last executing test programs: 9.274701651s ago: executing program 2 (id=430): select$auto(0x32, 0x0, 0x0, &(0x7f00000001c0)={[0x5, 0x10000, 0xffff, 0x9, 0x6, 0xfffffffffffffffd, 0x1, 0x4, 0x8, 0xfffffffffffffff9, 0x4, 0x10, 0x2, 0x0, 0x6, 0x6]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) connect$auto(0x3, 0x0, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto_BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, &(0x7f0000000440)="9362e6fc908225e27f2bcf95f76f4039452636045663351b1a5f58d28fc4743cd9b4b72d9fa9a475ee4ffea6325a24ce95f76b279b34ea457dacb25566e52b022943fc1eb10fceb18afdc7300b01d49059f0eef71fa92deda39e50d1fc5bcfbb822a5fb402d102056a11bf2afc3cf2eede35fab6b3cae730fb617842b8740716aa17f04be174fa204055155e663f81389de4b8f7312dd4ad50ff24524937073c7ff169b0d1e20b839f961bb18bdd968dcf4adea8dc331060a1befb1d77a2dd1f4b8e0640e681a8bcbd60d93946e02aa805d82db58a0d909b90fcdf2fc44d5da6f96429606c") setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) mmap$auto(0x0, 0x20000a00006, 0x100, 0x91, 0xffffffffffffffff, 0x2ffffffffffe) mmap$auto(0x0, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xb, 0x734f, 0x36, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x7980, 0x6}, 0x2, 0x0, 0x0, 0x8) fcntl$auto(0x0, 0x407, 0x100000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x13, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000100), 0x3, 0x2}, 0x800}, 0xffffffff, 0x4008) 8.210756878s ago: executing program 2 (id=433): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_TIPC_NL_BEARER_DISABLE(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB='J\x00\x00\x00', @ANYRES16, @ANYBLOB="010025bd7000fcdbdf250200"], 0x40}, 0x1, 0x0, 0x0, 0x20000000}, 0x40044) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00', @ANYRES16=0x0, @ANYBLOB="000326"], 0x28}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4085}, 0x4000804) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0xf, 0x9, 0x63, 0x0, 0x0, 0x0, 0x0, 0x401, 0x1003, 0xfffffffffffffffd, 0x7ffffffb, 0x9, 0xffffffff7ffffffc, 0x8009, 0xb, 0x200000100106}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='\"'], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) mprotect$auto(0x8000, 0x8, 0x8) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x2, 0x73) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/event0\x00', 0x2, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/system/cpu/cpu1/hotplug/target\x00', 0x802, 0x0) read$auto(r2, 0x0, 0x7) ioctl$auto_FIOASYNC(r1, 0x5452, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001340), 0xffffffffffffffff) r3 = socket(0xa, 0x2, 0x73) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/ext4/sda1/max_writeback_mb_bump\x00', 0x100, 0x0) pwrite64$auto(r0, &(0x7f0000001040)='\x00', 0x2, 0x1) getsockopt$auto_SO_TIMESTAMPNS_NEW(r3, 0x0, 0x40, 0x0, &(0x7f0000000240)=0x54) 8.210425168s ago: executing program 3 (id=434): r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x7a7040, 0x0) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0x2a, 0x2, 0x1) connect$auto(r2, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0xfffffffe}, 0x55) write$auto(0x3, 0x0, 0xffd8) r3 = prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) r4 = socket(0x10, 0x2, 0x0) r5 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r4, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f00000020c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01f7ffffffffffffff250a00"], 0x24}, 0x1, 0x0, 0x0, 0x801}, 0x40) sendfile$auto(0x1, r0, 0x0, 0xa) socket$nl_generic(0x10, 0x3, 0x10) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/lapb3/threaded\x00', 0x8a801, 0x0) write$auto(r6, &(0x7f0000000000)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x20000224, 0x5, 0x1, 0x0) clone$auto(0x2, 0x3, 0x0, 0x0, 0x2) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000200)='/dev/log\x00', 0x0, 0x0) r7 = socket(0xa, 0x5, 0x0) getsockopt$auto(r7, 0x84, 0x4, 0x0, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r3, 0xc0045002, &(0x7f00000001c0)="d558b92465fda073722489ac029cee843c25833059746f5aef0d97fa9b6a292acfad5dcd9df9ff582f5e38fe719ef57493d1a9870f16a1bb6702dc9dd9f9042fb369524c547d8688145c5e5cd5da25240c67882dca5d3521748f6f907159c1fb33a7bf4636240d0e5ddb810ecac4102b31106a3ebfff8be53f0f4b6c987a17dc1d671e3ef82eabe4ae499682f82eb3765ca83032054b5c77f1e5c9347780f960f3e805be5fb89fe5c98a2aef77dd1c30") mmap$auto(0x20000000000, 0x1000000020009, 0x40, 0xeb1, r3, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000400)='/proc/sys/net/ipv4/tcp_available_congestion_control\x00', 0x0, 0x0) 6.930993158s ago: executing program 1 (id=436): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/ueagle_atm/parameters/sync_wait\x00', 0x1e2142, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = syz_clone(0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r1, 0x306, 0x8000040006) r2 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci7/power\x00', 0x60002, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cuse\x00', 0x40402, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0x8000ffff}, 0x3) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) sysfs$auto(0x2, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r3, 0x0) getgid() ioctl$auto_BTRFS_IOC_SPACE_INFO(r2, 0xc0109414, &(0x7f0000000040)={0x12, 0x1, [{0x1000}, {0x8bd, 0xd8f5, 0x8000000000000000}, {0x16af, 0x8, 0xc4}]}) ptrace$auto(0x8, r1, 0x7, 0x4) getpgrp(r1) write$auto(r0, 0x0, 0x8) 6.767460087s ago: executing program 2 (id=437): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socketcall$auto(0x8000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0xa, 0x5, 0x84) close_range$auto(0x0, 0x5, 0x0) io_uring_setup$auto(0x1, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(r2, 0xc040aed4, r3) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae91, &(0x7f0000000040)={0xdd}) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r5 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TCP_METRICS_CMD_GET(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r5, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) 5.718651508s ago: executing program 2 (id=440): mmap$auto(0x0, 0x20008, 0x4000000000df, 0x2000eb1, 0xffffffffffffffff, 0x3) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = socket(0x1d, 0x1, 0x7fff) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x10000000084, 0x4, 0x0, 0x4) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) semget$auto(0x7eb, 0xc7, 0xfffffffd) readlinkat$auto(0x1, 0x0, 0x0, 0x16a) r3 = socket(0x18, 0x1, 0x1) connect$auto(r3, 0x0, 0x3a) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f00000001c0), r0) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r3, 0x0, 0x30004850) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\rs\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x6210d6b5, &(0x7f0000000100)=@link_detach={r3}, 0xffff) bpf$auto(0x18, 0x0, 0x92) setsockopt$auto(0x3, 0x1, 0x7, 0xffffffffffffffff, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) 5.637154525s ago: executing program 3 (id=441): select$auto(0x32, 0x0, 0x0, &(0x7f00000001c0)={[0x5, 0x10000, 0xffff, 0x9, 0x6, 0xfffffffffffffffd, 0x1, 0x4, 0x8, 0xfffffffffffffff9, 0x4, 0x10, 0x2, 0x0, 0x6, 0x6]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x1, 0x106) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) connect$auto(0x3, 0x0, 0x54) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto_BINDER_SET_CONTEXT_MGR(0xffffffffffffffff, 0x40046207, &(0x7f0000000440)="9362e6fc908225e27f2bcf95f76f4039452636045663351b1a5f58d28fc4743cd9b4b72d9fa9a475ee4ffea6325a24ce95f76b279b34ea457dacb25566e52b022943fc1eb10fceb18afdc7300b01d49059f0eef71fa92deda39e50d1fc5bcfbb822a5fb402d102056a11bf2afc3cf2eede35fab6b3cae730fb617842b8740716aa17f04be174fa204055155e663f81389de4b8f7312dd4ad50ff24524937073c7ff169b0d1e20b839f961bb18bdd968dcf4adea8dc331060a1befb1d77a2dd1f4b8e0640e681a8bcbd60d93946e02aa805d82db58a0d909b90fcdf2fc44d5da6f96429606c") setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) mmap$auto(0x0, 0x20000a00006, 0x100, 0x91, 0xffffffffffffffff, 0x2ffffffffffe) mmap$auto(0x0, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x1001, 0x4) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0xb, 0x734f, 0x36, 0x67f, 0x1ffde, 0x7, 0x3, 0x20000002, 0xd, 0x3, 0x1, 0x2091, 0xb4, 0x9, 0x6, 0x6, 0x80, 0x4, 0x1cd7, 0x1000, 0x2000, 0x203, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x1fe, 0x2) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) ppoll$auto(&(0x7f0000000080)={0xffffffffffffffff, 0x7980, 0x6}, 0x2, 0x0, 0x0, 0x8) fcntl$auto(0x0, 0x407, 0x100000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x13, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8040) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000100), 0x3, 0x2}, 0x800}, 0xffffffff, 0x4008) 4.596952202s ago: executing program 0 (id=443): ioctl$auto_TUNGETIFF2(0xffffffffffffffff, 0x800454d2, &(0x7f0000000040)=0x8) waitid$auto(0x8, 0xffffffffffffffff, &(0x7f0000000100)={@siginfo_0_0={0xffff, 0x413, 0x0, @_sigsys={&(0x7f0000000080)="bbac2f12a3a001cb9c0970991c572b96ab85fec7c1348db5467c7451143485e06734dc591bad80db23", 0x0, 0x3ff}}}, 0x3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) clock_gettime$auto(0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x1, 0x0, 0x80000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) vmsplice$auto(0x2, &(0x7f00000000c0)={0x0, 0x7ff}, 0x8000000000000001, 0x0) 4.222199023s ago: executing program 3 (id=444): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0xa0801, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0x8000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x5, 0x0) r3 = socket(0xa, 0x5, 0x84) close_range$auto(0x0, 0x5, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(r3, 0xc040aed4, r4) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae91, &(0x7f0000000040)={0xdd}) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, 0x0, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) 4.095701519s ago: executing program 0 (id=445): mmap$auto(0x0, 0xe983, 0x3, 0x100000000000eb1, 0xffffffffffffffff, 0x8003) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x40001, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r1 = syz_clone(0x5000400, 0x0, 0x0, 0x0, 0x0, 0x0) syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0) setpgid$auto(r1, r1) wait4$auto(0x0, 0x0, 0x80000000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/03.0\x00', 0x129002, 0x0) (async) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/03.0\x00', 0x129002, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/self/net/dev\x00', 0x40100, 0x0) pread64$auto(r2, 0x0, 0xffff, 0x80082e) (async) pread64$auto(r2, 0x0, 0xffff, 0x80082e) write$auto(r2, 0x0, 0xc) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, r2, 0x8000) open(&(0x7f0000000240)='./cgroup.cpu/cgroup.procs\x00', 0x1c5082, 0x18) r3 = open_by_handle_at$auto(r2, &(0x7f0000000140)={0x8, 0x30004, "b190a905237d4b53"}, 0x42) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x0, 0x0, 0x2) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x200100, 0x11d, 0x11}, 0x18) (async) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x200100, 0x11d, 0x11}, 0x18) socket(0x1d, 0xa, 0xff) (async) socket(0x1d, 0xa, 0xff) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/midiC2D0\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0x3203, 0x9b72, 0x7, 0x27ffc) (async) mmap$auto(0x0, 0x40009, 0x3203, 0x9b72, 0x7, 0x27ffc) mmap$auto(0x0, 0x40000a, 0x2737, 0x12, r4, 0x8000) (async) mmap$auto(0x0, 0x40000a, 0x2737, 0x12, r4, 0x8000) unshare$auto(0x40000080) (async) unshare$auto(0x40000080) setsockopt$auto(0xffffffffffffffff, 0x29, 0x37, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0xfffffffc) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x4c0000, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x4c0000, 0x0) ioctl$auto(r0, 0x3, 0x0) (async) ioctl$auto(r0, 0x3, 0x0) ioctl$auto_TIOCSTI2(r3, 0x5412, &(0x7f0000000280)="04737b93cc3c4dc4d683b19cd94d679aa42f258c109d24d436f91a2969a29a19c33b8bb8295223e248650cf8a05be734ba93cfdd834a750a1d68a2e86e4cb7a3024a339144fd7b6eca7152f1ab85ff2f80a25d4d20f2c4c135206924c47ee18f85fd33f4848e5d9936464f5d3cd41bb2cb8fd0f5a52045e7db38b365029a6f6cc8eeae1baa3d81530b724d5e90874da88136a51c664ccc6647746c088154d83c14dd1aaf4876f09c3861bacdca1e3f8e84dfa3c46ca9392270661fda9dc6f95d2d0b397f5d7c45a01127e0890d72b7f4c23dae1ff4ff4bc237d34dd4838b") 2.925160093s ago: executing program 3 (id=446): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/rnbd-client/ctl/map_device\x00', 0x40442, 0x0) pwrite64$auto(r0, &(0x7f0000000100)='\x00\x00+\x94\xaf\x9f\x00\xb9X!h\\\xfd\xaf2\x11\xd2\x83L\x11\xbb:\x8c/\xd4\xb0\x8c\xf2\xef\xab\xe5s\xbbAO\f\x06\xfda7\xe2\xf2\x1fE\x9d\xab\xd0\xf4\xec!5\xfb\xd1\x97A+P\x10\xbb?\xbct\xd8$\\c\fB\xc0\x93Qp\x8bk\xa0:\xd4pB\xdd\xf5\xc5L>W\x00[%\b\x0e\xe2\x06@y\x81\xb2`\xdc\xb5\x0fNB\xbf\xee(\x87gQ\x93\xbbK\f\x83~A\x1dMY\xa0\x16\xdb\xf0\x8d\x04\x0fR\x8e]_t\xc1n\t_n\x1e\b\x00\x00\x00\"\x8cf}8\xa4\x9c\x80\x06\x00\x00\x00c&<~V\x05#\xe0%P\"j_\x10O\x04\x11\xe7\xd8Z\xb2\xbd}?