last executing test programs: 12m59.052678526s ago: executing program 0 (id=31): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) execve$auto(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) execve$auto(&(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)=&(0x7f0000000300)='#\xdc\\\xd8E\xc8\x8bu4\xd9n\xcb\xca\xc7zw \x96\x9ejh\xad\x9eEc\xae\x1e\x89\x92\x9a\xbbP[B\xae\x9cf)\x15\xac\x90)l\x06\xf0\t\x12\x05zz\xa6\xb3\xce=\x00\x00\x00\xf20/\xc4T\x1f\xe5P\xff\xb4\xb7s0\x02\xc5\x81\x93\xc6\xc8\xb6Sp\x1a{8\xfc\xe0,X\xc7BU\xd0\x97\x7f1\x16\x99\x04\xabu/a0\x02\x7f\xbb\xbd\x906\xa8\xce\xee\xcd\xd7\t\x00\xfb\x83\xc8\x8aO\xe9\xbe=\xf7\xf4\x84,\x06\xd3j\x99b\xe6\xf6Y3A\xbb\xa4\xb2\f\x1b\xc3\x8a,g\xc6\xe8[\xdf\x88\x01\x9f7\xb5\x19m\xd8\xc0\f-6\xfe\xa8\xed/u\x81_G\xfeR\xbb\x12|\x97\xabB4J\xed+-\xf8u0/n\xcf\x8b\x95\x9d\xab\xa8\xc47\xa6\x0e\xdeOq\\\xc3\'{\b\xd3m\x94\xc2\xdd{\xeaO\x0e\xe4\xe0\xb9N:\xd60\x17,\x06\xc7B#Y0\x99\xeb\x02\xfe\xd3k\xd5\xdcZ\xdcP\x8e+\xd8\xc7C\xcb\x15\x13c\xbf\xe8\xbd\"\x8f3\"\x14\xf8(\xda\x19\xcd\xec\x03.\xd9^\xc3A\xda\r[\x1a\xda\\#/\xd4\xaf\xd0\xe8\xa2\xdd\xc5{\xfa\xe0\x90\x8f\x99lQ\xec\x84h^\x11+\x93\b\xe0c\xe6\xd22\xf9\xa5\x94\xd0\xf5\xe7\xca\x00\x00\x00\x00\x00\x00\x00\x00\x00') prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x1f, 0xbffffeff, 0x2, 0x6, 0x9, 0x8, 0xffffffffffffffff, [0x80], {0x1000, 0x806, 0xf, 0x2, 0x2, 0x85, 0x2, 0xb2, 0x2}, {0xfc, 0x401, 0x50, 0x32, 0x2, 0x0, 0x4, 0x7, 0x100000004}}) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000a40)='/proc/sys/kernel/usermodehelper/bset\x00', 0x8a802, 0x0) ioctl$auto_BTRFS_IOC_SEND_32(r1, 0x40449426, &(0x7f0000000480)={@inferred=r0, 0x8, 0x3, 0x1, 0xffff, 0x7, "f08db06ce7579912311e32df20b8fcbce8de1bd68f8e9e2c61ec2e8d"}) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r3], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSPGRP2(r4, 0x5410, &(0x7f00000002c0)="0e9451a6") sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000180), 0x3, 0xa505}, 0x800}, 0x7, 0x4008) io_uring_setup$auto(0x6, 0x0) r5 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000000), 0x80001, 0x0) prctl$auto_PR_GET_PDEATHSIG(0x2, 0x7, 0xffffffffffffffff, 0x1, 0x7) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000140), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) io_uring_register$auto(0xffffffffffffffff, 0x2, &(0x7f0000000240)="c874ce8b970ba800bdf1fe496bfa6b1758cf16a93a085377b54334a02b14846df12f1b2acfcbc79ef9c1eaa3509b45effc846b0e802120bd9b48db08dfc8f6921dc5bd14bb2ce8dbaac220985505eeec777394f2904e9655a2e56cc6acaa90", 0x80000000) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) ioctl$auto(r5, 0x3b89, 0x38) 12m57.610447187s ago: executing program 0 (id=35): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/004/001\x00', 0x1102, 0x0) ioctl$auto_USBDEVFS_ALLOC_STREAMS(r1, 0x8008551c, &(0x7f0000000080)=ANY=[@ANYRES8=r0]) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) madvise$auto(0x0, 0x6, 0x66) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) mmap$auto(0x0, 0x7, 0x7, 0x40ebe, 0xffffffffffffffff, 0x300000000000) r2 = io_uring_setup$auto(0xa, 0x0) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0xe779, 0x400000000007, 0x400, 0x1f, r2, 0x2) socket(0xa, 0x5, 0x84) clock_nanosleep$auto(0x8, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x82202, 0x0) r3 = socket(0x1d, 0x2, 0x7) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r5 = socket(0x28, 0x1, 0x0) getsockopt$auto(r5, 0x28, 0x8, 0x0, 0x0) write$auto_userio_fops_userio(r3, &(0x7f0000000100)="a89371465d2af347ce7253edeee27b5e9f4c6f8e0682ecb7df82c9f22ae3911ee6dd7b9b5f9781796cf578a9637085ef6ca649e526c18241b183928fd146c74757cb82f7dd1984f515af17ed748a0b8f67b908ecabdf77c63c8a855537b61656f6d5ca52dad6fa689f636f85c71137d105dfcf85", 0x74) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty57\x00', 0x141ec1, 0x0) 12m56.05493072s ago: executing program 0 (id=41): mmap$auto(0x0, 0x9, 0x3ff57697, 0x9b72, 0x2, 0x8000000000008000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2b, 0x1, 0x1) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r0, 0x2, &(0x7f00000000c0), 0x1) io_uring_register$auto(0x2, 0x3, 0x0, 0x0) setrlimit$auto(0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) fsopen$auto(&(0x7f0000000000)='\xa9])-+\x00', 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mlockall$auto(0x7) 12m54.694869951s ago: executing program 0 (id=46): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = io_uring_setup$auto(0x1, &(0x7f0000000080)={0x86a7, 0x11, 0xfffffffe, 0x6, 0x30000000, 0x9, 0xffffffffffffffff, [0x0, 0x0, 0xffff], {0x206, 0xa8f, 0x20000b, 0x2e1, 0x504, 0x1, 0x6, 0xd, 0x1}, {0x6, 0x3, 0x52, 0x5, 0x10001, 0x440, 0x0, 0x8, 0x1}}) (async, rerun: 32) r1 = getpid() (rerun: 32) setsockopt$auto_SO_WIFI_STATUS(r0, 0x3, 0x29, &(0x7f0000000040)='.\x00', 0x4) (async) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x800000002, &(0x7f0000000400)={&(0x7f0000000040), 0x1ffffffff}, 0x6, 0x0) r2 = socket(0xa, 0x3, 0x3a) ioctl$auto(r2, 0x890b, 0x1) 12m54.300937279s ago: executing program 0 (id=47): r0 = socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000002e40)={0x0, 0x0, &(0x7f0000002e00)={&(0x7f0000000240)={0x2c, r1, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8050}, 0x4000080) close_range$auto(r0, r0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000880), r2) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000940)={'batadv0\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_ORIGINATORS(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000280)={0x24, r3, 0x3abba0b2ae0bab93, 0x70bd2c, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x24}, 0x1, 0x0, 0x0, 0xc811}, 0x10) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) mmap$auto(0x81, 0x8, 0xdb, 0x1000000000178, 0x2, 0x7ffe) r7 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x20b42, 0x0) write$auto(r7, 0x0, 0x800000006) ioctl$auto_SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000040)="02") ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0xaece, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) 12m54.102267995s ago: executing program 0 (id=48): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) sysfs$auto(0x4, 0x100000000000034, 0x6) (async, rerun: 32) fsopen$auto(0x0, 0x1) (async, rerun: 32) r0 = socket(0xa, 0x3, 0x3b) connect$auto(r0, &(0x7f0000000000)=@generic={0x18, "0000e100"}, 0x54) (async, rerun: 32) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (rerun: 32) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 64) socket(0x22, 0x3, 0x0) (async, rerun: 64) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r1 = socket(0x10, 0x2, 0x0) (async) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="cb5b"], 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0) sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x3, &(0x7f00000001c0)={0x0, 0xc4}, 0x4, 0x0, 0x4, 0x1009}, 0x7}, 0x3, 0x0) (async) syz_genetlink_get_family_id$auto_l2tp(0x0, r1) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) (async, rerun: 64) recvmmsg$auto(r1, 0x0, 0x7, 0x6, 0x0) (async, rerun: 64) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="1d000000", @ANYRES16=r5, @ANYBLOB="1b0026bd7000fddbdf25030000000400080018000380140003800f000a006f76735f7061636b6574000012000100898771f1c19f1779048590828847000004000280"], 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) (async) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r6, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) (async, rerun: 64) readv$auto(0x3, 0x0, 0x1) (async, rerun: 64) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) 12m38.874760394s ago: executing program 32 (id=48): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) sysfs$auto(0x4, 0x100000000000034, 0x6) (async, rerun: 32) fsopen$auto(0x0, 0x1) (async, rerun: 32) r0 = socket(0xa, 0x3, 0x3b) connect$auto(r0, &(0x7f0000000000)=@generic={0x18, "0000e100"}, 0x54) (async, rerun: 32) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (rerun: 32) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async, rerun: 64) socket(0x22, 0x3, 0x0) (async, rerun: 64) ioctl$auto(0xffffffffffffffff, 0x40104d01, 0xffffffffffffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r1 = socket(0x10, 0x2, 0x0) (async) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000e40)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2, @ANYBLOB="cb5b"], 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0) sendmmsg$auto(r1, &(0x7f0000000080)={{0x0, 0x3, &(0x7f00000001c0)={0x0, 0xc4}, 0x4, 0x0, 0x4, 0x1009}, 0x7}, 0x3, 0x0) (async) syz_genetlink_get_family_id$auto_l2tp(0x0, r1) r3 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r3, 0xc004743e, 0x0) (async, rerun: 64) recvmmsg$auto(r1, 0x0, 0x7, 0x6, 0x0) (async, rerun: 64) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002dc0)='/dev/adsp1\x00', 0x2401, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="1d000000", @ANYRES16=r5, @ANYBLOB="1b0026bd7000fddbdf25030000000400080018000380140003800f000a006f76735f7061636b6574000012000100898771f1c19f1779048590828847000004000280"], 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) (async) r6 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) write$auto(r6, &(0x7f0000000100)='/dev/audio1\x00\xf6\x89\t\xb6t\xae\x12Q\x15E O\xd8\x8d/\xd9\x13\v_\xbcTd\xe0DS\xef?f\xf1ou\xa4W&^\x80\xb2}\x96K\x16*\xa0\x10[8\xa3\x86\x9a3\xc1\xf7\x89x; 4\x8d,U\xa2\xd8\xd5\xfd\xf8\xd8\xb0\xe0W\xad\xe7\x05l*\xc5Z\x8d\xc88}n\x81\tK\x00\x12\xae\xff\xe5\xf1\xb5w\x81$\xd4\xca\xbe&\x195\xc1\xda>\x8c\x89P\xa1\xdb\xb4g9E\xc8\x92\xf6m\x1c\x9b\xebAzeI\xcb\x16f\xc0@\x978x\xbe\x15\'\xc6d}\xc2\xd3\x9f\xc5F8\x15f\x90\xa2\x84', 0x6051) (async, rerun: 64) readv$auto(0x3, 0x0, 0x1) (async, rerun: 64) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) 5.807087383s ago: executing program 4 (id=3133): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0xa, 0x1, 0x84) socket(0x2, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x181040, 0x0) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0x48400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/machinecheck/machinecheck0/bank0\x00', 0x840, 0x0) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) pipe$auto(0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_udc.0/udc/dummy_udc.0/maximum_speed\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x669400, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/asound/card0/pcm0p/sub3/xrun_injection\x00', 0x8a180, 0x0) socketpair$auto(0x800001, 0x2, 0x615e, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 5.567413806s ago: executing program 4 (id=3128): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r1) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_4={0x17, 0x1, 0xa9, 0x4004}, 0x6f4) syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000280), r3) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) r5 = socket(0xa, 0x2, 0x0) setsockopt$auto(r5, 0x29, 0x30, 0x0, 0xd393) write$auto(r4, &(0x7f0000000440)='ON\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf0F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\xed\'\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0xb8c5) r6 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f0000000300), r1) sendmsg$auto_IEEE802154_LIST_IFACE(r3, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x3c, r6, 0x100, 0x70bd29, 0x25dfdbff, {}, [@IEEE802154_ATTR_DURATION={0x5, 0x15, 0x1}, @IEEE802154_ATTR_CSMA_MIN_BE={0x5, 0x26, 0x5}, @IEEE802154_ATTR_CCA_ED_LEVEL={0x8, 0x24, 0x800}, @IEEE802154_ATTR_DEST_PAN_ID={0x6, 0x10, 0x800}, @IEEE802154_ATTR_DURATION={0x5, 0x15, 0x2}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x20000040) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r7, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0x2c, r8, 0x1, 0x70bd2d, 0x25dfdbfb, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x1021}, @NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x14, r2, 0x1, 0x70bd27, 0x25dfdbfb}, 0x4b}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) r9 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_RECONFIGURE(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="00032bbd7000fedbdf250300000029000a002f7379732f6d6f64756c652f7a737761702f15a162f06d65746572732f656e61626c6564000000000c00030009000000000000000c00050004000000000000000c0005000100000001000000ecbfafd4e5375c9f12089e2a0d6619c04c22a5fa77c03cfe68abe8b25f5b8fa0f33fb7bff83e0a7e5672d2d35d0caf9e8891a9caf3dca8a8c173ced6eb27f8e885195764c81173c828b998e7e39a6f8c65836160"], 0x64}}, 0x200480c1) 4.345187332s ago: executing program 3 (id=3130): mmap$auto(0x0, 0x6, 0x3, 0x19, 0x7, 0x8003) sysfs$auto(0x2, 0x100001000000032, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vidtv.0/i2c-0/0-0068/name\x00', 0x18b080, 0x0) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7fffffffffffffff, 0x4) get_mempolicy$auto(0x0, 0x0, 0x400, 0x0, 0x0) ioctl$auto_BLKPG2(r0, 0x1269, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, 0x0, 0x8800, 0x0) ioctl$auto_BTRFS_IOC_DEVICES_READY(r1, 0x90009427, 0x0) read$auto(0x3, 0x0, 0xfdef) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x80000000008000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) r2 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/input/event1\x00', 0x42, 0x0) ioctl$auto_EVIOCGMASK(r2, 0x80104592, &(0x7f0000000040)={0x8, 0x200, 0x2}) unshare$auto(0x40000080) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000280)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\x9e\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\xec\xf9\x8a\xff\x87\x1f\x88p\xef8D\xd9\x1d\xb1#v8Ma~\x97F\xc8', 0x100000a3d3) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 3.922366196s ago: executing program 4 (id=3131): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(0xffffffffffffffff, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", '\x00', ["f5401b0060c100", "70d9a9a3af9f39d000000001", "ef5a00", '\x00\a\x00']}) r1 = socket(0x28, 0x4, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e00a7"], 0x1ac}, 0x1, 0x0, 0x0, 0x40080}, 0x40000) read$auto(r1, &(0x7f00000000c0)='\x00', 0x2) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) r4 = socket(0x2a, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) r5 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x21) ioctl$auto_FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000080)) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_tcp_metrics(0x0, 0xffffffffffffffff) io_uring_setup$auto(0x89, 0x0) r6 = socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r6, 0x8955, 0x0) io_uring_register$auto_IORING_UNREGISTER_FILES(r6, 0x3, &(0x7f0000000340)="31efa75421414e1a851cc104b928ef9ecf8d06aeebdc0d9bfa16d9079f245143a9170db3a341bc78f076ece65259c57e22dccaa0229e63d76e5d4532d107f80abbf0f75705223402032c280b669af51e2ebf9e33f6b9274f69e097", 0x10000) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r7 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r7, &(0x7f0000000140)={{&(0x7f0000000000)="d01f520000000000000000", 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x1, 0x5b4) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) sendto$auto(0x3, 0x0, 0x7, 0x101, 0x0, 0x6) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="2f212dbd7000fcdbdf252100000008000300", @ANYRES32=r3, @ANYBLOB="0c002d800400fdd1e5"], 0x28}}, 0x4000000) 3.553013364s ago: executing program 4 (id=3132): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x0, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x2b8b, 0xe, &(0x7f00000002c0)='nl802154\x00', &(0x7f0000000340)=0x7) shmget$auto(0x0, 0x2, 0x8) io_uring_setup$auto(0x6, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000380), 0x43ea02, 0x0) lseek$auto(0x3, 0x8, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(r1, 0x0, 0x80000000006) signalfd$auto(r1, 0x0, 0x8) 3.425139097s ago: executing program 1 (id=3134): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810005, 0xf4, 0x800000000a011, r0, 0x8000) mmap$auto(0x0, 0x2020009, 0x2000000000000006, 0xeb1, r0, 0x8000) rt_sigtimedwait$auto(0x0, &(0x7f0000000300)={@siginfo_0_0={0x0, 0x3, 0x0, @_sigpoll={0xc8}}}, 0x0, 0x8) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x401, 0x8, 0xfe, 0x6fb3, 0x8a, 0x9, 0xffffffffffffffff, [0x100, 0x9, 0x7f], {0x2, 0x7, 0x3032, 0xe, 0xf, 0x5, 0x5, 0xfffffff9, 0xf08a2b3}, {0x0, 0xfc, 0x6, 0x0, 0x0, 0xf89, 0x9, 0x837, 0x8}}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x1ac}}, 0x40000) r1 = socket(0x11, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000080), 0x49}, 0x5, &(0x7f00000003c0), 0x5, 0x1000}, 0x5}, 0x2, 0x100) setresuid$auto(0x0, 0x8, 0x8000) mlockall$auto(0x7) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) 3.254239646s ago: executing program 3 (id=3136): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ttynull\x00', 0xc7f16bff2a30fa01, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x2, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x4000083, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000002}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) socket(0x8, 0x801, 0xfd) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) ioctl$auto(0x3, 0x894b, 0x38) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(r1, 0xc1105511, &(0x7f0000000080)={{@raw=0x2, 0x7ff, 0xa, 0x7, "26d718b7d3ee69350e4ede7079dcb0c24c8aa1e3c7ee2e00308b8a7d74b0a707f7045e6d035b196ca83379bb", @raw=0x4}, 0xfffffffc, 0x0, 0x2, @raw=0x31c7bc81, @enumerated={0x0, 0x6, "ad75b255b5cdd64a6b7a755de55f0d00002200000000f15a5ca5dc29f056113e9b60cd7bd82081ec9009006c1ae716e8d0930da366e011ae30c0a636577776a6", 0x3, 0xcac}, "18a801006a0900000000000000c4bd5359eeadc8357752b72fa176254d8797cdffd02555ac83a07983eeddcd24b626f54ad9d763dcdc9120af8b7c848ceb55a7"}) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000009c0), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_PAUSE_GET(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x40840}, 0x4000844) socket(0x1, 0x3, 0xc) socket(0x6, 0x4, 0x5) r3 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r4, 0xfd}, 0x6a) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) r5 = socket(0x1d, 0x2, 0x6) r6 = socket(0x2, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$auto(r5, &(0x7f0000000040)=@can={0x1d, r7, 0xfd}, 0x6a) close_range$auto(0x0, 0x5, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000300), 0x343441, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.094711772s ago: executing program 2 (id=3137): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0xa, 0x1, 0x84) socket(0x2, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x181040, 0x0) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0x48400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/machinecheck/machinecheck0/bank0\x00', 0x840, 0x0) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) pipe$auto(0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_udc.0/udc/dummy_udc.0/maximum_speed\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x669400, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/asound/card0/pcm0p/sub3/xrun_injection\x00', 0x8a180, 0x0) socketpair$auto(0x800001, 0x2, 0x615e, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 2.870039461s ago: executing program 2 (id=3138): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x0, 0x0) r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(r0, 0x0, 0x80000000006) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x6) signalfd$auto(r0, 0x0, 0x8) 2.811948055s ago: executing program 3 (id=3139): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$auto_RTC_IRQP_READ(r1, 0x8008700b, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) getsockopt$auto_SO_RCVTIMEO_OLD(r0, 0xffffffff, 0x14, &(0x7f00000003c0)='\x00\x00+\xa2\xc7\x92\x00\x00\x00\x00\x00\x00\x03\x90\xf9\xe8\x11\x80\a :w\xac[\xbb\xac\xe3\xe0\xff8g:\x04\x00\x00\x00\x00\x00\x00\x00=r\x03\x95\x87\xbaM\xd80=\x81\x8ez\xab\xc3^\xb0\x03Ijj\xc4\xf9\xe6\x84P\x15q\xaa\xc8\x03\xba\x8c\xe3\xc3r\xb8\x1b\x98\xe8\xbc\x11.\xd9A\xb3P\xfa\x04\x95\xfc*\v\xb8\xc5\x16Z\xb7\x82\xbc\x96o\xd2G\xf8\x0f`\xa1\x1f\xc6\xd6\xc5\xdcM\x17\x11\xd2\x12\x988\xa3`\xad[UI\xf7\xc7\xcc\x13XH\xc1\x02\x84$\x97;\xebM`\x7f\xe4\x8dbe\xd8\x901\x8e\'\x10\xf6`^\xd28Xk\x03\x8d\b\xbd\xe2d\\\x11w(\xc7D!,6\x01\x00\x9f\x8bxg\xe2\xfc~\x006\x17\x9b9?,\xd8\n\x82r\x12\xa9\xfd@\x90&\xd3l\xa7[\x9bx\xf7\xb9[m\x9a\xee\"\x9e\x81|\xa4\x8f5\xea\t\x02Axu\xe9io`\x81\xb5\x89\x01\xa0\xa8~]\xd8]\x14}\x8c\xacRc\r\xb7.