION: forcing a failure. [ 302.131977][ T9410] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 302.173346][ T9410] CPU: 0 UID: 0 PID: 9410 Comm: syz.6.1124 Tainted: G L syzkaller #0 PREEMPT(full) [ 302.173401][ T9410] Tainted: [L]=SOFTLOCKUP [ 302.173414][ T9410] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 302.173433][ T9410] Call Trace: [ 302.173444][ T9410] [ 302.173456][ T9410] dump_stack_lvl+0x100/0x190 [ 302.173500][ T9410] should_fail_ex.cold+0x5/0xa [ 302.173543][ T9410] _copy_to_iter+0x1f3/0x1720 [ 302.173591][ T9410] ? __pfx___skb_try_recv_datagram+0x10/0x10 [ 302.173629][ T9410] ? __pfx__copy_to_iter+0x10/0x10 [ 302.173670][ T9410] ? __skb_recv_datagram+0x1b2/0x220 [ 302.173711][ T9410] simple_copy_to_iter+0x46/0x90 [ 302.173765][ T9410] __skb_datagram_iter+0x129/0x900 [ 302.173816][ T9410] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 302.173884][ T9410] skb_copy_datagram_iter+0xa5/0x270 [ 302.173935][ T9410] ? aa_sk_perm+0x309/0xaa0 [ 302.173976][ T9410] netlink_recvmsg+0x27e/0xa90 [ 302.174027][ T9410] ? __pfx_netlink_recvmsg+0x10/0x10 [ 302.174070][ T9410] ? __fget_files+0x215/0x3d0 [ 302.174109][ T9410] ? __fget_files+0x215/0x3d0 [ 302.174153][ T9410] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 302.174209][ T9410] ? __pfx_netlink_recvmsg+0x10/0x10 [ 302.174259][ T9410] sock_recvmsg+0x1a4/0x1f0 [ 302.174315][ T9410] __sys_recvfrom+0x200/0x300 [ 302.174356][ T9410] ? __pfx___sys_recvfrom+0x10/0x10 [ 302.174407][ T9410] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 302.174447][ T9410] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 302.174514][ T9410] __x64_sys_recvfrom+0xe0/0x1c0 [ 302.174550][ T9410] ? do_syscall_64+0x90/0xf80 [ 302.174611][ T9410] ? lockdep_hardirqs_on+0x78/0x100 [ 302.174662][ T9410] do_syscall_64+0x10b/0xf80 [ 302.174710][ T9410] ? clear_bhb_loop+0x40/0x90 [ 302.174752][ T9410] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.174786][ T9410] RIP: 0033:0x7f375735d68e [ 302.174812][ T9410] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 302.174843][ T9410] RSP: 002b:00007f3758192ee8 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 302.174874][ T9410] RAX: ffffffffffffffda RBX: 00007f37581946c0 RCX: 00007f375735d68e [ 302.174896][ T9410] RDX: 0000000000001000 RSI: 00007f3758193000 RDI: 0000000000000000 [ 302.174915][ T9410] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 302.174934][ T9410] R10: 0000000000000000 R11: 0000000000000246 R12: 00002000000020c0 [ 302.174954][ T9410] R13: 00007f3758192fb0 R14: 0000000000000013 R15: 0000000000000000 [ 302.174993][ T9410] [ 303.110423][ T9426] netlink: 25 bytes leftover after parsing attributes in process `syz.6.1131'. [ 303.183045][ T9428] FAULT_INJECTION: forcing a failure. [ 303.183045][ T9428] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 303.226382][ T9428] CPU: 1 UID: 0 PID: 9428 Comm: syz.8.1132 Tainted: G L syzkaller #0 PREEMPT(full) [ 303.226434][ T9428] Tainted: [L]=SOFTLOCKUP [ 303.226445][ T9428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 303.226464][ T9428] Call Trace: [ 303.226474][ T9428] [ 303.226486][ T9428] dump_stack_lvl+0x100/0x190 [ 303.226528][ T9428] should_fail_ex.cold+0x5/0xa [ 303.226563][ T9428] ? prepare_alloc_pages+0x16d/0x5f0 [ 303.226610][ T9428] should_fail_alloc_page+0xeb/0x140 [ 303.226652][ T9428] prepare_alloc_pages+0x1f0/0x5f0 [ 303.226703][ T9428] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 303.226761][ T9428] ? rcu_is_watching+0x12/0xc0 [ 303.226807][ T9428] ? __lock_acquire+0x4a5/0x2630 [ 303.226841][ T9428] ? css_rstat_updated+0x1ce/0x5a0 [ 303.226896][ T9428] ? __pfx_css_rstat_updated+0x10/0x10 [ 303.226952][ T9428] ? xas_create+0x1f4/0x14e0 [ 303.226982][ T9428] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 303.227054][ T9428] ? rcu_is_watching+0x12/0xc0 [ 303.227095][ T9428] ? __mod_memcg_lruvec_state+0x18c/0x5b0 [ 303.227153][ T9428] ? find_held_lock+0x2b/0x80 [ 303.227209][ T9428] ? __lock_acquire+0x4a5/0x2630 [ 303.227241][ T9428] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 303.227293][ T9428] ? policy_nodemask+0xed/0x4f0 [ 303.227336][ T9428] alloc_pages_mpol+0x1fb/0x540 [ 303.227377][ T9428] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 303.227418][ T9428] ? filemap_get_entry+0x22d/0x450 [ 303.227451][ T9428] ? filemap_get_entry+0x22d/0x450 [ 303.227490][ T9428] folio_alloc_noprof+0x22/0x250 [ 303.227536][ T9428] filemap_alloc_folio_noprof.part.0+0x377/0x450 [ 303.227587][ T9428] ? __pfx_filemap_alloc_folio_noprof.part.0+0x10/0x10 [ 303.227640][ T9428] ? rcu_is_watching+0x12/0xc0 [ 303.227684][ T9428] __filemap_get_folio_mpol+0x6a4/0xe70 [ 303.227730][ T9428] ioctx_alloc+0x7e1/0x21a0 [ 303.227795][ T9428] ? __pfx_ioctx_alloc+0x10/0x10 [ 303.227858][ T9428] __x64_sys_io_setup+0xc9/0x220 [ 303.227911][ T9428] do_syscall_64+0x10b/0xf80 [ 303.227962][ T9428] ? clear_bhb_loop+0x40/0x90 [ 303.228003][ T9428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.228046][ T9428] RIP: 0033:0x7f22b119ce59 [ 303.228072][ T9428] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 303.228104][ T9428] RSP: 002b:00007f22b1fd8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ce [ 303.228135][ T9428] RAX: ffffffffffffffda RBX: 00007f22b1415fa0 RCX: 00007f22b119ce59 [ 303.228157][ T9428] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 000000000000ffff [ 303.228177][ T9428] RBP: 00007f22b1232d6f R08: 0000000000000000 R09: 0000000000000000 [ 303.228197][ T9428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 303.228216][ T9428] R13: 00007f22b1416038 R14: 00007f22b1415fa0 R15: 00007ffe7f4431c8 [ 303.228259][ T9428] [ 304.549320][ T9458] netlink: 354 bytes leftover after parsing attributes in process `syz.4.1140'. [ 304.988377][ T9468] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1145'. [ 305.047745][ T9468] netlink: 25 bytes leftover after parsing attributes in process `syz.6.1145'. [ 307.344917][ T9518] netlink: 28 bytes leftover after parsing attributes in process `syz.8.1160'. [ 314.998839][ T9651] netlink: 330 bytes leftover after parsing attributes in process `syz.6.1206'. [ 315.250060][ T9659] netlink: 'syz.4.1208': attribute type 1 has an invalid length. [ 315.273209][ T9659] netlink: 'syz.4.1208': attribute type 6 has an invalid length. [ 315.627701][ T9666] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1210'. [ 317.254510][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.264273][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.386622][ T9688] HfR: entered promiscuous mode [ 318.494612][ T9688] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1218'. [ 318.665843][ T9688] HfR: left promiscuous mode [ 319.356634][ T9723] bridge0: port 3(bond0) entered blocking state [ 319.398271][ T9723] bridge0: port 3(bond0) entered disabled state [ 319.413197][ T9723] bond0: entered allmulticast mode [ 319.506532][ T9723] bond_slave_0: entered allmulticast mode [ 319.542395][ T9723] bond_slave_1: entered allmulticast mode [ 319.600204][ T9723] bond0: entered promiscuous mode [ 319.639050][ T9723] bond_slave_0: entered promiscuous mode [ 319.679315][ T9723] bond_slave_1: entered promiscuous mode [ 319.708161][ T9723] bridge0: port 3(bond0) entered blocking state [ 319.714665][ T9723] bridge0: port 3(bond0) entered forwarding state [ 321.318860][ T9742] netlink: 146 bytes leftover after parsing attributes in process `syz.6.1239'. [ 