\xb8\r\xbb\x17\xb7\xaam\xc8\x04Kv\x02\xde\x8bV\xb5\xd9\xec\x88BE\x94M\x8f\a\xfa\xac\xf1\x0f', 0x6, 0x8000) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000540)='/dev/sequencer2\x00', 0x1c8740, 0x0) ioctl$auto(r1, 0x80045113, 0xffffffffffffffff) 2.852814544s ago: executing program 1 (id=447): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.544583616s ago: executing program 3 (id=448): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socketcall$auto(0x8000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0xa, 0x5, 0x84) close_range$auto(0x0, 0x5, 0x0) io_uring_setup$auto(0x1, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(r2, 0xc040aed4, r3) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0x3, 0xae41, r0) ioctl$auto_KVM_GET_MSRS(0xffffffffffffffff, 0xc008ae91, &(0x7f0000000040)={0xdd}) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r5 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TCP_METRICS_CMD_GET(r6, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r5, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) 2.355471834s ago: executing program 1 (id=449): syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x82942, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) acct$auto(&(0x7f00000000c0)='/dev/vcs\x00') mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x40005, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/module/kvm/parameters/nx_huge_pages_recovery_period_ms\x00', 0x149b01, 0x0) write$auto(r0, &(0x7f00000000c0)='0\n\xf48\x97\xff*\x8a\xeb+l\\\x9e@\\}\x04|\x03\xcb\x12\xfa\b\x1c\vr\xc0\\\x17\xcb\xb4Q\xe1)@J}\x7fw\xc7\xe58,.\xf6p\x8d\xa0\x1f\xe3\xc5\xff\r\xde\xaf\x84\xd6P\b\xdf\xfe\x1f\xa1\xb4\x89\xa0\xac\x9a\xb8\x88\xca\x00\x15\x9d`>\xcd\xcb\xbe#k\xaf\xe9\x9a0\xb6\xe2#\xc1u\xfa\xe1\x19\x92qH\x80\xb9\xa4a\xba%\xc7\xc5\xb8\v\x00\xa5\xdd\xa2\x8c\xacBY\x9b\"\x14*\xfd\x87\x84~\x94\xb5\xfd/\xe2\xadz9\xbe!7\xf9\x88F\xe9@L\x1cD\xc2ia*\x81\x10L\x8d\xde\xdf\xc5)$\x03,\xb5\x88\a\xfe\x8c\xea\x16|\x11x\xdaE\x1c\xce\xe1\xdb\xc1\x86\xd9!.\xfb\xb7\xd4%\\\x1eJ\x175\x9c\xc0\x83\x89k+\x1bKk\xc4\x8f\xb01\x9a\x94_r\xa5W\xe0\x16A', 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_bch_chardev_fops_chardev(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, 0x0, 0x141f02, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r1, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r4, r3, 0x4, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r5, 0x0, 0x3}, 0xc) 2.065314264s ago: executing program 2 (id=450): mmap$auto(0x0, 0x20008, 0x4000000000df, 0x2000eb1, 0xffffffffffffffff, 0x3) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = socket(0x1d, 0x1, 0x7fff) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x10000000084, 0x4, 0x0, 0x4) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) semget$auto(0x7eb, 0xc7, 0xfffffffd) readlinkat$auto(0x1, 0x0, 0x0, 0x16a) r3 = socket(0x18, 0x1, 0x1) connect$auto(r3, 0x0, 0x3a) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f00000001c0), r0) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r3, 0x0, 0x30004850) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\rs\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x6210d6b5, &(0x7f0000000100)=@link_detach={r3}, 0xffff) bpf$auto(0x18, 0x0, 0x92) setsockopt$auto(0x3, 0x1, 0x7, 0xffffffffffffffff, 0x0) getpeername$auto(r3, &(0x7f0000000200)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, &(0x7f0000000240)=0x63b) 1.713131126s ago: executing program 0 (id=451): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000a80), 0xffffffffffffffff) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0xe2e4c6) close_range$auto(0x2, 0xa, 0x0) fanotify_init$auto(0x26, 0x100001) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) fsopen$auto(0x0, 0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/pci0000:00/0000:00:04.0/broken_parity_status\x00', 0xc3002, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x3, 0x6, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video37\x00', 0x8a240, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f00000000c0)=""/40, 0x8a) read$auto(r0, &(0x7f0000000000)='/dev/video37\x00', 0x81) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto(r1, 0x40005504, 0xffffffffffffffff) setsockopt$auto(0xffffffffffffffff, 0x107, 0x9, 0x0, 0x20008004) 1.546555059s ago: executing program 3 (id=452): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3, 0x80, 0x8, 0x4, 0x1, 0x200, 0x8, 0x401, 0x2, 0xe2, 0x4, 0xc28}, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r1, 0x0, 0x24000000) write$auto(r2, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r2, 0x0, 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r3 = syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3b) socket(0xa, 0x5, 0x2) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) socketpair$auto(0x1, 0x5, 0x2a340, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1fb, 0x1ff, 0x7, 0x1, 0x8, 0xfffffffffffffffb, 0x15f4da05, 0x10, 0x1000, 0x3, 0x4000008000001f, 0x6, 0x6d3e, 0x8cfb7, 0x9, 0x6]}, 0x0) wait4$auto(r3, 0x0, 0x80000001, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.1GB.limit_in_bytes\x00', 0x10b142, 0x0) r4 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14abfd) lstat$auto(0x0, &(0x7f0000000180)={0x12, 0xd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x1000000006, 0x7, 0x8, 0x5, 0x1000, 0x42, 0x8001, 0x1, 0x60, 0x40000102}) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r5, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) fcntl$auto(r4, 0x400, 0x1) close_range$auto(0x2, 0x8, 0x0) 1.24304365s ago: executing program 0 (id=453): ioctl$auto_TUNGETIFF2(0xffffffffffffffff, 0x800454d2, &(0x7f0000000040)=0x8) waitid$auto(0x8, 0xffffffffffffffff, &(0x7f0000000100)={@siginfo_0_0={0xffff, 0x413, 0x0, @_sigsys={&(0x7f0000000080)="bbac2f12a3a001cb9c0970991c572b96ab85fec7c1348db5467c7451143485e06734dc591bad80db23", 0x0, 0x3ff}}}, 0x3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) rseq$auto(0x0, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) clock_gettime$auto(0x8, 0x0) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) recvfrom$auto(0x3, 0x0, 0x800000000e, 0xa00, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) write$auto(0x1, 0x0, 0x80000000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) vmsplice$auto(0x2, &(0x7f00000000c0)={0x0, 0x7ff}, 0x8000000000000001, 0x0) 948.150151ms ago: executing program 1 (id=454): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0xa0801, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0x8000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x5, 0x0) r3 = socket(0xa, 0x5, 0x84) io_uring_setup$auto(0x1, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(r3, 0xc040aed4, r4) close_range$auto(0x2, 0x8, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae91, &(0x7f0000000040)={0xdd}) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r6, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, 0x0, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) 273.816175ms ago: executing program 0 (id=455): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) (async) r0 = socket(0x2b, 0x1, 0x4) getsockopt$auto(r0, 0x0, 0x80, 0x0, 0x0) (async) setsockopt$auto(0x3, 0x6, 0xc, 0x0, 0xfb3) (async) syslog$auto(0x0, &(0x7f0000000000)='k%+\x00', 0x7) 186.877396ms ago: executing program 1 (id=456): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 104.838533ms ago: executing program 2 (id=457): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="0700000000000000df250a"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a\x00\x00'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 60.981542ms ago: executing program 0 (id=458): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x20, r1, 0x936355e497c8b7e5, 0x70bd25, 0x25dddbfc, {}, [@ETHTOOL_A_TSINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x4048800) r2 = socket(0x2, 0xa, 0x106) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r2, &(0x7f0000003040)={0x0, 0x0, &(0x7f0000003000)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) r3 = syz_genetlink_get_family_id$auto_thermal(&(0x7f0000000200), r2) r4 = openat$auto_fops_atomic_t_ro_(0xffffffffffffff9c, &(0x7f00000003c0), 0x28000, 0x0) read$auto_fops_atomic_t_ro_(r4, 0x0, 0x0) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), 0xffffffffffffffff) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sda\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r5, 0x127f, 0x0) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_TRIP(r2, &(0x7f0000001c40)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001c00)={&(0x7f0000005dc0)={0x34, r3, 0x400, 0x70bd2a, 0x25dfdbfd, {}, [@THERMAL_GENL_ATTR_TZ={0x4}, @THERMAL_GENL_ATTR_THRESHOLD_DIRECTION={0x8, 0x1a, 0x6}, @THERMAL_GENL_ATTR_CDEV_MAX_STATE={0x8, 0x11, 0x4}, @THERMAL_GENL_ATTR_TZ_CDEV_WEIGHT={0x8, 0xb, 0x6}, @THERMAL_GENL_ATTR_TZ_GOV={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x4000) socket(0xb, 0x80000, 0x400003) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r6 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/023/001\x00', 0x4100, 0x0) socket(0x2, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xfffffffffffffffb) ioctl$auto_SOUND_PCM_READ_CHANNELS(r6, 0x80045006, &(0x7f0000000240)) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x60042, 0x0) r7 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) bind$auto(0xffffffffffffffff, 0x0, 0x6a) r8 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/fail-nth\x00', 0x100102, 0x0) write$auto(r8, 0x0, 0x3) write$auto(r7, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84L\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xff\a\x00\x00\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) 0s ago: executing program 1 (id=459): mmap$auto(0x0, 0x20008, 0x4000000000df, 0x2000eb1, 0xffffffffffffffff, 0x3) move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) r0 = socket(0x1d, 0x1, 0x7fff) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0xffffffffffffffff, 0x10000000084, 0x4, 0x0, 0x4) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) semget$auto(0x7eb, 0xc7, 0xfffffffd) readlinkat$auto(0x1, 0x0, 0x0, 0x16a) r3 = socket(0x18, 0x1, 0x1) connect$auto(r3, 0x0, 0x3a) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f00000001c0), r0) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(r3, 0x0, 0x30004850) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x00\rs\x1cJ\x99\x00:c\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x6210d6b5, &(0x7f0000000100)=@link_detach={r3}, 0xffff) bpf$auto(0x18, 0x0, 0x92) setsockopt$auto(0x3, 0x1, 0x7, 0xffffffffffffffff, 0x0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) kernel console output (not intermixed with test programs): Warning: Permanently added '10.128.1.3' (ED25519) to the list of known hosts. [ 88.248111][ T5810] cgroup: Unknown subsys name 'net' [ 88.417165][ T5810] cgroup: Unknown subsys name 'cpuset' [ 88.427009][ T5810] cgroup: Unknown subsys name 'rlimit' Setting up swapspace version 1, size = 127995904 bytes [ 90.238129][ T5810] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 92.135170][ T5826] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 92.155879][ T52] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 92.164186][ T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 92.173691][ T5833] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 92.181592][ T5833] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 92.189828][ T5833] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 92.203596][ T5833] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 92.203730][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 92.212454][ T5833] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 92.219311][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 92.225927][ T5833] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 92.233353][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 92.240803][ T5833] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 92.247658][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 92.254580][ T5833] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 92.268866][ T5839] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 92.277893][ T5839] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 92.292687][ T5825] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 92.313568][ T5833] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 92.321816][ T5833] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 92.976395][ T5828] chnl_net:caif_netlink_parms(): no params data found [ 92.999749][ T5822] chnl_net:caif_netlink_parms(): no params data found [ 93.136877][ T5821] chnl_net:caif_netlink_parms(): no params data found [ 93.154310][ T5831] chnl_net:caif_netlink_parms(): no params data found [ 93.284073][ T5828] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.291744][ T5828] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.299856][ T5828] bridge_slave_0: entered allmulticast mode [ 93.307062][ T5828] bridge_slave_0: entered promiscuous mode [ 93.321835][ T5822] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.329255][ T5822] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.336639][ T5822] bridge_slave_0: entered allmulticast mode [ 93.343880][ T5822] bridge_slave_0: entered promiscuous mode [ 93.362745][ T5828] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.370169][ T5828] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.377455][ T5828] bridge_slave_1: entered allmulticast mode [ 93.384802][ T5828] bridge_slave_1: entered promiscuous mode [ 93.398085][ T5822] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.405291][ T5822] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.412467][ T5822] bridge_slave_1: entered allmulticast mode [ 93.420329][ T5822] bridge_slave_1: entered