\x7f\xb3\x85\xff\xf5\xb0\x11/\x80{\xab)\x05\xb3HHU\xcb\x00', 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fadvise64$auto_POSIX_FADV_NORMAL(0xffffffffffffffff, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x400c1) read$auto(0x3, 0x0, 0x80) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x100000000) socket(0x2, 0x1, 0x106) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0xa901, 0x0) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, 0x0, 0xa040, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xcd, 0x0, 0x567) sendmsg$auto_WG_CMD_SET_DEVICE(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x64, 0x0, 0x20, 0x70bd28, 0x2ddfdbfd, {}, [@WGDEVICE_A_PUBLIC_KEY={0x4f, 0x4, "8d543bcbae3f42736046a636dc5f0f022c493bf4a74de24c81e3630f4a5dd86992e2f46a45919f6f50a256e565a8abe96ea490217d20be5810017028ee8e13f743fbf02244e8310bbe62b2"}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x44008000) 2.591127531s ago: executing program 4 (id=3140): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) shmctl$auto_IPC_SET(0x4, 0x1, &(0x7f0000000280)={{0x80, 0xee00, 0xee00, 0xca6d, 0x8, 0x4bd6, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x1, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x9, 0x0, &(0x7f0000000140)="4f0d6995e943b6bc1919", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815abade214708a4ade77c6faa2f2889ca3e7989f32645dd597a3ae1b46e8d8c7e03ae6b8aaa49f6bf64"}) process_mrelease$auto(0xffffffffffffffff, 0xa) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) add_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000001c80)='\\\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x4a42, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r1, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xb, 0x82c, 0x1, 0x4, 0x3, 0x104, 0x47, 0xffffffffffffffff, 0x7, 0x8000000000400000, 0x3, 0x200006d3c, 0x3, 0x2, 0x800000000000000a]}, 0x0) close_range$auto(0x2, 0x8, 0x0) readv$auto(0xffffffffffffffff, &(0x7f0000001780)={0x0, 0x400}, 0x7f) 2.330295277s ago: executing program 1 (id=3141): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2a, 0x2, 0x1) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x7fff) r1 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r0, 0x7, r1) rseq$auto(0x0, 0x584, 0x1, 0x2) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000002180)='/dev/snd/pcmC0D0p\x00', 0x0, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) ioctl$auto_BLKRRPART(r3, 0xc0401289, 0x0) prctl$auto(0x9, 0x10001, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000002940)='/dev/fb0\x00', 0x841, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_udc.2/udc/dummy_udc.2/a_alt_hnp_support\x00', 0x2000, 0x0) bind$auto(0x3, 0x0, 0x6a) pread64$auto(0xffffffffffffffff, 0x0, 0x100000001, 0x7) fsconfig$auto_FSCONFIG_CMD_RECONFIGURE(r4, 0x7, 0x0, &(0x7f0000000240), 0x61fbd03e) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x800, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b7e, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ila(&(0x7f0000000080), 0xffffffffffffffff) prctl$auto_PR_SET_SECCOMP(0x16, 0xb, 0x2, 0x670409f7, 0x6) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) rseq$auto(&(0x7f0000000140)={0x2d, 0x1a00000, 0xb527, 0x9, 0x0, 0xfffffffb}, 0x7, 0x8, 0x2) getsockopt$auto_SO_PRIORITY(0xffffffffffffffff, 0xcf2e, 0xc, &(0x7f0000000100)='\x00', 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) 2.184922215s ago: executing program 3 (id=3142): openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x20000, 0x0) r0 = socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x65, 0x2) mmap$auto(0x0, 0x2020019, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) move_pages$auto(0x1, 0x20008, 0x0, 0x0, 0x0, 0x8000000000000000) r1 = socket(0xa, 0x801, 0x84) mincore$auto(0x1000, 0x8001, 0x0) setsockopt$auto(r1, 0x10000000084, 0x0, 0x0, 0x10) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x41) setsockopt$auto(0xffffffffffffffff, 0x29, 0x1e, 0x0, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) write$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffffff, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) socket(0x2a, 0x2, 0x0) r2 = socket(0x2a, 0x2, 0x1) connect$auto(r2, &(0x7f00000000c0)=@qipcrtr={0x2a, 0xffffffff, 0x4001}, 0x55) bind$auto(0x3, &(0x7f0000000080)=@qipcrtr={0x2a, 0x1, 0x80f0}, 0x6b) pipe$auto(0x0) dup2$auto(0x5, 0x4) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000001, 0x9) write$auto(0x6, 0x0, 0x100000001) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0xbb, 0x0, 0x8, &(0x7f0000000040), 0x81, 0x9}, 0xfffffffb}, 0x5, 0x6586, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) read$auto(0x3, 0x0, 0xfdef) 1.877973472s ago: executing program 2 (id=3143): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x28, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0xac582, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0xc048aeca, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000040), r2) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, r3, 0x1b, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, 0x0, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@L2TP_ATTR_L2SPEC_TYPE={0x5, 0x5, 0xf}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x810) 1.395063821s ago: executing program 2 (id=3144): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r0 = socket(0x21, 0x2, 0x2) openat$auto_snapshot_fops_user(0xffffffffffffff9c, 0x0, 0x604200, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, 0x0, 0x40000) recvmmsg$auto(r1, &(0x7f0000000180)={{0x0, 0x10001, &(0x7f0000000080)={&(0x7f0000000040), 0x200}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) r2 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000040)={0x1, 0x6, 0x48}) sendmmsg$auto(r2, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200)="4c03000000000000002f", 0x49}, 0x5, &(0x7f0000000700), 0x5, 0x1}, 0x5}, 0x2, 0x100) ioctl$auto_SNAPSHOT_GET_IMAGE_SIZE(0xffffffffffffffff, 0x8008330e, 0x0) poll$auto(&(0x7f0000000000)={0x3, 0x1, 0xa}, 0x5, 0x108) setsockopt$auto(0x3, 0x1, 0x20, 0x0, 0x9) mknod$auto(0x0, 0x1001, 0x4) sendmsg$auto_NFC_CMD_LLC_GET_PARAMS(r0, 0x0, 0x40000) setsockopt$auto(0x3, 0x10f, 0x80, 0x0, 0x7) r3 = socket(0x2, 0x1, 0x0) r4 = getsockopt$auto(r3, 0x6, 0x23, 0x0, &(0x7f0000000100)=0x14) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) open(0x0, 0x22040, 0x75) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x5, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_PPPIOCSACTIVE(r4, 0x40107446, &(0x7f00000001c0)={0x5, &(0x7f0000000140)={0x8, 0x0, 0xfa, @raw=0xffff0acf}}) 1.115584597s ago: executing program 3 (id=3145): socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmsg$auto_ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, 0x0, 0x20000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xe2080, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x200007, 0x8) read$auto(0x3, 0x0, 0x8080) ppoll$auto(0x0, 0x2, 0x0, 0x0, 0x8) syz_clone3(&(0x7f000000dd80)={0x100000, 0x0, 0x0, 0x0, {0x13}, 0x0, 0x0, 0x0, 0x0}, 0x58) syz_clone3(&(0x7f000000dd80)={0xa04400, 0x0, 0x0, 0x0, {0x12}, 0x0, 0x0, 0x0, 0x0}, 0x58) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, 0x0, 0x40090) madvise$auto(0x9, 0x1, 0x4ba) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4004) r0 = epoll_create$auto(0x4e) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) read$auto_safesetid_gid_file_fops_securityfs(r0, &(0x7f0000000000)=""/83, 0x53) 1.047898041s ago: executing program 1 (id=3146): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/net/bond0/bonding/slaves\x00', 0x80002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000000180)="895c", 0x2) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0xa, 0x5, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, 0x0, 0x80342, 0x0) socket(0x2, 0x2, 0x1) io_uring_setup$auto(0x6, 0x0) socket(0x11, 0x80003, 0x300) socket(0x11, 0x80003, 0x300) socket(0x11, 0x80003, 0x300) close_range$auto(0x2, 0x8, 0x0) r4 = ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r1) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000080)={"e89f1ccb7436b931efa5e5c38c5ea165aa4acd874ff2feb919a033c9631636ca", 0x4, 0x0, 0xffff, 0xfffffffffffffff1, 0x1ff, 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r6, 0x104000000000010e, 0x8, 0x0, 0x20003fe) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000000), r6) r7 = getuid() stat$auto(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x7, 0x3, 0x8cb1, 0x0, 0x0, 0xee01, 0x0, 0xd5d7, 0x381, 0x2, 0x5, 0x100000000, 0x0, 0x3, 0x3, 0x4}) r9 = wait4$auto(r5, &(0x7f0000000140)=0x1, 0x8, &(0x7f0000000440)={{0x2, 0x34}, {0x10}, 0xb, 0x1, 0x6, 0x6888a74a, 0x5, 0x2d10, 0xd31, 0x2bd, 0x7, 0x5, 0x6, 0x2, 0x3, 0x10000}) sendmsg$auto_TIPC_NL_NET_SET(r2, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f0000001200)={0x1960, 0x0, 0x8, 0x1, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x1949, 0x4, 0x0, 0x1, [@typed={0x8, 0x3c, 0x0, 0x0, @pid=r5}, @generic="aa4e92b671476b4e814d2ebb56cd4d50272428cccd0ce2b658763664691d6e55d25356993bbe0565b73835a89c077ada7e8ac0cd33f499fecff13c43edf58a3fc8dc478237a155dc34465355cfa098c5a31402f67355a6c897e05374a2", @nested={0x186e, 0x10b, 0x0, 0x1, [@nested={0x1ae, 0x99, 0x0, 0x1, [@generic="f725fce8f37a146638ef16d4f75adf66869b6f12a3f69265d5af9f68f85e166bd17a13d40e3481a3bf7096bed4a2fb0d40b62e891fbd424921fd8fb24edb07242ad88dc961cdfecb43007bfa1df7c2eccec3f5b8e188aab097e8999e8eaa0f2301c542c86965b1e14a48b68bde43561ab4920dc467f6582cb651231aef041bf23626befb43b9b70874f416809c66b310431ff4ed80f4ec0ea7c883384b383524e5e77759b5e7241b57855f7c64462a851a09af0c83064382b656037592c3279ff4149a89c233ac16f78ae6aed32046", @generic="c73cb9a6b55fe228c00196778f5e90c9725eb1a795dc48fded0631918d5a2a7d5a941e46527b474ca08364accf4320e5863d2d426c8292ad1e456949ab832bb5472a87c90fe20ae6ca1409ef325a7066fa15384394e9dbc9bf173b2280498063982032607fb04d711c65aa9e6401e43c67d25393fc242a3179ab813fc4dd7e8645891a87c7c55c0d75331b2caffb9abdf53428159a685003d4cd3638eb3ce6b1048d1541ec1ae50580e3f3d936520a41aafd025db748f1fbf64cf4327ef132e9080834ad7be649f615450fdcc7512142650d7cf5d497cd", @typed={0x4, 0x15}]}, @nested={0x118e, 0x144, 0x0, 0x1, [@generic="b2363b87c3b775a86d9394b5fd77", @generic="feba82b34667582bfc1745eec365229f92cd8a79ec2d78d38724075745b2c77b680a9ab07e072703e4596e8a820a1768397fc0355c1e6bbb385dc2e2e0934e0776d56e31be0e798ec94b53df70c907d2ff87582e2efbd0716f8fadcdda6a54b5ea96b5771f30d04719c35d616e667724ad507bdf2281f9e2408566bc8125c299f785186338e297550ebc037b6e38032eedffb472e26d8efa9336960ad0982bba7a6f18ef6ccd2c4da3bcb7fa8613c296e5ab8b7bc45486eee7770938cacaba45a6d84580ae4528fc57a9cabfb269d63279bee7c5f1333dd1c8961517fb479626a66b7f6751758786ecb29de1e873ac455eb9259cc5e0b90531f721e84c562867deec8caadda679c460c9bb73f9bb64339073ae9933e3cd0b3c40373adc44590fae3a960db13765aef76d0c7eb0fa9aec96c08ffa2ce24e5189fe631e9706105bebefd6c4abefe1925b2c725c6ba3c7fb1d6e6054df912ec0cf4d221b1b2a70bc32e2af1830c57360d00058202b8c12e9913393a27e50c15da24341b7f68cadca9ff59d1c62872dc826606bedf9af672f1b8a3336a8a22c43d93a724aa5f6021211f7e67f87eb5dc055049d902008dcbfa35539d707a7efac97231f501ab9744146321ca8e16ff3eaf0cbb4700b1e5eb669d00abe2c2f85ecdad52f1048cdf09df8d5cb5df80c60eccd63540a4c235c308ff76f543488ad72c2d264a26ffdb5996043bfa680b8baf0583b38cce54fb3dfb0d0e883f7d1d8f8b692b2c37c2d69df1ada69c3de43bf955d5d829c4858392da67cec7deb28ff1686958d15c6447709c97dfa9170dbf991e064865150a5b9469672b28d39535d75271129e907e82ac5b59f21a7bc37bd2bd7153be6813dc9028abc5c9b46a898fa85d7579dd3f2077af32be311aaa554a5b610cdc3c10ef4e649602bf93acd436625e8424b8048b6de058abbf1452230f68f2d19e214adc801996a26157b575dcd4f03d178fb74bdc75658cd5908d7ef0970f5858eb792dd2192c2113f2ada52337057873595ceb7563c823343a1c38594a9dd519e484bfcdd9dad47adca8707f323636d24a377ddd7a0a8e7db2161d5512e7acdebb531939a45ecbf84fa07a7a16761740397a09459b8f55196c81fce2fa18052652c5360e29d019f5bf71b15882c72757ee4de7ee09926e33df372aeebc924777589738ad5c3ef1abf712ae12a88014cd3a8780d9733231c8f33b318bd3ee28522a56b1bba386339558a8942f96b0e50182ada4d783c20ca0dd2ab568f68915608986ddf9d3a832610f4f9f6dda3192e64cad26adfd52024d6e91c609e939744aeee4843d44c66de9b8374e20044b149350c846afae3498256daeeb82dcda723fc040d5d4ffae9fb4baac934914cb1ad7b1a645c7c172fdf74c758a27893db4481e5fdfdd3e170b8dce5ce075ece1b28f7944b5e0dd5842dcf9928485df8c0f48d2d7f37802cda80ee83110d6d754ecae7a42a73dacc6295a0f4eef1976d1bd28021f557fe2ac3b47dc64d0ca805d1909a321cf158b8695e98675708e2eb807cc1a1400f0ed7087a18c5a1e571be2ec6e6723e0ceb1883959a772c1a3a65c1cd32235b58bd681ba713610cabce50f0a501500e4a3595a2271798491fa057eeab98706408f3f5299eb536d2c2dd25f5a71c4d0f77a81b351497eced8ad6412a6b7f0a8319015188ad5e2a469187b0bd814c96190df9746e0d9bd2419fba158098ca73d687f4b740e4c9ff73e93d052545f6ef0b87517bddfba6f0fe6eeba21a756e890e4aa6dc422919420abfc860d526c5ca9bdc035d9d62feff16c4968be8fe3ca45d4cf877fb99a827f7f59860c938ef02eb478dd9fa3488c5721a7d62fbdc8179814c059ddea1bf7a462162eff551684ed84c94805e0656414be1b585576fd9e62efa8e05001729206f4b2c4559a51f397f17afb6bee49c799bf214ec8b197c1806d851d7d80790a21fcd829bdac464d2b7b511b3bab270322f3c4c4fa255d254b0f1e83734fd1e33add24b12cd6c8f76ee45a11ad8679128e5be8b019c6a308fd7e43a9835f486c2cd1712d78efe13f8181b4c246e18e0114204d06935e026b7b1d4465dadc39725153a0bc86598c3a5c04fc415814db774560351ce5b2ddd63cea9c2d4a1eeef9fe6db1205d07f3f41f3ee20c601181236a2a95260a584150d0d6f29693c38e672e1160948d41e0bc10e573041fa527497df25c34083c63cfc5f3a4177d445de51fa04672f0f76f7e5d5fe63347c5369181dbeb53d337636664cab2d04393bec2448a9b0d1ae4e0424453ccf1332cfb15168cc43ec3ae6d39f7000448a36ad67ad87096863b673bea68be1a5b36c78fb7f94b63b9d6e5ae65a2ab6dfd4673778be3fd7421de03d88ee4509a95196cc65763c8fbdcc8e8e0ed085fd1daa94f12d320d577cb9c783dd6f9cc2fdbd2ed06cb2dc077dd4a5c0216f50d58368cc8179edbc1154c00f36303402e769e884c55ce144b592fa74fd0828adb444edb337848a3733284775787aecda77c4f7e939dadc29bd1d3c71508ac35af53fa9735f4259c82a5910e1f11a2e1b07e49776d70b27129b2c89e19f91e249030f7026c351e8801c2ae8857ab64884b1b51f727a35dcc0e6a681a47e0005307cdba55e969573d7e51e8b63f841d2424f08ca67373a02e9df3599cfeaf261713db3cbaddbf6a847002d0d252ae8bee6fdd93ebebe72dac8056b633f38ec40f2907e84552cf342a1f6a630eed6a8bea6be363edabe79c4a0f45d998dba23b7e9d40ea969c0ecd4c168d51671aec78de835b3db8e306bc925224308d3449be447ee9ad5c5bf728b805ea358990a93d92461883e1b3cb4a9290960f616e18be125ea1e9de6a3f809b390c85f660473f76d4fce1d54455f6a48c335c5b2a60852d11510f9ec6ffba8f43c95ab3a8548a2dea719aec15471845d98948ef008a9cb036164915b0efc21611e649121a44452320d1890bedd38a8ebd2ea851662dd85f14786570d62191cb8d2ec7701e4bff4f35142dcbd70cd371d2945c30f78054e416cb845024da91c19f2270ab7dbac01b9a27fae1e2173d5cd0a40b0d4622748f92875ae849c106dde2f347ada371ec23e56c5fbd7be4410005633d9a7253df46ad3c36f79c6e2c26d50c60be791de68f3b9e741791a1255a0045510fd444e388d2cbfe988f6def3d28e85fa7b91ea27c5eca2064ec13e0642bbfc11b27f64bd8f0436f07593faf3816b2740339fd0d1eacf3cb46a4b193599715c56ee75d4f8f48afa630f81786dc1c47dfd498f15a415ced23ec95821d8af71103a6c5cf498776210e62f3b412d95b159a3c5213dabb36c4ae856b7f040d6f418d98f2acdf20676fbccc743676fdc131960fd914eb8fdb53f6f90e83f43d9d50f5dc78ba71ae933fab53c00c99561773927b529a7215525032f1c0e74bcb7457b08a949bdf504c812a572700af4f2f8f2c52a8aaaacfaae48e828b979d05385b1d9f8db3c4f3e1afb23926c321bf61fe296d2e8f78044739e2aa6b3c9cba1a3ea96f6daf250a6a785941d6fc35956ce117b3ae5033536676b7da8fbd0a6f83df2c53268d2ddb74471f7334203e0fce8ecebe85b3e0a7cc64210aeef579ae8df04b4fa5756baa5f979a574571fda9d6f88ce05b603bc2da76688937a4b9d8f04cd5041e4745d92afa498fe3be3a13753c9a944ff3519fa00a02b22e4e46a37f6a8708551026396d20a308c4fc0a4d19e537fdd02213b41d5944f1227adaf3211d9cc0705e320cd0dae2bde8b90347f6e804ae30f2d85c203e1bb0aad84262ef6052a2f5ef5aa82b9b75e3e182fd6da1cd69dadee9bf0021c59d182aa18f5c6dd7d0928080f9cf48006564a42d531a23ffcb2bdb8d030a081f7b9935fa44f453be3f20fd83739ecfcb8a17850cfe2bec9ada271a3dbacf22555a3b690459063967ee5dd622efc5dab15f01ab869afd52db7cdfc512a10337c3f48b6775304372fc293102550a9de3f35bcd791b1c5ebaeebec46d9c049738d3af2c087adc0dff37f851353ee91e9ed91ef7f716e1d2b15ff48e22c0b394a34b6f3593d41265d33657c29a9bdc51e30f116bf1dd866d65f37dc0f5522ec32d386757ba6845a152ef542f4b2fb16c63b38a3d18a946e74b00f225c1daaf9eea04c7884ff6440a590a9eca6d7a8a4e8d2ea11f74bdb1ad88799cb4b6c0aa917cca20d162e5906caf3f566c77ae0a166fee92014ea1af409e03d7b9a77c00d5133ef963e8a86ae06b29dc33d64d2ba649a3733b95df506c67f62981cb7f98d5ef02cd5afec0d872739d257eb2f98df7405cac713c0843788565ca970880e28aba5933ea99488bc348606b0a839a0692b2fa0d1b5e892492319c5947c07a6941c7c6adc6fa15c5268d644e1c6392a66f0f821586283e0038ef16eba6b168824f8556b3aeb4f17665a1dda31b0b40ac37ebb2ce9365d1d3d0e491e4ed767b3398b6041a00516b8c045db143133650fc7e5ab79fbcd9b8122c99dfcfbf8f86f29be2cc4cc1e1d27247342005007d07a3ca993384ab368a19b946f3aedecdcf1a2a588fd0cf6dcb6121180f81e1c4dcfa17b21fc2f5cd6d22aa51e72d368e9b62276fb4dfb48c19a4d06e2ac45817e978e1a005fce22cfbe051d87fc80d36aea94be455641e03e8423fccca991f712617b47164f6aeddec2e8a4fed77f46861f9bfccdd64d722bb64b14066085b2802402a9b1fbde807fc52bfc3038c468796940ea22e834315a38d784060bd56db3409290d51de22d3f831b1b1678b685a1e51c8b469bd8e8a714449a0dd74c1c9913e5d00d4586f254ffed9312ead682dbc53e40be03e2618961546dd1dd2e7428109279c01d1931b6dca46f30c75a0bf4af8354209d39827a5c60154823104ee68958174f1c433e8c3a5339728ae37d130ac47160879287f58efecef9ec6396a9a10fd3969ebc2ace428c72485d07743e3a0174029778d5e031e8589b61678564ff7c5eaf9e1f85dc2f0ffd150408622b77862e6778e3ce860f6496c674a3587b0fd267a8574e8cbc595cab9698f4fe01bb7948ea23659847e58ddb9a649efa26278699e6eeea388c20bf2b5282fafc738d763698473968062eccde99f476283a33cddb2155a1912660fe56e79e278c66419f82bdabcccf3ac7ab54ee6e63e51e815a21560dae996cdf9d9bf7b747d42bc2be8b634bef1a7b1133739ac2930f2345f06de090b9caf3d2846d336559361abc2d0ee49d8dba8e09457ab3128d93355a9f7b767800bd637deb5184038e26d70b81ae8289089356f3947114a43b9787d6887f9d4abdefa4339d48ec47c4cb4ae22c701536a3d3e28f8867867a906d84061fadedfe64135602fa865596595ff48ebda9227bbd3cad01a351fe660bd9dc68211967b12c4c6f21a3d4d0b4617f491eb55b64b44d2a42cf6adda3b5b441cda2369b4419803c6b728aac4e6dcd87b0489e81e7e137abd2d927a1d89804789301a87796666a09270c4b54da19c8e013cff113326336e016495dcb00799539eee288b5d12798ab92236baa2b6db4e905b97e28f7a37fda4fb7f4a4fb7c69c8f92e6b708642cc6edfa70d64ac5e2a0d796330135614c11303cb578a7908d20d76ad4d032cc6cacc3da9255cf26a972f7951e5e5174f61a7d1a717f829d020283abcdb8ff4087c5c924387a75cea27175dc617478380ab4651f8a06e251bbcecdcdc5ced8d2e675ab087feb82ee085841c075a404b2781de6fb71843a965e440e84da50cc566ba4977013a16dce1e41fe3a0da81a1f9", @generic="6ef09dc0344b0a2058f24bf921df1b6dcf41b23aab29f37bcf163932bcee606d54cb250db6f332862da64e1f076713dbe2d73ca6e1fa30f01a300ff07a34f0188ba212c97e7144f0e636996a80eff33973f5f363f47797f5672a72d937c0e0901ffe050fca68db118b536417e2db0cfb0ee34726f578dd55706504b8c0abd39cac85a65822876540463f5269f8a6e77301223f29a195394e162f0aaef9960594e9fd13ca554fb5b1d3733cf3c6e8cd876e420eb070a54beaf9483fdbe322f86dc6b72169effa4a5c4e34f7d73c4a9f18d566d3d37e51d6a80aeb", @typed={0x8, 0x1, 0x0, 0x0, @u32=0x7ff}, @nested={0x4, 0x144}, @generic="cefa103c0c724ebb18796cf56c2078cc5ee9de5577b6dde5840096ed4dc908829df5c2abf536c72ccb18adf99b7c043796d0456367db20bb6715e8c043d6c9cadd4415157f33d5a3b2bad798123497c11cc6a412bc6073c72afdbb62a5419b4eb8ab32c2a35098a8173645392b026e8b59732c521bcc4d73dd511923af0c3b464e8eaee622afbcdf2a6e0cdefee7fb6b22c9d2dfe801"]}, @typed={0x8, 0x40, 0x0, 0x0, @uid=r7}, @generic="9329817f3e546f2ffb6bdf72a137857c123d8b1a399f7a5569cf81a752029f7a2a647f94fc73ae8c618a0b984f4e6b7060e0dca68cc883f50e170755e7279f8852f31c62eced0dc5a19a201af3b58c7353326d665fc77827faf030132a8d53c4b3ce39e22fd7320cb3a3f878a43ad7f5e6dbf8a171dc72493b5736eaf7a549aaae65a8b25035b554dbc82bb87540fc7cab8486a0a7fe3666509c308426bb16509510b787d19d787394d591fa3fa112025920a812341e1455f13bbd2ed4180104568b44d20bb2145064352b7abae0801d40d903660fd846cafe2c43ae626a90bd5f559dda5a5f270f0dd875a013e25e82facade3265f4816cccc5f2a593112f", @nested={0x24d, 0x9b, 0x0, 0x1, [@generic="f22735472704a2f3e95a4fe0c394124dbb7e9c4569c4393304f78e0fdf5a21902c7aefaf2521838707fa3dbaeddfca82b180c34f8eaf8a8171", @typed={0x8, 0x6c, 0x0, 0x0, @fd=r6}, @generic="c18001956108e77b24ce8203a312b24ac0c167d5d4530b97530be51dbe342d8c2566048adf4317bd103dc9b95a4a7819e75e89c67120e05b9b4a5c79221c6d2ff138259413109dd19a0518f2bc135bf369328de76a2b9463c7889f502831f3c70a98eb60337bd89418c9df3ea5a8a8226cdd5d74d8b3f07f0d38cb83565c80044e91549cccfbc01d485b3efb40184ed01c1d94c80987c377e9c4930207", @generic="715ba7cff53c44259ebef6c1f4dcedc79ac2081b7d9dd755b480bf6d484e7590fceeb4d5feac1e7a501374787f45027effedfeda60db6a64bef525a463a111d68df7dac5435aff5ad7b085e2a48ba22f6f155f946a5a6eb1941db168495df5fbb1abb53104b5c5837ba4c71c9c87c187ccbcebe107023f6df7370c0d1ddcb12ca02990e97d2656ab127d6f65b1bba8dc1986f010232f91832e701ea660e713fb0ff575911c594780e3ed3e79dc0e097af593d246ae06c62945ee3785591cdad41b6323befa95b8e7277a56d833580826d4bd3be3d8d8b5af8afea5d8df17851b6ba734945ed0583a29bb9e7335a79135582a59", @generic="3bbc99f4e0c59be81784366cb9c54c3043dac77fd44a8ad9f52a66053038ca34dd5728f7df9ed429fa011d8bfdc54951b5d9590b0b0340530089e06123e04fb88d", @typed={0x8, 0xc8, 0x0, 0x0, @uid=r8}, @generic="40c2f2af0eb2852e77d4581d7f0a86e6f4abcafbf62834", @typed={0x8, 0x15d, 0x0, 0x0, @pid=r5}, @typed={0xd, 0x4c, 0x0, 0x0, @str='/dev/kvm\x00'}]}, @nested={0x10, 0x112, 0x0, 0x1, [@nested={0x4, 0x93}, @typed={0x8, 0x104, 0x0, 0x0, @pid=r9}]}, @typed={0x8, 0xf5, 0x0, 0x0, @u32=0x33b}, @generic="f8b9e7bf8e7b1552edb55616a5810fdc68782a8cbbcd305587fec24544fd0d3c749e6540b73bf4fb4ffce59ba60ea77c7887e7d830368f04792205d50fb64a3807c4256cb51e67b13f89627249d0b53dfeb47ce86a4ab773c4360bfa19e736534061ef878a00fcbf0fe2c30011ce9a1dcc1641c56d74571b58c4f9383fb9b3cbf7e4da824fb9a9c8bb85b93f045584a474bdfe353f3d695252f5c6e0169ccb98b70e140f5ea6d174fb7fb098c40af2f6b07875b6523118cc70c9db9b2816a8b196a620a312540c2601ae9400aa2b105b1878c4c434f96a01a5d3fb7168983b03eea5e469a0a9a5eaac2b29", @generic, @nested={0xd0, 0x1a, 0x0, 0x1, [@nested={0x4, 0x14d}, @typed={0x8, 0x100, 0x0, 0x0, @fd=r1}, @generic="24e5b8722fbf30ba2aae013378a4527cc6b839cd2ee04b8adee52aed7d6fef5463e32501a6cf43a0a29de549c7d9572075b6d514da36", @nested={0x4, 0x11}, @generic="82748a59dff5c81807f605efaa0e3d9884a231ac115aaa29034e1375b501d554dd8eec49e606796519c33e751404f641141fb6d3d04b204e607a1dd29455e6b5bbc81dce4c653ab2304c05195b2fd42f40a6aec7036ecd3712ad7cbbc39dd2c6f981b4702967e175642f37e2", @generic="ef8d23af78741ff129685afa4493f3e81789687e927c28cc101d"]}]}, @nested={0x60, 0x9f, 0x0, 0x1, [@generic, @typed={0x8, 0x60, 0x0, 0x0, @fd=r4}, @nested={0x4, 0xb7}, @typed={0x36, 0x136, 0x0, 0x0, @str='/sys/devices/system/memory/memory12/power/control\x00'}, @nested={0x4, 0x15d}, @typed={0xc, 0x38, 0x0, 0x0, @u64=0x40}, @nested={0x4, 0xe0}, @nested={0x4}]}, @typed={0x8, 0xd7, 0x0, 0x0, @fd=r6}, @typed={0x5, 0x53, 0x0, 0x0, @str='\x00'}]}]}, 0x1960}, 0x1, 0x0, 0x0, 0x24040000}, 0x20) wait4$auto(0xffffffffffffffff, &(0x7f0000000000), 0x10001, &(0x7f0000000080)={{0x8, 0x6}, {0xc86, 0x69}, 0x9, 0x3, 0x3, 0x7fffffff, 0x7ff, 0x4000000000000, 0xebc, 0x0, 0x9f6, 0x9, 0xeb8, 0x3400000000, 0x1000, 0x2}) r10 = setfsuid$auto(0xee00) setreuid$auto(r10, 0x0) 834.221512ms ago: executing program 1 (id=3147): socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0xa, 0x1, 0x84) socket(0x2, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x181040, 0x0) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0x48400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/system/machinecheck/machinecheck0/bank0\x00', 0x840, 0x0) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) pipe$auto(0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_udc.0/udc/dummy_udc.0/maximum_speed\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x669400, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/asound/card0/pcm0p/sub3/xrun_injection\x00', 0x8a180, 0x0) socketpair$auto(0x800001, 0x2, 0x615e, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 766.016387ms ago: executing program 4 (id=3148): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000280)='/sys/kernel/debug/tracing/events/vmalloc/enable\x00', 0x0, 0x0) getsockopt$auto_SO_BSDCOMPAT(r0, 0x2b8b, 0xe, &(0x7f00000002c0)='nl802154\x00', &(0x7f0000000340)=0x7) shmget$auto(0x0, 0x2, 0x8) io_uring_setup$auto(0x6, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000380), 0x43ea02, 0x0) lseek$auto(0x3, 0x8, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(r1, 0x0, 0x80000000006) signalfd$auto(r1, 0x0, 0x8) 599.997864ms ago: executing program 1 (id=3149): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x55) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r0 = openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0xae283, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000002640)='/sys/kernel/debug/tracing/set_event_pid\x00', 0x2002, 0x0) r1 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/buffer_size_kb\x00', 0x40, 0x0) readv$auto(r1, &(0x7f0000000140)={0x0, 0x3}, 0x1) r2 = syz_clone(0x20020000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs$namespace(r2, 0x0) r3 = openat$auto_rts_threshold_ops_(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/ieee80211/phy2/rts_threshold\x00', 0x163000, 0x0) r4 = openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/trace_marker\x00', 0x341, 0x0) write$auto_tracing_mark_fops_trace(r4, 0x0, 0x0) pread64$auto(r3, 0x0, 0x440, 0xf25) write$auto(0x3, 0x0, 0xfdef) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket(0xa, 0x2, 0x3a) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, 0x0, 0x8880) socket(0x23, 0x80805, 0x0) mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x5, 0x0) ioctl$auto(0x3, 0x89e0, 0x38) openat$auto_full_fops_mem(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'vlan0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'veth1_to_batadv\x00'}) 422.872376ms ago: executing program 2 (id=3150): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$auto_RTC_IRQP_READ(r1, 0x8008700b, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) getsockopt$auto_SO_RCVTIMEO_OLD(r0, 0xffffffff, 0x14, &(0x7f00000003c0)='\x00\x00+\xa2\xc7\x92\x00\x00\x00\x00\x00\x00\x03\x90\xf9\xe8\x11\x80\a :w\xac[\xbb\xac\xe3\xe0\xff8g:\x04\x00\x00\x00\x00\x00\x00\x00=r\x03\x95\x87\xbaM\xd80=\x81\x8ez\xab\xc3^\xb0\x03Ijj\xc4\xf9\xe6\x84P\x15q\xaa\xc8\x03\xba\x8c\xe3\xc3r\xb8\x1b\x98\xe8\xbc\x11.