last executing test programs: 9.052989869s ago: executing program 1 (id=949): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r1, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0x2c, r2, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x1021}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8000, 0x0) 8.00640393s ago: executing program 1 (id=955): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000200)='/proc/meminfo\x00', 0x2800, 0x0) sendfile$auto(0x2, 0x3, &(0x7f0000000040)=0x80, 0xc3e0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_gtp(&(0x7f0000001040), 0xffffffffffffffff) sendmsg$auto_GTP_CMD_GETPDP(r0, &(0x7f0000001140)={0x0, 0x0, &(0x7f0000001100)={&(0x7f0000000280)=ANY=[@ANYRES64=r0, @ANYRES32=r1, @ANYBLOB="01002cbd70ffffdbdf2502000000080002000800"], 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x24040814) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @rand_addr=0x64010100}, 0x1c) listen$auto(0x3, 0x81) r2 = eventfd2$auto(0x7ff, 0xffffffff) r3 = ioctl$auto_TUNGETVNETHDRSZ2(r2, 0x800454d7, &(0x7f0000000040)) close_range$auto(r3, r2, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020089, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x28f, 0x3, 0x3fd6, 0x200000000003, 0x7fffffffaffd) brk$auto(0x7fffffffafff) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_TCFLSH2(r3, 0x540b, &(0x7f0000000080)="284c996e2e836f9043fe476eb7f17717cb4f341d87fd0fe3519c5bc38dd1220387b5721afa0afa0abfeb373ca83c8a119d3ec1285cbef565e8d18526e72b68ac3e3e7a107e6f7b792bc7d82f7d13054ca0f03d71c7d09a43906bd35452ad08251b7b1cc549a1a417cc7a1d") madvise$auto(0xe79, 0x0, 0xfffffff9) accept$auto(0x3, 0x0, 0x0) r4 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x9, 0x7) setsockopt$auto(r4, 0x9, 0x8, &(0x7f0000000000)='\x00', 0xfffffffe) syz_genetlink_get_family_id$auto_nlbl_cipsov4(&(0x7f0000000140), r4) 5.815487205s ago: executing program 0 (id=962): setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) shmctl$auto_IPC_SET(0x4, 0x1, &(0x7f0000000280)={{0x80, 0xee00, 0xee00, 0xca6d, 0x8, 0x4bd6, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x1, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x9, 0x0, &(0x7f0000000140)="4f0d6995e943b6bc", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815abade214708a4ade77c6faa2f2889ca3e7989f32645dd597a3ae1b46e8d8c7e03ae6b8aaa49f6bf64"}) process_mrelease$auto(0xffffffffffffffff, 0xa) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0xb, 0x1, 0x0, 0x1, 0x1) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60143, 0x0) add_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000001c80)='\\\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) mkdir$auto(0x0, 0xff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x28080, 0x0) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec4\x00', 0x800, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5404de9641f0000000060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) ioctl$auto_CEC_TRANSMIT(r3, 0xc0386105, &(0x7f0000000000)={0x6, 0x3, 0x7, 0x4, 0x2, 0x7fffffff, "9b2189084142725dff0d933475a77466", 0xb, 0x5, 0x40, 0x5, 0x2, 0x4, 0x2}) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r2, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) fsconfig$auto(0xffffffffffffffff, 0x2, &(0x7f0000000180)='\x00', &(0x7f0000000580)="10ab6b39a25e5d9c4947936e05c1ebf9895356b0a5fc915241b26bebe1bf3648ecb6260c4d40bcaaf9620450e0f236d9cf2e9bfa15663032904f14a0bfebeb6f41d8f77bd0bca982dfe6b49e308e606721133b53711ed21bb9e1e32f4be7a7c60b1e11a84523b8f0f030b169292f0b65a26107a850d0b970a474f1e71b47e5ca3b8343ea7d7b90f3557fd5f312dc", 0x0) 5.798295161s ago: executing program 1 (id=963): mmap$auto(0x0, 0x2000d, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x10001) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000240)={0x0, 0x7}, 0x2) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/zram-control/hot_add\x00', 0x0, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f00000001c0)="352c8efa618c0bcf83a4ebdb27ec25906b0e1015b18c429fc1d7c523728754e15f334a572cad539da201096bbbc2ce7db19c429be7137d848ef31b38b0b3c7da1361fef8e0e23a77846b4e400f96eb989b4f68220f90f3df243e352f17abbc44e0cfececd72dc611200c0fc4cb84d1fc175dc31b38e002c53627c358cc121ffefc1e0f3a31c079ae368fd33dedc87d100f7f3eafc4e10d22e8e8d6c27ef8c0e1b12f18389c2473fbc695cbf8d352993273c0382ab671751b4d7bc4942acdee8681eb66d140456e01000000000000006c67926fd396c0c8b56130d7b15f8f4af2ad291a8167c8a417b4c223186e652f422d6412901803956a5fa9e7d5be14aaa9937ed9eec3b28bed7a097821f1fde88c7388ff3e003b581185248590dfc525ff65094e47bbe7b92d023c914e37d6030526c33570fc69f6e38bbdd698", 0x13c) r3 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000002640), 0x100, 0x0) ioctl$auto_USB_RAW_IOCTL_INIT(r3, 0x41015500, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video2\x00', 0x0, 0x0) unshare$auto(0x40000080) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x200, 0x0) 5.797579173s ago: executing program 2 (id=964): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x3) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x880) ioctl$auto(0xc8, 0x800454e1, 0x5c8d) mkdir$auto(&(0x7f0000000040)='./cgroup/../file0\x00', 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r5, 0x540a, 0x0) unshare$auto(0x40000080) read$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, r4, 0xb01, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000084) 4.582872857s ago: executing program 3 (id=966): bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000040)=@link_create={@prog_fd, @target_ifindex, 0xc, 0xfffffffd, @target_btf_id=0x5}, 0x8) unshare$auto(0x40000080) r0 = socket(0x29, 0x2, 0x0) read$auto(0x3, 0x0, 0x8080) openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/dri/vkms/Virtual-1/edid_override\x00', 0x220182, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/class/net/bonding_masters\x00', 0x82081, 0x0) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20000, 0x0) unshare$auto(0x6) clock_adjtime$auto(0xd, &(0x7f0000000340)={0x94e, 0x0, 0x3, 0x1, 0x5, 0x8, 0x7e, 0x0, 0x0, 0x1, 0xff80000000000000, {0x10000, 0x80000004}, 0x2, 0xf3, 0x6b, 0x0, 0x0, 0x5, 0xfffffffeffffffff, 0xfffffffe, 0x3, 0x7f, 0x8}) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(r0, 0x0, 0x40) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8000000000000000, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) syz_clone3(&(0x7f00000004c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x2000, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) timerfd_create$auto_CLOCK_BOOTTIME(0x7, 0x4001003) clone$auto(0x20003b46, 0x7, 0x0, 0x0, 0x7) ioctl$auto(0x3, 0xc060ff0b, 0xffffffffffffffff) madvise$auto(0x0, 0x200204, 0x15) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0xfffffffffffffffe, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x91}, 0x20040810) 4.530863232s ago: executing program 0 (id=967): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_IPVS_CMD_GET_SERVICE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)={0x734, 0x0, 0x4, 0x4070bd26, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DAEMON={0x71d, 0x3, 0x0, 0x1, [@typed={0x14, 0x53, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @multicast1}}, @generic="94aec91d7127b0187b358bf012ea3fa85e5dfb5696fa9a381344040d45085a8a69adc822fc599870c78bc48a261e88c2a8e4252f5b6377ca9894d967bd8b9851c65c955619334a13fa37f8c8f55e0adcef5041", @typed={0x8, 0xa9, 0x0, 0x0, @ipv4=@initdev={0xac, 0x1e, 0x1, 0x0}}, @generic="cae6daa2115d5475b94546c1a59eb39aa676883a2aa6b28fb3062af542826e47735db20ad80a46b2bedeb92ba49415782c2be5e23a00749d7d5984cb2ea98aec410d3937eff248eb127beba633e6ba620688ef86fbda6596882640df248bcfad5c84ade6a9c8107745e7f4916025aaaa278c6c4553ac98a49d6f97a073288f824e828ba570fd93804c341cab6751e8e9022b70b6cf6ee367a5d79157bed4df7f15d1b07c73864e8cc252d672e4a54f46aa28f0b2de5621025ed47436d20b3e393a1b6f2ff6168339708b", @nested={0x5e0, 0x49, 0x0, 0x1, [@nested={0x4, 0x23}, @nested={0x5d8, 0x36, 0x0, 0x1, [@nested={0x21, 0xb8, 0x0, 0x1, [@typed={0x14, 0xfd, 0x0, 0x0, @ipv6=@private1}, @nested={0x4, 0x6e}, @nested={0x4, 0x85}, @generic="86"]}, @nested={0x5ad, 0x29, 0x0, 0x1, [@typed={0x8, 0x143, 0x0, 0x0, @uid}, @typed={0x8, 0xc, 0x0, 0x0, @u32=0x53d}, @generic="06f3f15ee773298aba24165625e11f138abc9f82afde899851e0f38768071d8c70fb55747dd23c0044d767b025f03fa7efb81e270596a889ef20a952116c6a288b39dc86cdce373e27cbe34668a7ec551767f128a4a08b79b2edd73ff7112275f818a6e839ca8abb902a978a960849eb91d65f01dc9eb56f73f4fcc190e5556cbf94bb76c4997ba9fdd3ff0ac0cb2598a39627b16c7a00dbc1470ad585305042318e4362f4abcf7ced27f83d4eebb1b824a226cdab6cc4ff12b790bf79988c396b02a36d42407f8338febac27ee72ebcc54ab681b05404703043335f760f79eb5da4bfd5c77ba7e3b14845d8e600fa8fffd0ff53cae39ddc5b8ed7c86a72332219a48e4f360162894127ccf5925e4849a22ee4770801aa35773d7443b17d619f8d6c52e64bcf98cfbacc1c479b941f3c77f482cb84212d9def88b66ae088a3766bd880f82fb65e142b925691d232c2d8082969bafd470e191097098388a457c48f562ab49e134863cf1fbeb220dc3e2b0c3b8252cba1b6733df7e6832e1b84bfaf911add5a8f5cc322193ab9d57f574b6974031dbda51e05258eb1ce980af4ef7abdc71377b39b4c11e0648ba3f81b22ca8b71ac995e7897fa5d300fda3a3639a6288fa203f028b2c4237fa0e049f1b4cd0de2015845f5d68782bc66abffc951d14bf2acf15c641e5ee4e664e8e026dc0fbdc9461c2458e3f1bb8845e0712de7c38dfdc6cab65ff9ca10afc064c78426fdb3ef6735bc04d6bdf77355d4adbdb628c5216e908b829fccfd138acda02bf9545161e1650cb74972e72347ebf1a1fb8898d6f7537b2326f4cb5e3ba782a16ef4604c0a0ca2cafcff262e86c79f2ac8ccfa88502d26d2c83e27ed2f65a7b8e2812fd8da9228ab9944c3a627ba3e69af2661b0002408a1fa4ba4a80b746dc27377ceb8207402184ce3cc6b4b253fa7e38546fad0ecf4e346d109d41a7685600c566ce66bb3032d4e3ae81f5b9cc66e143b7073ab77231a08c291e8c6182426c71006296b40b85f9ca6c0e40f8535b6b0498983a79bd4eff2a9868d7c32d0986ce7f8fc5f26f238266668ba6c943923586b531fbef2eba0450ae9f8d731912a528ae95ba8328fb672b15bcf2859f001ef28a12031a8b43f3cd578baf23d03698200df46d1c395fcb2e2ff5c899a468c899e1427285d0df06991b8c00a48e680a1cb87eba1dbf1577eb5cb94c9aedaa5ba1383b0830c6e2b0b23cb1bc0e50fe8cdf6b1719052d75c4a06b36a9facc647454ed31623aa2af76665600a42bcd97ae0a3a92d342151a59083010e889417e42d4bf8c6e8d7d21643de3a5d3e7ee718b00dee00f718fa0ef3ddda8d5dbfce49ef628120857efb66fd6df89b4038dbf17b50bec33f4c2e965700a91516e29de4d6592be383fb9d7c82b6e179b98edd8120254da7414cb9d914815b55258726c0132aaf0c7413c13e4a06caf45e65af5beee3dcffb81c6a839ba23bf9d31167cbd07a198b5e985b417a9530fbaf724ba5cffc0ba279779e8ac7bf91df65f106543acdf38b382e27b35a97c964446ac0239c46675a434db5f0e12419fda17c75cd432ec84db5573beb218f658cf8903200a26e02eae53f1045e9039721f06da2c61192171f011cd4762847193e383fd8c09c96b0b57b3061746a4e89a7f6335dd402787aa180b044789a5ce13cb50b3586d88e9802d28aa1ce15690dc024dea8b0e4aa953f2e1eebc34d1bcb0af20477b0ca1e3b5cb2ad2a94aac01420567ea18a18dc00bee747ed29e1fca8b48984a5105ba4124b578613e95f4e222d9ff936c00667201e93363000ab1e5676ccaae733177f111abf774010783326269124d3c4965e578777db3773452c8b0211f7382fdcd7a484cc17f7f7e83b793f80e428fcef5880b23d4e6690344d4c0e113689733c33ca53b22a664e19c35136f87d8d198eef66254c2eeefafaca1df12f32a7c7572d89707f450dad9c7c5e8de6e9912129438e34929a7f4d1a61bd895ef3d725c7f0d9e9e39618875928"]}]}]}]}]}, 0x734}, 0x1, 0x0, 0x0, 0x90}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) splice$auto(r1, 0x0, 0xffffffffffffffff, 0x0, 0xb, 0xf) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000140)={{0x0, 0x4, &(0x7f0000000080)={0x0, 0x803}, 0x5, 0x0, 0x2, 0x8}, 0x800}, 0x10a, 0x8, 0x0) 3.550746915s ago: executing program 0 (id=968): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x1, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000004000)='/dev/audio\x00', 0x102, 0x0) ioctl$auto_SNDCTL_DSP_GETOSPACE(r3, 0x8010500c, &(0x7f0000004040)) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram2\x00', 0x200040, 0x0) mmap$auto(0x800, 0x810006, 0xffb, 0x8000000008011, r2, 0x0) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) setsockopt$auto_SO_MARK(r4, 0xc1, 0x24, &(0x7f0000000280)='#\x00', 0x25) mmap$auto(0x0, 0x400008, 0x0, 0x12, 0x2, 0x8000) r5 = socket(0x2, 0x1, 0x106) bind$auto(r5, 0x0, 0x6a) connect$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x5c) mmap$auto(0x0, 0x7, 0xdf, 0xeb1, r4, 0xd) close_range$auto(0x2, 0x8, 0x0) r6 = socket(0x5, 0xa, 0x300) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r7, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) getsockopt$auto_SO_PROTOCOL(r6, 0x9, 0x26, 0x0, 0x0) recvmsg$auto(r0, 0x0, 0xfffffff7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 2.564607332s ago: executing program 2 (id=969): socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x4, 0xdf, 0x80000000000eb1, 0x3, 0x0) sysfs$auto(0x2, 0x4, 0x0) r0 = socket(0xa, 0x5, 0x0) getsockopt$auto(r0, 0x84, 0x12, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) getsockopt$auto_SO_NO_CHECK(0xffffffffffffffff, 0xfffffffd, 0xb, &(0x7f00000001c0)='/sys/devices/virtual/net/eql/statistics/tx_carrier_errors\x00', 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@token_create={0x1}, 0x6f6) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180)='nfs\x00\x00', 0x200, &(0x7f00000001c0)) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = socket(0x2c, 0x3, 0x0) bind$auto(r1, &(0x7f0000000080)=@xdp={0x2c, 0xc, 0x0, 0x1c}, 0x6b) setsockopt$auto_SO_BROADCAST(r1, 0x5, 0x6, 0x0, 0x74) socket(0x80000000000000a, 0x2, 0x0) socket(0x18, 0x3, 0x2) sendmmsg$auto(0x3, 0x0, 0x2, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) fcntl$auto(0x0, 0x408, 0x100000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x400, 0x7ff) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 2.46572575s ago: executing program 0 (id=970): socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/admmidi2\x00', 0x240000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = socket(0x2c, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[], 0x14}}, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/pagemap\x00', 0x309801, 0x0) waitid$auto_P_PID(0x1, 0x0, &(0x7f0000000200)={@siginfo_0_0={0x87b, 0xff, 0x8, @_sigsys={&(0x7f0000000180)="a066b8e840c6311618ee915dcba2b561883f43193d2a5631fe84890200000000000000bdaea9ede3515e3e06ef5d9e26a356338ed2792d285c9166f052064c40c858589a8fc08743324746bfd929a8d9ab975df177246f1824ee62a621dc9c9b00fe", 0xffffffff, 0x7}}}, 0x1, &(0x7f0000000340)={{0x1, 0x8}, {0x8000000, 0x9}, 0xd, 0x6, 0x6, 0x1, 0x9, 0x6, 0x69, 0x3, 0x6, 0x0, 0x2, 0x37, 0x2, 0x6}) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r4 = syz_genetlink_get_family_id$auto_ovs_meter(&(0x7f0000000280), r2) sendmsg$auto_OVS_METER_CMD_SET(r1, &(0x7f0000001540)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000001500)={&(0x7f0000001480)={0x54, r4, 0x100, 0x70bd28, 0x25dfdbfc, {}, [@OVS_METER_ATTR_MAX_BANDS={0x8, 0x8, 0x2}, @OVS_METER_ATTR_CLEAR={0x4}, @OVS_METER_ATTR_ID={0x8, 0x1, 0x9}, @OVS_METER_ATTR_MAX_BANDS={0x8, 0x8, 0x7}, @OVS_METER_ATTR_USED={0xc, 0x5, 0xffffffff}, @OVS_METER_ATTR_KBPS={0x4}, @OVS_METER_ATTR_MAX_METERS={0x8, 0x7, 0x6}, @OVS_METER_ATTR_USED={0xc}]}, 0x54}, 0x1, 0x0, 0x0, 0x40000}, 0x4) r5 = socket(0x23, 0x2, 0x0) sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(r5, &(0x7f0000000100)={&(0x7f0000000000)={0x23, 0x0, 0x0, 0x1080020}, 0x1a, &(0x7f00000000c0)={&(0x7f0000000340)={0x28, 0x0, 0x20, 0x70bd29, 0x25dfdbfd}, 0x28}, 0x1, 0x0, 0x0, 0x4048800}, 0x40) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x100000000000, 0xb7c6, 0x19) r6 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x500, 0xb74, 0x66a) read$auto_proc_pid_maps_operations_internal(r6, &(0x7f0000000480)=""/4083, 0xff3) 2.345686772s ago: executing program 3 (id=971): select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9b, 0x9, 0xd, 0x250, 0x100000000, 0x2c2, 0x800002017d, 0x4, 0x40, 0xd, 0xd59, 0xfb, 0xf6d, 0x21, 0x100000005]}, 0x0, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = pidfd_open$auto(0x1, 0x0) r2 = socket(0x10, 0x3, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='!\x00\''], 0x1ac}, 0x1, 0x0, 0x0, 0x44}, 0x40090) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r3 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000080), 0x48040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0xc0106f32, 0x0) sendmsg$auto_NL802154_CMD_GET_SEC_DEV(r0, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="06000000083351e0ed0e81a4b6e28ff20a8db24cb99051f61921edc6a39062be8cf7af8bbdc3e71ed57e36136a6531117dce4d236cd36a38b2bc6cee3add28d40dff25aab243ae70cac503de894c362e0ba39b91979f9fd17f8d48d32b291fbfe36eb9226439bc9b8810e486d026", @ANYRES16=0x0, @ANYBLOB="00032abd7000fddbdf251900000008001d00", @ANYRES32=r1, @ANYBLOB="05000f0002000000"], 0x24}}, 0x850) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x1}, 0x3, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) open_by_handle_at$auto(r2, &(0x7f0000000180)={0x2c, 0x3, "eee9e5be665ae5b95dd5155da3b9a675335f6010842044248c17e2a873a772ec83b93334ad22628a97658849"}, 0x2) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="013b"], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000180), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2.111391223s ago: executing program 3 (id=972): r0 = openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000000), 0x8140, 0x0) mmap$auto(0xfffffffffffffffd, 0x400008, 0xdf, 0x9b72, r0, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xa00) unshare$auto(0x40000080) bind$auto(0x3, 0x0, 0x6a) setresuid$auto(0x0, 0x8, 0x8000) shmget$auto(0x8, 0x10564, 0x568d1aef) write$auto(0xca, 0x0, 0x7f) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto_SO_ERROR(r1, 0x7, 0x4, &(0x7f0000000040)='\x00', 0x6) setsockopt$auto(r1, 0x104000000000010e, 0x5, 0x0, 0x400) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x202080, 0x0) 1.976761984s ago: executing program 2 (id=973): mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) fsopen$auto(0x0, 0x1) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) mbind$auto(0xf5000000, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 1.709211536s ago: executing program 1 (id=974): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000080), r0) r2 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), r0) sendmsg$auto_TIPC_NL_NODE_GET(r0, &(0x7f0000000440)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000400)={&(0x7f0000000200)={0x1f0, r2, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x1dc, 0x5, 0x0, 0x1, [@generic="6cde8932d024607345953a9cd4d1fb457a5159dc744d32d8baad064f816427a1a8ef3c957740fa0d64d4cdd7f74d6c550c32a6f0d987fbea2adbcc3bafd4772b5920dc82fa618913d9c013f299925b51563a9a457cb11bf7e6f3c1aba99d4eaf67085f332a8c8e39ba003e1d6c553ea78cb93bbb8d0a8c5340f2e0baa748e82ba17c08be263b00aa51e3331af4ba171f8b80f8ed061231dc1a016a0693230d1852b2af2ec182eeded09aa9fa53a044df", @nested={0xfd, 0x75, 0x0, 0x1, [@typed={0x8, 0xaf, 0x0, 0x0, @u32=0x6}, @generic="767f9c1826818471f3878193694df6522ba3b24475e089bfd0ab625c2cbd73e44a718372b5d9b35174308d698cbbd92bbb751abb94e0c35f722fdc56576656267eed6aa6e41d79bac4418b6fcbb7f2a4d1b7104c79e3cc9782edf1c4ef5f070ab6b5b23c467019cb60c26f846d26df211f6e4228b526962b19def0fc747e1deeaed24978ea98ff0108b1c46ac092832cce5c082afdc6787bf0576cf3475b75d67409768d2b9cf9a96e29b8ee7dfdf6bf7317c28e9aafa2fde44ed40230fe430d59c5021621352e5ecc504c8f3595cd054c560954c54e32e7bd3354fd1bbe81b6de925ee7f3edcfe0df84d28ba5", @nested={0x4, 0x7d}]}, @typed={0x14, 0x14c, 0x0, 0x0, @ipv6=@private2}, @typed={0x14, 0xe5, 0x0, 0x0, @ipv6=@private1}]}]}, 0x1f0}, 0x1, 0x0, 0x0, 0x4}, 0x4000) r3 = socketpair$auto(0x1e, 0x7ff, 0x8000000000000000, 0x0) ioctl$auto(0xffffffffffffffff, 0x541c, r3) ioctl$auto_TUNSETCARRIER(r3, 0x400454e2, &(0x7f0000000100)=0x1b) sendmsg$auto_OVS_DP_CMD_NEW(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x34, r1, 0x1, 0x2070bd26, 0x25dfdbfd, {}, [@OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x4}, @OVS_DP_ATTR_NAME={0x10, 0x1, '\x00\x00\x00\x00\xf18\x88\xc58=je'}, @OVS_DP_ATTR_UPCALL_PID={0x8, 0x2, 0x9}]}, 0x34}, 0x1, 0x0, 0x0, 0x4800}, 0x80) 1.631670786s ago: executing program 2 (id=975): openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x14000, 0x0) 1.511871999s ago: executing program 3 (id=976): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), r0) r2 = syz_genetlink_get_family_id$auto_nlbl_calipso(&(0x7f0000000080), r0) sendmsg$auto_NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x44, r2, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@NLBL_CALIPSO_A_DOI={0x8, 0x1, 0xce7}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x10001}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x5}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x31eed0c}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0xfffffc22}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000001}, 0x20000184) sendmsg$auto_ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)={0x18, r1, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4104}, 0x20044050) 1.443822281s ago: executing program 1 (id=977): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.controllers\x00', 0x2, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000001100)=""/4111, 0x100f) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0xa, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x6, 0x5, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x3, 0x10000, 0x80, 0x7, 0x0, 0x8000007, 0x2000, 0x200, 0x0, 0x40084, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0xb8a0]}, 0x1fe, 0x200c) (async) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/udp\x00', 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000001080)=""/244, 0xf4) (async) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_cifs(&(0x7f0000000380), r2) r4 = socket(0x10, 0x2, 0x0) (async, rerun: 32) r5 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000001500), 0xffffffffffffffff) (rerun: 32) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r4, &(0x7f0000001640)={0x0, 0x0, &(0x7f0000001600)={&(0x7f00000015c0)={0x14, r5, 0x1, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x810) (async) sendmsg$auto_CIFS_GENL_CMD_SWN_NOTIFY(r2, &(0x7f0000000640)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000600)={&(0x7f0000000480)={0x150, r3, 0x100, 0x70bd27, 0x25dfdbfc, {}, [@CIFS_GENL_ATTR_SWN_IP={0x84, 0x4, @pppol2tpv3={0x18, 0x1, {0x0, r4, {0x2, 0x4e23, @empty}, 0x3, 0x3, 0x1, 0x1}}}, @CIFS_GENL_ATTR_SWN_REGISTRATION_ID={0x8, 0x1, 0xfffffffd}, @CIFS_GENL_ATTR_SWN_NOTIFICATION_TYPE={0x8, 0xc, 0x4}, @CIFS_GENL_ATTR_SWN_SHARE_NAME={0x15, 0x3, '\x19]-{-\'.