promiscuous mode [ 93.517086][ T5822] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.527099][ T5821] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.535537][ T5821] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.542723][ T5821] bridge_slave_0: entered allmulticast mode [ 93.550141][ T5821] bridge_slave_0: entered promiscuous mode [ 93.560188][ T5828] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.569761][ T5831] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.578052][ T5831] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.585554][ T5831] bridge_slave_0: entered allmulticast mode [ 93.593025][ T5831] bridge_slave_0: entered promiscuous mode [ 93.603663][ T5822] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.613303][ T5821] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.620575][ T5821] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.628097][ T5821] bridge_slave_1: entered allmulticast mode [ 93.635207][ T5821] bridge_slave_1: entered promiscuous mode [ 93.644481][ T5828] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.671409][ T5831] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.679045][ T5831] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.686386][ T5831] bridge_slave_1: entered allmulticast mode [ 93.694120][ T5831] bridge_slave_1: entered promiscuous mode [ 93.722018][ T5828] team0: Port device team_slave_0 added [ 93.760362][ T5828] team0: Port device team_slave_1 added [ 93.768598][ T5821] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.790666][ T5822] team0: Port device team_slave_0 added [ 93.809560][ T5821] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.821410][ T5831] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 93.833478][ T5822] team0: Port device team_slave_1 added [ 93.865753][ T5831] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 93.891882][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 93.899046][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 93.925503][ T5828] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 93.969112][ T5828] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 93.976407][ T5828] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.003128][ T5828] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.016221][ T5821] team0: Port device team_slave_0 added [ 94.039641][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.046833][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.073249][ T5822] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.087515][ T5821] team0: Port device team_slave_1 added [ 94.115219][ T5831] team0: Port device team_slave_0 added [ 94.122362][ T5822] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.129473][ T5822] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.155968][ T5822] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.167804][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.174850][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.200922][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.214495][ T5831] team0: Port device team_slave_1 added [ 94.236998][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.244183][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.270148][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.323662][ T5825] Bluetooth: hci2: command tx timeout [ 94.323893][ T5142] Bluetooth: hci1: command tx timeout [ 94.332142][ T5828] hsr_slave_0: entered promiscuous mode [ 94.341527][ T5828] hsr_slave_1: entered promiscuous mode [ 94.351359][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 94.358910][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.385467][ T5831] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 94.403286][ T5142] Bluetooth: hci0: command tx timeout [ 94.403293][ T5825] Bluetooth: hci3: command tx timeout [ 94.422498][ T5831] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 94.429869][ T5831] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 94.456043][ T5831] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 94.512169][ T5822] hsr_slave_0: entered promiscuous mode [ 94.518564][ T5822] hsr_slave_1: entered promiscuous mode [ 94.524955][ T5822] debugfs: 'hsr0' already exists in 'hsr' [ 94.530833][ T5822] Cannot create hsr debugfs directory [ 94.562783][ T5821] hsr_slave_0: entered promiscuous mode [ 94.569765][ T5821] hsr_slave_1: entered promiscuous mode [ 94.576234][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 94.581973][ T5821] Cannot create hsr debugfs directory [ 94.705605][ T5831] hsr_slave_0: entered promiscuous mode [ 94.711982][ T5831] hsr_slave_1: entered promiscuous mode [ 94.718434][ T5831] debugfs: 'hsr0' already exists in 'hsr' [ 94.724467][ T5831] Cannot create hsr debugfs directory [ 95.088402][ T5828] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.101434][ T5828] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.112464][ T5828] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.134663][ T5828] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.203521][ T5821] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 95.220361][ T5821] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 95.231897][ T5821] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 95.253456][ T5821] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 95.321589][ T5822] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.336504][ T5822] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.366209][ T5822] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.377475][ T5822] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.480272][ T5831] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.499253][ T5831] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.539818][ T5831] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.551862][ T5831] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.607659][ T5828] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.682049][ T5828] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.729994][ T1092] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.737275][ T1092] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.768864][ T5822] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.781437][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.790462][ T1092] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.797624][ T1092] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.858099][ T5822] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.882117][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.909212][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.916416][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.927053][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.934370][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.944621][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.951775][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.969484][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.976944][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.081334][ T5831] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.211474][ T5831] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.252296][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.259586][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.301799][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.309020][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.403761][ T5142] Bluetooth: hci2: command tx timeout [ 96.404825][ T5825] Bluetooth: hci1: command tx timeout [ 96.479586][ T5828] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.486374][ T5825] Bluetooth: hci3: command tx timeout [ 96.489640][ T5142] Bluetooth: hci0: command tx timeout [ 96.677165][ T5828] veth0_vlan: entered promiscuous mode [ 96.711176][ T5828] veth1_vlan: entered promiscuous mode [ 96.731615][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.845696][ T5822] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.870051][ T5828] veth0_macvtap: entered promiscuous mode [ 96.898286][ T5828] veth1_macvtap: entered promiscuous mode [ 96.941192][ T5831] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.968121][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.989800][ T5828] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.037136][ T5899] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.064440][ T5899] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.074620][ T5899] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.088351][ T5821] veth0_vlan: entered promiscuous mode [ 97.099701][ T5899] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.130526][ T797] cfg80211: failed to load regulatory.db [ 97.154564][ T5822] veth0_vlan: entered promiscuous mode [ 97.178525][ T5831] veth0_vlan: entered promiscuous mode [ 97.187465][ T5821] veth1_vlan: entered promiscuous mode [ 97.230927][ T5822] veth1_vlan: entered promiscuous mode [ 97.259523][ T5831] veth1_vlan: entered promiscuous mode [ 97.319218][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.337177][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.391058][ T5821] veth0_macvtap: entered promiscuous mode [ 97.406617][ T50] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.417750][ T5821] veth1_macvtap: entered promiscuous mode [ 97.423228][ T50] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.467721][ T5822] veth0_macvtap: entered promiscuous mode [ 97.491073][ T5828] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.495554][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.520171][ T5822] veth1_macvtap: entered promiscuous mode [ 97.535271][ T5831] veth0_macvtap: entered promiscuous mode [ 97.550886][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.571363][ T5831] veth1_macvtap: entered promiscuous mode [ 97.617906][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.664585][ T5822] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.677450][ T50] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.687995][ T50] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.712784][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.720497][ T50] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.730584][ T50] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.761230][ T50] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.771477][ T50] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.801322][ T5831] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.820747][ T50] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.843492][ T50] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.917367][ T5899] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.958528][ T5899] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.977259][ T5899] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.000693][ T5899] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.128082][ T50] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.157955][ T50] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.197978][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.215351][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.386113][ T1092] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.402449][ T1092] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.430337][ T5899] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.439938][ T5899] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.482441][ T1092] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.492340][ T5142] Bluetooth: hci1: command tx timeout [ 98.492391][ T5825] Bluetooth: hci2: command tx timeout [ 98.509877][ T1092] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.565684][ T5825] Bluetooth: hci3: command tx timeout [ 98.565847][ T5142] Bluetooth: hci0: command tx timeout [ 98.605664][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.617907][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.968470][ T5926] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2'. [ 98.989988][ T5928] ubi0: attaching mtd0 [ 99.021635][ T5928] ubi0: scanning is finished [ 99.040879][ T5928] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 99.373100][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 99.391895][ T5928] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 99.453482][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.061775][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 100.394032][ T5944] NFSD: Failed to start, no listeners configured. [ 100.509920][ T5940] mmap: syz.2.8 (5940) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 100.564757][ T5142] Bluetooth: hci1: command tx timeout [ 100.565591][ T5825] Bluetooth: hci2: command tx timeout [ 100.643584][ T5825] Bluetooth: hci3: command tx timeout [ 100.652970][ T5825] Bluetooth: hci0: command tx timeout [ 100.794976][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 100.961496][ T5966] netlink: 28 bytes leftover after parsing attributes in process `syz.0.11'. [ 100.971129][ T5966] Zero length message leads to an empty skb [ 101.085376][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 101.523223][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.633159][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.895693][ T5971] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13'. [ 102.145218][ T5982] netlink: 28 bytes leftover after parsing attributes in process `syz.0.15'. [ 102.803210][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.928753][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 