\xd9A\xb3P\xfa\x04\x95\xfc*\v\xb8\xc5\x16Z\xb7\x82\xbc\x96o\xd2G\xf8\x0f`\xa1\x1f\xc6\xd6\xc5\xdcM\x17\x11\xd2\x12\x988\xa3`\xad[UI\xf7\xc7\xcc\x13XH\xc1\x02\x84$\x97;\xebM`\x7f\xe4\x8dbe\xd8\x901\x8e\'\x10\xf6`^\xd28Xk\x03\x8d\b\xbd\xe2d\\\x11w(\xc7D!,6\x01\x00\x9f\x8bxg\xe2\xfc~\x006\x17\x9b9?,\xd8\n\x82r\x12\xa9\xfd@\x90&\xd3l\xa7[\x9bx\xf7\xb9[m\x9a\xee\"\x9e\x81|\xa4\x8f5\xea\t\x02Axu\xe9io`\x81\xb5\x89\x01\xa0\xa8~]\xd8]\x14}\x8c\xacRc\r\xb7.\x7f\xb3\x85\xff\xf5\xb0\x11/\x80{\xab)\x05\xb3HHU\xcb\x00', 0x0) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) fadvise64$auto_POSIX_FADV_NORMAL(0xffffffffffffffff, 0x7, 0xd, 0x0) write$auto(0x3, 0x0, 0x7fffffff) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_IEEE802154_LLSEC_LIST_SECLEVEL(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x2c}, 0x1, 0x0, 0x0, 0x4000001}, 0x400c1) read$auto(0x3, 0x0, 0x80) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x100000000) socket(0x2, 0x1, 0x106) openat$auto_tracing_cpumask_fops_trace(0xffffffffffffff9c, 0x0, 0xa901, 0x0) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, 0x0, 0xa040, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x74c) shutdown$auto(0x200000003, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0xa, 0x3, 0x3a) setsockopt$auto(0x400000000000003, 0x29, 0xcd, 0x0, 0x567) sendmsg$auto_WG_CMD_SET_DEVICE(r2, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x64, 0x0, 0x20, 0x70bd28, 0x2ddfdbfd, {}, [@WGDEVICE_A_PUBLIC_KEY={0x4f, 0x4, "8d543bcbae3f42736046a636dc5f0f022c493bf4a74de24c81e3630f4a5dd86992e2f46a45919f6f50a256e565a8abe96ea490217d20be5810017028ee8e13f743fbf02244e8310bbe62b2"}]}, 0x64}, 0x1, 0x0, 0x0, 0x1}, 0x44008000) 178.51784ms ago: executing program 1 (id=3151): socket$nl_generic(0x10, 0x3, 0x10) bind$auto(0x3, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) r0 = openat$auto_nsim_dev_health_break_fops_health(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/netdevsim/netdevsim2/health/break_health\x00', 0x48081, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f00000000c0), 0x0) write$auto(r0, &(0x7f0000000080)=')@-!\x00', 0x1e1) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/perf_event_max_contexts_per_stack\x00', 0x202, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2b, 0x1, 0x1) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3ff, 0x9, 0x5, 0x11, 0x944, 0x1ffe4, 0x3, 0x6, 0x4, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0xd, 0x5, 0x3, 0x4, 0x7, 0x220, 0x309, 0x8, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, [0x3, 0x0, 0x1, 0x200, 0x9, 0x0, 0x0, 0x800, 0xffffffffffffffff, 0x0, 0x0, 0x4000000000000, 0x2000000000000000, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4, 0x82, 0x800000000002, 0x9, 0x0, 0xbec, 0x0, 0x0, 0xe, 0x0, 0x800000000, 0x0, 0x0, 0x2, 0x8, 0x10, 0xfffffffffffffffe, 0x9, 0x0, 0x0, 0x0, 0x2961, 0x0, 0x2]}, 0x2001fb, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x700}, 0x7, 0x4008) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, &(0x7f00000000c0)={0x1000, "f74d086d6600f5da887fca1f1a0730a2f629350000001f00000008600418af10", @raw}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000380)='/proc/sys/net/ipv4/conf/veth1_to_bridge/src_valid_mark\x00', 0x101480, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.net/blkio.bfq.weight\x00', 0x400, 0x0) read$auto(r3, 0x0, 0x20) r4 = socket(0xa, 0x5, 0x84) setsockopt$auto(r4, 0x10000000084, 0x22, 0x0, 0x10) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/v4l-subdev5\x00', 0x280600, 0x0) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x4, 0x0) seccomp$auto(0x1, 0x0, &(0x7f0000000100)="740fb5dc698e7ba7e41f") 102.81582ms ago: executing program 3 (id=3152): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto(r0, 0x0, 0x80000000006) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x6) signalfd$auto(r0, 0x0, 0x8) 0s ago: executing program 2 (id=3153): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) shmctl$auto_IPC_SET(0x4, 0x1, &(0x7f0000000280)={{0x80, 0xee00, 0xee00, 0xca6d, 0x8, 0x4bd6, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x1, @inferred=0xffffffffffffffff, @inferred=0xffffffffffffffff, 0x9, 0x0, &(0x7f0000000140)="4f0d6995e943b6bc1919", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815abade214708a4ade77c6faa2f2889ca3e7989f32645dd597a3ae1b46e8d8c7e03ae6b8aaa49f6bf64"}) process_mrelease$auto(0xffffffffffffffff, 0xa) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) add_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000001c80)='\\\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x4a42, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r1, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000080)={[0x10000000000001ff, 0x0, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x800, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xb, 0x82c, 0x1, 0x4, 0x3, 0x104, 0x47, 0xffffffffffffffff, 0x7, 0x8000000000400000, 0x3, 0x200006d3c, 0x3, 0x2, 0x800000000000000a]}, 0x0) kernel console output (not intermixed with test programs): er after parsing attributes in process `syz.1.1925'. [ 553.539557][T14521] bridge0: port 3(bond0) entered blocking state [ 553.559730][T14524] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1930'. [ 553.570951][T14521] bridge0: port 3(bond0) entered disabled state [ 553.577361][T14521] bond0: entered allmulticast mode [ 553.617891][T14521] bond_slave_0: entered allmulticast mode [ 553.644639][T14521] bond_slave_1: entered allmulticast mode [ 553.671634][T14521] bond0: entered promiscuous mode [ 553.693185][T14521] bond_slave_0: entered promiscuous mode [ 553.709915][T14521] bond_slave_1: entered promiscuous mode [ 553.731981][T14521] bridge0: port 3(bond0) entered blocking state [ 553.738497][T14521] bridge0: port 3(bond0) entered forwarding state [ 553.824751][T14524] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 553.842797][T14524] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 553.930557][T14524] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 553.943714][T14524] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 554.454611][T14543] netlink: 'syz.3.1933': attribute type 4 has an invalid length. [ 555.172409][T14559] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1937'. [ 555.755490][T14569] can: request_module (can-proto-0) failed. [ 555.980455][T14587] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1944'. [ 559.785561][T14637] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1955'. [ 559.855629][T14640] netlink: 13 bytes leftover after parsing attributes in process `syz.4.1955'. [ 561.888235][T14663] FAULT_INJECTION: forcing a failure. [ 561.888235][T14663] name failslab, interval 1, probability 0, space 0, times 0 [ 562.105184][T14663] CPU: 0 UID: 0 PID: 14663 Comm: syz.3.1958 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 562.105228][T14663] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 562.105238][T14663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 562.105249][T14663] Call Trace: [ 562.105256][T14663] [ 562.105262][T14663] dump_stack_lvl+0x100/0x190 [ 562.105294][T14663] should_fail_ex.cold+0x5/0xa [ 562.105316][T14663] ? tomoyo_realpath_from_path+0xb6/0x690 [ 562.105341][T14663] should_failslab+0xc2/0x120 [ 562.105361][T14663] __kmalloc_noprof+0xe0/0x850 [ 562.105393][T14663] tomoyo_realpath_from_path+0xb6/0x690 [ 562.105424][T14663] tomoyo_path_number_perm+0x23c/0x580 [ 562.105444][T14663] ? tomoyo_path_number_perm+0x22e/0x580 [ 562.105465][T14663] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 562.105508][T14663] ? find_held_lock+0x2b/0x80 [ 562.105526][T14663] ? __fget_files+0x215/0x3d0 [ 562.105542][T14663] ? hook_file_ioctl_common+0x146/0x410 [ 562.105568][T14663] ? __fget_files+0x21f/0x3d0 [ 562.105589][T14663] security_file_ioctl+0xd3/0x230 [ 562.105611][T14663] __x64_sys_ioctl+0xb7/0x210 [ 562.105640][T14663] do_syscall_64+0x106/0xf80 [ 562.105666][T14663] ? clear_bhb_loop+0x40/0x90 [ 562.105688][T14663] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 562.105706][T14663] RIP: 0033:0x7f21ca39c799 [ 562.105721][T14663] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 562.105738][T14663] RSP: 002b:00007f21c85f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 562.105756][T14663] RAX: ffffffffffffffda RBX: 00007f21ca616180 RCX: 00007f21ca39c799 [ 562.105767][T14663] RDX: 0000000000000000 RSI: 00000000c0145401 RDI: 0000000000000003 [ 562.105778][T14663] RBP: 00007f21c85f6090 R08: 0000000000000000 R09: 0000000000000000 [ 562.105788][T14663] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 562.105798][T14663] R13: 00007f21ca616218 R14: 00007f21ca616180 R15: 00007fff629e63f8 [ 562.105820][T14663] [ 562.532770][T14663] ERROR: Out of memory at tomoyo_realpath_from_path. [ 563.449065][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.459207][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.474016][ T29] audit: type=1800 audit(4294967306.165:23): pid=14699 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1967" name="lu_gp_id" dev="configfs" ino=60506 res=0 errno=0 [ 565.038049][T14708] netlink: zone id is out of range [ 565.079441][T14708] netlink: zone id is out of range [ 565.084586][T14708] netlink: zone id is out of range [ 565.276386][T14708] netlink: zone id is out of range [ 565.332398][T14708] netlink: zone id is out of range [ 565.528727][T14708] netlink: zone id is out of range [ 565.533959][T14708] netlink: zone id is out of range [ 565.713634][T14708] netlink: zone id is out of range [ 565.865832][T14708] netlink: zone id is out of range [ 565.957997][T14708] netlink: zone id is out of range [ 567.589200][T14737] FAULT_INJECTION: forcing a failure. [ 567.589200][T14737] name failslab, interval 1, probability 0, space 0, times 0 [ 567.662488][T14737] CPU: 0 UID: 0 PID: 14737 Comm: syz.2.1978 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 567.662531][T14737] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 567.662542][T14737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 567.662552][T14737] Call Trace: [ 567.662559][T14737] [ 567.662567][T14737] dump_stack_lvl+0x100/0x190 [ 567.662599][T14737] should_fail_ex.cold+0x5/0xa [ 567.662622][T14737] should_failslab+0xc2/0x120 [ 567.662643][T14737] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 567.662671][T14737] ? vm_area_alloc+0x1f/0x160 [ 567.662699][T14737] vm_area_alloc+0x1f/0x160 [ 567.662724][T14737] create_init_stack_vma+0x7e/0x700 [ 567.662764][T14737] alloc_bprm+0x405/0x710 [ 567.662794][T14737] do_execveat_common.isra.0+0x19c/0x580 [ 567.662824][T14737] ? do_getname+0x191/0x390 [ 567.662850][T14737] __x64_sys_execve+0x93/0xd0 [ 567.662880][T14737] do_syscall_64+0x106/0xf80 [ 567.662906][T14737] ? clear_bhb_loop+0x40/0x90 [ 567.662929][T14737] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 567.662948][T14737] RIP: 0033:0x7fb4ddf9c799 [ 567.662964][T14737] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 567.662981][T14737] RSP: 002b:00007fb4deee6028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 567.662999][T14737] RAX: ffffffffffffffda RBX: 00007fb4de215fa0 RCX: 00007fb4ddf9c799 [ 567.663011][T14737] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 567.663021][T14737] RBP: 00007fb4de032c99 R08: 0000000000000000 R09: 0000000000000000 [ 567.663032][T14737] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 567.663042][T14737] R13: 00007fb4de216038 R14: 00007fb4de215fa0 R15: 00007ffda4d45958 [ 567.663064][T14737] [ 569.488364][T14759] ubi3: attaching mtd1 [ 571.154103][T14784] nbd: must specify an index to disconnect [ 576.803548][T14877] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2008'. [ 582.269388][T14959] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2029'. [ 583.545227][T14969] FAULT_INJECTION: forcing a failure. [ 583.545227][T14969] name failslab, interval 1, probability 0, space 0, times 0 [ 583.624804][T14969] CPU: 0 UID: 0 PID: 14969 Comm: syz.3.2031 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 583.624845][T14969] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 583.624855][T14969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 583.624866][T14969] Call Trace: [ 583.624872][T14969] [ 583.624880][T14969] dump_stack_lvl+0x100/0x190 [ 583.624913][T14969] should_fail_ex.cold+0x5/0xa [ 583.624935][T14969] should_failslab+0xc2/0x120 [ 583.624955][T14969] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 583.624983][T14969] ? sk_prot_alloc+0x60/0x2a0 [ 583.625006][T14969] sk_prot_alloc+0x60/0x2a0 [ 583.625027][T14969] sk_alloc+0x36/0xe80 [ 583.625052][T14969] inet6_create+0x385/0x12b0 [ 583.625082][T14969] ? inet6_create+0x7f/0x12b0 [ 583.625111][T14969] __sock_create+0x339/0x860 [ 583.625135][T14969] __sys_socket+0x14d/0x260 [ 583.625157][T14969] ? __pfx___sys_socket+0x10/0x10 [ 583.625184][T14969] __x64_sys_socket+0x72/0xb0 [ 583.625204][T14969] ? lockdep_hardirqs_on+0x78/0x100 [ 583.625237][T14969] do_syscall_64+0x106/0xf80 [ 583.625263][T14969] ? clear_bhb_loop+0x40/0x90 [ 583.625285][T14969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.625304][T14969] RIP: 0033:0x7f21ca39c799 [ 583.625318][T14969] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 583.625337][T14969] RSP: 002b:00007f21cb1ad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 583.625355][T14969] RAX: ffffffffffffffda RBX: 00007f21ca615fa0 RCX: 00007f21ca39c799 [ 583.625367][T14969] RDX: 000000000000003b RSI: 0000000000000003 RDI: 000000000000000a [ 583.625377][T14969] RBP: 00007f21ca432c99 R08: 0000000000000000 R09: 0000000000000000 [ 583.625388][T14969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 583.625398][T14969] R13: 00007f21ca616038 R14: 00007f21ca615fa0 R15: 00007fff629e63f8 [ 583.625421][T14969] [ 584.535971][T14986] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2036'. [ 591.744197][T15085] net_ratelimit: 65 callbacks suppressed [ 591.744216][T15085] netlink: zone id is out of range [ 591.852097][T15085] netlink: zone id is out of range [ 592.956692][T15095] netlink: 17 bytes leftover after parsing attributes in process `syz.4.2063'. [ 593.559219][T15092] HfR: entered promiscuous mode [ 599.665968][T15164] netlink: 342 bytes leftover after parsing attributes in process `syz.3.2078'. [ 620.604784][ T5829] Bluetooth: hci4: unexpected event 0x3c length: 254 > 7 [ 624.925862][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.950520][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 630.355329][T15501] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 630.395262][T15501] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 630.401440][T15501] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 630.444205][T15501] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 631.876415][T15506] Bluetooth: hci0: command 0x0c1a tx timeout [ 632.434826][T15506] Bluetooth: hci3: command 0x0c1a tx timeout [ 632.441089][T15506] Bluetooth: hci2: command 0x0c1a tx timeout [ 632.514659][T15554] Bluetooth: hci4: command 0x0c1a tx timeout [ 634.223496][T15554] block nbd0: Receive control failed (result -32) [ 635.825605][T15601] FAULT_INJECTION: forcing a failure. [ 635.825605][T15601] name failslab, interval 1, probability 0, space 0, times 0 [ 635.915135][T15601] CPU: 0 UID: 0 PID: 15601 Comm: syz.2.2159 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 635.915177][T15601] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 635.915188][T15601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 635.915198][T15601] Call Trace: [ 635.915205][T15601] [ 635.915213][T15601] dump_stack_lvl+0x100/0x190 [ 635.915245][T15601] should_fail_ex.cold+0x5/0xa [ 635.915267][T15601] ? iter_file_splice_write+0x1d8/0x10a0 [ 635.915286][T15601] should_failslab+0xc2/0x120 [ 635.915307][T15601] __kmalloc_noprof+0xe0/0x850 [ 635.915339][T15601] iter_file_splice_write+0x1d8/0x10a0 [ 635.915357][T15601] ? lockdep_hardirqs_on+0x78/0x100 [ 635.915388][T15601] ? copy_splice_read+0x734/0xb90 [ 635.915404][T15601] ? kfree+0x1f6/0x6b0 [ 635.915432][T15601] ? __pfx_iter_file_splice_write+0x10/0x10 [ 635.915452][T15601] ? __lock_acquire+0x4a5/0x2630 [ 635.915478][T15601] ? __pfx_copy_splice_read+0x10/0x10 [ 635.915508][T15601] ? __pfx_iter_file_splice_write+0x10/0x10 [ 635.915530][T15601] direct_splice_actor+0x192/0x6c0 [ 635.915551][T15601] splice_direct_to_actor+0x345/0xa30 [ 635.915572][T15601] ? __pfx_direct_splice_actor+0x10/0x10 [ 635.915595][T15601] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 635.915622][T15601] do_splice_direct+0x174/0x240 [ 635.915641][T15601] ? __pfx_do_splice_direct+0x10/0x10 [ 635.915661][T15601] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 635.915694][T15601] ? rw_verify_area+0xce/0x6d0 [ 635.915722][T15601] do_sendfile+0xadc/0xe20 [ 635.915755][T15601] ? __pfx_do_sendfile+0x10/0x10 [ 635.915795][T15601] ? __x64_sys_futex+0x34f/0x4d0 [ 635.915818][T15601] ? __x64_sys_futex+0x358/0x4d0 [ 635.915850][T15601] __x64_sys_sendfile64+0x1d8/0x220 [ 635.915873][T15601] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 635.915901][T15601] do_syscall_64+0x106/0xf80 [ 635.915929][T15601] ? clear_bhb_loop+0x40/0x90 [ 635.915952][T15601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.915970][T15601] RIP: 0033:0x7fb4ddf9c799 [ 635.915986][T15601] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 635.916002][T15601] RSP: 002b:00007fb4deee6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 635.916019][T15601] RAX: ffffffffffffffda RBX: 00007fb4de215fa0 RCX: 00007fb4ddf9c799 [ 635.916031][T15601] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000003 [ 635.916041][T15601] RBP: 00007fb4de032c99 R08: 0000000000000000 R09: 0000000000000000 [ 635.916051][T15601] R10: 0000000000004a00 R11: 0000000000000246 R12: 0000000000000000 [ 635.916062][T15601] R13: 00007fb4de216038 R14: 00007fb4de215fa0 R15: 00007ffda4d45958 [ 635.916084][T15601] [ 635.916437][T15602] netlink: 'syz.2.2159': attribute type 1 has an invalid length. [ 637.053552][T15602] netlink: 33 bytes leftover after parsing attributes in process `syz.2.2159'. [ 638.834480][T15612] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 638.840721][T15554] Bluetooth: hci0: command 0x0c1a tx timeout [ 639.264011][T15612] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 639.281803][T15612] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 639.294249][T15612] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 639.672413][T15554] Bluetooth: hci3: Malformed Event: 0x02 [ 640.915155][T15554] Bluetooth: hci2: command 0x0c1a tx timeout [ 641.314959][T15554] Bluetooth: hci4: command 0x0c1a tx timeout [ 641.321513][T15554] Bluetooth: hci3: command 0x0c1a tx timeout [ 641.775366][T15684] futex_wake_op: syz.4.2180 tries to shift op by -2048; fix this program [ 641.895992][T15684] futex_wake_op: syz.4.2180 tries to shift op by -2048; fix this program [ 642.374864][T15688] zswap: compressor not available [ 642.509642][T15704] FAULT_INJECTION: forcing a failure. [ 