last executing test programs: 6.400557595s ago: executing program 2 (id=1161): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0xffffffff, 0x9, 0x7, 0x3c, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x2, 0x9, 0x4, 0xb2, 0x9, 0x0, 0xfffd, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1, 0x6, 0x4, 0x0, 0x0, 0x0, 0x6, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x0, 0x5, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2000000ffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x4934, 0x5]}, 0x202, 0x2000000d) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) clone3$auto(&(0x7f0000000140)={0x6, 0x5, 0xf, 0x4, 0x2, 0x7, 0x0, 0x3, 0x9, 0x0, 0x8}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000005c0)='/sys/devices/virtual/nfc/nfc1/rfkill1/soft\x00', 0xa3182, 0x0) mmap$auto(0x0, 0x400008, 0x36, 0x1009b72, 0x2, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/nbd7/queue/max_discard_segments\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x4) write$auto(0x3, 0x0, 0xffef) r1 = getpgid(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) set_mempolicy$auto(0x2005, &(0x7f0000000080)=0x87e, 0x4) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) prctl$auto(0x1000000003b, 0x80000000001, r1, 0x5, 0x7) r2 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r2, 0x29, 0x6c, &(0x7f0000000380)='\x0ez1\xf02\xc6\n\xf2\x87\x1d\xfeD!\xa8^J9\xaab\x84\xf6\xf7\x93\xa2\x8f\x0e\x1b\x0fwG]\t\xcd7\f\t\x87\'%\xaf\x80\xdc\x02\x00\x00\x00\a\x00\x00\x00\x00\x00\x80\x00\x00\x00\x00\x00\x91[\vC\t\x00\x00\x00\x00\x00\x00\x00YA\x92\xed/\"\x92\xf7#{\xa3\xf0\xbe\xc2\xe5\xb5\xc4($\xa4\xfb\a\xe0;b\x16\xfb\xaa\xbf\xc9\xc3DfG\xe5\x00\x00\x00', 0x204) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bpf$auto_BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000000)=@token_create={0x4}, 0x1) wait4$auto(0x0, 0x0, 0x4, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x8, 0x2000000000002) bpf$auto(0x8, &(0x7f0000000080)=@bpf_attr_4={0x2e, 0xffffffffffffffff, 0x7ffffffd}, 0x6) madvise$auto(0x8000000000000000, 0x724, 0x9) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) mount_setattr$auto(0xffffffffffffff9c, 0x0, 0x1000, 0x0, 0xe9f) socket(0x10, 0x2, 0x0) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/block/nbd11/hctx0/tags_bitmap\x00', 0x0, 0x0) pread64$auto(r3, 0x0, 0x6c, 0xfc) 4.857480496s ago: executing program 2 (id=1172): mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x4) r1 = ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, 0x0) ptrace$auto(0x10, 0x0, 0x1, 0x7ff) ptrace$auto_PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x62, 0x27dd) ioctl$auto_SIOCSIFHWADDR2(0xffffffffffffffff, 0x8924, 0x0) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB, @ANYBLOB], 0x4e0}, 0x1, 0x0, 0x0, 0x800}, 0x4801) sendmsg$auto_NFC_CMD_DEV_DOWN(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="e4120000", @ANYRES16, @ANYBLOB="000825bd7000fbdbdf2503000000050010000200000008000d00f9ffffff71001f0052a672e7b0be8dd89d4e2197222614df340da01e5cedb87ed8eac6eb33c8af2fc4133926c20738d2fc35ed43b8f98c5fd40c12fa6a79767e8a289bec39c4acddf1329e89143dab500acbdfd6107f6cc2851e46cbfc7a4e342718ae544ef35d892ae87bf77601915c8b395a206e000000050010005b00000043121380f40076800c00b2000000000000000000040025000509e96b561498bbaa6d558f4ce67c7867822dc1a67eb453046a15e95a75b30b604858c37eafb78ec49183f18ede4233a411b943d02286ba91ccb334c6c69fecaef8e32c31030a5d55a9531befd545e1db12a3ab47d7aabbad24052e55eec932b81d5fdd0be520c998a8c1360ee16d12794b4e0d3ea5b1f0a190d4465a9e3dca63a753fcc419c89cef61eb6e7636c3e84086d79205fa1e79b282748f737e380b105e5757b4be98575bb3d600321742f7d3276d0848659d9b373e0e65043be093d39c8ba23b907a6d75a34415414b7da4290315276e830b60994a67b30400c08065104b8008004400", @ANYRES32=r1, @ANYBLOB="1f00ad002f70726f632f7468726561642d73656c662f6661696c2d6e7468000004006e804237e5519b641a05718c58ee4edc0f0957b3824f3d67b46dee10875e23f11976a24b5d39f994e997a15c8d3746b897a0b9a18616a8fab8a01c24623bd88b66e7f8b3bf7d89d5b524c71e9647fa0b3235ebbe5d8eb05abab0f49f3ab78a4991dbda940ff4229c0e5413bb7134943bf867dc28089ae402539ecbda051968bbbdac6db4d8892e4867866768c63f600390dc22d5a31ca143f15302d2f9a614f18c396db0d9bd100716a107f245c1e9cdf0adefef6c6582e880cfb070fcc90db459d1f86de36f26035a81712033dc6f9899bace42dbb8bcd2ef64a901dd2b36f67d3a68825cb565e936edee37f938726cfdcd5c2835b70362f05a1123014ebbad62d32ed2e4d4674dfe33abb7f37112a090fd3ac3ee618f229998abb4e61cacdd3c34521cd49547d64d293677fcc098e1cd6c9cde651ff1a14162944748ef1d795eecac286045dc15296babae726bad1a88a9f76bbc1043f15053c968198b9c57c47474e9b114eba1621ef50a45ca886fdfb403f55a83433ae4b8a9251b4b07c8ab902d813b18b387eb0585e9a0e42f44c53d15942470785de279218be7bc68733572f60ecca2140e7f9d28364d4888fd92570b59a7682aaaac3046fe557ec4135639b879a739d65c3fc3f4eea8c81f9b3008a317241430830cbeb9494000592614af1878d95922993f65bc70ce854dc2e469ae811aae528cf609eae3b62ec4e47b90a7becae1cf207e7e909f0b9d1a346da4f7b960fddd26911042fcfeb0507455e1b34c4d78e6a5116ce441d46fb3eb242c79f28525216c96c0e0a82a3102352c947e89b0d2e887c08facb5c51fcc8b4084eb7fd16d9bab05e13328fc3d5d9978cbe0ddbc57745df6c1df22566868ab601b27f739ef7ba00f512e7c6968bba1e681ff602f54182dd18514375c61049e686432b497e3136c270829e7247970962cbef0d412ae462d82aa98b8d2e2c79ba82031549c7cfccebf733d63edd79219d86cec1b4ec90438febfebb733eababc7b3362c0148c3c2afa0b9dfa081184dc489dbc7ca1525c980973268089a004e9023784bc947a9c14ed4237b517e376d9fb5119883f2ab5682dfefc2fa49ffcb5926a7f13234dc950ef2fef8d68195273066511db29870038a8023176d86d48e92f24248e040a4ad50aba6dc16c0a6530268dafd5a7eb0f575984f7d9e19d9e000289bdb440b434d8e2d2b2ad0380cc2e5e6e57d05338ba9adeb199269a0eddee97b28ece3e4b7a0ef5a275c63e0345a4dfb338fc8c80c5c8c945c82b3c0249890d8260658020f6598f66cc5d267adb628a158c92f974f93cd7d3b79c52d293f93f2329ade5559f96814b12b1446e398c0f1d0ae268881e5fedb47e822e754771cedc62479e9104e9f1a8e407033bb2654da9b59dd8c714273080f43edf3855491a5d32e1ec19b03f122bfe0e3cf113395bf945515ea8891cb2157885fea0e0093107aac1f069d5619874fd51ae68b353ee4ae4274dfaa90913e41e975687b4827ca97d35f05a0a0df7624c717731945d99479cfee827a38a3bc62b3c47b9cd499ad50fc983fa7705614468ae08a5821a90a948889510d4b3577371bd4b1db53ad25628b7ce315f4baa21ad97d7ea8332d04afedb4625f08c7adae34935f1ee6ad159a5be22adec5b89a9eef35d3f37761d8c0b103768a8b7e83b1b917cf2051be776945eff951fff1e0afcb3d9b06c0cc42000e50559b39657616d691aac1a9aa7371443d2e4282db01c30e7ebea172df3cd3d919bb6bed66e06e0416907d91ac97f5e4c81ec333b305a6719b74fcf81070b32448f324732e9aae4d1f0048dbc5a8c4de2cd5b77488fef79665c90bab9761d23f88af5a2d321842c303b68252f87500af8b48925a414b1df26a9da64fd2038261e874df214801de2d5117b1b96941e033079855190cc737c431fbe93c99bb35d4ef43862a5035d730c4d055a148410bd6cd55f60c4e24600d9d69d91bb9fe331523ecf69084edc9886051fd3b256f4d803e590fbfa46e89b4f549b2215f7802e4ca9310546e08183cf90fc3f3a00db404cc56c418a899ae91e124920648a3e47e896ba2ffeb0b73196c2b79e03be53ee3f307f67a838cd28ac6c5f51fa4de034a1c397adf17379476de9357325b05433bdb1910f4e3c3b6306bc446a6430561258c07b280b0ee7f6baeb4b480fa530b8179a2fc9c87efc5c28402a909cda646fb66aecba64fc0e71a8dca4028895d864c18a8ede937c068c2f6bedce72d93ceee2bfc8b1552409efbe5ffe237e5b521a1337388c043f7f2c1fc725b57790da6f62d902a1eea645f87ae300c7c4d145744eb7c99afb1900af22750158485e68370b677f6873a900de56618b1f0d651c1922ac49dc606a9a4d0fb8997c6df9f3f2c12b891b36c17225e30921e4bcea064ab2462137668a482f8b751216cfe44864d65c991f98fefa58343bc783f3bab3f51519f606da1f5e4f088045ea6e4dbc2f3564210be2831c175e9e5bca2253f29e564eaff3369b626ca5ac21ac91b1bb656b265948f88957cce0f9c16051dac4b512ede07b46150b9ad06a57570d2fa615bd714dc5202aec6676d45ac437d3eea7419a931a6a802df55c92f3d1f656d269ff7849644d9a5c47f536450898f2378970cef303e2af8c22a70d2e802b8a8d97a9467e6b76af24511d2354e21004ddbc3dbd504b31dd20ab540a9eba3de1f43eff435a9dbc804631eb8b9b31df996861eb958c247d2588278731c6883f468b3ba16f9f5d5d7e4d705f8bd430118bfd236b46671ae7a93db545a19cea807048543eeba9c63bc4fe557d90cf269bdfa2b53935bc5e02dfffd42ed1cd8223d7ec0534e483fe55b6b8e4542854f7416326c015c65f1b52cb1f6b6bf9c070c1a3823f488853f6d4b71e32fda2ec5cac6cf2082ad767e4d2937275df291a26eb8f22ad4bcc1cde2bfe47a15d87095b15601ee5463dd9f6feee5298d2d625551218078f6bd948848ee3c89bdf910518824a89901b918897a188fd63043aa1a938ef048f4aebf7ff12c9a5460ef2563d255b43a532d90f47e9730b4c9147b3f0bc757393272977b5483f4ec887f80d264f1645b5c98e22ee19c20c759dd8590e0b1c874b21b347e14987144686865445e392609e73d9fba49dddaa6c3784414bc0ebfb60fd6ee755c02ca1b799456960bbc5e5960c0886a5e03c7320ca7ee918840417ad1cb99e300803bd5636baf1dae740f00eb27dc1e368ef03c79deea4c2f13455e8eb9ee196dcc4f002758cde7d5bc8ee35866abfb9801ce6aaa710b8bb40f5d0c864c4f7ffe3cceba7b1a6ad0ee09e8437c641d3f7fe8a4d5022a27177a9d290544a6748bc791a05b1362ea048a805b65ede1bcd7e1ff0506e48013d96ca3eb0f4b674da8021f855de5cc69bf284fda4167d2a663e151d6476b16649636dcb7101177f9e3072d5d98220ec0cebc4ab1db52eba43e2367635ab5a7aca037d227f452e12f36f88760a02ace2e1f10042a5f81915b72991d5aabb54b5067fcf712a0ae4f1447253c12ec88f8c67514f9ea8381d4eb91932e1d8f6c237ffa741af04e5d966a54225266d5eab66b0c9b1ed650343a8dd1b55902a4487fc423120737b927d51da1e62b6606353711eb64dee58c12e52b8c93f1a7a35a411775eeea31c2c213030fb7e7f71633a7737549be3aa0afe2022fadee2a11a787e29d1e5cda3b91c494028adb66fa2787699b2dacf92a51aaa839b87988671aaf79f62eb2b44ffe63111a1363e234e10345eea03bd46dacc1e59ac13946e340877ec8681a6aaf0e39a09923c5cbfc1fdbac15fc48bb1b83ef1759d1ec46eac5846411f03cc3a888f763fd1c5ff11153d60934c4e06b29ad6b6aa94f886d90e3c4d8c1ae105d2efe41114caf2361cb8aeabf32cdb12175ce3f3392ee55f0dbf10427d23c7c332d0619503015881a95fefd05e4fbd8765cd74fc54bf04329c0b370574bbe5393886b78a8927a36ad7b1cbdb4225c38011ee6b79f578fc0d2297e894bcdfa2484e553015a879f6e1d2137b0d713224d4392935a7d51137f1a03ce2248fbc58b290c6c49c502afd9c38d7d46a591111d6dc5536de2da818b17e0c901c388ae730b77e44fc40605f789bfbfd8975fa2ad960cb69a6eb92be1de8ca5fc9ef9edfd485aa9ec31d3c79ff3b1fdbb585cc2506de7031b791081d8aace1636f316a3154e0fc2087adeeb82476a5dbf88eea24ba2a19a35df55fc2166d59177bf65d8afefb690fb036cb8d4d6436d4d8401017851b501a4a4f29e857acce1ff70f60f74d142edb8223ab03bfe12eac1d2e41cee478618ba5773a778e2d04dab9d3db723ccc93e0676bdc350f3448ee19f775fe8b32529b6eb41afc4d262c67d15b1196ee8bf6e0b0ec49392ad5b2244fe60c7e4a816ca3e92fdb5aced7944b7bb4b3e129b9138fdaeafb38a4504ba293ed41a9bdb6d46ea1b8a6bb28e1bfd4179b79848d685aa711fd8f5f7914d27eafd386793ff2e6d0fcc6807adaae3f0c74e8639d470681fb9aa169112f812241961d8b8289df84cac1befc1f1a19b39e04866b9ac9bffbba72e03ebe8c2c2558fd220c3ac4fafba7a32235873e95219c7a5b7a1569b9114bb5fe2c9de5647e8d7565fa1ad0d9c887695d4a5ffb826caec05ec1b7c175ffea23dd8c86a718aa88e057d3eca905521f511f4270726b3975ed3c310e096c08d8ca773d3989a36b646e0622e225d7a24a8afc64630f1d71967a33d87ad17b1663b039a7511905d4d75afd3724ad4a6eea1aded1a847eae5f5a172adcfb11be201a7eb875c042ec664a9cb723a47f72d0fe49aee2dd5b08851164fd37ae1446d5ff8c85b1192d9ac9b163c5ffa967cd4d39d89f99c8110fc663b8f75cfc89422fc7976bc614cee294d7ea70d38d7703b29d0acd85bb16b6447d053753e1250a3201becbb9957f2ee1ef7159841761ff6d9e81bf9ef3d99bc429087093df2423ef7e80482ad223a92aa12748554763423b83647bd4985b0c4477d1445cea07a778ca5a5d6499a1b5d22348d83c89532a7b67b2cfb1633887c19ba4b8928cda626dacd3fd766e617463203d861eb39221065cd293a53a7e2bbe65bcb9020de8ee653805589b1c745f249d68b4a5d96219561b3d921fefee725cce6bbf58438dc26f10ec5e2918975960323e341924712a68879e263168a09097f38853daf06dbd7957bc1cffe611d9ea1498b4d5ead33e0dc1313c5a838bf407ef728d34d858c5d84c0e6c3247234354b4d470dbf5035380c2b54d18b39e139a502328936f1ea001613cbe47dacfd0ef73412fd33f4e7be45d8c2a7e37a16c605b9719926aad0c607d6777a72030f176b1517014830d8133bbd687e5d5b614707937612cc5af72fbd59a058eccba8f25b640896cfad2445394aa2c4f0624eb961a99f274d8790ed1997b9eb884258e0793cc7864d23c84dc9fc02c716fb07b4c18d7eedcaa54a6dc564f9c620b82570304c55e661f9a6164fb0cbb4853434f4b2a898430bd3950bb93e3f5fc917a9700624baa89f8a8bfc7711503654fdc3ea843f54f14aff4fea7100b61bedbaf56d77865b676286a9256291df24df1bd2b419d421061ed9c3979016bb65dfae0d969b7b2e4d8197f4777763918e0a0e5729d6befb16bfdb3336dff8b3b1d5b9ff46e370746cd02d1efae4b002f8ba2d344f2446078ddf786146b70e33d33abd27b2dd42186b2fa27ea46390d014fc83007653fa8ae6cadd52d58db17acacb4b85aec5aea0aee93c9620006932fc0a5830efc3aed946a91f50053b1ce2516cb07641e19d6c7e6ad53490a92821ff9a71014504789061bf35ce7fb0e9508e04000700040002000400df8004000e8000000008001400", @ANYRES32, @ANYBLOB="080086800400328005b375a67f005ad7cbd698b094663a13583e5acad4db0cf9fea5a9061565f1bc0002644954f48630b84bc49a084a36ff155f00e1820503ad852ab1f837d69fd43dac33cc4eafa807662723d5ab0d3a90de961d23cde8b633a956252210678b6e3285414cae02ad38396aaf88028e3451a49d7d9e4cdc0b4b9796453c48df2d5b2f865c45650d0ff4c2d8d1f6db61d1ac22ab7c5eba77779d59f2ffc76879e86a2b93e340d0c298eb330cff28004e8020003c800c00490001800000000000000800c300", @ANYRES32=0x0, @ANYBLOB="08001d00", @ANYRES32, @ANYBLOB="0400158000"], 0x12e4}, 0x1, 0x0, 0x0, 0x14000}, 0x8084) arch_prctl$auto(0x5001, 0x800) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SIOCGIFHWADDR(r2, 0x8927, &(0x7f00000002c0)) 4.495002495s ago: executing program 1 (id=1177): openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) open(&(0x7f0000000000)='./cgroup\x00', 0x0, 0x64) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0xe0180, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ptyw2\x00', 0x381400, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) pipe2$auto(0x0, 0x0) mmap$auto(0xfffffffffffffffe, 0x202000d, 0x2, 0xeb1, r0, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) mmap$auto(0x200, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x400) process_vm_readv$auto(0x0, 0x0, 0x40000000001, 0x0, 0xa, 0x0) r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0x4}, 0x1, &(0x7f0000000280)={0x0, 0xffffffff}, 0x6, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x3018c3, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0x48483, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffff7, 0x9, 0x80000001, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xea241, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyu3\x00', 0x62902, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) 4.463967592s ago: executing program 2 (id=1178): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x18, 0xa, 0x1) fchdir$auto(0xffffffffffffffff) mmap$auto(0x0, 0x3, 0x3, 0x15, 0xfffffffffffffffa, 0x8) unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x36ec}, 0x1f4, 0x0) unshare$auto(0x8000400) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x1000000, 0x400008, 0xdf, 0x11, 0x2, 0x8004) eventfd$auto(0x6) r0 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/ieee80211/phy1/airtime_flags\x00', 0x82, 0x0) write$auto_debugfs_full_proxy_file_operations_internal(r0, 0x0, 0x20) io_uring_setup$auto(0xc, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_cmdline_ops_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/cmdline\x00', 0x40000, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/block/nbd9/trace/end_lba\x00', 0x2062, 0x0) write$auto(r1, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/008/001\x00', 0x204080, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/irq/default_smp_affinity\x00', 0x446481, 0x0) write$auto(0x3, 0x0, 0x7fffffff) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/tty/ttyr0/power/control\x00', 0x80000, 0x0) read$auto(r2, 0x0, 0x20) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ptrace$auto(0x8b, 0x0, 0x3, 0x6) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) unshare$auto(0x2) write$auto(0x1, 0x0, 0x80000000) 3.773752082s ago: executing program 1 (id=1182): mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0xffffffffffffffff, 0x10008000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a9402, 0x0) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) ioctl$auto(0xc8, 0x401054d5, 0x0) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sendmsg$auto_NFC_CMD_DEACTIVATE_TARGET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x4000010) r1 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/pagemap\x00', 0x0, 0x0) readv$auto(r1, &(0x7f0000000100)={0x0, 0x40}, 0x8) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_SG_SET_TIMEOUT2(0xffffffffffffffff, 0x2201, 0x0) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(0x3, 0x0, 0x100082) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0xffffffffffffffff, 0x10008000) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) (async) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a9402, 0x0) (async) timer_create$auto(0x9, 0x0, 0x0) (async) read$auto(0x3, 0x0, 0x8080) (async) ioctl$auto(0xc8, 0x401054d5, 0x0) (async) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async) sendmsg$auto_NFC_CMD_DEACTIVATE_TARGET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x4000010) (async) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/pagemap\x00', 0x0, 0x0) (async) readv$auto(r1, &(0x7f0000000100)={0x0, 0x40}, 0x8) (async) write$auto(0x3, 0x0, 0xffd8) (async) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) (async) ioctl$auto_SG_SET_TIMEOUT2(0xffffffffffffffff, 0x2201, 0x0) (async) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/fail-nth\x00', 0x2, 0x0) (async) write$auto(r2, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (async) write$auto(0x3, 0x0, 0x100082) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) (async) 3.48840709s ago: executing program 2 (id=1183): mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fallocate$auto(r0, 0x0, 0x7, 0x4cbd5d) utime$auto(&(0x7f0000000040)='./file0\x00', 0x0) mmap$auto(0x0, 0x7, 0x6, 0xeb1, 0x401, 0x8000) bpf$auto(0x11, &(0x7f0000000000)=@batch={0xfffffffffffffffb, 0x44, 0x2, 0x9, 0x1, 0xffffffffffffffff, 0xa, 0x6}, 0xcf) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x803}, 0xfffffff9, 0x10, 0x0) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00', @ANYBLOB="000229bd7000fbcbdf2502000000080003ddffffff0008000100050000a5"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x4040015) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) open$dir(&(0x7f00000001c0)='./file0\x00', 0x201, 0x14) pselect6$auto(0x401, 0x0, 0x0, 0x0, 0x0, &(0x7f00000067c0)='66') r3 = seccomp$auto(0x10, 0xcb44, 0x0) waitid$auto(0x6, r3, 0x0, 0x10000, 0x0) syz_clone3(0x0, 0x0) timer_create$auto(0xb, 0x0, 0x0) timer_gettime$auto(0x0, 0x0) setresuid$auto(0x2, 0x7, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x28641, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x84c, 0x0, 0x9, 0x0, 0x3, 0x10b}, 0x800008}, 0x1, 0x20000000) 3.005057875s ago: executing program 3 (id=1186): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001d00), r0) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000000)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002abd7000ffdbdf25100000001800018014000200776c616e31000000000000000000000008000900920d0000b31a09c31aff7f000000000000f858d1dcb74383b394d28c01635159993edb7d2fa4c7a9da2fe48f9e8a5b1148439811b68dd766f4ccb1"], 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x80000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x80000000, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) utime$auto(0x0, 0x0) 2.273151939s ago: executing program 3 (id=1189): read$auto_u32_array_fops_file(0xffffffffffffffff, &(0x7f0000000000)=""/182, 0xb6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) getsockopt$auto(r0, 0x200000000001, 0xa, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000340), r1) sendmsg$auto_TIPC_NL_NET_SET(r1, &(0x7f00000079c0)={0x0, 0x0, &(0x7f0000007980)={&(0x7f0000000140)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4002) socket(0x27, 0x2, 0x4) r2 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, 0x0, 0x2380, 0x0) ioctl$auto(r0, 0x103, 0xffffffffffffffff) write$auto(0xffffffffffffffff, 0x0, 0x8) write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c\f\xb6,NS\xa2(Q\xcc', 0x7f) ioctl$auto_VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x4008af21, &(0x7f0000000140)={0x2, r2}) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x432200, 0x0) r3 = socket(0x2, 0x802, 0x1) mmap$auto(0x4, 0x4, 0x80000000df, 0x10000000013, r3, 0x8000) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x147) mmap$auto(0x0, 0x2000c, 0xdf, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x3025902, 0x0, 0x0, 0x0, 0x200000) sendmmsg$auto(r3, &(0x7f0000000180)={{0x0, 0xf, &(0x7f0000000100)={0x0, 0xf0}, 0x3, 0x0, 0x40000001a8, 0x2}, 0x3}, 0x4, 0xfffffffc) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D0\x00', 0x547680, 0x0) prctl$auto(0x43, 0x3, 0xffffffffffffffff, 0x2000000000001, 0x3) execve$auto(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) fallocate$auto(0x8000000000000003, 0x40, 0x9, 0x4cbd5d) socket(0x28, 0x2, 0x20000000) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000380), 0x759a81, 0x0) select$auto(0x8059, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x37, 0x20000000006, 0x1, 0x940b, 0x6, 0x2, 0x800, 0x5, 0x6, 0x80000023, 0x28e4, 0x6d43, 0xf, 0xc7b2, 0x54]}, 0x0) execve$auto(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) 2.087148376s ago: executing program 0 (id=1190): open(0x0, 0x161342, 0x100) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x74, 0x0, &(0x7f0000000000)=0x8) mmap$auto(0x0, 0x40009, 0x7, 0x9b72, 0x7, 0x28000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = socket(0x15, 0x5, 0x0) getsockopt$auto(r1, 0x114, 0x271b, 0xfffffffffffffffc, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_FLOW_CMD_DEL(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x18, 0x0, 0x1, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_FLOW_ATTR_KEY={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, 0x0, 0x1, 0x4070bd25, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x30000881}, 0xc040804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf250300000008000300000200000600070000800000080002", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a00010000000000000000000800040010000000"], 0x58}, 0x1, 0x0, 0x0, 0x40080}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01eb"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x24004000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x6) setsockopt$auto(r3, 0x10d, 0xb, 0x0, 0x400) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1200"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/remove\x00', 0xa001, 0x0) write$auto(r4, &(0x7f0000000340)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb\x9du\xbc\xe8\xd3j\x06\xc25x\xde\x84\xad\x17(\x0f\xc0\x14<6\x1eyY`\xd4g\xc3\xdeIJr\f\xbb \x0ew4\xa3\xde{\xa6\x93\x8fC\xe4@\xce\xbf\r.