322.609889][ T9775] netlink: 354 bytes leftover after parsing attributes in process `syz.4.1242'. [ 323.085869][ T9777] netlink: 138 bytes leftover after parsing attributes in process `syz.4.1243'. [ 323.576270][ T9788] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 323.711344][ T9792] netlink: 4 bytes leftover after parsing attributes in process `syz.7.1247'. [ 324.093409][ T9798] netlink: 266 bytes leftover after parsing attributes in process `syz.8.1259'. [ 324.114659][ T9798] IPv6: NLM_F_CREATE should be specified when creating new route [ 324.454516][ T5644] Bluetooth: hci4: command 0x2016 tx timeout [ 325.001171][ T9813] netlink: 186 bytes leftover after parsing attributes in process `syz.7.1254'. [ 325.540382][ T9825] netlink: 334 bytes leftover after parsing attributes in process `syz.8.1258'. [ 326.690342][ T9846] FAULT_INJECTION: forcing a failure. [ 326.690342][ T9846] name fail_futex, interval 1, probability 0, space 0, times 0 [ 326.720485][ T9846] CPU: 0 UID: 0 PID: 9846 Comm: syz.8.1267 Tainted: G L syzkaller #0 PREEMPT(full) [ 326.720533][ T9846] Tainted: [L]=SOFTLOCKUP [ 326.720543][ T9846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 326.720566][ T9846] Call Trace: [ 326.720577][ T9846] [ 326.720587][ T9846] dump_stack_lvl+0x100/0x190 [ 326.720625][ T9846] should_fail_ex.cold+0x5/0xa [ 326.720672][ T9846] get_futex_key+0x1d2/0x1510 [ 326.720703][ T9846] ? __pfx_get_futex_key+0x10/0x10 [ 326.720730][ T9846] ? __pfx_core_sys_select+0x10/0x10 [ 326.720769][ T9846] futex_wake+0xea/0x530 [ 326.720805][ T9846] ? __pfx_futex_wake+0x10/0x10 [ 326.720843][ T9846] ? poll_select_finish+0x36e/0x670 [ 326.720873][ T9846] ? __pfx_poll_select_finish+0x10/0x10 [ 326.720911][ T9846] do_futex+0x32b/0x350 [ 326.720945][ T9846] ? __pfx_do_futex+0x10/0x10 [ 326.720995][ T9846] __x64_sys_futex+0x34f/0x4d0 [ 326.721036][ T9846] ? __pfx___x64_sys_futex+0x10/0x10 [ 326.721074][ T9846] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 326.721124][ T9846] ? syscall_user_dispatch+0x76/0x130 [ 326.721164][ T9846] do_syscall_64+0x10b/0xf80 [ 326.721220][ T9846] ? clear_bhb_loop+0x40/0x90 [ 326.721260][ T9846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.721293][ T9846] RIP: 0033:0x7f22b119ce59 [ 326.721317][ T9846] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 326.721348][ T9846] RSP: 002b:00007f22b1fd80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 326.721384][ T9846] RAX: ffffffffffffffda RBX: 00007f22b1415fa8 RCX: 00007f22b119ce59 [ 326.721405][ T9846] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f22b1415fac [ 326.721425][ T9846] RBP: 00007f22b1415fa0 R08: 0000000000000001 R09: 0000000000000000 [ 326.721443][ T9846] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 326.721461][ T9846] R13: 00007f22b1416038 R14: 00007ffe7f4430e0 R15: 00007ffe7f4431c8 [ 326.721500][ T9846] [ 328.896453][ T9884] FAULT_INJECTION: forcing a failure. [ 328.896453][ T9884] name fail_futex, interval 1, probability 0, space 0, times 0 [ 328.912138][ T9884] CPU: 1 UID: 0 PID: 9884 Comm: syz.6.1288 Tainted: G L syzkaller #0 PREEMPT(full) [ 328.912190][ T9884] Tainted: [L]=SOFTLOCKUP [ 328.912201][ T9884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 328.912222][ T9884] Call Trace: [ 328.912232][ T9884] [ 328.912244][ T9884] dump_stack_lvl+0x100/0x190 [ 328.912287][ T9884] should_fail_ex.cold+0x5/0xa [ 328.912331][ T9884] get_futex_key+0x1d2/0x1510 [ 328.912380][ T9884] ? __pfx_get_futex_key+0x10/0x10 [ 328.912411][ T9884] ? futex_hash+0x211/0x370 [ 328.912450][ T9884] ? __pfx_clockevents_program_event+0x10/0x10 [ 328.912497][ T9884] futex_wake+0xea/0x530 [ 328.912545][ T9884] ? __pfx_futex_wake+0x10/0x10 [ 328.912595][ T9884] ? irqentry_exit+0x24d/0x7e0 [ 328.912658][ T9884] do_futex+0x32b/0x350 [ 328.912696][ T9884] ? __pfx_do_futex+0x10/0x10 [ 328.912736][ T9884] ? __pfx_bpf_lsm_task_prctl+0x10/0x10 [ 328.912787][ T9884] __x64_sys_futex+0x34f/0x4d0 [ 328.912832][ T9884] ? __pfx___x64_sys_futex+0x10/0x10 [ 328.912869][ T9884] ? __pfx___do_sys_prctl+0x10/0x10 [ 328.912904][ T9884] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 328.912959][ T9884] ? syscall_user_dispatch+0x76/0x130 [ 328.913003][ T9884] do_syscall_64+0x10b/0xf80 [ 328.913055][ T9884] ? clear_bhb_loop+0x40/0x90 [ 328.913097][ T9884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 328.913132][ T9884] RIP: 0033:0x7f375739ce59 [ 328.913158][ T9884] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 328.913190][ T9884] RSP: 002b:00007f37581940e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 328.913222][ T9884] RAX: ffffffffffffffda RBX: 00007f3757615fa8 RCX: 00007f375739ce59 [ 328.913244][ T9884] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3757615fac [ 328.913265][ T9884] RBP: 00007f3757615fa0 R08: 0000000000000001 R09: 0000000000000000 [ 328.913286][ T9884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.913305][ T9884] R13: 00007f3757616038 R14: 00007ffff8bd5f00 R15: 00007ffff8bd5fe8 [ 328.913349][ T9884] [ 329.255591][ T9890] bridge0: port 3(bond0) entered blocking state [ 329.262720][ T9890] bridge0: port 3(bond0) entered disabled state [ 329.270021][ T9890] bond0: entered allmulticast mode [ 329.275228][ T9890] bond_slave_0: entered allmulticast mode [ 329.284106][ T9890] bond_slave_1: entered allmulticast mode [ 329.293172][ T9890] bond0: entered promiscuous mode [ 329.298354][ T9890] bond_slave_0: entered promiscuous mode [ 329.306004][ T9890] bond_slave_1: entered promiscuous mode [ 329.313494][ T9890] bridge0: port 3(bond0) entered blocking state [ 329.319936][ T9890] bridge0: port 3(bond0) entered forwarding state [ 329.545712][ T4947] Bluetooth: hci6: ISO packet for unknown connection handle 0 [ 330.855978][ T9919] netlink: 266 bytes leftover after parsing attributes in process `syz.7.1293'. [ 330.875214][ T9919] IPv6: NLM_F_CREATE should be specified when creating new route [ 331.338335][ T31] INFO: task syz.3.614:7535 blocked for more than 143 seconds. [ 331.346512][ T31] Tainted: G L syzkaller #0 [ 331.369034][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 331.380808][ T31] task:syz.3.614 state:D stack:25400 pid:7535 tgid:7533 ppid:5635 task_flags:0x400040 flags:0x00080002 [ 331.413181][ T31] Call Trace: [ 331.425257][ T31] [ 331.434651][ T31] __schedule+0x1295/0x67a0 [ 331.449735][ T31] ? __pfx___schedule+0x10/0x10 [ 331.467462][ T31] ? find_held_lock+0x2b/0x80 [ 331.481571][ T31] ? schedule+0x2bf/0x390 [ 331.493736][ T31] schedule+0xdd/0x390 [ 331.511749][ T31] schedule_preempt_disabled+0x13/0x30 [ 331.520284][ T31] __mutex_lock+0xced/0x1b10 [ 331.537536][ T31] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 331.557597][ T31] ? __kmalloc_node_track_caller_noprof+0x321/0x850 [ 331.569307][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 331.583941][ T31] ? kmalloc_reserve+0xf9/0x350 [ 331.597807][ T31] ? skb_put+0x138/0x180 [ 331.607777][ T31] ? __nlmsg_put+0x152/0x1c0 [ 331.617818][ T31] ? nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 331.637899][ T31] nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 331.647829][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1e5/0x2f0 [ 331.670055][ T31] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1ef/0x2f0 [ 331.687636][ T31] genl_family_rcv_msg_doit+0x214/0x300 [ 331.707599][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 331.716295][ T31] ? genl_get_cmd+0x3e7/0x760 [ 331.729217][ T31] ? __dev_queue_xmit+0xa10/0x4950 [ 331.747731][ T31] ? __radix_tree_lookup+0x217/0x2b0 [ 331.753349][ T31] genl_rcv_msg+0x560/0x800 [ 331.763150][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.778037][ T31] ? __pfx_nfsd_nl_listener_get_doit+0x10/0x10 [ 331.789829][ T31] netlink_rcv_skb+0x159/0x420 [ 331.800890][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 331.821021][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 331.826463][ T31] ? netlink_deliver_tap+0x1ae/0xcc0 [ 331.837862][ T31] genl_rcv+0x28/0x40 [ 331.846573][ T31] netlink_unicast+0x585/0x850 [ 331.857796][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 331.874168][ T31] netlink_sendmsg+0x8b0/0xda0 [ 331.887698][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.900261][ T31] ? __import_iovec+0x1d2/0x640 [ 331.912303][ T31] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 331.927709][ T31] ____sys_sendmsg+0x9e1/0xb70 [ 331.935069][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 331.947686][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 331.966711][ T31] ? kasan_quarantine_put+0x104/0x240 [ 331.975785][ T31] ? lockdep_hardirqs_on+0x78/0x100 [ 331.987780][ T31] ___sys_sendmsg+0x190/0x1e0 [ 331.998605][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 332.017840][ T31] ? tomoyo_path_number_perm+0x188/0x580 [ 332.023671][ T31] __sys_sendmsg+0x170/0x220 [ 332.031818][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 332.046538][ T31] ? kcov_ioctl+0x16a/0x720 [ 332.059058][ T31] ? rcu_is_watching+0x12/0xc0 [ 332.067345][ T31] ? kcov_ioctl+0x16a/0x720 [ 332.082797][ T31] ? rcu_is_watching+0x12/0xc0 [ 332.104063][ T31] do_syscall_64+0x10b/0xf80 [ 332.126911][ T31] ? clear_bhb_loop+0x40/0x90 [ 332.155267][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.187302][ T31] RIP: 0033:0x7f3e64f9ce59 [ 332.203225][ T31] RSP: 002b:00007f3e631f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 332.221189][ T31] RAX: ffffffffffffffda RBX: 00007f3e65216090 RCX: 00007f3e64f9ce59 [ 332.257872][ T31] RDX: 0000000000000050 RSI: 0000200000000140 RDI: 0000000000000004 [ 332.275939][ T31] RBP: 00007f3e65032d6f R08: 0000000000000000 R09: 0000000000000000 [ 332.299682][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 332.314044][ T31] R13: 00007f3e65216128 R14: 00007f3e65216090 R15: 00007ffe813374c8 [ 332.322422][ T31] [ 332.325641][ T31] [ 332.325641][ T31] Showing all locks held in the system: [ 332.333678][ T31] 2 locks held by kworker/u8:1/13: [ 332.339274][ T31] #0: ffff88801eba4940 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 332.350343][ T31] #1: ffffc90000127d08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 332.365654][ T31] 1 lock held by khungtaskd/31: [ 332.394527][ T31] #0: ffffffff8e7e5420 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 332.404835][ T31] 2 locks held by kworker/u8:5/81: [ 332.410478][ T31] #0: ffff88801eba4940 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x12d6/0x1980 [ 332.421534][ T31] #1: ffffc900020afd08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x973/0x1980 [ 332.433473][ T31] 2 locks held by getty/5387: [ 332.438455][ T31] #0: ffff88802e9110a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 332.448690][ T31] #1: ffffc900032332e8 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x14f0 [ 332.460022][ T31] 2 locks held by syz-executor/5628: [ 332.465536][ T31] #0: ffff88807bf000d8 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 332.479794][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 332.489880][ T31] 2 locks held by syz-executor/5632: [ 332.495242][ T31] #0: ffff888027c360d8 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 