642.509642][T15704] name failslab, interval 1, probability 0, space 0, times 0 [ 642.627943][T15704] CPU: 0 UID: 0 PID: 15704 Comm: syz.3.2183 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 642.627991][T15704] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 642.628001][T15704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 642.628012][T15704] Call Trace: [ 642.628018][T15704] [ 642.628025][T15704] dump_stack_lvl+0x100/0x190 [ 642.628071][T15704] should_fail_ex.cold+0x5/0xa [ 642.628093][T15704] should_failslab+0xc2/0x120 [ 642.628112][T15704] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 642.628139][T15704] ? alloc_empty_file+0x55/0x1c0 [ 642.628162][T15704] ? __pfx_stack_trace_save+0x10/0x10 [ 642.628183][T15704] alloc_empty_file+0x55/0x1c0 [ 642.628207][T15704] path_openat+0xe8/0x31a0 [ 642.628225][T15704] ? kasan_save_stack+0x3f/0x50 [ 642.628251][T15704] ? kasan_save_stack+0x30/0x50 [ 642.628278][T15704] ? kasan_save_track+0x14/0x30 [ 642.628292][T15704] ? __kasan_slab_alloc+0x89/0x90 [ 642.628308][T15704] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 642.628335][T15704] ? do_getname+0x35/0x390 [ 642.628356][T15704] ? do_sys_openat2+0xc5/0x1e0 [ 642.628384][T15704] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.628405][T15704] ? __pfx_path_openat+0x10/0x10 [ 642.628432][T15704] do_file_open+0x20e/0x430 [ 642.628453][T15704] ? __pfx_do_file_open+0x10/0x10 [ 642.628487][T15704] ? alloc_fd+0x476/0x790 [ 642.628508][T15704] ? do_getname+0x191/0x390 [ 642.628533][T15704] do_sys_openat2+0x10d/0x1e0 [ 642.628557][T15704] ? __pfx_do_sys_openat2+0x10/0x10 [ 642.628590][T15704] __x64_sys_openat+0x12d/0x210 [ 642.628615][T15704] ? __pfx___x64_sys_openat+0x10/0x10 [ 642.628647][T15704] do_syscall_64+0x106/0xf80 [ 642.628674][T15704] ? clear_bhb_loop+0x40/0x90 [ 642.628696][T15704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 642.628714][T15704] RIP: 0033:0x7f21ca39c799 [ 642.628729][T15704] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 642.628746][T15704] RSP: 002b:00007f21c85f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 642.628763][T15704] RAX: ffffffffffffffda RBX: 00007f21ca616180 RCX: 00007f21ca39c799 [ 642.628774][T15704] RDX: 0000000000000000 RSI: 0000200000001380 RDI: ffffffffffffff9c [ 642.628785][T15704] RBP: 00007f21ca432c99 R08: 0000000000000000 R09: 0000000000000000 [ 642.628795][T15704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 642.628805][T15704] R13: 00007f21ca616218 R14: 00007f21ca616180 R15: 00007fff629e63f8 [ 642.628827][T15704] [ 643.932282][T15721] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2187'. [ 644.140262][T15725] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2187'. [ 644.553798][T15735] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 644.614985][T15735] futex_wake_op: syz.3.2191 tries to shift op by -2048; fix this program [ 644.843878][T15744] futex_wake_op: syz.3.2192 tries to shift op by -2048; fix this program [ 644.876872][T15740] 0x000000000001-0x000000020000 : "" [ 644.921140][T15740] ftl_cs: FTL header corrupt! [ 644.967962][T15744] misc userio: No port type given on /dev/userio [ 645.700250][T15753] netlink: Conntrack attr has 16 unknown bytes [ 646.194116][T15554] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 648.762151][T15825] FAULT_INJECTION: forcing a failure. [ 648.762151][T15825] name fail_futex, interval 1, probability 0, space 0, times 0 [ 648.803071][T15825] CPU: 0 UID: 0 PID: 15825 Comm: syz.3.2214 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 648.803113][T15825] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 648.803123][T15825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 648.803134][T15825] Call Trace: [ 648.803140][T15825] [ 648.803148][T15825] dump_stack_lvl+0x100/0x190 [ 648.803179][T15825] should_fail_ex.cold+0x5/0xa [ 648.803199][T15825] ? strncpy_from_user+0x1f8/0x2d0 [ 648.803222][T15825] get_futex_key+0x1d2/0x1620 [ 648.803248][T15825] ? __pfx_get_futex_key+0x10/0x10 [ 648.803272][T15825] ? kernelmode_fixup_or_oops.isra.0+0x80/0xf0 [ 648.803307][T15825] futex_wake+0xea/0x530 [ 648.803335][T15825] ? do_user_addr_fault+0x8d6/0x12f0 [ 648.803354][T15825] ? __pfx_futex_wake+0x10/0x10 [ 648.803382][T15825] ? irqentry_exit+0x180/0x670 [ 648.803411][T15825] ? irqentry_exit+0x180/0x670 [ 648.803443][T15825] do_futex+0x32b/0x350 [ 648.803467][T15825] ? __pfx_do_futex+0x10/0x10 [ 648.803490][T15825] ? strncpy_from_user+0x1f8/0x2d0 [ 648.803510][T15825] ? strncpy_from_user+0x275/0x2d0 [ 648.803534][T15825] __x64_sys_futex+0x34f/0x4d0 [ 648.803561][T15825] ? __pfx___x64_sys_futex+0x10/0x10 [ 648.803602][T15825] do_syscall_64+0x106/0xf80 [ 648.803629][T15825] ? clear_bhb_loop+0x40/0x90 [ 648.803651][T15825] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 648.803670][T15825] RIP: 0033:0x7f21ca39c799 [ 648.803686][T15825] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 648.803703][T15825] RSP: 002b:00007f21cb1ad0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 648.803721][T15825] RAX: ffffffffffffffda RBX: 00007f21ca615fa8 RCX: 00007f21ca39c799 [ 648.803733][T15825] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f21ca615fac [ 648.803744][T15825] RBP: 00007f21ca615fa0 R08: 0000000000000000 R09: 0000000000000000 [ 648.803756][T15825] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 648.803767][T15825] R13: 00007f21ca616038 R14: 00007fff629e6310 R15: 00007fff629e63f8 [ 648.803789][T15825] [ 650.430751][T15851] FAULT_INJECTION: forcing a failure. [ 650.430751][T15851] name failslab, interval 1, probability 0, space 0, times 0 [ 650.489940][T15851] CPU: 0 UID: 0 PID: 15851 Comm: syz.3.2219 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 650.489981][T15851] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 650.489991][T15851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 650.490001][T15851] Call Trace: [ 650.490007][T15851] [ 650.490014][T15851] dump_stack_lvl+0x100/0x190 [ 650.490046][T15851] should_fail_ex.cold+0x5/0xa [ 650.490068][T15851] should_failslab+0xc2/0x120 [ 650.490088][T15851] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 650.490115][T15851] ? do_getname+0x35/0x390 [ 650.490137][T15851] ? find_held_lock+0x2b/0x80 [ 650.490158][T15851] do_getname+0x35/0x390 [ 650.490183][T15851] do_sys_openat2+0xc5/0x1e0 [ 650.490208][T15851] ? __pfx_do_sys_openat2+0x10/0x10 [ 650.490231][T15851] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 650.490262][T15851] ? __fget_files+0x21f/0x3d0 [ 650.490283][T15851] __x64_sys_openat+0x12d/0x210 [ 650.490308][T15851] ? __pfx___x64_sys_openat+0x10/0x10 [ 650.490332][T15851] ? ksys_write+0x1ac/0x250 [ 650.490356][T15851] do_syscall_64+0x106/0xf80 [ 650.490382][T15851] ? clear_bhb_loop+0x40/0x90 [ 650.490403][T15851] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 650.490421][T15851] RIP: 0033:0x7f21ca39c799 [ 650.490436][T15851] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 650.490453][T15851] RSP: 002b:00007f21cb1ad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 650.490471][T15851] RAX: ffffffffffffffda RBX: 00007f21ca615fa0 RCX: 00007f21ca39c799 [ 650.490482][T15851] RDX: 0000000000004202 RSI: 00002000000028c0 RDI: ffffffffffffff9c [ 650.490492][T15851] RBP: 00007f21cb1ad090 R08: 0000000000000000 R09: 0000000000000000 [ 650.490502][T15851] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 650.490512][T15851] R13: 00007f21ca616038 R14: 00007f21ca615fa0 R15: 00007fff629e63f8 [ 650.490534][T15851] [ 653.017381][ T10] Process accounting resumed [ 653.892899][T15923] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2235'. [ 654.815828][T15966] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 656.548773][T16006] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 657.575555][T16044] netlink: 'syz.4.2272': attribute type 11 has an invalid length. [ 659.441763][T15506] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 659.457020][T15506] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 659.466440][T15506] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 659.476482][T15506] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 659.483931][T15506] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 659.960344][T16098] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2284'. [ 660.550597][T15514] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 660.632307][T16087] chnl_net:caif_netlink_parms(): no params data found [ 660.770949][T15514] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.051655][T15514] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.481125][T15514] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 661.554795][T15506] Bluetooth: hci1: command tx timeout [ 662.002707][T16087] bridge0: port 1(bridge_slave_0) entered blocking state [ 662.042242][T16087] bridge0: port 1(bridge_slave_0) entered disabled state [ 662.078475][T16087] bridge_slave_0: entered allmulticast mode [ 662.107484][T16087] bridge_slave_0: entered promiscuous mode [ 662.197924][T16087] bridge0: port 2(bridge_slave_1) entered blocking state [ 662.232640][T16087] bridge0: port 2(bridge_slave_1) entered disabled state [ 662.252740][T16087] bridge_slave_1: entered allmulticast mode [ 662.288040][T16087] bridge_slave_1: entered promiscuous mode [ 662.567072][T15514] bridge_slave_1: left allmulticast mode [ 662.596943][T15514] bridge_slave_1: left promiscuous mode [ 662.612123][T15514] bridge0: port 2(bridge_slave_1) entered disabled state [ 662.653414][T15514] bridge_slave_0: left allmulticast mode [ 662.686821][T15514] bridge_slave_0: left promiscuous mode [ 662.714763][T15514] bridge0: port 1(bridge_slave_0) entered disabled state [ 662.882193][T16150] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2297'. [ 663.372049][T15506] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 663.372078][T15506] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 663.389061][T15506] Bluetooth: hci2: Dropping invalid advertising data [ 663.399342][T15506] Bluetooth: hci2: unknown advertising packet type: 0xe9 [ 663.399373][T15506] Bluetooth: hci2: Dropping invalid advertising data [ 663.414050][T15506] Bluetooth: hci2: Malformed LE Event: 0x02 [ 663.421135][T15506] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 663.421162][T15506] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 663.437934][T15506] Bluetooth: hci2: Dropping invalid advertising data [ 663.444813][T15506] Bluetooth: hci2: unknown advertising packet type: 0xe9 [ 663.444840][T15506] Bluetooth: hci2: Dropping invalid advertising data [ 663.458905][T15506] Bluetooth: hci2: Malformed LE Event: 0x02 [ 663.635752][T15506] Bluetooth: hci1: command tx timeout [ 663.891380][T15514] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 663.926625][T15514] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 663.957941][T15514] bond0 (unregistering): Released all slaves [ 663.994202][T16087] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 664.051731][T16150] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 664.062624][T16150] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 664.080709][T16150] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 664.097301][T16150] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 664.132692][T15514] HfR: left promiscuous mode [ 664.231114][T16087] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 664.605456][T16087] team0: Port device team_slave_0 added [ 664.610678][T16087] team0: Port device team_slave_1 added [ 664.905103][T16087] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 664.905121][T16087] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 664.905144][T16087] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 664.906495][T16087] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.906509][T16087] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 664.906531][T16087] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 665.626068][T16087] hsr_slave_0: entered promiscuous mode [ 665.626799][T16087] hsr_slave_1: entered promiscuous mode [ 665.635410][T16087] debugfs: 'hsr0' already exists in 'hsr' [ 665.635433][T16087] Cannot create hsr debugfs directory [ 665.727517][T15506] Bluetooth: hci1: command tx timeout [ 666.379781][T15514] hsr_slave_0: left promiscuous mode [ 666.404782][T15514] hsr_slave_1: left promiscuous mode [ 666.453365][T15514] veth1_macvtap: left promiscuous mode [ 666.476364][T15514] veth0_macvtap: left promiscuous mode [ 667.796159][T15506] Bluetooth: hci1: command tx timeout [ 668.093096][T15514] team0 (unregistering): Port device team_slave_1 removed [ 668.145840][T15514] team0 (unregistering): Port device team_slave_0 removed [ 670.045917][T16242] ubi0: attaching mtd0 [ 670.051377][T16242] ubi0: scanning is finished [ 670.106806][T16242] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 670.559237][T16242] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 670.610682][T16087] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 670.702262][T16087] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 670.819291][T16087] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 670.881678][T16087] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 671.406394][T16087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 671.518565][T16087] 8021q: adding VLAN 0 to HW filter on device team0 [ 671.605486][T15514] bridge0: port 1(bridge_slave_0) entered blocking state [ 671.612839][T15514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 671.687719][T15514] bridge0: port 2(bridge_slave_1) entered blocking state [ 671.694878][T15514] bridge0: port 2(bridge_slave_1) entered forwarding state [ 671.902081][T16087] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 671.998264][T16087] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 672.501746][T16291] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2313'. [ 672.561803][T16291] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2313'. [ 672.793237][T16294] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 672.805154][T16087] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 672.828391][T16294] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 672.867120][T16294] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 672.934523][T16294] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 672.942513][T16299] can: request_module (can-proto-0) failed. [ 673.029647][T16294] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 673.067378][T16294] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 673.218334][T16294] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 673.243646][T16087] veth0_vlan: entered promiscuous mode [ 673.582186][T16087] veth1_vlan: entered promiscuous mode [ 673.926375][T16087] veth0_macvtap: entered promiscuous mode [ 673.962645][T16087] veth1_macvtap: entered promiscuous mode [ 674.068466][T16087] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 674.130530][T16087] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 674.230846][T15520] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.516211][T15506] Bluetooth: hci2: command 0x0c1a tx timeout [ 674.540817][T15520] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.580088][T15520] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.663285][T15520] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 674.914778][T15506] Bluetooth: hci4: command 0x0c1a tx timeout [ 674.922024][T15511] Bluetooth: hci3: command 0x0c1a tx timeout [ 675.075353][T15506] Bluetooth: hci1: command 0x0c1a tx timeout [ 675.131266][T15520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 675.187579][T15520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 675.566566][T15505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 675.621283][T15505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 676.589123][T16390] ptp ptp0: max value is 20 [ 676.995167][T15506] Bluetooth: hci4: command 0x0c1a tx timeout [ 677.155004][T15506] Bluetooth: hci1: command 0x0c1a tx timeout [ 678.369733][ T29] audit: type=1804 audit(4294967420.017:24): pid=16431 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.2332" name="/newroot/588/file0" dev="tmpfs" ino=3092 res=1 errno=0 [ 679.235722][T15506] Bluetooth: hci1: command 0x0c1a tx timeout [ 682.274583][T15506] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 683.389805][T16531] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2347'. [ 683.474539][T16525] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 683.624964][T16534] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 683.640608][T16531] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2347'. [ 685.517579][T16578] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2355'. [ 685.555207][T16578] netlink: 'syz.1.2355': attribute type 1 has an invalid length. [ 685.578776][T16578] netlink: 5 bytes leftover after parsing attributes in process `syz.1.2355'. [ 685.609326][T16578] netlink: 'syz.1.2355': attribute type 1 has an invalid length. [ 686.397109][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.405305][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.439640][T16595] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 686.916768][T16612] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 687.663057][T16603] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 687.698585][T16603] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 687.719458][T16603] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 687.741727][T16603] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 689.100133][T16652] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 689.155055][T15506] Bluetooth: hci2: command 0x0c1a tx timeout [ 689.714459][T15506] Bluetooth: hci3: command 0x0c1a tx timeout [ 689.795036][T15506] Bluetooth: hci1: command 0x0c1a tx timeout [ 689.801284][T15511] Bluetooth: hci4: command 0x0c1a tx timeout [ 690.004616][T16670] zswap: compressor not available [ 690.149224][T16669] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2377'. [ 690.170169][T16688] vhci_hcd vhci_hcd.2: SetHubDepth req not supported for USB 2.0 roothub [ 692.399818][T16736] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2391'. [ 693.652874][T15506] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 693.667249][T15506] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 693.682171][T15506] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 693.691084][T15506] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 693.699831][T15506] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 694.583394][T16752] chnl_net:caif_netlink_parms(): no params data found [ 695.005487][T16752] bridge0: port 1(bridge_slave_0) entered blocking state [ 695.035503][T16752] bridge0: port 1(bridge_slave_0) entered disabled state [ 695.064660][T16752] bridge_slave_0: entered allmulticast mode [ 695.085217][T16752] bridge_slave_0: entered promiscuous mode [ 695.111834][T16752] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.144636][T16752] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.177662][T16752] bridge_slave_1: entered allmulticast mode [ 695.214130][T16752] bridge_slave_1: entered promiscuous mode [ 695.326774][T16782] zswap: compressor ^`#ߗ(2NAV1`Wnf\'J돆#If&ͦ5j)٥Kp$'\&9r y*paۄH,T{Kf_SQAW not available [ 695.358422][T16752] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.403588][T16752] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 695.434524][T16782] FAULT_INJECTION: forcing a failure. [ 695.434524][T16782] name failslab, interval 1, probability 0, space 0, times 0 [ 695.498576][T16782] CPU: 0 UID: 0 PID: 16782 Comm: syz.3.2402 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 695.498619][T16782] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 695.498629][T16782] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 695.498640][T16782] Call Trace: [ 695.498647][T16782] [ 695.498656][T16782] dump_stack_lvl+0x100/0x190 [ 695.498687][T16782] should_fail_ex.cold+0x5/0xa [ 695.498710][T16782] should_failslab+0xc2/0x120 [ 695.498732][T16782] __kmalloc_cache_noprof+0x7a/0x6f0 [ 695.498757][T16782] ? init_srcu_struct_fields+0x9a2/0xe30 [ 695.498785][T16782] init_srcu_struct_fields+0x9a2/0xe30 [ 695.498813][T16782] blk_mq_alloc_tag_set+0x3cc/0x1330 [ 695.498842][T16782] ? idr_alloc+0xdd/0x130 [ 695.498869][T16782] ? __pfx_idr_alloc+0x10/0x10 [ 695.498901][T16782] loop_add+0x3b7/0xb60 [ 695.498926][T16782] ? __pfx_loop_add+0x10/0x10 [ 695.498970][T16782] ? rcu_is_watching+0x12/0xc0 [ 695.498998][T16782] ? do_sock_setsockopt+0x101/0x1d0 [ 695.499016][T16782] ? kfree+0x2ec/0x6b0 [ 695.499038][T16782] ? ipv6_setsockopt+0xcb/0x170 [ 695.499059][T16782] loop_control_ioctl+0xae/0x620 [ 695.499087][T16782] ? __pfx_loop_control_ioctl+0x10/0x10 [ 695.499114][T16782] ? xfd_validate_state+0x129/0x190 [ 695.499142][T16782] ? __pfx_loop_control_ioctl+0x10/0x10 [ 695.499170][T16782] __x64_sys_ioctl+0x18e/0x210 [ 695.499199][T16782] do_syscall_64+0x106/0xf80 [ 695.499227][T16782] ? clear_bhb_loop+0x40/0x90 [ 695.499249][T16782] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 695.499268][T16782] RIP: 0033:0x7f21ca39c799 [ 695.499284][T16782] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 695.499302][T16782] RSP: 002b:00007f21cb1ad028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.499320][T16782] RAX: ffffffffffffffda RBX: 00007f21ca615fa0 RCX: 00007f21ca39c799 [ 695.499332][T16782] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000003 [ 695.499343][T16782] RBP: 00007f21ca432c99 R08: 0000000000000000 R09: 0000000000000000 [ 695.499353][T16782] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 695.499363][T16782] R13: 00007f21ca616038 R14: 00007f21ca615fa0 R15: 00007fff629e63f8 [ 695.499385][T16782] [ 696.001401][T15511] Bluetooth: hci0: command tx timeout [ 696.500327][T16752] team0: Port device team_slave_0 