\x98\x8c\x0f\x90\n\xfa\"\xaa&?\xfdW\xdd\xd8<\n\x81\x9bU\xa3+wN\xd64O2\n\xa1\x937J`\xa1\xfd\x90S\x90\x93\xd7YL}\xd2\xcfL\x89', 0x98c7) mmap$auto(0x0, 0x400009, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x82, 0x0) 2.053770828s ago: executing program 3 (id=1191): write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) io_uring_setup$auto(0xf0, &(0x7f0000000180)={0x6, 0x18, 0xd64, 0xc852, 0x6, 0x7, 0xffffffffffffffff, [0x1, 0x401, 0x1000], {0x7, 0x5, 0x1, 0x4, 0x95, 0xf4c, 0x7fff, 0xfffffffb, 0x65f29f6d}, {0x3, 0xadc, 0x10000, 0x0, 0x5, 0xffffffff, 0x1000, 0x54f, 0x5}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) connect$auto(0xffffffffffffffff, &(0x7f00000018c0)=@generic={0x1, "000000000000000100"}, 0x10000055) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7fffffe) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x0, 0x0) open(0x0, 0x0, 0x20) r0 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) fallocate$auto(r0, 0x200, 0x12, 0x11) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto_proc_pid_smaps_operations_internal(r0, &(0x7f00000002c0)=""/190, 0xfffffe39) 1.645132031s ago: executing program 0 (id=1192): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x28900, 0x0) open(0x0, 0x22240, 0x55) r0 = socket(0x2b, 0x1, 0x1) setsockopt$auto(r0, 0x0, 0x28, 0x0, 0xc) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) pwrite64$auto(0xffffffffffffffff, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL2\x01\x88\v\xae\xa9i8W\xe5\x00W\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\x90\x13\xd5\x84\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x95\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x13#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xbf\xa6\x11YTz\xf3\xdd\xe7i~:\x1a\xd0\xb0R\xb4J}\x00\x00\x00\x00\x00\x00\xa3\x05\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xd5\xc1\"\xact\xff\xc9\x00'/242, 0x7, 0x2) socket(0x10, 0x2, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket(0x2, 0x1, 0x106) openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/nbd11/hctx0/busy\x00', 0x60000, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x80000, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0x5, 0x2, 0xfffffffffffffffe]}, 0x0) mmap$auto(0x0, 0x9d90, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) ioctl$auto_IOCTL_VM_SOCKETS_GET_LOCAL_CID(r1, 0x7b9, 0x0) r2 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r2, &(0x7f00000020c0)=""/4093, 0xffd) 932.571338ms ago: executing program 3 (id=1193): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = io_uring_setup$auto(0x6, 0x0) r1 = socket(0x2, 0x2, 0x1) setsockopt$auto(r1, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0xffee, 0xe, &(0x7f0000000100)=@in={0x2, 0x4e21, @broadcast}, 0x19) ioctl$auto_SG_GET_VERSION_NUM2(r0, 0x2282, &(0x7f0000000000)="cc5ba0ab6f92bfaf142dfd479accc3a1b78be4e45f44318e368ef5ef641608bf55d1b40e7041e9b91d2bc2e21d54058b3e39889612d271b99f183e797aa50af31d39ed5b0a8e17ea508460e58743cd92337c1e7ca54e67275c15c5249062b965531d91bfaa277b850c9727d1ab107dd2b75be6d4543405ef163909e17a7ddec8bfa797f01923c18eb6a31ba1e6582d1844af366d4667eaa6418754a5f1") 834.174915ms ago: executing program 1 (id=1194): socket(0xa, 0x1, 0x84) (async) r0 = openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$auto(r0, &(0x7f0000000040)='\x00', 0x400) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async, rerun: 32) clock_gettime$auto(0x1, 0x0) (async) r1 = getuid() shmctl$auto_IPC_INFO(0xfffffac3, 0x3, &(0x7f0000000200)={{0x8000, r1, 0xee01, 0x8, 0x4, 0x7, 0xfff9}, 0x7, 0x6, 0x2, 0xf, @raw=0x3, @raw=0x5, 0x1, 0x0, &(0x7f00000000c0)="db028e4289b0ed9b0256c635c0ca92393d9a508990d5e6a998315d208fd67134a4", &(0x7f0000000100)="f6e8a3911beafddcf745d64af0d1be3ca8ab76e9ab05cf920b0a284c5e8332e306869ada652f5873780158ab1a070b17dbdf091079a7067dfeb6667ece00393cd371168e9e976a3bd0f677c660029e7044f05edd00bf7f0c13d724ba0f94cf42e2407454464495d7f996a355213890a93be83f9317dec790a5bd0e0bca7ee2833eeeedc9ded6562ed7d479f7b9fbdd4021c34fc55205902cf5ec7ca5d8b3704182f84fd92da8c2c97ce450aee72d7c3868bd132257ea932c7e1be8339997f0e08c8a311448038455a5138bc77b"}) setresuid$auto(0x0, r2, r1) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x4, 0x1, 0xc, 0x0, 0x6) (async, rerun: 64) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async, rerun: 64) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x52) (async, rerun: 32) r3 = socket(0xa, 0x5, 0x0) (rerun: 32) setsockopt$auto(r3, 0x0, 0x24, 0x0, 0x9) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x7c, 0x0, 0x8) 801.511109ms ago: executing program 3 (id=1195): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) capset$auto(0x0, 0x0) r0 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r0, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x9, &(0x7f0000000000)={0xb1, 0xf3, 0xb0, @raw=0xfffff024}}) write$auto(r0, 0x0, 0x6) r1 = socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) fstat$auto(0xffffffffffffffff, &(0x7f0000000000)={0x5, 0x80000001, 0x0, 0x100, 0x0, 0x0, 0x0, 0xffffffffffffff91, 0xfd3, 0x2, 0xec, 0x4, 0x80000002081, 0x8, 0x2, 0xfffffffffffffff8}) bpf$auto_BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000300)=@enable_stats={0x100}, 0x3) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x20009, 0x2, 0x13, r3, 0x8000) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x4004040) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) setsockopt$auto(0x3, 0x10000000084, 0x3, 0x0, 0x8) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/virtual/block/ram5/range\x00', 0xc0a00, 0x0) pread64$auto(r4, 0x0, 0x6, 0x40008) bind$auto(r1, &(0x7f0000000040)=@nl=@unspec, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x200007, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) 644.159482ms ago: executing program 0 (id=1196): mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x854}, 0x4) ioctl$auto_NS_GET_TGID_IN_PIDNS(0xffffffffffffffff, 0x8004b709, 0x0) ptrace$auto(0x10, 0x0, 0x1, 0x7ff) ptrace$auto_PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x62, 0x27dd) ioctl$auto_SIOCSIFHWADDR2(0xffffffffffffffff, 0x8924, 0x0) sendmsg$auto_NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB, @ANYBLOB, @ANYBLOB], 0x4e0}, 0x1, 0x0, 0x0, 0x800}, 0x4801) sendmsg$auto_NFC_CMD_DEV_DOWN(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14000}, 0x8084) arch_prctl$auto(0x5001, 0x800) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SIOCGIFHWADDR(r1, 0x8927, &(0x7f00000002c0)) 584.007145ms ago: executing program 2 (id=1197): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) write$auto(0x3, 0x0, 0x1) sendmsg$auto_NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40004}, 0x40800) write$auto(0x3, 0x0, 0x81) close_range$auto(0x2, 0x8, 0x0) 402.143858ms ago: executing program 1 (id=1198): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000001280)={0x2a0, r1, 0x1, 0x70bd2a, 0x25dfd3fd, {}, [@HWSIM_ATTR_PMSR_RESULT={0x28c, 0x1c, 0x0, 0x1, [@NL80211_PMSR_ATTR_PEERS={0x288, 0x5, 0x0, 0x1, [{0x1d0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xe8, 0x1, "c1a039f016801a790b4f29ef063d3c6da240da715f79bc7cc4545e1e9edb7959e4dc8b52678414357d535b5d7e1da8ddfab2e25b145c97fe7a383cc5d0b745246e030ea89a75eb5a8efd94f03e9b40222a5b1cf238813b8d6859eff4da0b736842cc6624edb6d853b5014bee0593b69b2b54a228bf5af5094be9de5ef3cf414829c74a205ae736b6c3e9288f439e1483d2853c740f9a79e99a317087784086a16ee10588b654c1a1518a85cee980c8b51c53ef6705ea60ff923437b57c9247d9f62586a55b7c650455aac408edb17f528e47f8c5d73aec0e18f59ef787b6041407f8a673"}, @NL80211_PMSR_PEER_ATTR_RESP={0x4}, @NL80211_PMSR_PEER_ATTR_ADDR={0xdc, 0x1, "465882372517e057270f84858805bfdaf653db37b39e776f00d0283e8c3c78a520134dcd8df8dd9ea130c593b5b1d83d07c4ec9574df2089d13cfed769842c6059f049954e719cf546f47f097916acf46d967ff108bb5559aebcddf57ff3c7b7c54029c18e52176b456db83158bd431c1d8c5e919985dcae63528082d59fb835d7a507c5f101306dbf7d2bb542acb984024242e3ebf0e4d833ab48cf783b5c25dd9a103d6cb0ca955956589808b4043a8424ac48c019c1daa523937273af9210aa54e97ab4eca1774e2ac0b727a33ac41560dff7624c5fc3"}, @NL80211_PMSR_PEER_ATTR_ADDR={0x4}]}, {0xb4, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xc, 0x1, "682f774aba724635"}, @NL80211_PMSR_PEER_ATTR_ADDR={0xa1, 0x1, "3994faa385a065f4d7a4b5affbbfc743bcca8075e75adf43a509b99d107e491277cd482bd0c3473c859b05acfbb4d3989ac5725ffd515b8e42809aec927d8f57411dbfa6f9e6cbe26cab340b75d4accb608b79ef8151e213bc8caa02dea8bcda851d6718ec67d2c26c4d19083e7147e53a382964b8cc7ab2904a2e9b206ea847a341fc7c39a2304c3920966e0cf730788c6929d27719c55c6222caee21"}]}]}]}]}, 0x2a0}, 0x1, 0x0, 0x0, 0x404c0c1}, 0x40000) 368.119838ms ago: executing program 0 (id=1199): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000540)='/proc/sys/kernel/watchdog_thresh\x00', 0x20402, 0x0) write$auto_proc_sys_file_operations_proc_sysctl(r0, 0x0, 0x0) r1 = socket(0x22, 0x2, 0x2) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) rt_sigsuspend$auto(0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto(0x3, 0xc0004509, 0x10000000000402) ioctl$auto(r2, 0x540e, 0x1) getsockname$auto(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xb71b, r1, 0x2000000008) close_range$auto(0x2, 0x8, 0x0) r3 = socketpair$auto(0x3, 0x5, 0x7, 0x0) socket(0xa, 0x1, 0x0) write$auto_debugfs_full_proxy_file_operations_internal(r3, &(0x7f0000000000)="efc477c2ca31cf248e3412de3b0effe94d1196f5746f44db3d7f17f8927328fddf40e8471932f8ad0d529ea1271caa0e1db1d09797537155695843c8da4e86914da4c93436b8ee0c9a62b677fad6b476ad403e207c9594458245d1870cddaea04863fdcb647df66ed56db81d7a4cd23f328e9ce01e752d36b35ff073bcaba58b4b14836637506b40f4872d3f4ff66c789f0e8b4b1903396c9cee08856abb4ccccb180cac3f7adc157446c0b8d835a92897d76b168bc94efbfe898696675817221af8f073921b02ed6f6e8c496bf7542f576e3c37c0", 0xd5) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000140)='/proc/thread-self/oom_adj\x00', 0xbb8da55abe069f62, 0x0) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) mmap$auto(0x0, 0x9, 0x9cad, 0x8012, 0x3, 0x8000) writev$auto(r4, &(0x7f0000000200)={0x0, 0x7}, 0x3) flock$auto(r4, 0xa) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000004ec0)='/dev/snd/pcmC1D0p\x00', 0x2100, 0x0) 248.44962ms ago: executing program 1 (id=1200): mmap$auto(0x2, 0x400008, 0xdf, 0xb9, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) mmap$auto(0x81, 0x200002020009, 0x7, 0xeb4, 0xfffffffffffffffa, 0x8000) setuid$auto(0xe) setrlimit$auto(0x8, 0x0) fchdir$auto(0xffffffffffffffff) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0) shmget$auto(0x100000000, 0x3, 0x79e56dc9) 181.927752ms ago: executing program 0 (id=1201): close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) shutdown$auto(0x200000003, 0x2) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x400, 0xffffffffffffffff, [0x5, 0x101], {0x6, 0x6, 0xfffffffa, 0x29f, 0x1, 0x5, 0x3, 0x4, 0x2}, {0xff, 0x401, 0x4f, 0x9, 0x4cd, 0x20000041, 0x7fffffff, 0x7, 0x8}}) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f0000000180), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) sendfile$auto(0x1, 0x3, 0x0, 0x7ff) 160.272528ms ago: executing program 1 (id=1202): r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x80001, 0x0) r1 = socket(0x26, 0x808, 0x1000) getsockopt$auto(r1, 0x84, 0xe, 0x0, &(0x7f0000000040)=0xb0) unshare$auto(0x40000080) mmap$auto(0x0, 0x400008, 0xdf, 0x100000009b72, 0x2, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x2a742, 0x0) mmap$auto(0x1000000, 0x10000, 0xde, 0x10, r2, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x17) close_range$auto(r0, 0x8, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x48) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000003d40), 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) msgrcv$auto(0x0, 0x0, 0x4, 0x9, 0x3) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) clock_nanosleep$auto(0x8, 0x0, 0x0, 0x0) r3 = bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0x1, 0xb5, 0x10, 0x7, 0x4, 0xffffffffffffffff, 0xa, "2af051a940806ec05be276cfc83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0xe5, 0x3}, 0x10) bpf$auto(0x18, &(0x7f0000000380)=@bpf_attr_11={0x4, 0x9, 0x866b, 0x100005, 0x80000009, 0xfffffe01, 0xe6d9, r3}, 0x92) msgctl$auto(0x0, 0x1, 0x0) msgrcv$auto(0x8000000, 0x0, 0xff9, 0x8000000000000000, 0x3) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) 84.972915ms ago: executing program 3 (id=1203): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a9402, 0x0) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x101000, 0x0) ioctl$auto_MEMGETOOBSEL(r1, 0x80c84d0a, 0x0) r2 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x1f40) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f00000000c0)={0x0, 0xffffffff}, 0x6) r4 = getpid() syz_open_procfs$namespace(r4, &(0x7f0000000140)='ns/uts\x00') sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x880) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, &(0x7f00000001c0)="624d1bfe595046ab5c98199adf260600de16baef6176e6021e1dce210500e8fdffff0000000000fffffffe00a7ed73de11691c13403c82be", 0x7b) process_mrelease$auto(0xffffffffffffffff, 0xa) write$auto(0x3, 0x0, 0x100082) r5 = socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/platform/vhci_hcd.4/usb18/18-0:1.0/usb18-port3/location\x00', 0x0, 0x0) connect$auto(r5, 0x0, 0x54) read$auto(0x3, 0x0, 0x7fffffff) r6 = openat$auto_proc_pid_set_comm_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/comm\x00', 0x341000, 0x0) setsockopt$auto(r6, 0x88, 0x5, &(0x7f0000000100)='/dev/audio\x00', 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) 30.481564ms ago: executing program 2 (id=1204): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000001d00), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_CONNECT(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x30, r1, 0x1, 0x703d25, 0x25dfdbfd, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x6}, @NBD_ATTR_TIMEOUT={0xc}]}, 0x30}, 0x1, 0x0, 0x0, 0x4}, 0x8880) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) connect$auto(0x3, 0x0, 0x55) close_range$auto(0x0, 0xffffffffffffffff, 0x2) fanotify_init$auto(0xc00, 0x2000000000002) r2 = open(&(0x7f0000000000)='./file0\x00', 0x165b42, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r2, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x22) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) r3 = socket(0x1e, 0x4, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x8, 0x4, 0x8000, 0x16, 0x2000000001001, 0xfffffffffffffffd, 0xf, 0x9, 0x59f, 0x1, 0x5, 0x2e3, 0x1, 0x0, 0x2000000000000001, 0xc]}, 0x0, 0x0) setsockopt$auto(r3, 0x10f, 0x87, 0x0, 0x14) r4 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r4, 0x0, 0x401006, 0x4015, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r5 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) write$auto(r5, 0x0, 0x1) 0s ago: executing program 0 (id=1205): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) socket(0xa, 0x800, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x4) r0 = socket(0x26, 0x5, 0x8c68) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x101e41, 0x0) ioperm$auto(0xfffffffffffffff7, 0x5, 0x4000005) futex_waitv$auto(0x0, 0x7ff, 0x8, &(0x7f00000000c0)={0x1000000004, 0x10}, 0x4) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2000, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/admmidi2\x00', 0x8e100, 0x0) read$auto_snd_rawmidi_f_ops_rawmidi(r4, &(0x7f00000002c0)=""/157, 0x9d) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x7, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r5 = ioctl$auto_TUNATTACHFILTER(r0, 0x401054d5, 0x0) ioctl$auto_virtual_ncidev_fops_virtual_ncidev(r5, 0x6, 0x0) futex_wake$auto(&(0x7f0000000140)="adf3e16812f6e5", 0x8, 0x6, 0x6) ioctl$auto_BLKRRPART(r5, 0x125f, 0x0) r6 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r6, 0x40146f2c, 0x0) unshare$auto(0x40000080) setsockopt$auto(r1, 0xd0, 0x800000e4, 0x0, 0x569) r7 = openat$auto_bm_register_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000040), 0x20580, 0x0) mmap$auto(0x0, 0x80000000005, 0x2, 0x9b73, r7, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) kernel console output (not intermixed with test programs): ode_event.isra.0+0x1e3/0x410 [ 152.193210][ T7450] fsnotify+0x187d/0x3550 [ 152.193257][ T7450] ? __pfx_fsnotify+0x10/0x10 [ 152.193303][ T7450] __fsnotify_parent+0x704/0xca0 [ 152.193342][ T7450] ? __pfx___fsnotify_parent+0x10/0x10 [ 152.193380][ T7450] ? __pfx___might_resched+0x10/0x10 [ 152.193426][ T7450] ? __fput+0x30d/0xb40 [ 152.193456][ T7450] __fput+0x30d/0xb40 [ 152.193497][ T7450] task_work_run+0x150/0x240 [ 152.193542][ T7450] ? __pfx_task_work_run+0x10/0x10 [ 152.193592][ T7450] exit_to_user_mode_loop+0x100/0x4a0 [ 152.193633][ T7450] do_syscall_64+0x668/0xf80 [ 152.193670][ T7450] ? clear_bhb_loop+0x40/0x90 [ 152.193705][ T7450] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.193733][ T7450] RIP: 0033:0x7f98b0b9c799 [ 