332.507082][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 332.518098][ T31] 2 locks held by syz-executor/5636: [ 332.523455][ T31] #0: ffff8880774100d8 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 332.534229][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 332.545304][ T31] 2 locks held by syz.3.614/7534: [ 332.550706][ T31] #0: ffffffff906bf148 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 332.561048][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_set_doit+0xd5/0x1a80 [ 332.571422][ T31] 2 locks held by syz.3.614/7535: [ 332.576546][ T31] #0: ffffffff906bf148 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 332.587085][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_listener_get_doit+0x13e/0x7b0 [ 332.597375][ T31] 2 locks held by syz-executor/8091: [ 332.602751][ T31] #0: ffff888040a980d8 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 332.613225][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 332.633778][ T31] 2 locks held by syz-executor/8969: [ 332.639884][ T31] #0: ffff8880341120d8 (&type->s_umount_key#53){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 332.651719][ T31] #1: ffffffff8ec62340 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 332.664068][ T31] 1 lock held by syz-executor/9128: [ 332.670582][ T31] #0: ffffffff8e7f0f68 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 332.681064][ T31] 1 lock held by syz.4.1301/9936: [ 332.692223][ T31] #0: ffffffff8e7f0f68 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 332.704508][ T31] [ 332.706908][ T31] ============================================= [ 332.706908][ T31] [ 332.715813][ T31] NMI backtrace for cpu 0 [ 332.715835][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 332.715873][ T31] Tainted: [L]=SOFTLOCKUP [ 332.715882][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 332.715899][ T31] Call Trace: [ 332.715909][ T31] [ 332.715918][ T31] dump_stack_lvl+0x100/0x190 [ 332.715954][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 332.715990][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 332.716029][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 332.716070][ T31] sys_info+0x141/0x190 [ 332.716100][ T31] watchdog+0xcb1/0x1030 [ 332.716149][ T31] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 332.716192][ T31] ? __pfx_watchdog+0x10/0x10 [ 332.716235][ T31] ? __kthread_parkme+0x18c/0x230 [ 332.716279][ T31] ? kthread+0x13a/0x450 [ 332.716302][ T31] ? __pfx_watchdog+0x10/0x10 [ 332.716341][ T31] kthread+0x370/0x450 [ 332.716366][ T31] ? __pfx_kthread+0x10/0x10 [ 332.716393][ T31] ret_from_fork+0x72b/0xd50 [ 332.716426][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 332.716460][ T31] ? __switch_to+0x800/0x1100 [ 332.716519][ T31] ? __switch_to_asm+0x39/0x70 [ 332.716560][ T31] ? __pfx_kthread+0x10/0x10 [ 332.716590][ T31] ret_from_fork_asm+0x1a/0x30 [ 332.716650][ T31] [ 332.716661][ T31] Sending NMI from CPU 0 to CPUs 1: [ 332.859857][ C1] NMI backtrace for cpu 1 [ 332.859879][ C1] CPU: 1 UID: 0 PID: 5637 Comm: kworker/1:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 332.859916][ C1] Tainted: [L]=SOFTLOCKUP [ 332.859925][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 332.859945][ C1] Workqueue: wg-crypt-wg0 wg_packet_tx_worker [ 332.859986][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0xb/0x70 [ 332.860023][ C1] Code: 60 00 be 03 00 00 00 5b e9 92 66 ef 02 66 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 65 8b 05 a5 b3 02 12 <48> 8b 34 24 65 48 8b 15 81 b3 02 12 a9 00 01 ff 00 74 1b f6 c4 01 [ 332.860047][ C1] RSP: 0018:ffffc90003e2f830 EFLAGS: 00000202 [ 332.860063][ C1] RAX: 0000000080000401 RBX: 0000000000000001 