added [ 696.587490][T16752] team0: Port device team_slave_1 added [ 696.785479][T16794] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 696.793703][T16752] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 696.804969][T16752] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 696.860948][T16752] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 696.913053][T16752] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 696.929797][T16752] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 697.021209][T16752] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 697.345555][T16752] hsr_slave_0: entered promiscuous mode [ 697.376156][T16752] hsr_slave_1: entered promiscuous mode [ 697.403902][T16752] debugfs: 'hsr0' already exists in 'hsr' [ 697.437376][T16752] Cannot create hsr debugfs directory [ 697.794748][T16819] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 698.029516][T16752] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 698.042602][T15511] Bluetooth: hci0: command tx timeout [ 698.056406][T16823] FAULT_INJECTION: forcing a failure. [ 698.056406][T16823] name failslab, interval 1, probability 0, space 0, times 0 [ 698.115504][T16823] CPU: 0 UID: 0 PID: 16823 Comm: syz.3.2417 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 698.115544][T16823] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 698.115554][T16823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 698.115565][T16823] Call Trace: [ 698.115573][T16823] [ 698.115580][T16823] dump_stack_lvl+0x100/0x190 [ 698.115613][T16823] should_fail_ex.cold+0x5/0xa [ 698.115636][T16823] should_failslab+0xc2/0x120 [ 698.115657][T16823] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 698.115685][T16823] ? __anon_vma_prepare+0x344/0x5e0 [ 698.115715][T16823] __anon_vma_prepare+0x344/0x5e0 [ 698.115739][T16823] ? __filemap_get_folio_mpol+0x3ba/0xe70 [ 698.115771][T16823] __vmf_anon_prepare+0x11f/0x250 [ 698.115794][T16823] hugetlb_no_page+0xe28/0x1970 [ 698.115826][T16823] hugetlb_fault+0x5df/0x1450 [ 698.115852][T16823] ? __pfx_hugetlb_fault+0x10/0x10 [ 698.115884][T16823] ? find_vma+0xbf/0x140 [ 698.115902][T16823] ? __pfx_find_vma+0x10/0x10 [ 698.115922][T16823] handle_mm_fault+0x5f1/0xa20 [ 698.115952][T16823] do_user_addr_fault+0x74c/0x12f0 [ 698.115977][T16823] exc_page_fault+0x6f/0xd0 [ 698.116005][T16823] asm_exc_page_fault+0x26/0x30 [ 698.116022][T16823] RIP: 0010:rep_movs_alternative+0x30/0x90 [ 698.116044][T16823] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 [ 698.116062][T16823] RSP: 0018:ffffc900046afe48 EFLAGS: 00050212 [ 698.116078][T16823] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000010 [ 698.116089][T16823] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc900046afea0 [ 698.116100][T16823] RBP: 0000000000000010 R08: 0000000000000001 R09: fffff520008d5fd5 [ 698.116111][T16823] R10: ffffc900046afeaf R11: 0000000000000000 R12: 0000000000000000 [ 698.116122][T16823] R13: ffffc900046afea0 R14: 0000000000000000 R15: 0000000000000000 [ 698.116153][T16823] _copy_from_user+0x98/0xd0 [ 698.116178][T16823] __x64_sys_setrlimit+0xc6/0x160 [ 698.116205][T16823] ? __pfx___x64_sys_setrlimit+0x10/0x10 [ 698.116239][T16823] do_syscall_64+0x106/0xf80 [ 698.116266][T16823] ? clear_bhb_loop+0x40/0x90 [ 698.116289][T16823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 698.116308][T16823] RIP: 0033:0x7f21ca39c799 [ 698.116325][T16823] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 698.116342][T16823] RSP: 002b:00007f21cb1ad028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a0 [ 698.116358][T16823] RAX: ffffffffffffffda RBX: 00007f21ca615fa0 RCX: 00007f21ca39c799 [ 698.116370][T16823] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000007 [ 698.116380][T16823] RBP: 00007f21ca432c99 R08: 0000000000000000 R09: 0000000000000000 [ 698.116390][T16823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 698.116400][T16823] R13: 00007f21ca616038 R14: 00007f21ca615fa0 R15: 00007fff629e63f8 [ 698.116423][T16823] [ 699.255978][T16752] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 699.371858][T16752] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 699.452683][T16752] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 699.942740][T16752] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 700.005252][T16752] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 700.078130][T16752] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 700.114624][T15511] Bluetooth: hci0: command tx timeout [ 700.125687][T16752] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 700.473607][T16752] 8021q: adding VLAN 0 to HW filter on device bond0 [ 700.585460][T16752] 8021q: adding VLAN 0 to HW filter on device team0 [ 700.637630][T15514] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.644819][T15514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 700.713666][T15520] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.720835][T15520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 700.882833][T16752] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 700.959293][T16752] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 701.041294][T16873] futex_wake_op: syz.1.2430 tries to shift op by -2048; fix this program [ 701.093415][T16875] size and base must be multiples of 4 kiB [ 701.114907][T16873] size and base must be multiples of 4 kiB [ 701.120963][T16873] CPU: 0 UID: 0 PID: 16873 Comm: syz.1.2430 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 701.121003][T16873] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 701.121012][T16873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 701.121023][T16873] Call Trace: [ 701.121029][T16873] [ 701.121036][T16873] dump_stack_lvl+0x100/0x190 [ 701.121068][T16873] mtrr_del.cold+0x72/0x85 [ 701.121087][T16873] mtrr_ioctl+0xbc8/0xcf0 [ 701.121113][T16873] ? __pfx_mtrr_ioctl+0x10/0x10 [ 701.121141][T16873] ? find_held_lock+0x2b/0x80 [ 701.121165][T16873] ? __fget_files+0x21f/0x3d0 [ 701.121183][T16873] ? __pfx_mtrr_ioctl+0x10/0x10 [ 701.121208][T16873] proc_reg_unlocked_ioctl+0x229/0x320 [ 701.121236][T16873] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 701.121266][T16873] __x64_sys_ioctl+0x18e/0x210 [ 701.121294][T16873] do_syscall_64+0x106/0xf80 [ 701.121320][T16873] ? clear_bhb_loop+0x40/0x90 [ 701.121342][T16873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.121360][T16873] RIP: 0033:0x7f82d839c799 [ 701.121376][T16873] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 701.121393][T16873] RSP: 002b:00007f82d65ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 701.121411][T16873] RAX: ffffffffffffffda RBX: 00007f82d8615fa0 RCX: 00007f82d839c799 [ 701.121422][T16873] RDX: 0000000000000000 RSI: 0000000040104d04 RDI: 0000000000000000 [ 701.121432][T16873] RBP: 00007f82d8432c99 R08: 0000000000000000 R09: 0000000000000000 [ 701.121442][T16873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 701.121452][T16873] R13: 00007f82d8616038 R14: 00007f82d8615fa0 R15: 00007fffd8f3f0c8 [ 701.121473][T16873] [ 701.411541][T16875] CPU: 0 UID: 0 PID: 16875 Comm: syz.1.2430 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 701.411581][T16875] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 701.411591][T16875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 701.411601][T16875] Call Trace: [ 701.411608][T16875] [ 701.411615][T16875] dump_stack_lvl+0x100/0x190 [ 701.411646][T16875] mtrr_del.cold+0x72/0x85 [ 701.411666][T16875] mtrr_ioctl+0xbc8/0xcf0 [ 701.411692][T16875] ? __pfx_mtrr_ioctl+0x10/0x10 [ 701.411721][T16875] ? find_held_lock+0x2b/0x80 [ 701.411744][T16875] ? __fget_files+0x21f/0x3d0 [ 701.411763][T16875] ? __pfx_mtrr_ioctl+0x10/0x10 [ 701.411787][T16875] proc_reg_unlocked_ioctl+0x229/0x320 [ 701.411815][T16875] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 701.411854][T16875] __x64_sys_ioctl+0x18e/0x210 [ 701.411882][T16875] do_syscall_64+0x106/0xf80 [ 701.411908][T16875] ? clear_bhb_loop+0x40/0x90 [ 701.411929][T16875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 701.411947][T16875] RIP: 0033:0x7f82d839c799 [ 701.411962][T16875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 701.411978][T16875] RSP: 002b:00007f82d65cd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 701.411996][T16875] RAX: ffffffffffffffda RBX: 00007f82d8616090 RCX: 00007f82d839c799 [ 701.412007][T16875] RDX: 0000000000000000 RSI: 0000000040104d04 RDI: 0000000000000000 [ 701.412018][T16875] RBP: 00007f82d8432c99 R08: 0000000000000000 R09: 0000000000000000 [ 701.412028][T16875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 701.412038][T16875] R13: 00007f82d8616128 R14: 00007f82d8616090 R15: 00007fffd8f3f0c8 [ 701.412060][T16875] [ 702.195359][T15511] Bluetooth: hci0: command tx timeout [ 702.591167][T16752] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 702.782937][T16752] veth0_vlan: entered promiscuous mode [ 702.845797][T16752] veth1_vlan: entered promiscuous mode [ 702.976394][T16752] veth0_macvtap: entered promiscuous mode [ 703.028652][T16752] veth1_macvtap: entered promiscuous mode [ 703.104924][T16752] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 703.157693][T16752] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 703.238920][T15520] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.267581][T15520] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.324414][T15520] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.333185][T15520] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 703.735710][T15520] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 703.768306][T15520] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 704.041903][T15509] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 704.080951][T15509] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 706.485866][T16975] netlink: 17 bytes leftover after parsing attributes in process `syz.3.2452'. [ 707.275963][T16987] zswap: compressor not available [ 708.841234][T17008] zswap: compressor ^`#ߗ(2NAV1`Wnf\'J돆#If&ͦ5j)٥Kp$'\&9r y*paۄH,T{Kf_SQAW not available [ 709.921175][T17019] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2462'. [ 710.576607][T15506] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 710.595031][T15506] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 710.603879][T15506] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 710.612265][T15506] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 710.619916][T15506] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 711.323513][T17033] chnl_net:caif_netlink_parms(): no params data found [ 711.748792][T15509] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 711.999669][T15509] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.199835][T17033] bridge0: port 1(bridge_slave_0) entered blocking state [ 712.225050][T17033] bridge0: port 1(bridge_slave_0) entered disabled state [ 712.251729][T17033] bridge_slave_0: entered allmulticast mode [ 712.278552][T17033] bridge_slave_0: entered promiscuous mode [ 712.335411][T15509] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.416744][T17033] bridge0: port 2(bridge_slave_1) entered blocking state [ 712.441883][T17033] bridge0: port 2(bridge_slave_1) entered disabled state [ 712.472546][T17033] bridge_slave_1: entered allmulticast mode [ 712.501991][T17033] bridge_slave_1: entered promiscuous mode [ 712.567256][T15509] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 712.674531][T15506] Bluetooth: hci2: command tx timeout [ 712.717437][T17033] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 712.762652][T17033] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 712.966013][T17033] team0: Port device team_slave_0 added [ 712.993572][T17033] team0: Port device team_slave_1 added [ 713.165593][T17033] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 713.202817][T17033] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 713.271308][T17059] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 713.291196][T17059] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 713.328285][T17059] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 713.360057][T17033] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 713.372021][T17059] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 713.405510][T17059] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 713.464242][T17033] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 713.485687][T17059] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 713.491647][T17059] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 713.514495][T17033] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 713.648828][T17059] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 713.700128][T17033] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 714.084110][T15509] bond0: left allmulticast mode [ 714.116102][T15509] bond_slave_0: left allmulticast mode [ 714.148667][T15509] bond_slave_1: left allmulticast mode [ 714.178210][T15509] bond0: left promiscuous mode [ 714.224572][T15509] bond_slave_0: left promiscuous mode [ 714.250788][T15509] bond_slave_1: left promiscuous mode [ 714.306065][T15509] bridge0: port 3(bond0) entered disabled state [ 714.387251][T15509] bridge_slave_1: left allmulticast mode [ 714.393015][T15509] bridge_slave_1: left promiscuous mode [ 714.459191][T15509] bridge0: port 2(bridge_slave_1) entered disabled state [ 714.529692][T15509] bridge_slave_0: left allmulticast mode [ 714.551244][T15509] bridge_slave_0: left promiscuous mode [ 714.579961][T15509] bridge0: port 1(bridge_slave_0) entered disabled state [ 714.756060][T15506] Bluetooth: hci3: command 0x0c1a tx timeout [ 715.244880][T15509] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 715.288558][T15509] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 715.320172][T15506] Bluetooth: hci1: command 0x0c1a tx timeout [ 715.330603][T15509] bond0 (unregistering): Released all slaves [ 715.399860][T15506] Bluetooth: hci0: command 0x0c1a tx timeout [ 715.420071][T17033] hsr_slave_0: entered promiscuous mode [ 715.448446][T17033] hsr_slave_1: entered promiscuous mode [ 715.473419][T17033] debugfs: 'hsr0' already exists in 'hsr' [ 715.498777][T17033] Cannot create hsr debugfs directory [ 715.554463][T15506] Bluetooth: hci2: command 0x040f tx timeout [ 715.593182][T15509] : left promiscuous mode [ 715.702358][T15509] tipc: Left network mode [ 717.475483][T15506] Bluetooth: hci0: command 0x0c1a tx timeout [ 717.634734][T15506] Bluetooth: hci2: command 0x040f tx timeout [ 718.151330][T17033] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 718.210906][T17033] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 718.274068][T17033] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 718.341945][T17033] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 718.782032][T17033] 8021q: adding VLAN 0 to HW filter on device bond0 [ 718.908665][T17033] 8021q: adding VLAN 0 to HW filter on device team0 [ 719.270885][T17081] bridge0: port 1(bridge_slave_0) entered blocking state [ 719.278252][T17081] bridge0: port 1(bridge_slave_0) entered forwarding state [ 719.346229][T17081] bridge0: port 2(bridge_slave_1) entered blocking state [ 719.353544][T17081] bridge0: port 2(bridge_slave_1) entered forwarding state [ 719.557211][T15506] Bluetooth: hci0: command 0x0c1a tx timeout [ 719.581289][T17033] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 719.630224][T17033] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 719.717141][T15506] Bluetooth: hci2: command 0x040f tx timeout [ 720.486916][T17033] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 721.569937][T17033] veth0_vlan: entered promiscuous mode [ 721.622045][T17033] veth1_vlan: entered promiscuous mode [ 721.792293][T17033] veth0_macvtap: entered promiscuous mode [ 721.799318][T15506] Bluetooth: hci2: command 0x040f tx timeout [ 721.867900][T17033] veth1_macvtap: entered promiscuous mode [ 721.969174][T17033] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 722.049466][T17033] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 722.134015][T15680] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.186695][T15680] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.267515][T15680] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.325765][T15680] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 722.546825][T15519] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 722.571963][T15519] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 722.631000][T15519] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 722.649780][T15519] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 723.294159][T15511] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 723.307175][T15511] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 723.320172][T15511] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 723.328226][T15511] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 723.345526][T15511] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 723.874466][T15511] Bluetooth: hci2: command 0x040f tx timeout [ 724.449984][T17260] chnl_net:caif_netlink_parms(): no params data found [ 724.876417][T17260] bridge0: port 1(bridge_slave_0) entered blocking state [ 724.896076][T17260] bridge0: port 1(bridge_slave_0) entered disabled state [ 724.928414][T17260] bridge_slave_0: entered allmulticast mode [ 724.973880][T17260] bridge_slave_0: entered promiscuous mode [ 725.025193][T17260] bridge0: port 2(bridge_slave_1) entered blocking state [ 725.057484][T17260] bridge0: port 2(bridge_slave_1) entered disabled state [ 725.076856][T17260] bridge_slave_1: entered allmulticast mode [ 725.107564][T17260] bridge_slave_1: entered promiscuous mode [ 725.263489][T17260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 725.337958][T17260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 725.395684][T15511] Bluetooth: hci4: command tx timeout [ 725.435480][T17300] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 725.523278][T17260] team0: Port device team_slave_0 added [ 725.546411][T17260] team0: Port device team_slave_1 added [ 725.738967][T17260] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 725.771446][T17260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 725.892026][T17260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 725.955940][T17260] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 725.990716][T17260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 726.101623][T17260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 726.501960][T17260] hsr_slave_0: entered promiscuous mode [ 726.527919][T17260] hsr_slave_1: entered promiscuous mode [ 726.546722][T17260] debugfs: 'hsr0' already exists in 'hsr' [ 726.570957][T17260] Cannot create hsr debugfs directory [ 727.308957][T17260] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.441430][T17260] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.475122][T15511] Bluetooth: hci4: command tx timeout [ 727.578052][T17260] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 727.813742][T17260] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 728.234238][T17260] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 728.282253][T17260] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 728.328967][T17260] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 728.418251][T17260] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 728.789987][T17260] 8021q: adding VLAN 0 to HW filter on device bond0 [ 728.836761][T17260] 8021q: adding VLAN 0 to HW filter on device team0 [ 728.864078][T15514] bridge0: port 1(bridge_slave_0) entered blocking state [ 728.871294][T15514] bridge0: port 1(bridge_slave_0) entered forwarding state [ 728.936133][T15680] bridge0: port 2(bridge_slave_1) entered blocking state [ 728.943303][T15680] bridge0: port 2(bridge_slave_1) entered forwarding state [ 729.078841][T17260] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 729.557338][T15511] Bluetooth: hci4: command tx timeout [ 729.711802][T17260] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 729.917689][T17260] veth0_vlan: entered promiscuous mode [ 729.989793][T17260] veth1_vlan: entered promiscuous mode [ 730.135717][T17260] veth0_macvtap: entered promiscuous mode [ 730.182359][T17260] veth1_macvtap: entered promiscuous mode [ 730.250407][T17260] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 730.325970][T17260] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 730.404200][T15514] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.440838][T15514] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.554052][T15514] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 730.636375][T15514] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 731.175691][T17234] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 731.183809][T17234] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 731.292329][T17384] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2517'. [ 731.338481][T17081] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 731.368425][T17081] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 731.634760][T15511] Bluetooth: hci4: command tx timeout [ 732.753683][T17399] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 732.777188][T17399] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 732.798378][T17399] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 732.819129][T17399] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 732.846181][T17399] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 732.870343][T17399] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 732.898752][T17412] random: crng reseeded on system resumption [ 734.114888][T15511] Bluetooth: hci1: command 0x0c1a tx timeout [ 734.561288][T17451] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2533'. [ 734.836191][T15511] Bluetooth: hci4: command 0x0c1a tx timeout [ 