152.193757][ T7450] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 152.193783][ T7450] RSP: 002b:00007f98b19c9028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 152.193810][ T7450] RAX: 0000000000000000 RBX: 00007f98b0e16180 RCX: 00007f98b0b9c799 [ 152.193827][ T7450] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 152.193843][ T7450] RBP: 00007f98b0c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 152.193859][ T7450] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.193875][ T7450] R13: 00007f98b0e16218 R14: 00007f98b0e16180 R15: 00007ffdf5865428 [ 152.193911][ T7450] [ 152.816821][ T7470] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 152.858732][ T7471] FAULT_INJECTION: forcing a failure. [ 152.858732][ T7471] name failslab, interval 1, probability 0, space 0, times 0 [ 152.910021][ T7471] CPU: 1 UID: 0 PID: 7471 Comm: syz.2.371 Tainted: G L syzkaller #0 PREEMPT(full) [ 152.910059][ T7471] Tainted: [L]=SOFTLOCKUP [ 152.910068][ T7471] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 152.910082][ T7471] Call Trace: [ 152.910090][ T7471] [ 152.910099][ T7471] dump_stack_lvl+0x100/0x190 [ 152.910140][ T7471] should_fail_ex.cold+0x5/0xa [ 152.910172][ T7471] should_failslab+0xc2/0x120 [ 152.910199][ T7471] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 152.910242][ T7471] ? sk_prot_alloc+0x60/0x2a0 [ 152.910267][ T7471] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 152.910302][ T7471] ? security_inode_alloc+0x3b/0x2c0 [ 152.910334][ T7471] sk_prot_alloc+0x60/0x2a0 [ 152.910361][ T7471] sk_alloc+0x36/0xe80 [ 152.910394][ T7471] __vsock_create.constprop.0+0x3c/0xba0 [ 152.910425][ T7471] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 152.910454][ T7471] vsock_create+0x126/0x510 [ 152.910489][ T7471] __sock_create+0x339/0x860 [ 152.910524][ T7471] __sys_socket+0x14d/0x260 [ 152.910553][ T7471] ? __pfx___sys_socket+0x10/0x10 [ 152.910592][ T7471] __x64_sys_socket+0x72/0xb0 [ 152.910620][ T7471] ? lockdep_hardirqs_on+0x78/0x100 [ 152.910655][ T7471] do_syscall_64+0x106/0xf80 [ 152.910687][ T7471] ? clear_bhb_loop+0x40/0x90 [ 152.910717][ T7471] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.910742][ T7471] RIP: 0033:0x7f9c75f9c799 [ 152.910763][ T7471] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 152.910785][ T7471] RSP: 002b:00007f9c76f1f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 152.910808][ T7471] RAX: ffffffffffffffda RBX: 00007f9c76216090 RCX: 00007f9c75f9c799 [ 152.910824][ T7471] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000028 [ 152.910839][ T7471] RBP: 00007f9c76032c99 R08: 0000000000000000 R09: 0000000000000000 [ 152.910853][ T7471] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 152.910867][ T7471] R13: 00007f9c76216128 R14: 00007f9c76216090 R15: 00007ffcadfd9d28 [ 152.910903][ T7471] [ 154.128018][ T7506] netlink: 'syz.3.380': attribute type 11 has an invalid length. [ 154.186609][ T7506] netlink: 'syz.3.380': attribute type 11 has an invalid length. [ 154.202067][ T7302] Bluetooth: hci1: unexpected event 0x02 length: 726 > 260 [ 154.204614][ T7506] netlink: 'syz.3.380': attribute type 11 has an invalid length. [ 154.246154][ T7506] netlink: 'syz.3.380': attribute type 11 has an invalid length. [ 154.600420][ T7508] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 154.617231][ T7508] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 154.624617][ T7508] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 154.646774][ T7508] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 154.768629][ T7522] netlink: 25 bytes leftover after parsing attributes in process `syz.3.384'. [ 155.699985][ T7539] netlink: 8 bytes leftover after parsing attributes in process `syz.3.388'. [ 155.890229][ T7526] futex_wake_op: syz.0.386 tries to shift op by -2048; fix this program [ 156.396388][ T7180] Bluetooth: hci0: command 0x0c1a tx timeout [ 156.605926][ T7563] bond0: no command found in slaves file - use +ifname or -ifname [ 156.637404][ T7180] Bluetooth: hci2: command 0x0c1a tx timeout [ 156.643458][ T7180] Bluetooth: hci1: command 0x0c1a tx timeout [ 156.716399][ T7180] Bluetooth: hci3: command 0x0c1a tx timeout [ 158.080651][ T7180] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 158.080675][ T7180] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 158.098489][ T7180] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 158.098560][ T7180] Bluetooth: hci1: Unknown advertising packet type: 0x14 [ 158.105819][ T7180] Bluetooth: hci1: Unknown advertising packet type: 0x14 [ 158.113103][ T7180] Bluetooth: hci1: Unknown advertising packet type: 0x14 [ 158.120982][ T7180] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 158.128110][ T7180] Bluetooth: hci1: Unknown advertising packet type: 0x14 [ 158.135247][ T7180] Bluetooth: hci1: Malformed LE Event: 0x0d [ 158.733787][ T30] audit: type=1804 audit(1774303812.806:6): pid=7624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.401" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 159.856331][ T7660] FAULT_INJECTION: forcing a failure. [ 159.856331][ T7660] name failslab, interval 1, probability 0, space 0, times 0 [ 159.888204][ T7660] CPU: 1 UID: 0 PID: 7660 Comm: syz.1.408 Tainted: G L syzkaller #0 PREEMPT(full) [ 159.888261][ T7660] Tainted: [L]=SOFTLOCKUP [ 159.888272][ T7660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 159.888289][ T7660] Call Trace: [ 159.888298][ T7660] [ 159.888310][ T7660] dump_stack_lvl+0x100/0x190 [ 159.888359][ T7660] should_fail_ex.cold+0x5/0xa [ 159.888391][ T7660] should_failslab+0xc2/0x120 [ 159.888420][ T7660] __kmalloc_cache_noprof+0x7a/0x6f0 [ 159.888454][ T7660] ? wakeup_source_device_create+0x46/0x2e0 [ 159.888491][ T7660] wakeup_source_device_create+0x46/0x2e0 [ 159.888530][ T7660] wakeup_source_sysfs_add+0x1c/0x90 [ 159.888563][ T7660] wakeup_source_register+0x154/0x3e0 [ 159.888591][ T7660] ep_create_wakeup_source+0x1df/0x2e0 [ 159.888620][ T7660] ? __pfx_ep_create_wakeup_source+0x10/0x10 [ 159.888653][ T7660] ? do_epoll_ctl+0x1012/0x36a0 [ 159.888681][ T7660] ? do_epoll_ctl+0x1012/0x36a0 [ 159.888720][ T7660] do_epoll_ctl+0x1eee/0x36a0 [ 159.888766][ T7660] ? __pfx_do_epoll_ctl+0x10/0x10 [ 159.888794][ T7660] ? find_held_lock+0x2b/0x80 [ 159.888821][ T7660] ? __might_fault+0xc5/0x140 [ 159.888860][ T7660] ? __might_fault+0xc5/0x140 [ 159.888910][ T7660] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 159.888938][ T7660] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 159.888968][ T7660] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 159.889006][ T7660] do_syscall_64+0x106/0xf80 [ 159.889044][ T7660] ? clear_bhb_loop+0x40/0x90 [ 159.889076][ T7660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.889104][ T7660] RIP: 0033:0x7ff6c3f9c799 [ 159.889127][ T7660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.889153][ T7660] RSP: 002b:00007ff6c4e2a028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 159.889178][ T7660] RAX: ffffffffffffffda RBX: 00007ff6c4215fa0 RCX: 00007ff6c3f9c799 [ 159.889196][ T7660] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 159.889212][ T7660] RBP: 00007ff6c4032c99 R08: 0000000000000000 R09: 0000000000000000 [ 159.889228][ T7660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 159.889250][ T7660] R13: 00007ff6c4216038 R14: 00007ff6c4215fa0 R15: 00007ffc3e911218 [ 159.889286][ T7660] [ 160.407772][ T7660] FAULT_INJECTION: forcing a failure. [ 160.407772][ T7660] name failslab, interval 1, probability 0, space 0, times 0 [ 160.457351][ T7660] CPU: 0 UID: 0 PID: 7660 Comm: syz.1.408 Tainted: G L syzkaller #0 PREEMPT(full) [ 160.457397][ T7660] Tainted: [L]=SOFTLOCKUP [ 160.457407][ T7660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 160.457423][ T7660] Call Trace: [ 160.457432][ T7660] [ 160.457443][ T7660] dump_stack_lvl+0x100/0x190 [ 160.457489][ T7660] should_fail_ex.cold+0x5/0xa [ 160.457523][ T7660] should_failslab+0xc2/0x120 [ 160.457554][ T7660] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 160.457594][ T7660] ? __proc_create+0x2cb/0x8c0 [ 160.457629][ T7660] __proc_create+0x2cb/0x8c0 [ 160.457657][ T7660] ? __pfx___proc_create+0x10/0x10 [ 160.457691][ T7660] ? _raw_write_unlock+0x28/0x50 [ 160.457735][ T7660] proc_create_reg+0x75/0x170 [ 160.457767][ T7660] proc_create_data+0x86/0x110 [ 160.457795][ T7660] ? __pfx_proc_create_data+0x10/0x10 [ 160.457825][ T7660] ? cache_register_net+0x137/0x5e0 [ 160.457850][ T7660] ? cache_register_net+0x137/0x5e0 [ 160.457884][ T7660] cache_register_net+0x1e0/0x5e0 [ 160.457913][ T7660] gss_svc_init_net+0x14e/0x640 [ 160.457949][ T7660] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 160.457992][ T7660] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 160.458032][ T7660] ops_init+0x1e2/0x5f0 [ 160.458078][ T7660] setup_net+0x118/0x3a0 [ 160.458120][ T7660] ? __pfx_setup_net+0x10/0x10 [ 160.458159][ T7660] ? lockdep_init_map_type+0x5c/0x250 [ 160.458197][ T7660] ? mutex_init_lockep+0x110/0x150 [ 160.458241][ T7660] copy_net_ns+0x46f/0x7c0 [ 160.458282][ T7660] create_new_namespaces+0x3ea/0xac0 [ 160.458323][ T7660] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 160.458357][ T7660] ksys_unshare+0x473/0xad0 [ 160.458388][ T7660] ? __pfx_ksys_unshare+0x10/0x10 [ 160.458443][ T7660] __x64_sys_unshare+0x31/0x40 [ 160.458476][ T7660] do_syscall_64+0x106/0xf80 [ 160.458515][ T7660] ? clear_bhb_loop+0x40/0x90 [ 160.458549][ T7660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.458577][ T7660] RIP: 0033:0x7ff6c3f9c799 [ 160.458599][ T7660] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 160.458625][ T7660] RSP: 002b:00007ff6c4e2a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 160.458650][ T7660] RAX: ffffffffffffffda RBX: 00007ff6c4215fa0 RCX: 00007ff6c3f9c799 [ 160.458669][ T7660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 160.458685][ T7660] RBP: 00007ff6c4032c99 R08: 0000000000000000 R09: 0000000000000000 [ 160.458702][ T7660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 160.458719][ T7660] R13: 00007ff6c4216038 R14: 00007ff6c4215fa0 R15: 00007ffc3e911218 [ 160.458754][ T7660] [ 161.537947][ T7683] kAFS: unparsable volume name [ 162.069580][ T7723] nla_validate_range_unsigned: 2 callbacks suppressed [ 162.069596][ T7723] netlink: 'syz.2.425': attribute type 11 has an invalid length. [ 162.122497][ T7723] netlink: 'syz.2.425': attribute type 11 has an invalid length. [ 162.140585][ T7723] netlink: 'syz.2.425': attribute type 11 has an invalid length. [ 162.166694][ T7723] netlink: 'syz.2.425': attribute type 11 has an invalid length. [ 162.210799][ T7723] netlink: 'syz.2.425': attribute type 11 has an invalid length. [ 162.228683][ T7723] netlink: 'syz.2.425': attribute type 11 has an invalid length. [ 162.708693][ T7741] NFSD: Failed to start, no listeners configured. [ 163.647787][ T7164] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 163.833045][ T7770] netlink: 'syz.1.437': attribute type 11 has an invalid length. [ 163.866276][ T7770] netlink: 'syz.1.437': attribute type 11 has an invalid length. [ 163.881064][ T7770] netlink: 'syz.1.437': attribute type 11 has an invalid length. [ 163.886652][ T7773] netlink: 334 bytes leftover after parsing attributes in process `syz.2.438'. [ 163.898976][ T7770] netlink: 'syz.1.437': attribute type 11 has an invalid length. [ 167.668205][ T7877] delete_channel: no stack [ 167.860945][ T7870] net_ratelimit: 4 callbacks suppressed [ 167.860961][ T7870] netlink: Invalid conntrack timeout [ 168.712434][ T7898] netlink: 'syz.0.464': attribute type 19 has an invalid length. [ 168.727157][ T7895] can: request_module (can-proto-3) failed. [ 168.754274][ T7898] netlink: 226 bytes leftover after parsing attributes in process `syz.0.464'. [ 168.788467][ T7898] netlink: 'syz.0.464': attribute type 19 has an invalid length. [ 168.803243][ T7898] netlink: 226 bytes leftover after parsing attributes in process `syz.0.464'. [ 168.897449][ T7907] futex_wake_op: syz.2.465 tries to shift op by -2048; fix this program [ 168.930168][ T7907] futex_wake_op: syz.2.465 tries to shift op by -2048; fix this program [ 168.991614][ T7913] netlink: 338 bytes leftover after parsing attributes in process `syz.2.465'. [ 169.059420][ T7905] netlink: 342 bytes leftover after parsing attributes in process `syz.2.465'. [ 169.068688][ T7907] futex_wake_op: syz.2.465 tries to shift op by -2048; fix this program [ 169.077204][ T7914] netlink: 338 bytes leftover after parsing attributes in process `syz.2.465'. [ 169.633069][ T7931] nla_validate_range_unsigned: 2 callbacks suppressed [ 169.633084][ T7931] netlink: 'syz.0.471': attribute type 11 has an invalid length. [ 169.686542][ T7931] netlink: 'syz.0.471': attribute type 11 has an invalid length. [ 169.716250][ T7931] netlink: 'syz.0.471': attribute type 11 has an invalid length. [ 169.754731][ T7931] netlink: 'syz.0.471': attribute type 11 has an invalid length. [ 169.786337][ T7931] netlink: 'syz.0.471': attribute type 11 has an invalid length. [ 169.794113][ T7931] netlink: 'syz.0.471': attribute type 11 has an invalid length. [ 169.903305][ T7940] netlink: 342 bytes leftover after parsing attributes in process `syz.1.474'. [ 169.966404][ T7948] netlink: 342 bytes leftover after parsing attributes in process `syz.1.474'. [ 170.363790][ T7960] netlink: 28 bytes leftover after parsing attributes in process `syz.3.479'. [ 170.462314][ T7965] random: crng reseeded on system resumption [ 171.049849][ T7984] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 171.265694][ T7995] netlink: 'syz.0.485': attribute type 11 has an invalid length. [ 171.348940][ T7995] netlink: 'syz.0.485': attribute type 11 has an invalid length. [ 171.399095][ T7995] netlink: 'syz.0.485': attribute type 11 has an invalid length. [ 171.435446][ T7995] netlink: 'syz.0.485': attribute type 11 has an invalid length. [ 171.901778][ T8005] bridge0: port 3(gretap0) entered blocking state [ 171.946448][ T8005] bridge0: port 3(gretap0) entered disabled state [ 171.953186][ T8005] gretap0: entered allmulticast mode [ 171.993255][ T8005] gretap0: entered promiscuous mode [ 172.018368][ T8005] bridge0: port 3(gretap0) entered blocking state [ 172.024952][ T8005] bridge0: port 3(gretap0) entered forwarding state [ 172.742966][ T8043] netlink: 350 bytes leftover after parsing attributes in process `syz.0.495'. [ 173.939915][ T8061] RDS: rds_bind could not find a transport for 3582:6339:c732:8903::, load rds_tcp or rds_rdma? [ 175.073379][ T8102] nla_validate_range_unsigned: 8 callbacks suppressed [ 175.073401][ T8102] netlink: 'syz.0.508': attribute type 11 has an invalid length. [ 175.110939][ T8102] netlink: 'syz.0.508': attribute type 11 has an invalid length. [ 175.150881][ T8104] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec"[8104] [ 175.181908][ T8102] netlink: 'syz.0.508': attribute type 11 has an invalid length. [ 175.233535][ T8102] netlink: 'syz.0.508': attribute type 11 has an invalid length. [ 175.296205][ T8102] netlink: 'syz.0.508': attribute type 11 has an invalid length. [ 175.303990][ T8102] netlink: 'syz.0.508': attribute type 11 has an invalid length. [ 176.397490][ T8112] RDS: rds_bind could not find a transport for 3582:6339:c732:8903::, load rds_tcp or rds_rdma? [ 177.116488][ T0] NOHZ tick-stop error: local softirq work is pending, handler #c2!!! [ 177.348193][ T8157] netlink: 'syz.0.521': attribute type 11 has an invalid length. [ 177.385562][ T8157] netlink: 'syz.0.521': attribute type 11 has an invalid length. [ 177.443296][ T8157] netlink: 'syz.0.521': attribute type 11 has an invalid length. [ 177.522306][ T8157] netlink: 'syz.0.521': attribute type 11 has an invalid length. [ 178.560395][ T7180] Bluetooth: hci2: unknown advertising packet type: 0xea [ 179.101578][ T8182] RDS: rds_bind could not find a transport for 3582:6339:c732:8903::, load rds_tcp or rds_rdma? 1[ 181.200479][ T8277] netlink: 32 bytes leftover after parsing attributes in process `syz.1.547'. [ 181.241224][ T8269] zswap: compressor ¡´¯Í~èšàÝ not available [ 182.250508][ T30] audit: type=1800 audit(1774303836.276:7): pid=8292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.552" name="features" dev="configfs" ino=20940 res=0 errno=0 [ 182.788147][ T8313] random: crng reseeded on system resumption [ 182.965024][ T8315] delete_channel: no stack [ 183.100711][ T8317] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input11 [ 183.544694][ T8339] netlink: 25 bytes leftover after parsing attributes in process `syz.1.563'. [ 186.652147][ T8408] netlink: 330 bytes leftover after parsing attributes in process `syz.1.578'. [ 186.918754][ T8408] ›: renamed from bond_slave_0 (while UP) [ 186.963066][ T8408] netlink: 330 bytes leftover after parsing attributes in process `syz.1.578'. [ 189.273188][ T8443] sg_write: process 521 (syz.3.584) changed security contexts after opening file descriptor, this is not allowed. [ 189.478020][ T8447] nla_validate_range_unsigned: 5 callbacks suppressed [ 189.478036][ T8447] netlink: 'syz.0.585': attribute type 11 has an invalid length. [ 189.550479][ T8447] netlink: 'syz.0.585': attribute type 11 has an invalid length. [ 190.731353][ T8464] random: crng reseeded on system resumption [ 194.246734][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.253172][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 196.990663][ T8593] FAULT_INJECTION: forcing a failure. [ 196.990663][ T8593] name failslab, interval 1, probability 0, space 0, times 0 [ 197.022353][ T8597] netlink: 'syz.3.612': attribute type 11 has an invalid length. [ 197.040447][ T8597] netlink: 'syz.3.612': attribute type 11 has an invalid length. [ 197.051796][ T8597] netlink: 'syz.3.612': attribute type 11 has an invalid length. [ 197.076763][ T8593] CPU: 1 UID: 0 PID: 8593 Comm: syz.1.611 Tainted: G L syzkaller #0 PREEMPT(full) [ 197.076804][ T8593] Tainted: [L]=SOFTLOCKUP [ 197.076813][ T8593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 197.076827][ T8593] Call Trace: [ 197.076835][ T8593] [ 197.076845][ T8593] dump_stack_lvl+0x100/0x190 [ 197.076888][ T8593] should_fail_ex.cold+0x5/0xa [ 197.076920][ T8593] should_failslab+0xc2/0x120 [ 197.076948][ T8593] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 197.076992][ T8593] ? copy_net_ns+0xe8/0x7c0 [ 197.077026][ T8593] copy_net_ns+0xe8/0x7c0 [ 197.077049][ T8593] ? copy_cgroup_ns+0x71/0x970 [ 197.077082][ T8593] create_new_namespaces+0x3ea/0xac0 [ 197.077118][ T8593] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 197.077149][ T8593] ksys_unshare+0x473/0xad0 [ 197.077184][ T8593] ? __pfx_ksys_unshare+0x10/0x10 [ 197.077230][ T8593] __x64_sys_unshare+0x31/0x40 [ 197.077262][ T8593] do_syscall_64+0x106/0xf80 [ 197.077297][ T8593] ? clear_bhb_loop+0x40/0x90 [ 197.077329][ T8593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.077356][ T8593] RIP: 0033:0x7ff6c3f9c799 [ 197.077378][ T8593] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 197.077402][ T8593] RSP: 002b:00007ff6c4e2a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 197.077427][ T8593] RAX: ffffffffffffffda RBX: 00007ff6c4215fa0 RCX: 00007ff6c3f9c799 [ 197.077445][ T8593] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 197.077460][ T8593] RBP: 00007ff6c4032c99 R08: 0000000000000000 R09: 0000000000000000 [ 197.077476][ T8593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 197.077490][ T8593] R13: 00007ff6c4216038 R14: 00007ff6c4215fa0 R15: 00007ffc3e911218 [ 197.077526][ T8593] [ 199.901319][ T8647] netlink: 'syz.3.621': attribute type 11 has an invalid length. [ 199.931751][ T8647] netlink: 