}@{!.^-}[{'}, @CIFS_GENL_ATTR_SWN_USER_NAME={0x6, 0x9, '-}'}, @CIFS_GENL_ATTR_SWN_NET_NAME_NOTIFY={0x4}, @CIFS_GENL_ATTR_SWN_IP={0x84, 0x4, @l2={0x1f, 0x2, @any, 0x9, 0x1}}]}, 0x150}, 0x1, 0x0, 0x0, 0x4040800}, 0x20040015) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}, 0x1, 0x0, 0x0, 0x10}, 0x0) (async, rerun: 32) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) (async, rerun: 32) recvmmsg$auto(r2, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000440)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x4}, 0x9}, 0x7, 0x6, 0x0) (async, rerun: 64) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c001b"], 0x1ac}}, 0x40000) (async, rerun: 64) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) r6 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r6, 0x65, 0x3, 0x0, 0x4) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='H'], 0x1ac}}, 0x40000) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1.426856336s ago: executing program 0 (id=978): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_BLKTRACESETUP2(0xffffffffffffffff, 0xc0481273, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, 0x0) r1 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x3) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x880) ioctl$auto(0xc8, 0x800454e1, 0x5c8d) mkdir$auto(&(0x7f0000000040)='./cgroup/../file0\x00', 0x1) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x242e40, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000240)='/dev/ttyS0\x00', 0x1, 0x0) ioctl$auto(r5, 0x540a, 0x0) unshare$auto(0x40000080) read$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, r4, 0xb01, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000084) 1.414413406s ago: executing program 2 (id=979): unshare$auto(0x40000080) getsockopt$auto_SO_BSDCOMPAT(0xffffffffffffffff, 0x3, 0xe, &(0x7f00000000c0)='*\\\x00', &(0x7f0000000180)=0x40) mmap$auto(0x7, 0x810002, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(0xffffffffffffffff, 0x0, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) r0 = waitid$auto_P_ALL(0x0, 0xdb8, &(0x7f0000000000)={@_si_pad}, 0x2, &(0x7f00000001c0)={{0x4}, {0x1, 0x8001}, 0x43, 0xc55, 0x8, 0x28, 0x400, 0x5, 0x6, 0x153, 0x3, 0x85, 0x1, 0x4, 0x46a, 0x4}) mmap$auto(0x0, 0xb, 0x22, 0x91, 0xffffffffffffffff, 0x8002) socket(0x1f, 0x5, 0x0) socket(0xa, 0x5, 0xff) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r1 = pidfd_open$auto(0x1, 0x0) open_by_handle_at$auto(r1, 0x0, 0x800) prctl$auto(0x3e, 0x1, r0, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x3) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x100842, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) read$auto_snd_timer_f_ops_timer(r2, &(0x7f0000000100)=""/98, 0xfffffc67) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000000)={{0x0, 0x7fff, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r2, 0x5420, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r1, 0x5404, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC1\x00', 0x3091c0, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r3, 0xc0045516, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r3, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0f1, 0x9, 0x83, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x8}, 0x4, 0x89, 0x3, @raw=0x4cb5, @reserved="b20200a3077300f2c167afeb0a9902da3d58908ea1a8475fbd3a75d4690e48fc922df576c85b023b6deb06dbb68aec3f51e29bcc8b59d74badbdcc1ba97a2004117190c9a050186fa73f5a197762a94460d134b357b8b4d0caaf1ca142917779cef3673e637f2f5fde573fa4d4328a9ea0be7eccec0adb4f642cbb53d4faa89d", "6cc1294d63a4f1b4285654c5368de438f8cc142ef6df12bf3373a1cb04c135b3fcd0c7c61c329794e531112160cb9611c78e6947a99806b8c100"}) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) 768.598884ms ago: executing program 3 (id=980): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x4) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r1, 0x0, 0x20040000) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x111442, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x8000, 0x0) 692.832192ms ago: executing program 1 (id=981): open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x5f) unlink$auto(&(0x7f0000000040)='./file0\x00') mmap$auto(0x0, 0x2, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x4) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x1000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) write$auto(0xffffffffffffffff, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) open(0x0, 0x22240, 0x154) ioctl$auto_FIONREAD(r1, 0x541b, 0x7) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) mmap$auto(0x0, 0x20000a00006, 0x100, 0x91, 0xffffffffffffffff, 0x2ffffffffffe) mmap$auto(0x0, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, 0x0, 0x6a) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) getitimer$auto(0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto(0x3, 0x0, 0x8080) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r2, 0xaf01, 0x5) ioctl$auto(r2, 0x4008af20, r0) 96.370517ms ago: executing program 2 (id=982): setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) shmctl$auto_IPC_SET(0x4, 0x1, &(0x7f0000000280)={{0x80, 0xee00, 0xee00, 0xca6d, 0x8, 0x4bd6, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x1, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x9, 0x0, &(0x7f0000000140)="4f0d6995e943b6bc", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815abade214708a4ade77c6faa2f2889ca3e7989f32645dd597a3ae1b46e8d8c7e03ae6b8aaa49f6bf64"}) process_mrelease$auto(0xffffffffffffffff, 0xa) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r2 = prctl$auto(0xb, 0x1, 0x0, 0x1, 0x1) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r1, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60143, 0x0) add_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000001c80)='\\\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) mkdir$auto(0x0, 0xff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/audio1\x00', 0x28080, 0x0) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec4\x00', 0x800, 0x0) ioctl$auto_CEC_TRANSMIT(r3, 0xc0386105, &(0x7f0000000000)={0x6, 0x3, 0x7, 0x4, 0x2, 0x7fffffff, "9b2189084142725dff0d933475a77466", 0xb, 0x5, 0x40, 0x5, 0x2, 0x4, 0x2}) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r2, 0x8000) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x100000001, 0x4, 0x3, 0x8, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) fsconfig$auto(0xffffffffffffffff, 0x2, &(0x7f0000000180)='\x00', &(0x7f0000000580)="10ab6b39a25e5d9c4947936e05c1ebf9895356b0a5fc915241b26bebe1bf3648ecb6260c4d40bcaaf9620450e0f236d9cf2e9bfa15663032904f14a0bfebeb6f41d8f77bd0bca982dfe6b49e308e606721133b53711ed21bb9e1e32f4be7a7c60b1e11a84523b8f0f030b169292f0b65a26107a850d0b970a474f1e71b47e5ca3b8343ea7d7b90f3557fd5f312dc", 0x0) 91.331825ms ago: executing program 0 (id=983): set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0) sendmmsg$auto(0x3, 0x0, 0x400, 0x7000003) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) r0 = fanotify_init$auto(0x9, 0x3) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000280)='/proc/sys/net/ipv4/fib_multipath_hash_policy\x00', 0x2602, 0x0) write$auto(r1, &(0x7f0000000000)=']\xdc--\'+:&$//&^!&\x00', 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/rose2/operstate\x00', 0x80a42, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) mmap$auto(0x401, 0x400008, 0xe2, 0x9b70, 0x2, 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) mmap$auto(0x100000, 0x7f, 0x7, 0x9b72, 0x4, 0xfff) madvise$auto(0x0, 0x200007, 0x8) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$auto_NL802154_CMD_SET_PAN_ID(r0, &(0x7f0000000300)={&(0x7f0000000100), 0xc, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="000026bd7000ffdbdf1900f7f500f71364c059d4bbe6897ff18247b999cc2fc5ab096635b40ac2c214a1b6586a9e1b26170aa9c5c00cb09404a6ad"], 0x14}, 0x1, 0x0, 0x0, 0x2c000805}, 0x800) ioctl$auto(0x3, 0xae41, r3) r4 = ioctl$auto_KVM_CREATE_VM(r2, 0xae80, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(r4, &(0x7f0000000080)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4048005}, 0xe0d0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_register$auto(0x2, 0x1, 0x0, 0x0) r5 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000040)='/dev/media7\x00', 0x10000, 0x0) bpf$auto(0x72a, &(0x7f0000000140)=@bpf_attr_1={r5, 0x9, @next_key=0x2, 0xb54b}, 0x3) 0s ago: executing program 3 (id=984): ioctl$auto_XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000880)={{0xffffffffffffffff, 0x0, 0xc5, 0x0, 0x6, &(0x7f00000004c0)="446b081769e3b176bd009e85f5084404010ae3abc8b0961c665b7e010123fbf142831055f70eb4636634db71af3b1aa74fb6c1c48c1342e9d4556c986a8dc44d6d99cb971bcb94fc4581d7a747a31a624d2b4e4c78c4a59fee8f75a8b0f0554f6d5fb7d0cc9b9c433d0281999ef53e6870305515193d1dc9e12464e48b31ddbd5ef20860e094b0f47f7576e3740a34915560041df7368da5e3a31a504b37f99b4d", 0x0}, 0xffffffff, 0x0}) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000000000)="c80d1b5d399b3f", 0xfdef) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd7000fcdbdf252100000008000300", @ANYRES32=r3], 0x28}}, 0x40480d0) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001140), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_SET_WIPHY(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000580)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="013ee9b8be9407fc372512e233da0800030068db8a1ffb7ca0059b25a129c1e51b7b9eca4fb287e3ac136dccf35f7441c2a6ec6fdb1d93da79dfbdf0c99b2f7a806bbe9bea2f5dfe1db11b81b2c0fb392f90308bb45486cf1b5a72a3680d80b15d9a9a727ef4a027ea994bf1038af6d06e303395f75a3e551cca717178b584a930996f7c7479012d2dc35b4105000d474bcc77e0d98ef1f787373a4d2387767621adb89f651064dc0b092ce92338c0c57ab59e352c7f2fd92130ddb600000009ca13db456b069fa879f8275a894671f6b1d4ecbcf1072b934d3ae1fbc874106cb98a0fd0bae939f457100aff07168296d263dceb0c5e688787a9e9cc0dd3f8279101a5cc22399d4c2ea6e4a4a0a501de7b62ae25f927a2a5751f15df8a1b203997aca972187c66c3217f90a1b5f0d24565a9b06b773271f714d6ec47283fe465030467f0584fdf627175778672d78dcee1d5d43d01b975924f4ad87d9cf752ff49e9e630d8a4edb805552497ce1f08df478f43b7d4374c835e586cec9eec563e4e51fc46bfa4ee31bcaf1c", @ANYRES32=r7], 0x24}, 0x1, 0x1400, 0x0, 0x80}, 0x20000084) r8 = socket(0x11, 0x80003, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'gretap0\x00', 0x0}) sendto$auto(0x3, 0x0, 0x34, 0xfffffff9, &(0x7f0000000440)=@xdp={0x2c, 0xdd86, r9, 0x10}, 0x22) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'veth1_vlan\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000140)={'veth0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'veth1_to_bridge\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', 0x0}) r15 = socket$nl_generic(0x10, 0x3, 0x10) r16 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r15) r17 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r17, 0x8933, &(0x7f0000000100)={'wlan1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r15, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000740)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r16, @ANYBLOB="010027bd7080ffdbdf25100000000c00018008000100", @ANYRES32=r18, @ANYBLOB="f493348472100254101e0d7db0bccfbfab4338d7dd25497eeb88714cdf945ef6661f0b38ec0fd2cf7eeab16e54c8703b4efce1bef079ab5ae6cdac3a26f2eaa85866a82ba54ec7d02cb03f0a0fa9ccfd222279be833d188cd8700fef5073a33d2014e464"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x80000) r19 = socket(0xa, 0x2, 0x88) r20 = socket$nl_generic(0x10, 0x3, 0x10) r21 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r20, 0x8933, &(0x7f0000000080)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r22, r21, 0x8, 0x7f, r19, @relative_fd, 0x4}, 0xf) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000000440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000400)={&(0x7f0000000900)=ANY=[@ANYBLOB="f4010000", @ANYRES16=0x0, @ANYBLOB="000427bd7000fedbdf25110000002800018008000100", @ANYRES32=0x0, @ANYBLOB="08000100", @ANYRES32=r3, @ANYBLOB="1400020076657468315f766c616e0000000000003c000180140002007465616d300000000000000000000000140002006e657464657673696d3000000000000008000100", @ANYRES32=r7, @ANYBLOB="08000300040000005c000180080043009264c2fdffffff08000100", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="08000100", @ANYRES32=r11, @ANYBLOB="1400020076657468305f746f5f7465616d0000001400020076657468305f746f5f6272696467650008000100", @ANYRES32=0x0, @ANYBLOB="08000300000000000c0001800800030005000000500001800800030005000000140002006261746164763000000000000000000014000200766972745f776966693000000000000008000300ff070000140002006e657464657673696d300000000000005400018008000100", @ANYRES32=r12, @ANYBLOB="08000100", @ANYRES32=r13, @ANYBLOB="1400020064756d6d79300000000000000000000008000100", @ANYRES32=r14, @ANYBLOB="0800030000040000140002006d6163766c616e300000000000000000080003000800000014000180080003000000000008000300030000005c00018008000100", @ANYRES32=r18, @ANYBLOB="14000200627269646765300000000000000000001400020076657468305f766972745f7769666900080003000101000008000100", @ANYRES32=r22, @ANYBLOB="08000300fbffffff080003000200000008000300e0050000"], 0x1f4}, 0x1, 0x0, 0x0, 0x81}, 0x4000081) kernel console output (not intermixed with test programs): ? copy_mnt_id_req+0x1b1/0x350 [ 322.147817][ T9917] __do_sys_listmount+0x289/0xee0 [ 322.147864][ T9917] ? __pfx_do_futex+0x10/0x10 [ 322.147909][ T9917] ? __fget_files+0x21f/0x3d0 [ 322.147942][ T9917] ? __pfx___do_sys_listmount+0x10/0x10 [ 322.147995][ T9917] ? __x64_sys_openat+0x12d/0x210 [ 322.148057][ T9917] do_syscall_64+0x106/0xf80 [ 322.148089][ T9917] ? clear_bhb_loop+0x40/0x90 [ 322.148125][ T9917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.148156][ T9917] RIP: 0033:0x7faab799c819 [ 322.148182][ T9917] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.148213][ T9917] RSP: 002b:00007faab5bd5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 322.148243][ T9917] RAX: ffffffffffffffda RBX: 00007faab7c16090 RCX: 00007faab799c819 [ 322.148262][ T9917] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000080 [ 322.148281][ T9917] RBP: 00007faab7a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 322.148299][ T9917] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 322.148317][ T9917] R13: 00007faab7c16128 R14: 00007faab7c16090 R15: 00007ffc23dc64b8 [ 322.148359][ T9917] [ 322.543235][ T9917] syz.2.689: vmalloc error: size 8000000, vm_struct allocation failed, mode:0x400cc0(GFP_KERNEL_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 322.559389][ T9917] CPU: 1 UID: 0 PID: 9917 Comm: syz.2.689 Tainted: G L syzkaller #0 PREEMPT(full) [ 322.559438][ T9917] Tainted: [L]=SOFTLOCKUP [ 322.559448][ T9917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 322.559466][ T9917] Call Trace: [ 322.559477][ T9917] [ 322.559488][ T9917] dump_stack_lvl+0x100/0x190 [ 322.559542][ T9917] warn_alloc.cold+0x95/0x1c1 [ 322.559595][ T9917] ? __pfx_warn_alloc+0x10/0x10 [ 322.559638][ T9917] ? lockdep_hardirqs_on+0x78/0x100 [ 322.559673][ T9917] ? __get_vm_area_node+0x2c5/0x330 [ 322.559718][ T9917] ? __get_vm_area_node+0x208/0x330 [ 322.559761][ T9917] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 322.559802][ T9917] ? try_to_wake_up+0x644/0x1a80 [ 322.559841][ T9917] ? __do_sys_listmount+0x289/0xee0 [ 322.559900][ T9917] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 322.559949][ T9917] ? rcu_is_watching+0x12/0xc0 [ 322.560007][ T9917] __kvmalloc_node_noprof+0x3de/0xa00 [ 322.560039][ T9917] ? __do_sys_listmount+0x289/0xee0 [ 322.560085][ T9917] ? __do_sys_listmount+0x289/0xee0 [ 322.560128][ T9917] ? _copy_from_user+0x59/0xd0 [ 322.560168][ T9917] ? copy_mnt_id_req+0x1b1/0x350 [ 322.560215][ T9917] __do_sys_listmount+0x289/0xee0 [ 322.560280][ T9917] ? __pfx_do_futex+0x10/0x10 [ 322.560326][ T9917] ? __fget_files+0x21f/0x3d0 [ 322.560360][ T9917] ? __pfx___do_sys_listmount+0x10/0x10 [ 322.560419][ T9917] ? __x64_sys_openat+0x12d/0x210 [ 322.560475][ T9917] do_syscall_64+0x106/0xf80 [ 322.560506][ T9917] ? clear_bhb_loop+0x40/0x90 [ 322.560544][ T9917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 322.560575][ T9917] RIP: 0033:0x7faab799c819 [ 322.560602][ T9917] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 322.560631][ T9917] RSP: 002b:00007faab5bd5028 EFLAGS: 00000246 ORIG_RAX: 00000000000001ca [ 322.560662][ T9917] RAX: ffffffffffffffda RBX: 00007faab7c16090 RCX: 00007faab799c819 [ 322.560683][ T9917] RDX: 00000000000f4240 RSI: 0000000000000000 RDI: 0000200000000080 [ 322.560702][ T9917] RBP: 00007faab7a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 322.560721][ T9917] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 322.560739][ T9917] R13: 00007faab7c16128 R14: 00007faab7c16090 R15: 00007ffc23dc64b8 [ 322.560782][ T9917] [ 322.560793][ T9917] Mem-Info: [ 322.805045][ T9917] active_anon:42623 inactive_anon:0 isolated_anon:0 [ 322.805045][ T9917] active_file:16754 inactive_file:40962 isolated_file:0 [ 322.805045][ T9917] unevictable:768 dirty:533 writeback:0 [ 322.805045][ T9917] slab_reclaimable:11904 slab_unreclaimable:95782 [ 322.805045][ T9917] mapped:35896 shmem:32555 pagetables:1169 [ 322.805045][ T9917] sec_pagetables:0 bounce:0 [ 322.805045][ T9917] kernel_misc_reclaimable:0 [ 322.805045][ T9917] free:1276760 free_pcp:24151 free_cma:0 [ 322.851036][ T9917] Node 0 active_anon:170792kB inactive_anon:0kB active_file:67016kB inactive_file:163660kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:143384kB dirty:2132kB writeback:0kB shmem:128884kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11500kB pagetables:4556kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 322.885526][ T9917] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:188kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:120kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 322.916277][ T9917] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 322.960328][ T9917] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 322.966954][ T5824] Bluetooth: hci2: command tx timeout [ 322.991258][ T9917] Node 0 DMA32 free:1168456kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:167592kB inactive_anon:0kB active_file:67016kB inactive_file:163660kB unevictable:1536kB writepending:2132kB zspages:0kB present:3129332kB managed:2537256kB mlocked:0kB bounce:0kB free_pcp:91772kB local_pcp:43880kB free_cma:0kB [ 323.051950][ T1154] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.052871][ T9917] lowmem_reserve[]: 0 0 1 1 1 [ 323.082827][ T9917] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1052kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 323.108114][ T9872] chnl_net:caif_netlink_parms(): no params data found [ 323.140863][ T9917] lowmem_reserve[]: 0 0 0 0 0 [ 323.146831][ T9917] Node 1 Normal free:3926112kB boost:0kB min:55832kB low:69788kB high:83744kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:188kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:4676kB local_pcp:4676kB free_cma:0kB [ 323.225441][ T9917] lowmem_reserve[]: 0 0 0 0 0 [ 323.240612][ T9917] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 323.264284][ T9917] Node 0 DMA32: 10897*4kB (UME) 1507*8kB (UME) 1025*16kB (UM) 592*32kB (UME) 476*64kB (UM) 430*128kB (UM) 382*256kB (UME) 279*512kB (UME) 227*1024kB (UME) 86*2048kB (UM) 86*4096kB (UM) = 1177964kB [ 323.303514][ T1154] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 323.324182][ T9917] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 323.343029][ T9917] Node 1 Normal: 8*4kB (M) 10*8kB (M) 7*16kB (UM) 4*32kB (UM) 8*64kB (M) 4*128kB (UM) 5*256kB (UM) 1*512kB (M) 1*1024kB (U) 3*2048kB (U) 956*4096kB (UM) = 3926112kB [ 323.366407][ T5824] Bluetooth: hci0: command tx timeout [ 323.374453][ T9917] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 323.385620][ T9917] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 323.427336][ T9917] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 323.463412][ T9917] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 323.474621][ T9917] 87692 total pagecache pages [ 323.483458][ T9917] 0 pages in swap cache [ 323.513103][ T9917] Free swap = 124996kB [ 323.517323][ T9917] Total swap = 124996kB [ 323.521499][ T9917] 2097051 pages RAM [ 323.552911][ T9917] 0 pages HighMem/MovableOnly [ 323.557788][ T9917] 430859 pages reserved [ 323.561971][ T9917] 0 pages cma reserved [ 323.861853][ T1154] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 324.376188][ T9872] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.383656][ T9872] bridge0: port 1(bridge_slave_0) entered disabled state [ 324.391043][ T9872] bridge_slave_0: entered allmulticast mode [ 324.403243][ T9872] bridge_slave_0: entered promiscuous mode [ 324.534180][ T9872] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.541404][ T9872] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.563769][ T9872] bridge_slave_1: entered allmulticast mode [ 324.572047][ T9872] bridge_slave_1: entered promiscuous mode [ 324.784467][ T9872] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.840036][ T9872] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.893413][ T1154] bridge_slave_1: left allmulticast mode [ 324.904111][ T1154] bridge_slave_1: left promiscuous mode [ 324.910089][ T1154] bridge0: port 2(bridge_slave_1) entered disabled state [ 324.968075][ T1154] bridge_slave_0: left allmulticast mode [ 324.983100][ T1154] bridge_slave_0: left promiscuous mode [ 325.004425][ T1154] bridge0: port 1(bridge_slave_0) entered disabled state [ 325.043792][ T5824] Bluetooth: hci2: command tx timeout [ 325.286001][ T1154] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 325.297528][ T1154] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 325.309500][ T1154] bond0 (unregistering): Released all slaves [ 325.428490][ T9872] team0: Port device team_slave_0 added [ 325.482669][ T9872] team0: Port device team_slave_1 added [ 325.567831][ T9872] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 325.575248][ T9872] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 325.602457][ T9872] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 325.631653][ T9872] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 325.639165][ T9872] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 325.668628][ T9872] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 325.697441][ T9816] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 325.750246][ T1154] hsr_slave_0: left promiscuous mode [ 325.760830][ T1154] hsr_slave_1: left promiscuous mode [ 325.773977][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 325.781632][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 325.789858][ T1154] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 325.797373][ T1154] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 325.810104][ T1154] veth1_macvtap: left promiscuous mode [ 325.815709][ T1154] veth0_macvtap: left promiscuous mode [ 325.821246][ T1154] veth1_vlan: left promiscuous mode [ 325.826722][ T1154] veth0_vlan: left promiscuous mode [ 326.020481][ T1154] team0 (unregistering): Port device team_slave_1 removed [ 326.035341][ T1154] team0 (unregistering): Port device team_slave_0 removed [ 326.151059][ T9816] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 326.207129][ T9872] hsr_slave_0: entered promiscuous mode [ 326.213709][ T9872] hsr_slave_1: entered promiscuous mode [ 326.236614][ T9872] debugfs: 'hsr0' already exists in 'hsr' [ 326.242400][ T9872] Cannot create hsr debugfs directory [ 326.255562][ T9816] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 326.271045][ T9816] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 326.763828][ T9816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.854297][ T9816] 8021q: adding VLAN 0 to HW filter on device team0 [ 326.878222][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.885431][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.903922][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.911128][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 327.125899][ T5824] Bluetooth: hci2: command tx timeout [ 327.195947][ T9872] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 327.219567][ T9872] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 327.232884][ T9872] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 327.261988][ T9872] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 327.362816][ T9816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 327.502859][ T9816] veth0_vlan: entered promiscuous mode [ 327.529990][ T9872] 8021q: adding VLAN 0 to HW filter on device bond0 [ 327.544644][ T9816] veth1_vlan: entered promiscuous mode [ 327.584067][ T9872] 8021q: adding VLAN 0 to HW filter on device team0 [ 327.611369][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 327.618586][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 327.649124][ T127] bridge0: port 2(bridge_slave_1) entered blocking state [ 327.656386][ T127] bridge0: port 2(bridge_slave_1) entered forwarding state [ 327.720314][ T9816] veth0_macvtap: entered promiscuous mode [ 327.764023][ T9816] veth1_macvtap: entered promiscuous mode [ 327.814774][ T9816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 327.831092][ T9816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 327.853146][ T127] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.866939][ T127] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.887835][ T127] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.906931][ T127] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.063538][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 328.104823][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 328.192725][ T7413] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 328.219647][ T7413] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 328.274187][ T9872] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 328.416852][ T9872] veth0_vlan: entered promiscuous mode [ 328.443967][ T9872] veth1_vlan: entered promiscuous mode [ 328.540548][ T9872] veth0_macvtap: entered promiscuous mode [ 328.556108][ T9872] veth1_macvtap: entered promiscuous mode [ 328.593202][ T9872] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 328.679419][ T9872] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 328.740499][ T7413] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.777200][ T7413] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.850892][ T7413] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.916320][ T7413] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 328.933737][T10031] netlink: 20 bytes leftover after parsing attributes in process `syz.1.691'. [ 329.150477][ T283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 329.184532][ T283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 329.322185][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 329.356428][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 329.429525][T10043] vivid-007: ================= START STATUS ================= [ 329.477129][T10043] vivid-007: Generate PTS: true [ 329.482092][T10043] vivid-007: Generate SCR: true [ 329.548045][T10043] tpg source WxH: 320x240 (Y'CbCr) [ 329.553359][T10043] tpg field: 1 [ 329.557196][T10043] tpg crop: (0,0)/320x240 [ 329.562325][T10043] tpg compose: (0,0)/320x240 [ 329.567635][T10043] tpg colorspace: 8 [ 329.571552][T10043] tpg transfer function: 0/0 [ 329.586021][T10043] tpg Y'CbCr encoding: 0/0 [ 329.600550][T10043] tpg quantization: 0/0 [ 329.646493][T10043] tpg RGB range: 0/2 [ 329.651099][T10043] vivid-007: ================== END STATUS ================== [ 329.722014][T10042] Process accounting paused [ 330.702688][T10071] FAULT_INJECTION: forcing a failure. [ 330.702688][T10071] name failslab, interval 1, probability 0, space 0, times 0 [ 330.715560][T10071] CPU: 1 UID: 0 PID: 10071 Comm: syz.0.701 Tainted: G L syzkaller #0 PREEMPT(full) [ 330.715596][T10071] Tainted: [L]=SOFTLOCKUP [ 330.715603][T10071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 330.715614][T10071] Call Trace: [ 330.715621][T10071] [ 330.715628][T10071] dump_stack_lvl+0x100/0x190 [ 330.715660][T10071] should_fail_ex.cold+0x5/0xa [ 330.715683][T10071] should_failslab+0xc2/0x120 [ 330.715705][T10071] __kmalloc_cache_noprof+0x7a/0x6f0 [ 330.715732][T10071] ? snd_seq_timer_new+0x44/0x1b0 [ 330.715756][T10071] snd_seq_timer_new+0x44/0x1b0 [ 330.715775][T10071] snd_seq_queue_alloc+0x177/0x590 [ 330.715806][T10071] snd_seq_ioctl_create_queue+0xa9/0x370 [ 330.715828][T10071] call_seq_client_ctl+0xa3/0x130 [ 330.715854][T10071] snd_seq_kernel_client_ctl+0x77/0xd0 [ 330.715877][T10071] alloc_seq_queue+0xdb/0x180 [ 330.715901][T10071] ? __pfx_alloc_seq_queue+0x10/0x10 [ 330.715934][T10071] ? mark_held_locks+0x40/0x70 [ 330.715959][T10071] ? _raw_spin_unlock_irq+0x23/0x50 [ 330.715991][T10071] ? lockdep_hardirqs_on+0x78/0x100 [ 330.716014][T10071] snd_seq_oss_open+0x2b2/0xa10 [ 330.716041][T10071] odev_open+0x79/0xc0 [ 330.716061][T10071] ? __pfx_odev_open+0x10/0x10 [ 330.716082][T10071] soundcore_open+0x2e3/0x5a0 [ 330.716106][T10071] ? __pfx_soundcore_open+0x10/0x10 [ 330.716129][T10071] chrdev_open+0x234/0x6a0 [ 330.716149][T10071] ? __pfx_apparmor_file_open+0x10/0x10 [ 330.716170][T10071] ? __pfx_chrdev_open+0x10/0x10 [ 330.716192][T10071] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 330.716218][T10071] do_dentry_open+0x6d8/0x1660 [ 330.716246][T10071] ? __pfx_chrdev_open+0x10/0x10 [ 330.716272][T10071] vfs_open+0x82/0x3f0 [ 330.716298][T10071] path_openat+0x208c/0x31a0 [ 330.716327][T10071] ? __pfx_path_openat+0x10/0x10 [ 330.716356][T10071] do_file_open+0x20e/0x430 [ 330.716379][T10071] ? __pfx_do_file_open+0x10/0x10 [ 330.716415][T10071] ? alloc_fd+0x476/0x790 [ 330.716437][T10071] ? do_getname+0x191/0x390 [ 330.716464][T10071] do_sys_openat2+0x10d/0x1e0 [ 330.716496][T10071] ? __pfx_do_sys_openat2+0x10/0x10 [ 330.716550][T10071] __x64_sys_openat+0x12d/0x210 [ 330.716589][T10071] ? __pfx___x64_sys_openat+0x10/0x10 [ 330.716624][T10071] do_syscall_64+0x106/0xf80 [ 330.716644][T10071] ? clear_bhb_loop+0x40/0x90 [ 330.716667][T10071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.716686][T10071] RIP: 0033:0x7f683359c819 [ 330.716704][T10071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 330.716721][T10071] RSP: 002b:00007f683444c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 330.716739][T10071] RAX: ffffffffffffffda RBX: 00007f6833815fa0 RCX: 00007f683359c819 [ 330.716751][T10071] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 330.716763][T10071] RBP: 00007f6833632c91 R08: 0000000000000000 R09: 0000000000000000 [ 330.716773][T10071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 330.716784][T10071] R13: 00007f6833816038 R14: 00007f6833815fa0 R15: 00007ffd560b0f68 [ 330.716807][T10071] [ 332.674243][ T5824] Bluetooth: hci3: Unexpected cc 0x7c89 with no status [ 333.821360][T10140] FAULT_INJECTION: forcing a failure. [ 333.821360][T10140] name failslab, interval 1, probability 0, space 0, times 0 [ 333.882493][T10140] CPU: 1 UID: 0 PID: 10140 Comm: syz.0.711 Tainted: G L syzkaller #0 PREEMPT(full) [ 333.882546][T10140] Tainted: [L]=SOFTLOCKUP [ 333.882556][T10140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 333.882574][T10140] Call Trace: [ 333.882585][T10140] [ 333.882597][T10140] dump_stack_lvl+0x100/0x190 [ 333.882651][T10140] should_fail_ex.cold+0x5/0xa [ 333.882690][T10140] should_failslab+0xc2/0x120 [ 333.882725][T10140] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 333.882772][T10140] ? __pmd_alloc+0xbf/0x950 [ 333.882820][T10140] __pmd_alloc+0xbf/0x950 [ 333.882862][T10140] __handle_mm_fault+0xa9e/0x2b60 [ 333.882913][T10140] ? mt_find+0x45e/0x8e0 [ 333.882963][T10140] ? __pfx___handle_mm_fault+0x10/0x10 [ 333.883004][T10140] ? __pfx_mt_find+0x10/0x10 [ 333.883075][T10140] handle_mm_fault+0x36d/0xa20 [ 333.883128][T10140] __get_user_pages+0xf9c/0x34d0 [ 333.883179][T10140] ? __pfx___get_user_pages+0x10/0x10 [ 333.883225][T10140] populate_vma_page_range+0x267/0x3f0 [ 333.883266][T10140] ? __pfx_populate_vma_page_range+0x10/0x10 [ 333.883303][T10140] ? __pfx_find_vma_intersection+0x10/0x10 [ 333.883339][T10140] ? do_mmap+0x93f/0x12f0 [ 333.883381][T10140] __mm_populate+0x107/0x3a0 [ 333.883421][T10140] ? __pfx___mm_populate+0x10/0x10 [ 333.883463][T10140] ? up_write+0x290/0x4f0 [ 333.883513][T10140] vm_mmap_pgoff+0x37f/0x470 [ 333.883556][T10140] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 333.883595][T10140] ? do_futex+0x192/0x350 [ 333.883637][T10140] ? __pfx_do_futex+0x10/0x10 [ 333.883686][T10140] ksys_mmap_pgoff+0xe1/0x650 [ 333.883721][T10140] ? __x64_sys_futex+0x34f/0x4d0 [ 333.883761][T10140] ? __x64_sys_futex+0x358/0x4d0 [ 333.883804][T10140] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 333.883838][T10140] ? xfd_validate_state+0x129/0x190 [ 333.883891][T10140] __x64_sys_mmap+0x125/0x190 [ 333.883955][T10140] do_syscall_64+0x106/0xf80 [ 333.883985][T10140] ? clear_bhb_loop+0x40/0x90 [ 333.884021][T10140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 333.884050][T10140] RIP: 0033:0x7f683359c819 [ 333.884074][T10140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 333.884103][T10140] RSP: 002b:00007f683444c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 333.884131][T10140] RAX: ffffffffffffffda RBX: 00007f6833815fa0 RCX: 00007f683359c819 [ 333.884150][T10140] RDX: 00000000000000df RSI: 0000000000040009 RDI: 00000000fffff000 [ 333.884167][T10140] RBP: 00007f6833632c91 R08: 0000000000000007 R09: 0000000000028000 [ 333.884185][T10140] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 333.884202][T10140] R13: 00007f6833816038 R14: 00007f6833815fa0 R15: 00007ffd560b0f68 [ 333.884239][T10140] [ 334.298235][T10127] FAULT_INJECTION: forcing a failure. [ 334.298235][T10127] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 334.311728][T10127] CPU: 1 UID: 0 PID: 10127 Comm: syz.2.707 Tainted: G L syzkaller #0 PREEMPT(full) [ 334.311779][T10127] Tainted: [L]=SOFTLOCKUP [ 334.311790][T10127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 334.311808][T10127] Call Trace: [ 334.311819][T10127] [ 334.311831][T10127] dump_stack_lvl+0x100/0x190 [ 334.311887][T10127] should_fail_ex.cold+0x5/0xa [ 334.311926][T10127] _copy_from_iter+0x1f4/0x1690 [ 334.311976][T10127] ? policy_nodemask+0xed/0x4f0 [ 334.312011][T10127] ? __pfx__copy_from_iter+0x10/0x10 [ 334.312053][T10127] ? alloc_pages_mpol+0x25a/0x550 [ 334.312091][T10127] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 334.312137][T10127] copy_page_from_iter+0xde/0x180 [ 334.312186][T10127] anon_pipe_write+0xae4/0x1d40 [ 334.312246][T10127] ? __pfx_anon_pipe_write+0x10/0x10 [ 334.312283][T10127] ? __pfx_autoremove_wake_function+0x10/0x10 [ 334.312326][T10127] ? bpf_lsm_file_permission+0x9/0x10 [ 334.312357][T10127] ? security_file_permission+0x76/0x210 [ 334.312402][T10127] ? rw_verify_area+0xce/0x6d0 [ 334.312455][T10127] vfs_write+0x6ac/0x1070 [ 334.312488][T10127] ? __pfx_anon_pipe_write+0x10/0x10 [ 334.312523][T10127] ? __pfx_vfs_write+0x10/0x10 [ 334.312551][T10127] ? find_held_lock+0x2b/0x80 [ 334.312611][T10127] ksys_write+0x1f8/0x250 [ 334.312642][T10127] ? __pfx_ksys_write+0x10/0x10 [ 334.312687][T10127] do_syscall_64+0x106/0xf80 [ 334.312720][T10127] ? clear_bhb_loop+0x40/0x90 [ 334.312759][T10127] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 334.312792][T10127] RIP: 0033:0x7faab799c819 [ 334.312819][T10127] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 334.312848][T10127] RSP: 002b:00007faab5bd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 334.312878][T10127] RAX: ffffffffffffffda RBX: 00007faab7c16090 RCX: 00007faab799c819 [ 334.312899][T10127] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 334.312917][T10127] RBP: 00007faab7a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 334.312935][T10127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 334.312953][T10127] R13: 00007faab7c16128 R14: 00007faab7c16090 R15: 00007ffc23dc64b8 [ 334.312995][T10127] [ 335.461026][T10164] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 337.398407][ T7413] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.519445][ T7413] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.672143][ T7413] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.838020][ T7413] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 337.877754][T10203] FAULT_INJECTION: forcing a failure. [ 337.877754][T10203] name failslab, interval 1, probability 0, space 0, times 0 [ 337.901212][ T5831] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 337.910058][ T5831] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 337.918163][ T5831] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 337.918471][T10203] CPU: 0 UID: 0 PID: 10203 Comm: syz.2.730 Tainted: G L syzkaller #0 PREEMPT(full) [ 