734.842280][T15506] Bluetooth: hci2: command 0x040f tx timeout [ 734.848747][T15506] Bluetooth: hci0: command 0x0c1a tx timeout [ 735.620086][T17477] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2540'. [ 736.919813][T17458] Bluetooth: hci4: command 0x0c1a tx timeout [ 737.171218][T17506] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2550'. [ 738.997595][T15554] Bluetooth: hci4: command 0x0c1a tx timeout [ 739.437336][T17549] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2560'. [ 740.516984][T17458] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 742.221388][T17602] FAULT_INJECTION: forcing a failure. [ 742.221388][T17602] name failslab, interval 1, probability 0, space 0, times 0 [ 742.281555][T17602] CPU: 0 UID: 0 PID: 17602 Comm: syz.3.2574 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 742.281598][T17602] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 742.281609][T17602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 742.281619][T17602] Call Trace: [ 742.281626][T17602] [ 742.281633][T17602] dump_stack_lvl+0x100/0x190 [ 742.281666][T17602] should_fail_ex.cold+0x5/0xa [ 742.281690][T17602] should_failslab+0xc2/0x120 [ 742.281711][T17602] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 742.281739][T17602] ? alloc_inode+0x68/0x250 [ 742.281764][T17602] ? simple_start_creating+0xb0/0x110 [ 742.281793][T17602] ? __pfx_debugfs_alloc_inode+0x10/0x10 [ 742.281814][T17602] alloc_inode+0x68/0x250 [ 742.281840][T17602] new_inode+0x22/0x1c0 [ 742.281867][T17602] __debugfs_create_file+0x105/0x4f0 [ 742.281890][T17602] debugfs_create_file_full+0x41/0x60 [ 742.281913][T17602] drm_debugfs_clients_add+0xd9/0x210 [ 742.281939][T17602] drm_file_alloc+0x5c6/0xb40 [ 742.281966][T17602] drm_open_helper+0x1fc/0x540 [ 742.281993][T17602] drm_open+0x1a0/0x3e0 [ 742.282017][T17602] ? __pfx_drm_open+0x10/0x10 [ 742.282041][T17602] drm_stub_open+0x20f/0x380 [ 742.282066][T17602] ? __pfx_drm_stub_open+0x10/0x10 [ 742.282090][T17602] chrdev_open+0x234/0x6a0 [ 742.282109][T17602] ? __pfx_apparmor_file_open+0x10/0x10 [ 742.282129][T17602] ? __pfx_chrdev_open+0x10/0x10 [ 742.282149][T17602] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 742.282175][T17602] do_dentry_open+0x6d8/0x1660 [ 742.282193][T17602] ? __pfx_chrdev_open+0x10/0x10 [ 742.282218][T17602] vfs_open+0x82/0x3f0 [ 742.282254][T17602] path_openat+0x208c/0x31a0 [ 742.282282][T17602] ? __pfx_path_openat+0x10/0x10 [ 742.282311][T17602] do_file_open+0x20e/0x430 [ 742.282334][T17602] ? __pfx_do_file_open+0x10/0x10 [ 742.282369][T17602] ? alloc_fd+0x476/0x790 [ 742.282390][T17602] ? do_getname+0x191/0x390 [ 742.282416][T17602] do_sys_openat2+0x10d/0x1e0 [ 742.282442][T17602] ? __pfx_do_sys_openat2+0x10/0x10 [ 742.282469][T17602] ? __sys_sendmsg+0x18f/0x220 [ 742.282501][T17602] __x64_sys_openat+0x12d/0x210 [ 742.282526][T17602] ? __pfx___x64_sys_openat+0x10/0x10 [ 742.282559][T17602] do_syscall_64+0x106/0xf80 [ 742.282587][T17602] ? clear_bhb_loop+0x40/0x90 [ 742.282608][T17602] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 742.282627][T17602] RIP: 0033:0x7f35ed59c799 [ 742.282643][T17602] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 742.282661][T17602] RSP: 002b:00007f35ee3c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 742.282679][T17602] RAX: ffffffffffffffda RBX: 00007f35ed815fa0 RCX: 00007f35ed59c799 [ 742.282691][T17602] RDX: 0000000000024000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 742.282702][T17602] RBP: 00007f35ed632c99 R08: 0000000000000000 R09: 0000000000000000 [ 742.282713][T17602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 742.282723][T17602] R13: 00007f35ed816038 R14: 00007f35ed815fa0 R15: 00007ffd7ae123c8 [ 742.282745][T17602] [ 742.282753][T17602] debugfs: out of free dentries, can not create file 'proc_info' [ 743.968998][T17621] futex_wake_op: syz.3.2578 tries to shift op by -2048; fix this program [ 744.006119][T17621] futex_wake_op: syz.3.2578 tries to shift op by -2048; fix this program [ 744.344143][T17625] zswap: compressor not available [ 745.199364][T17639] netlink: 17 bytes leftover after parsing attributes in process `syz.1.2584'. [ 746.738054][T17664] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2588'. [ 747.817779][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.824816][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 750.110773][T17721] FAULT_INJECTION: forcing a failure. [ 750.110773][T17721] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 750.181742][T17721] CPU: 0 UID: 0 PID: 17721 Comm: syz.3.2603 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 750.181782][T17721] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 750.181792][T17721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 750.181802][T17721] Call Trace: [ 750.181808][T17721] [ 750.181815][T17721] dump_stack_lvl+0x100/0x190 [ 750.181848][T17721] should_fail_ex.cold+0x5/0xa [ 750.181869][T17721] ? prepare_alloc_pages+0x16d/0x5f0 [ 750.181892][T17721] should_fail_alloc_page+0xeb/0x140 [ 750.181914][T17721] prepare_alloc_pages+0x1f0/0x5f0 [ 750.181939][T17721] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 750.181969][T17721] ? bpf_ksym_find+0x124/0x1c0 [ 750.181992][T17721] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 750.182013][T17721] ? is_bpf_text_address+0x94/0x1a0 [ 750.182041][T17721] ? kernel_text_address+0x8d/0x100 [ 750.182073][T17721] ? __kernel_text_address+0xd/0x30 [ 750.182099][T17721] ? unwind_get_return_address+0x59/0xa0 [ 750.182122][T17721] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 750.182164][T17721] ? tomoyo_check_open_permission+0x1a2/0x3c0 [ 750.182191][T17721] ? look_up_lock_class+0x64/0x120 [ 750.182219][T17721] ? register_lock_class+0x40/0x560 [ 750.182243][T17721] ? find_held_lock+0x2b/0x80 [ 750.182259][T17721] ? ima_match_policy+0x8c4/0x2350 [ 750.182280][T17721] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 750.182300][T17721] ? policy_nodemask+0xed/0x4f0 [ 750.182321][T17721] alloc_pages_mpol+0x1fb/0x550 [ 750.182342][T17721] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 750.182367][T17721] alloc_pages_noprof+0x131/0x390 [ 750.182388][T17721] __pmd_alloc+0x3b/0x950 [ 750.182412][T17721] __handle_mm_fault+0xa99/0x2b60 [ 750.182442][T17721] ? mt_find+0x45e/0x8e0 [ 750.182459][T17721] ? __pfx___handle_mm_fault+0x10/0x10 [ 750.182483][T17721] ? __pfx_mt_find+0x10/0x10 [ 750.182518][T17721] ? find_vma+0xbf/0x140 [ 750.182535][T17721] ? __pfx_find_vma+0x10/0x10 [ 750.182555][T17721] handle_mm_fault+0x36d/0xa20 [ 750.182585][T17721] do_user_addr_fault+0x74c/0x12f0 [ 750.182609][T17721] exc_page_fault+0x6f/0xd0 [ 750.182636][T17721] asm_exc_page_fault+0x26/0x30 [ 750.182654][T17721] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 750.182676][T17721] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 [ 750.182693][T17721] RSP: 0018:ffffc900033f79b0 EFLAGS: 00050202 [ 750.182708][T17721] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000007 [ 750.182718][T17721] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc900033f7a38 [ 750.182729][T17721] RBP: 0000000000000007 R08: 0000000000000001 R09: fffff5200067ef47 [ 750.182739][T17721] R10: ffffc900033f7a3e R11: 0000000000000000 R12: 0000000000000000 [ 750.182749][T17721] R13: ffffc900033f7a38 R14: 1ffff9200067ef41 R15: ffffc900033f7d6c [ 750.182771][T17721] _copy_from_user+0x98/0xd0 [ 750.182794][T17721] ____sys_sendmsg+0x1d1/0xb70 [ 750.182817][T17721] ? __pfx_____sys_sendmsg+0x10/0x10 [ 750.182841][T17721] ? __pfx__kstrtoull+0x10/0x10 [ 750.182874][T17721] ___sys_sendmsg+0x190/0x1e0 [ 750.182898][T17721] ? __pfx____sys_sendmsg+0x10/0x10 [ 750.182933][T17721] ? find_held_lock+0x2b/0x80 [ 750.182967][T17721] __sys_sendmmsg+0x205/0x430 [ 750.182997][T17721] ? __pfx___sys_sendmmsg+0x10/0x10 [ 750.183032][T17721] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 750.183070][T17721] ? fput+0x79/0x100 [ 750.183091][T17721] ? ksys_write+0x1ac/0x250 [ 750.183108][T17721] ? __pfx_ksys_write+0x10/0x10 [ 750.183136][T17721] __x64_sys_sendmmsg+0x9c/0x100 [ 750.183163][T17721] ? lockdep_hardirqs_on+0x78/0x100 [ 750.183189][T17721] do_syscall_64+0x106/0xf80 [ 750.183215][T17721] ? clear_bhb_loop+0x40/0x90 [ 750.183237][T17721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.183254][T17721] RIP: 0033:0x7f35ed59c799 [ 750.183268][T17721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 750.183284][T17721] RSP: 002b:00007f35ee3c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 750.183300][T17721] RAX: ffffffffffffffda RBX: 00007f35ed815fa0 RCX: 00007f35ed59c799 [ 750.183310][T17721] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 750.183320][T17721] RBP: 00007f35ee3c9090 R08: 0000000000000000 R09: 0000000000000000 [ 750.183330][T17721] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000001 [ 750.183341][T17721] R13: 00007f35ed816038 R14: 00007f35ed815fa0 R15: 00007ffd7ae123c8 [ 750.183363][T17721] [ 750.829336][T17726] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2605'. [ 752.364958][T17761] random: crng reseeded on system resumption [ 753.411883][T17778] FAULT_INJECTION: forcing a failure. [ 753.411883][T17778] name failslab, interval 1, probability 0, space 0, times 0 [ 753.473662][T17778] CPU: 0 UID: 0 PID: 17778 Comm: syz.3.2620 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 753.473701][T17778] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 753.473711][T17778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 753.473721][T17778] Call Trace: [ 753.473727][T17778] [ 753.473734][T17778] dump_stack_lvl+0x100/0x190 [ 753.473766][T17778] should_fail_ex.cold+0x5/0xa [ 753.473788][T17778] should_failslab+0xc2/0x120 [ 753.473808][T17778] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 753.473838][T17778] ? kvasprintf_const+0x66/0x1a0 [ 753.473865][T17778] kvasprintf+0xbc/0x150 [ 753.473886][T17778] ? __pfx_kvasprintf+0x10/0x10 [ 753.473912][T17778] ? mark_held_locks+0x40/0x70 [ 753.473939][T17778] kvasprintf_const+0x66/0x1a0 [ 753.473962][T17778] kobject_set_name_vargs+0x5a/0x140 [ 753.473983][T17778] kobject_init_and_add+0xe7/0x180 [ 753.474004][T17778] ? __pfx_kobject_init_and_add+0x10/0x10 [ 753.474022][T17778] ? do_syscall_64+0x106/0xf80 [ 753.474059][T17778] netdev_queue_update_kobjects+0x32d/0x6f0 [ 753.474085][T17778] netif_set_real_num_tx_queues+0x1eb/0xad0 [ 753.474121][T17778] tun_attach.isra.0+0x6ab/0x17b0 [ 753.474154][T17778] ? apparmor_capable+0x1d7/0x4d0 [ 753.474174][T17778] ? bpf_lsm_capable+0x9/0x10 [ 753.474198][T17778] __tun_chr_ioctl+0x1302/0x47c0 [ 753.474222][T17778] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 753.474244][T17778] ? hook_file_ioctl_common+0x146/0x410 [ 753.474270][T17778] ? __fget_files+0x21f/0x3d0 [ 753.474291][T17778] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 753.474311][T17778] __x64_sys_ioctl+0x18e/0x210 [ 753.474339][T17778] do_syscall_64+0x106/0xf80 [ 753.474365][T17778] ? clear_bhb_loop+0x40/0x90 [ 753.474387][T17778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 753.474406][T17778] RIP: 0033:0x7f35ed59c799 [ 753.474421][T17778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 753.474438][T17778] RSP: 002b:00007f35ee3c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 753.474456][T17778] RAX: ffffffffffffffda RBX: 00007f35ed815fa0 RCX: 00007f35ed59c799 [ 753.474468][T17778] RDX: 0000000000000038 RSI: 00000000400454ca RDI: 0000000000000005 [ 753.474478][T17778] RBP: 00007f35ee3c9090 R08: 0000000000000000 R09: 0000000000000000 [ 753.474489][T17778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 753.474498][T17778] R13: 00007f35ed816038 R14: 00007f35ed815fa0 R15: 00007ffd7ae123c8 [ 753.474520][T17778] [ 753.474528][T17778] kobject: can not set name properly! [ 755.359335][T17797] FAULT_INJECTION: forcing a failure. [ 755.359335][T17797] name failslab, interval 1, probability 0, space 0, times 0 [ 755.468557][T17802] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2624'. [ 755.520224][T17797] CPU: 0 UID: 0 PID: 17797 Comm: syz.2.2624 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 755.520267][T17797] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 755.520278][T17797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 755.520289][T17797] Call Trace: [ 755.520295][T17797] [ 755.520303][T17797] dump_stack_lvl+0x100/0x190 [ 755.520345][T17797] should_fail_ex.cold+0x5/0xa [ 755.520368][T17797] should_failslab+0xc2/0x120 [ 755.520390][T17797] __kmalloc_cache_noprof+0x7a/0x6f0 [ 755.520415][T17797] ? open_substream+0xec/0x9e0 [ 755.520438][T17797] ? mark_held_locks+0x40/0x70 [ 755.520466][T17797] open_substream+0xec/0x9e0 [ 755.520492][T17797] rawmidi_open_priv+0x595/0x6f0 [ 755.520522][T17797] snd_rawmidi_open+0x4c9/0xba0 [ 755.520552][T17797] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 755.520579][T17797] ? __pfx_default_wake_function+0x10/0x10 [ 755.520602][T17797] ? kobject_get_unless_zero+0x156/0x200 [ 755.520625][T17797] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 755.520650][T17797] snd_open+0x22d/0x4c0 [ 755.520670][T17797] ? __pfx_snd_open+0x10/0x10 [ 755.520690][T17797] chrdev_open+0x234/0x6a0 [ 755.520709][T17797] ? __pfx_apparmor_file_open+0x10/0x10 [ 755.520729][T17797] ? __pfx_chrdev_open+0x10/0x10 [ 755.520750][T17797] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 755.520775][T17797] do_dentry_open+0x6d8/0x1660 [ 755.520793][T17797] ? __pfx_chrdev_open+0x10/0x10 [ 755.520817][T17797] vfs_open+0x82/0x3f0 [ 755.520843][T17797] path_openat+0x208c/0x31a0 [ 755.520870][T17797] ? __pfx_path_openat+0x10/0x10 [ 755.520897][T17797] do_file_open+0x20e/0x430 [ 755.520919][T17797] ? __pfx_do_file_open+0x10/0x10 [ 755.520955][T17797] ? alloc_fd+0x476/0x790 [ 755.520976][T17797] ? do_getname+0x191/0x390 [ 755.521001][T17797] do_sys_openat2+0x10d/0x1e0 [ 755.521026][T17797] ? __pfx_do_sys_openat2+0x10/0x10 [ 755.521053][T17797] ? __fget_files+0x21f/0x3d0 [ 755.521075][T17797] __x64_sys_openat+0x12d/0x210 [ 755.521101][T17797] ? __pfx___x64_sys_openat+0x10/0x10 [ 755.521134][T17797] do_syscall_64+0x106/0xf80 [ 755.521160][T17797] ? clear_bhb_loop+0x40/0x90 [ 755.521182][T17797] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 755.521201][T17797] RIP: 0033:0x7f980959c799 [ 755.521217][T17797] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 755.521234][T17797] RSP: 002b:00007f980a397028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 755.521257][T17797] RAX: ffffffffffffffda RBX: 00007f9809815fa0 RCX: 00007f980959c799 [ 755.521269][T17797] RDX: 0000000000080102 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 755.521280][T17797] RBP: 00007f9809632c99 R08: 0000000000000000 R09: 0000000000000000 [ 755.521290][T17797] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 755.521301][T17797] R13: 00007f9809816038 R14: 00007f9809815fa0 R15: 00007ffe47c0f438 [ 755.521332][T17797] [ 756.151497][T17802] bridge_slave_1: left allmulticast mode [ 756.184581][T17802] bridge_slave_1: left promiscuous mode [ 756.190458][T17802] bridge0: port 2(bridge_slave_1) entered disabled state [ 756.330197][T17806] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2628'. [ 756.375775][T17807] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 756.408135][T17802] bridge_slave_0: left allmulticast mode [ 756.426062][T17802] bridge_slave_0: left promiscuous mode [ 756.431829][T17802] bridge0: port 1(bridge_slave_0) entered disabled state [ 766.629879][T17994] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 772.641516][T18124] FAULT_INJECTION: forcing a failure. [ 772.641516][T18124] name failslab, interval 1, probability 0, space 0, times 0 [ 772.705751][T18124] CPU: 0 UID: 0 PID: 18124 Comm: syz.1.2723 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 772.705791][T18124] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 772.705801][T18124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 772.705811][T18124] Call Trace: [ 772.705818][T18124] [ 772.705825][T18124] dump_stack_lvl+0x100/0x190 [ 772.705866][T18124] should_fail_ex.cold+0x5/0xa [ 772.705888][T18124] should_failslab+0xc2/0x120 [ 772.705909][T18124] __kvmalloc_node_noprof+0xfa/0xa00 [ 772.705938][T18124] ? traverse.part.0.constprop.0+0x397/0x650 [ 772.705974][T18124] traverse.part.0.constprop.0+0x397/0x650 [ 772.706010][T18124] seq_read_iter+0x93f/0x1270 [ 772.706040][T18124] ? aa_file_perm+0x7f3/0x14d0 [ 772.706072][T18124] seq_read+0x33b/0x4c0 [ 772.706104][T18124] ? __pfx_seq_read+0x10/0x10 [ 772.706147][T18124] ? __pfx_seq_read+0x10/0x10 [ 772.706175][T18124] proc_reg_read+0x240/0x330 [ 772.706202][T18124] ? __pfx_proc_reg_read+0x10/0x10 [ 772.706230][T18124] vfs_read+0x1e4/0xb30 [ 772.706250][T18124] ? __pfx_vfs_read+0x10/0x10 [ 772.706264][T18124] ? find_held_lock+0x2b/0x80 [ 772.706281][T18124] ? __fget_files+0x215/0x3d0 [ 772.706298][T18124] ? __fget_files+0x215/0x3d0 [ 772.706319][T18124] ? __fget_files+0x21f/0x3d0 [ 772.706342][T18124] __x64_sys_pread64+0x1eb/0x250 [ 772.706366][T18124] ? __pfx___x64_sys_pread64+0x10/0x10 [ 772.706391][T18124] do_syscall_64+0x106/0xf80 [ 772.706418][T18124] ? clear_bhb_loop+0x40/0x90 [ 772.706439][T18124] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 772.706457][T18124] RIP: 0033:0x7f82d839c799 [ 772.706473][T18124] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 772.706490][T18124] RSP: 002b:00007f82d65ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 772.706508][T18124] RAX: ffffffffffffffda RBX: 00007f82d8615fa0 RCX: 00007f82d839c799 [ 772.706519][T18124] RDX: 0000000000000202 RSI: 0000200000000080 RDI: 0000000000000003 [ 772.706529][T18124] RBP: 00007f82d65ee090 R08: 0000000000000000 R09: 0000000000000000 [ 772.706540][T18124] R10: 0000000000000007 R11: 0000000000000246 R12: 0000000000000001 [ 772.706549][T18124] R13: 00007f82d8616038 R14: 00007f82d8615fa0 R15: 00007fffd8f3f0c8 [ 772.706572][T18124] [ 773.705263][T18143] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2728'. [ 774.274974][T18154] bcache: register_bcache() error : Not a bcache superblock (bad offset) [ 775.486434][T18187] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2744'. [ 776.747915][T18208] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2747'. [ 777.021852][T18213] FAULT_INJECTION: forcing a failure. [ 777.021852][T18213] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 777.092268][T18213] CPU: 0 UID: 0 PID: 18213 Comm: syz.1.2748 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 777.092308][T18213] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 777.092318][T18213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 777.092329][T18213] Call Trace: [ 777.092335][T18213] [ 777.092342][T18213] dump_stack_lvl+0x100/0x190 [ 777.092375][T18213] should_fail_ex.cold+0x5/0xa [ 777.092397][T18213] _copy_from_user+0x2e/0xd0 [ 777.092420][T18213] copy_msghdr_from_user+0x9f/0x4f0 [ 777.092444][T18213] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 777.092468][T18213] ? rcu_is_watching+0x12/0xc0 [ 777.092497][T18213] ? ___sys_sendmsg+0x19d/0x1e0 [ 777.092515][T18213] ? kfree+0x2ec/0x6b0 [ 777.092542][T18213] ___sys_sendmsg+0x106/0x1e0 [ 777.092564][T18213] ? __pfx____sys_sendmsg+0x10/0x10 [ 777.092603][T18213] ? __pfx___might_resched+0x10/0x10 [ 777.092634][T18213] __sys_sendmmsg+0x205/0x430 [ 777.092664][T18213] ? __pfx___sys_sendmmsg+0x10/0x10 [ 777.092698][T18213] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 777.092735][T18213] ? fput+0x79/0x100 [ 777.092755][T18213] ? ksys_write+0x1ac/0x250 [ 777.092771][T18213] ? __pfx_ksys_write+0x10/0x10 [ 777.092791][T18213] __x64_sys_sendmmsg+0x9c/0x100 [ 777.092819][T18213] ? lockdep_hardirqs_on+0x78/0x100 [ 777.092844][T18213] do_syscall_64+0x106/0xf80 [ 777.092870][T18213] ? clear_bhb_loop+0x40/0x90 [ 777.092892][T18213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 777.092910][T18213] RIP: 0033:0x7f82d839c799 [ 777.092925][T18213] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 777.092942][T18213] RSP: 002b:00007f82d65ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 777.092961][T18213] RAX: ffffffffffffffda RBX: 00007f82d8615fa0 RCX: 00007f82d839c799 [ 777.092972][T18213] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000003 [ 777.092982][T18213] RBP: 00007f82d65ee090 R08: 0000000000000000 R09: 0000000000000000 [ 777.093000][T18213] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 777.093011][T18213] R13: 00007f82d8616038 R14: 00007f82d8615fa0 R15: 00007fffd8f3f0c8 [ 777.093033][T18213] [ 778.113497][T18219] FAULT_INJECTION: forcing a failure. [ 778.113497][T18219] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 778.143391][T18219] CPU: 0 UID: 0 PID: 18219 Comm: syz.3.2750 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 778.143432][T18219] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 778.143442][T18219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 778.143452][T18219] Call Trace: [ 778.143460][T18219] [ 778.143468][T18219] dump_stack_lvl+0x100/0x190 [ 778.143500][T18219] should_fail_ex.cold+0x5/0xa [ 778.143522][T18219] _copy_from_user+0x2e/0xd0 [ 778.143544][T18219] do_sys_poll+0x345/0xeb0 [ 778.143561][T18219] ? __lock_acquire+0x4a5/0x2630 [ 778.143584][T18219] ? find_held_lock+0x2b/0x80 [ 778.143606][T18219] ? __pfx_do_sys_poll+0x10/0x10 [ 778.143623][T18219] ? lock_acquire+0x1cf/0x380 [ 778.143660][T18219] ? __lock_acquire+0x4a5/0x2630 [ 778.143721][T18219] ? __pfx_poll_select_finish+0x10/0x10 [ 778.143756][T18219] ? __mutex_unlock_slowpath+0x15c/0x790 [ 778.143784][T18219] ? __fget_files+0x215/0x3d0 [ 778.143800][T18219] ? set_user_sigmask+0x1e1/0x270 [ 778.143828][T18219] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 778.143846][T18219] ? __pfx_set_user_sigmask+0x10/0x10 [ 778.143875][T18219] ? arch_do_signal_or_restart+0x1f9/0x770 [ 778.143903][T18219] __x64_sys_ppoll+0x2b5/0x350 [ 