'syz.3.621': attribute type 11 has an invalid length. [ 199.967970][ T8647] netlink: 'syz.3.621': attribute type 11 has an invalid length. [ 201.347112][ T8679] futex_wake_op: syz.0.629 tries to shift op by -2048; fix this program [ 201.355579][ T8679] futex_wake_op: syz.0.629 tries to shift op by -2048; fix this program [ 201.366851][ T8679] netlink: 186 bytes leftover after parsing attributes in process `syz.0.629'. [ 201.694556][ T8704] netlink: 'syz.3.632': attribute type 11 has an invalid length. [ 201.716470][ T8704] netlink: 'syz.3.632': attribute type 11 has an invalid length. [ 201.749047][ T8704] netlink: 'syz.3.632': attribute type 11 has an invalid length. [ 201.919681][ T8716] netlink: 330 bytes leftover after parsing attributes in process `syz.0.633'. [ 201.942674][ T8716] mac80211_hwsim hwsim4 ›: renamed from wlan0 (while UP) [ 202.551473][ T8736] random: crng reseeded on system resumption [ 203.791821][ T8762] bridge0: port 3(hsr0) entered blocking state [ 203.803432][ T8762] bridge0: port 3(hsr0) entered disabled state [ 203.825562][ T8762] hsr0: entered allmulticast mode [ 203.862720][ T8762] hsr_slave_0: entered allmulticast mode [ 203.884522][ T8762] hsr_slave_1: entered allmulticast mode [ 203.907605][ T8762] hsr0: entered promiscuous mode [ 203.913199][ T8762] bridge0: port 3(hsr0) entered blocking state [ 203.919481][ T8762] bridge0: port 3(hsr0) entered forwarding state [ 204.076345][ T8768] netlink: 'syz.1.643': attribute type 11 has an invalid length. [ 204.138902][ T8768] netlink: 'syz.1.643': attribute type 11 has an invalid length. [ 204.253151][ T8768] netlink: 'syz.1.643': attribute type 11 has an invalid length. [ 204.814684][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 204.836559][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 204.842727][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 204.926096][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.002623][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.016043][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.030800][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.068581][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.165078][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.362815][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.381176][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.406634][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.436538][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.442882][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.449210][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.455438][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.461681][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.467935][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.474184][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.480454][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.487194][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.493647][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.499969][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.506272][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.512540][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.518790][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.525071][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.531365][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.537682][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.543882][ T8787] binder: 8784:8787 ioctl af01 0 returned -22 [ 205.589005][ T8797] netlink: 338 bytes leftover after parsing attributes in process `syz.3.650'. [ 205.805793][ T8803] netlink: 342 bytes leftover after parsing attributes in process `syz.0.651'. [ 205.817166][ T8807] delete_channel: no stack [ 205.835310][ T8807] crash hp: kexec_trylock() failed, kdump image may be inaccurate [ 206.929274][ T8828] netlink: 'syz.3.655': attribute type 11 has an invalid length. [ 206.966577][ T8828] netlink: 'syz.3.655': attribute type 11 has an invalid length. [ 206.986669][ T8828] netlink: 'syz.3.655': attribute type 11 has an invalid length. [ 207.803506][ T8850] netlink: 330 bytes leftover after parsing attributes in process `syz.1.658'. [ 207.900221][ T8806] kexec: Could not allocate control_code_buffer [ 208.678306][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 208.686270][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 208.750868][ T8875] [U] ^@ [ 209.161829][ T8889] netlink: 24 bytes leftover after parsing attributes in process `syz.1.664'. [ 209.571249][ T8891] FAULT_INJECTION: forcing a failure. [ 209.571249][ T8891] name failslab, interval 1, probability 0, space 0, times 0 [ 209.585555][ T8891] CPU: 1 UID: 0 PID: 8891 Comm: syz.2.665 Tainted: G L syzkaller #0 PREEMPT(full) [ 209.585581][ T8891] Tainted: [L]=SOFTLOCKUP [ 209.585586][ T8891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 209.585595][ T8891] Call Trace: [ 209.585601][ T8891] [ 209.585606][ T8891] dump_stack_lvl+0x100/0x190 [ 209.585635][ T8891] should_fail_ex.cold+0x5/0xa [ 209.585654][ T8891] ? process_preds+0x4c2/0x1d90 [ 209.585683][ T8891] should_failslab+0xc2/0x120 [ 209.585701][ T8891] __kmalloc_noprof+0xe0/0x850 [ 209.585728][ T8891] process_preds+0x4c2/0x1d90 [ 209.585755][ T8891] ? create_filter_start.constprop.0+0x134/0x310 [ 209.585780][ T8891] create_filter+0x140/0x210 [ 209.585802][ T8891] ? __pfx_create_filter+0x10/0x10 [ 209.585826][ T8891] ? find_held_lock+0x2b/0x80 [ 209.585843][ T8891] apply_event_filter+0x220/0x500 [ 209.585866][ T8891] ? __pfx_apply_event_filter+0x10/0x10 [ 209.585894][ T8891] event_filter_write+0x16d/0x290 [ 209.585912][ T8891] vfs_write+0x2aa/0x1070 [ 209.585927][ T8891] ? __pfx_event_filter_write+0x10/0x10 [ 209.585946][ T8891] ? __pfx_vfs_write+0x10/0x10 [ 209.585966][ T8891] ? __fget_files+0x215/0x3d0 [ 209.585997][ T8891] ? __fget_files+0x21f/0x3d0 [ 209.586030][ T8891] ksys_write+0x12a/0x250 [ 209.586053][ T8891] ? __pfx_ksys_write+0x10/0x10 [ 209.586085][ T8891] do_syscall_64+0x106/0xf80 [ 209.586108][ T8891] ? clear_bhb_loop+0x40/0x90 [ 209.586127][ T8891] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.586156][ T8891] RIP: 0033:0x7f9c75f9c799 [ 209.586177][ T8891] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 209.586202][ T8891] RSP: 002b:00007f9c76f40028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 209.586227][ T8891] RAX: ffffffffffffffda RBX: 00007f9c76215fa0 RCX: 00007f9c75f9c799 [ 209.586245][ T8891] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 209.586254][ T8891] RBP: 00007f9c76032c99 R08: 0000000000000000 R09: 0000000000000000 [ 209.586262][ T8891] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 209.586270][ T8891] R13: 00007f9c76216038 R14: 00007f9c76215fa0 R15: 00007ffcadfd9d28 [ 209.586290][ T8891] [ 209.869655][ T8900] random: crng reseeded on system resumption [ 210.207694][ T8911] netlink: 16 bytes leftover after parsing attributes in process `syz.3.668'. [ 210.740158][ T8914] ecryptfs_miscdev_write: Invalid packet size [0] [ 210.984718][ T8925] FAULT_INJECTION: forcing a failure. [ 210.984718][ T8925] name fail_futex, interval 1, probability 0, space 0, times 1 [ 211.426244][ T8925] CPU: 1 UID: 0 PID: 8925 Comm: syz.2.672 Tainted: G L syzkaller #0 PREEMPT(full) [ 211.426290][ T8925] Tainted: [L]=SOFTLOCKUP [ 211.426297][ T8925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 211.426306][ T8925] Call Trace: [ 211.426312][ T8925] [ 211.426318][ T8925] dump_stack_lvl+0x100/0x190 [ 211.426348][ T8925] should_fail_ex.cold+0x5/0xa [ 211.426366][ T8925] get_futex_key+0x1d2/0x1620 [ 211.426388][ T8925] ? __pfx_get_futex_key+0x10/0x10 [ 211.426406][ T8925] ? do_mmap+0x93f/0x12f0 [ 211.426422][ T8925] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 211.426442][ T8925] futex_wake+0xea/0x530 [ 211.426466][ T8925] ? __pfx_futex_wake+0x10/0x10 [ 211.426495][ T8925] do_futex+0x32b/0x350 [ 211.426521][ T8925] ? __pfx_do_futex+0x10/0x10 [ 211.426545][ T8925] __x64_sys_futex+0x34f/0x4d0 [ 211.426565][ T8925] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 211.426582][ T8925] ? __pfx___x64_sys_futex+0x10/0x10 [ 211.426609][ T8925] do_syscall_64+0x106/0xf80 [ 211.426629][ T8925] ? clear_bhb_loop+0x40/0x90 [ 211.426647][ T8925] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.426662][ T8925] RIP: 0033:0x7f9c75f9c799 [ 211.426675][ T8925] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 211.426689][ T8925] RSP: 002b:00007f9c76f400e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 211.426703][ T8925] RAX: ffffffffffffffda RBX: 00007f9c76215fa8 RCX: 00007f9c75f9c799 [ 211.426713][ T8925] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f9c76215fac [ 211.426721][ T8925] RBP: 00007f9c76215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 211.426730][ T8925] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 211.426738][ T8925] R13: 00007f9c76216038 R14: 00007ffcadfd9c40 R15: 00007ffcadfd9d28 [ 211.426757][ T8925] [ 212.569342][ T8943] netlink: 342 bytes leftover after parsing attributes in process `syz.2.675'. [ 213.481103][ T8959] netlink: 146 bytes leftover after parsing attributes in process `syz.0.679'. [ 213.861977][ T8970] TCP: TCP_TX_DELAY enabled [ 213.900790][ T8965] NFSD: Failed to start, no listeners configured. [ 214.678172][ T8992] netlink: 28 bytes leftover after parsing attributes in process `syz.0.688'. [ 215.660278][ T9017] futex_wake_op: syz.0.693 tries to shift op by -2048; fix this program [ 215.698521][ T9017] futex_wake_op: syz.0.693 tries to shift op by -2048; fix this program [ 215.736907][ T9017] 0x000000000001-0x000000020000 : "" [ 215.788041][ T9017] ftl_cs: FTL header corrupt! [ 218.069135][ T9075] netlink: 'syz.2.706': attribute type 11 has an invalid length. [ 218.096301][ T9075] netlink: 'syz.2.706': attribute type 11 has an invalid length. [ 218.116269][ T9075] netlink: 'syz.2.706': attribute type 11 has an invalid length. [ 218.124061][ T9075] netlink: 'syz.2.706': attribute type 11 has an invalid length. [ 218.173166][ T9075] netlink: 'syz.2.706': attribute type 11 has an invalid length. [ 219.496194][ T9088] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 219.502432][ T9088] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 219.512750][ T9088] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 219.522973][ T9088] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 221.203821][ T7180] Bluetooth: hci0: command 0x0c1a tx timeout [ 221.516473][ T7180] Bluetooth: hci1: command 0x0c1a tx timeout [ 221.596988][ T7302] Bluetooth: hci2: command 0x0c1a tx timeout [ 221.603081][ T7180] Bluetooth: hci3: command 0x0c1a tx timeout [ 221.843217][ T9179] netlink: 'syz.2.730': attribute type 2 has an invalid length. [ 223.594059][ T9216] netlink: 'syz.0.740': attribute type 11 has an invalid length. [ 223.617242][ T9216] netlink: 'syz.0.740': attribute type 11 has an invalid length. [ 223.625047][ T9216] netlink: 'syz.0.740': attribute type 11 has an invalid length. [ 224.396494][ T9234] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 224.770443][ T9242] netlink: 20 bytes leftover after parsing attributes in process `syz.0.746'. [ 227.917461][ T9323] FAULT_INJECTION: forcing a failure. [ 227.917461][ T9323] name failslab, interval 1, probability 0, space 0, times 0 [ 227.936272][ T9323] CPU: 1 UID: 0 PID: 9323 Comm: syz.3.764 Tainted: G L syzkaller #0 PREEMPT(full) [ 227.936318][ T9323] Tainted: [L]=SOFTLOCKUP [ 227.936328][ T9323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 227.936346][ T9323] Call Trace: [ 227.936355][ T9323] [ 227.936366][ T9323] dump_stack_lvl+0x100/0x190 [ 227.936418][ T9323] should_fail_ex.cold+0x5/0xa [ 227.936454][ T9323] should_failslab+0xc2/0x120 [ 227.936495][ T9323] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 227.936544][ T9323] ? snd_pcm_hw_rule_add+0x3b3/0x510 [ 227.936584][ T9323] krealloc_node_align_noprof+0x30a/0x3e0 [ 227.936628][ T9323] ? __split_page_owner+0x1f9/0x350 [ 227.936664][ T9323] snd_pcm_hw_rule_add+0x3b3/0x510 [ 227.936698][ T9323] ? __pfx_snd_pcm_hw_rule_format+0x10/0x10 [ 227.936738][ T9323] ? __pfx_snd_pcm_hw_rule_add+0x10/0x10 [ 227.936771][ T9323] ? mutex_init_lockep+0x110/0x150 [ 227.936814][ T9323] ? snd_pcm_attach_substream+0x29b/0xd60 [ 227.936867][ T9323] snd_pcm_open_substream+0x54a/0x1850 [ 227.936910][ T9323] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 227.936955][ T9323] ? rcu_is_watching+0x12/0xc0 [ 227.937005][ T9323] snd_pcm_open+0x2a3/0x710 [ 227.937051][ T9323] ? __pfx_snd_pcm_open+0x10/0x10 [ 227.937094][ T9323] ? __pfx_default_wake_function+0x10/0x10 [ 227.937137][ T9323] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 227.937178][ T9323] snd_pcm_playback_open+0x86/0xe0 [ 227.937216][ T9323] snd_open+0x22d/0x4c0 [ 227.937247][ T9323] ? __pfx_snd_open+0x10/0x10 [ 227.937277][ T9323] chrdev_open+0x234/0x6a0 [ 227.937308][ T9323] ? __pfx_apparmor_file_open+0x10/0x10 [ 227.937337][ T9323] ? __pfx_chrdev_open+0x10/0x10 [ 227.937371][ T9323] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 227.937411][ T9323] do_dentry_open+0x6d8/0x1660 [ 227.937442][ T9323] ? __pfx_chrdev_open+0x10/0x10 [ 227.937490][ T9323] vfs_open+0x82/0x3f0 [ 227.937532][ T9323] path_openat+0x208c/0x31a0 [ 227.937576][ T9323] ? __pfx_path_openat+0x10/0x10 [ 227.937623][ T9323] do_file_open+0x20e/0x430 [ 227.937658][ T9323] ? __pfx_do_file_open+0x10/0x10 [ 227.937720][ T9323] ? alloc_fd+0x476/0x790 [ 227.937754][ T9323] ? do_getname+0x191/0x390 [ 227.937796][ T9323] do_sys_openat2+0x10d/0x1e0 [ 227.937835][ T9323] ? __pfx_do_sys_openat2+0x10/0x10 [ 227.937889][ T9323] __x64_sys_openat+0x12d/0x210 [ 227.937929][ T9323] ? __pfx___x64_sys_openat+0x10/0x10 [ 227.937983][ T9323] do_syscall_64+0x106/0xf80 [ 227.938028][ T9323] ? clear_bhb_loop+0x40/0x90 [ 227.938066][ T9323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 227.938097][ T9323] RIP: 0033:0x7f2c0c39c799 [ 227.938121][ T9323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 227.938151][ T9323] RSP: 002b:00007f2c0d1e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 227.938179][ T9323] RAX: ffffffffffffffda RBX: 00007f2c0c615fa0 RCX: 00007f2c0c39c799 [ 227.938199][ T9323] RDX: 0000000000002100 RSI: 0000200000004ec0 RDI: ffffffffffffff9c [ 227.938217][ T9323] RBP: 00007f2c0c432c99 R08: 0000000000000000 R09: 0000000000000000 [ 227.938234][ T9323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 227.938252][ T9323] R13: 00007f2c0c616038 R14: 00007f2c0c615fa0 R15: 00007fffc38585f8 [ 227.938292][ T9323] [ 228.483280][ T9331] netlink: 'syz.3.767': attribute type 11 has an invalid length. [ 228.500089][ T9331] netlink: 'syz.3.767': attribute type 11 has an invalid length. [ 228.514870][ T9331] netlink: 'syz.3.767': attribute type 11 has an invalid length. [ 228.548850][ T30] audit: type=1800 audit(1774303882.586:8): pid=9327 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.766" name="dbroot" dev="configfs" ino=26264 res=0 errno=0 [ 229.645128][ T9354] random: crng reseeded on system resumption [ 230.063641][ T9330] kexec: Could not allocate control_code_buffer [ 230.323194][ T9369] netlink: 'syz.0.776': attribute type 11 has an invalid length. [ 230.331122][ T9369] netlink: 'syz.0.776': attribute type 11 has an invalid length. [ 230.338989][ T9369] netlink: 'syz.0.776': attribute type 11 has an invalid length. [ 231.579645][ T9414] netlink: 'syz.0.789': attribute type 11 has an invalid length. [ 231.596474][ T9414] netlink: 'syz.0.789': attribute type 11 has an invalid length. [ 231.622563][ T9414] netlink: 'syz.0.789': attribute type 11 has an invalid length. [ 234.824154][ T7180] Bluetooth: hci1: SCO packet too small [ 234.826352][ T9492] FAULT_INJECTION: forcing a failure. [ 234.826352][ T9492] name failslab, interval 1, probability 0, space 0, times 0 [ 234.887806][ T30] audit: type=1800 audit(1774303888.966:9): pid=9494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.807" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 234.888918][ T9492] CPU: 1 UID: 0 PID: 9492 Comm: syz.2.807 Tainted: G L syzkaller #0 PREEMPT(full) [ 234.888955][ T9492] Tainted: [L]=SOFTLOCKUP [ 234.888963][ T9492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 234.888978][ T9492] Call Trace: [ 234.888986][ T9492] [ 234.888995][ T9492] dump_stack_lvl+0x100/0x190 [ 234.889045][ T9492] should_fail_ex.cold+0x5/0xa [ 234.889077][ T9492] should_failslab+0xc2/0x120 [ 234.889103][ T9492] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 234.889138][ T9492] ? vm_area_dup+0x27/0x8e0 [ 234.889178][ T9492] vm_area_dup+0x27/0x8e0 [ 234.889213][ T9492] __split_vma+0x18c/0xd90 [ 234.889252][ T9492] ? __pfx___split_vma+0x10/0x10 [ 234.889284][ T9492] ? mas_ascend+0x53d/0xb30 [ 234.889336][ T9492] vma_modify+0x197d/0x2250 [ 234.889380][ T9492] ? __pfx_vma_modify+0x10/0x10 [ 234.889422][ T9492] vma_modify_flags+0x257/0x3d0 [ 234.889459][ T9492] ? __pfx_vma_modify_flags+0x10/0x10 [ 234.889510][ T9492] ? rcu_is_watching+0x12/0xc0 [ 234.889545][ T9492] ? percpu_counter_add_batch+0xb9/0x230 [ 234.889585][ T9492] mprotect_fixup+0x209/0xb70 [ 234.889625][ T9492] ? __pfx_mprotect_fixup+0x10/0x10 [ 234.889662][ T9492] ? __pfx_mas_prev+0x10/0x10 [ 234.889693][ T9492] do_mprotect_pkey+0x9e1/0xe70 [ 234.889737][ T9492] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 234.889811][ T9492] __x64_sys_mprotect+0x78/0xc0 [ 234.889842][ T9492] ? lockdep_hardirqs_on+0x78/0x100 [ 234.889877][ T9492] do_syscall_64+0x106/0xf80 [ 234.889911][ T9492] ? clear_bhb_loop+0x40/0x90 [ 234.889941][ T9492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 234.889967][ T9492] RIP: 0033:0x7f9c75f9c597 [ 234.889987][ T9492] Code: 89 38 eb 84 0f 1f 80 00 00 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 48 c7 c0 ff ff ff ff e9 7a ff ff ff b8 0a 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 234.890010][ T9492] RSP: 002b:00007ffcadfd9cc8 EFLAGS: 00000206 ORIG_RAX: 000000000000000a [ 234.890040][ T9492] RAX: ffffffffffffffda RBX: 00007f9c76efe6c0 RCX: 00007f9c75f9c597 [ 234.890056][ T9492] RDX: 0000000000000003 RSI: 0000000000020000 RDI: 00007f9c76edf000 [ 234.890071][ T9492] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 234.890085][ T9492] R10: 0000000000021000 R11: 0000000000000206 R12: 00007ffcadfd9e20 [ 234.890100][ T9492] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 234.890135][ T9492] [ 235.445234][ T9502] program syz.3.809 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 237.011589][ T9535] nvme_fcloop: unknown parameter or missing value '7' [ 237.987345][ T7180] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 237.987381][ T7180] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 238.002130][ T7180] Bluetooth: hci1: Dropping invalid advertising data [ 238.011152][ T7180] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 238.011189][ T7180] Bluetooth: hci1: Dropping invalid advertising data [ 238.025635][ T7180] Bluetooth: hci1: Malformed LE Event: 0x02 [ 238.747830][ T9591] netlink: 'syz.2.828': attribute type 11 has an invalid length. [ 238.764922][ T9591] netlink: 'syz.2.828': attribute type 11 has an invalid length. [ 238.800058][ T9591] netlink: 'syz.2.828': attribute type 11 has an invalid length. [ 240.405574][ T9634] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„ [ 240.801344][ T9630] FAULT_INJECTION: forcing a failure. [ 240.801344][ T9630] name failslab, interval 1, probability 0, space 0, times 0 [ 240.846206][ T9630] CPU: 1 UID: 0 PID: 9630 Comm: syz.3.835 Tainted: G L syzkaller #0 PREEMPT(full) [ 240.846251][ T9630] Tainted: [L]=SOFTLOCKUP [ 240.846261][ T9630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 240.846277][ T9630] Call Trace: [ 240.846286][ T9630] [ 240.846296][ T9630] dump_stack_lvl+0x100/0x190 [ 240.846343][ T9630] should_fail_ex.cold+0x5/0xa [ 240.846377][ T9630] should_failslab+0xc2/0x120 [ 240.846407][ T9630] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 240.846435][ T9630] ? security_inode_alloc+0x3b/0x2c0 [ 240.846451][ T9630] ? lockdep_init_map_type+0x5c/0x250 [ 240.846473][ T9630] security_inode_alloc+0x3b/0x2c0 [ 240.846490][ T9630] inode_init_always_gfp+0xced/0x1040 [ 240.846510][ T9630] alloc_inode+0x8e/0x250 [ 240.846529][ T9630] new_inode+0x22/0x1c0 [ 240.846549][ T9630] hugetlbfs_get_inode+0x313/0x750 [ 240.846569][ T9630] hugetlb_file_setup+0x3cc/0x5b0 [ 240.846587][ T9630] newseg+0xabb/0xed0 [ 240.846609][ T9630] ? __pfx_newseg+0x10/0x10 [ 240.846627][ T9630] ? down_write+0x146/0x1f0 [ 240.846642][ T9630] ? ksys_write+0x190/0x250 [ 240.846655][ T9630] ? ksys_write+0x190/0x250 [ 240.846672][ T9630] ipcget+0xee/0xf50 [ 240.846690][ T9630] ? do_futex+0x192/0x350 [ 240.846710][ T9630] ? __pfx_do_futex+0x10/0x10 [ 240.846731][ T9630] ? __pfx_ipcget+0x10/0x10 [ 240.846750][ T9630] ? __x64_sys_futex+0x34f/0x4d0 [ 240.846768][ T9630] ? __x64_sys_futex+0x358/0x4d0 [ 240.846789][ T9630] __x64_sys_shmget+0x13b/0x1b0 [ 240.846808][ T9630] ? __pfx___x64_sys_shmget+0x10/0x10 [ 240.846841][ T9630] do_syscall_64+0x106/0xf80 [ 240.846862][ T9630] ? clear_bhb_loop+0x40/0x90 [ 240.846881][ T9630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.846897][ T9630] RIP: 0033:0x7f2c0c39c799 [ 240.846911][ T9630] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 240.846924][ T9630] RSP: 002b:00007f2c09df2028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 240.846939][ T9630] RAX: ffffffffffffffda RBX: 00007f2c0c616360 RCX: 00007f2c0c39c799 [ 240.846948][ T9630] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 240.846957][ T9630] RBP: 00007f2c0c432c99 R08: 0000000000000000 R09: 0000000000000000 [ 240.846966][ T9630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 240.846974][ T9630] R13: 00007f2c0c6163f8 R14: 00007f2c0c616360 R15: 00007fffc38585f8 [ 240.846994][ T9630] [ 241.314130][ T9654] netlink: 28 bytes leftover after parsing attributes in process `syz.1.840'. [ 241.327531][ T9654] netlink: 29 bytes leftover after parsing attributes in process `syz.1.840'. [ 241.629256][ T9659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.842'. [ 241.845922][ T9672] netlink: 28 bytes leftover after parsing attributes in process `syz.3.843'. [ 241.900401][ T9672] vcan0: entered promiscuous mode [ 241.909163][ T9673] netlink: 24 bytes leftover after parsing attributes in process `syz.3.843'. [ 242.277712][ T9662] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 242.294544][ T9662] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 242.313522][ T9662] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 242.332440][ T9662] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 243.003753][ T9719] netlink: 'syz.1.850': attribute type 11 has an invalid length. [ 243.015566][ T9719] netlink: 'syz.1.850': attribute type 11 has an invalid length. [ 243.023830][ T9719] netlink: 'syz.1.850': attribute type 11 has an invalid length. [ 243.756799][ T7180] Bluetooth: hci0: command 0x0c1a tx timeout [ 244.316376][ T7180] Bluetooth: hci2: command 0x0c1a tx timeout [ 244.322557][ T7302] Bluetooth: hci1: command 0x0c1a tx timeout [ 244.398446][ T7180] Bluetooth: hci3: command 0x0c1a tx timeout [ 244.810957][ T9778] hub 1-0:1.0: USB hub found [ 244.832851][ T9780] netlink: 'syz.3.862': attribute type 11 has an invalid length. [ 244.836805][ T9778] hub 1-0:1.0: 1 port detected [ 244.866459][ T9780] netlink: 'syz.3.862': attribute type 11 has an invalid length. [ 244.874237][ T9780] netlink: 'syz.3.862': attribute type 11 has an invalid length. [ 244.878764][ T9781] FAULT_INJECTION: forcing a failure. [ 244.878764][ T9781] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 244.916365][ T9781] CPU: 1 UID: 0 PID: 9781 Comm: syz.2.861 Tainted: G L syzkaller #0 PREEMPT(full) [ 244.916412][ T9781] Tainted: [L]=SOFTLOCKUP [ 244.916421][ T9781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 244.916442][ T9781] Call Trace: [ 244.916452][ T9781] [ 244.916463][ T9781] dump_stack_lvl+0x100/0x190 [ 244.916513][ T9781] should_fail_ex.cold+0x5/0xa [ 244.916542][ T9781] ? prepare_alloc_pages+0x16d/0x5f0 [ 244.916579][ T9781] should_fail_alloc_page+0xeb/0x140 [ 244.916612][ T9781] prepare_alloc_pages+0x1f0/0x5f0 [ 244.916652][ T9781] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 244.916708][ T9781] ? __lock_acquire+0x4a5/0x2630 [ 244.916757][ T9781] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 244.916801][ T9781] ? do_raw_spin_lock+0x128/0x260 [ 244.916842][ T9781] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 244.916883][ T9781] ? find_held_lock+0x2b/0x80 [ 244.916930][ T9781] ? __lock_acquire+0x4a5/0x2630 [ 244.916968][ T9781] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 244.917001][ T9781] ? policy_nodemask+0xed/0x4f0 [ 244.917035][ T9781] alloc_pages_mpol+0x1fb/0x550 [ 244.917069][ T9781] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 244.917101][ T9781] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 244.917145][ T9781] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 244.917194][ T9781] folio_alloc_mpol_noprof+0x36/0x340 [ 244.917233][ T9781] shmem_alloc_folio+0x135/0x160 [ 244.917271][ T9781] shmem_alloc_and_add_folio+0x371/0xd40 [ 244.917323][ T9781] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 244.917368][ T9781] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 244.917415][ T9781] shmem_get_folio_gfp+0x6ab/0x1900 [ 244.917460][ T9781] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 244.917498][ T9781] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 244.917528][ T9781] ? lockdep_hardirqs_on+0x78/0x100 [ 244.917572][ T9781] shmem_fault+0x1f9/0xa20 [ 244.917614][ T9781] ? __lock_acquire+0x4a5/0x2630 [ 244.917646][ T9781] ? __pfx_shmem_fault+0x10/0x10 [ 244.917685][ T9781] ? __up_read+0x2c5/0x700 [ 244.917735][ T9781] ? __pfx_filemap_map_pages+0x10/0x10 [ 244.917775][ T9781] __do_fault+0x10d/0x550 [ 244.917807][ T9781] ? __pfx_filemap_map_pages+0x10/0x10 [ 244.917844][ T9781] do_fault+0x2db/0x1990 [ 244.917878][ T9781] __handle_mm_fault+0x180f/0x2b60 [ 244.917926][ T9781] ? mt_find+0x45e/0x8e0 [ 244.917956][ T9781] ? __pfx___handle_mm_fault+0x10/0x10 [ 244.917993][ T9781] ? __pfx_mt_find+0x10/0x10 [ 244.918040][ T9781] ? find_vma+0xbf/0x140 [ 244.918068][ T9781] ? __pfx_find_vma+0x10/0x10 [ 244.918100][ T9781] handle_mm_fault+0x36d/0xa20 [ 244.918146][ T9781] do_user_addr_fault+0x74c/0x12f0 [ 244.918186][ T9781] exc_page_fault+0x6f/0xd0 [ 244.918227][ T9781] asm_exc_page_fault+0x26/0x30 [ 244.918255][ T9781] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 244.918288][ T9781] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 244.918316][ T9781] RSP: 0018:ffffc9000367f6e0 EFLAGS: 00050206 [ 244.918346][ T9781] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000000ffd [ 244.918365][ T9781] RDX: 0000000000000001 RSI: ffff8880376b7003 RDI: 0000000000016000 [ 244.918384][ T9781] RBP: ffffc9000367fd10 R08: 0000000000000000 R09: ffffed1006ed6fff [ 244.918402][ T9781] R10: ffff8880376b7fff R11: 0000000000000000 R12: ffff8880376b7000 [ 244.918420][ T9781] R13: 0000000000015ffd R14: 0000000000015ffd R15: 0000000000001000 [ 244.918456][ T9781] _copy_to_iter+0x4c5/0x1720 [ 244.918498][ T9781] ? __pfx__copy_to_iter+0x10/0x10 [ 244.918535][ T9781] ? folio_mark_accessed+0xf3/0x1040 [ 244.918564][ T9781] ? __pfx_folio_mark_accessed+0x10/0x10 [ 244.918597][ T9781] copy_page_to_iter+0x12a/0x1e0 [ 244.918634][ T9781] filemap_read+0x7a9/0x10a0 [ 244.918691][ T9781] ? __pfx_filemap_read+0x10/0x10 [ 244.918728][ T9781] ? trace_sched_exit_tp+0x13a/0x180 [ 244.918792][ T9781] ? __pfx_down_read+0x10/0x10 [ 244.918822][ T9781] ? futex_unqueue+0x133/0x2c0 [ 244.918855][ T9781] ? __pfx_aa_file_perm+0x10/0x10 [ 244.918897][ T9781] blkdev_read_iter+0x2c4/0x4f0 [ 244.918960][ T9781] do_iter_readv_writev+0x60d/0x920 [ 244.919008][ T9781] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 244.919058][ T9781] ? bpf_lsm_file_permission+0x9/0x10 [ 244.919083][ T9781] ? security_file_permission+0x76/0x210 [ 244.919119][ T9781] ? rw_verify_area+0xce/0x6d0 [ 244.919162][ T9781] vfs_readv+0x4d3/0x8d0 [ 244.919214][ T9781] ? __pfx_vfs_readv+0x10/0x10 [ 244.919253][ T9781] ? __pfx_futex_wait+0x10/0x10 [ 244.919323][ T9781] ? __fget_files+0x21f/0x3d0 [ 244.919361][ T9781] ? do_preadv+0x1ac/0x270 [ 244.919401][ T9781] do_preadv+0x1ac/0x270 [ 244.919444][ T9781] ? __pfx_do_preadv+0x10/0x10 [ 244.919485][ T9781] ? xfd_validate_state+0x129/0x190 [ 244.919534][ T9781] __x64_sys_preadv2+0xef/0x160 [ 244.919570][ T9781] do_syscall_64+0x106/0xf80 [ 244.919611][ T9781] ? clear_bhb_loop+0x40/0x90 [ 244.919646][ T9781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 244.919676][ T9781] RIP: 0033:0x7f9c75f9c799 [ 244.919700][ T9781] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 244.919727][ T9781] RSP: 002b:00007f9c76f1f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000147 [ 244.919754][ T9781] RAX: ffffffffffffffda RBX: 00007f9c76216090 RCX: 00007f9c75f9c799 [ 244.919773][ T9781] RDX: 0000000000000006 RSI: 0000200000000280 RDI: 0000000000000008 [ 244.919791][ T9781] RBP: 00007f9c76032c99 R08: 0000000000000004 R09: 000000000000002e [ 244.919808][ T9781] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 244.919826][ T9781] R13: 00007f9c76216128 R14: 00007f9c76216090 R15: 00007ffcadfd9d28 [ 244.919867][ T9781] [ 246.561160][ T9803] netlink: 'syz.3.867': attribute type 11 has an invalid length. [ 246.586385][ T9803] netlink: 'syz.3.867': attribute type 11 has an invalid length. [ 246.597564][ T9803] netlink: 'syz.3.867': attribute type 11 has an invalid length. [ 247.535278][ T9828] netlink: 'syz.2.872': attribute type 11 has an invalid length. [ 247.545508][ T9828] netlink: 'syz.2.872': attribute type 11 has an invalid length. [ 247.556723][ T9828] netlink: 'syz.2.872': attribute type 11 has an invalid length. [ 248.328357][ T9856] debugfs: '!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' already exists in 'ieee80211' [ 249.008330][ T9871] netlink: 'syz.0.882': attribute type 11 has an invalid length. [ 249.066265][ T9873] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 249.094633][ T9873] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 249.696345][ T9893] zswap: compressor not available [ 250.129252][ T9916] nla_validate_range_unsigned: 2 callbacks suppressed [ 250.129277][ T9916] netlink: 'syz.0.895': attribute type 11 has an invalid length. [ 250.166389][ T9916] netlink: 'syz.0.895': attribute type 11 has an invalid length. [ 250.174558][ T9913] netlink: 186 bytes leftover after parsing attributes in process `syz.2.891'. [ 250.187500][ T9913] netlink: 186 bytes leftover after parsing attributes in process `syz.2.891'. [ 250.267335][ T9909] zswap: compressor not available [ 251.412708][ T9935] FAULT_INJECTION: forcing a failure. [ 251.412708][ T9935] name failslab, interval 1, probability 0, space 0, times 0 [ 251.465267][ T9935] CPU: 0 UID: 0 PID: 9935 Comm: syz.0.896 Tainted: G L syzkaller #0 PREEMPT(full) [ 251.465314][ T9935] Tainted: [L]=SOFTLOCKUP [ 251.465325][ T9935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 251.465341][ T9935] Call Trace: [ 251.465350][ T9935] [ 251.465361][ T9935] dump_stack_lvl+0x100/0x190 [ 251.465412][ T9935] should_fail_ex.cold+0x5/0xa [ 251.465448][ T9935] should_failslab+0xc2/0x120 [ 251.465489][ T9935] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 251.465533][ T9935] ? security_inode_alloc+0x3b/0x2c0 [ 251.465564][ T9935] ? lockdep_init_map_type+0x5c/0x250 [ 251.465608][ T9935] security_inode_alloc+0x3b/0x2c0 [ 251.465640][ T9935] inode_init_always_gfp+0xced/0x1040 [ 251.465677][ T9935] alloc_inode+0x8e/0x250 [ 251.465715][ T9935] new_inode+0x22/0x1c0 [ 251.465755][ T9935] hugetlbfs_get_inode+0x313/0x750 [ 251.465793][ T9935] hugetlb_file_setup+0x3cc/0x5b0 [ 251.465830][ T9935] newseg+0xabb/0xed0 [ 251.465872][ T9935] ? __pfx_newseg+0x10/0x10 [ 251.465908][ T9935] ? down_write+0x146/0x1f0 [ 251.465937][ T9935] ? ksys_write+0x190/0x250 [ 251.465963][ T9935] ? ksys_write+0x190/0x250 [ 251.465995][ T9935] ipcget+0xee/0xf50 [ 251.466030][ T9935] ? do_futex+0x192/0x350 [ 251.466067][ T9935] ? __pfx_do_futex+0x10/0x10 [ 251.466108][ T9935] ? __pfx_ipcget+0x10/0x10 [ 251.466145][ T9935] ? __x64_sys_futex+0x34f/0x4d0 [ 251.466177][ T9935] ? __x64_sys_futex+0x358/0x4d0 [ 251.466218][ T9935] __x64_sys_shmget+0x13b/0x1b0 [ 251.466256][ T9935] ? __pfx___x64_sys_shmget+0x10/0x10 [ 251.466304][ T9935] do_syscall_64+0x106/0xf80 [ 251.466344][ T9935] ? clear_bhb_loop+0x40/0x90 [ 251.466379][ T9935] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.466408][ T9935] RIP: 0033:0x7f98b0b9c799 [ 251.466433][ T9935] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 251.466460][ T9935] RSP: 002b:00007f98b19c9028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 251.466495][ T9935] RAX: ffffffffffffffda RBX: 00007f98b0e16180 RCX: 00007f98b0b9c799 [ 251.466513][ T9935] RDX: 0000000079e56dc9 RSI: 0000000000000003 RDI: 0000000100000000 [ 251.466528][ T9935] RBP: 00007f98b0c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 251.466544][ T9935] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 251.466558][ T9935] R13: 00007f98b0e16218 R14: 00007f98b0e16180 R15: 00007ffdf5865428 [ 251.466592][ T9935] [ 252.285802][ T7180] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 252.285827][ T7180] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 252.312146][ T7180] Bluetooth: hci3: Dropping invalid advertising data [ 252.320035][ T7180] Bluetooth: hci3: unknown advertising packet type: 0xe9 [ 252.320073][ T7180] Bluetooth: hci3: Dropping invalid advertising data [ 252.333855][ T7180] Bluetooth: hci3: Malformed LE Event: 0x02 [ 252.676882][ T9974] netlink: 'syz.2.905': attribute type 11 has an invalid length. [ 252.684625][ T9974] netlink: 'syz.2.905': attribute type 11 has an invalid length. [ 252.849666][ T9978] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 255.254869][T10031] netlink: 'syz.2.918': attribute type 11 has an invalid length. [ 255.277061][T10031] netlink: 'syz.2.918': attribute type 11 has an invalid length. [ 255.357713][T10029] netlink: 28 bytes leftover after parsing attributes in process `syz.1.917'. [ 255.396854][T10029] ipvlan1: entered promiscuous mode [ 255.412627][T10029] ipvlan1: entered allmulticast mode [ 255.427508][T10029] veth0_vlan: entered allmulticast mode [ 255.566410][T10040] random: crng reseeded on system resumption [ 255.663228][T10042] hub 1-0:1.0: USB hub found [ 255.681228][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.688083][T10042] hub 1-0:1.0: 1 port detected [ 255.688429][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.760629][T10039] [U] ^A [ 257.110916][T10067] netlink: 'syz.3.928': attribute type 11 has an invalid length. [ 257.336291][T10071] netlink: 'syz.3.929': attribute type 11 has an invalid length. [ 257.404739][T10071] netlink: 'syz.3.929': attribute type 11 has an invalid length. [ 257.466242][T10071] netlink: 'syz.3.929': attribute type 11 has an invalid length. [ 257.525958][T10071] netlink: 'syz.3.929': attribute type 11 has an invalid length. [ 257.564721][T10071] netlink: 'syz.3.929': attribute type 11 has an invalid length. [ 257.619676][T10071] netlink: 'syz.3.929': attribute type 11 has an invalid length. [ 258.233397][T10084] FAULT_INJECTION: forcing a failure. [ 258.233397][T10084] name failslab, interval 1, probability 0, space 0, times 0 [ 258.256272][T10084] CPU: 1 UID: 0 PID: 10084 Comm: syz.3.932 Tainted: G L syzkaller #0 PREEMPT(full) [ 258.256318][T10084] Tainted: [L]=SOFTLOCKUP [ 258.256328][T10084] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 258.256345][T10084] Call Trace: [ 258.256355][T10084] [ 258.256365][T10084] dump_stack_lvl+0x100/0x190 [ 258.256411][T10084] should_fail_ex.cold+0x5/0xa [ 258.256443][T10084] ? tomoyo_realpath_from_path+0xb6/0x690 [ 258.256481][T10084] should_failslab+0xc2/0x120 [ 258.256513][T10084] __kmalloc_noprof+0xe0/0x850 [ 258.256559][T10084] tomoyo_realpath_from_path+0xb6/0x690 [ 258.256604][T10084] tomoyo_check_open_permission+0x2af/0x3c0 [ 258.256637][T10084] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 258.256718][T10084] ? do_raw_spin_lock+0x128/0x260 [ 258.256762][T10084] ? path_get+0x61/0x80 [ 258.256796][T10084] tomoyo_file_open+0x6b/0x90 [ 258.256839][T10084] security_file_open+0xb5/0x1e0 [ 258.256873][T10084] do_dentry_open+0x5aa/0x1660 [ 258.256903][T10084] ? security_inode_permission+0xbf/0x250 [ 258.256941][T10084] vfs_open+0x82/0x3f0 [ 258.256978][T10084] path_openat+0x208c/0x31a0 [ 258.257020][T10084] ? __pfx_path_openat+0x10/0x10 [ 258.257064][T10084] do_file_open+0x20e/0x430 [ 258.257097][T10084] ? __pfx_do_file_open+0x10/0x10 [ 258.257155][T10084] ? alloc_fd+0x476/0x790 [ 258.257187][T10084] ? do_getname+0x191/0x390 [ 258.257225][T10084] do_sys_openat2+0x10d/0x1e0 [ 258.257260][T10084] ? __pfx_do_sys_openat2+0x10/0x10 [ 258.257311][T10084] __x64_sys_openat+0x12d/0x210 [ 258.257349][T10084] ? __pfx___x64_sys_openat+0x10/0x10 [ 258.257401][T10084] do_syscall_64+0x106/0xf80 [ 258.257441][T10084] ? clear_bhb_loop+0x40/0x90 [ 258.257476][T10084] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.257506][T10084] RIP: 0033:0x7f2c0c39c799 [ 258.257530][T10084] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 258.257559][T10084] RSP: 002b:00007f2c0d1e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 258.257586][T10084] RAX: ffffffffffffffda RBX: 00007f2c0c615fa0 RCX: 00007f2c0c39c799 [ 258.257605][T10084] RDX: 0000000000008000 RSI: 0000200000000100 RDI: ffffffffffffff9c [ 258.257623][T10084] RBP: 00007f2c0c432c99 R08: 0000000000000000 R09: 0000000000000000 [ 258.257640][T10084] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 258.257656][T10084] R13: 00007f2c0c616038 R14: 00007f2c0c615fa0 R15: 00007fffc38585f8 [ 258.257704][T10084] [ 258.257714][T10084] ERROR: Out of memory at tomoyo_realpath_from_path. [ 258.602339][T10084] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 258.732131][T10091] forcing mempool usage for bio_alloc_bioset+0x392/0x850 [ 259.365046][T10105] netlink: 'syz.0.938': attribute type 11 has an invalid length. [ 259.484795][T10100] bridge0: port 3(gretap0) entered blocking state [ 259.494463][T10100] bridge0: port 3(gretap0) entered disabled state [ 259.501085][T10100] gretap0: entered allmulticast mode [ 259.514331][T10100] gretap0: entered promiscuous mode [ 259.536638][T10100] FAULT_INJECTION: forcing a failure. [ 259.536638][T10100] name failslab, interval 1, probability 0, space 0, times 0 [ 259.549630][T10100] CPU: 1 UID: 0 PID: 10100 Comm: syz.1.936 Tainted: G L syzkaller #0 PREEMPT(full) [ 259.549675][T10100] Tainted: [L]=SOFTLOCKUP [ 259.549685][T10100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 259.549701][T10100] Call Trace: [ 259.549709][T10100] [ 259.549718][T10100] dump_stack_lvl+0x100/0x190 [ 259.549761][T10100] should_fail_ex.cold+0x5/0xa [ 259.549792][T10100] should_failslab+0xc2/0x120 [ 259.549820][T10100] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 259.549859][T10100] ? __alloc_skb+0x140/0x710 [ 259.549900][T10100] __alloc_skb+0x140/0x710 [ 259.549934][T10100] ? __alloc_skb+0x5b7/0x710 [ 259.549971][T10100] ? __pfx___alloc_skb+0x10/0x10 [ 259.550012][T10100] ? __pfx_fdb_create+0x10/0x10 [ 259.550049][T10100] fdb_notify+0xa2/0x190 [ 259.550080][T10100] fdb_add_local+0x184/0x1c0 [ 259.550112][T10100] br_fdb_add_local+0x39/0x60 [ 259.550148][T10100] __vlan_add+0x1820/0x2dd0 [ 259.550199][T10100] ? __pfx___vlan_add+0x10/0x10 [ 259.550245][T10100] nbp_vlan_add+0x258/0x3e0 [ 259.550285][T10100] nbp_vlan_init+0x373/0x500 [ 259.550322][T10100] ? __pfx_nbp_vlan_init+0x10/0x10 [ 259.550364][T10100] ? __local_bh_enable_ip+0x9e/0x120 [ 259.550396][T10100] ? lockdep_hardirqs_on+0x78/0x100 [ 259.550435][T10100] ? br_fdb_add_local+0x43/0x60 [ 259.550465][T10100] ? __local_bh_enable_ip+0x9e/0x120 [ 259.550501][T10100] br_add_if+0xf79/0x1b40 [ 259.550539][T10100] ? veth_get_iflink+0x1f3/0x2c0 [ 259.550587][T10100] add_del_if+0x114/0x160 [ 259.550638][T10100] br_dev_siocdevprivate+0x8ac/0x1650 [ 259.550682][T10100] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 259.550739][T10100] ? lock_acquire+0x1cf/0x380 [ 259.550790][T10100] ? netdev_name_node_lookup+0x107/0x150 [ 259.550824][T10100] ? __mutex_lock+0x26a/0x1b90 [ 259.550869][T10100] dev_ifsioc+0xc1e/0x1e90 [ 259.550910][T10100] ? __pfx_dev_ifsioc+0x10/0x10 [ 259.550944][T10100] ? __pfx___mutex_lock+0x10/0x10 [ 259.550999][T10100] ? dev_load+0x8e/0x240 [ 259.551032][T10100] ? dev_load+0x8e/0x240 [ 259.551075][T10100] dev_ioctl+0x70e/0x1070 [ 259.551115][T10100] sock_ioctl+0x494/0x6b0 [ 259.551149][T10100] ? __pfx_sock_ioctl+0x10/0x10 [ 259.551179][T10100] ? hook_file_ioctl_common+0x146/0x410 [ 259.551221][T10100] ? __fget_files+0x21f/0x3d0 [ 259.551255][T10100] ? __pfx_sock_ioctl+0x10/0x10 [ 259.551289][T10100] __x64_sys_ioctl+0x18e/0x210 [ 259.551332][T10100] do_syscall_64+0x106/0xf80 [ 259.551371][T10100] ? clear_bhb_loop+0x40/0x90 [ 259.551406][T10100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.551436][T10100] RIP: 0033:0x7ff6c3f9c799 [ 259.551460][T10100] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 259.551489][T10100] RSP: 002b:00007ff6c4e2a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 259.551515][T10100] RAX: ffffffffffffffda RBX: 00007ff6c4215fa0 RCX: 00007ff6c3f9c799 [ 259.551535][T10100] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 000000000000000b [ 259.551554][T10100] RBP: 00007ff6c4032c99 R08: 0000000000000000 R09: 0000000000000000 [ 259.551571][T10100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 259.551588][T10100] R13: 00007ff6c4216038 R14: 00007ff6c4215fa0 R15: 00007ffc3e911218 [ 259.551635][T10100] [ 259.875729][T10100] bridge0: port 3(gretap0) entered blocking state [ 259.882266][T10100] bridge0: port 3(gretap0) entered forwarding state [ 260.479338][ T7180] Bluetooth: hci0: SCO packet for unknown connection handle 0 [ 260.542794][T10123] FAULT_INJECTION: forcing a failure. [ 260.542794][T10123] name failslab, interval 1, probability 0, space 0, times 0 [ 260.632772][T10123] CPU: 1 UID: 0 PID: 10123 Comm: syz.2.943 Tainted: G L syzkaller #0 PREEMPT(full) [ 260.632819][T10123] Tainted: [L]=SOFTLOCKUP [ 260.632829][T10123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 260.632846][T10123] Call Trace: [ 260.632856][T10123] [ 260.632866][T10123] dump_stack_lvl+0x100/0x190 [ 260.632917][T10123] should_fail_ex.cold+0x5/0xa [ 260.632952][T10123] ? drm_atomic_state_init+0x190/0x490 [ 260.633000][T10123] should_failslab+0xc2/0x120 [ 260.633033][T10123] __kmalloc_noprof+0xe0/0x850 [ 260.633084][T10123] drm_atomic_state_init+0x190/0x490 [ 260.633120][T10123] ? kasan_save_track+0x14/0x30 [ 260.633150][T10123] drm_atomic_state_alloc+0xd3/0x120 [ 260.633188][T10123] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 260.633232][T10123] ? trace_contention_end+0x140/0x180 [ 260.633273][T10123] ? __mutex_lock+0x26a/0x1b90 [ 260.633319][T10123] ? __mutex_lock+0x26a/0x1b90 [ 260.633362][T10123] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 260.633405][T10123] ? drm_master_internal_acquire+0x21/0x80 [ 260.633480][T10123] drm_client_modeset_commit_locked+0x14d/0x580 [ 260.633528][T10123] drm_client_modeset_commit+0x4f/0x80 [ 260.633570][T10123] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 260.633617][T10123] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 260.633662][T10123] drm_fbdev_client_restore+0x1b/0x30 [ 260.633697][T10123] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 260.633730][T10123] drm_client_dev_restore+0x205/0x2a0 [ 260.633778][T10123] drm_release+0x2c6/0x360 [ 260.633816][T10123] ? __pfx_drm_release+0x10/0x10 [ 260.633854][T10123] __fput+0x3ff/0xb40 [ 260.633898][T10123] task_work_run+0x150/0x240 [ 260.633942][T10123] ? __pfx_task_work_run+0x10/0x10 [ 260.634002][T10123] exit_to_user_mode_loop+0x100/0x4a0 [ 260.634045][T10123] do_syscall_64+0x668/0xf80 [ 260.634087][T10123] ? clear_bhb_loop+0x40/0x90 [ 260.634123][T10123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 260.634152][T10123] RIP: 0033:0x7f9c75f9c799 [ 260.634177][T10123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 260.634205][T10123] RSP: 002b:00007f9c76f40028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 260.634232][T10123] RAX: 0000000000000000 RBX: 00007f9c76215fa0 RCX: 00007f9c75f9c799 [ 260.634249][T10123] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 260.634263][T10123] RBP: 00007f9c76032c99 R08: 0000000000000000 R09: 0000000000000000 [ 260.634281][T10123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 260.634296][T10123] R13: 00007f9c76216038 R14: 00007f9c76215fa0 R15: 00007ffcadfd9d28 [ 260.634330][T10123] [ 262.680750][T10147] netlink: 'syz.2.949': attribute type 11 has an invalid length. [ 262.725238][T10149] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 263.691173][T10179] i2c i2c-0: delete_device: Can't parse I2C address [ 267.600838][T10249] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 267.626842][T10248] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 267.717876][T10253] netlink: 'syz.0.974': attribute type 11 has an invalid length. [ 267.746319][T10253] netlink: 'syz.0.974': attribute type 11 has an invalid length. [ 267.762216][T10253] netlink: 'syz.0.974': attribute type 11 has an invalid length. [ 267.904450][T10261] netlink: 'syz.2.975': attribute type 11 has an invalid length. [ 267.936349][T10261] netlink: 'syz.2.975': attribute type 11 has an invalid length. [ 267.944123][T10261] netlink: 'syz.2.975': attribute type 11 has an invalid length. [ 268.037284][T10267] FAULT_INJECTION: forcing a failure. [ 268.037284][T10267] name failslab, interval 1, probability 0, space 0, times 0 [ 268.080543][T10267] CPU: 1 UID: 0 PID: 10267 Comm: syz.0.977 Tainted: G L syzkaller #0 PREEMPT(full) [ 268.080597][T10267] Tainted: [L]=SOFTLOCKUP [ 268.080608][T10267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 268.080625][T10267] Call Trace: [ 268.080635][T10267] [ 268.080646][T10267] dump_stack_lvl+0x100/0x190 [ 268.080716][T10267] should_fail_ex.cold+0x5/0xa [ 268.080752][T10267] should_failslab+0xc2/0x120 [ 268.080785][T10267] __kmalloc_cache_noprof+0x7a/0x6f0 [ 268.080823][T10267] ? loopback_open+0x145/0x1370 [ 268.080874][T10267] loopback_open+0x145/0x1370 [ 268.080926][T10267] snd_pcm_open_substream+0xa76/0x1850 [ 268.080969][T10267] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 268.081011][T10267] ? rcu_is_watching+0x12/0xc0 [ 268.081062][T10267] snd_pcm_open+0x2a3/0x710 [ 268.081107][T10267] ? __pfx_snd_pcm_open+0x10/0x10 [ 268.081152][T10267] ? __pfx_default_wake_function+0x10/0x10 [ 268.081194][T10267] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 268.081236][T10267] snd_pcm_playback_open+0x86/0xe0 [ 268.081276][T10267] snd_open+0x22d/0x4c0 [ 268.081309][T10267] ? __pfx_snd_open+0x10/0x10 [ 268.081340][T10267] chrdev_open+0x234/0x6a0 [ 268.081369][T10267] ? __pfx_apparmor_file_open+0x10/0x10 [ 268.081400][T10267] ? __pfx_chrdev_open+0x10/0x10 [ 268.081433][T10267] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 268.081479][T10267] do_dentry_open+0x6d8/0x1660 [ 268.081510][T10267] ? __pfx_chrdev_open+0x10/0x10 [ 268.081551][T10267] vfs_open+0x82/0x3f0 [ 268.081592][T10267] path_openat+0x208c/0x31a0 [ 268.081637][T10267] ? __pfx_path_openat+0x10/0x10 [ 268.081683][T10267] do_file_open+0x20e/0x430 [ 268.081717][T10267] ? __pfx_do_file_open+0x10/0x10 [ 268.081778][T10267] ? alloc_fd+0x476/0x790 [ 268.081811][T10267] ? do_getname+0x191/0x390 [ 268.081851][T10267] do_sys_openat2+0x10d/0x1e0 [ 268.081889][T10267] ? __pfx_do_sys_openat2+0x10/0x10 [ 268.081930][T10267] ? __fget_files+0x21f/0x3d0 [ 268.081967][T10267] __x64_sys_openat+0x12d/0x210 [ 268.082006][T10267] ? __pfx___x64_sys_openat+0x10/0x10 [ 268.082060][T10267] do_syscall_64+0x106/0xf80 [ 268.082100][T10267] ? clear_bhb_loop+0x40/0x90 [ 268.082136][T10267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.082167][T10267] RIP: 0033:0x7f98b0b9c799 [ 268.082191][T10267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 268.082219][T10267] RSP: 002b:00007f98b1a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 268.082247][T10267] RAX: ffffffffffffffda RBX: 00007f98b0e15fa0 RCX: 00007f98b0b9c799 [ 268.082268][T10267] RDX: 0000000000002100 RSI: 0000200000004ec0 RDI: ffffffffffffff9c [ 268.082287][T10267] RBP: 00007f98b0c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 268.082305][T10267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 268.082322][T10267] R13: 00007f98b0e16038 R14: 00007f98b0e15fa0 R15: 00007ffdf5865428 [ 268.082363][T10267] [ 268.643635][ T7180] Bluetooth: hci1: unexpected event 0x14 length: 16 > 6 [ 268.661020][T10284] FAULT_INJECTION: forcing a failure. [ 268.661020][T10284] name failslab, interval 1, probability 0, space 0, times 0 [ 268.729104][T10284] CPU: 1 UID: 0 PID: 10284 Comm: syz.3.978 Tainted: G L syzkaller #0 PREEMPT(full) [ 268.729149][T10284] Tainted: [L]=SOFTLOCKUP [ 268.729159][T10284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 268.729175][T10284] Call Trace: [ 268.729183][T10284] [ 268.729193][T10284] dump_stack_lvl+0x100/0x190 [ 268.729237][T10284] should_fail_ex.cold+0x5/0xa [ 268.729270][T10284] should_failslab+0xc2/0x120 [ 268.729303][T10284] __kmalloc_cache_noprof+0x7a/0x6f0 [ 268.729343][T10284] ? loopback_open+0x145/0x1370 [ 268.729395][T10284] loopback_open+0x145/0x1370 [ 268.729456][T10284] snd_pcm_open_substream+0xa76/0x1850 [ 268.729498][T10284] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 268.729540][T10284] ? rcu_is_watching+0x12/0xc0 [ 268.729590][T10284] snd_pcm_open+0x2a3/0x710 [ 268.729635][T10284] ? __pfx_snd_pcm_open+0x10/0x10 [ 268.729677][T10284] ? __pfx_default_wake_function+0x10/0x10 [ 268.729718][T10284] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 268.729757][T10284] snd_pcm_playback_open+0x86/0xe0 [ 268.729798][T10284] snd_open+0x22d/0x4c0 [ 268.729830][T10284] ? __pfx_snd_open+0x10/0x10 [ 268.729860][T10284] chrdev_open+0x234/0x6a0 [ 268.729890][T10284] ? __pfx_apparmor_file_open+0x10/0x10 [ 268.729918][T10284] ? __pfx_chrdev_open+0x10/0x10 [ 268.729951][T10284] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 268.729992][T10284] do_dentry_open+0x6d8/0x1660 [ 268.730020][T10284] ? __pfx_chrdev_open+0x10/0x10 [ 268.730061][T10284] vfs_open+0x82/0x3f0 [ 268.730100][T10284] path_openat+0x208c/0x31a0 [ 268.730144][T10284] ? __pfx_path_openat+0x10/0x10 [ 268.730190][T10284] do_file_open+0x20e/0x430 [ 268.730224][T10284] ? __pfx_do_file_open+0x10/0x10 [ 268.730282][T10284] ? alloc_fd+0x476/0x790 [ 268.730316][T10284] ? do_getname+0x191/0x390 [ 268.730356][T10284] do_sys_openat2+0x10d/0x1e0 [ 268.730394][T10284] ? __pfx_do_sys_openat2+0x10/0x10 [ 268.730445][T10284] ? __fget_files+0x21f/0x3d0 [ 268.730481][T10284] __x64_sys_openat+0x12d/0x210 [ 268.730521][T10284] ? __pfx___x64_sys_openat+0x10/0x10 [ 268.730573][T10284] do_syscall_64+0x106/0xf80 [ 268.730613][T10284] ? clear_bhb_loop+0x40/0x90 [ 268.730649][T10284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 268.730679][T10284] RIP: 0033:0x7f2c0c39c799 [ 268.730704][T10284] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 268.730731][T10284] RSP: 002b:00007f2c0d1e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 268.730760][T10284] RAX: ffffffffffffffda RBX: 00007f2c0c615fa0 RCX: 00007f2c0c39c799 [ 268.730779][T10284] RDX: 0000000000002100 RSI: 0000200000004ec0 RDI: ffffffffffffff9c [ 268.730798][T10284] RBP: 00007f2c0c432c99 R08: 0000000000000000 R09: 0000000000000000 [ 268.730815][T10284] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 268.730832][T10284] R13: 00007f2c0c616038 R14: 00007f2c0c615fa0 R15: 00007fffc38585f8 [ 268.730872][T10284] [ 270.045307][T10316] netlink: 'syz.2.985': attribute type 11 has an invalid length. [ 270.126526][T10316] netlink: 'syz.2.985': attribute type 11 has an invalid length. [ 270.157347][T10316] netlink: 'syz.2.985': attribute type 11 has an invalid length. [ 270.371077][T10322] block2mtd: error: cannot open device çinX‘©¼Ëò¨±ÂÚjFBçB>U»;߸³Ilk¬ [ 270.965650][T10341] program syz.1.993 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 271.396372][T10347] netlink: 'syz.1.995': attribute type 11 has an invalid length. [ 272.547016][T10383] FAULT_INJECTION: forcing a failure. [ 272.547016][T10383] name failslab, interval 1, probability 0, space 0, times 0 [ 272.560607][T10383] CPU: 1 UID: 0 PID: 10383 Comm: syz.1.1005 Tainted: G L syzkaller #0 PREEMPT(full) [ 272.560651][T10383] Tainted: [L]=SOFTLOCKUP [ 272.560661][T10383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 272.560672][T10383] Call Trace: [ 272.560678][T10383] [ 272.560684][T10383] dump_stack_lvl+0x100/0x190 [ 272.560714][T10383] should_fail_ex.cold+0x5/0xa [ 272.560733][T10383] should_failslab+0xc2/0x120 [ 272.560750][T10383] __kmalloc_cache_noprof+0x7a/0x6f0 [ 272.560770][T10383] ? loopback_open+0x145/0x1370 [ 272.560803][T10383] loopback_open+0x145/0x1370 [ 272.560853][T10383] snd_pcm_open_substream+0xa76/0x1850 [ 272.560879][T10383] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 272.560901][T10383] ? rcu_is_watching+0x12/0xc0 [ 272.560928][T10383] snd_pcm_open+0x2a3/0x710 [ 272.560951][T10383] ? __pfx_snd_pcm_open+0x10/0x10 [ 272.560974][T10383] ? __pfx_default_wake_function+0x10/0x10 [ 272.560997][T10383] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 272.561017][T10383] snd_pcm_playback_open+0x86/0xe0 [ 272.561038][T10383] snd_open+0x22d/0x4c0 [ 272.561055][T10383] ? __pfx_snd_open+0x10/0x10 [ 272.561070][T10383] chrdev_open+0x234/0x6a0 [ 272.561086][T10383] ? __pfx_apparmor_file_open+0x10/0x10 [ 272.561102][T10383] ? __pfx_chrdev_open+0x10/0x10 [ 272.561118][T10383] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 272.561139][T10383] do_dentry_open+0x6d8/0x1660 [ 272.561163][T10383] ? __pfx_chrdev_open+0x10/0x10 [ 272.561184][T10383] vfs_open+0x82/0x3f0 [ 272.561207][T10383] path_openat+0x208c/0x31a0 [ 272.561230][T10383] ? __pfx_path_openat+0x10/0x10 [ 272.561254][T10383] do_file_open+0x20e/0x430 [ 272.561271][T10383] ? __pfx_do_file_open+0x10/0x10 [ 272.561302][T10383] ? alloc_fd+0x476/0x790 [ 272.561319][T10383] ? do_getname+0x191/0x390 [ 272.561339][T10383] do_sys_openat2+0x10d/0x1e0 [ 272.561359][T10383] ? __pfx_do_sys_openat2+0x10/0x10 [ 272.561380][T10383] ? __fget_files+0x21f/0x3d0 [ 272.561398][T10383] __x64_sys_openat+0x12d/0x210 [ 272.561418][T10383] ? __pfx___x64_sys_openat+0x10/0x10 [ 272.561445][T10383] do_syscall_64+0x106/0xf80 [ 272.561466][T10383] ? clear_bhb_loop+0x40/0x90 [ 272.561485][T10383] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 272.561502][T10383] RIP: 0033:0x7ff6c3f9c799 [ 272.561516][T10383] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 272.561531][T10383] RSP: 002b:00007ff6c4e2a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 272.561546][T10383] RAX: ffffffffffffffda RBX: 00007ff6c4215fa0 RCX: 00007ff6c3f9c799 [ 272.561556][T10383] RDX: 0000000000002100 RSI: 0000200000004ec0 RDI: ffffffffffffff9c [ 272.561565][T10383] RBP: 00007ff6c4032c99 R08: 0000000000000000 R09: 0000000000000000 [ 272.561574][T10383] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 272.561583][T10383] R13: 00007ff6c4216038 R14: 00007ff6c4215fa0 R15: 00007ffc3e911218 [ 272.561604][T10383] [ 273.845958][T10418] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1015'. [ 273.846558][T10421] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 273.948007][T10418] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 273.992881][T10418] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 274.049498][T10418] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 274.058148][T10418] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 274.379581][T10431] WARNING! power/level is deprecated; use power/control instead [ 275.214242][T10451] FAULT_INJECTION: forcing a failure. [ 275.214242][T10451] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 275.326312][T10451] CPU: 0 UID: 0 PID: 10451 Comm: syz.3.1025 Tainted: G L syzkaller #0 PREEMPT(full) [ 275.326358][T10451] Tainted: [L]=SOFTLOCKUP [ 275.326369][T10451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 275.326386][T10451] Call Trace: [ 275.326396][T10451] [ 275.326408][T10451] dump_stack_lvl+0x100/0x190 [ 275.326457][T10451] should_fail_ex.cold+0x5/0xa [ 275.326486][T10451] ? prepare_alloc_pages+0x16d/0x5f0 [ 275.326524][T10451] should_fail_alloc_page+0xeb/0x140 [ 275.326561][T10451] prepare_alloc_pages+0x1f0/0x5f0 [ 275.326600][T10451] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 275.326649][T10451] ? rcu_is_watching+0x12/0xc0 [ 275.326692][T10451] ? trace_mm_page_alloc+0x17a/0x1d0 [ 275.326727][T10451] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 275.326777][T10451] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 275.326827][T10451] ? find_held_lock+0x2b/0x80 [ 275.326855][T10451] ? is_bpf_text_address+0x8a/0x1a0 [ 275.326896][T10451] ? is_bpf_text_address+0x8a/0x1a0 [ 275.326942][T10451] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 275.326974][T10451] ? is_bpf_text_address+0x94/0x1a0 [ 275.327017][T10451] ? kernel_text_address+0x8d/0x100 [ 275.327058][T10451] ? __kernel_text_address+0xd/0x30 [ 275.327108][T10451] ? unwind_get_return_address+0x59/0xa0 [ 275.327151][T10451] alloc_pages_bulk_noprof+0x782/0x1490 [ 275.327210][T10451] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 275.327258][T10451] ? kasan_save_stack+0x30/0x50 [ 275.327310][T10451] ? alloc_pages_noprof+0x233/0x390 [ 275.327346][T10451] __kasan_populate_vmalloc+0xf0/0x210 [ 275.327397][T10451] alloc_vmap_area+0x95d/0x2bd0 [ 275.327447][T10451] ? __pfx_alloc_vmap_area+0x10/0x10 [ 275.327489][T10451] __get_vm_area_node+0x1ca/0x330 [ 275.327530][T10451] __vmalloc_node_range_noprof+0x213/0x1530 [ 275.327567][T10451] ? vhost_task_create+0x1db/0x370 [ 275.327603][T10451] ? find_held_lock+0x2b/0x80 [ 275.327630][T10451] ? local_lock_release+0x99/0x130 [ 275.327663][T10451] ? local_lock_release+0x99/0x130 [ 275.327703][T10451] ? vhost_task_create+0x1db/0x370 [ 275.327747][T10451] ? find_held_lock+0x2b/0x80 [ 275.327774][T10451] ? rcu_read_unlock+0x17/0x60 [ 275.327805][T10451] ? rcu_read_unlock+0x17/0x60 [ 275.327837][T10451] ? obj_cgroup_charge_account+0x46d/0x640 [ 275.327871][T10451] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 275.327911][T10451] ? __memcg_slab_post_alloc_hook+0x51b/0x990 [ 275.327949][T10451] ? rcu_is_watching+0x12/0xc0 [ 275.327991][T10451] ? trace_kmem_cache_alloc+0xf3/0x120 [ 275.328026][T10451] ? vhost_task_create+0x1db/0x370 [ 275.328066][T10451] __vmalloc_node_noprof+0xad/0xf0 [ 275.328109][T10451] ? vhost_task_create+0x1db/0x370 [ 