337.918512][T10203] Tainted: [L]=SOFTLOCKUP [ 337.918522][T10203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 337.918538][T10203] Call Trace: [ 337.918547][T10203] [ 337.918558][T10203] dump_stack_lvl+0x100/0x190 [ 337.918603][T10203] should_fail_ex.cold+0x5/0xa [ 337.918638][T10203] should_failslab+0xc2/0x120 [ 337.918669][T10203] __kmalloc_cache_noprof+0x7a/0x6f0 [ 337.918705][T10203] ? proc_thread_self_get_link+0x1a6/0x210 [ 337.918753][T10203] proc_thread_self_get_link+0x1a6/0x210 [ 337.918795][T10203] pick_link+0xac2/0x13c0 [ 337.918835][T10203] ? __pfx_proc_thread_self_get_link+0x10/0x10 [ 337.918880][T10203] step_into_slowpath+0x9ba/0xf90 [ 337.918935][T10203] ? __pfx_step_into_slowpath+0x10/0x10 [ 337.918981][T10203] ? lookup_fast+0x2da/0x600 [ 337.919016][T10203] ? inode_permission+0x374/0x620 [ 337.919057][T10203] link_path_walk+0xf28/0x1cc0 [ 337.919111][T10203] path_openat+0x1be/0x31a0 [ 337.919138][T10203] ? kasan_save_stack+0x3f/0x50 [ 337.919162][T10203] ? kasan_save_stack+0x30/0x50 [ 337.919185][T10203] ? kasan_save_track+0x14/0x30 [ 337.919209][T10203] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 337.919257][T10203] ? __pfx_path_openat+0x10/0x10 [ 337.919300][T10203] do_file_open+0x20e/0x430 [ 337.919331][T10203] ? __pfx_do_file_open+0x10/0x10 [ 337.919386][T10203] ? alloc_fd+0x476/0x790 [ 337.919418][T10203] ? do_getname+0x191/0x390 [ 337.919455][T10203] do_sys_openat2+0x10d/0x1e0 [ 337.919491][T10203] ? __pfx_do_sys_openat2+0x10/0x10 [ 337.919541][T10203] __x64_sys_openat+0x12d/0x210 [ 337.919578][T10203] ? __pfx___x64_sys_openat+0x10/0x10 [ 337.919627][T10203] do_syscall_64+0x106/0xf80 [ 337.919655][T10203] ? clear_bhb_loop+0x40/0x90 [ 337.919687][T10203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.919714][T10203] RIP: 0033:0x7faab799c819 [ 337.919736][T10203] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 337.919761][T10203] RSP: 002b:00007faab5bf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 337.919787][T10203] RAX: ffffffffffffffda RBX: 00007faab7c15fa0 RCX: 00007faab799c819 [ 337.919805][T10203] RDX: 0000000000020402 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 337.919823][T10203] RBP: 00007faab7a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 337.919840][T10203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 337.919856][T10203] R13: 00007faab7c16038 R14: 00007faab7c15fa0 R15: 00007ffc23dc64b8 [ 337.919893][T10203] [ 338.213233][ T5831] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 338.224291][ T5831] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 338.528370][T10200] FAULT_INJECTION: forcing a failure. [ 338.528370][T10200] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 338.580534][T10200] CPU: 1 UID: 0 PID: 10200 Comm: syz.1.728 Tainted: G L syzkaller #0 PREEMPT(full) [ 338.580584][T10200] Tainted: [L]=SOFTLOCKUP [ 338.580595][T10200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 338.580612][T10200] Call Trace: [ 338.580622][T10200] [ 338.580633][T10200] dump_stack_lvl+0x100/0x190 [ 338.580683][T10200] should_fail_ex.cold+0x5/0xa [ 338.580716][T10200] _copy_from_iter+0x1f4/0x1690 [ 338.580765][T10200] ? __pfx__copy_from_iter+0x10/0x10 [ 338.580828][T10200] copy_page_from_iter+0xde/0x180 [ 338.580875][T10200] anon_pipe_write+0xae4/0x1d40 [ 338.580915][T10200] ? __pfx_anon_pipe_write+0x10/0x10 [ 338.580945][T10200] ? __pfx_autoremove_wake_function+0x10/0x10 [ 338.580984][T10200] ? bpf_lsm_file_permission+0x9/0x10 [ 338.581015][T10200] ? security_file_permission+0x76/0x210 [ 338.581061][T10200] ? rw_verify_area+0xce/0x6d0 [ 338.581113][T10200] vfs_write+0x6ac/0x1070 [ 338.581158][T10200] ? __pfx_anon_pipe_write+0x10/0x10 [ 338.581195][T10200] ? __pfx_vfs_write+0x10/0x10 [ 338.581223][T10200] ? find_held_lock+0x2b/0x80 [ 338.581284][T10200] ksys_write+0x1f8/0x250 [ 338.581317][T10200] ? __pfx_ksys_write+0x10/0x10 [ 338.581360][T10200] do_syscall_64+0x106/0xf80 [ 338.581396][T10200] ? clear_bhb_loop+0x40/0x90 [ 338.581435][T10200] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 338.581468][T10200] RIP: 0033:0x7f1d1379c819 [ 338.581495][T10200] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 338.581525][T10200] RSP: 002b:00007f1d146b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 338.581554][T10200] RAX: ffffffffffffffda RBX: 00007f1d13a16090 RCX: 00007f1d1379c819 [ 338.581575][T10200] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 338.581600][T10200] RBP: 00007f1d13832c91 R08: 0000000000000000 R09: 0000000000000000 [ 338.581619][T10200] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 338.581637][T10200] R13: 00007f1d13a16128 R14: 00007f1d13a16090 R15: 00007ffe5a3ff8d8 [ 338.581681][T10200] [ 338.970021][ T7413] bridge_slave_1: left allmulticast mode [ 338.978794][ T7413] bridge_slave_1: left promiscuous mode [ 339.010056][ T7413] bridge0: port 2(bridge_slave_1) entered disabled state [ 339.055191][ T7413] bridge_slave_0: left allmulticast mode [ 339.071518][ T7413] bridge_slave_0: left promiscuous mode [ 339.095008][ T7413] bridge0: port 1(bridge_slave_0) entered disabled state [ 339.609965][ T7413] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 339.623742][ T7413] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 339.653467][ T7413] bond0 (unregistering): Released all slaves [ 340.102550][T10204] chnl_net:caif_netlink_parms(): no params data found [ 340.261523][ T5824] Bluetooth: hci2: command tx timeout [ 340.308303][ T7413] hsr_slave_0: left promiscuous mode [ 340.315029][ T7413] hsr_slave_1: left promiscuous mode [ 340.321383][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 340.328892][ T7413] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 340.362420][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 340.369877][ T7413] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 340.410695][ T7413] veth1_macvtap: left promiscuous mode [ 340.421445][ T7413] veth0_macvtap: left promiscuous mode [ 340.427075][ T7413] veth1_vlan: left promiscuous mode [ 340.452677][ T7413] veth0_vlan: left promiscuous mode [ 340.822508][ T5831] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 340.832494][ T5831] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 340.840836][ T5831] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 340.849893][ T5831] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 340.858209][ T5831] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 341.129745][ T7413] team0 (unregistering): Port device team_slave_1 removed [ 341.206350][ T7413] team0 (unregistering): Port device team_slave_0 removed [ 341.428572][ T5831] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 341.439192][ T5831] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 341.448061][ T5831] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 341.457198][ T5831] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 341.465028][ T5831] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 341.630817][T10204] bridge0: port 1(bridge_slave_0) entered blocking state [ 341.639209][T10204] bridge0: port 1(bridge_slave_0) entered disabled state [ 341.646814][T10204] bridge_slave_0: entered allmulticast mode [ 341.660932][T10204] bridge_slave_0: entered promiscuous mode [ 341.684444][T10204] bridge0: port 2(bridge_slave_1) entered blocking state [ 341.708326][T10204] bridge0: port 2(bridge_slave_1) entered disabled state [ 341.723551][T10204] bridge_slave_1: entered allmulticast mode [ 341.733481][T10204] bridge_slave_1: entered promiscuous mode [ 341.839670][T10204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 341.870936][T10204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 341.968138][T10204] team0: Port device team_slave_0 added [ 342.038479][T10204] team0: Port device team_slave_1 added [ 342.338074][ T5831] Bluetooth: hci2: command tx timeout [ 342.406713][T10204] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 342.442440][T10204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 342.473621][T10204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 342.530869][T10204] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 342.549281][T10204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 342.601966][T10204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 342.691864][ T7413] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.793550][T10252] chnl_net:caif_netlink_parms(): no params data found [ 342.838412][ T7413] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 342.868984][T10204] hsr_slave_0: entered promiscuous mode [ 342.877492][T10204] hsr_slave_1: entered promiscuous mode [ 342.886825][T10204] debugfs: 'hsr0' already exists in 'hsr' [ 342.892918][ T5831] Bluetooth: hci1: command tx timeout [ 342.900311][T10204] Cannot create hsr debugfs directory [ 343.008239][ T7413] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.122998][T10261] chnl_net:caif_netlink_parms(): no params data found [ 343.154435][ T7413] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 343.271218][T10252] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.280382][T10252] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.291601][T10252] bridge_slave_0: entered allmulticast mode [ 343.300180][T10252] bridge_slave_0: entered promiscuous mode [ 343.352679][T10252] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.360899][T10252] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.368725][T10252] bridge_slave_1: entered allmulticast mode [ 343.377204][T10252] bridge_slave_1: entered promiscuous mode [ 343.504404][T10252] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 343.533090][ T5831] Bluetooth: hci3: command tx timeout [ 343.658512][T10252] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 343.860629][T10252] team0: Port device team_slave_0 added [ 343.869494][T10261] bridge0: port 1(bridge_slave_0) entered blocking state [ 343.879044][T10261] bridge0: port 1(bridge_slave_0) entered disabled state [ 343.886847][T10261] bridge_slave_0: entered allmulticast mode [ 343.895974][T10261] bridge_slave_0: entered promiscuous mode [ 343.915695][T10261] bridge0: port 2(bridge_slave_1) entered blocking state [ 343.933363][T10261] bridge0: port 2(bridge_slave_1) entered disabled state [ 343.940992][T10261] bridge_slave_1: entered allmulticast mode [ 343.968664][T10261] bridge_slave_1: entered promiscuous mode [ 344.009461][T10252] team0: Port device team_slave_1 added [ 344.255097][T10261] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 344.269602][T10261] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 344.280575][T10252] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 344.289300][T10252] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 344.316222][T10252] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 344.329574][T10252] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 344.336703][T10252] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 344.365865][T10252] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 344.413620][ T5831] Bluetooth: hci2: command tx timeout [ 344.520931][ T7413] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.540052][T10261] team0: Port device team_slave_0 added [ 344.567973][T10261] team0: Port device team_slave_1 added [ 344.617288][T10261] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 344.624314][T10261] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 344.651019][T10261] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 344.715709][ T7413] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.737246][T10261] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 344.744667][T10261] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 344.773308][T10261] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 344.811501][T10252] hsr_slave_0: entered promiscuous mode [ 344.819277][T10252] hsr_slave_1: entered promiscuous mode [ 344.826403][T10252] debugfs: 'hsr0' already exists in 'hsr' [ 344.832176][T10252] Cannot create hsr debugfs directory [ 344.873441][ T7413] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 344.974257][ T5831] Bluetooth: hci1: command tx timeout [ 345.028569][ T7413] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 345.053471][T10261] hsr_slave_0: entered promiscuous mode [ 345.061302][T10261] hsr_slave_1: entered promiscuous mode [ 345.068913][T10261] debugfs: 'hsr0' already exists in 'hsr' [ 345.077288][T10261] Cannot create hsr debugfs directory [ 345.083163][ T5824] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 345.094721][ T5824] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 345.105778][ T5824] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 345.116704][ T5824] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 345.131963][ T5824] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 345.291160][T10204] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 345.320974][T10204] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 345.405098][T10204] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 345.479395][T10204] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 345.614913][ T5824] Bluetooth: hci3: command tx timeout [ 345.690105][ T7413] bridge_slave_1: left allmulticast mode [ 345.703441][ T7413] bridge_slave_1: left promiscuous mode [ 345.714877][ T7413] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.737636][ T7413] bridge_slave_0: left allmulticast mode [ 345.743398][ T7413] bridge_slave_0: left promiscuous mode [ 345.749829][ T7413] bridge0: port 1(bridge_slave_0) entered disabled state [ 345.769737][ T7413] bridge_slave_1: left allmulticast mode [ 345.775898][ T7413] bridge_slave_1: left promiscuous mode [ 345.781808][ T7413] bridge0: port 2(bridge_slave_1) entered disabled state [ 345.792901][ T7413] bridge_slave_0: left allmulticast mode [ 345.799103][ T7413] bridge_slave_0: left promiscuous mode [ 345.806969][ T7413] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.022930][ T7413] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 346.031839][ T7413] bond_slave_0: left promiscuous mode [ 346.039658][ T7413] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 346.049542][ T7413] bond_slave_1: left promiscuous mode [ 346.056219][ T7413] bond0 (unregistering): Released all slaves [ 346.153578][ T7413] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 346.164156][ T7413] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 346.174166][ T7413] bond0 (unregistering): Released all slaves [ 346.240741][ T7413] HfR: left promiscuous mode [ 346.494897][ T5824] Bluetooth: hci2: command tx timeout [ 346.554355][T10320] chnl_net:caif_netlink_parms(): no params data found [ 346.906390][T10204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 346.938170][T10320] bridge0: port 1(bridge_slave_0) entered blocking state [ 346.946303][T10320] bridge0: port 1(bridge_slave_0) entered disabled state [ 346.953581][T10320] bridge_slave_0: entered allmulticast mode [ 346.961862][T10320] bridge_slave_0: entered promiscuous mode [ 346.994248][T10252] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 347.009759][T10320] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.018102][T10320] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.027644][T10320] bridge_slave_1: entered allmulticast mode [ 347.040848][T10320] bridge_slave_1: entered promiscuous mode [ 347.051749][T10252] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 347.058667][ T5824] Bluetooth: hci1: command tx timeout [ 347.162853][T10252] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 347.214996][ T5824] Bluetooth: hci0: command tx timeout [ 347.224605][T10252] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 347.265937][T10204] 8021q: adding VLAN 0 to HW filter on device team0 [ 347.277241][T10320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 347.330992][T10320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 347.403469][T10320] team0: Port device team_slave_0 added [ 347.436005][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 347.443137][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 347.454386][T10320] team0: Port device team_slave_1 added [ 347.481928][ T1154] bridge0: port 2(bridge_slave_1) entered blocking state [ 347.489174][ T1154] bridge0: port 2(bridge_slave_1) entered forwarding state [ 347.533099][T10320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 347.540899][T10320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 347.587059][T10320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 347.637518][T10320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 347.644520][T10320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 347.696721][ T5824] Bluetooth: hci3: command tx timeout [ 347.702250][T10320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 347.984835][T10320] hsr_slave_0: entered promiscuous mode [ 347.995059][T10320] hsr_slave_1: entered promiscuous mode [ 348.002319][T10320] debugfs: 'hsr0' already exists in 'hsr' [ 348.008239][T10320] Cannot create hsr debugfs directory [ 348.060080][T10261] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 348.115890][T10261] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 348.132632][T10261] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 348.235335][T10261] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 348.426495][T10252] 8021q: adding VLAN 0 to HW filter on device bond0 [ 348.539375][ T7413] hsr_slave_0: left promiscuous mode [ 348.546734][ T7413] hsr_slave_1: left promiscuous mode [ 348.552987][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 348.566829][ T7413] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 348.574963][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 348.586041][ T7413] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 348.599385][ T7413] hsr_slave_0: left promiscuous mode [ 348.606381][ T7413] hsr_slave_1: left promiscuous mode [ 348.612618][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 348.620576][ T7413] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 348.629250][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 348.640205][ T7413] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 348.667960][ T7413] veth1_macvtap: left promiscuous mode [ 348.673521][ T7413] veth0_macvtap: left promiscuous mode [ 348.680937][ T7413] veth1_vlan: left promiscuous mode [ 348.688771][ T7413] veth0_vlan: left promiscuous mode [ 348.703960][ T7413] veth1_macvtap: left promiscuous mode [ 348.709666][ T7413] veth0_macvtap: left promiscuous mode [ 348.715272][ T7413] veth1_vlan: left promiscuous mode [ 348.722620][ T7413] veth0_vlan: left promiscuous mode [ 349.136115][ T5824] Bluetooth: hci1: command tx timeout [ 349.227849][ T7413] team0 (unregistering): Port device team_slave_1 removed [ 349.256862][ T7413] team0 (unregistering): Port device team_slave_0 removed [ 349.296186][ T5824] Bluetooth: hci0: command tx timeout [ 349.666613][ T7413] team0 (unregistering): Port device team_slave_1 removed [ 349.712485][ T7413] team0 (unregistering): Port device team_slave_0 removed [ 349.776656][ T5824] Bluetooth: hci3: command tx timeout [ 349.924591][T10204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 349.963368][T10252] 8021q: adding VLAN 0 to HW filter on device team0 [ 350.070171][T10320] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.094612][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.101851][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 350.169723][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.176991][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 350.222361][T10320] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.329646][T10320] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.423752][T10320] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 