778.143923][T18219] ? __pfx___x64_sys_ppoll+0x10/0x10 [ 778.143949][T18219] do_syscall_64+0x106/0xf80 [ 778.143975][T18219] ? clear_bhb_loop+0x40/0x90 [ 778.143996][T18219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 778.144015][T18219] RIP: 0033:0x7f35ed59c799 [ 778.144030][T18219] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 778.144048][T18219] RSP: 002b:00007f35ee3a8028 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 778.144065][T18219] RAX: ffffffffffffffda RBX: 00007f35ed816090 RCX: 00007f35ed59c799 [ 778.144077][T18219] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 0000000000000000 [ 778.144087][T18219] RBP: 00007f35ee3a8090 R08: 0000000000000008 R09: 0000000000000000 [ 778.144097][T18219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 778.144107][T18219] R13: 00007f35ed816128 R14: 00007f35ed816090 R15: 00007ffd7ae123c8 [ 778.144128][T18219] [ 780.183826][T18270] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2763'. [ 787.345105][T18419] FAULT_INJECTION: forcing a failure. [ 787.345105][T18419] name fail_futex, interval 1, probability 0, space 0, times 0 [ 787.522729][T18419] CPU: 0 UID: 0 PID: 18419 Comm: syz.4.2796 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 787.522772][T18419] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 787.522782][T18419] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 787.522793][T18419] Call Trace: [ 787.522799][T18419] [ 787.522806][T18419] dump_stack_lvl+0x100/0x190 [ 787.522850][T18419] should_fail_ex.cold+0x5/0xa [ 787.522873][T18419] get_futex_key+0x1d2/0x1620 [ 787.522898][T18419] ? __pfx_get_futex_key+0x10/0x10 [ 787.522919][T18419] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.522947][T18419] futex_wake+0xea/0x530 [ 787.522977][T18419] ? __pfx_futex_wake+0x10/0x10 [ 787.523014][T18419] do_futex+0x32b/0x350 [ 787.523039][T18419] ? __pfx_do_futex+0x10/0x10 [ 787.523063][T18419] ? __pfx___might_resched+0x10/0x10 [ 787.523090][T18419] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 787.523121][T18419] __x64_sys_futex+0x34f/0x4d0 [ 787.523147][T18419] ? __pfx_task_work_run+0x10/0x10 [ 787.523173][T18419] ? __pfx___x64_sys_futex+0x10/0x10 [ 787.523198][T18419] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 787.523229][T18419] do_syscall_64+0x106/0xf80 [ 787.523255][T18419] ? clear_bhb_loop+0x40/0x90 [ 787.523282][T18419] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 787.523300][T18419] RIP: 0033:0x7fabf859c799 [ 787.523316][T18419] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 787.523333][T18419] RSP: 002b:00007fabf94d10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 787.523351][T18419] RAX: ffffffffffffffda RBX: 00007fabf8816098 RCX: 00007fabf859c799 [ 787.523363][T18419] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fabf881609c [ 787.523373][T18419] RBP: 00007fabf8816090 R08: 0000000000000000 R09: 0000000000000000 [ 787.523384][T18419] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 787.523394][T18419] R13: 00007fabf8816128 R14: 00007fffa44b3330 R15: 00007fffa44b3418 [ 787.523416][T18419] [ 787.838332][T18427] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2798'. [ 789.446163][T18460] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2802'. [ 789.997551][T18478] FAULT_INJECTION: forcing a failure. [ 789.997551][T18478] name failslab, interval 1, probability 0, space 0, times 0 [ 790.047715][T18478] CPU: 0 UID: 0 PID: 18478 Comm: syz.2.2810 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 790.047755][T18478] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 790.047765][T18478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 790.047775][T18478] Call Trace: [ 790.047781][T18478] [ 790.047788][T18478] dump_stack_lvl+0x100/0x190 [ 790.047820][T18478] should_fail_ex.cold+0x5/0xa [ 790.047842][T18478] should_failslab+0xc2/0x120 [ 790.047862][T18478] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 790.047891][T18478] ? __alloc_skb+0x140/0x710 [ 790.047921][T18478] __alloc_skb+0x140/0x710 [ 790.047944][T18478] ? __alloc_skb+0x5b7/0x710 [ 790.047968][T18478] ? __pfx___alloc_skb+0x10/0x10 [ 790.047994][T18478] ? trace_contention_end+0x140/0x180 [ 790.048023][T18478] netlink_dump+0x19b/0xd30 [ 790.048049][T18478] ? __netlink_lookup+0x652/0x900 [ 790.048075][T18478] ? __netlink_lookup+0x652/0x900 [ 790.048103][T18478] ? __pfx_netlink_dump+0x10/0x10 [ 790.048129][T18478] ? __pfx___mutex_lock+0x10/0x10 [ 790.048157][T18478] ? __netlink_lookup+0x65c/0x900 [ 790.048197][T18478] __netlink_dump_start+0x6d6/0x990 [ 790.048228][T18478] ? __pfx_mctp_dump_addrinfo+0x10/0x10 [ 790.048246][T18478] rtnetlink_rcv_msg+0xb3e/0xe90 [ 790.048278][T18478] ? __pfx_mctp_dump_addrinfo+0x10/0x10 [ 790.048297][T18478] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 790.048324][T18478] ? __pfx_rtnl_dumpit+0x10/0x10 [ 790.048344][T18478] ? __pfx_mctp_dump_addrinfo+0x10/0x10 [ 790.048365][T18478] ? ref_tracker_free+0x37e/0x6c0 [ 790.048392][T18478] netlink_rcv_skb+0x159/0x420 [ 790.048409][T18478] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 790.048438][T18478] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 790.048463][T18478] ? netlink_deliver_tap+0x1ae/0xcc0 [ 790.048495][T18478] netlink_unicast+0x5aa/0x870 [ 790.048527][T18478] ? __pfx_netlink_unicast+0x10/0x10 [ 790.048555][T18478] ? __pfx___might_resched+0x10/0x10 [ 790.048582][T18478] ? __lock_acquire+0x4a5/0x2630 [ 790.048618][T18478] netlink_sendmsg+0x8b0/0xda0 [ 790.048651][T18478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 790.048678][T18478] ? __import_iovec+0x1d2/0x640 [ 790.048703][T18478] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 790.048736][T18478] ____sys_sendmsg+0x9e1/0xb70 [ 790.048754][T18478] ? __pfx_netlink_sendmsg+0x10/0x10 [ 790.048785][T18478] ? __pfx_____sys_sendmsg+0x10/0x10 [ 790.048806][T18478] ? rcu_is_watching+0x12/0xc0 [ 790.048834][T18478] ? ___sys_sendmsg+0x19d/0x1e0 [ 790.048853][T18478] ? kfree+0x2ec/0x6b0 [ 790.048880][T18478] ___sys_sendmsg+0x190/0x1e0 [ 790.048902][T18478] ? __pfx____sys_sendmsg+0x10/0x10 [ 790.048943][T18478] ? __pfx___might_resched+0x10/0x10 [ 790.048974][T18478] __sys_sendmmsg+0x205/0x430 [ 790.049004][T18478] ? __pfx___sys_sendmmsg+0x10/0x10 [ 790.049038][T18478] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 790.049076][T18478] ? fput+0x79/0x100 [ 790.049097][T18478] ? ksys_write+0x1ac/0x250 [ 790.049114][T18478] ? __pfx_ksys_write+0x10/0x10 [ 790.049135][T18478] __x64_sys_sendmmsg+0x9c/0x100 [ 790.049161][T18478] ? lockdep_hardirqs_on+0x78/0x100 [ 790.049187][T18478] do_syscall_64+0x106/0xf80 [ 790.049221][T18478] ? clear_bhb_loop+0x40/0x90 [ 790.049243][T18478] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 790.049261][T18478] RIP: 0033:0x7f980959c799 [ 790.049277][T18478] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 790.049293][T18478] RSP: 002b:00007f980a376028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 790.049311][T18478] RAX: ffffffffffffffda RBX: 00007f9809816090 RCX: 00007f980959c799 [ 790.049322][T18478] RDX: 0000000000000007 RSI: 0000200000000200 RDI: 0000000000000004 [ 790.049333][T18478] RBP: 00007f980a376090 R08: 0000000000000000 R09: 0000000000000000 [ 790.049343][T18478] R10: 0000000000004008 R11: 0000000000000246 R12: 0000000000000002 [ 790.049354][T18478] R13: 00007f9809816128 R14: 00007f9809816090 R15: 00007ffe47c0f438 [ 790.049376][T18478] [ 791.117448][T18489] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2812'. [ 792.654248][T18523] FAULT_INJECTION: forcing a failure. [ 792.654248][T18523] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 792.713079][T18523] CPU: 0 UID: 0 PID: 18523 Comm: syz.2.2820 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 792.713119][T18523] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 792.713129][T18523] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 792.713139][T18523] Call Trace: [ 792.713145][T18523] [ 792.713157][T18523] dump_stack_lvl+0x100/0x190 [ 792.713190][T18523] should_fail_ex.cold+0x5/0xa [ 792.713213][T18523] _copy_from_iter+0x1f4/0x1690 [ 792.713238][T18523] ? __asan_memset+0x23/0x50 [ 792.713264][T18523] ? __pfx__copy_from_iter+0x10/0x10 [ 792.713285][T18523] ? __pfx___alloc_skb+0x10/0x10 [ 792.713320][T18523] netlink_sendmsg+0x808/0xda0 [ 792.713353][T18523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 792.713380][T18523] ? __import_iovec+0x1d2/0x640 [ 792.713405][T18523] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 792.713437][T18523] ____sys_sendmsg+0x9e1/0xb70 [ 792.713463][T18523] ? __pfx_netlink_sendmsg+0x10/0x10 [ 792.713494][T18523] ? __pfx_____sys_sendmsg+0x10/0x10 [ 792.713523][T18523] ___sys_sendmsg+0x190/0x1e0 [ 792.713545][T18523] ? __pfx____sys_sendmsg+0x10/0x10 [ 792.713592][T18523] __sys_sendmsg+0x170/0x220 [ 792.713619][T18523] ? __pfx___sys_sendmsg+0x10/0x10 [ 792.713659][T18523] do_syscall_64+0x106/0xf80 [ 792.713685][T18523] ? clear_bhb_loop+0x40/0x90 [ 792.713706][T18523] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 792.713724][T18523] RIP: 0033:0x7f980959c799 [ 792.713740][T18523] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 792.713757][T18523] RSP: 002b:00007f980a397028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 792.713775][T18523] RAX: ffffffffffffffda RBX: 00007f9809815fa0 RCX: 00007f980959c799 [ 792.713786][T18523] RDX: 0000000000040044 RSI: 0000200000002040 RDI: 0000000000000003 [ 792.713797][T18523] RBP: 00007f980a397090 R08: 0000000000000000 R09: 0000000000000000 [ 792.713807][T18523] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 792.713817][T18523] R13: 00007f9809816038 R14: 00007f9809815fa0 R15: 00007ffe47c0f438 [ 792.713839][T18523] [ 793.580214][T18524] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 793.603620][T18524] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 793.612575][T18524] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 793.642476][T18524] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 793.667330][T18541] FAULT_INJECTION: forcing a failure. [ 793.667330][T18541] name failslab, interval 1, probability 0, space 0, times 0 [ 793.853033][T18541] CPU: 0 UID: 0 PID: 18541 Comm: syz.3.2824 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 793.853074][T18541] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 793.853085][T18541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 793.853096][T18541] Call Trace: [ 793.853103][T18541] [ 793.853110][T18541] dump_stack_lvl+0x100/0x190 [ 793.853142][T18541] should_fail_ex.cold+0x5/0xa [ 793.853165][T18541] should_failslab+0xc2/0x120 [ 793.853186][T18541] __kvmalloc_node_noprof+0xfa/0xa00 [ 793.853215][T18541] ? __do_sys_setgroups+0x126/0x4f0 [ 793.853246][T18541] __do_sys_setgroups+0x126/0x4f0 [ 793.853277][T18541] do_syscall_64+0x106/0xf80 [ 793.853309][T18541] ? clear_bhb_loop+0x40/0x90 [ 793.853331][T18541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.853350][T18541] RIP: 0033:0x7f35ed59c799 [ 793.853365][T18541] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 793.853382][T18541] RSP: 002b:00007f35ee387028 EFLAGS: 00000246 ORIG_RAX: 0000000000000074 [ 793.853400][T18541] RAX: ffffffffffffffda RBX: 00007f35ed816180 RCX: 00007f35ed59c799 [ 793.853412][T18541] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000010 [ 793.853423][T18541] RBP: 00007f35ed632c99 R08: 0000000000000000 R09: 0000000000000000 [ 793.853433][T18541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 793.853443][T18541] R13: 00007f35ed816218 R14: 00007f35ed816180 R15: 00007ffd7ae123c8 [ 793.853466][T18541] [ 794.917095][T18568] FAULT_INJECTION: forcing a failure. [ 794.917095][T18568] name failslab, interval 1, probability 0, space 0, times 0 [ 795.000700][T18568] CPU: 0 UID: 0 PID: 18568 Comm: syz.2.2830 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 795.000751][T18568] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 795.000762][T18568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 795.000773][T18568] Call Trace: [ 795.000779][T18568] [ 795.000787][T18568] dump_stack_lvl+0x100/0x190 [ 795.000820][T18568] should_fail_ex.cold+0x5/0xa [ 795.000842][T18568] should_failslab+0xc2/0x120 [ 795.000862][T18568] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 795.000894][T18568] ? sysctl_core_net_init+0x42/0x290 [ 795.000920][T18568] kmemdup_noprof+0x29/0x60 [ 795.000939][T18568] sysctl_core_net_init+0x42/0x290 [ 795.000962][T18568] ? __pfx_sysctl_core_net_init+0x10/0x10 [ 795.000984][T18568] ops_init+0x1e2/0x5f0 [ 795.001013][T18568] setup_net+0x118/0x3a0 [ 795.001042][T18568] ? __pfx_setup_net+0x10/0x10 [ 795.001069][T18568] ? lockdep_init_map_type+0x5c/0x250 [ 795.001094][T18568] ? mutex_init_lockep+0x110/0x150 [ 795.001122][T18568] copy_net_ns+0x46f/0x7c0 [ 795.001143][T18568] create_new_namespaces+0x3ea/0xac0 [ 795.001167][T18568] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 795.001190][T18568] ksys_unshare+0x473/0xad0 [ 795.001214][T18568] ? __pfx_ksys_unshare+0x10/0x10 [ 795.001246][T18568] __x64_sys_unshare+0x31/0x40 [ 795.001269][T18568] do_syscall_64+0x106/0xf80 [ 795.001296][T18568] ? clear_bhb_loop+0x40/0x90 [ 795.001320][T18568] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.001339][T18568] RIP: 0033:0x7f980959c799 [ 795.001355][T18568] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.001374][T18568] RSP: 002b:00007f980a397028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 795.001393][T18568] RAX: ffffffffffffffda RBX: 00007f9809815fa0 RCX: 00007f980959c799 [ 795.001405][T18568] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 795.001416][T18568] RBP: 00007f9809632c99 R08: 0000000000000000 R09: 0000000000000000 [ 795.001428][T18568] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 795.001439][T18568] R13: 00007f9809816038 R14: 00007f9809815fa0 R15: 00007ffe47c0f438 [ 795.001464][T18568] [ 795.552720][T18579] FAULT_INJECTION: forcing a failure. [ 795.552720][T18579] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 795.604395][T18579] CPU: 0 UID: 0 PID: 18579 Comm: syz.1.2834 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 795.604437][T18579] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 795.604447][T18579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 795.604458][T18579] Call Trace: [ 795.604465][T18579] [ 795.604473][T18579] dump_stack_lvl+0x100/0x190 [ 795.604506][T18579] should_fail_ex.cold+0x5/0xa [ 795.604529][T18579] _copy_from_user+0x2e/0xd0 [ 795.604553][T18579] copy_msghdr_from_user+0x9f/0x4f0 [ 795.604577][T18579] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 795.604613][T18579] ___sys_sendmsg+0x106/0x1e0 [ 795.604636][T18579] ? __pfx____sys_sendmsg+0x10/0x10 [ 795.604681][T18579] __sys_sendmsg+0x170/0x220 [ 795.604709][T18579] ? __pfx___sys_sendmsg+0x10/0x10 [ 795.604748][T18579] do_syscall_64+0x106/0xf80 [ 795.604783][T18579] ? clear_bhb_loop+0x40/0x90 [ 795.604805][T18579] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 795.604824][T18579] RIP: 0033:0x7f82d839c799 [ 795.604840][T18579] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 795.604857][T18579] RSP: 002b:00007f82d65ee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 795.604875][T18579] RAX: ffffffffffffffda RBX: 00007f82d8615fa0 RCX: 00007f82d839c799 [ 795.604887][T18579] RDX: 000000000400c850 RSI: 0000200000000100 RDI: 0000000000000003 [ 795.604898][T18579] RBP: 00007f82d65ee090 R08: 0000000000000000 R09: 0000000000000000 [ 795.604908][T18579] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 795.604918][T18579] R13: 00007f82d8616038 R14: 00007f82d8615fa0 R15: 00007fffd8f3f0c8 [ 795.604940][T18579] [ 796.033108][T17458] Bluetooth: hci4: command 0x0c1a tx timeout [ 796.039418][T17458] Bluetooth: hci2: command 0x040f tx timeout [ 796.045876][T17458] Bluetooth: hci0: command 0x0c1a tx timeout [ 796.052979][T17458] Bluetooth: hci1: command 0x0c1a tx timeout [ 796.071931][T18586] FAULT_INJECTION: forcing a failure. [ 796.071931][T18586] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 796.085641][T18586] CPU: 0 UID: 0 PID: 18586 Comm: syz.4.2836 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 796.085684][T18586] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 796.085698][T18586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 796.085716][T18586] Call Trace: [ 796.085723][T18586] [ 796.085731][T18586] dump_stack_lvl+0x100/0x190 [ 796.085764][T18586] should_fail_ex.cold+0x5/0xa [ 796.085787][T18586] _copy_from_iter+0x1f4/0x1690 [ 796.085813][T18586] ? __asan_memset+0x23/0x50 [ 796.085840][T18586] ? __pfx__copy_from_iter+0x10/0x10 [ 796.085863][T18586] ? __pfx___alloc_skb+0x10/0x10 [ 796.085897][T18586] netlink_sendmsg+0x808/0xda0 [ 796.085931][T18586] ? __pfx_netlink_sendmsg+0x10/0x10 [ 796.085959][T18586] ? __import_iovec+0x1d2/0x640 [ 796.085984][T18586] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 796.086027][T18586] ____sys_sendmsg+0x9e1/0xb70 [ 796.086046][T18586] ? __pfx_netlink_sendmsg+0x10/0x10 [ 796.086078][T18586] ? __pfx_____sys_sendmsg+0x10/0x10 [ 796.086108][T18586] ___sys_sendmsg+0x190/0x1e0 [ 796.086131][T18586] ? __pfx____sys_sendmsg+0x10/0x10 [ 796.086179][T18586] __sys_sendmsg+0x170/0x220 [ 796.086207][T18586] ? __pfx___sys_sendmsg+0x10/0x10 [ 796.086249][T18586] do_syscall_64+0x106/0xf80 [ 796.086276][T18586] ? clear_bhb_loop+0x40/0x90 [ 796.086298][T18586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.086318][T18586] RIP: 0033:0x7fabf859c799 [ 796.086333][T18586] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 796.086351][T18586] RSP: 002b:00007fabf94f2028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 796.086375][T18586] RAX: ffffffffffffffda RBX: 00007fabf8815fa0 RCX: 00007fabf859c799 [ 796.086386][T18586] RDX: 0000000000040044 RSI: 0000200000002040 RDI: 0000000000000003 [ 796.086397][T18586] RBP: 00007fabf94f2090 R08: 0000000000000000 R09: 0000000000000000 [ 796.086408][T18586] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 796.086418][T18586] R13: 00007fabf8816038 R14: 00007fabf8815fa0 R15: 00007fffa44b3418 [ 796.086450][T18586] [ 798.366304][T18633] netlink: 110 bytes leftover after parsing attributes in process `syz.2.2846'. [ 799.258372][T18616] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2842'. [ 800.689558][T18672] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2859'. [ 801.072103][T18673] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2858'. [ 801.790949][T18694] FAULT_INJECTION: forcing a failure. [ 801.790949][T18694] name failslab, interval 1, probability 0, space 0, times 0 [ 801.847531][T18694] CPU: 0 UID: 0 PID: 18694 Comm: syz.3.2864 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 801.847573][T18694] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 801.847585][T18694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 801.847596][T18694] Call Trace: [ 801.847604][T18694] [ 801.847612][T18694] dump_stack_lvl+0x100/0x190 [ 801.847645][T18694] should_fail_ex.cold+0x5/0xa [ 801.847668][T18694] should_failslab+0xc2/0x120 [ 801.847689][T18694] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 801.847718][T18694] ? security_inode_alloc+0x3b/0x2c0 [ 801.847739][T18694] ? lockdep_init_map_type+0x5c/0x250 [ 801.847768][T18694] security_inode_alloc+0x3b/0x2c0 [ 801.847789][T18694] inode_init_always_gfp+0xced/0x1040 [ 801.847813][T18694] alloc_inode+0x8e/0x250 [ 801.847839][T18694] new_inode+0x22/0x1c0 [ 801.847867][T18694] shmem_get_inode+0x212/0x1040 [ 801.847896][T18694] ? __pfx_shmem_get_inode+0x10/0x10 [ 801.847920][T18694] ? rcu_is_watching+0x12/0xc0 [ 801.847956][T18694] shmem_tmpfile+0xbf/0x210 [ 801.847979][T18694] ? d_alloc+0x176/0x1e0 [ 801.848001][T18694] ? __pfx_shmem_tmpfile+0x10/0x10 [ 801.848025][T18694] ? do_raw_spin_unlock+0x145/0x1e0 [ 801.848054][T18694] ? _raw_spin_unlock+0x28/0x50 [ 801.848082][T18694] vfs_tmpfile+0x2be/0x9a0 [ 801.848107][T18694] path_openat+0x164e/0x31a0 [ 801.848127][T18694] ? kasan_save_stack+0x3f/0x50 [ 801.848154][T18694] ? kasan_save_stack+0x30/0x50 [ 801.848183][T18694] ? __kasan_slab_alloc+0x89/0x90 [ 801.848201][T18694] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 801.848228][T18694] ? do_getname+0x35/0x390 [ 801.848253][T18694] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.848276][T18694] ? __pfx_path_openat+0x10/0x10 [ 801.848304][T18694] do_file_open+0x20e/0x430 [ 801.848326][T18694] ? __pfx_do_file_open+0x10/0x10 [ 801.848361][T18694] ? _raw_spin_unlock+0x28/0x50 [ 801.848394][T18694] ? alloc_fd+0x476/0x790 [ 801.848419][T18694] do_sys_openat2+0x10d/0x1e0 [ 801.848445][T18694] ? __pfx_do_sys_openat2+0x10/0x10 [ 801.848471][T18694] ? __fget_files+0x21f/0x3d0 [ 801.848495][T18694] __x64_sys_open+0xfe/0x1d0 [ 801.848521][T18694] ? __pfx___x64_sys_open+0x10/0x10 [ 801.848555][T18694] do_syscall_64+0x106/0xf80 [ 801.848583][T18694] ? clear_bhb_loop+0x40/0x90 [ 801.848606][T18694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.848626][T18694] RIP: 0033:0x7f35ed59c799 [ 801.848642][T18694] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 801.848660][T18694] RSP: 002b:00007f35ee3c9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 801.848678][T18694] RAX: ffffffffffffffda RBX: 00007f35ed815fa0 RCX: 00007f35ed59c799 [ 801.848690][T18694] RDX: 78e22799f4a46e8e RSI: 0000000000518282 RDI: 0000200000000080 [ 801.848702][T18694] RBP: 00007f35ed632c99 R08: 0000000000000000 R09: 0000000000000000 [ 801.848712][T18694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 801.848722][T18694] R13: 00007f35ed816038 R14: 00007f35ed815fa0 R15: 00007ffd7ae123c8 [ 801.848745][T18694] [ 802.289547][T18695] KVM: debugfs: duplicate directory 18695-3 [ 802.340685][T18699] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 802.622907][T18706] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 806.388684][T18777] netlink: 342 bytes leftover after parsing attributes in process `syz.2.2887'. [ 