275.328155][T10451] copy_process+0x5ec/0x7a40 [ 275.328209][T10451] ? __pfx_copy_process+0x10/0x10 [ 275.328249][T10451] ? lockdep_init_map_type+0x5c/0x250 [ 275.328290][T10451] ? lockdep_init_map_type+0x5c/0x250 [ 275.328328][T10451] ? __pfx_vhost_run_work_list+0x10/0x10 [ 275.328370][T10451] ? __pfx_vhost_worker_killed+0x10/0x10 [ 275.328408][T10451] vhost_task_create+0x1db/0x370 [ 275.328450][T10451] ? __pfx_vhost_task_create+0x10/0x10 [ 275.328503][T10451] ? __pfx_vhost_task_fn+0x10/0x10 [ 275.328553][T10451] ? snprintf+0xc7/0x100 [ 275.328595][T10451] vhost_task_worker_create+0x8d/0x260 [ 275.328640][T10451] ? __pfx_vhost_task_worker_create+0x10/0x10 [ 275.328682][T10451] ? lockdep_init_map_type+0x5c/0x250 [ 275.328722][T10451] ? lockdep_init_map_type+0x5c/0x250 [ 275.328766][T10451] vhost_worker_create+0x243/0x310 [ 275.328806][T10451] ? __pfx_vhost_worker_create+0x10/0x10 [ 275.328856][T10451] vhost_dev_set_owner+0x719/0xa30 [ 275.328910][T10451] vhost_net_ioctl+0xfa3/0x1910 [ 275.328951][T10451] ? do_vfs_ioctl+0x226/0x13e0 [ 275.328991][T10451] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 275.329031][T10451] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 275.329081][T10451] ? find_held_lock+0x2b/0x80 [ 275.329116][T10451] ? __fget_files+0x215/0x3d0 [ 275.329143][T10451] ? hook_file_ioctl_common+0x146/0x410 [ 275.329187][T10451] ? __fget_files+0x21f/0x3d0 [ 275.329221][T10451] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 275.329265][T10451] __x64_sys_ioctl+0x18e/0x210 [ 275.329309][T10451] do_syscall_64+0x106/0xf80 [ 275.329349][T10451] ? clear_bhb_loop+0x40/0x90 [ 275.329384][T10451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.329413][T10451] RIP: 0033:0x7f2c0c39c799 [ 275.329438][T10451] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 275.329465][T10451] RSP: 002b:00007f2c0d1a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 275.329492][T10451] RAX: ffffffffffffffda RBX: 00007f2c0c616180 RCX: 00007f2c0c39c799 [ 275.329511][T10451] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000009 [ 275.329528][T10451] RBP: 00007f2c0c432c99 R08: 0000000000000000 R09: 0000000000000000 [ 275.329545][T10451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 275.329562][T10451] R13: 00007f2c0c616218 R14: 00007f2c0c616180 R15: 00007fffc38585f8 [ 275.329600][T10451] [ 275.836704][T10451] syz.3.1025: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 276.014834][T10451] CPU: 1 UID: 0 PID: 10451 Comm: syz.3.1025 Tainted: G L syzkaller #0 PREEMPT(full) [ 276.014884][T10451] Tainted: [L]=SOFTLOCKUP [ 276.014894][T10451] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 276.014911][T10451] Call Trace: [ 276.014920][T10451] [ 276.014930][T10451] dump_stack_lvl+0x100/0x190 [ 276.014981][T10451] warn_alloc.cold+0x95/0x1c1 [ 276.015037][T10451] ? __pfx_warn_alloc+0x10/0x10 [ 276.015074][T10451] ? lockdep_hardirqs_on+0x78/0x100 [ 276.015121][T10451] ? __get_vm_area_node+0x2c5/0x330 [ 276.015158][T10451] ? __get_vm_area_node+0x208/0x330 [ 276.015196][T10451] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 276.015231][T10451] ? find_held_lock+0x2b/0x80 [ 276.015258][T10451] ? local_lock_release+0x99/0x130 [ 276.015292][T10451] ? local_lock_release+0x99/0x130 [ 276.015329][T10451] ? vhost_task_create+0x1db/0x370 [ 276.015371][T10451] ? find_held_lock+0x2b/0x80 [ 276.015396][T10451] ? rcu_read_unlock+0x17/0x60 [ 276.015428][T10451] ? rcu_read_unlock+0x17/0x60 [ 276.015460][T10451] ? obj_cgroup_charge_account+0x46d/0x640 [ 276.015494][T10451] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 276.015531][T10451] ? __memcg_slab_post_alloc_hook+0x51b/0x990 [ 276.015569][T10451] ? rcu_is_watching+0x12/0xc0 [ 276.015608][T10451] ? trace_kmem_cache_alloc+0xf3/0x120 [ 276.015642][T10451] ? vhost_task_create+0x1db/0x370 [ 276.015678][T10451] __vmalloc_node_noprof+0xad/0xf0 [ 276.015711][T10451] ? vhost_task_create+0x1db/0x370 [ 276.015756][T10451] copy_process+0x5ec/0x7a40 [ 276.015807][T10451] ? __pfx_copy_process+0x10/0x10 [ 276.015845][T10451] ? lockdep_init_map_type+0x5c/0x250 [ 276.015885][T10451] ? lockdep_init_map_type+0x5c/0x250 [ 276.015921][T10451] ? __pfx_vhost_run_work_list+0x10/0x10 [ 276.015957][T10451] ? __pfx_vhost_worker_killed+0x10/0x10 [ 276.016000][T10451] vhost_task_create+0x1db/0x370 [ 276.016039][T10451] ? __pfx_vhost_task_create+0x10/0x10 [ 276.016088][T10451] ? __pfx_vhost_task_fn+0x10/0x10 [ 276.016133][T10451] ? snprintf+0xc7/0x100 [ 276.016174][T10451] vhost_task_worker_create+0x8d/0x260 [ 276.016215][T10451] ? __pfx_vhost_task_worker_create+0x10/0x10 [ 276.016253][T10451] ? lockdep_init_map_type+0x5c/0x250 [ 276.016292][T10451] ? lockdep_init_map_type+0x5c/0x250 [ 276.016334][T10451] vhost_worker_create+0x243/0x310 [ 276.016373][T10451] ? __pfx_vhost_worker_create+0x10/0x10 [ 276.016423][T10451] vhost_dev_set_owner+0x719/0xa30 [ 276.016477][T10451] vhost_net_ioctl+0xfa3/0x1910 [ 276.016517][T10451] ? do_vfs_ioctl+0x226/0x13e0 [ 276.016556][T10451] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 276.016595][T10451] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 276.016645][T10451] ? find_held_lock+0x2b/0x80 [ 276.016671][T10451] ? __fget_files+0x215/0x3d0 [ 276.016697][T10451] ? hook_file_ioctl_common+0x146/0x410 [ 276.016740][T10451] ? __fget_files+0x21f/0x3d0 [ 276.016773][T10451] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 276.016820][T10451] __x64_sys_ioctl+0x18e/0x210 [ 276.016863][T10451] do_syscall_64+0x106/0xf80 [ 276.016902][T10451] ? clear_bhb_loop+0x40/0x90 [ 276.016937][T10451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 276.016966][T10451] RIP: 0033:0x7f2c0c39c799 [ 276.016996][T10451] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 276.017025][T10451] RSP: 002b:00007f2c0d1a4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 276.017052][T10451] RAX: ffffffffffffffda RBX: 00007f2c0c616180 RCX: 00007f2c0c39c799 [ 276.017071][T10451] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000009 [ 276.017088][T10451] RBP: 00007f2c0c432c99 R08: 0000000000000000 R09: 0000000000000000 [ 276.017105][T10451] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 276.017121][T10451] R13: 00007f2c0c616218 R14: 00007f2c0c616180 R15: 00007fffc38585f8 [ 276.017160][T10451] [ 276.932799][T10451] Mem-Info: [ 276.935973][T10451] active_anon:28377 inactive_anon:0 isolated_anon:0 [ 276.935973][T10451] active_file:17917 inactive_file:41258 isolated_file:0 [ 276.935973][T10451] unevictable:777 dirty:621 writeback:0 [ 276.935973][T10451] slab_reclaimable:12210 slab_unreclaimable:98127 [ 276.935973][T10451] mapped:29384 shmem:16353 pagetables:1239 [ 276.935973][T10451] sec_pagetables:0 bounce:0 [ 276.935973][T10451] kernel_misc_reclaimable:0 [ 276.935973][T10451] free:1290145 free_pcp:14906 free_cma:0 [ 277.216634][T10451] Node 0 active_anon:76608kB inactive_anon:0kB active_file:71668kB inactive_file:164784kB unevictable:1572kB isolated(anon):0kB isolated(file):0kB mapped:117424kB dirty:2472kB writeback:0kB shmem:26976kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:11864kB pagetables:4724kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 277.326245][T10451] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:248kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:112kB dirty:12kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 277.386388][T10451] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 277.453327][T10451] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 277.479449][T10451] Node 0 DMA32 free:1250656kB boost:0kB min:34056kB low:42568kB high:51080kB reserved_highatomic:0KB free_highatomic:0KB active_anon:59908kB inactive_anon:0kB active_file:71668kB inactive_file:164784kB unevictable:1572kB writepending:2472kB zspages:0kB present:3129332kB managed:2537344kB mlocked:36kB bounce:0kB free_pcp:73100kB local_pcp:11584kB free_cma:0kB [ 277.526372][T10451] lowmem_reserve[]: 0 0 1 1 1 [ 277.531261][T10451] Node 0 Normal free:12kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1056kB mlocked:0kB bounce:0kB free_pcp:4kB local_pcp:0kB free_cma:0kB [ 277.596569][T10451] lowmem_reserve[]: 0 0 0 0 0 [ 277.601808][T10451] Node 1 Normal free:3928852kB boost:0kB min:55832kB low:69788kB high:83744kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:248kB unevictable:1536kB writepending:12kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:4980kB local_pcp:4980kB free_cma:0kB [ 277.731411][T10451] lowmem_reserve[]: 0 0 0 0 0 [ 277.766690][T10451] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 277.856541][T10451] Node 0 DMA32: 6127*4kB (UM) 2351*8kB (UM) 919*16kB (UME) 1051*32kB (UME) 716*64kB (UME) 345*128kB (UME) 174*256kB (UM) 65*512kB (UME) 35*1024kB (UME) 9*2048kB (UM) 233*4096kB (M) = 1268100kB [ 277.885518][T10451] Node 0 Normal: 3*4kB (U) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 277.897786][T10451] Node 1 Normal: 8*4kB (UM) 11*8kB (UM) 7*16kB (UM) 9*32kB (U) 11*64kB (UM) 3*128kB (UM) 1*256kB (U) 2*512kB (UM) 2*1024kB (UM) 2*2048kB (U) 957*4096kB (M) = 3928904kB [ 277.915016][T10451] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 277.939268][T10451] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 277.954454][T10451] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 277.967349][T10451] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 277.985586][T10451] 59443 total pagecache pages [ 278.000700][T10451] 0 pages in swap cache [ 278.004966][T10451] Free swap = 124996kB [ 278.010338][T10451] Total swap = 124996kB [ 278.014619][T10451] 2097051 pages RAM [ 278.021571][T10451] 0 pages HighMem/MovableOnly [ 278.026624][T10451] 430836 pages reserved [ 278.030920][T10451] 0 pages cma reserved [ 278.583863][T10488] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 279.154462][T10508] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 281.496265][T10573] program syz.2.1049 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 281.590040][ T30] audit: type=1807 audit(1774303935.656:10): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 281.624060][T10571] ima: policy update failed [ 281.631184][ T30] audit: type=1802 audit(1774303935.666:11): pid=10573 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.2.1049" res=0 errno=0 [ 281.716375][ T30] audit: type=1802 audit(1774303935.736:12): pid=10571 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.1049" res=0 errno=0 [ 281.879802][T10587] FAULT_INJECTION: forcing a failure. [ 281.879802][T10587] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 281.943814][T10587] CPU: 1 UID: 0 PID: 10587 Comm: syz.0.1053 Tainted: G L syzkaller #0 PREEMPT(full) [ 281.943860][T10587] Tainted: [L]=SOFTLOCKUP [ 281.943872][T10587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 281.943890][T10587] Call Trace: [ 281.943899][T10587] [ 281.943910][T10587] dump_stack_lvl+0x100/0x190 [ 281.943960][T10587] should_fail_ex.cold+0x5/0xa [ 281.943997][T10587] _copy_to_iter+0x1f3/0x1720 [ 281.944034][T10587] ? chacha_block_generic+0x211/0x330 [ 281.944073][T10587] ? __pfx__copy_to_iter+0x10/0x10 [ 281.944112][T10587] ? __pfx___might_resched+0x10/0x10 [ 281.944151][T10587] ? crng_make_state+0x2b0/0x6c0 [ 281.944189][T10587] get_random_bytes_user+0x17b/0x3d0 [ 281.944223][T10587] ? __pfx_get_random_bytes_user+0x10/0x10 [ 281.944263][T10587] ? do_futex+0x192/0x350 [ 281.944306][T10587] ? __fget_files+0x21f/0x3d0 [ 281.944334][T10587] ? import_ubuf+0x1b6/0x220 [ 281.944368][T10587] __x64_sys_getrandom+0x183/0x290 [ 281.944401][T10587] ? __pfx___x64_sys_getrandom+0x10/0x10 [ 281.944451][T10587] do_syscall_64+0x106/0xf80 [ 281.944491][T10587] ? clear_bhb_loop+0x40/0x90 [ 281.944526][T10587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 281.944556][T10587] RIP: 0033:0x7f98b0b9c799 [ 281.944590][T10587] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 281.944619][T10587] RSP: 002b:00007f98b1a0b028 EFLAGS: 00000246 ORIG_RAX: 000000000000013e [ 281.944646][T10587] RAX: ffffffffffffffda RBX: 00007f98b0e15fa0 RCX: 00007f98b0b9c799 [ 281.944665][T10587] RDX: 0000000000000003 RSI: 0000000006000000 RDI: 0000000000000000 [ 281.944682][T10587] RBP: 00007f98b0c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 281.944698][T10587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 281.944715][T10587] R13: 00007f98b0e16038 R14: 00007f98b0e15fa0 R15: 00007ffdf5865428 [ 281.944752][T10587] [ 284.611128][T10642] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 286.333158][T10686] FAULT_INJECTION: forcing a failure. [ 286.333158][T10686] name fail_futex, interval 1, probability 0, space 0, times 0 [ 286.361159][T10686] CPU: 0 UID: 0 PID: 10686 Comm: syz.1.1069 Tainted: G L syzkaller #0 PREEMPT(full) [ 286.361207][T10686] Tainted: [L]=SOFTLOCKUP [ 286.361217][T10686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 286.361234][T10686] Call Trace: [ 286.361243][T10686] [ 286.361254][T10686] dump_stack_lvl+0x100/0x190 [ 286.361304][T10686] should_fail_ex.cold+0x5/0xa [ 286.361338][T10686] get_futex_key+0x1d2/0x1620 [ 286.361377][T10686] ? __pfx_get_futex_key+0x10/0x10 [ 286.361416][T10686] ? __mutex_unlock_slowpath+0x15c/0x790 [ 286.361466][T10686] futex_wake+0xea/0x530 [ 286.361513][T10686] ? __pfx_vhost_dev_flush+0x10/0x10 [ 286.361555][T10686] ? vhost_dev_set_owner+0x48/0xa30 [ 286.361597][T10686] ? __pfx_futex_wake+0x10/0x10 [ 286.361646][T10686] ? vhost_net_ioctl+0x23f/0x1910 [ 286.361685][T10686] ? do_vfs_ioctl+0x226/0x13e0 [ 286.361730][T10686] do_futex+0x32b/0x350 [ 286.361767][T10686] ? __pfx_do_futex+0x10/0x10 [ 286.361805][T10686] ? find_held_lock+0x2b/0x80 [ 286.361849][T10686] __x64_sys_futex+0x34f/0x4d0 [ 286.361893][T10686] ? __pfx___x64_sys_futex+0x10/0x10 [ 286.361944][T10686] do_syscall_64+0x106/0xf80 [ 286.361986][T10686] ? clear_bhb_loop+0x40/0x90 [ 286.362025][T10686] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 286.362054][T10686] RIP: 0033:0x7ff6c3f9c799 [ 286.362079][T10686] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 286.362107][T10686] RSP: 002b:00007ff6c4de80e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 286.362133][T10686] RAX: ffffffffffffffda RBX: 00007ff6c4216188 RCX: 00007ff6c3f9c799 [ 286.362152][T10686] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff6c421618c [ 286.362170][T10686] RBP: 00007ff6c4216180 R08: 0000000000000000 R09: 0000000000000000 [ 286.362187][T10686] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 286.362202][T10686] R13: 00007ff6c4216218 R14: 00007ffc3e911130 R15: 00007ffc3e911218 [ 286.362238][T10686] [ 286.858368][T10692] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 287.267509][T10696] FAULT_INJECTION: forcing a failure. [ 287.267509][T10696] name failslab, interval 1, probability 0, space 0, times 0 [ 287.290335][T10696] CPU: 0 UID: 0 PID: 10696 Comm: syz.0.1072 Tainted: G L syzkaller #0 PREEMPT(full) [ 287.290382][T10696] Tainted: [L]=SOFTLOCKUP [ 287.290392][T10696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 287.290409][T10696] Call Trace: [ 287.290418][T10696] [ 287.290429][T10696] dump_stack_lvl+0x100/0x190 [ 287.290474][T10696] should_fail_ex.cold+0x5/0xa [ 287.290509][T10696] ? xfrm_hash_alloc+0xcf/0x100 [ 287.290539][T10696] should_failslab+0xc2/0x120 [ 287.290570][T10696] __kmalloc_noprof+0xe0/0x850 [ 287.290620][T10696] xfrm_hash_alloc+0xcf/0x100 [ 287.290651][T10696] xfrm_state_init+0x15d/0x640 [ 287.290689][T10696] ? __pfx_xfrm_net_init+0x10/0x10 [ 287.290720][T10696] xfrm_net_init+0x20e/0xcc0 [ 287.290758][T10696] ? __pfx_xfrm_net_init+0x10/0x10 [ 287.290786][T10696] ops_init+0x1e2/0x5f0 [ 287.290828][T10696] setup_net+0x118/0x3a0 [ 287.290868][T10696] ? __pfx_setup_net+0x10/0x10 [ 287.290905][T10696] ? lockdep_init_map_type+0x5c/0x250 [ 287.290944][T10696] ? mutex_init_lockep+0x110/0x150 [ 287.290992][T10696] copy_net_ns+0x46f/0x7c0 [ 287.291025][T10696] create_new_namespaces+0x3ea/0xac0 [ 287.291066][T10696] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 287.291102][T10696] ksys_unshare+0x473/0xad0 [ 287.291140][T10696] ? __pfx_ksys_unshare+0x10/0x10 [ 287.291191][T10696] __x64_sys_unshare+0x31/0x40 [ 287.291225][T10696] do_syscall_64+0x106/0xf80 [ 287.291274][T10696] ? clear_bhb_loop+0x40/0x90 [ 287.291310][T10696] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.291339][T10696] RIP: 0033:0x7f98b0b9c799 [ 287.291364][T10696] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 287.291391][T10696] RSP: 002b:00007f98b1a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 287.291418][T10696] RAX: ffffffffffffffda RBX: 00007f98b0e15fa0 RCX: 00007f98b0b9c799 [ 287.291437][T10696] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 287.291455][T10696] RBP: 00007f98b0c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 287.291472][T10696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 287.291490][T10696] R13: 00007f98b0e16038 R14: 00007f98b0e15fa0 R15: 00007ffdf5865428 [ 287.291530][T10696] [ 287.937967][T10716] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 289.807945][T10776] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1086'. [ 290.019927][T10784] FAULT_INJECTION: forcing a failure. [ 290.019927][T10784] name failslab, interval 1, probability 0, space 0, times 0 [ 290.046214][T10784] CPU: 0 UID: 0 PID: 10784 Comm: syz.2.1084 Tainted: G L syzkaller #0 PREEMPT(full) [ 290.046258][T10784] Tainted: [L]=SOFTLOCKUP [ 290.046267][T10784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 290.046290][T10784] Call Trace: [ 290.046300][T10784] [ 290.046309][T10784] dump_stack_lvl+0x100/0x190 [ 290.046357][T10784] should_fail_ex.cold+0x5/0xa [ 290.046389][T10784] ? tomoyo_realpath_from_path+0xb6/0x690 [ 290.046426][T10784] should_failslab+0xc2/0x120 [ 290.046455][T10784] __kmalloc_noprof+0xe0/0x850 [ 290.046501][T10784] tomoyo_realpath_from_path+0xb6/0x690 [ 290.046546][T10784] tomoyo_path_number_perm+0x23c/0x580 [ 290.046575][T10784] ? tomoyo_path_number_perm+0x22e/0x580 [ 290.046620][T10784] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 290.046651][T10784] ? futex_wait+0x125/0x380 [ 290.046728][T10784] ? find_held_lock+0x2b/0x80 [ 290.046755][T10784] ? __fget_files+0x215/0x3d0 [ 290.046781][T10784] ? hook_file_ioctl_common+0x146/0x410 [ 290.046819][T10784] ? __fget_files+0x21f/0x3d0 [ 290.046854][T10784] security_file_ioctl+0xd3/0x230 [ 290.046889][T10784] __x64_sys_ioctl+0xb7/0x210 [ 290.046931][T10784] do_syscall_64+0x106/0xf80 [ 290.046969][T10784] ? clear_bhb_loop+0x40/0x90 [ 290.047001][T10784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 290.047029][T10784] RIP: 0033:0x7f9c75f9c799 [ 290.047054][T10784] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 290.047081][T10784] RSP: 002b:00007f9c76efe028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 290.047106][T10784] RAX: ffffffffffffffda RBX: 00007f9c76216180 RCX: 00007f9c75f9c799 [ 290.047124][T10784] RDX: 0000000000000008 RSI: 000000004028af11 RDI: 0000000000000009 [ 290.047141][T10784] RBP: 00007f9c76032c99 R08: 0000000000000000 R09: 0000000000000000 [ 290.047159][T10784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 290.047176][T10784] R13: 00007f9c76216218 R14: 00007f9c76216180 R15: 00007ffcadfd9d28 [ 290.047216][T10784] [ 290.048395][T10784] ERROR: Out of memory at tomoyo_realpath_from_path. [ 290.689413][T10802] sctp: [Deprecated]: syz.0.1089 (pid 10802) Use of int in maxseg socket option. [ 290.689413][T10802] Use struct sctp_assoc_value instead [ 290.763701][ T7180] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 290.771308][ T7180] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 