102.940951][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 103.490583][ T5992] netlink: 28 bytes leftover after parsing attributes in process `syz.1.17'. [ 104.024070][ T6003] netlink: 28 bytes leftover after parsing attributes in process `syz.2.20'. [ 104.047453][ T6005] netlink: 28 bytes leftover after parsing attributes in process `syz.3.19'. [ 104.778148][ T6009] vhci_hcd vhci_hcd.2: invalid port number 16 [ 104.810964][ T6009] vhci_hcd vhci_hcd.2: invalid port number 16 [ 105.207511][ T6021] netlink: 28 bytes leftover after parsing attributes in process `syz.1.23'. [ 105.242241][ T6017] vhci_hcd vhci_hcd.2: invalid port number 16 [ 105.248548][ T6017] vhci_hcd vhci_hcd.2: invalid port number 16 [ 106.005841][ T6028] vhci_hcd vhci_hcd.2: invalid port number 16 [ 106.023113][ T6028] vhci_hcd vhci_hcd.2: invalid port number 16 [ 106.447014][ T6034] vhci_hcd vhci_hcd.2: invalid port number 16 [ 106.485459][ T6034] vhci_hcd vhci_hcd.2: invalid port number 16 [ 106.773664][ T6045] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 107.038768][ T6046] netlink: Conntrack attr has 4 unknown bytes [ 107.889692][ T6059] netlink: 'syz.3.30': attribute type 21 has an invalid length. [ 107.957015][ T6059] netlink: 326 bytes leftover after parsing attributes in process `syz.3.30'. [ 109.055665][ T6082] netlink: 342 bytes leftover after parsing attributes in process `syz.2.35'. [ 109.513614][ T6084] netlink: 28 bytes leftover after parsing attributes in process `syz.1.33'. [ 110.506793][ T6101] netlink: 54 bytes leftover after parsing attributes in process `syz.1.39'. [ 111.088936][ T30] audit: type=1806 audit(1770353917.185:2): xattr=08 res=-22 [ 111.462517][ T30] audit: type=1800 audit(1770353917.565:3): pid=6112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.44" name="features" dev="configfs" ino=9319 res=0 errno=0 [ 111.523351][ T6112] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 112.421258][ T30] audit: type=1800 audit(1770353918.505:4): pid=6121 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.45" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 113.627963][ T6148] netlink: 306 bytes leftover after parsing attributes in process `syz.3.52'. [ 113.705401][ T6151] netlink: 306 bytes leftover after parsing attributes in process `syz.0.53'. [ 114.103316][ T6161] netlink: 306 bytes leftover after parsing attributes in process `syz.1.57'. [ 114.168343][ T6154] futex_wake_op: syz.3.54 tries to shift op by -2048; fix this program [ 115.000307][ T6181] block nbd8: Unsupported socket: should be TCP or UNIX. [ 115.868469][ T6196] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 116.257050][ T6202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.66'. [ 116.487766][ T6202] veth1_to_batadv: entered promiscuous mode [ 116.539299][ T6203] can0: slcan on ttyS2. [ 116.654587][ T6204] can0 (unregistered): slcan off ttyS2. [ 116.756792][ T6205] can0: slcan on ttyS2. [ 116.950023][ T6201] veth1_to_batadv: left promiscuous mode [ 117.288517][ T6201] can0 (unregistered): slcan off ttyS2. [ 118.325705][ T6236] random: crng reseeded on system resumption [ 119.559439][ T6248] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 120.651109][ T6273] netlink: 28 bytes leftover after parsing attributes in process `syz.2.74'. [ 121.043415][ T5825] Bluetooth: hci2: unexpected subevent 0x03 length: 253 > 9 [ 121.486522][ T6288] netlink: 54 bytes leftover after parsing attributes in process `syz.2.77'. [ 122.758552][ T6303] netlink: 28 bytes leftover after parsing attributes in process `syz.2.80'. [ 123.374938][ T6308] netlink: 28 bytes leftover after parsing attributes in process `syz.3.81'. [ 123.398727][ T6315] netlink: 54 bytes leftover after parsing attributes in process `syz.1.83'. [ 123.868021][ T6325] netlink: 54 bytes leftover after parsing attributes in process `syz.3.87'. [ 123.923264][ T5142] Bluetooth: hci1: Malformed LE Event: 0x0b [ 123.932885][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 124.208861][ T6331] netlink: 54 bytes leftover after parsing attributes in process `syz.3.88'. [ 124.740263][ T6319] vhci_hcd vhci_hcd.2: invalid port number 16 [ 124.746851][ T6319] vhci_hcd vhci_hcd.2: invalid port number 16 [ 124.788272][ T6344] netlink: 28 bytes leftover after parsing attributes in process `syz.2.91'. [ 126.142684][ T6366] netlink: 28 bytes leftover after parsing attributes in process `syz.0.96'. [ 126.675236][ T6367] vhci_hcd vhci_hcd.2: invalid port number 16 [ 126.697924][ T6367] vhci_hcd vhci_hcd.2: invalid port number 16 [ 127.987466][ T6395] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 128.958512][ T6404] vhci_hcd vhci_hcd.2: invalid port number 16 [ 128.975036][ T6404] vhci_hcd vhci_hcd.2: invalid port number 16 [ 129.103247][ T6420] netlink: 54 bytes leftover after parsing attributes in process `syz.1.110'. [ 130.896900][ T6438] vhci_hcd vhci_hcd.2: invalid port number 16 [ 130.903096][ T6438] vhci_hcd vhci_hcd.2: invalid port number 16 [ 131.679947][ T6462] netlink: 54 bytes leftover after parsing attributes in process `syz.0.120'. [ 132.399115][ T6482] netlink: 28 bytes leftover after parsing attributes in process `syz.2.123'. [ 133.674781][ T30] audit: type=1800 audit(1770353939.775:5): pid=6504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.133" name="version" dev="configfs" ino=12368 res=0 errno=0 [ 134.466471][ T6529] netlink: 28 bytes leftover after parsing attributes in process `syz.2.137'. [ 134.478371][ T6532] random: crng reseeded on system resumption [ 134.822234][ T6530] netlink: 28 bytes leftover after parsing attributes in process `syz.1.139'. [ 135.204727][ T6544] netlink: 28 bytes leftover after parsing attributes in process `syz.0.142'. [ 135.378228][ T6544] team0: Port device team_slave_0 removed [ 136.704114][ T6574] netlink: 54 bytes leftover after parsing attributes in process `syz.0.148'. [ 136.722634][ T6581] netlink: 28 bytes leftover after parsing attributes in process `syz.3.146'. [ 137.951094][ T6587] vhci_hcd vhci_hcd.2: invalid port number 16 [ 137.957351][ T6587] vhci_hcd vhci_hcd.2: invalid port number 16 [ 138.103366][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.113335][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.140507][ T6609] netlink: 28 bytes leftover after parsing attributes in process `syz.2.152'. [ 139.872846][ T6619] vhci_hcd vhci_hcd.2: invalid port number 16 [ 139.878982][ T6619] vhci_hcd vhci_hcd.2: invalid port number 16 [ 141.126195][ T6657] vhci_hcd vhci_hcd.2: invalid port number 16 [ 141.132476][ T6657] vhci_hcd vhci_hcd.2: invalid port number 16 [ 141.339565][ T6672] netlink: 28 bytes leftover after parsing attributes in process `syz.1.165'. [ 142.226512][ T6687] netlink: 54 bytes leftover after parsing attributes in process `syz.1.171'. [ 142.308742][ T6681] netlink: 28 bytes leftover after parsing attributes in process `syz.3.167'. [ 143.440054][ T6716] netlink: 8 bytes leftover after parsing attributes in process `syz.2.176'. [ 143.503260][ T6716] netlink: 338 bytes leftover after parsing attributes in process `syz.2.176'. [ 144.037961][ T6728] netlink: 28 bytes leftover after parsing attributes in process `syz.3.177'. [ 144.096052][ T6727] FAULT_INJECTION: forcing a failure. [ 144.096052][ T6727] name failslab, interval 1, probability 0, space 0, times 1 [ 144.109640][ T6727] CPU: 1 UID: 0 PID: 6727 Comm: syz.1.179 Not tainted syzkaller #0 PREEMPT(full) [ 144.109683][ T6727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 144.109701][ T6727] Call Trace: [ 144.109712][ T6727] [ 144.109724][ T6727] dump_stack_lvl+0x100/0x190 [ 144.109767][ T6727] should_fail_ex.cold+0x5/0xa [ 144.109817][ T6727] should_failslab+0xc2/0x120 [ 144.109861][ T6727] __kmalloc_cache_noprof+0x80/0x810 [ 144.109894][ T6727] ? pty_common_install+0x10e/0xb30 [ 144.109942][ T6727] ? pty_common_install+0x10e/0xb30 [ 144.109981][ T6727] pty_common_install+0x10e/0xb30 [ 144.110027][ T6727] ? __pfx_pty_unix98_install+0x10/0x10 [ 144.110069][ T6727] tty_init_dev.part.0+0x9e/0x470 [ 144.110103][ T6727] tty_init_dev+0x60/0x80 [ 144.110132][ T6727] ptmx_open+0x15e/0x3c0 [ 144.110169][ T6727] ? __pfx_ptmx_open+0x10/0x10 [ 144.110206][ T6727] chrdev_open+0x234/0x6a0 [ 144.110243][ T6727] ? __pfx_apparmor_file_open+0x10/0x10 [ 144.110295][ T6727] ? __pfx_chrdev_open+0x10/0x10 [ 144.110335][ T6727] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 144.110380][ T6727] do_dentry_open+0x73e/0x1570 [ 144.110414][ T6727] ? __pfx_chrdev_open+0x10/0x10 [ 144.110451][ T6727] ? security_inode_permission+0xbf/0x250 [ 144.110504][ T6727] vfs_open+0x82/0x3f0 [ 144.110546][ T6727] path_openat+0x21dc/0x3120 [ 144.110594][ T6727] ? __pfx_path_openat+0x10/0x10 [ 144.110647][ T6727] do_filp_open+0x1f7/0x420 [ 144.110689][ T6727] ? __pfx_do_filp_open+0x10/0x10 [ 144.110757][ T6727] ? _raw_spin_unlock+0x28/0x50 [ 144.110789][ T6727] ? alloc_fd+0x476/0x790 [ 144.110835][ T6727] do_sys_openat2+0x12e/0x220 [ 144.110882][ T6727] ? __pfx_do_sys_openat2+0x10/0x10 [ 144.110930][ T6727] ? find_held_lock+0x2b/0x80 [ 144.110972][ T6727] __x64_sys_openat+0x12d/0x210 [ 144.111021][ T6727] ? __pfx___x64_sys_openat+0x10/0x10 [ 144.111065][ T6727] ? xfd_validate_state+0x129/0x190 [ 144.111128][ T6727] do_syscall_64+0xc9/0xf80 [ 144.111169][ T6727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 144.111199][ T6727] RIP: 0033:0x7ff8e459aeb9 [ 144.111224][ T6727] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 144.111253][ T6727] RSP: 002b:00007ff8e54f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 144.111292][ T6727] RAX: ffffffffffffffda RBX: 00007ff8e4816180 RCX: 00007ff8e459aeb9 [ 144.111312][ T6727] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 144.111331][ T6727] RBP: 00007ff8e4608c1f R08: 0000000000000000 R09: 0000000000000000 [ 144.111349][ T6727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 144.111367][ T6727] R13: 00007ff8e4816218 R14: 00007ff8e4816180 R15: 00007fff23ef3b68 [ 144.111410][ T6727] [ 144.847547][ T6738] capability: warning: `syz.3.180' uses 32-bit capabilities (legacy support in use) [ 144.866137][ T6740] netlink: 28 bytes leftover after parsing attributes in process `syz.2.183'. [ 145.112252][ T6740] team0: Port device team_slave_0 removed [ 145.329581][ T6741] vhci_hcd vhci_hcd.2: invalid port number 16 [ 145.345425][ T6741] vhci_hcd vhci_hcd.2: invalid port number 16 [ 146.560364][ T6751] block2mtd: parameter too long [ 147.224703][ T6771] netlink: 28 bytes leftover after parsing attributes in process `syz.0.189'. [ 148.696599][ T6802] netlink: 54 bytes leftover after parsing attributes in process `syz.3.198'. [ 148.738537][ T6797] vhci_hcd vhci_hcd.2: invalid port number 16 [ 148.749574][ T6797] vhci_hcd vhci_hcd.2: invalid port number 16 [ 149.328194][ T6816] FAULT_INJECTION: forcing a failure. [ 149.328194][ T6816] name failslab, interval 1, probability 0, space 0, times 0 [ 149.361569][ T6816] CPU: 1 UID: 0 PID: 6816 Comm: syz.3.201 Not tainted syzkaller #0 PREEMPT(full) [ 149.361609][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 149.361624][ T6816] Call Trace: [ 149.361633][ T6816] [ 149.361644][ T6816] dump_stack_lvl+0x100/0x190 [ 149.361687][ T6816] should_fail_ex.cold+0x5/0xa [ 149.361731][ T6816] should_failslab+0xc2/0x120 [ 149.361771][ T6816] __kmalloc_cache_node_noprof+0x83/0x840 [ 149.361810][ T6816] ? look_up_lock_class+0x55/0x120 [ 149.361845][ T6816] ? __get_vm_area_node+0x101/0x330 [ 149.361897][ T6816] ? __get_vm_area_node+0x101/0x330 [ 149.361940][ T6816] __get_vm_area_node+0x101/0x330 [ 149.361992][ T6816] __vmalloc_node_range_noprof+0x213/0x1530 [ 149.362024][ T6816] ? n_tty_open+0x1a/0x170 [ 149.362054][ T6816] ? do_raw_spin_lock+0x128/0x260 [ 149.362114][ T6816] ? look_up_lock_class+0x55/0x120 [ 149.362155][ T6816] ? n_tty_open+0x1a/0x170 [ 149.362203][ T6816] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 149.362233][ T6816] ? __ldsem_down_write_nested+0xfd/0x830 [ 149.362263][ T6816] ? __ldsem_down_write_nested+0x10e/0x830 [ 149.362294][ T6816] ? look_up_lock_class+0x55/0x120 [ 149.362337][ T6816] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 149.362376][ T6816] ? n_tty_open+0x1a/0x170 [ 149.362403][ T6816] __vmalloc_node_noprof+0xad/0xf0 [ 149.362430][ T6816] ? n_tty_open+0x1a/0x170 [ 149.362457][ T6816] ? __pfx_n_tty_open+0x10/0x10 [ 149.362475][ T6816] n_tty_open+0x1a/0x170 [ 149.362494][ T6816] tty_ldisc_open+0xa2/0x120 [ 149.362518][ T6816] tty_ldisc_setup+0x40/0xf0 [ 149.362543][ T6816] tty_init_dev.part.0+0x1b5/0x470 [ 149.362563][ T6816] tty_init_dev+0x60/0x80 [ 149.362588][ T6816] ptmx_open+0x15e/0x3c0 [ 149.362623][ T6816] ? __pfx_ptmx_open+0x10/0x10 [ 149.362656][ T6816] chrdev_open+0x234/0x6a0 [ 149.362687][ T6816] ? __pfx_apparmor_file_open+0x10/0x10 [ 149.362710][ T6816] ? __pfx_chrdev_open+0x10/0x10 [ 149.362733][ T6816] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 149.362760][ T6816] do_dentry_open+0x73e/0x1570 [ 149.362792][ T6816] ? __pfx_chrdev_open+0x10/0x10 [ 149.362826][ T6816] ? security_inode_permission+0xbf/0x250 [ 149.362994][ T6816] vfs_open+0x82/0x3f0 [ 149.363027][ T6816] path_openat+0x21dc/0x3120 [ 149.363058][ T6816] ? __pfx_path_openat+0x10/0x10 [ 149.363090][ T6816] do_filp_open+0x1f7/0x420 [ 149.363114][ T6816] ? __pfx_do_filp_open+0x10/0x10 [ 149.363153][ T6816] ? _raw_spin_unlock+0x28/0x50 [ 149.363172][ T6816] ? alloc_fd+0x476/0x790 [ 