350.463950][T10261] 8021q: adding VLAN 0 to HW filter on device bond0 [ 350.476069][T10204] veth0_vlan: entered promiscuous mode [ 350.501559][T10204] veth1_vlan: entered promiscuous mode [ 350.550669][T10261] 8021q: adding VLAN 0 to HW filter on device team0 [ 350.617550][ T283] bridge0: port 1(bridge_slave_0) entered blocking state [ 350.624732][ T283] bridge0: port 1(bridge_slave_0) entered forwarding state [ 350.641938][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 350.649197][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 350.768801][T10204] veth0_macvtap: entered promiscuous mode [ 350.852993][T10204] veth1_macvtap: entered promiscuous mode [ 350.959475][T10320] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 350.992580][T10204] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 351.031660][T10320] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 351.086447][T10204] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 351.119151][T10320] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 351.146161][T10320] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 351.231396][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.246358][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.319934][T10252] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 351.330646][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.342995][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 351.382039][ T5824] Bluetooth: hci0: command tx timeout [ 351.426736][ T7413] bridge_slave_1: left allmulticast mode [ 351.433063][ T7413] bridge_slave_1: left promiscuous mode [ 351.445506][ T7413] bridge0: port 2(bridge_slave_1) entered disabled state [ 351.464839][ T7413] bridge_slave_0: left allmulticast mode [ 351.470771][ T7413] bridge_slave_0: left promiscuous mode [ 351.476604][ T7413] bridge0: port 1(bridge_slave_0) entered disabled state [ 351.742832][ T7413] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 351.764570][ T7413] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 351.781622][ T7413] bond0 (unregistering): Released all slaves [ 351.881993][ T283] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 351.913020][ T283] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 351.936238][T10261] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 352.058297][ T1154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 352.069939][T10252] veth0_vlan: entered promiscuous mode [ 352.081108][ T1154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 352.257582][T10252] veth1_vlan: entered promiscuous mode [ 352.282792][T10320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 352.377866][ T7413] hsr_slave_0: left promiscuous mode [ 352.397440][ T7413] hsr_slave_1: left promiscuous mode [ 352.403696][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 352.427480][ T7413] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 352.438285][ T7413] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 352.465513][ T7413] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 352.499262][ T7413] veth1_macvtap: left promiscuous mode [ 352.504823][ T7413] veth0_macvtap: left promiscuous mode [ 352.512470][ T7413] veth1_vlan: left promiscuous mode [ 352.519452][ T7413] veth0_vlan: left promiscuous mode [ 352.809284][ T7413] team0 (unregistering): Port device team_slave_1 removed [ 352.838187][ T7413] team0 (unregistering): Port device team_slave_0 removed [ 353.043327][T10261] veth0_vlan: entered promiscuous mode [ 353.069873][T10320] 8021q: adding VLAN 0 to HW filter on device team0 [ 353.090699][T10261] veth1_vlan: entered promiscuous mode [ 353.121372][ T1154] bridge0: port 1(bridge_slave_0) entered blocking state [ 353.128716][ T1154] bridge0: port 1(bridge_slave_0) entered forwarding state [ 353.158998][ T283] bridge0: port 2(bridge_slave_1) entered blocking state [ 353.166296][ T283] bridge0: port 2(bridge_slave_1) entered forwarding state [ 353.210792][T10252] veth0_macvtap: entered promiscuous mode [ 353.233590][T10261] veth0_macvtap: entered promiscuous mode [ 353.256761][T10261] veth1_macvtap: entered promiscuous mode [ 353.269831][T10252] veth1_macvtap: entered promiscuous mode [ 353.303693][T10252] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 353.321537][T10261] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 353.343268][T10252] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 353.362804][ T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.402289][T10261] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 353.427219][ T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.449916][ T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.458950][ T5824] Bluetooth: hci0: command tx timeout [ 353.525280][ T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.539814][ T12] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.594430][ T12] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.605510][ T12] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.676024][ T12] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 353.846247][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.866849][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 353.887478][ T7413] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 353.904155][ T7413] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 353.943079][T10320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 354.035640][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.059074][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.069973][ T7413] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.077844][ T7413] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.172673][T10320] veth0_vlan: entered promiscuous mode [ 354.213006][T10320] veth1_vlan: entered promiscuous mode [ 354.302949][T10320] veth0_macvtap: entered promiscuous mode [ 354.336423][T10320] veth1_macvtap: entered promiscuous mode [ 354.433513][T10320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 354.476912][T10320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 354.514033][ T63] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.532071][ T63] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.547161][ T63] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.572894][ T63] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 354.760930][ T7413] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.785354][ T7413] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.853210][T10508] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 354.864909][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 354.866268][T10509] FAULT_INJECTION: forcing a failure. [ 354.866268][T10509] name failslab, interval 1, probability 0, space 0, times 0 [ 354.886139][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 354.894959][T10508] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 354.909289][T10508] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 354.930428][T10508] page_type: f5(slab) [ 354.937512][T10508] raw: 00fff00000000040 ffff88801ce91780 dead000000000100 dead000000000122 [ 354.950949][T10509] CPU: 1 UID: 0 PID: 10509 Comm: syz.2.755 Tainted: G L syzkaller #0 PREEMPT(full) [ 354.950998][T10509] Tainted: [L]=SOFTLOCKUP [ 354.951010][T10509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 354.951028][T10509] Call Trace: [ 354.951038][T10509] [ 354.951050][T10509] dump_stack_lvl+0x100/0x190 [ 354.951106][T10509] should_fail_ex.cold+0x5/0xa [ 354.951144][T10509] should_failslab+0xc2/0x120 [ 354.951180][T10509] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 354.951229][T10509] ? __kernfs_new_node+0xd2/0x960 [ 354.951274][T10509] ? kstrdup+0xb3/0xe0 [ 354.951308][T10509] __kernfs_new_node+0xd2/0x960 [ 354.951360][T10509] ? __pfx___kernfs_new_node+0x10/0x10 [ 354.951418][T10509] ? find_held_lock+0x2b/0x80 [ 354.951450][T10509] ? kernfs_root+0xee/0x2a0 [ 354.951493][T10509] ? kernfs_root+0xee/0x2a0 [ 354.951547][T10509] kernfs_new_node+0x11b/0x1a0 [ 354.951586][T10509] kernfs_create_dir_ns+0x4c/0x1a0 [ 354.951623][T10509] cgroup_mkdir+0x3be/0x1330 [ 354.951661][T10509] ? __pfx_cgroup_mkdir+0x10/0x10 [ 354.951693][T10509] kernfs_iop_mkdir+0x111/0x190 [ 354.951733][T10509] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 354.951783][T10509] vfs_mkdir+0x361/0x850 [ 354.951832][T10509] filename_mkdirat+0x48b/0x5e0 [ 354.951875][T10509] ? __pfx_filename_mkdirat+0x10/0x10 [ 354.951911][T10509] ? strncpy_from_user+0x19d/0x2d0 [ 354.951954][T10509] ? do_getname+0x191/0x390 [ 354.951996][T10509] __x64_sys_mkdir+0x6b/0x90 [ 354.952032][T10509] do_syscall_64+0x106/0xf80 [ 354.952066][T10509] ? clear_bhb_loop+0x40/0x90 [ 354.952104][T10509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.952137][T10509] RIP: 0033:0x7f352e59c819 [ 354.952165][T10509] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 354.952192][T10509] RSP: 002b:00007f352f464028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 354.952222][T10509] RAX: ffffffffffffffda RBX: 00007f352e815fa0 RCX: 00007f352e59c819 [ 354.952242][T10509] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000000040 [ 354.952261][T10509] RBP: 00007f352e632c91 R08: 0000000000000000 R09: 0000000000000000 [ 354.952278][T10509] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 354.952295][T10509] R13: 00007f352e816038 R14: 00007f352e815fa0 R15: 00007ffc74d12448 [ 354.952337][T10509] [ 355.208529][T10508] raw: 0000000000000000 0000000800150015 00000000f5000000 0000000000000000 [ 355.217443][T10508] head: 00fff00000000040 ffff88801ce91780 dead000000000100 dead000000000122 [ 355.226674][T10508] head: 0000000000000000 0000000800150015 00000000f5000000 0000000000000000 [ 355.235581][T10508] head: 00fff00000000001 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 355.245427][T10508] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 355.255598][T10508] page dumped because: unmovable page [ 355.261698][T10508] page_owner tracks the page as allocated [ 355.269131][T10508] page last allocated via order 1, migratetype Reclaimable, gfp_mask 0xd20d0(__GFP_RECLAIMABLE|__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5206, tgid 5206 (udevadm), ts 35907972038, free_ts 28791507204 [ 355.292271][T10508] post_alloc_hook+0x153/0x170 [ 355.297185][T10508] get_page_from_freelist+0x111d/0x3140 [ 355.303683][T10508] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 355.309771][T10508] new_slab+0xa6/0x6b0 [ 355.314037][T10508] refill_objects+0x26b/0x400 [ 355.318944][T10508] __pcs_replace_empty_main+0x1ab/0x660 [ 355.324742][T10508] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 355.330745][T10508] __d_alloc+0x34/0xa80 [ 355.335100][T10508] d_alloc_parallel+0x111/0x14e0 [ 355.340215][T10508] __lookup_slow+0x193/0x460 [ 355.346730][T10508] lookup_slow+0x50/0x70 [ 355.351195][T10508] link_path_walk+0x1377/0x1cc0 [ 355.356225][T10508] path_lookupat+0x74/0xc40 [ 355.360992][T10508] filename_lookup+0x202/0x590 [ 355.365979][T10508] vfs_statx+0xff/0x3f0 [ 355.370316][T10508] vfs_fstatat+0x77/0xe0 [ 355.375158][T10508] page last free pid 1 tgid 1 stack trace: [ 355.381417][T10508] __free_frozen_pages+0x7e1/0x10d0 [ 355.386799][T10508] free_contig_range+0xde/0x1d0 [ 355.391828][T10508] destroy_args+0xa8/0x7a0 [ 355.396381][T10508] debug_vm_pgtable+0x1b66/0x34c0 [ 355.401648][T10508] do_one_initcall+0x11d/0x760 [ 355.406543][T10508] kernel_init_freeable+0x6e5/0x7a0 [ 355.412019][T10508] kernel_init+0x1f/0x1e0 [ 355.416493][T10508] ret_from_fork+0x754/0xd80 [ 355.421254][T10508] ret_from_fork_asm+0x1a/0x30 [ 356.278374][T10531] FAULT_INJECTION: forcing a failure. [ 356.278374][T10531] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 356.291678][T10531] CPU: 1 UID: 0 PID: 10531 Comm: syz.0.758 Tainted: G L syzkaller #0 PREEMPT(full) [ 356.291724][T10531] Tainted: [L]=SOFTLOCKUP [ 356.291735][T10531] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 356.291762][T10531] Call Trace: [ 356.291772][T10531] [ 356.291784][T10531] dump_stack_lvl+0x100/0x190 [ 356.291838][T10531] should_fail_ex.cold+0x5/0xa [ 356.291877][T10531] _copy_from_user+0x2e/0xd0 [ 356.291918][T10531] restore_altstack+0x98/0x170 [ 356.291959][T10531] ? __pfx_restore_altstack+0x10/0x10 [ 356.292000][T10531] ? _raw_spin_unlock_irq+0x23/0x50 [ 356.292044][T10531] ? lockdep_hardirqs_on+0x78/0x100 [ 356.292076][T10531] ? _raw_spin_unlock_irq+0x2e/0x50 [ 356.292123][T10531] __do_sys_rt_sigreturn+0x1ab/0x2c0 [ 356.292163][T10531] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 356.292212][T10531] do_syscall_64+0x106/0xf80 [ 356.292242][T10531] ? clear_bhb_loop+0x40/0x90 [ 356.292279][T10531] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.292312][T10531] RIP: 0033:0x7ff432f3db99 [ 356.292337][T10531] Code: 11 06 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 0c 25 [ 356.292363][T10531] RSP: 002b:00007ff433e5da80 EFLAGS: 00000246 ORIG_RAX: 000000000000000f [ 356.292396][T10531] RAX: ffffffffffffffda RBX: 00007ff433216090 RCX: 00007ff432f3db99 [ 356.292416][T10531] RDX: 00007ff433e5da80 RSI: 00007ff433e5dbb0 RDI: 0000000000000011 [ 356.292434][T10531] RBP: 00007ff433032c91 R08: 0000000000000000 R09: 0000000000000000 [ 356.292453][T10531] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 356.292472][T10531] R13: 00007ff433216128 R14: 00007ff433216090 R15: 00007ffd33ce39b8 [ 356.292510][T10531] [ 356.663851][T10511] FAULT_INJECTION: forcing a failure. [ 356.663851][T10511] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 356.678416][T10511] CPU: 1 UID: 0 PID: 10511 Comm: syz.3.753 Tainted: G L syzkaller #0 PREEMPT(full) [ 356.678460][T10511] Tainted: [L]=SOFTLOCKUP [ 356.678470][T10511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 356.678486][T10511] Call Trace: [ 356.678496][T10511] [ 356.678507][T10511] dump_stack_lvl+0x100/0x190 [ 356.678556][T10511] should_fail_ex.cold+0x5/0xa [ 356.678592][T10511] _copy_to_iter+0x1f3/0x1720 [ 356.678640][T10511] ? __pfx__copy_to_iter+0x10/0x10 [ 356.678675][T10511] ? trace_kmalloc+0x101/0x130 [ 356.678722][T10511] ? seq_read_iter+0x819/0x1270 [ 356.678762][T10511] seq_read_iter+0xdab/0x1270 [ 356.678809][T10511] proc_reg_read_iter+0x220/0x310 [ 356.678853][T10511] ? __pfx_proc_reg_read_iter+0x10/0x10 [ 356.678896][T10511] vfs_read+0x825/0xb30 [ 356.678932][T10511] ? __pfx_vfs_read+0x10/0x10 [ 356.678989][T10511] ksys_read+0x12a/0x250 [ 356.679019][T10511] ? __pfx_ksys_read+0x10/0x10 [ 356.679059][T10511] do_syscall_64+0x106/0xf80 [ 356.679091][T10511] ? clear_bhb_loop+0x40/0x90 [ 356.679129][T10511] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.679160][T10511] RIP: 0033:0x7f3290d9c819 [ 356.679186][T10511] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 356.679214][T10511] RSP: 002b:00007f328eff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 356.679243][T10511] RAX: ffffffffffffffda RBX: 00007f3291016180 RCX: 00007f3290d9c819 [ 356.679263][T10511] RDX: 00000000000000b2 RSI: 0000200000000180 RDI: 0000000000000006 [ 356.679280][T10511] RBP: 00007f328eff6090 R08: 0000000000000000 R09: 0000000000000000 [ 356.679298][T10511] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 356.679315][T10511] R13: 00007f3291016218 R14: 00007f3291016180 R15: 00007ffd1fa830f8 [ 356.679357][T10511] [ 357.873735][T10546] futex_wake_op: syz.0.763 tries to shift op by -2048; fix this program [ 357.890662][T10546] futex_wake_op: syz.0.763 tries to shift op by -2048; fix this program [ 360.440647][T10608] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 360.762920][T10616] FAULT_INJECTION: forcing a failure. [ 360.762920][T10616] name failslab, interval 1, probability 0, space 0, times 0 [ 360.780135][T10616] CPU: 0 UID: 0 PID: 10616 Comm: syz.3.780 Tainted: G L syzkaller #0 PREEMPT(full) [ 360.780182][T10616] Tainted: [L]=SOFTLOCKUP [ 360.780193][T10616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 360.780210][T10616] Call Trace: [ 360.780220][T10616] [ 360.780231][T10616] dump_stack_lvl+0x100/0x190 [ 360.780282][T10616] should_fail_ex.cold+0x5/0xa [ 360.780319][T10616] should_failslab+0xc2/0x120 [ 360.780353][T10616] __kmalloc_cache_noprof+0x7a/0x6f0 [ 360.780393][T10616] ? snd_seq_prioq_new+0x3f/0x110 [ 360.780437][T10616] ? lockdep_init_map_type+0x5c/0x250 [ 360.780483][T10616] snd_seq_prioq_new+0x3f/0x110 [ 360.780525][T10616] snd_seq_queue_alloc+0x153/0x590 [ 360.780575][T10616] snd_seq_ioctl_create_queue+0xa9/0x370 [ 360.780610][T10616] call_seq_client_ctl+0xa3/0x130 [ 360.780645][T10616] snd_seq_kernel_client_ctl+0x77/0xd0 [ 360.780679][T10616] alloc_seq_queue+0xdb/0x180 [ 360.780712][T10616] ? __pfx_alloc_seq_queue+0x10/0x10 [ 360.780766][T10616] ? mark_held_locks+0x40/0x70 [ 360.780800][T10616] ? _raw_spin_unlock_irq+0x23/0x50 [ 360.780844][T10616] ? lockdep_hardirqs_on+0x78/0x100 [ 360.780881][T10616] snd_seq_oss_open+0x2b2/0xa10 [ 360.780935][T10616] odev_open+0x79/0xc0 [ 360.780968][T10616] ? __pfx_odev_open+0x10/0x10 [ 360.781002][T10616] soundcore_open+0x2e3/0x5a0 [ 360.781044][T10616] ? __pfx_soundcore_open+0x10/0x10 [ 360.781080][T10616] chrdev_open+0x234/0x6a0 [ 360.781111][T10616] ? __pfx_apparmor_file_open+0x10/0x10 [ 360.781146][T10616] ? __pfx_chrdev_open+0x10/0x10 [ 360.781180][T10616] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 360.781222][T10616] do_dentry_open+0x6d8/0x1660 [ 360.781254][T10616] ? __pfx_chrdev_open+0x10/0x10 [ 360.781297][T10616] vfs_open+0x82/0x3f0 [ 360.781338][T10616] path_openat+0x208c/0x31a0 [ 360.781381][T10616] ? __pfx_path_openat+0x10/0x10 [ 360.781428][T10616] do_file_open+0x20e/0x430 [ 360.781465][T10616] ? __pfx_do_file_open+0x10/0x10 [ 360.781550][T10616] ? alloc_fd+0x476/0x790 [ 360.781586][T10616] ? do_getname+0x191/0x390 [ 360.781630][T10616] do_sys_openat2+0x10d/0x1e0 [ 360.781672][T10616] ? __pfx_do_sys_openat2+0x10/0x10 [ 360.781715][T10616] ? __fget_files+0x21f/0x3d0 [ 360.781755][T10616] __x64_sys_openat+0x12d/0x210 [ 360.781798][T10616] ? __pfx___x64_sys_openat+0x10/0x10 [ 360.781856][T10616] do_syscall_64+0x106/0xf80 [ 360.781888][T10616] ? clear_bhb_loop+0x40/0x90 [ 360.781938][T10616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.781969][T10616] RIP: 0033:0x7f3290d9c819 [ 360.781996][T10616] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 360.782025][T10616] RSP: 002b:00007f3291b99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 360.782054][T10616] RAX: ffffffffffffffda RBX: 00007f3291015fa0 RCX: 00007f3290d9c819 [ 360.782074][T10616] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 360.782094][T10616] RBP: 00007f3290e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 360.782112][T10616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 360.782130][T10616] R13: 00007f3291016038 R14: 00007f3291015fa0 R15: 00007ffd1fa830f8 [ 360.782173][T10616] [ 361.375795][T10622] FAULT_INJECTION: forcing a failure. [ 361.375795][T10622] name failslab, interval 1, probability 0, space 0, times 0 [ 361.452075][T10622] CPU: 1 UID: 0 PID: 10622 Comm: syz.1.781 Tainted: G L syzkaller #0 PREEMPT(full) [ 361.452128][T10622] Tainted: [L]=SOFTLOCKUP [ 361.452139][T10622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 361.452157][T10622] Call Trace: [ 361.452167][T10622] [ 361.452179][T10622] dump_stack_lvl+0x100/0x190 [ 361.452230][T10622] should_fail_ex.cold+0x5/0xa [ 361.452270][T10622] should_failslab+0xc2/0x120 [ 361.452306][T10622] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 361.452355][T10622] ? seq_open+0x55/0x170 [ 361.452396][T10622] ? lockdep_init_map_type+0x5c/0x250 [ 361.452446][T10622] seq_open+0x55/0x170 [ 361.452490][T10622] kernfs_fop_open+0x590/0xd50 [ 