806.679285][T18787] Unable to find swap-space signature [ 807.428891][T18802] zswap: compressor ;?3wh-+|Gx}յ not available [ 808.789016][T18827] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2899'. [ 809.279010][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.288344][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.556487][T18850] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2904'. [ 811.197698][T18874] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2909'. [ 812.955052][T18902] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2915'. [ 813.924017][T18921] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2919'. [ 814.618024][T18937] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2923'. [ 819.180436][T19006] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2941'. [ 820.444553][T19024] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2946'. [ 820.983500][T19034] FAULT_INJECTION: forcing a failure. [ 820.983500][T19034] name failslab, interval 1, probability 0, space 0, times 0 [ 821.128989][T19034] CPU: 0 UID: 0 PID: 19034 Comm: syz.3.2948 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 821.129032][T19034] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 821.129042][T19034] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 821.129053][T19034] Call Trace: [ 821.129060][T19034] [ 821.129068][T19034] dump_stack_lvl+0x100/0x190 [ 821.129109][T19034] should_fail_ex.cold+0x5/0xa [ 821.129132][T19034] ? security_inode_init_security+0x113/0x370 [ 821.129161][T19034] should_failslab+0xc2/0x120 [ 821.129183][T19034] __kmalloc_noprof+0xe0/0x850 [ 821.129216][T19034] security_inode_init_security+0x113/0x370 [ 821.129246][T19034] ? __pfx_shmem_initxattrs+0x10/0x10 [ 821.129269][T19034] ? __pfx_security_inode_init_security+0x10/0x10 [ 821.129303][T19034] shmem_tmpfile+0xfa/0x210 [ 821.129327][T19034] ? d_alloc+0x176/0x1e0 [ 821.129348][T19034] ? __pfx_shmem_tmpfile+0x10/0x10 [ 821.129373][T19034] ? do_raw_spin_unlock+0x145/0x1e0 [ 821.129402][T19034] ? _raw_spin_unlock+0x28/0x50 [ 821.129430][T19034] vfs_tmpfile+0x2be/0x9a0 [ 821.129456][T19034] path_openat+0x164e/0x31a0 [ 821.129475][T19034] ? kasan_save_stack+0x3f/0x50 [ 821.129503][T19034] ? kasan_save_stack+0x30/0x50 [ 821.129531][T19034] ? __kasan_slab_alloc+0x89/0x90 [ 821.129548][T19034] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 821.129576][T19034] ? do_getname+0x35/0x390 [ 821.129599][T19034] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.129621][T19034] ? __pfx_path_openat+0x10/0x10 [ 821.129649][T19034] do_file_open+0x20e/0x430 [ 821.129671][T19034] ? __pfx_do_file_open+0x10/0x10 [ 821.129707][T19034] ? _raw_spin_unlock+0x28/0x50 [ 821.129731][T19034] ? alloc_fd+0x476/0x790 [ 821.129756][T19034] do_sys_openat2+0x10d/0x1e0 [ 821.129781][T19034] ? __pfx_do_sys_openat2+0x10/0x10 [ 821.129808][T19034] ? __fget_files+0x21f/0x3d0 [ 821.129832][T19034] __x64_sys_open+0xfe/0x1d0 [ 821.129857][T19034] ? __pfx___x64_sys_open+0x10/0x10 [ 821.129891][T19034] do_syscall_64+0x106/0xf80 [ 821.129917][T19034] ? clear_bhb_loop+0x40/0x90 [ 821.129940][T19034] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 821.129960][T19034] RIP: 0033:0x7f35ed59c799 [ 821.129977][T19034] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 821.129999][T19034] RSP: 002b:00007f35ee3a8028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 821.130017][T19034] RAX: ffffffffffffffda RBX: 00007f35ed816090 RCX: 00007f35ed59c799 [ 821.130029][T19034] RDX: 78e22799f4a46e8e RSI: 0000000000518282 RDI: 0000200000000080 [ 821.130041][T19034] RBP: 00007f35ed632c99 R08: 0000000000000000 R09: 0000000000000000 [ 821.130052][T19034] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 821.130063][T19034] R13: 00007f35ed816128 R14: 00007f35ed816090 R15: 00007ffd7ae123c8 [ 821.130092][T19034] [ 824.842034][T19071] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2955'. [ 825.597942][T19079] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2957'. [ 827.420645][T19113] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2963'. [ 828.788289][T19127] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 828.820582][T19127] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 828.871389][T19127] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 828.956360][T19127] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 830.797556][T15554] Bluetooth: hci1: command 0x0c1a tx timeout [ 830.879765][T15554] Bluetooth: hci2: command 0x040f tx timeout [ 830.886111][T15554] Bluetooth: hci0: command 0x0c1a tx timeout [ 830.957810][T15554] Bluetooth: hci4: command 0x0c1a tx timeout [ 832.911926][T19205] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 832.963885][T19205] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 833.017372][T19205] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 833.131164][T19205] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 834.959333][T15554] Bluetooth: hci1: command 0x0c1a tx timeout [ 835.038053][T15554] Bluetooth: hci2: command 0x040f tx timeout [ 835.044136][T17458] Bluetooth: hci0: command 0x0c1a tx timeout [ 835.197602][T15554] Bluetooth: hci4: command 0x0c1a tx timeout [ 837.983222][T19303] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3003'. [ 840.682594][T19361] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3013'. [ 841.515539][T19375] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3017'. [ 843.144615][T19405] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3023'. [ 846.711278][T19464] FAULT_INJECTION: forcing a failure. [ 846.711278][T19464] name failslab, interval 1, probability 0, space 0, times 0 [ 846.792505][T19464] CPU: 0 UID: 0 PID: 19464 Comm: syz.2.3035 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 846.792548][T19464] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 846.792559][T19464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 846.792571][T19464] Call Trace: [ 846.792578][T19464] [ 846.792586][T19464] dump_stack_lvl+0x100/0x190 [ 846.792620][T19464] should_fail_ex.cold+0x5/0xa [ 846.792642][T19464] ? tomoyo_realpath_from_path+0xb6/0x690 [ 846.792668][T19464] should_failslab+0xc2/0x120 [ 846.792689][T19464] __kmalloc_noprof+0xe0/0x850 [ 846.792722][T19464] tomoyo_realpath_from_path+0xb6/0x690 [ 846.792764][T19464] tomoyo_check_open_permission+0x2af/0x3c0 [ 846.792789][T19464] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 846.792837][T19464] ? do_raw_spin_lock+0x128/0x260 [ 846.792871][T19464] ? path_get+0x61/0x80 [ 846.792895][T19464] tomoyo_file_open+0x6b/0x90 [ 846.792925][T19464] security_file_open+0xb5/0x1e0 [ 846.792949][T19464] do_dentry_open+0x5aa/0x1660 [ 846.792971][T19464] ? security_inode_permission+0xbf/0x250 [ 846.792998][T19464] vfs_open+0x82/0x3f0 [ 846.793025][T19464] path_openat+0x208c/0x31a0 [ 846.793052][T19464] ? __pfx_path_openat+0x10/0x10 [ 846.793081][T19464] do_file_open+0x20e/0x430 [ 846.793103][T19464] ? __pfx_do_file_open+0x10/0x10 [ 846.793139][T19464] ? alloc_fd+0x476/0x790 [ 846.793160][T19464] ? do_getname+0x191/0x390 [ 846.793187][T19464] do_sys_openat2+0x10d/0x1e0 [ 846.793212][T19464] ? __pfx_do_sys_openat2+0x10/0x10 [ 846.793240][T19464] ? __fget_files+0x21f/0x3d0 [ 846.793263][T19464] __x64_sys_openat+0x12d/0x210 [ 846.793289][T19464] ? __pfx___x64_sys_openat+0x10/0x10 [ 846.793323][T19464] do_syscall_64+0x106/0xf80 [ 846.793351][T19464] ? clear_bhb_loop+0x40/0x90 [ 846.793373][T19464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 846.793393][T19464] RIP: 0033:0x7f980959c799 [ 846.793410][T19464] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 846.793427][T19464] RSP: 002b:00007f980a397028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 846.793447][T19464] RAX: ffffffffffffffda RBX: 00007f9809815fa0 RCX: 00007f980959c799 [ 846.793459][T19464] RDX: 000000000004c040 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 846.793470][T19464] RBP: 00007f9809632c99 R08: 0000000000000000 R09: 0000000000000000 [ 846.793481][T19464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 846.793493][T19464] R13: 00007f9809816038 R14: 00007f9809815fa0 R15: 00007ffe47c0f438 [ 846.793516][T19464] [ 846.793524][T19464] ERROR: Out of memory at tomoyo_realpath_from_path. [ 847.679965][T19464] openvswitch: netlink: Message has 20 unknown bytes. [ 848.931421][T19514] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3045'. [ 853.139662][T19584] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3059'. [ 857.130440][T19656] mkiss: ax0: crc mode is auto. [ 861.805624][T19732] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3090'. [ 862.867257][T19744] FAULT_INJECTION: forcing a failure. [ 862.867257][T19744] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 862.925477][T19746] mkiss: ax0: crc mode is auto. [ 863.026421][T19744] CPU: 0 UID: 0 PID: 19744 Comm: syz.1.3092 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 863.026462][T19744] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 863.026472][T19744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 863.026483][T19744] Call Trace: [ 863.026490][T19744] [ 863.026498][T19744] dump_stack_lvl+0x100/0x190 [ 863.026530][T19744] should_fail_ex.cold+0x5/0xa [ 863.026560][T19744] _copy_to_user+0x32/0xd0 [ 863.026585][T19744] simple_read_from_buffer+0xcb/0x170 [ 863.026616][T19744] proc_fail_nth_read+0x1af/0x230 [ 863.026641][T19744] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 863.026666][T19744] ? rw_verify_area+0xce/0x6d0 [ 863.026693][T19744] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 863.026716][T19744] vfs_read+0x1e4/0xb30 [ 863.026736][T19744] ? __pfx_vfs_read+0x10/0x10 [ 863.026752][T19744] ? __fget_files+0x215/0x3d0 [ 863.026775][T19744] ? __fget_files+0x21f/0x3d0 [ 863.026799][T19744] ksys_read+0x12a/0x250 [ 863.026816][T19744] ? __pfx_ksys_read+0x10/0x10 [ 863.026840][T19744] do_syscall_64+0x106/0xf80 [ 863.026867][T19744] ? clear_bhb_loop+0x40/0x90 [ 863.026890][T19744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 863.026909][T19744] RIP: 0033:0x7f82d835cfce [ 863.026925][T19744] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 863.026943][T19744] RSP: 002b:00007f82d65edfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 863.026961][T19744] RAX: ffffffffffffffda RBX: 00007f82d65ee6c0 RCX: 00007f82d835cfce [ 863.026973][T19744] RDX: 000000000000000f RSI: 00007f82d65ee0a0 RDI: 0000000000000011 [ 863.026984][T19744] RBP: 00007f82d65ee090 R08: 0000000000000000 R09: 0000000000000000 [ 863.026995][T19744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 863.027005][T19744] R13: 00007f82d8616038 R14: 00007f82d8615fa0 R15: 00007fffd8f3f0c8 [ 863.027028][T19744] [ 864.027470][ T29] audit: type=1800 audit(4294967404.517:25): pid=19768 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3098" name="version" dev="configfs" ino=122384 res=0 errno=0 [ 865.521764][T19787] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3103'. [ 866.696736][T19811] block2mtd: illegal erase size [ 867.760556][T19822] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3110'. [ 867.824767][T19822] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3110'. [ 869.158462][T19847] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3122'. [ 870.723844][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.733554][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.730846][T19905] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3125'. [ 873.151546][T19908] FAULT_INJECTION: forcing a failure. [ 873.151546][T19908] name failslab, interval 1, probability 0, space 0, times 0 [ 873.179484][T19911] zswap: compressor not available [ 873.233989][T19908] CPU: 0 UID: 0 PID: 19908 Comm: syz.3.3127 Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 873.234030][T19908] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 873.234041][T19908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 873.234052][T19908] Call Trace: [ 873.234060][T19908] [ 873.234069][T19908] dump_stack_lvl+0x100/0x190 [ 873.234101][T19908] should_fail_ex.cold+0x5/0xa [ 873.234125][T19908] should_failslab+0xc2/0x120 [ 873.234147][T19908] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 873.234176][T19908] ? __pmd_alloc+0xbf/0x950 [ 873.234202][T19908] __pmd_alloc+0xbf/0x950 [ 873.234223][T19908] ? __pud_alloc+0x52e/0x6e0 [ 873.234246][T19908] __handle_mm_fault+0xa99/0x2b60 [ 873.234295][T19908] ? mt_find+0x45e/0x8e0 [ 873.234321][T19908] ? __pfx___handle_mm_fault+0x10/0x10 [ 873.234346][T19908] ? __pfx_mt_find+0x10/0x10 [ 873.234382][T19908] handle_mm_fault+0x36d/0xa20 [ 873.234413][T19908] __get_user_pages+0xf9c/0x34d0 [ 873.234444][T19908] ? __pfx___get_user_pages+0x10/0x10 [ 873.234473][T19908] get_user_pages_remote+0x3d2/0xb10 [ 873.234501][T19908] ? __pfx_get_user_pages_remote+0x10/0x10 [ 873.234533][T19908] get_arg_page+0xf4/0x310 [ 873.234561][T19908] ? __pfx_get_arg_page+0x10/0x10 [ 873.234595][T19908] copy_string_kernel+0x17d/0x500 [ 873.234624][T19908] ? alloc_bprm+0x420/0x710 [ 873.234654][T19908] do_execveat_common.isra.0+0x2e6/0x580 [ 873.234688][T19908] __x64_sys_execve+0x93/0xd0 [ 873.234718][T19908] do_syscall_64+0x106/0xf80 [ 873.234745][T19908] ? clear_bhb_loop+0x40/0x90 [ 873.234768][T19908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 873.234788][T19908] RIP: 0033:0x7f35ed59c799 [ 873.234804][T19908] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 873.234822][T19908] RSP: 002b:00007f35ee3c9028 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 873.234840][T19908] RAX: ffffffffffffffda RBX: 00007f35ed815fa0 RCX: 00007f35ed59c799 [ 873.234852][T19908] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 873.234863][T19908] RBP: 00007f35ed632c99 R08: 0000000000000000 R09: 0000000000000000 [ 873.234873][T19908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 873.234884][T19908] R13: 00007f35ed816038 R14: 00007f35ed815fa0 R15: 00007ffd7ae123c8 [ 873.234907][T19908] [ 877.435215][T19990] bond0: no command found in slaves file - use +ifname or -ifname [ 878.370999][T20013] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3151'. [ 878.398304][ T30] INFO: task kworker/u10:1:15509 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 878.418260][ T30] Tainted: G U W L XTNJ syzkaller #0 [ 878.455907][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 878.494400][ T30] task:kworker/u10:1 state:D stack:24072 pid:15509 tgid:15509 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 878.568172][ T30] Workqueue: netns cleanup_net [ 878.595160][ T30] Call Trace: [ 878.615853][ T30] [ 878.632803][ T30] __schedule+0xfee/0x6120 [ 878.657816][ T30] ? __lock_acquire+0x4a5/0x2630 [ 878.672286][ T30] ? __pfx___schedule+0x10/0x10 [ 878.690344][ T30] ? find_held_lock+0x2b/0x80 [ 878.700606][ T30] ? schedule+0x2bf/0x390 [ 878.709640][ T30] schedule+0xdd/0x390 [ 878.720464][ T30] schedule_timeout+0x1b2/0x280 [ 878.733743][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 878.756477][ T30] ? mark_held_locks+0x40/0x70 [ 878.772433][ T30] __wait_for_common+0x2e7/0x4c0 [ 878.790692][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 878.810828][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 878.829691][ T30] ? touch_wq_lockdep_map+0x9c/0x1c0 [ 878.915496][ T30] ? find_held_lock+0x2b/0x80 [ 878.952961][ T30] ? __flush_work+0x928/0xcb0 [ 878.998498][ T30] ? __flush_work+0x928/0xcb0 [ 879.003520][ T30] ? __flush_work+0x4ca/0xcb0 [ 879.057524][ T30] __flush_work+0x7c7/0xcb0 [ 879.062333][ T30] ? __lock_acquire+0x4a5/0x2630 [ 879.067306][ T30] ? __pfx___flush_work+0x10/0x10 [ 879.120656][ T30] ? try_to_grab_pending+0x45f/0x840 [ 879.146516][ T30] ? __pfx_wq_barrier_func+0x10/0x10 [ 879.152156][ T30] ? __pfx___might_resched+0x10/0x10 [ 879.179798][ T30] rds_conn_destroy+0x23d/0x960 [ 879.187664][ T30] ? do_raw_spin_lock+0x128/0x260 [ 879.192811][ T30] ? mark_held_locks+0x40/0x70 [ 879.228142][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 879.233467][ T30] rds_tcp_exit_net+0x460/0x870 [ 879.260153][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 879.265715][ T30] ? __pfx___might_resched+0x10/0x10 [ 879.317528][ T30] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 879.322987][ T30] ops_undo_list+0x2ee/0xab0 [ 879.347510][ T30] ? __pfx_ops_undo_list+0x10/0x10 [ 879.366661][ T30] ? cleanup_net+0x332/0x920 [ 879.377954][ T30] ? idr_destroy+0x62/0x2e0 [ 879.382530][ T30] cleanup_net+0x499/0x920 [ 879.387216][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 879.408815][ T30] ? rcu_is_watching+0x12/0xc0 [ 879.413930][ T30] process_one_work+0xa23/0x19a0 [ 879.432743][ T30] ? __pfx_process_one_work+0x10/0x10 [ 879.447446][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 879.457797][ T30] worker_thread+0x5ef/0xe50 [ 879.462544][ T30] ? __pfx_worker_thread+0x10/0x10 [ 879.477514][ T30] ? kthread+0x13a/0x450 [ 879.481840][ T30] ? __pfx_worker_thread+0x10/0x10 [ 879.486961][ T30] kthread+0x370/0x450 [ 879.509177][ T30] ? __pfx_kthread+0x10/0x10 [ 879.513847][ T30] ret_from_fork+0x754/0xd80 [ 879.535196][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 879.547344][ T30] ? __switch_to+0x7b4/0x1120 [ 879.552469][ T30] ? __pfx_kthread+0x10/0x10 [ 879.558787][ T30] ret_from_fork_asm+0x1a/0x30 [ 879.563723][ T30] [ 879.633400][ T30] [ 879.633400][ T30] Showing all locks held in the system: [ 879.717476][ T30] 1 lock held by khungtaskd/30: [ 879.722462][ T30] #0: ffffffff8e7e7660 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 879.797490][ T30] 2 locks held by getty/5590: [ 879.817426][ T30] #0: ffff888037f590a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 879.863201][ T30] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 879.917829][ T30] 3 locks held by kworker/u10:1/15509: [ 879.923327][ T30] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 880.003597][ T30] #1: ffffc90003bc7d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 880.047159][ T30] #2: ffffffff905fc1d0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 880.105943][ T30] 3 locks held by kworker/u10:2/15514: [ 880.127482][ T30] #0: ffff88813fea4148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x1310/0x19a0 [ 880.170735][ T30] #1: ffffc900048cfd08 ((linkwatch_work).work){+.+.}-{0:0}, at: process_one_work+0x988/0x19a0 [ 880.233067][ T30] #2: ffffffff90614a28 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0x51/0xc0 [ 880.263976][ T30] 1 lock held by syz-executor/16087: [ 880.273781][ T30] #0: ffffffff90614a28 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 880.284286][ T30] 1 lock held by syz-executor/17033: [ 880.289848][ T30] #0: ffffffff90614a28 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 880.299095][ T30] 1 lock held by syz.3.3152/20016: [ 880.304248][ T30] #0: ffffffff90614a28 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 880.319465][ T30] 1 lock held by syz.2.3153/20019: [ 880.325320][ T30] #0: ffffffff90614a28 (rtnl_mutex){+.+.}-{4:4}, at: tun_chr_close+0x38/0x220 [ 880.369356][ T30] [ 880.371804][ T30] ============================================= [ 880.371804][ T30] [ 880.397343][ T30] NMI backtrace for cpu 0 [ 880.397369][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 880.397405][ T30] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 880.397415][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 880.397426][ T30] Call Trace: [ 880.397432][ T30] [ 880.397440][ T30] dump_stack_lvl+0x100/0x190 [ 880.397472][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 880.397503][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 880.397530][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 880.397555][ T30] sys_info+0x141/0x190 [ 880.397573][ T30] watchdog+0xd25/0x1050 [ 880.397597][ T30] ? __pfx_watchdog+0x10/0x10 [ 880.397616][ T30] ? __kthread_parkme+0x18c/0x230 [ 880.397639][ T30] ? kthread+0x13a/0x450 [ 880.397662][ T30] ? __pfx_watchdog+0x10/0x10 [ 880.397678][ T30] kthread+0x370/0x450 [ 880.397701][ T30] ? __pfx_kthread+0x10/0x10 [ 880.397727][ T30] ret_from_fork+0x754/0xd80 [ 880.397755][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 880.397784][ T30] ? __switch_to+0x7b4/0x1120 [ 880.397805][ T30] ? __pfx_kthread+0x10/0x10 [ 880.397830][ T30] ret_from_fork_asm+0x1a/0x30 [ 880.397860][ T30] [ 880.625974][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 880.632859][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U W L XTNJ syzkaller #0 PREEMPT(full) [ 880.643629][ T30] Tainted: [U]=USER, [W]=WARN, [L]=SOFTLOCKUP, [X]=AUX, [T]=RANDSTRUCT, [N]=TEST, [J]=FWCTL [ 880.653682][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 880.663737][ T30] Call Trace: [ 880.667031][ T30] [ 880.670075][ T30] dump_stack_lvl+0x100/0x190 [ 880.674766][ T30] vpanic+0x552/0x970 [ 880.678752][ T30] ? __pfx_vpanic+0x10/0x10 [ 880.683278][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 880.689439][ T30] panic+0xd1/0xe0 [ 880.693374][ T30] ? __pfx_panic+0x10/0x10 [ 880.697888][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 880.704053][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 880.710223][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 880.716468][ T30] ? watchdog.cold+0x198/0x1ca [ 880.721422][ T30] ? watchdog+0xd35/0x1050 [ 880.725908][ T30] watchdog.cold+0x1a9/0x1ca [ 880.730507][ T30] ? __pfx_watchdog+0x10/0x10 [ 880.735185][ T30] ? __kthread_parkme+0x18c/0x230 [ 880.740411][ T30] ? kthread+0x13a/0x450 [ 880.744662][ T30] ? __pfx_watchdog+0x10/0x10 [ 880.749526][ T30] kthread+0x370/0x450 [ 880.753608][ T30] ? __pfx_kthread+0x10/0x10 [ 880.758204][ T30] ret_from_fork+0x754/0xd80 [ 880.762814][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 880.768106][ T30] ? __switch_to+0x7b4/0x1120 [ 880.772791][ T30] ? __pfx_kthread+0x10/0x10 [ 880.777746][ T30] ret_from_fork_asm+0x1a/0x30 [ 880.782523][ T30] [ 880.785684][ T30] Kernel Offset: disabled [ 880.790043][ T30] Rebooting in 86400 seconds..