149.363200][ T6816] do_sys_openat2+0x12e/0x220 [ 149.363273][ T6816] ? __pfx_do_sys_openat2+0x10/0x10 [ 149.363303][ T6816] ? find_held_lock+0x2b/0x80 [ 149.363328][ T6816] __x64_sys_openat+0x12d/0x210 [ 149.363357][ T6816] ? __pfx___x64_sys_openat+0x10/0x10 [ 149.363384][ T6816] ? xfd_validate_state+0x129/0x190 [ 149.363422][ T6816] do_syscall_64+0xc9/0xf80 [ 149.363446][ T6816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.363466][ T6816] RIP: 0033:0x7f135919aeb9 [ 149.363485][ T6816] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.363502][ T6816] RSP: 002b:00007f1359fc1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 149.363520][ T6816] RAX: ffffffffffffffda RBX: 00007f1359416180 RCX: 00007f135919aeb9 [ 149.363531][ T6816] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 149.363542][ T6816] RBP: 00007f1359208c1f R08: 0000000000000000 R09: 0000000000000000 [ 149.363587][ T6816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.363597][ T6816] R13: 00007f1359416218 R14: 00007f1359416180 R15: 00007ffdbe12e588 [ 149.363623][ T6816] [ 149.724147][ T6816] syz.3.201: vmalloc error: size 9128, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 149.809141][ T6816] CPU: 0 UID: 0 PID: 6816 Comm: syz.3.201 Not tainted syzkaller #0 PREEMPT(full) [ 149.809168][ T6816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 149.809185][ T6816] Call Trace: [ 149.809192][ T6816] [ 149.809199][ T6816] dump_stack_lvl+0x100/0x190 [ 149.809226][ T6816] warn_alloc.cold+0x95/0x1c1 [ 149.809256][ T6816] ? __pfx_warn_alloc+0x10/0x10 [ 149.809277][ T6816] ? trace_kmalloc+0x83/0xb0 [ 149.809304][ T6816] ? __get_vm_area_node+0x101/0x330 [ 149.809334][ T6816] ? __kasan_kmalloc+0x8a/0xb0 [ 149.809357][ T6816] ? __get_vm_area_node+0x208/0x330 [ 149.809390][ T6816] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 149.809409][ T6816] ? do_raw_spin_lock+0x128/0x260 [ 149.809436][ T6816] ? look_up_lock_class+0x55/0x120 [ 149.809460][ T6816] ? n_tty_open+0x1a/0x170 [ 149.809485][ T6816] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 149.809502][ T6816] ? __ldsem_down_write_nested+0xfd/0x830 [ 149.809524][ T6816] ? __ldsem_down_write_nested+0x10e/0x830 [ 149.809542][ T6816] ? look_up_lock_class+0x55/0x120 [ 149.809568][ T6816] ? __pfx___ldsem_down_write_nested+0x10/0x10 [ 149.809591][ T6816] ? n_tty_open+0x1a/0x170 [ 149.809609][ T6816] __vmalloc_node_noprof+0xad/0xf0 [ 149.809626][ T6816] ? n_tty_open+0x1a/0x170 [ 149.809645][ T6816] ? __pfx_n_tty_open+0x10/0x10 [ 149.809664][ T6816] n_tty_open+0x1a/0x170 [ 149.809683][ T6816] tty_ldisc_open+0xa2/0x120 [ 149.809707][ T6816] tty_ldisc_setup+0x40/0xf0 [ 149.809732][ T6816] tty_init_dev.part.0+0x1b5/0x470 [ 149.809751][ T6816] tty_init_dev+0x60/0x80 [ 149.809768][ T6816] ptmx_open+0x15e/0x3c0 [ 149.809789][ T6816] ? __pfx_ptmx_open+0x10/0x10 [ 149.809811][ T6816] chrdev_open+0x234/0x6a0 [ 149.809832][ T6816] ? __pfx_apparmor_file_open+0x10/0x10 [ 149.809856][ T6816] ? __pfx_chrdev_open+0x10/0x10 [ 149.809879][ T6816] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 149.809906][ T6816] do_dentry_open+0x73e/0x1570 [ 149.809927][ T6816] ? __pfx_chrdev_open+0x10/0x10 [ 149.809949][ T6816] ? security_inode_permission+0xbf/0x250 [ 149.809980][ T6816] vfs_open+0x82/0x3f0 [ 149.810009][ T6816] path_openat+0x21dc/0x3120 [ 149.810038][ T6816] ? __pfx_path_openat+0x10/0x10 [ 149.810072][ T6816] do_filp_open+0x1f7/0x420 [ 149.810095][ T6816] ? __pfx_do_filp_open+0x10/0x10 [ 149.810132][ T6816] ? _raw_spin_unlock+0x28/0x50 [ 149.810149][ T6816] ? alloc_fd+0x476/0x790 [ 149.810182][ T6816] do_sys_openat2+0x12e/0x220 [ 149.810209][ T6816] ? __pfx_do_sys_openat2+0x10/0x10 [ 149.810237][ T6816] ? find_held_lock+0x2b/0x80 [ 149.810260][ T6816] __x64_sys_openat+0x12d/0x210 [ 149.810288][ T6816] ? __pfx___x64_sys_openat+0x10/0x10 [ 149.810315][ T6816] ? xfd_validate_state+0x129/0x190 [ 149.810351][ T6816] do_syscall_64+0xc9/0xf80 [ 149.810375][ T6816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 149.810393][ T6816] RIP: 0033:0x7f135919aeb9 [ 149.810408][ T6816] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 149.810425][ T6816] RSP: 002b:00007f1359fc1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 149.810442][ T6816] RAX: ffffffffffffffda RBX: 00007f1359416180 RCX: 00007f135919aeb9 [ 149.810453][ T6816] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 149.810464][ T6816] RBP: 00007f1359208c1f R08: 0000000000000000 R09: 0000000000000000 [ 149.810474][ T6816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 149.810484][ T6816] R13: 00007f1359416218 R14: 00007f1359416180 R15: 00007ffdbe12e588 [ 149.810507][ T6816] [ 149.810514][ T6816] Mem-Info: [ 150.292965][ T6816] active_anon:17134 inactive_anon:0 isolated_anon:0 [ 150.292965][ T6816] active_file:2881 inactive_file:40436 isolated_file:0 [ 150.292965][ T6816] unevictable:768 dirty:363 writeback:0 [ 150.292965][ T6816] slab_reclaimable:10448 slab_unreclaimable:91057 [ 150.292965][ T6816] mapped:27115 shmem:4448 pagetables:1153 [ 150.292965][ T6816] sec_pagetables:0 bounce:0 [ 150.292965][ T6816] kernel_misc_reclaimable:0 [ 150.292965][ T6816] free:1313588 free_pcp:27471 free_cma:0 [ 150.312075][ T6820] netlink: 54 bytes leftover after parsing attributes in process `syz.0.203'. [ 150.347851][ T6816] Node 0 active_anon:68536kB inactive_anon:0kB active_file:11524kB inactive_file:161540kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:108460kB dirty:1452kB writeback:0kB shmem:16256kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:12288kB kernel_stack:11476kB pagetables:4484kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 150.382827][ T6816] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:32kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 150.447213][ T6816] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 150.553835][ T6816] lowmem_reserve[]: 0 2480 2481 2481 2481 [ 150.560742][ T6816] Node 0 DMA32 free:1383024kB boost:0kB min:34320kB low:42900kB high:51480kB reserved_highatomic:0KB free_highatomic:0KB active_anon:70172kB inactive_anon:0kB active_file:11524kB inactive_file:161540kB unevictable:1536kB writepending:1452kB zspages:0kB present:3129332kB managed:2539572kB mlocked:0kB bounce:0kB free_pcp:61320kB local_pcp:37216kB free_cma:0kB [ 150.656665][ T6823] netlink: 28 bytes leftover after parsing attributes in process `syz.2.202'. [ 150.738164][ T6816] lowmem_reserve[]: 0 0 1 1 1 [ 150.778319][ T6816] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 150.874415][ T6816] lowmem_reserve[]: 0 0 0 0 0 [ 150.932051][ T6816] Node 1 Normal free:3854716kB boost:0kB min:55560kB low:69448kB high:83336kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:48584kB local_pcp:14620kB free_cma:0kB [ 150.977289][ T6816] lowmem_reserve[]: 0 0 0 0 0 [ 151.002154][ T6816] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 151.063596][ T6816] Node 0 DMA32: 943*4kB (UME) 675*8kB (UME) 280*16kB (U) 53*32kB (UME) 94*64kB (UME) 77*128kB (UM) 40*256kB (UM) 32*512kB (UME) 11*1024kB (UME) 2*2048kB (U) 318*4096kB (UM) = 1375732kB [ 151.144147][ T6816] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 151.175351][ T6816] Node 1 Normal: 121*4kB (UE) 15*8kB (UME) 24*16kB (UE) 13*32kB (UE) 6*64kB (E) 3*128kB (UE) 1*256kB (U) 2*512kB (ME) 1*1024kB (M) 2*2048kB (UE) 939*4096kB (M) = 3854716kB [ 151.193160][ T6816] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 151.241309][ T6816] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 151.253056][ T6816] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 151.283402][ T6816] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 151.315581][ T6816] 49171 total pagecache pages [ 151.320317][ T6816] 0 pages in swap cache [ 151.344781][ T6816] Free swap = 124996kB [ 151.360982][ T6816] Total swap = 124996kB [ 151.373095][ T6816] 2097051 pages RAM [ 151.388112][ T6816] 0 pages HighMem/MovableOnly [ 151.417306][ T6816] 430196 pages reserved [ 151.421491][ T6816] 0 pages cma reserved [ 151.470601][ T6816] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 151.843476][ T6844] netlink: 54 bytes leftover after parsing attributes in process `syz.3.208'. [ 151.876588][ T6843] netlink: 54 bytes leftover after parsing attributes in process `syz.1.209'. [ 152.338104][ T6850] vhci_hcd vhci_hcd.2: invalid port number 16 [ 152.344436][ T6850] vhci_hcd vhci_hcd.2: invalid port number 16 [ 152.743334][ T6871] netlink: 28 bytes leftover after parsing attributes in process `syz.0.213'. [ 154.758263][ T6917] vhci_hcd vhci_hcd.2: invalid port number 16 [ 154.783622][ T6917] vhci_hcd vhci_hcd.2: invalid port number 16 [ 155.554347][ T6949] Invalid ELF header magic: != ELF [ 156.661654][ T6961] vhci_hcd vhci_hcd.2: invalid port number 16 [ 156.667984][ T6961] vhci_hcd vhci_hcd.2: invalid port number 16 [ 158.217953][ T6994] vhci_hcd vhci_hcd.2: invalid port number 16 [ 158.943120][ T6994] vhci_hcd vhci_hcd.2: invalid port number 16 [ 159.927428][ T7020] netlink: 146 bytes leftover after parsing attributes in process `syz.1.249'. [ 160.123603][ T7023] FAULT_INJECTION: forcing a failure. [ 160.123603][ T7023] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 160.136884][ T7023] CPU: 0 UID: 0 PID: 7023 Comm: syz.1.250 Not tainted syzkaller #0 PREEMPT(full) [ 160.136921][ T7023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 160.136937][ T7023] Call Trace: [ 160.136947][ T7023] [ 160.136958][ T7023] dump_stack_lvl+0x100/0x190 [ 160.136995][ T7023] should_fail_ex.cold+0x5/0xa [ 160.137026][ T7023] _copy_from_iter+0x1f4/0x1690 [ 160.137057][ T7023] ? rcu_is_watching+0x12/0xc0 [ 160.137076][ T7023] ? __pfx__copy_from_iter+0x10/0x10 [ 160.137104][ T7023] ? __asan_memset+0x23/0x50 [ 160.137124][ T7023] ? __build_skb_around+0x278/0x390 [ 160.137149][ T7023] ? is_vmalloc_addr+0x86/0xa0 [ 160.137173][ T7023] netlink_sendmsg+0x808/0xda0 [ 160.137205][ T7023] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.137231][ T7023] ? __import_iovec+0x1d2/0x640 [ 160.137260][ T7023] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 160.137287][ T7023] ____sys_sendmsg+0xa54/0xc30 [ 160.137309][ T7023] ? __pfx_____sys_sendmsg+0x10/0x10 [ 160.137331][ T7023] ? try_to_wake_up+0x644/0x1a60 [ 160.137355][ T7023] ___sys_sendmsg+0x190/0x1e0 [ 160.137376][ T7023] ? __pfx____sys_sendmsg+0x10/0x10 [ 160.137406][ T7023] ? futex_private_hash_put+0x107/0x1c0 [ 160.137437][ T7023] ? find_held_lock+0x2b/0x80 [ 160.137476][ T7023] __sys_sendmsg+0x170/0x220 [ 160.137503][ T7023] ? __pfx___sys_sendmsg+0x10/0x10 [ 160.137530][ T7023] ? __x64_sys_futex+0x34f/0x4d0 [ 160.137567][ T7023] do_syscall_64+0xc9/0xf80 [ 160.137592][ T7023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.137610][ T7023] RIP: 0033:0x7ff8e459aeb9 [ 160.137626][ T7023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 160.137643][ T7023] RSP: 002b:00007ff8e5538028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 160.137661][ T7023] RAX: ffffffffffffffda RBX: 00007ff8e4815fa0 RCX: 00007ff8e459aeb9 [ 160.137672][ T7023] RDX: 00000000000080c0 RSI: 0000200000001480 RDI: 0000000000000006 [ 160.137683][ T7023] RBP: 00007ff8e4608c1f R08: 0000000000000000 R09: 0000000000000000 [ 160.137693][ T7023] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 160.137703][ T7023] R13: 00007ff8e4816038 R14: 00007ff8e4815fa0 R15: 00007fff23ef3b68 [ 160.137726][ T7023] [ 160.764871][ T7027] netlink: 54 bytes leftover after parsing attributes in process `syz.1.252'. [ 162.915816][ T7052] vhci_hcd vhci_hcd.2: invalid port number 16 [ 162.942913][ T7052] vhci_hcd vhci_hcd.2: invalid port number 16 [ 164.956730][ T7099] netlink: 28 bytes leftover after parsing attributes in process `syz.2.268'. [ 166.228413][ T7132] hub 1-0:1.0: USB hub found [ 166.307201][ T7132] hub 1-0:1.0: 1 port detected [ 166.811612][ T7146] netlink: 28 bytes leftover after parsing attributes in process `syz.0.278'. [ 167.394109][ T7163] netlink: 330 bytes leftover after parsing attributes in process `syz.1.281'. [ 167.736214][ T30] audit: type=1800 audit(1770353973.845:6): pid=7166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.282" name="lu_gp_id" dev="configfs" ino=16444 res=0 errno=0 [ 168.923062][ T7198] process 'syz.0.289' launched './file0' with NULL argv: empty string added [ 169.830287][ T7202] netlink: 54 bytes leftover after parsing attributes in process `syz.1.291'. [ 174.160106][ T7303] netlink: 28 bytes leftover after parsing attributes in process `syz.1.314'. [ 175.125994][ T7313] random: crng reseeded on system resumption [ 175.190233][ T7314] netlink: 28 bytes leftover after parsing attributes in process `syz.3.315'. [ 176.200154][ T7331] vhci_hcd vhci_hcd.2: invalid port number 16 [ 176.248606][ T7331] vhci_hcd vhci_hcd.2: invalid port number 16 [ 176.375587][ T7325] zswap: compressor not available [ 176.516539][ T7323] zswap: compressor cover mmap failed not available [ 176.778368][ T7323] zswap: compressor (errno 9) not available [ 177.214457][ T5825] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 177.214502][ T5825] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 177.230924][ T5825] Bluetooth: hci3: Dropping invalid advertising data [ 177.241896][ T5825] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 177.241938][ T5825] Bluetooth: hci3: Dropping invalid advertising data [ 177.256011][ T5825] Bluetooth: hci3: Malformed LE Event: 0x02 [ 177.669847][ T7373] netlink: 54 bytes leftover after parsing attributes in process `syz.2.330'. [ 178.126558][ T7391] netlink: 342 bytes leftover after parsing attributes in process `syz.3.333'. [ 180.195095][ T7420] netlink: 28 bytes leftover after parsing attributes in process `syz.2.340'. [ 180.426757][ T7429] netlink: 54 bytes leftover after parsing attributes in process `syz.1.343'. [ 180.708951][ T7439] netlink: 342 bytes leftover after parsing attributes in process `syz.2.344'. [ 180.751587][ T7439] netlink: 294 bytes leftover after parsing attributes in process `syz.2.344'. [ 181.508988][ T7447] netlink: 5928 bytes leftover after parsing attributes in process `syz.0.347'. [ 182.295066][ T7470] netlink: 28 bytes leftover after parsing attributes in process `syz.1.352'. [ 183.229959][ T7490] netlink: 342 bytes leftover after parsing attributes in process `syz.3.355'. [ 183.391289][ T7485] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.994818][ T7501] vhci_hcd vhci_hcd.2: invalid port number 16 [ 184.011781][ T7501] vhci_hcd vhci_hcd.2: invalid port number 16 [ 184.401254][ T7513] FAULT_INJECTION: forcing a failure. [ 184.401254][ T7513] name failslab, interval 1, probability 0, space 0, times 0 [ 184.445658][ T7513] CPU: 1 UID: 0 PID: 7513 Comm: syz.3.363 Not tainted syzkaller #0 PREEMPT(full) [ 184.445703][ T7513] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 184.445720][ T7513] Call Trace: [ 184.445731][ T7513] [ 184.445743][ T7513] dump_stack_lvl+0x100/0x190 [ 184.445787][ T7513] should_fail_ex.cold+0x5/0xa [ 184.445836][ T7513] should_failslab+0xc2/0x120 [ 184.445880][ T7513] kmem_cache_alloc_noprof+0x83/0x780 [ 184.445921][ T7513] ? do_epoll_ctl+0x2434/0x36a0 [ 184.445967][ T7513] ? do_epoll_ctl+0x2434/0x36a0 [ 184.446002][ T7513] do_epoll_ctl+0x2434/0x36a0 [ 184.446064][ T7513] ? __pfx_do_epoll_ctl+0x10/0x10 [ 184.446098][ T7513] ? find_held_lock+0x2b/0x80 [ 184.446128][ T7513] ? __might_fault+0xc5/0x140 [ 184.446180][ T7513] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 184.446215][ T7513] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 184.446253][ T7513] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 184.446303][ T7513] do_syscall_64+0xc9/0xf80 [ 184.446344][ T7513] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.446374][ T7513] RIP: 0033:0x7f135919aeb9 [ 184.446398][ T7513] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 184.446425][ T7513] RSP: 002b:00007f135a003028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 184.446454][ T7513] RAX: ffffffffffffffda RBX: 00007f1359415fa0 RCX: 00007f135919aeb9 [ 184.446472][ T7513] RDX: 0000000000000011 RSI: 0000000000000001 RDI: 0000000000000012 [ 184.446490][ T7513] RBP: 00007f1359208c1f R08: 0000000000000000 R09: 0000000000000000 [ 184.446507][ T7513] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 184.446524][ T7513] R13: 00007f1359416038 R14: 00007f1359415fa0 R15: 00007ffdbe12e588 [ 184.446565][ T7513] [ 185.040854][ T7528] netlink: 342 bytes leftover after parsing attributes in process `syz.3.366'. [ 185.389632][ T7540] netlink: 330 bytes leftover after parsing attributes in process `syz.0.369'. [ 185.791858][ T7544] netlink: 5928 bytes leftover after parsing attributes in process `syz.2.370'. [ 186.900891][ T7567] netlink: 342 bytes leftover after parsing attributes in process `syz.3.376'. [ 187.069209][ T7564] vhci_hcd vhci_hcd.2: invalid port number 16 [ 187.088026][ T7564] vhci_hcd vhci_hcd.2: invalid port number 16 [ 187.196442][ T7574] netlink: 28 bytes leftover after parsing attributes in process `syz.1.378'. [ 187.935217][ T7587] openvswitch: netlink: ERSPAN option length err (len 256, max 255). [ 188.902966][ T7607] netlink: 342 bytes leftover after parsing attributes in process `syz.0.388'. [ 189.133712][ T7612] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 189.177213][ T7614] FAULT_INJECTION: forcing a failure. [ 189.177213][ T7614] name failslab, interval 1, probability 0, space 0, times 0 [ 189.190371][ T7614] CPU: 0 UID: 0 PID: 7614 Comm: syz.2.390 Not tainted syzkaller #0 PREEMPT(full) [ 189.190413][ T7614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 189.190431][ T7614] Call Trace: [ 189.190441][ T7614] [ 189.190453][ T7614] dump_stack_lvl+0x100/0x190 [ 189.190497][ T7614] should_fail_ex.cold+0x5/0xa [ 189.190548][ T7614] should_failslab+0xc2/0x120 [ 189.190592][ T7614] __kmalloc_node_noprof+0xfb/0x9e0 [ 189.190632][ T7614] ? mark_held_locks+0x40/0x70 [ 189.190671][ T7614] ? __blk_mq_realloc_hw_ctxs+0x579/0x820 [ 189.190709][ T7614] ? __blk_mq_realloc_hw_ctxs+0x579/0x820 [ 189.190736][ T7614] __blk_mq_realloc_hw_ctxs+0x579/0x820 [ 189.190772][ T7614] ? lockdep_init_map_type+0x5c/0x250 [ 189.190820][ T7614] blk_mq_init_allocated_queue+0x308/0x1400 [ 189.190869][ T7614] ? blk_alloc_queue+0x627/0x750 [ 189.190900][ T7614] ? blk_alloc_queue+0x1a3/0x750 [ 189.190937][ T7614] blk_mq_alloc_queue+0x1bd/0x290 [ 189.190977][ T7614] ? __pfx_blk_mq_alloc_queue+0x10/0x10 [ 189.191044][ T7614] ? idr_alloc+0xdd/0x130 [ 189.191078][ T7614] ? __pfx_idr_alloc+0x10/0x10 [ 189.191120][ T7614] __blk_mq_alloc_disk+0x29/0x120 [ 189.191162][ T7614] nbd_dev_add+0x492/0xb10 [ 189.191198][ T7614] ? find_held_lock+0x2b/0x80 [ 189.191227][ T7614] ? __pfx_nbd_dev_add+0x10/0x10 [ 189.191269][ T7614] ? nbd_genl_connect+0x131a/0x1a40 [ 189.191333][ T7614] ? bpf_lsm_capable+0x9/0x10 [ 189.191362][ T7614] ? __radix_tree_lookup+0x217/0x2b0 [ 189.191404][ T7614] nbd_genl_connect+0xb8d/0x1a40 [ 189.191440][ T7614] ? rcu_is_watching+0x12/0xc0 [ 189.191468][ T7614] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 189.191509][ T7614] ? __pfx_nbd_genl_connect+0x10/0x10 [ 189.191548][ T7614] ? __nla_parse+0x40/0x60 [ 189.191587][ T7614] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 189.191621][ T7614] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 189.191664][ T7614] genl_family_rcv_msg_doit+0x214/0x300 [ 189.191702][ T7614] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 189.191735][ T7614] ? genl_get_cmd+0x3ef/0x720 [ 189.191778][ T7614] ? __dev_queue_xmit+0x7fd/0x46f0 [ 189.191814][ T7614] ? __radix_tree_lookup+0x217/0x2b0 [ 189.191852][ T7614] genl_rcv_msg+0x560/0x800 [ 189.191890][ T7614] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.191923][ T7614] ? __pfx_nbd_genl_connect+0x10/0x10 [ 189.191976][ T7614] netlink_rcv_skb+0x159/0x420 [ 189.192004][ T7614] ? __pfx_genl_rcv_msg+0x10/0x10 [ 189.192038][ T7614] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 189.192085][ T7614] ? netlink_deliver_tap+0x1ae/0xcc0 [ 189.192137][ T7614] genl_rcv+0x28/0x40 [ 189.192165][ T7614] netlink_unicast+0x5aa/0x870 [ 189.192218][ T7614] ? __pfx_netlink_unicast+0x10/0x10 [ 189.192292][ T7614] netlink_sendmsg+0x8b0/0xda0 [ 189.192348][ T7614] ? __pfx_netlink_sendmsg+0x10/0x10 [ 189.192392][ T7614] ? __import_iovec+0x1d2/0x640 [ 189.192443][ T7614] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 189.192490][ T7614] ____sys_sendmsg+0xa54/0xc30 [ 189.192530][ T7614] ? __pfx_____sys_sendmsg+0x10/0x10 [ 189.192570][ T7614] ? try_to_wake_up+0x644/0x1a60 [ 189.192613][ T7614] ___sys_sendmsg+0x190/0x1e0 [ 189.192651][ T7614] ? __pfx____sys_sendmsg+0x10/0x10 [ 189.192686][ T7614] ? futex_private_hash_put+0x107/0x1c0 [ 189.192745][ T7614] ? find_held_lock+0x2b/0x80 [ 189.192803][ T7614] __sys_sendmsg+0x170/0x220 [ 189.192848][ T7614] ? __pfx___sys_sendmsg+0x10/0x10 [ 189.192889][ T7614] ? __x64_sys_futex+0x34f/0x4d0 [ 189.192947][ T7614] do_syscall_64+0xc9/0xf80 [ 189.192986][ T7614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 189.193012][ T7614] RIP: 0033:0x7f2c7a59aeb9 [ 189.193037][ T7614] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 189.193064][ T7614] RSP: 002b:00007f2c7b46c028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 189.193093][ T7614] RAX: ffffffffffffffda RBX: 00007f2c7a815fa0 RCX: 00007f2c7a59aeb9 [ 189.193111][ T7614] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 0000000000000002 [ 189.193128][ T7614] RBP: 00007f2c7a608c1f R08: 0000000000000000 R09: 0000000000000000 [ 189.193145][ T7614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 189.193162][ T7614] R13: 00007f2c7a816038 R14: 00007f2c7a815fa0 R15: 00007ffdff03b418 [ 189.193202][ T7614] [ 189.823265][ T7614] nbd: failed to add new device [ 190.315581][ T7626] netlink: 28 bytes leftover after parsing attributes in process `syz.2.394'. [ 190.348164][ T7626] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.467500][ T7626] bridge_slave_1 (unregistering): left allmulticast mode [ 190.474713][ T7626] bridge_slave_1 (unregistering): left promiscuous mode [ 190.493688][ T7626] bridge0: port 2(bridge_slave_1) entered disabled state [ 190.921647][ T7640] netlink: 342 bytes leftover after parsing attributes in process `syz.3.397'. [ 190.979749][ T7629] netlink: 28 bytes leftover after parsing attributes in process `syz.0.392'. [ 193.224039][ T7675] &#$@\]\-: entered promiscuous mode [ 193.238550][ T7676] netlink: 342 bytes leftover after parsing attributes in process `syz.2.407'. [ 193.843581][ T7668] Format for unlinking a device is "netnsfd:ifidx" (int uint). [ 194.616383][ T13] netdevsim netdevsim100 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 194.625916][ T7695] bridge0: port 3(bond0) entered blocking state [ 194.632502][ T7695] bridge0: port 3(bond0) entered disabled state [ 194.680550][ T7695] bond0: entered allmulticast mode [ 194.709122][ T7695] bond_slave_0: entered allmulticast mode [ 194.784050][ T7695] bond_slave_1: entered allmulticast mode [ 194.835730][ T7695] bond0: entered promiscuous mode [ 194.840892][ T7695] bond_slave_0: entered promiscuous mode [ 194.855002][ T7695] bond_slave_1: entered promiscuous mode [ 195.155567][ T7695] bridge0: port 3(bond0) entered blocking state [ 195.161941][ T7695] bridge0: port 3(bond0) entered forwarding state [ 199.528136][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.535855][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 199.802732][ T7771] netlink: 28 bytes leftover after parsing attributes in process `syz.2.430'. [ 200.185109][ T7768] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 200.281889][ T7768] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 200.532421][ T7768] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 200.558277][ T7782] bridge0: port 2(bond0) entered blocking state [ 200.576378][ T7782] bridge0: port 2(bond0) entered disabled state [ 200.600875][ T7782] bond0: entered allmulticast mode [ 200.608794][ T7782] bond_slave_0: entered allmulticast mode [ 200.615381][ T7782] bond_slave_1: entered allmulticast mode [ 200.626627][ T7782] bond0: entered promiscuous mode [ 200.636514][ T7782] bond_slave_0: entered promiscuous mode [ 200.642518][ T7782] bond_slave_1: entered promiscuous mode [ 200.652367][ T7768] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 200.664434][ T7782] bridge0: port 2(bond0) entered blocking state [ 200.670899][ T7782] bridge0: port 2(bond0) entered forwarding state [ 200.753047][ T7768] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 200.929896][ T7768] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 201.001626][ T7768] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 201.040348][ T7768] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 201.200342][ T7768] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 201.389654][ T7791] netlink: 28 bytes leftover after parsing attributes in process `syz.1.435'. [ 201.412855][ T7768] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 201.433934][ T7768] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 201.496938][ T7768] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 201.762935][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 201.974462][ T7804] netlink: 342 bytes leftover after parsing attributes in process `syz.0.438'. [ 202.723132][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 203.043151][ T5142] Bluetooth: hci2: command 0x0c1a tx timeout [ 203.443941][ T5142] Bluetooth: hci3: command 0x0c1a tx timeout [ 203.646687][ T7822] netlink: 28 bytes leftover after parsing attributes in process `syz.3.441'. [ 203.848036][ T5142] Bluetooth: hci0: command 0x0c1a tx timeout [ 204.828387][ T5142] Bluetooth: hci1: command 0x0c1a tx timeout [ 205.124011][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 205.528263][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 205.835355][ T7844] rnbd_client L213: map_device: Parameters missing [ 205.924518][ T5825] Bluetooth: hci0: command 0x0c1a tx timeout [ 206.883252][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout [ 207.217833][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 207.347645][ T7862] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 207.609138][ T5825] Bluetooth: hci3: command 0x0c1a tx timeout [ 208.532425][ T7887] syz.0.458 uses obsolete (PF_INET,SOCK_PACKET) [ 260.975636][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 260.982018][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 270.674519][ T5191] udevd[5191]: worker [5829] /devices/pci0000:00/0000:00:03.0/virtio0/host0/target0:0:1/0:0:1:0/block/sda is taking a long time [ 322.407838][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 322.416241][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 354.412989][ T31] INFO: task syz-executor:5810 blocked for more than 143 seconds. [ 354.420891][ T31] Not tainted syzkaller #0 [ 354.427137][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 354.436118][ T31] task:syz-executor