361.452538][T10622] do_dentry_open+0x6d8/0x1660 [ 361.452571][T10622] ? __pfx_kernfs_fop_open+0x10/0x10 [ 361.452617][T10622] vfs_open+0x82/0x3f0 [ 361.452663][T10622] path_openat+0x208c/0x31a0 [ 361.452713][T10622] ? __pfx_path_openat+0x10/0x10 [ 361.452766][T10622] do_file_open+0x20e/0x430 [ 361.452804][T10622] ? __pfx_do_file_open+0x10/0x10 [ 361.452871][T10622] ? alloc_fd+0x476/0x790 [ 361.452919][T10622] ? do_getname+0x191/0x390 [ 361.452964][T10622] do_sys_openat2+0x10d/0x1e0 [ 361.453006][T10622] ? __pfx_do_sys_openat2+0x10/0x10 [ 361.453054][T10622] ? __fget_files+0x21f/0x3d0 [ 361.453096][T10622] __x64_sys_openat+0x12d/0x210 [ 361.453142][T10622] ? __pfx___x64_sys_openat+0x10/0x10 [ 361.453204][T10622] do_syscall_64+0x106/0xf80 [ 361.453238][T10622] ? clear_bhb_loop+0x40/0x90 [ 361.453278][T10622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 361.453310][T10622] RIP: 0033:0x7fb3fe39c819 [ 361.453335][T10622] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 361.453363][T10622] RSP: 002b:00007fb3ff323028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 361.453393][T10622] RAX: ffffffffffffffda RBX: 00007fb3fe615fa0 RCX: 00007fb3fe39c819 [ 361.453413][T10622] RDX: 0000000000080200 RSI: 0000200000000840 RDI: ffffffffffffff9c [ 361.453432][T10622] RBP: 00007fb3fe432c91 R08: 0000000000000000 R09: 0000000000000000 [ 361.453451][T10622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 361.453469][T10622] R13: 00007fb3fe616038 R14: 00007fb3fe615fa0 R15: 00007ffccdee0db8 [ 361.453513][T10622] [ 361.909912][T10630] netlink: 186 bytes leftover after parsing attributes in process `syz.1.781'. [ 362.111198][T10635] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 362.651007][T10644] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 362.714201][T10648] FAULT_INJECTION: forcing a failure. [ 362.714201][T10648] name fail_futex, interval 1, probability 0, space 0, times 0 [ 362.731000][T10648] CPU: 1 UID: 0 PID: 10648 Comm: syz.3.787 Tainted: G L syzkaller #0 PREEMPT(full) [ 362.731048][T10648] Tainted: [L]=SOFTLOCKUP [ 362.731058][T10648] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 362.731076][T10648] Call Trace: [ 362.731085][T10648] [ 362.731097][T10648] dump_stack_lvl+0x100/0x190 [ 362.731147][T10648] should_fail_ex.cold+0x5/0xa [ 362.731183][T10648] get_futex_key+0x1d2/0x1620 [ 362.731226][T10648] ? __pfx_get_futex_key+0x10/0x10 [ 362.731265][T10648] ? putname+0xb1/0x110 [ 362.731297][T10648] ? kasan_save_stack+0x3f/0x50 [ 362.731322][T10648] ? kasan_save_stack+0x30/0x50 [ 362.731347][T10648] ? kasan_save_track+0x14/0x30 [ 362.731373][T10648] ? kasan_save_free_info+0x3b/0x70 [ 362.731411][T10648] ? __kasan_slab_free+0x5f/0x80 [ 362.731444][T10648] futex_wake+0xea/0x530 [ 362.731494][T10648] ? __pfx_futex_wake+0x10/0x10 [ 362.731556][T10648] do_futex+0x32b/0x350 [ 362.731596][T10648] ? __pfx_do_futex+0x10/0x10 [ 362.731645][T10648] __x64_sys_futex+0x34f/0x4d0 [ 362.731700][T10648] ? __pfx___x64_sys_futex+0x10/0x10 [ 362.731738][T10648] ? kmem_cache_free+0x124/0x6a0 [ 362.731794][T10648] do_syscall_64+0x106/0xf80 [ 362.731826][T10648] ? clear_bhb_loop+0x40/0x90 [ 362.731863][T10648] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.731893][T10648] RIP: 0033:0x7f3290d9c819 [ 362.731917][T10648] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 362.731943][T10648] RSP: 002b:00007f3291b990e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 362.731970][T10648] RAX: ffffffffffffffda RBX: 00007f3291015fa8 RCX: 00007f3290d9c819 [ 362.731989][T10648] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3291015fac [ 362.732007][T10648] RBP: 00007f3291015fa0 R08: 0000000000000000 R09: 0000000000000000 [ 362.732025][T10648] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 362.732042][T10648] R13: 00007f3291016038 R14: 00007ffd1fa83010 R15: 00007ffd1fa830f8 [ 362.732081][T10648] [ 363.053689][T10653] binder: 10643:10653 ioctl c00c620f 2000000001c0 returned -22 [ 363.356382][T10660] netlink: 'syz.1.790': attribute type 1 has an invalid length. [ 363.969334][T10669] random: crng reseeded on system resumption [ 365.068028][T10703] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 365.086122][T10703] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 365.122697][T10703] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 365.165304][T10703] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 365.187167][T10703] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 365.213302][T10703] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 365.250995][T10703] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 365.269355][T10703] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 365.315919][T10703] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 365.339015][T10703] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 365.359080][T10703] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 365.386792][T10703] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 365.952607][T10725] futex_wake_op: syz.3.811 tries to shift op by -2048; fix this program [ 367.145992][T10735] Bluetooth: hci2: command 0x0c1a tx timeout [ 367.225666][T10735] Bluetooth: hci1: command 0x0c1a tx timeout [ 367.305467][T10735] Bluetooth: hci3: command 0x0c1a tx timeout [ 367.399523][T10753] Bluetooth: hci0: command 0x0c1a tx timeout [ 368.276383][T10774] FAULT_INJECTION: forcing a failure. [ 368.276383][T10774] name failslab, interval 1, probability 0, space 0, times 0 [ 368.289721][T10774] CPU: 0 UID: 0 PID: 10774 Comm: syz.0.822 Tainted: G L syzkaller #0 PREEMPT(full) [ 368.289767][T10774] Tainted: [L]=SOFTLOCKUP [ 368.289778][T10774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 368.289795][T10774] Call Trace: [ 368.289805][T10774] [ 368.289817][T10774] dump_stack_lvl+0x100/0x190 [ 368.289867][T10774] should_fail_ex.cold+0x5/0xa [ 368.289905][T10774] should_failslab+0xc2/0x120 [ 368.289940][T10774] __kmalloc_cache_noprof+0x7a/0x6f0 [ 368.289982][T10774] ? snd_seq_prioq_new+0x3f/0x110 [ 368.290028][T10774] ? lockdep_init_map_type+0x5c/0x250 [ 368.290078][T10774] snd_seq_prioq_new+0x3f/0x110 [ 368.290126][T10774] snd_seq_queue_alloc+0x153/0x590 [ 368.290176][T10774] snd_seq_ioctl_create_queue+0xa9/0x370 [ 368.290213][T10774] call_seq_client_ctl+0xa3/0x130 [ 368.290249][T10774] snd_seq_kernel_client_ctl+0x77/0xd0 [ 368.290286][T10774] alloc_seq_queue+0xdb/0x180 [ 368.290324][T10774] ? __pfx_alloc_seq_queue+0x10/0x10 [ 368.290383][T10774] ? mark_held_locks+0x40/0x70 [ 368.290423][T10774] ? _raw_spin_unlock_irq+0x23/0x50 [ 368.290470][T10774] ? lockdep_hardirqs_on+0x78/0x100 [ 368.290506][T10774] snd_seq_oss_open+0x2b2/0xa10 [ 368.290554][T10774] odev_open+0x79/0xc0 [ 368.290586][T10774] ? __pfx_odev_open+0x10/0x10 [ 368.290618][T10774] soundcore_open+0x2e3/0x5a0 [ 368.290665][T10774] ? __pfx_soundcore_open+0x10/0x10 [ 368.290703][T10774] chrdev_open+0x234/0x6a0 [ 368.290738][T10774] ? __pfx_apparmor_file_open+0x10/0x10 [ 368.290774][T10774] ? __pfx_chrdev_open+0x10/0x10 [ 368.290811][T10774] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 368.290857][T10774] do_dentry_open+0x6d8/0x1660 [ 368.290888][T10774] ? __pfx_chrdev_open+0x10/0x10 [ 368.290931][T10774] vfs_open+0x82/0x3f0 [ 368.290977][T10774] path_openat+0x208c/0x31a0 [ 368.291025][T10774] ? __pfx_path_openat+0x10/0x10 [ 368.291076][T10774] do_file_open+0x20e/0x430 [ 368.291111][T10774] ? __pfx_do_file_open+0x10/0x10 [ 368.291175][T10774] ? alloc_fd+0x476/0x790 [ 368.291213][T10774] ? do_getname+0x191/0x390 [ 368.291257][T10774] do_sys_openat2+0x10d/0x1e0 [ 368.291299][T10774] ? __pfx_do_sys_openat2+0x10/0x10 [ 368.291344][T10774] ? __fget_files+0x21f/0x3d0 [ 368.291384][T10774] __x64_sys_openat+0x12d/0x210 [ 368.291428][T10774] ? __pfx___x64_sys_openat+0x10/0x10 [ 368.291487][T10774] do_syscall_64+0x106/0xf80 [ 368.291519][T10774] ? clear_bhb_loop+0x40/0x90 [ 368.291557][T10774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.291587][T10774] RIP: 0033:0x7ff432f9c819 [ 368.291613][T10774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 368.291642][T10774] RSP: 002b:00007ff433e7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 368.291681][T10774] RAX: ffffffffffffffda RBX: 00007ff433215fa0 RCX: 00007ff432f9c819 [ 368.291701][T10774] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 368.291721][T10774] RBP: 00007ff433032c91 R08: 0000000000000000 R09: 0000000000000000 [ 368.291740][T10774] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.291759][T10774] R13: 00007ff433216038 R14: 00007ff433215fa0 R15: 00007ffd33ce39b8 [ 368.291803][T10774] [ 368.612241][ T42] Process accounting resumed [ 368.698778][T10779] random: crng reseeded on system resumption [ 369.233961][T10753] Bluetooth: hci2: command 0x0c1a tx timeout [ 369.307578][T10753] Bluetooth: hci1: command 0x0c1a tx timeout [ 369.346305][T10797] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 369.352620][T10797] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 369.366390][T10797] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 369.372883][T10797] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 370.788772][T10829] FAULT_INJECTION: forcing a failure. [ 370.788772][T10829] name failslab, interval 1, probability 0, space 0, times 0 [ 370.813014][T10829] CPU: 1 UID: 0 PID: 10829 Comm: syz.0.840 Tainted: G L syzkaller #0 PREEMPT(full) [ 370.813065][T10829] Tainted: [L]=SOFTLOCKUP [ 370.813076][T10829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 370.813093][T10829] Call Trace: [ 370.813103][T10829] [ 370.813113][T10829] dump_stack_lvl+0x100/0x190 [ 370.813161][T10829] should_fail_ex.cold+0x5/0xa [ 370.813199][T10829] should_failslab+0xc2/0x120 [ 370.813235][T10829] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 370.813283][T10829] ? security_inode_alloc+0x3b/0x2c0 [ 370.813319][T10829] ? lockdep_init_map_type+0x5c/0x250 [ 370.813368][T10829] security_inode_alloc+0x3b/0x2c0 [ 370.813406][T10829] inode_init_always_gfp+0xced/0x1040 [ 370.813448][T10829] alloc_inode+0x8e/0x250 [ 370.813491][T10829] sock_alloc+0x44/0x280 [ 370.813523][T10829] ? security_socket_create+0x7f/0x250 [ 370.813558][T10829] __sock_create+0xc2/0x860 [ 370.813605][T10829] __sys_socket+0x14d/0x260 [ 370.813647][T10829] ? __pfx___sys_socket+0x10/0x10 [ 370.813701][T10829] __x64_sys_socket+0x72/0xb0 [ 370.813741][T10829] ? lockdep_hardirqs_on+0x78/0x100 [ 370.813775][T10829] do_syscall_64+0x106/0xf80 [ 370.813808][T10829] ? clear_bhb_loop+0x40/0x90 [ 370.813856][T10829] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.813888][T10829] RIP: 0033:0x7ff432f9c819 [ 370.813915][T10829] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 370.813944][T10829] RSP: 002b:00007ff433e7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 370.813975][T10829] RAX: ffffffffffffffda RBX: 00007ff433215fa0 RCX: 00007ff432f9c819 [ 370.813996][T10829] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 370.814015][T10829] RBP: 00007ff433032c91 R08: 0000000000000000 R09: 0000000000000000 [ 370.814033][T10829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 370.814051][T10829] R13: 00007ff433216038 R14: 00007ff433215fa0 R15: 00007ffd33ce39b8 [ 370.814093][T10829] [ 370.814128][T10829] socket: no more sockets [ 371.386980][T10731] Bluetooth: hci0: command 0x0c1a tx timeout [ 371.393193][T10753] Bluetooth: hci3: command 0x0c1a tx timeout [ 371.399891][T10753] Bluetooth: hci1: command 0x0c1a tx timeout [ 371.406039][T10753] Bluetooth: hci2: command 0x0c1a tx timeout [ 373.469214][T10753] Bluetooth: hci0: command 0x0c1a tx timeout [ 373.477781][T10731] Bluetooth: hci3: command 0x0c1a tx timeout [ 374.691341][T10916] netlink: 28 bytes leftover after parsing attributes in process `syz.0.867'. [ 375.174192][T10929] openvswitch: netlink: Geneve option length err (len 256, max 255). [ 378.353294][T10966] FAULT_INJECTION: forcing a failure. [ 378.353294][T10966] name failslab, interval 1, probability 0, space 0, times 0 [ 378.413383][T10966] CPU: 0 UID: 0 PID: 10966 Comm: syz.2.879 Tainted: G L syzkaller #0 PREEMPT(full) [ 378.413416][T10966] Tainted: [L]=SOFTLOCKUP [ 378.413424][T10966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 378.413435][T10966] Call Trace: [ 378.413441][T10966] [ 378.413449][T10966] dump_stack_lvl+0x100/0x190 [ 378.413482][T10966] should_fail_ex.cold+0x5/0xa [ 378.413505][T10966] should_failslab+0xc2/0x120 [ 378.413527][T10966] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 378.413556][T10966] ? do_getname+0x35/0x390 [ 378.413585][T10966] do_getname+0x35/0x390 [ 378.413611][T10966] do_sys_openat2+0xc5/0x1e0 [ 378.413637][T10966] ? __pfx_do_sys_openat2+0x10/0x10 [ 378.413664][T10966] ? __sys_sendmsg+0x18f/0x220 [ 378.413686][T10966] __x64_sys_openat+0x12d/0x210 [ 378.413713][T10966] ? __pfx___x64_sys_openat+0x10/0x10 [ 378.413747][T10966] do_syscall_64+0x106/0xf80 [ 378.413766][T10966] ? clear_bhb_loop+0x40/0x90 [ 378.413790][T10966] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.413815][T10966] RIP: 0033:0x7f352e59c819 [ 378.413831][T10966] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 378.413848][T10966] RSP: 002b:00007f352f464028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 378.413866][T10966] RAX: ffffffffffffffda RBX: 00007f352e815fa0 RCX: 00007f352e59c819 [ 378.413878][T10966] RDX: 0000000000200000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 378.413889][T10966] RBP: 00007f352e632c91 R08: 0000000000000000 R09: 0000000000000000 [ 378.413899][T10966] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 378.413910][T10966] R13: 00007f352e816038 R14: 00007f352e815fa0 R15: 00007ffc74d12448 [ 378.413932][T10966] [ 378.921040][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.927429][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 380.430681][T10994] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 381.748303][T11024] netlink: 32 bytes leftover after parsing attributes in process `syz.2.895'. [ 382.198909][T10731] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 382.198955][T10731] Bluetooth: hci2: unexpected subevent 0x0e length: 725 > 15 [ 382.215162][T10731] Bluetooth: hci2: Unable to find connection for dst 00:a2:f2:94:be:c8 sid 0x4f [ 382.887167][T11054] netlink: 334 bytes leftover after parsing attributes in process `syz.3.907'. [ 383.196213][T11066] nvme_fcloop: unknown parameter or missing value '1' [ 383.599939][T11073] FAULT_INJECTION: forcing a failure. [ 383.599939][T11073] name failslab, interval 1, probability 0, space 0, times 0 [ 383.648603][T11073] CPU: 0 UID: 0 PID: 11073 Comm: syz.3.911 Tainted: G L syzkaller #0 PREEMPT(full) [ 383.648635][T11073] Tainted: [L]=SOFTLOCKUP [ 383.648642][T11073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 383.648653][T11073] Call Trace: [ 383.648659][T11073] [ 383.648667][T11073] dump_stack_lvl+0x100/0x190 [ 383.648701][T11073] should_fail_ex.cold+0x5/0xa [ 383.648723][T11073] should_failslab+0xc2/0x120 [ 383.648746][T11073] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 383.648775][T11073] ? security_inode_alloc+0x3b/0x2c0 [ 383.648796][T11073] ? lockdep_init_map_type+0x5c/0x250 [ 383.648825][T11073] security_inode_alloc+0x3b/0x2c0 [ 383.648847][T11073] inode_init_always_gfp+0xced/0x1040 [ 383.648871][T11073] alloc_inode+0x8e/0x250 [ 383.648897][T11073] sock_alloc+0x44/0x280 [ 383.648916][T11073] ? security_socket_create+0x7f/0x250 [ 383.648936][T11073] __sock_create+0xc2/0x860 [ 383.648964][T11073] __sys_socket+0x14d/0x260 [ 383.648989][T11073] ? __pfx___sys_socket+0x10/0x10 [ 383.649019][T11073] __x64_sys_socket+0x72/0xb0 [ 383.649043][T11073] ? lockdep_hardirqs_on+0x78/0x100 [ 383.649064][T11073] do_syscall_64+0x106/0xf80 [ 383.649082][T11073] ? clear_bhb_loop+0x40/0x90 [ 383.649105][T11073] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.649124][T11073] RIP: 0033:0x7f3290d9c819 [ 383.649139][T11073] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 383.649156][T11073] RSP: 002b:00007f3291b99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 383.649174][T11073] RAX: ffffffffffffffda RBX: 00007f3291015fa0 RCX: 00007f3290d9c819 [ 383.649186][T11073] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 383.649197][T11073] RBP: 00007f3290e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 383.649208][T11073] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 383.649219][T11073] R13: 00007f3291016038 R14: 00007f3291015fa0 R15: 00007ffd1fa830f8 [ 383.649241][T11073] [ 383.649265][T11073] socket: no more sockets [ 384.702935][T11090] netlink: 10 bytes leftover after parsing attributes in process `syz.1.915'. [ 385.590617][T11113] FAULT_INJECTION: forcing a failure. [ 385.590617][T11113] name failslab, interval 1, probability 0, space 0, times 0 [ 385.627649][T11113] CPU: 0 UID: 0 PID: 11113 Comm: syz.0.921 Tainted: G L syzkaller #0 PREEMPT(full) [ 385.627699][T11113] Tainted: [L]=SOFTLOCKUP [ 385.627709][T11113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 385.627727][T11113] Call Trace: [ 385.627737][T11113] [ 385.627748][T11113] dump_stack_lvl+0x100/0x190 [ 385.627801][T11113] should_fail_ex.cold+0x5/0xa [ 385.627838][T11113] should_failslab+0xc2/0x120 [ 385.627873][T11113] __kmalloc_node_noprof+0xe6/0x850 [ 385.627919][T11113] ? __vmalloc_node_range_noprof+0x3dc/0x1530 [ 385.627971][T11113] __vmalloc_node_range_noprof+0x3dc/0x1530 [ 385.628022][T11113] ? n_tty_open+0x1a/0x170 [ 385.628069][T11113] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 385.628108][T11113] ? __ldsem_down_write_nested+0xfd/0x830 [ 385.628143][T11113] ? __ldsem_down_write_nested+0x10e/0x830 [ 385.628188][T11113] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 385.628230][T11113] ? n_tty_open+0x1a/0x170 [ 385.628262][T11113] __vmalloc_node_noprof+0xad/0xf0 [ 385.628297][T11113] ? n_tty_open+0x1a/0x170 [ 385.628331][T11113] ? __pfx_n_tty_open+0x10/0x10 [ 385.628362][T11113] n_tty_open+0x1a/0x170 [ 385.628394][T11113] tty_ldisc_open+0xa2/0x120 [ 385.628437][T11113] tty_ldisc_setup+0x40/0xf0 [ 385.628492][T11113] tty_init_dev.part.0+0x1b5/0x470 [ 385.628529][T11113] tty_open+0xa63/0xfa0 [ 385.628567][T11113] ? __pfx_tty_open+0x10/0x10 [ 385.628596][T11113] ? chrdev_open+0x589/0x6a0 [ 385.628628][T11113] ? chrdev_open+0x589/0x6a0 [ 385.628667][T11113] ? __pfx_tty_open+0x10/0x10 [ 385.628696][T11113] chrdev_open+0x234/0x6a0 [ 385.628731][T11113] ? __pfx_chrdev_open+0x10/0x10 [ 385.628767][T11113] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 385.628808][T11113] do_dentry_open+0x6d8/0x1660 [ 385.628840][T11113] ? __pfx_chrdev_open+0x10/0x10 [ 385.628884][T11113] vfs_open+0x82/0x3f0 [ 385.628929][T11113] path_openat+0x208c/0x31a0 [ 385.628977][T11113] ? __pfx_path_openat+0x10/0x10 [ 385.629029][T11113] do_file_open+0x20e/0x430 [ 385.629067][T11113] ? __pfx_do_file_open+0x10/0x10 [ 385.629131][T11113] ? alloc_fd+0x476/0x790 [ 385.629168][T11113] ? do_getname+0x191/0x390 [ 385.629210][T11113] do_sys_openat2+0x10d/0x1e0 [ 385.629249][T11113] ? __pfx_do_sys_openat2+0x10/0x10 [ 385.629292][T11113] ? __fget_files+0x21f/0x3d0 [ 385.629331][T11113] __x64_sys_openat+0x12d/0x210 [ 385.629375][T11113] ? __pfx___x64_sys_openat+0x10/0x10 [ 385.629432][T11113] do_syscall_64+0x106/0xf80 [ 385.629476][T11113] ? clear_bhb_loop+0x40/0x90 [ 385.629515][T11113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.629546][T11113] RIP: 0033:0x7ff432f9c819 [ 385.629572][T11113] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 385.629600][T11113] RSP: 002b:00007ff433e5e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 385.629629][T11113] RAX: ffffffffffffffda RBX: 00007ff433216090 RCX: 00007ff432f9c819 [ 385.629648][T11113] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 