RCX: ffffffff89a98613 [ 332.860079][ C1] RDX: 0000000000000001 RSI: 0000000000000003 RDI: ffff888036813d80 [ 332.860093][ C1] RBP: ffff888045824300 R08: 0000000000000005 R09: 0000000000000003 [ 332.860107][ C1] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000000 [ 332.860121][ C1] R13: ffff88802bc9cdc0 R14: ffff888045824308 R15: dffffc0000000000 [ 332.860137][ C1] FS: 0000000000000000(0000) GS:ffff888124474000(0000) knlGS:0000000000000000 [ 332.860158][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 332.860173][ C1] CR2: 0000001b30f06ff8 CR3: 0000000036a84000 CR4: 00000000003526f0 [ 332.860188][ C1] Call Trace: [ 332.860195][ C1] [ 332.860203][ C1] nf_hook_slow+0xee/0x220 [ 332.860239][ C1] ip6_output+0x611/0xa60 [ 332.860262][ C1] ? __pfx_ip6_output+0x10/0x10 [ 332.860286][ C1] ? __pfx_ip6_finish_output+0x10/0x10 [ 332.860309][ C1] ? csum_ipv6_magic+0x295/0x320 [ 332.860334][ C1] ? __pfx_ip6_output+0x10/0x10 [ 332.860355][ C1] ip6_local_out+0xcb/0x1f0 [ 332.860381][ C1] udp_tunnel6_xmit_skb+0x8ae/0xf20 [ 332.860416][ C1] send6+0x4bc/0xc40 [ 332.860455][ C1] ? __pfx_send6+0x10/0x10 [ 332.860499][ C1] wg_socket_send_skb_to_peer+0xf6/0x210 [ 332.860545][ C1] wg_packet_tx_worker+0x199/0x7f0 [ 332.860583][ C1] process_one_work+0xa0e/0x1980 [ 332.860613][ C1] ? __pfx_process_one_work+0x10/0x10 [ 332.860641][ C1] ? __pfx_wg_packet_tx_worker+0x10/0x10 [ 332.860678][ C1] worker_thread+0x5ef/0xe50 [ 332.860704][ C1] ? __pfx_worker_thread+0x10/0x10 [ 332.860727][ C1] ? kthread+0x13a/0x450 [ 332.860746][ C1] ? __pfx_worker_thread+0x10/0x10 [ 332.860768][ C1] kthread+0x370/0x450 [ 332.860787][ C1] ? __pfx_kthread+0x10/0x10 [ 332.860807][ C1] ret_from_fork+0x72b/0xd50 [ 332.860834][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 332.860859][ C1] ? __switch_to+0x800/0x1100 [ 332.860890][ C1] ? __switch_to_asm+0x39/0x70 [ 332.860920][ C1] ? __pfx_kthread+0x10/0x10 [ 332.860941][ C1] ret_from_fork_asm+0x1a/0x30 [ 332.860998][ C1] [ 333.143458][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 333.150372][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 333.161097][ T31] Tainted: [L]=SOFTLOCKUP [ 333.165447][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 333.175552][ T31] Call Trace: [ 333.178996][ T31] [ 333.181957][ T31] dump_stack_lvl+0x100/0x190 [ 333.186683][ T31] vpanic+0x552/0x970 [ 333.190720][ T31] ? __pfx_vpanic+0x10/0x10 [ 333.195276][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 333.201497][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 333.207709][ T31] panic+0xd1/0xe0 [ 333.211467][ T31] ? __pfx_panic+0x10/0x10 [ 333.215929][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 333.222134][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 333.228365][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 333.234565][ T31] ? watchdog.cold+0x1ec/0x234 [ 333.239383][ T31] ? watchdog+0xcc1/0x1030 [ 333.243885][ T31] watchdog.cold+0x1fd/0x234 [ 333.248527][ T31] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 333.254394][ T31] ? __pfx_watchdog+0x10/0x10 [ 333.259137][ T31] ? __kthread_parkme+0x18c/0x230 [ 333.264218][ T31] ? kthread+0x13a/0x450 [ 333.268494][ T31] ? __pfx_watchdog+0x10/0x10 [ 333.273249][ T31] kthread+0x370/0x450 [ 333.277364][ T31] ? __pfx_kthread+0x10/0x10 [ 333.281998][ T31] ret_from_fork+0x72b/0xd50 [ 333.286643][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 333.291811][ T31] ? __switch_to+0x800/0x1100 [ 333.296543][ T31] ? __switch_to_asm+0x39/0x70 [ 333.301368][ T31] ? __pfx_kthread+0x10/0x10 [ 333.305997][ T31] ret_from_fork_asm+0x1a/0x30 [ 333.310841][ T31] [ 333.314065][ T31] Kernel Offset: disabled [ 333.318400][ T31] Rebooting in 86400 seconds..