state:D stack:21992 pid:5810 tgid:5810 ppid:5809 task_flags:0x440100 flags:0x00080800 [ 354.448254][ T31] Call Trace: [ 354.451642][ T31] [ 354.454727][ T31] ? __schedule+0xf65/0x5e10 [ 354.459352][ T31] __schedule+0xfe4/0x5e10 [ 354.463840][ T31] ? __lock_acquire+0x4a5/0x2630 [ 354.469343][ T31] ? __pfx___schedule+0x10/0x10 [ 354.474276][ T31] ? find_held_lock+0x2b/0x80 [ 354.479285][ T31] ? schedule+0x2bf/0x390 [ 354.484466][ T31] schedule+0xdd/0x390 [ 354.488603][ T31] io_schedule+0x8a/0xf0 [ 354.493180][ T31] bit_wait_io+0xd/0xe0 [ 354.497379][ T31] __wait_on_bit+0x65/0x180 [ 354.502060][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 354.507442][ T31] out_of_line_wait_on_bit+0xdc/0x110 [ 354.513245][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 354.519988][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 354.526508][ T31] do_get_write_access+0x82f/0x1190 [ 354.531790][ T31] ? jbd2_write_access_granted+0x61/0x3d0 [ 354.537641][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 354.544295][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 354.550383][ T31] ext4_reserve_inode_write+0x1b7/0x330 [ 354.556251][ T31] __ext4_mark_inode_dirty+0x18f/0x840 [ 354.561747][ T31] ? trace_kmem_cache_alloc+0x80/0xb0 [ 354.567542][ T31] ? kmem_cache_alloc_noprof+0x2ff/0x780 [ 354.573432][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 354.579502][ T31] ? rcu_is_watching+0x12/0xc0 [ 354.584516][ T31] ? trace_jbd2_handle_start+0x7f/0x200 [ 354.590136][ T31] ? jbd2__journal_start+0xf7/0x6a0 [ 354.595443][ T31] ? __ext4_journal_start_sb+0x32a/0x5c0 [ 354.601143][ T31] ? __ext4_journal_start_sb+0x1ce/0x5c0 [ 354.606867][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 354.611879][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 354.617400][ T31] ext4_dirty_inode+0xd9/0x130 [ 354.622303][ T31] ? rcu_is_watching+0x12/0xc0 [ 354.628230][ T31] __mark_inode_dirty+0x1ec/0x1560 [ 354.633478][ T31] generic_update_time+0xcf/0xf0 [ 354.638463][ T31] file_update_time_flags+0x401/0x510 [ 354.643996][ T31] ext4_page_mkwrite+0x35b/0x1980 [ 354.649425][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 354.655064][ T31] ? vm_normal_page+0x1b6/0x330 [ 354.659967][ T31] ? find_held_lock+0x2b/0x80 [ 354.664782][ T31] ? rcu_read_unlock+0x2d/0xb0 [ 354.669644][ T31] do_page_mkwrite+0x17a/0x440 [ 354.674477][ T31] do_wp_page+0x4aa/0x4c10 [ 354.678944][ T31] ? __pfx_do_wp_page+0x10/0x10 [ 354.683885][ T31] ? do_raw_spin_lock+0x128/0x260 [ 354.688957][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 354.694451][ T31] __handle_mm_fault+0x1ac0/0x2b50 [ 354.699709][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 354.705077][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 354.710614][ T31] ? lock_vma_under_rcu+0x17c/0x5a0 [ 354.715972][ T31] handle_mm_fault+0x36d/0xa20 [ 354.720800][ T31] do_user_addr_fault+0x5a3/0x12f0 [ 354.726593][ T31] exc_page_fault+0x6f/0xd0 [ 354.732005][ T31] asm_exc_page_fault+0x26/0x30 [ 354.737036][ T31] RIP: 0033:0x7f1f3d6795a7 [ 354.741567][ T31] RSP: 002b:00007ffc1aa19560 EFLAGS: 00010202 [ 354.747692][ T31] RAX: 00007f1f3b618000 RBX: 000055556fb3d500 RCX: 0000000000000006 [ 354.755726][ T31] RDX: 0000000000003e29 RSI: 000055556fb3d8e8 RDI: 0000000000000040 [ 354.763779][ T31] RBP: 00007ffc1aa19a60 R08: 0000000000000092 R09: 000055556fb3d8e8 [ 354.771787][ T31] R10: 0000000000000000 R11: 0000000000000202 R12: 00007ffc1aa198a0 [ 354.779958][ T31] R13: 00007ffc1aa19690 R14: 585858582e7a7973 R15: 00007ffc1aa195e0 [ 354.788014][ T31] [ 354.791113][ T31] INFO: task syz.3.434:7790 blocked for more than 143 seconds. [ 354.798736][ T31] Not tainted syzkaller #0 [ 354.803812][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 354.812559][ T31] task:syz.3.434 state:D stack:21448 pid:7790 tgid:7790 ppid:5821 task_flags:0x400640 flags:0x00080001 [ 354.824533][ T31] Call Trace: [ 354.827831][ T31] [ 354.830767][ T31] ? __schedule+0xf65/0x5e10 [ 354.836315][ T31] __schedule+0xfe4/0x5e10 [ 354.840786][ T31] ? __lock_acquire+0x4a5/0x2630 [ 354.845805][ T31] ? __pfx___schedule+0x10/0x10 [ 354.850693][ T31] ? find_held_lock+0x2b/0x80 [ 354.855512][ T31] ? schedule+0x2bf/0x390 [ 354.859882][ T31] schedule+0xdd/0x390 [ 354.864050][ T31] io_schedule+0x8a/0xf0 [ 354.868324][ T31] folio_wait_bit_common+0x414/0xa70 [ 354.873842][ T31] ? folio_wait_bit_common+0x2a0/0xa70 [ 354.879872][ T31] ? __pfx_folio_wait_bit_common+0x10/0x10 [ 354.886018][ T31] ? __pfx_wake_page_function+0x10/0x10 [ 354.891597][ T31] ? __filemap_get_folio_mpol+0x3ba/0xe70 [ 354.897438][ T31] filemap_fault+0x5fb/0x37c0 [ 354.902168][ T31] ? __pfx_filemap_fault+0x10/0x10 [ 354.907544][ T31] ? __pfx_filemap_map_pages+0x10/0x10 [ 354.913120][ T31] __do_fault+0x10d/0x550 [ 354.917536][ T31] do_fault+0xaf9/0x1990 [ 354.921855][ T31] __handle_mm_fault+0x1807/0x2b50 [ 354.927701][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 354.933422][ T31] ? __pte_offset_map_lock+0x174/0x320 [ 354.939715][ T31] ? find_held_lock+0x2b/0x80 [ 354.944685][ T31] ? follow_page_pte+0x5b4/0x1410 [ 354.950012][ T31] handle_mm_fault+0x36d/0xa20 [ 354.955081][ T31] __get_user_pages+0xf9c/0x34d0 [ 354.960100][ T31] ? __pfx___get_user_pages+0x10/0x10 [ 354.966132][ T31] get_dump_page+0x27e/0x3d0 [ 354.970974][ T31] ? __pfx_get_dump_page+0x10/0x10 [ 354.976462][ T31] ? dump_user_range+0x73b/0xb50 [ 354.981723][ T31] dump_user_range+0x18d/0xb50 [ 354.986674][ T31] ? __pfx_dump_user_range+0x10/0x10 [ 354.992061][ T31] ? __pfx_writenote+0x10/0x10 [ 354.997058][ T31] elf_core_dump+0x2d16/0x3c60 [ 355.001889][ T31] ? __pfx_elf_core_dump+0x10/0x10 [ 355.007269][ T31] ? kasan_save_stack+0x30/0x50 [ 355.012170][ T31] ? kasan_save_track+0x14/0x30 [ 355.017241][ T31] ? __kasan_kmalloc+0xaa/0xb0 [ 355.022068][ T31] ? __kvmalloc_node_noprof+0x34d/0xac0 [ 355.027953][ T31] ? vfs_coredump+0x1f01/0x5530 [ 355.033170][ T31] ? arch_do_signal_or_restart+0x91/0x770 [ 355.040728][ T31] ? irqentry_exit+0x1f8/0x670 [ 355.045701][ T31] ? asm_exc_page_fault+0x26/0x30 [ 355.050945][ T31] ? 0xffffffffff600000 [ 355.055232][ T31] ? vfs_coredump+0x276c/0x5530 [ 355.060141][ T31] vfs_coredump+0x276c/0x5530 [ 355.065054][ T31] ? __pfx_vfs_coredump+0x10/0x10 [ 355.070111][ T31] ? __lock_acquire+0x4a5/0x2630 [ 355.075261][ T31] ? __lock_acquire+0x4a5/0x2630 [ 355.080282][ T31] ? lock_acquire+0x17c/0x330 [ 355.085148][ T31] ? lock_acquire+0x17c/0x330 [ 355.089972][ T31] ? bpf_ksym_find+0x124/0x1c0 [ 355.094919][ T31] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 355.101314][ T31] ? arch_stack_walk+0xa6/0xf0 [ 355.106284][ T31] ? stack_trace_save+0x8e/0xc0 [ 355.111282][ T31] ? __pfx_stack_trace_save+0x10/0x10 [ 355.116902][ T31] ? stack_depot_save_flags+0x27/0x9c0 [ 355.122407][ T31] ? __lock_acquire+0x4a5/0x2630 [ 355.127857][ T31] ? proc_coredump_connector+0x2d3/0x4f0 [ 355.133685][ T31] ? __pfx_proc_coredump_connector+0x10/0x10 [ 355.140778][ T31] ? rcu_is_watching+0x12/0xc0 [ 355.145764][ T31] get_signal+0x1f2a/0x21e0 [ 355.150328][ T31] ? __pfx_get_signal+0x10/0x10 [ 355.155451][ T31] ? bad_area_access_error+0xab/0x1d0 [ 355.161124][ T31] ? fixup_vdso_exception+0x2d1/0x370 [ 355.166849][ T31] arch_do_signal_or_restart+0x91/0x770 [ 355.172555][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 355.178824][ T31] ? do_user_addr_fault+0x8d6/0x12f0 [ 355.184214][ T31] irqentry_exit+0x1f8/0x670 [ 355.189100][ T31] asm_exc_page_fault+0x26/0x30 [ 355.194004][ T31] RIP: 0033:0x41000 [ 355.197842][ T31] RSP: 002b:000000000000000b EFLAGS: 00010206 [ 355.203954][ T31] RAX: 0000000000000000 RBX: 00007f1359416180 RCX: 00007f135919aeb9 [ 355.211982][ T31] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000002 [ 355.220203][ T31] RBP: 00007f1359208c1f R08: 0000000000000002 R09: 0000000000000000 [ 355.228342][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 355.236706][ T31] R13: 00007f1359416218 R14: 00007f1359416180 R15: 00007ffdbe12e588 [ 355.245569][ T31] [ 355.248675][ T31] INFO: task syz.2.457:7888 blocked for more than 144 seconds. [ 355.257245][ T31] Not tainted syzkaller #0 [ 355.262223][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 355.271068][ T31] task:syz.2.457 state:D stack:28392 pid:7888 tgid:7888 ppid:5822 task_flags:0x440040 flags:0x00080002 [ 355.286517][ T31] Call Trace: [ 355.289934][ T31] [ 355.293073][ T31] ? __schedule+0xf65/0x5e10 [ 355.297743][ T31] __schedule+0xfe4/0x5e10 [ 355.302231][ T31] ? __lock_acquire+0x4a5/0x2630 [ 355.307336][ T31] ? __pfx___schedule+0x10/0x10 [ 355.312228][ T31] ? find_held_lock+0x2b/0x80 [ 355.316981][ T31] ? schedule+0x2bf/0x390 [ 355.321679][ T31] schedule+0xdd/0x390 [ 355.325822][ T31] io_schedule+0x8a/0xf0 [ 355.330112][ T31] bit_wait_io+0xd/0xe0 [ 355.334451][ T31] __wait_on_bit+0x65/0x180 [ 355.339116][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 355.345173][ T31] out_of_line_wait_on_bit+0xdc/0x110 [ 355.350722][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 355.356883][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 355.362421][ T31] do_get_write_access+0x82f/0x1190 [ 355.368497][ T31] ? jbd2_write_access_granted+0x61/0x3d0 [ 355.374352][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 355.380435][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 355.386589][ T31] ext4_reserve_inode_write+0x1b7/0x330 [ 355.392194][ T31] __ext4_mark_inode_dirty+0x18f/0x840 [ 355.398275][ T31] ? trace_kmem_cache_alloc+0x80/0xb0 [ 355.403918][ T31] ? kmem_cache_alloc_noprof+0x2ff/0x780 [ 355.409905][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 355.416000][ T31] ? rcu_is_watching+0x12/0xc0 [ 355.420802][ T31] ? trace_jbd2_handle_start+0x7f/0x200 [ 355.426480][ T31] ? jbd2__journal_start+0xf7/0x6a0 [ 355.431742][ T31] ? __ext4_journal_start_sb+0x32a/0x5c0 [ 355.437563][ T31] ? __ext4_journal_start_sb+0x1ce/0x5c0 [ 355.443514][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 355.449624][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 355.455398][ T31] ext4_dirty_inode+0xd9/0x130 [ 355.460221][ T31] ? rcu_is_watching+0x12/0xc0 [ 355.465159][ T31] __mark_inode_dirty+0x1ec/0x1560 [ 355.470423][ T31] generic_update_time+0xcf/0xf0 [ 355.475633][ T31] file_update_time_flags+0x401/0x510 [ 355.481055][ T31] ext4_page_mkwrite+0x35b/0x1980 [ 355.486169][ T31] ? __pfx_ext4_page_mkwrite+0x10/0x10 [ 355.491993][ T31] do_page_mkwrite+0x17a/0x440 [ 355.496862][ T31] do_fault+0x3d7/0x1990 [ 355.501165][ T31] __handle_mm_fault+0x1807/0x2b50 [ 355.506394][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 355.511829][ T31] ? __pfx___handle_mm_fault+0x10/0x10 [ 355.517478][ T31] ? lock_vma_under_rcu+0x17c/0x5a0 [ 355.522880][ T31] ? lockdep_hardirqs_on+0x78/0x100 [ 355.528157][ T31] handle_mm_fault+0x36d/0xa20 [ 355.533023][ T31] do_user_addr_fault+0x5a3/0x12f0 [ 355.538209][ T31] exc_page_fault+0x6f/0xd0 [ 355.542812][ T31] asm_exc_page_fault+0x26/0x30 [ 355.547709][ T31] RIP: 0033:0x7f2c7a46f6c0 [ 355.552999][ T31] RSP: 002b:00007ffdff03b460 EFLAGS: 00010202 [ 355.559119][ T31] RAX: 0000001b30b23000 RBX: ffffffff894220c0 RCX: 0000001b30b22ff8 [ 355.567263][ T31] RDX: 0000001b30724220 RSI: 0000000000000008 RDI: 00007f2c7b345720 [ 355.575362][ T31] RBP: 00000000000001e2 R08: 00007f2c7a800000 R09: 00007f2c7a802000 [ 355.583415][ T31] R10: 00000000894220c4 R11: 000000000000000c R12: 00007f2c7a816038 [ 355.591451][ T31] R13: 00000000000001ff R14: ffffffff89422a1d R15: 00007f2c7b345720 [ 355.599749][ T31] ? skb_release_head_state+0x4d/0x400 [ 355.605299][ T31] ? build_skb+0x2a0/0x2a0 [ 355.609829][ T31] [ 355.612917][ T31] INFO: task syz.1.459:7891 blocked for more than 144 seconds. [ 355.620602][ T31] Not tainted syzkaller #0 [ 355.625593][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 355.634425][ T31] task:syz.1.459 state:D stack:28280 pid:7891 tgid:7891 ppid:5831 task_flags:0x440040 flags:0x00080002 [ 355.646598][ T31] Call Trace: [ 355.649909][ T31] [ 355.653748][ T31] ? __schedule+0xf65/0x5e10 [ 355.658397][ T31] __schedule+0xfe4/0x5e10 [ 355.662917][ T31] ? __lock_acquire+0x4a5/0x2630 [ 355.667957][ T31] ? __pfx___schedule+0x10/0x10 [ 355.672878][ T31] ? find_held_lock+0x2b/0x80 [ 355.677630][ T31] ? schedule+0x2bf/0x390 [ 355.682026][ T31] schedule+0xdd/0x390 [ 355.686224][ T31] io_schedule+0x8a/0xf0 [ 355.690514][ T31] bit_wait_io+0xd/0xe0 [ 355.694846][ T31] __wait_on_bit+0x65/0x180 [ 355.699396][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 355.704405][ T31] out_of_line_wait_on_bit+0xdc/0x110 [ 355.709814][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 355.715970][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 355.721479][ T31] do_get_write_access+0x82f/0x1190 [ 355.726780][ T31] ? jbd2_write_access_granted+0x61/0x3d0 [ 355.732575][ T31] jbd2_journal_get_write_access+0x1d6/0x280 [ 355.738758][ T31] __ext4_journal_get_write_access+0x6a/0x340 [ 355.744986][ T31] ext4_reserve_inode_write+0x1b7/0x330 [ 355.750548][ T31] __ext4_mark_inode_dirty+0x18f/0x840 [ 355.757103][ T31] ? kmem_cache_alloc_noprof+0x2ff/0x780 [ 355.762827][ T31] ? __pfx___ext4_mark_inode_dirty+0x10/0x10 [ 355.768835][ T31] ? rcu_is_watching+0x12/0xc0 [ 355.773670][ T31] ? trace_jbd2_handle_start+0x7f/0x200 [ 355.779358][ T31] ? jbd2__journal_start+0xf7/0x6a0 [ 355.784732][ T31] ? __ext4_journal_start_sb+0x32a/0x5c0 [ 355.790406][ T31] ? __ext4_journal_start_sb+0x1ce/0x5c0 [ 355.796294][ T31] ? ext4_dirty_inode+0xa1/0x130 [ 355.801358][ T31] ? __pfx_ext4_dirty_inode+0x10/0x10 [ 355.806792][ T31] ext4_dirty_inode+0xd9/0x130 [ 355.811589][ T31] ? rcu_is_watching+0x12/0xc0 [ 355.816402][ T31] __mark_inode_dirty+0x1ec/0x1560 [ 355.821555][ T31] ? mnt_get_write_access+0x52/0x2f0 [ 355.826907][ T31] generic_update_time+0xcf/0xf0 [ 355.831885][ T31] touch_atime+0x4f5/0x5d0 [ 355.836544][ T31] ext4_file_mmap_prepare+0x4ab/0x5a0 [ 355.841964][ T31] __mmap_region+0xe7f/0x2820 [ 355.846755][ T31] ? __alloc_frozen_pages_noprof+0x2a0/0x2410 [ 355.852995][ T31] ? __pfx___mmap_region+0x10/0x10 [ 355.859160][ T31] ? __lock_acquire+0x4a5/0x2630 [ 355.864222][ T31] ? __lock_acquire+0x4a5/0x2630 [ 355.869210][ T31] ? lock_acquire+0x17c/0x330 [ 355.874071][ T31] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 355.880122][ T31] mmap_region+0x30a/0x3e0 [ 355.884630][ T31] do_mmap+0xc63/0x12f0 [ 355.888844][ T31] ? __pfx_do_mmap+0x10/0x10 [ 355.893708][ T31] ? __pfx_down_write_killable+0x10/0x10 [ 355.899400][ T31] vm_mmap_pgoff+0x29e/0x470 [ 355.904077][ T31] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 355.909256][ T31] ? __fget_files+0x215/0x3d0 [ 355.914023][ T31] ? __fget_files+0x21f/0x3d0 [ 355.918765][ T31] ksys_mmap_pgoff+0x328/0x5b0 [ 355.923600][ T31] ? __pfx___do_sys_prctl+0x10/0x10 [ 355.928846][ T31] __x64_sys_mmap+0x125/0x190 [ 355.934119][ T31] do_syscall_64+0xc9/0xf80 [ 355.938748][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 355.944749][ T31] RIP: 0033:0x7ff8e459ac22 [ 355.949206][ T31] RSP: 002b:00007fff23ef3c88 EFLAGS: 00000206 ORIG_RAX: 0000000000000009 [ 355.957698][ T31] RAX: ffffffffffffffda RBX: 0000001b30664000 RCX: 00007ff8e459ac22 [ 355.966525][ T31] RDX: 0000000000000003 RSI: 00000000005c0000 RDI: 0000001b30664000 [ 355.974619][ T31] RBP: 0000000000100001 R08: 0000000000000004 R09: 0000000000040000 [ 355.982632][ T31] R10: 0000000000100001 R11: 0000000000000206 R12: 0000000000000075 [ 355.990701][ T31] R13: 00000000000927c0 R14: 0000000000032e7f R15: 00007fff23ef3f60 [ 355.998816][ T31] [ 356.002005][ T31] INFO: task udevd:7893 blocked for more than 144 seconds. [ 356.009372][ T31] Not tainted syzkaller #0 [ 356.014445][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 356.023214][ T31] task:udevd state:D stack:25880 pid:7893 tgid:7893 ppid:5829 task_flags:0x400040 flags:0x00080800 [ 356.035231][ T31] Call Trace: [ 356.038639][ T31] [ 356.041667][ T31] ? __schedule+0xf65/0x5e10 [ 356.046454][ T31] __schedule+0xfe4/0x5e10 [ 356.050937][ T31] ? __lock_acquire+0x4a5/0x2630 [ 356.056031][ T31] ? __pfx___schedule+0x10/0x10 [ 356.061894][ T31] ? find_held_lock+0x2b/0x80 [ 356.066691][ T31] ? schedule+0x2bf/0x390 [ 356.071081][ T31] schedule+0xdd/0x390 [ 356.075481][ T31] io_schedule+0x8a/0xf0 [ 356.079754][ T31] bit_wait_io+0xd/0xe0 [ 356.083964][ T31] __wait_on_bit+0x65/0x180 [ 356.088515][ T31] ? __pfx_bit_wait_io+0x10/0x10 [ 356.093533][ T31] out_of_line_wait_on_bit+0xdc/0x110 [ 356.099006][ T31] ? __pfx_out_of_line_wait_on_bit+0x10/0x10 [ 356.105140][ T31] ? __pfx_wake_bit_function+0x10/0x10 [ 356.110642][ T31] ? __pfx___might_resched+0x10/0x10 [ 356.116018][ T31] __wait_on_buffer+0x64/0x70 [ 356.120742][ T31] __ext4_get_inode_loc+0xf35/0x14d0 [ 356.126139][ T31] ? __pfx___ext4_get_inode_loc+0x10/0x10 [ 356.131904][ T31] ? __lock_acquire+0x4a5/0x2630 [ 356.136943][ T31] ? ext4_get_inode_loc+0xbd/0x160 [ 356.142258][ T31] ext4_get_inode_loc+0xbd/0x160 [ 356.147259][ T31] ? __pfx_ext4_get_inode_loc+0x10/0x10 [ 356.153423][ T31] ext4_xattr_ibody_get+0x106/0x4b0 [ 356.158721][ T31] ? __pfx_ext4_xattr_ibody_get+0x10/0x10 [ 356.165648][ T31] ? down_read+0x13b/0x460 [ 356.170121][ T31] ext4_xattr_get+0x162/0x770 [ 356.174865][ T31] ? __pfx_ext4_xattr_get+0x10/0x10 [ 356.180190][ T31] ? xattr_resolve_name+0x27d/0x3f0 [ 356.185504][ T31] ? __pfx_ext4_xattr_security_get+0x10/0x10 [ 356.191564][ T31] __vfs_getxattr+0x13d/0x1a0 [ 356.196507][ T31] ? __pfx___vfs_getxattr+0x10/0x10 [ 356.201741][ T31] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 356.207700][ T31] ? __fsnotify_parent+0x2b4/0xca0 [ 356.213703][ T31] get_vfs_caps_from_disk+0x140/0x560 [ 356.219103][ T31] ? __pfx_get_vfs_caps_from_disk+0x10/0x10 [ 356.225141][ T31] ? generic_file_read_iter+0x319/0x450 [ 356.230817][ T31] ? current_in_userns+0x13f/0x190 [ 356.236068][ T31] cap_bprm_creds_from_file+0xb2e/0x1c30 [ 356.242627][ T31] ? __pfx___kernel_read+0x10/0x10 [ 356.247843][ T31] ? __pfx_cap_bprm_creds_from_file+0x10/0x10 [ 356.254010][ T31] ? common_file_perm+0x1ab/0x4f0 [ 356.259099][ T31] security_bprm_creds_from_file+0x91/0x210 [ 356.265090][ T31] begin_new_exec+0x164/0x3840 [ 356.270690][ T31] ? __pfx_begin_new_exec+0x10/0x10 [ 356.276444][ T31] ? __pfx_load_elf_phdrs+0x10/0x10 [ 356.281701][ T31] ? rw_verify_area+0xce/0x6d0 [ 356.286579][ T31] load_elf_binary+0x8f7/0x5110 [ 356.291485][ T31] ? lock_acquire+0x17c/0x330 [ 356.296271][ T31] ? find_held_lock+0x2b/0x80 [ 356.300979][ T31] ? load_misc_binary+0x95e/0xd20 [ 356.306079][ T31] ? __pfx_load_elf_binary+0x10/0x10 [ 356.311401][ T31] ? find_held_lock+0x2b/0x80 [ 356.316240][ T31] ? bprm_execve+0x8d9/0x1620 [ 356.320947][ T31] ? bprm_execve+0x8d9/0x1620 [ 356.326014][ T31] bprm_execve+0x8fb/0x1620 [ 356.330589][ T31] ? __pfx_bprm_execve+0x10/0x10 [ 356.336305][ T31] ? copy_strings.isra.0+0x4b2/0x9b0 [ 356.341736][ T31] do_execveat_common.isra.0+0x4dc/0x5b0 [ 356.347552][ T31] __x64_sys_execve+0x8e/0xb0 [ 356.352374][ T31] do_syscall_64+0xc9/0xf80 [ 356.356981][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 356.362952][ T31] RIP: 0033:0x7f7aca0f2107 [ 356.367411][ T31] RSP: 002b:00007ffeb0145cd8 EFLAGS: 00000206 ORIG_RAX: 000000000000003b [ 356.376952][ T31] RAX: ffffffffffffffda RBX: 0000558bac958140 RCX: 00007f7aca0f2107 [ 356.385008][ T31] RDX: 0000558bae3a7540 RSI: 00007ffeb0145df0 RDI: 00007ffeb01465f0 [ 356.393084][ T31] RBP: 0000000000000009 R08: 0000000000000000 R09: 0000000000000000 [ 356.401097][ T31] R10: 0000000000000008 R11: 0000000000000206 R12: 0000558bae3a7540 [ 356.409398][ T31] R13: 00007ffeb0145df0 R14: 000000000000000e R15: 000000000000000b [ 356.417851][ T31] [ 356.420910][ T31] [ 356.420910][ T31] Showing all locks held in the system: [ 356.428686][ T31] 1 lock held by khungtaskd/31: [ 356.433625][ T31] #0: ffffffff8e5e3120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 356.443745][ T31] 4 locks held by kworker/u8:5/1092: [ 356.449076][ T31] #0: ffff88801fe9e948 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 356.459885][ T31] #1: ffffc90003c5fc98 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 356.472598][ T31] #2: ffff88814e5900e0 (&type->s_umount_key#32){++++}-{4:4}, at: super_trylock_shared+0x1e/0xf0 [ 356.483771][ T31] #3: ffff88814e592b98 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: do_writepages+0x278/0x600 [ 356.494382][ T31] 2 locks held by getty/5584: [ 356.499199][ T31] #0: ffff88803131a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 356.509065][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 356.519471][ T31] 3 locks held by syz-executor/5810: [ 356.524839][ T31] #0: ffff88807646a1c8 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x11d/0x5a0 [ 356.534183][ T31] #1: ffff88814e590518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x17a/0x440 [ 356.543813][ T31] #2: ffff88814e594950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfaa/0x13a0 [ 356.553533][ T31] 3 locks held by syz.3.434/7790: [ 356.558563][ T31] #0: ffff888079286420 (sb_writers#5){.+.+}-{0:0}, at: get_signal+0x1f2a/0x21e0 [ 356.568102][ T31] #1: ffff888022ac5900 (&mm->mmap_lock){++++}-{4:4}, at: dump_user_range+0x151/0xb50 [ 356.578526][ T31] #2: ffff888012ae8f20 (mapping.invalidate_lock#2){++++}-{4:4}, at: filemap_fault+0x2cf/0x37c0 [ 356.589155][ T31] 3 locks held by syz.2.457/7888: [ 356.594239][ T31] #0: ffff888077bc4588 (vm_lock){++++}-{0:0}, at: lock_vma_under_rcu+0x11d/0x5a0 [ 356.603561][ T31] #1: ffff88814e590518 (sb_pagefaults){.+.+}-{0:0}, at: do_page_mkwrite+0x17a/0x440 [ 356.613269][ T31] #2: ffff88814e594950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfaa/0x13a0 [ 356.623228][ T31] 3 locks held by syz.1.459/7891: [ 356.629015][ T31] #0: ffff888032951bc0 (&mm->mmap_lock){++++}-{4:4}, at: vm_mmap_pgoff+0x1f5/0x470 [ 356.638630][ T31] #1: ffff88814e590420 (sb_writers#4){.+.+}-{0:0}, at: ext4_file_mmap_prepare+0x4ab/0x5a0 [ 356.649168][ T31] #2: ffff88814e594950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0xfaa/0x13a0 [ 356.658880][ T31] 2 locks held by udevd/7893: [ 356.663622][ T31] #0: ffff88802dea4e60 (&sig->cred_guard_mutex){+.+.}-{4:4}, at: bprm_execve+0xaf/0x1620 [ 356.673677][ T31] #1: ffff888033606108 (&ei->xattr_sem){.+.+}-{4:4}, at: ext4_xattr_get+0x14a/0x770 [ 356.684263][ T31] [ 356.686624][ T31] ============================================= [ 356.686624][ T31] [ 356.695967][ T31] NMI backtrace for cpu 1 [ 356.695987][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 356.696018][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 356.696034][ T31] Call Trace: [ 356.696043][ T31] [ 356.696053][ T31] dump_stack_lvl+0x100/0x190 [ 356.696090][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 356.696117][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 356.696148][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 356.696180][ T31] sys_info+0x141/0x190 [ 356.696204][ T31] watchdog+0xcc3/0xfe0 [ 356.696228][ T31] ? __pfx_watchdog+0x10/0x10 [ 356.696248][ T31] ? __kthread_parkme+0x18c/0x230 [ 356.696270][ T31] ? __pfx_watchdog+0x10/0x10 [ 356.696290][ T31] ? __pfx_watchdog+0x10/0x10 [ 356.696307][ T31] kthread+0x3b3/0x730 [ 356.696334][ T31] ? __pfx_kthread+0x10/0x10 [ 356.696358][ T31] ? ret_from_fork+0x79/0xaf0 [ 356.696374][ T31] ? ret_from_fork+0x79/0xaf0 [ 356.696390][ T31] ? rcu_is_watching+0x12/0xc0 [ 356.696408][ T31] ? __pfx_kthread+0x10/0x10 [ 356.696434][ T31] ret_from_fork+0x754/0xaf0 [ 356.696451][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 356.696470][ T31] ? __switch_to+0x7b9/0x10c0 [ 356.696493][ T31] ? __pfx_kthread+0x10/0x10 [ 356.696519][ T31] ret_from_fork_asm+0x1a/0x30 [ 356.696555][ T31] [ 356.696562][ T31] Sending NMI from CPU 1 to CPUs 0: [ 356.839350][ C0] NMI backtrace for cpu 0 [ 356.839389][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 356.839414][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 356.839426][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 356.839457][ C0] Code: a6 7a 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 63 6c 17 00 fb f4 fc 31 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 356.839477][ C0] RSP: 0018:ffffffff8e207e00 EFLAGS: 00000242 [ 356.839496][ C0] RAX: 00000000002516fd RBX: ffffffff8e297ac0 RCX: ffffffff8b7414b5 [ 356.839511][ C0] RDX: 0000000000000000 RSI: ffffffff8dc41a76 RDI: ffffffff8bfa3320 [ 356.839525][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed101708673d [ 356.839539][ C0] R10: ffff8880b84339eb R11: 0000000000000000 R12: fffffbfff1c52f58 [ 356.839552][ C0] R13: 0000000000000000 R14: ffffffff90b76fd0 R15: 0000000000000000 [ 356.839565][ C0] FS: 0000000000000000(0000) GS:ffff8881245e3000(0000) knlGS:0000000000000000 [ 356.839587][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 356.839602][ C0] CR2: 0000557854362660 CR3: 000000000e392000 CR4: 00000000003526f0 [ 356.839625][ C0] Call Trace: [ 356.839633][ C0] [ 356.839640][ C0] default_idle+0x9/0x10 [ 356.839667][ C0] default_idle_call+0x6c/0xb0 [ 356.839695][ C0] do_idle+0x35b/0x4b0 [ 356.839721][ C0] ? __pfx_do_idle+0x10/0x10 [ 356.839746][ C0] cpu_startup_entry+0x4f/0x60 [ 356.839767][ C0] rest_init+0x251/0x260 [ 356.839796][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 356.839822][ C0] start_kernel+0x47a/0x480 [ 356.839843][ C0] x86_64_start_reservations+0x24/0x30 [ 356.839866][ C0] x86_64_start_kernel+0x122/0x130 [ 356.839888][ C0] common_startup_64+0x13e/0x148 [ 356.839921][ C0] [ 357.025015][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 357.031945][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 357.041243][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 357.051304][ T31] Call Trace: [ 357.054604][ T31] [ 357.057541][ T31] dump_stack_lvl+0x100/0x190 [ 357.062236][ T31] vpanic+0x20d/0x630 [ 357.066333][ T31] panic+0xd1/0xd1 [ 357.070083][ T31] ? __pfx_panic+0x10/0x10 [ 357.074512][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 357.080765][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 357.087196][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 357.093386][ T31] ? watchdog.cold+0x198/0x1ca [ 357.098239][ T31] ? watchdog+0xcd3/0xfe0 [ 357.102579][ T31] watchdog.cold+0x1a9/0x1ca [ 357.107182][ T31] ? __pfx_watchdog+0x10/0x10 [ 357.111856][ T31] ? __kthread_parkme+0x18c/0x230 [ 357.116908][ T31] ? __pfx_watchdog+0x10/0x10 [ 357.121623][ T31] ? __pfx_watchdog+0x10/0x10 [ 357.126564][ T31] kthread+0x3b3/0x730 [ 357.130689][ T31] ? __pfx_kthread+0x10/0x10 [ 357.135302][ T31] ? ret_from_fork+0x79/0xaf0 [ 357.140028][ T31] ? ret_from_fork+0x79/0xaf0 [ 357.144722][ T31] ? rcu_is_watching+0x12/0xc0 [ 357.149513][ T31] ? __pfx_kthread+0x10/0x10 [ 357.154118][ T31] ret_from_fork+0x754/0xaf0 [ 357.158727][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 357.163839][ T31] ? __switch_to+0x7b9/0x10c0 [ 357.168557][ T31] ? __pfx_kthread+0x10/0x10 [ 357.173177][ T31] ret_from_fork_asm+0x1a/0x30 [ 357.177976][ T31] [ 357.181226][ T31] Kernel Offset: disabled [ 357.185561][ T31] Rebooting in 86400 seconds..