385.629665][T11113] RBP: 00007ff433032c91 R08: 0000000000000000 R09: 0000000000000000 [ 385.629683][T11113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.629699][T11113] R13: 00007ff433216128 R14: 00007ff433216090 R15: 00007ffd33ce39b8 [ 385.629742][T11113] [ 385.629757][T11113] syz.0.921: vmalloc error: size 12288, failed to allocated page array size 24, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null) [ 385.639642][T11104] FAULT_INJECTION: forcing a failure. [ 385.639642][T11104] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 385.681091][T11113] ,cpuset= [ 385.714048][T11104] CPU: 1 UID: 0 PID: 11104 Comm: syz.3.918 Tainted: G L syzkaller #0 PREEMPT(full) [ 385.714095][T11104] Tainted: [L]=SOFTLOCKUP [ 385.714105][T11104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 385.714120][T11104] Call Trace: [ 385.714129][T11104] [ 385.714140][T11104] dump_stack_lvl+0x100/0x190 [ 385.714182][T11104] should_fail_ex.cold+0x5/0xa [ 385.714215][T11104] _copy_from_iter+0x1f4/0x1690 [ 385.714267][T11104] ? __pfx__copy_from_iter+0x10/0x10 [ 385.714319][T11104] copy_page_from_iter+0xde/0x180 [ 385.714357][T11104] anon_pipe_write+0xae4/0x1d40 [ 385.714400][T11104] ? __pfx_anon_pipe_write+0x10/0x10 [ 385.714430][T11104] ? __pfx_autoremove_wake_function+0x10/0x10 [ 385.714475][T11104] ? bpf_lsm_file_permission+0x9/0x10 [ 385.714502][T11104] ? security_file_permission+0x76/0x210 [ 385.714539][T11104] ? rw_verify_area+0xce/0x6d0 [ 385.714584][T11104] vfs_write+0x6ac/0x1070 [ 385.714612][T11104] ? __pfx_anon_pipe_write+0x10/0x10 [ 385.714645][T11104] ? __pfx_vfs_write+0x10/0x10 [ 385.714669][T11104] ? find_held_lock+0x2b/0x80 [ 385.714725][T11104] ksys_write+0x1f8/0x250 [ 385.714751][T11104] ? __pfx_ksys_write+0x10/0x10 [ 385.714789][T11104] do_syscall_64+0x106/0xf80 [ 385.714817][T11104] ? clear_bhb_loop+0x40/0x90 [ 385.714849][T11104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.714877][T11104] RIP: 0033:0x7f3290d9c819 [ 385.714900][T11104] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 385.714925][T11104] RSP: 002b:00007f3291b99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 385.714951][T11104] RAX: ffffffffffffffda RBX: 00007f3291015fa0 RCX: 00007f3290d9c819 [ 385.714969][T11104] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 385.714985][T11104] RBP: 00007f3290e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 385.715001][T11104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.715018][T11104] R13: 00007f3291016038 R14: 00007f3291015fa0 R15: 00007ffd1fa830f8 [ 385.715055][T11104] [ 386.025791][T11121] netlink: Conntrack attr has 5 unknown bytes [ 386.126594][T11119] FAULT_INJECTION: forcing a failure. [ 386.126594][T11119] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 386.172120][T11113] / [ 386.255521][T11119] CPU: 1 UID: 0 PID: 11119 Comm: syz.3.923 Tainted: G L syzkaller #0 PREEMPT(full) [ 386.255574][T11119] Tainted: [L]=SOFTLOCKUP [ 386.255584][T11119] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 386.255601][T11119] Call Trace: [ 386.255611][T11119] [ 386.255621][T11119] dump_stack_lvl+0x100/0x190 [ 386.255668][T11119] should_fail_ex.cold+0x5/0xa [ 386.255705][T11119] _copy_to_iter+0x1f3/0x1720 [ 386.255744][T11119] ? chacha_block_generic+0x265/0x360 [ 386.255788][T11119] ? __pfx__copy_to_iter+0x10/0x10 [ 386.255831][T11119] ? lockdep_hardirqs_on+0x78/0x100 [ 386.255863][T11119] ? crng_make_state+0x2b0/0x6c0 [ 386.255904][T11119] get_random_bytes_user+0x17b/0x3d0 [ 386.255944][T11119] ? __pfx_get_random_bytes_user+0x10/0x10 [ 386.255989][T11119] ? do_futex+0x192/0x350 [ 386.256047][T11119] ? import_ubuf+0x1b6/0x220 [ 386.256087][T11119] __x64_sys_getrandom+0x183/0x290 [ 386.256127][T11119] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 386.256184][T11119] do_syscall_64+0x106/0xf80 [ 386.256215][T11119] ? clear_bhb_loop+0x40/0x90 [ 386.256252][T11119] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.256282][T11119] RIP: 0033:0x7f3290d9c819 [ 386.256308][T11119] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 386.256335][T11119] RSP: 002b:00007f3291b99028 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 386.256364][T11119] RAX: ffffffffffffffda RBX: 00007f3291015fa0 RCX: 00007f3290d9c819 [ 386.256385][T11119] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 386.256402][T11119] RBP: 00007f3290e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 386.256420][T11119] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 386.256437][T11119] R13: 00007f3291016038 R14: 00007f3291015fa0 R15: 00007ffd1fa830f8 [ 386.256487][T11119] [ 386.484917][T11113] ,mems_allowed=0-1 [ 386.491433][T11113] CPU: 1 UID: 0 PID: 11113 Comm: syz.0.921 Tainted: G L syzkaller #0 PREEMPT(full) [ 386.491486][T11113] Tainted: [L]=SOFTLOCKUP [ 386.491495][T11113] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 386.491512][T11113] Call Trace: [ 386.491522][T11113] [ 386.491533][T11113] dump_stack_lvl+0x100/0x190 [ 386.491582][T11113] warn_alloc.cold+0x95/0x1c1 [ 386.491630][T11113] ? __pfx_warn_alloc+0x10/0x10 [ 386.491669][T11113] ? lockdep_hardirqs_on+0x78/0x100 [ 386.491699][T11113] ? dump_stack_lvl+0x17c/0x190 [ 386.491746][T11113] ? trace_kmalloc+0x101/0x130 [ 386.491776][T11113] ? __kasan_kmalloc+0x8a/0xb0 [ 386.491805][T11113] ? __kmalloc_node_noprof+0x324/0x850 [ 386.491849][T11113] ? __vmalloc_node_range_noprof+0x3dc/0x1530 [ 386.491900][T11113] __vmalloc_node_range_noprof+0x1275/0x1530 [ 386.491950][T11113] ? n_tty_open+0x1a/0x170 [ 386.491994][T11113] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 386.492032][T11113] ? __ldsem_down_write_nested+0xfd/0x830 [ 386.492063][T11113] ? __ldsem_down_write_nested+0x10e/0x830 [ 386.492104][T11113] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 386.492141][T11113] ? n_tty_open+0x1a/0x170 [ 386.492169][T11113] __vmalloc_node_noprof+0xad/0xf0 [ 386.492206][T11113] ? n_tty_open+0x1a/0x170 [ 386.492238][T11113] ? __pfx_n_tty_open+0x10/0x10 [ 386.492268][T11113] n_tty_open+0x1a/0x170 [ 386.492299][T11113] tty_ldisc_open+0xa2/0x120 [ 386.492340][T11113] tty_ldisc_setup+0x40/0xf0 [ 386.492380][T11113] tty_init_dev.part.0+0x1b5/0x470 [ 386.492413][T11113] tty_open+0xa63/0xfa0 [ 386.492447][T11113] ? __pfx_tty_open+0x10/0x10 [ 386.492483][T11113] ? chrdev_open+0x589/0x6a0 [ 386.492512][T11113] ? chrdev_open+0x589/0x6a0 [ 386.492549][T11113] ? __pfx_tty_open+0x10/0x10 [ 386.492575][T11113] chrdev_open+0x234/0x6a0 [ 386.492607][T11113] ? __pfx_chrdev_open+0x10/0x10 [ 386.492640][T11113] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 386.492680][T11113] do_dentry_open+0x6d8/0x1660 [ 386.492709][T11113] ? __pfx_chrdev_open+0x10/0x10 [ 386.492749][T11113] vfs_open+0x82/0x3f0 [ 386.492792][T11113] path_openat+0x208c/0x31a0 [ 386.492840][T11113] ? __pfx_path_openat+0x10/0x10 [ 386.492888][T11113] do_file_open+0x20e/0x430 [ 386.492922][T11113] ? __pfx_do_file_open+0x10/0x10 [ 386.492984][T11113] ? alloc_fd+0x476/0x790 [ 386.493018][T11113] ? do_getname+0x191/0x390 [ 386.493059][T11113] do_sys_openat2+0x10d/0x1e0 [ 386.493099][T11113] ? __pfx_do_sys_openat2+0x10/0x10 [ 386.493142][T11113] ? __fget_files+0x21f/0x3d0 [ 386.493182][T11113] __x64_sys_openat+0x12d/0x210 [ 386.493225][T11113] ? __pfx___x64_sys_openat+0x10/0x10 [ 386.493283][T11113] do_syscall_64+0x106/0xf80 [ 386.493314][T11113] ? clear_bhb_loop+0x40/0x90 [ 386.493351][T11113] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.493382][T11113] RIP: 0033:0x7ff432f9c819 [ 386.493406][T11113] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 386.493432][T11113] RSP: 002b:00007ff433e5e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 386.493458][T11113] RAX: ffffffffffffffda RBX: 00007ff433216090 RCX: 00007ff432f9c819 [ 386.493484][T11113] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 386.493502][T11113] RBP: 00007ff433032c91 R08: 0000000000000000 R09: 0000000000000000 [ 386.493518][T11113] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 386.493535][T11113] R13: 00007ff433216128 R14: 00007ff433216090 R15: 00007ffd33ce39b8 [ 386.493577][T11113] [ 386.493587][T11113] Mem-Info: [ 386.880335][T11113] active_anon:23749 inactive_anon:0 isolated_anon:0 [ 386.880335][T11113] active_file:16577 inactive_file:41247 isolated_file:0 [ 386.880335][T11113] unevictable:768 dirty:639 writeback:0 [ 386.880335][T11113] slab_reclaimable:11935 slab_unreclaimable:95812 [ 386.880335][T11113] mapped:32299 shmem:10560 pagetables:1316 [ 386.880335][T11113] sec_pagetables:0 bounce:0 [ 386.880335][T11113] kernel_misc_reclaimable:0 [ 386.880335][T11113] free:1308050 free_pcp:9990 free_cma:0 [ 386.937980][T11113] Node 0 active_anon:98196kB inactive_anon:0kB active_file:66308kB inactive_file:164800kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130996kB dirty:2556kB writeback:0kB shmem:44204kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:10240kB kernel_stack:11496kB pagetables:5144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 386.990099][T11113] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:188kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:120kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 387.064762][T11113] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 387.104908][T11113] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 387.110907][T11113] Node 0 DMA32 free:1271832kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:106004kB inactive_anon:0kB active_file:66308kB inactive_file:164800kB unevictable:1536kB writepending:2556kB zspages:12kB present:3129332kB managed:2537256kB mlocked:0kB bounce:0kB free_pcp:41176kB local_pcp:20772kB free_cma:0kB [ 387.425071][T11113] lowmem_reserve[]: 0 0 1 1 1 [ 387.544175][T11113] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1052kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB [ 387.624621][T11113] lowmem_reserve[]: 0 0 0 0 0 [ 387.641154][T11113] Node 1 Normal free:3930480kB boost:0kB min:55584kB low:69480kB high:83376kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:188kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:248kB local_pcp:248kB free_cma:0kB [ 387.695762][T11113] lowmem_reserve[]: 0 0 0 0 0 [ 387.700662][T11113] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 387.849354][T11113] Node 0 DMA32: 4518*4kB (U) 2851*8kB (UE) 1418*16kB (UE) 473*32kB (UME) 704*64kB (UME) 697*128kB (UME) 427*256kB (UME) 344*512kB (UME) 256*1024kB (UME) 88*2048kB (UE) 74*4096kB (UM) = 1243888kB [ 387.885463][T11113] Node 0 Normal: 3*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 387.898280][T11113] Node 1 Normal: 1*4kB (M) 2*8kB (UM) 1*16kB (M) 2*32kB (UM) 1*64kB (M) 2*128kB (UM) 4*256kB (UM) 2*512kB (M) 2*1024kB (UM) 3*2048kB (U) 957*4096kB (UM) = 3930532kB [ 387.921624][T11113] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 387.932047][T11113] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 388.049813][T11113] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 388.065779][T11113] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 388.075301][T11113] 83597 total pagecache pages [ 388.080119][T11113] 0 pages in swap cache [ 388.084326][T11113] Free swap = 124992kB [ 388.088627][T11113] Total swap = 124996kB [ 388.092901][T11113] 2097051 pages RAM [ 388.103596][T11113] 0 pages HighMem/MovableOnly [ 388.113430][T11113] 430859 pages reserved [ 388.154417][T11113] 0 pages cma reserved [ 388.203657][T11113] tty tty17: ldisc open failed (-12), clearing slot 16 [ 389.104082][T11154] netlink: 32 bytes leftover after parsing attributes in process `syz.0.931'. [ 389.903474][T11144] syz.3.929 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 389.996254][T11144] CPU: 1 UID: 0 PID: 11144 Comm: syz.3.929 Tainted: G L syzkaller #0 PREEMPT(full) [ 389.996302][T11144] Tainted: [L]=SOFTLOCKUP [ 389.996311][T11144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 389.996328][T11144] Call Trace: [ 389.996338][T11144] [ 389.996349][T11144] dump_stack_lvl+0x100/0x190 [ 389.996400][T11144] dump_header+0xfb/0x606 [ 389.996434][T11144] oom_kill_process.cold+0xd/0x330 [ 389.996470][T11144] out_of_memory+0x340/0x14f0 [ 389.996524][T11144] ? __pfx_out_of_memory+0x10/0x10 [ 389.996582][T11144] mem_cgroup_out_of_memory+0xc6/0x130 [ 389.996634][T11144] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 389.996674][T11144] ? find_held_lock+0x2b/0x80 [ 389.996711][T11144] ? do_raw_spin_unlock+0x145/0x1e0 [ 389.996756][T11144] ? _raw_spin_unlock+0x28/0x50 [ 389.996805][T11144] try_charge_memcg+0x652/0xc90 [ 389.996849][T11144] ? __pfx_try_charge_memcg+0x10/0x10 [ 389.996892][T11144] ? find_held_lock+0x2b/0x80 [ 389.996920][T11144] ? rcu_read_unlock+0x17/0x60 [ 389.996952][T11144] ? rcu_read_unlock+0x17/0x60 [ 389.996991][T11144] charge_memcg+0xa6/0x280 [ 389.997023][T11144] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 389.997066][T11144] __swap_cache_prepare_and_add+0x817/0x9f0 [ 389.997111][T11144] ? alloc_pages_mpol+0x25a/0x550 [ 389.997147][T11144] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 389.997182][T11144] ? __pfx___swap_cache_prepare_and_add+0x10/0x10 [ 389.997223][T11144] ? __pfx_swap_entry_swapped+0x10/0x10 [ 389.997267][T11144] swap_cache_alloc_folio+0x1cb/0x300 [ 389.997319][T11144] ? __pfx_swap_cache_alloc_folio+0x10/0x10 [ 389.997365][T11144] ? __lock_acquire+0x4a5/0x2630 [ 389.997409][T11144] swap_cluster_readahead+0x411/0x770 [ 389.997470][T11144] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 389.997520][T11144] ? __lock_acquire+0x4a5/0x2630 [ 389.997557][T11144] ? css_rstat_updated+0x1ce/0x5a0 [ 389.997606][T11144] ? get_vma_policy+0x23d/0x3b0 [ 389.997656][T11144] swapin_readahead+0x160/0x12c0 [ 389.997701][T11144] ? page_table_check_set+0x4a9/0xa10 [ 389.997742][T11144] ? __pfx_swapin_readahead+0x10/0x10 [ 389.997782][T11144] ? find_held_lock+0x2b/0x80 [ 389.997810][T11144] ? swap_table_get+0x103/0x2c0 [ 389.997848][T11144] ? swap_table_get+0x103/0x2c0 [ 389.997893][T11144] ? swap_table_get+0x10d/0x2c0 [ 389.997933][T11144] ? swap_cache_get_folio+0x1ae/0x600 [ 389.997978][T11144] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 389.998018][T11144] ? __pfx_get_swap_device+0x10/0x10 [ 389.998058][T11144] ? do_swap_page+0xb2e/0x6900 [ 389.998096][T11144] do_swap_page+0xb2e/0x6900 [ 389.998159][T11144] ? __pfx_do_swap_page+0x10/0x10 [ 389.998203][T11144] ? do_fault+0x9d6/0x18e0 [ 389.998242][T11144] ? rcu_is_watching+0x12/0xc0 [ 389.998289][T11144] ? __pte_offset_map+0x179/0x310 [ 389.998329][T11144] __handle_mm_fault+0x18c7/0x2b60 [ 389.998380][T11144] ? reacquire_held_locks+0xce/0x1e0 [ 389.998420][T11144] ? __pfx___handle_mm_fault+0x10/0x10 [ 389.998470][T11144] ? lock_vma_under_rcu+0x17c/0x590 [ 389.998536][T11144] handle_mm_fault+0x36d/0xa20 [ 389.998585][T11144] do_user_addr_fault+0x5a3/0x12f0 [ 389.998637][T11144] exc_page_fault+0x6f/0xd0 [ 389.998670][T11144] asm_exc_page_fault+0x26/0x30 [ 389.998700][T11144] RIP: 0033:0x7f3290c6e78a [ 389.998728][T11144] Code: 73 9a 0f b7 45 00 4c 8b 43 28 4d 89 fa 48 89 44 24 18 49 89 c3 41 8b 02 4c 89 c7 48 29 c7 49 89 c5 4c 01 ff 66 44 3b 1f 75 56 <48> 8b 54 24 18 48 89 ee 4c 89 44 24 10 4c 89 54 24 08 89 4c 24 04 [ 389.998756][T11144] RSP: 002b:00007ffd1fa83190 EFLAGS: 00010246 [ 389.998781][T11144] RAX: 000000000000bcee RBX: 00007f3291b45720 RCX: 000000000001059e [ 389.998800][T11144] RDX: 00000000000003ac RSI: 0000001b32113a62 RDI: 0000001b32118312 [ 389.998819][T11144] RBP: 0000001b32113a62 R08: 00000000003ffde8 R09: 0000000000000006 [ 389.998838][T11144] R10: 0000001b31d2421c R11: 000000000000000a R12: 0000000000010594 [ 389.998856][T11144] R13: 000000000000bcee R14: 0000001b31d24220 R15: 0000001b31d24218 [ 389.998898][T11144] [ 390.012582][T11144] memory: usage 307200kB, limit 307200kB, failcnt 1957 [ 390.012651][T11144] memory+swap: usage 307396kB, limit 9007199254740988kB, failcnt 0 [ 390.012664][T11144] kmem: usage 307180kB, limit 9007199254740988kB, failcnt 0 [ 390.012677][T11144] Memory cgroup stats for /syz3: [ 390.012850][T11144] cache 0 [ 390.012859][T11144] rss 0 [ 390.012866][T11144] rss_huge 0 [ 390.012873][T11144] shmem 0 [ 390.012880][T11144] mapped_file 0 [ 390.012887][T11144] dirty 0 [ 390.012894][T11144] writeback 0 [ 390.012901][T11144] workingset_refault_anon 1139 [ 390.012910][T11144] workingset_refault_file 681 [ 390.012917][T11144] swap 200704 [ 390.012925][T11144] swapcached 22712320 [ 390.012932][T11144] pgpgin 200071 [ 390.012940][T11144] pgpgout 202110 [ 390.012947][T11144] pgfault 199944 [ 390.012954][T11144] pgmajfault 334 [ 390.012962][T11144] inactive_anon 16384 [ 390.012969][T11144] active_anon 4096 [ 390.012977][T11144] inactive_file 0 [ 390.012984][T11144] active_file 0 [ 390.012991][T11144] unevictable 0 [ 390.012999][T11144] hierarchical_memory_limit 314572800 [ 390.013007][T11144] hierarchical_memsw_limit 9223372036854771712 [ 390.013017][T11144] total_cache 0 [ 390.013024][T11144] total_rss 0 [ 390.013031][T11144] total_rss_huge 0 [ 390.013038][T11144] total_shmem 0 [ 390.013046][T11144] total_mapped_file 0 [ 390.013053][T11144] total_dirty 0 [ 390.013060][T11144] total_writeback 0 [ 390.013068][T11144] total_workingset_refault_anon 1139 [ 390.013076][T11144] total_workingset_refault_file 681 [ 390.013085][T11144] total_swap 200704 [ 390.013092][T11144] total_swapcached 22712320 [ 390.013100][T11144] total_pgpgin 200071 [ 390.013108][T11144] total_pgpgout 202110 [ 390.013116][T11144] total_pgfault 199944 [ 390.013123][T11144] total_pgmajfault 334 [ 390.015071][T11144] total_inactive_anon 16384 [ 390.015084][T11144] total_active_anon 4096 [ 390.015093][T11144] total_inactive_file 0 [ 390.015100][T11144] total_active_file 0 [ 390.015108][T11144] total_unevictable 0 [ 390.015115][T11144] anon_cost 0 [ 390.015122][T11144] file_cost 0 [ 390.015130][T11144] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz3,task_memcg=/syz3,task=syz.3.929,pid=11144,uid=0 [ 390.016342][T11144] Memory cgroup out of memory: Killed process 11144 (syz.3.929) total-vm:172324kB, anon-rss:1244kB, file-rss:26668kB, shmem-rss:0kB, UID:0 pgtables:156kB oom_score_adj:1000 [ 392.973782][T11197] netlink: 32 bytes leftover after parsing attributes in process `syz.1.942'. [ 393.958210][T10731] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 394.498818][T11214] FAULT_INJECTION: forcing a failure. [ 394.498818][T11214] name fail_futex, interval 1, probability 0, space 0, times 0 [ 394.539323][T11215] netlink: 130 bytes leftover after parsing attributes in process `syz.1.945'. [ 394.548790][T11214] CPU: 0 UID: 0 PID: 11214 Comm: syz.2.947 Tainted: G L syzkaller #0 PREEMPT(full) [ 394.548839][T11214] Tainted: [L]=SOFTLOCKUP [ 394.548851][T11214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 394.548869][T11214] Call Trace: [ 394.548880][T11214] [ 394.548891][T11214] dump_stack_lvl+0x100/0x190 [ 394.548944][T11214] should_fail_ex.cold+0x5/0xa [ 394.548985][T11214] get_futex_key+0x1d2/0x1620 [ 394.549031][T11214] ? __pfx_get_futex_key+0x10/0x10 [ 394.549072][T11214] ? putname+0xb1/0x110 [ 394.549107][T11214] ? kasan_save_stack+0x3f/0x50 [ 394.549136][T11214] ? kasan_save_stack+0x30/0x50 [ 394.549162][T11214] ? kasan_save_track+0x14/0x30 [ 394.549190][T11214] ? kasan_save_free_info+0x3b/0x70 [ 394.549230][T11214] ? __kasan_slab_free+0x5f/0x80 [ 394.549266][T11214] futex_wake+0xea/0x530 [ 394.549318][T11214] ? __pfx_futex_wake+0x10/0x10 [ 394.549381][T11214] do_futex+0x32b/0x350 [ 394.549424][T11214] ? __pfx_do_futex+0x10/0x10 [ 394.549478][T11214] __x64_sys_futex+0x34f/0x4d0 [ 394.549527][T11214] ? __pfx___x64_sys_futex+0x10/0x10 [ 394.549566][T11214] ? kmem_cache_free+0x124/0x6a0 [ 394.549634][T11214] do_syscall_64+0x106/0xf80 [ 394.549666][T11214] ? clear_bhb_loop+0x40/0x90 [ 394.549704][T11214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 394.549736][T11214] RIP: 0033:0x7f352e59c819 [ 394.549763][T11214] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 394.549794][T11214] RSP: 002b:00007f352f4640e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 394.549825][T11214] RAX: ffffffffffffffda RBX: 00007f352e815fa8 RCX: 00007f352e59c819 [ 394.549846][T11214] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f352e815fac [ 394.549865][T11214] RBP: 00007f352e815fa0 R08: 0000000000000000 R09: 0000000000000000 [ 394.549883][T11214] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 394.549903][T11214] R13: 00007f352e816038 R14: 00007ffc74d12360 R15: 00007ffc74d12448 [ 394.549944][T11214] [ 395.339002][T11221] FAULT_INJECTION: forcing a failure. [ 395.339002][T11221] name failslab, interval 1, probability 0, space 0, times 0 [ 395.354001][T11221] CPU: 0 UID: 0 PID: 11221 Comm: syz.2.948 Tainted: G L syzkaller #0 PREEMPT(full) [ 395.354051][T11221] Tainted: [L]=SOFTLOCKUP [ 395.354060][T11221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 395.354077][T11221] Call Trace: [ 395.354087][T11221] [ 395.354100][T11221] dump_stack_lvl+0x100/0x190 [ 395.354152][T11221] should_fail_ex.cold+0x5/0xa [ 395.354191][T11221] should_failslab+0xc2/0x120 [ 395.354227][T11221] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 395.354277][T11221] ? alloc_inode+0x68/0x250 [ 395.354321][T11221] ? simple_start_creating+0xb0/0x110 [ 395.354353][T11221] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 395.354390][T11221] alloc_inode+0x68/0x250 [ 395.354433][T11221] new_inode+0x22/0x1c0 [ 395.354478][T11221] debugfs_create_symlink+0xd1/0x220 [ 395.354518][T11221] ref_tracker_dir_symlink+0x257/0x3b0 [ 395.354567][T11221] ? __pfx_ref_tracker_dir_symlink+0x10/0x10 [ 395.354615][T11221] ? __lock_acquire+0x4a5/0x2630 [ 395.354700][T11221] ? lockdep_hardirqs_on+0x78/0x100 [ 395.354734][T11221] ? crng_make_state+0x2b0/0x6c0 [ 395.354784][T11221] ? __pfx_net_ns_net_init+0x10/0x10 [ 395.354818][T11221] net_ns_net_init+0x7e/0x120 [ 395.354853][T11221] ops_init+0x1e2/0x5f0 [ 395.354889][T11221] setup_net+0x118/0x3a0 [ 395.354922][T11221] ? __pfx_setup_net+0x10/0x10 [ 395.354951][T11221] ? lockdep_init_map_type+0x5c/0x250 [ 395.354993][T11221] ? mutex_init_lockep+0x110/0x150 [ 395.355041][T11221] copy_net_ns+0x46f/0x7c0 [ 395.355080][T11221] create_new_namespaces+0x3ea/0xac0 [ 395.355125][T11221] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 395.355164][T11221] ksys_unshare+0x473/0xad0 [ 395.355205][T11221] ? __pfx_ksys_unshare+0x10/0x10 [ 395.355259][T11221] __x64_sys_unshare+0x31/0x40 [ 395.355296][T11221] do_syscall_64+0x106/0xf80 [ 395.355325][T11221] ? clear_bhb_loop+0x40/0x90 [ 395.355362][T11221] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.355391][T11221] RIP: 0033:0x7f352e59c819 [ 395.355416][T11221] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 395.355445][T11221] RSP: 002b:00007f352f443028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 395.355474][T11221] RAX: ffffffffffffffda RBX: 00007f352e816090 RCX: 00007f352e59c819 [ 395.355493][T11221] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 395.355510][T11221] RBP: 00007f352e632c91 R08: 0000000000000000 R09: 0000000000000000 [ 395.355527][T11221] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 395.355544][T11221] R13: 00007f352e816128 R14: 00007f352e816090 R15: 00007ffc74d12448 [ 395.355585][T11221] [ 395.355598][T11221] debugfs: out of free dentries, can not create symlink 'netns-1dd-4026533044-refcnt' [ 395.562868][T11225] vhci_hcd vhci_hcd.2: invalid port number 16 [ 395.752270][T11226] can: request_module (can-proto-0) failed. [ 395.948395][T11225] vhci_hcd vhci_hcd.2: invalid port number 16 [ 398.503752][T11268] Process accounting resumed [ 398.584066][T11271] netlink: 330 bytes leftover after parsing attributes in process `syz.3.961'. [ 398.593227][T11271] mac80211_hwsim hwsim84 ›: renamed from wlan0 (while UP) [ 398.644830][T11277] netlink: 9316 bytes leftover after parsing attributes in process `syz.3.961'. [ 398.831854][T11279] FAULT_INJECTION: forcing a failure. [ 398.831854][T11279] name failslab, interval 1, probability 0, space 0, times 0 [ 398.867644][T11279] CPU: 1 UID: 0 PID: 11279 Comm: syz.2.964 Tainted: G L syzkaller #0 PREEMPT(full) [ 398.867698][T11279] Tainted: [L]=SOFTLOCKUP [ 398.867709][T11279] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 398.867728][T11279] Call Trace: [ 398.867739][T11279] [ 398.867753][T11279] dump_stack_lvl+0x100/0x190 [ 398.867807][T11279] should_fail_ex.cold+0x5/0xa [ 398.867846][T11279] ? lsm_blob_alloc+0x68/0x90 [ 398.867893][T11279] should_failslab+0xc2/0x120 [ 398.867929][T11279] __kmalloc_noprof+0xe0/0x850 [ 398.867977][T11279] ? trace_kmalloc+0x101/0x130 [ 398.868020][T11279] lsm_blob_alloc+0x68/0x90 [ 398.868069][T11279] security_sk_alloc+0x2d/0x290 [ 398.868108][T11279] sk_prot_alloc+0x12a/0x2a0 [ 398.868151][T11279] sk_alloc+0x36/0xe80 [ 398.868200][T11279] __netlink_create+0x5e/0x2c0 [ 398.868246][T11279] ? __wake_up+0x3f/0x60 [ 398.868286][T11279] netlink_create+0x293/0x610 [ 398.868325][T11279] ? __pfx_genl_bind+0x10/0x10 [ 398.868358][T11279] ? __pfx_genl_unbind+0x10/0x10 [ 398.868391][T11279] ? __pfx_genl_release+0x10/0x10 [ 398.868433][T11279] __sock_create+0x339/0x860 [ 398.868481][T11279] __sys_socket+0x14d/0x260 [ 398.868526][T11279] ? __pfx___sys_socket+0x10/0x10 [ 398.868576][T11279] __x64_sys_socket+0x72/0xb0 [ 398.868616][T11279] ? lockdep_hardirqs_on+0x78/0x100 [ 398.868652][T11279] do_syscall_64+0x106/0xf80 [ 398.868685][T11279] ? clear_bhb_loop+0x40/0x90 [ 398.868723][T11279] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.868756][T11279] RIP: 0033:0x7f352e59c819 [ 398.868784][T11279] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 398.868815][T11279] RSP: 002b:00007f352f464028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 398.868846][T11279] RAX: ffffffffffffffda RBX: 00007f352e815fa0 RCX: 00007f352e59c819 [ 398.868868][T11279] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 398.868887][T11279] RBP: 00007f352e632c91 R08: 0000000000000000 R09: 0000000000000000 [ 398.868907][T11279] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.868925][T11279] R13: 00007f352e816038 R14: 00007f352e815fa0 R15: 00007ffc74d12448 [ 398.868968][T11279] [ 402.195496][T11319] netlink: 290 bytes leftover after parsing attributes in process `syz.3.971'. [ 403.201495][T11339] FAULT_INJECTION: forcing a failure. [ 403.201495][T11339] name failslab, interval 1, probability 0, space 0, times 0 [ 403.214599][T11339] CPU: 1 UID: 0 PID: 11339 Comm: syz.0.978 Tainted: G L syzkaller #0 PREEMPT(full) [ 403.214649][T11339] Tainted: [L]=SOFTLOCKUP [ 403.214660][T11339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 403.214678][T11339] Call Trace: [ 403.214688][T11339] [ 403.214700][T11339] dump_stack_lvl+0x100/0x190 [ 403.214752][T11339] should_fail_ex.cold+0x5/0xa [ 403.214790][T11339] should_failslab+0xc2/0x120 [ 403.214826][T11339] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 403.214873][T11339] ? security_inode_alloc+0x3b/0x2c0 [ 403.214908][T11339] ? lockdep_init_map_type+0x5c/0x250 [ 403.214958][T11339] security_inode_alloc+0x3b/0x2c0 [ 403.214996][T11339] inode_init_always_gfp+0xced/0x1040 [ 403.215037][T11339] alloc_inode+0x8e/0x250 [ 403.215079][T11339] sock_alloc+0x44/0x280 [ 403.215111][T11339] ? security_socket_create+0x7f/0x250 [ 403.215145][T11339] __sock_create+0xc2/0x860 [ 403.215191][T11339] __sys_socket+0x14d/0x260 [ 403.215232][T11339] ? __pfx___sys_socket+0x10/0x10 [ 403.215294][T11339] __x64_sys_socket+0x72/0xb0 [ 403.215334][T11339] ? lockdep_hardirqs_on+0x78/0x100 [ 403.215367][T11339] do_syscall_64+0x106/0xf80 [ 403.215400][T11339] ? clear_bhb_loop+0x40/0x90 [ 403.215438][T11339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.215471][T11339] RIP: 0033:0x7ff432f9c819 [ 403.215496][T11339] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 403.215525][T11339] RSP: 002b:00007ff433e7f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 403.215554][T11339] RAX: ffffffffffffffda RBX: 00007ff433215fa0 RCX: 00007ff432f9c819 [ 403.215575][T11339] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 403.215593][T11339] RBP: 00007ff433032c91 R08: 0000000000000000 R09: 0000000000000000 [ 403.215612][T11339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.215630][T11339] R13: 00007ff433216038 R14: 00007ff433215fa0 R15: 00007ffd33ce39b8 [ 403.215669][T11339] [ 403.215702][T11339] socket: no more sockets [ 403.272836][T11346] netlink: 342 bytes leftover after parsing attributes in process `syz.1.977'. [ 403.469505][T11346] netlink: 342 bytes leftover after parsing attributes in process `syz.1.977'. [ 403.510577][T11343] futex_wake_op: syz.2.979 tries to shift op by -2048; fix this program [ 403.541346][T11343] futex_wake_op: syz.2.979 tries to shift op by -2048; fix this program [ 403.835009][T11358] FAULT_INJECTION: forcing a failure. [ 403.835009][T11358] name failslab, interval 1, probability 0, space 0, times 0 [ 403.849361][T11358] CPU: 1 UID: 0 PID: 11358 Comm: syz.3.980 Tainted: G L syzkaller #0 PREEMPT(full) [ 403.849410][T11358] Tainted: [L]=SOFTLOCKUP [ 403.849422][T11358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 403.849439][T11358] Call Trace: [ 403.849451][T11358] [ 403.849464][T11358] dump_stack_lvl+0x100/0x190 [ 403.849527][T11358] should_fail_ex.cold+0x5/0xa [ 403.849563][T11358] should_failslab+0xc2/0x120 [ 403.849596][T11358] __kmalloc_cache_noprof+0x7a/0x6f0 [ 403.849636][T11358] ? snd_seq_timer_new+0x44/0x1b0 [ 403.849675][T11358] snd_seq_timer_new+0x44/0x1b0 [ 403.849707][T11358] snd_seq_queue_alloc+0x177/0x590 [ 403.849760][T11358] snd_seq_ioctl_create_queue+0xa9/0x370 [ 403.849799][T11358] call_seq_client_ctl+0xa3/0x130 [ 403.849835][T11358] snd_seq_kernel_client_ctl+0x77/0xd0 [ 403.849872][T11358] alloc_seq_queue+0xdb/0x180 [ 403.849908][T11358] ? __pfx_alloc_seq_queue+0x10/0x10 [ 403.849966][T11358] ? mark_held_locks+0x40/0x70 [ 403.850005][T11358] ? _raw_spin_unlock_irq+0x23/0x50 [ 403.850053][T11358] ? lockdep_hardirqs_on+0x78/0x100 [ 403.850092][T11358] snd_seq_oss_open+0x2b2/0xa10 [ 403.850140][T11358] odev_open+0x79/0xc0 [ 403.850173][T11358] ? __pfx_odev_open+0x10/0x10 [ 403.850208][T11358] soundcore_open+0x2e3/0x5a0 [ 403.850250][T11358] ? __pfx_soundcore_open+0x10/0x10 [ 403.850285][T11358] chrdev_open+0x234/0x6a0 [ 403.850319][T11358] ? __pfx_apparmor_file_open+0x10/0x10 [ 403.850353][T11358] ? __pfx_chrdev_open+0x10/0x10 [ 403.850391][T11358] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 403.850437][T11358] do_dentry_open+0x6d8/0x1660 [ 403.850470][T11358] ? __pfx_chrdev_open+0x10/0x10 [ 403.850524][T11358] vfs_open+0x82/0x3f0 [ 403.850573][T11358] path_openat+0x208c/0x31a0 [ 403.850619][T11358] ? __pfx_path_openat+0x10/0x10 [ 403.850673][T11358] do_file_open+0x20e/0x430 [ 403.850712][T11358] ? __pfx_do_file_open+0x10/0x10 [ 403.850779][T11358] ? alloc_fd+0x476/0x790 [ 403.850818][T11358] ? do_getname+0x191/0x390 [ 403.850864][T11358] do_sys_openat2+0x10d/0x1e0 [ 403.850907][T11358] ? __pfx_do_sys_openat2+0x10/0x10 [ 403.850954][T11358] ? __fget_files+0x21f/0x3d0 [ 403.850995][T11358] __x64_sys_openat+0x12d/0x210 [ 403.851040][T11358] ? __pfx___x64_sys_openat+0x10/0x10 [ 403.851101][T11358] do_syscall_64+0x106/0xf80 [ 403.851133][T11358] ? clear_bhb_loop+0x40/0x90 [ 403.851173][T11358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.851205][T11358] RIP: 0033:0x7f3290d9c819 [ 403.851232][T11358] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 403.851260][T11358] RSP: 002b:00007f3291b99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 403.851289][T11358] RAX: ffffffffffffffda RBX: 00007f3291015fa0 RCX: 00007f3290d9c819 [ 403.851309][T11358] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 403.851327][T11358] RBP: 00007f3290e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 403.851345][T11358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 403.851362][T11358] R13: 00007f3291016038 R14: 00007f3291015fa0 R15: 00007ffd1fa830f8 [ 403.851404][T11358] [ 404.607932][T11365] ================================================================== [ 404.607955][T11365] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x174a/0x1910 [ 404.608014][T11365] Write of size 8 at addr ffffc90004119000 by task syz.3.984/11365 [ 404.608042][T11365] [ 404.608060][T11365] CPU: 1 UID: 0 PID: 11365 Comm: syz.3.984 Tainted: G L syzkaller #0 PREEMPT(full) [ 404.608105][T11365] Tainted: [L]=SOFTLOCKUP [ 404.608116][T11365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 404.608134][T11365] Call Trace: [ 404.608144][T11365] [ 404.608156][T11365] dump_stack_lvl+0x100/0x190 [ 404.608203][T11365] print_report+0x156/0x4c9 [ 404.608239][T11365] ? _raw_spin_lock_irqsave+0x52/0x60 [ 404.608282][T11365] ? sys_fillrect+0x174a/0x1910 [ 404.608325][T11365] kasan_report+0xdf/0x1e0 [ 404.608359][T11365] ? sys_fillrect+0x174a/0x1910 [ 404.608407][T11365] sys_fillrect+0x174a/0x1910 [ 404.608472][T11365] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 404.608512][T11365] bit_clear+0x17d/0x220 [ 404.608559][T11365] ? __pfx_bit_clear+0x10/0x10 [ 404.608599][T11365] ? fb_get_color_depth+0x120/0x250 [ 404.608635][T11365] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 404.608673][T11365] __fbcon_clear+0x633/0x760 [ 404.608721][T11365] ? __pfx_bit_clear+0x10/0x10 [ 404.608763][T11365] fbcon_scroll+0x48b/0x650 [ 404.608801][T11365] con_scroll+0x464/0x690 [ 404.608857][T11365] do_con_write+0x6883/0x8540 [ 404.608899][T11365] ? __pfx_do_con_write+0x10/0x10 [ 404.608927][T11365] ? __pfx_bit_cursor+0x10/0x10 [ 404.608965][T11365] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 404.609006][T11365] ? con_write+0x93/0xb0 [ 404.609035][T11365] con_write+0x23/0xb0 [ 404.609064][T11365] n_tty_write+0x44f/0x12d0 [ 404.609109][T11365] ? __pfx_n_tty_write+0x10/0x10 [ 404.609145][T11365] ? trace_kmalloc+0x101/0x130 [ 404.609178][T11365] ? __pfx_woken_wake_function+0x10/0x10 [ 404.609225][T11365] ? rcu_is_watching+0x12/0xc0 [ 404.609271][T11365] ? file_tty_write.isra.0+0x694/0x890 [ 404.609318][T11365] ? kfree+0x2ec/0x6b0 [ 404.609357][T11365] ? __pfx_n_tty_write+0x10/0x10 [ 404.609409][T11365] file_tty_write.isra.0+0x4d2/0x890 [ 404.609471][T11365] redirected_tty_write+0xd4/0x120 [ 404.609520][T11365] vfs_write+0x6ac/0x1070 [ 404.609552][T11365] ? __pfx_redirected_tty_write+0x10/0x10 [ 404.609602][T11365] ? __pfx_vfs_write+0x10/0x10 [ 404.609630][T11365] ? find_held_lock+0x2b/0x80 [ 404.609669][T11365] ksys_write+0x12a/0x250 [ 404.609700][T11365] ? __pfx_ksys_write+0x10/0x10 [ 404.609735][T11365] do_syscall_64+0x106/0xf80 [ 404.609768][T11365] ? clear_bhb_loop+0x40/0x90 [ 404.609804][T11365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.609837][T11365] RIP: 0033:0x7f3290d9c819 [ 404.609865][T11365] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 404.609897][T11365] RSP: 002b:00007f3291b99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 404.609929][T11365] RAX: ffffffffffffffda RBX: 00007f3291015fa0 RCX: 00007f3290d9c819 [ 404.609950][T11365] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 404.609970][T11365] RBP: 00007f3290e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 404.609988][T11365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.610006][T11365] R13: 00007f3291016038 R14: 00007f3291015fa0 R15: 00007ffd1fa830f8 [ 404.610036][T11365] [ 404.610047][T11365] [ 404.610056][T11365] The buggy address belongs to a vmalloc virtual mapping [ 404.610078][T11365] Memory state around the buggy address: [ 404.610094][T11365] ffffc90004118f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 404.610115][T11365] ffffc90004118f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 404.610136][T11365] >ffffc90004119000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 404.610153][T11365] ^ [ 404.610170][T11365] ffffc90004119080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 404.610192][T11365] ffffc90004119100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 404.610210][T11365] ================================================================== [ 404.610225][T11365] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 404.610248][T11365] CPU: 1 UID: 0 PID: 11365 Comm: syz.3.984 Tainted: G L syzkaller #0 PREEMPT(full) [ 404.610291][T11365] Tainted: [L]=SOFTLOCKUP [ 404.610302][T11365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 404.610320][T11365] Call Trace: [ 404.610330][T11365] [ 404.610342][T11365] dump_stack_lvl+0x100/0x190 [ 404.610388][T11365] vpanic+0x552/0x970 [ 404.610417][T11365] ? __pfx_vpanic+0x10/0x10 [ 404.610447][T11365] ? __pfx_vprintk_emit+0x10/0x10 [ 404.610489][T11365] ? sys_fillrect+0x174a/0x1910 [ 404.610536][T11365] panic+0xd1/0xe0 [ 404.610566][T11365] ? __pfx_panic+0x10/0x10 [ 404.610600][T11365] ? sys_fillrect+0x174a/0x1910 [ 404.610650][T11365] check_panic_on_warn.cold+0x19/0x34 [ 404.610685][T11365] end_report.part.0+0x3a/0x90 [ 404.610727][T11365] kasan_report.cold+0xe/0x18 [ 404.610771][T11365] ? sys_fillrect+0x174a/0x1910 [ 404.610823][T11365] sys_fillrect+0x174a/0x1910 [ 404.610877][T11365] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 404.610916][T11365] bit_clear+0x17d/0x220 [ 404.610956][T11365] ? __pfx_bit_clear+0x10/0x10 [ 404.610996][T11365] ? fb_get_color_depth+0x120/0x250 [ 404.611034][T11365] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 404.611072][T11365] __fbcon_clear+0x633/0x760 [ 404.611110][T11365] ? __pfx_bit_clear+0x10/0x10 [ 404.611152][T11365] fbcon_scroll+0x48b/0x650 [ 404.611190][T11365] con_scroll+0x464/0x690 [ 404.611237][T11365] do_con_write+0x6883/0x8540 [ 404.611278][T11365] ? __pfx_do_con_write+0x10/0x10 [ 404.611307][T11365] ? __pfx_bit_cursor+0x10/0x10 [ 404.611345][T11365] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 404.611386][T11365] ? con_write+0x93/0xb0 [ 404.611416][T11365] con_write+0x23/0xb0 [ 404.611443][T11365] n_tty_write+0x44f/0x12d0 [ 404.611497][T11365] ? __pfx_n_tty_write+0x10/0x10 [ 404.611533][T11365] ? trace_kmalloc+0x101/0x130 [ 404.611569][T11365] ? __pfx_woken_wake_function+0x10/0x10 [ 404.611619][T11365] ? rcu_is_watching+0x12/0xc0 [ 404.611666][T11365] ? file_tty_write.isra.0+0x694/0x890 [ 404.611714][T11365] ? kfree+0x2ec/0x6b0 [ 404.611756][T11365] ? __pfx_n_tty_write+0x10/0x10 [ 404.611794][T11365] file_tty_write.isra.0+0x4d2/0x890 [ 404.611848][T11365] redirected_tty_write+0xd4/0x120 [ 404.611897][T11365] vfs_write+0x6ac/0x1070 [ 404.611928][T11365] ? __pfx_redirected_tty_write+0x10/0x10 [ 404.611981][T11365] ? __pfx_vfs_write+0x10/0x10 [ 404.612010][T11365] ? find_held_lock+0x2b/0x80 [ 404.612052][T11365] ksys_write+0x12a/0x250 [ 404.612084][T11365] ? __pfx_ksys_write+0x10/0x10 [ 404.612120][T11365] do_syscall_64+0x106/0xf80 [ 404.612152][T11365] ? clear_bhb_loop+0x40/0x90 [ 404.612188][T11365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.612219][T11365] RIP: 0033:0x7f3290d9c819 [ 404.612242][T11365] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 404.612273][T11365] RSP: 002b:00007f3291b99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 404.612304][T11365] RAX: ffffffffffffffda RBX: 00007f3291015fa0 RCX: 00007f3290d9c819 [ 404.612326][T11365] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000003 [ 404.612347][T11365] RBP: 00007f3290e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 404.612367][T11365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 404.612386][T11365] R13: 00007f3291016038 R14: 00007f3291015fa0 R15: 00007ffd1fa830f8 [ 404.612417][T11365] [ 404.612903][T11365] Kernel Offset: disabled