291.392280][T10830] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1096'. [ 293.444900][T10895] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 293.735300][T10902] FAULT_INJECTION: forcing a failure. [ 293.735300][T10902] name failslab, interval 1, probability 0, space 0, times 0 [ 293.769033][T10902] CPU: 1 UID: 0 PID: 10902 Comm: syz.1.1116 Tainted: G L syzkaller #0 PREEMPT(full) [ 293.769082][T10902] Tainted: [L]=SOFTLOCKUP [ 293.769091][T10902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 293.769107][T10902] Call Trace: [ 293.769116][T10902] [ 293.769126][T10902] dump_stack_lvl+0x100/0x190 [ 293.769175][T10902] should_fail_ex.cold+0x5/0xa [ 293.769211][T10902] should_failslab+0xc2/0x120 [ 293.769244][T10902] __kmalloc_cache_noprof+0x7a/0x6f0 [ 293.769282][T10902] ? loopback_open+0xa46/0x1370 [ 293.769333][T10902] loopback_open+0xa46/0x1370 [ 293.769383][T10902] snd_pcm_open_substream+0xa76/0x1850 [ 293.769428][T10902] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 293.769470][T10902] ? rcu_is_watching+0x12/0xc0 [ 293.769520][T10902] snd_pcm_open+0x2a3/0x710 [ 293.769573][T10902] ? __pfx_snd_pcm_open+0x10/0x10 [ 293.769618][T10902] ? __pfx_default_wake_function+0x10/0x10 [ 293.769663][T10902] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 293.769705][T10902] snd_pcm_playback_open+0x86/0xe0 [ 293.769746][T10902] snd_open+0x22d/0x4c0 [ 293.769777][T10902] ? __pfx_snd_open+0x10/0x10 [ 293.769808][T10902] chrdev_open+0x234/0x6a0 [ 293.769837][T10902] ? __pfx_apparmor_file_open+0x10/0x10 [ 293.769868][T10902] ? __pfx_chrdev_open+0x10/0x10 [ 293.769901][T10902] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 293.769941][T10902] do_dentry_open+0x6d8/0x1660 [ 293.769970][T10902] ? __pfx_chrdev_open+0x10/0x10 [ 293.770011][T10902] vfs_open+0x82/0x3f0 [ 293.770052][T10902] path_openat+0x208c/0x31a0 [ 293.770096][T10902] ? __pfx_path_openat+0x10/0x10 [ 293.770142][T10902] do_file_open+0x20e/0x430 [ 293.770176][T10902] ? __pfx_do_file_open+0x10/0x10 [ 293.770236][T10902] ? alloc_fd+0x476/0x790 [ 293.770269][T10902] ? do_getname+0x191/0x390 [ 293.770309][T10902] do_sys_openat2+0x10d/0x1e0 [ 293.770347][T10902] ? __pfx_do_sys_openat2+0x10/0x10 [ 293.770387][T10902] ? __fget_files+0x21f/0x3d0 [ 293.770422][T10902] __x64_sys_openat+0x12d/0x210 [ 293.770462][T10902] ? __pfx___x64_sys_openat+0x10/0x10 [ 293.770516][T10902] do_syscall_64+0x106/0xf80 [ 293.770564][T10902] ? clear_bhb_loop+0x40/0x90 [ 293.770600][T10902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 293.770630][T10902] RIP: 0033:0x7ff6c3f9c799 [ 293.770655][T10902] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 293.770683][T10902] RSP: 002b:00007ff6c4e2a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 293.770711][T10902] RAX: ffffffffffffffda RBX: 00007ff6c4215fa0 RCX: 00007ff6c3f9c799 [ 293.770730][T10902] RDX: 0000000000002100 RSI: 0000200000004ec0 RDI: ffffffffffffff9c [ 293.770749][T10902] RBP: 00007ff6c4032c99 R08: 0000000000000000 R09: 0000000000000000 [ 293.770767][T10902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 293.770784][T10902] R13: 00007ff6c4216038 R14: 00007ff6c4215fa0 R15: 00007ffc3e911218 [ 293.770825][T10902] [ 294.677632][T10926] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1124'. [ 294.722684][T10926] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1124'. [ 294.923583][T10935] nla_validate_range_unsigned: 2 callbacks suppressed [ 294.923599][T10935] netlink: 'syz.0.1126': attribute type 11 has an invalid length. [ 294.958651][T10935] netlink: 'syz.0.1126': attribute type 11 has an invalid length. [ 294.986439][T10935] netlink: 'syz.0.1126': attribute type 11 has an invalid length. [ 295.235253][T10933] futex_wake_op: syz.1.1125 tries to shift op by -2048; fix this program [ 295.330154][T10932] bond0: option arp_validate: invalid value () [ 295.365696][T10937] bond0: option arp_validate: invalid value () [ 295.748054][T10959] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 296.744096][T10986] netlink: 'syz.3.1136': attribute type 11 has an invalid length. [ 296.774163][T10986] netlink: 'syz.3.1136': attribute type 11 has an invalid length. [ 296.801749][T10986] netlink: 'syz.3.1136': attribute type 11 has an invalid length. [ 298.505490][T11033] netlink: 'syz.0.1148': attribute type 11 has an invalid length. [ 298.545395][T11033] netlink: 'syz.0.1148': attribute type 11 has an invalid length. [ 298.566830][T11033] netlink: 'syz.0.1148': attribute type 11 has an invalid length. [ 298.921948][T11043] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 298.992569][T11047] futex_wake_op: syz.1.1152 tries to shift op by -2048; fix this program [ 299.854579][T11084] netlink: 'syz.2.1158': attribute type 11 has an invalid length. [ 300.058336][T11091] aoe: can't write to that file. [ 300.215188][T11098] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1163'. [ 300.457867][T11109] FAULT_INJECTION: forcing a failure. [ 300.457867][T11109] name failslab, interval 1, probability 0, space 0, times 0 [ 300.559163][T11109] CPU: 0 UID: 0 PID: 11109 Comm: syz.3.1167 Tainted: G L syzkaller #0 PREEMPT(full) [ 300.559208][T11109] Tainted: [L]=SOFTLOCKUP [ 300.559218][T11109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 300.559234][T11109] Call Trace: [ 300.559243][T11109] [ 300.559255][T11109] dump_stack_lvl+0x100/0x190 [ 300.559303][T11109] should_fail_ex.cold+0x5/0xa [ 300.559337][T11109] should_failslab+0xc2/0x120 [ 300.559369][T11109] __kmalloc_cache_noprof+0x7a/0x6f0 [ 300.559407][T11109] ? loopback_open+0x145/0x1370 [ 300.559457][T11109] loopback_open+0x145/0x1370 [ 300.559508][T11109] snd_pcm_open_substream+0xa76/0x1850 [ 300.559551][T11109] ? __pfx_snd_pcm_open_substream+0x10/0x10 [ 300.559593][T11109] ? rcu_is_watching+0x12/0xc0 [ 300.559642][T11109] snd_pcm_open+0x2a3/0x710 [ 300.559686][T11109] ? __pfx_snd_pcm_open+0x10/0x10 [ 300.559729][T11109] ? __pfx_default_wake_function+0x10/0x10 [ 300.559771][T11109] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 300.559811][T11109] snd_pcm_playback_open+0x86/0xe0 [ 300.559852][T11109] snd_open+0x22d/0x4c0 [ 300.559883][T11109] ? __pfx_snd_open+0x10/0x10 [ 300.559924][T11109] chrdev_open+0x234/0x6a0 [ 300.559955][T11109] ? __pfx_apparmor_file_open+0x10/0x10 [ 300.559986][T11109] ? __pfx_chrdev_open+0x10/0x10 [ 300.560019][T11109] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 300.560059][T11109] do_dentry_open+0x6d8/0x1660 [ 300.560089][T11109] ? __pfx_chrdev_open+0x10/0x10 [ 300.560128][T11109] vfs_open+0x82/0x3f0 [ 300.560171][T11109] path_openat+0x208c/0x31a0 [ 300.560215][T11109] ? __pfx_path_openat+0x10/0x10 [ 300.560258][T11109] do_file_open+0x20e/0x430 [ 300.560291][T11109] ? __pfx_do_file_open+0x10/0x10 [ 300.560349][T11109] ? alloc_fd+0x476/0x790 [ 300.560382][T11109] ? do_getname+0x191/0x390 [ 300.560420][T11109] do_sys_openat2+0x10d/0x1e0 [ 300.560458][T11109] ? __pfx_do_sys_openat2+0x10/0x10 [ 300.560498][T11109] ? __fget_files+0x21f/0x3d0 [ 300.560533][T11109] __x64_sys_openat+0x12d/0x210 [ 300.560572][T11109] ? __pfx___x64_sys_openat+0x10/0x10 [ 300.560625][T11109] do_syscall_64+0x106/0xf80 [ 300.560664][T11109] ? clear_bhb_loop+0x40/0x90 [ 300.560700][T11109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 300.560730][T11109] RIP: 0033:0x7f2c0c39c799 [ 300.560753][T11109] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 300.560781][T11109] RSP: 002b:00007f2c0d1e6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 300.560808][T11109] RAX: ffffffffffffffda RBX: 00007f2c0c615fa0 RCX: 00007f2c0c39c799 [ 300.560826][T11109] RDX: 0000000000002100 RSI: 0000200000004ec0 RDI: ffffffffffffff9c [ 300.560844][T11109] RBP: 00007f2c0c432c99 R08: 0000000000000000 R09: 0000000000000000 [ 300.560861][T11109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 300.560877][T11109] R13: 00007f2c0c616038 R14: 00007f2c0c615fa0 R15: 00007fffc38585f8 [ 300.560923][T11109] [ 301.207792][T11118] nla_validate_range_unsigned: 2 callbacks suppressed [ 301.207819][T11118] netlink: 'syz.3.1170': attribute type 11 has an invalid length. [ 301.231337][T11118] netlink: 'syz.3.1170': attribute type 11 has an invalid length. [ 301.252560][T11118] netlink: 'syz.3.1170': attribute type 11 has an invalid length. [ 301.630604][T11127] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 302.001923][T11141] netlink: 'syz.3.1179': attribute type 11 has an invalid length. [ 302.017643][T11141] netlink: 'syz.3.1179': attribute type 11 has an invalid length. [ 302.036645][T11141] netlink: 'syz.3.1179': attribute type 11 has an invalid length. [ 302.339945][T11147] zswap: compressor not available [ 302.931960][T11171] FAULT_INJECTION: forcing a failure. [ 302.931960][T11171] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 302.981797][T11171] CPU: 1 UID: 0 PID: 11171 Comm: syz.1.1182 Tainted: G L syzkaller #0 PREEMPT(full) [ 302.981840][T11171] Tainted: [L]=SOFTLOCKUP [ 302.981849][T11171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 302.981864][T11171] Call Trace: [ 302.981873][T11171] [ 302.981882][T11171] dump_stack_lvl+0x100/0x190 [ 302.981926][T11171] should_fail_ex.cold+0x5/0xa [ 302.981959][T11171] _copy_from_user+0x2e/0xd0 [ 302.981991][T11171] snd_pcm_oss_write2+0x1c2/0x400 [ 302.982026][T11171] ? __pfx_snd_pcm_oss_write2+0x10/0x10 [ 302.982069][T11171] snd_pcm_oss_write+0x729/0xa30 [ 302.982103][T11171] ? security_file_permission+0x76/0x210 [ 302.982143][T11171] vfs_write+0x2aa/0x1070 [ 302.982171][T11171] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 302.982207][T11171] ? __pfx_vfs_write+0x10/0x10 [ 302.982229][T11171] ? find_held_lock+0x2b/0x80 [ 302.982255][T11171] ? __fget_files+0x215/0x3d0 [ 302.982287][T11171] ? __fget_files+0x215/0x3d0 [ 302.982319][T11171] ? __fget_files+0x21f/0x3d0 [ 302.982356][T11171] ksys_write+0x12a/0x250 [ 302.982380][T11171] ? __pfx_ksys_write+0x10/0x10 [ 302.982417][T11171] do_syscall_64+0x106/0xf80 [ 302.982453][T11171] ? clear_bhb_loop+0x40/0x90 [ 302.982485][T11171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.982512][T11171] RIP: 0033:0x7ff6c3f9c799 [ 302.982534][T11171] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 302.982559][T11171] RSP: 002b:00007ff6c4dc7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 302.982584][T11171] RAX: ffffffffffffffda RBX: 00007ff6c4216270 RCX: 00007ff6c3f9c799 [ 302.982602][T11171] RDX: 0000000000100082 RSI: 0000000000000000 RDI: 0000000000000003 [ 302.982618][T11171] RBP: 00007ff6c4032c99 R08: 0000000000000000 R09: 0000000000000000 [ 302.982633][T11171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 302.982649][T11171] R13: 00007ff6c4216308 R14: 00007ff6c4216270 R15: 00007ffc3e911218 [ 302.982686][T11171] [ 303.278633][T11174] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 303.851964][T11171] FAULT_INJECTION: forcing a failure. [ 303.851964][T11171] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 303.852071][T11171] CPU: 0 UID: 0 PID: 11171 Comm: syz.1.1182 Tainted: G L syzkaller #0 PREEMPT(full) [ 303.852110][T11171] Tainted: [L]=SOFTLOCKUP [ 303.852118][T11171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 303.852133][T11171] Call Trace: [ 303.852141][T11171] [ 303.852151][T11171] dump_stack_lvl+0x100/0x190 [ 303.852194][T11171] should_fail_ex.cold+0x5/0xa [ 303.852228][T11171] ? prepare_alloc_pages+0x16d/0x5f0 [ 303.852263][T11171] should_fail_alloc_page+0xeb/0x140 [ 303.852294][T11171] prepare_alloc_pages+0x1f0/0x5f0 [ 303.852331][T11171] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 303.852370][T11171] ? rcu_is_watching+0x12/0xc0 [ 303.852416][T11171] ? rcu_is_watching+0x12/0xc0 [ 303.852454][T11171] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 303.852494][T11171] ? __mod_zone_page_state+0xe2/0x190 [ 303.852530][T11171] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 303.852569][T11171] ? lru_gen_add_folio+0x20f/0x13e0 [ 303.852620][T11171] ? folios_put_refs+0x66d/0x840 [ 303.852662][T11171] ? __pfx_folios_put_refs+0x10/0x10 [ 303.852706][T11171] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 303.852735][T11171] ? policy_nodemask+0xed/0x4f0 [ 303.852767][T11171] alloc_pages_mpol+0x1fb/0x550 [ 303.852797][T11171] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 303.852826][T11171] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 303.852862][T11171] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 303.852906][T11171] folio_alloc_mpol_noprof+0x36/0x340 [ 303.852939][T11171] shmem_alloc_folio+0x135/0x160 [ 303.852974][T11171] shmem_alloc_and_add_folio+0x371/0xd40 [ 303.853022][T11171] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 303.853061][T11171] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 303.853108][T11171] shmem_get_folio_gfp+0x6ab/0x1900 [ 303.853151][T11171] ? find_held_lock+0x2b/0x80 [ 303.853179][T11171] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 303.853219][T11171] ? ktime_get_coarse_real_ts64_mg+0x235/0x300 [ 303.853258][T11171] ? lockdep_hardirqs_on+0x78/0x100 [ 303.853297][T11171] shmem_fault+0x1f9/0xa20 [ 303.853332][T11171] ? __lock_acquire+0x4a5/0x2630 [ 303.853363][T11171] ? __pfx_shmem_fault+0x10/0x10 [ 303.853402][T11171] ? __up_read+0x2c5/0x700 [ 303.853449][T11171] ? __pfx_filemap_map_pages+0x10/0x10 [ 303.853483][T11171] __do_fault+0x10d/0x550 [ 303.853511][T11171] ? __pfx_filemap_map_pages+0x10/0x10 [ 303.853542][T11171] do_fault+0x2db/0x1990 [ 303.853577][T11171] __handle_mm_fault+0x180f/0x2b60 [ 303.853619][T11171] ? __pfx___handle_mm_fault+0x10/0x10 [ 303.853653][T11171] ? pte_offset_map_lock+0x174/0x320 [ 303.853679][T11171] ? find_held_lock+0x2b/0x80 [ 303.853716][T11171] ? follow_page_pte+0x5b3/0x1400 [ 303.853750][T11171] handle_mm_fault+0x36d/0xa20 [ 303.853791][T11171] __get_user_pages+0xf9c/0x34d0 [ 303.853830][T11171] ? down_read_killable+0x30e/0x4c0 [ 303.853861][T11171] ? __pfx___get_user_pages+0x10/0x10 [ 303.853901][T11171] faultin_page_range+0x1f1/0x9e0 [ 303.853938][T11171] madvise_do_behavior+0x354/0x510 [ 303.853972][T11171] ? __pfx_madvise_do_behavior+0x10/0x10 [ 303.854020][T11171] do_madvise+0x195/0x240 [ 303.854048][T11171] ? __pfx_do_madvise+0x10/0x10 [ 303.854076][T11171] ? do_futex+0x192/0x350 [ 303.854143][T11171] __x64_sys_madvise+0xa9/0x110 [ 303.854173][T11171] ? lockdep_hardirqs_on+0x78/0x100 [ 303.854209][T11171] do_syscall_64+0x106/0xf80 [ 303.854251][T11171] ? clear_bhb_loop+0x40/0x90 [ 303.854282][T11171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.854307][T11171] RIP: 0033:0x7ff6c3f9c799 [ 303.854328][T11171] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 303.854352][T11171] RSP: 002b:00007ff6c4dc7028 EFLAGS: 00000246 ORIG_RAX: 000000000000001c [ 303.854377][T11171] RAX: ffffffffffffffda RBX: 00007ff6c4216270 RCX: 00007ff6c3f9c799 [ 303.854394][T11171] RDX: 0000000000000017 RSI: ffffffffffff0005 RDI: 0000000000000000 [ 303.854410][T11171] RBP: 00007ff6c4032c99 R08: 0000000000000000 R09: 0000000000000000 [ 303.854423][T11171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 303.854438][T11171] R13: 00007ff6c4216308 R14: 00007ff6c4216270 R15: 00007ffc3e911218 [ 303.854470][T11171] [ 304.197145][T11210] netlink: 'syz.0.1188': attribute type 11 has an invalid length. [ 304.197179][T11210] netlink: 'syz.0.1188': attribute type 11 has an invalid length. [ 304.197198][T11210] netlink: 'syz.0.1188': attribute type 11 has an invalid length. [ 304.252006][ T7180] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 304.427075][T11217] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1190'. [ 305.623444][T11238] qrtr: Invalid version 0 [ 306.087463][T11253] netlink: 'syz.1.1198': attribute type 11 has an invalid length. [ 306.090891][T11254] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 306.587974][T11263] FAULT_INJECTION: forcing a failure. [ 306.587974][T11263] name failslab, interval 1, probability 0, space 0, times 0 [ 306.611843][T11263] CPU: 0 UID: 0 PID: 11263 Comm: syz.3.1203 Tainted: G L syzkaller #0 PREEMPT(full) [ 306.611890][T11263] Tainted: [L]=SOFTLOCKUP [ 306.611900][T11263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 306.611917][T11263] Call Trace: [ 306.611927][T11263] [ 306.611938][T11263] dump_stack_lvl+0x100/0x190 [ 306.611988][T11263] should_fail_ex.cold+0x5/0xa [ 306.612024][T11263] should_failslab+0xc2/0x120 [ 306.612055][T11263] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 306.612104][T11263] ? security_inode_alloc+0x3b/0x2c0 [ 306.612131][T11263] ? lockdep_init_map_type+0x5c/0x250 [ 306.612176][T11263] security_inode_alloc+0x3b/0x2c0 [ 306.612209][T11263] inode_init_always_gfp+0xced/0x1040 [ 306.612246][T11263] alloc_inode+0x8e/0x250 [ 306.612284][T11263] new_inode+0x22/0x1c0 [ 306.612324][T11263] proc_pid_make_inode+0x22/0x160 [ 306.612367][T11263] proc_pident_instantiate+0x85/0x310 [ 306.612412][T11263] proc_pident_lookup+0x1e3/0x270 [ 306.612463][T11263] __lookup_slow+0x251/0x460 [ 306.612502][T11263] ? __pfx___lookup_slow+0x10/0x10 [ 306.612559][T11263] ? __d_lookup+0x266/0x4a0 [ 306.612607][T11263] lookup_slow+0x50/0x70 [ 306.612643][T11263] link_path_walk+0x1377/0x1cc0 [ 306.612697][T11263] path_openat+0x1be/0x31a0 [ 306.612723][T11263] ? kasan_save_stack+0x3f/0x50 [ 306.612764][T11263] ? kasan_save_stack+0x30/0x50 [ 306.612804][T11263] ? kasan_save_track+0x14/0x30 [ 306.612830][T11263] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 306.612881][T11263] ? __pfx_path_openat+0x10/0x10 [ 306.612927][T11263] do_file_open+0x20e/0x430 [ 306.612961][T11263] ? __pfx_do_file_open+0x10/0x10 [ 306.613006][T11263] ? __pfx_kfree_link+0x10/0x10 [ 306.613057][T11263] ? alloc_fd+0x476/0x790 [ 306.613100][T11263] ? do_getname+0x191/0x390 [ 306.613141][T11263] do_sys_openat2+0x10d/0x1e0 [ 306.613181][T11263] ? __pfx_do_sys_openat2+0x10/0x10 [ 306.613222][T11263] ? __fget_files+0x21f/0x3d0 [ 306.613258][T11263] __x64_sys_openat+0x12d/0x210 [ 306.613297][T11263] ? __pfx___x64_sys_openat+0x10/0x10 [ 306.613354][T11263] do_syscall_64+0x106/0xf80 [ 306.613396][T11263] ? clear_bhb_loop+0x40/0x90 [ 306.613432][T11263] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.613462][T11263] RIP: 0033:0x7f2c0c35cfce [ 306.613487][T11263] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 306.613515][T11263] RSP: 002b:00007f2c0d1e5ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 306.613541][T11263] RAX: ffffffffffffffda RBX: 00007f2c0d1e66c0 RCX: 00007f2c0c35cfce [ 306.613560][T11263] RDX: 0000000000000002 RSI: 00007f2c0d1e5f90 RDI: ffffffffffffff9c [ 306.613577][T11263] RBP: 00007f2c0c432c99 R08: 0000000000000000 R09: 0000000000000000 [ 306.613594][T11263] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 306.613611][T11263] R13: 00007f2c0c616038 R14: 00007f2c0c615fa0 R15: 00007fffc38585f8 [ 306.613651][T11263] [ 306.791549][T11267] FAULT_INJECTION: forcing a failure. [ 306.791549][T11267] name failslab, interval 1, probability 0, space 0, times 0 [ 307.055676][T11267] CPU: 1 UID: 0 PID: 11267 Comm: syz.0.1205 Tainted: G L syzkaller #0 PREEMPT(full) [ 307.055725][T11267] Tainted: [L]=SOFTLOCKUP [ 307.055736][T11267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 307.055755][T11267] Call Trace: [ 307.055764][T11267] [ 307.055775][T11267] dump_stack_lvl+0x100/0x190 [ 307.055827][T11267] should_fail_ex.cold+0x5/0xa [ 307.055863][T11267] should_failslab+0xc2/0x120 [ 307.055895][T11267] __kmalloc_cache_noprof+0x7a/0x6f0 [ 307.055932][T11267] ? vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 307.055973][T11267] ? vidtv_psi_pmt_table_init+0x363/0x430 [ 307.056018][T11267] vidtv_psi_pmt_stream_init+0x4e/0x3e0 [ 307.056060][T11267] vidtv_channel_si_init+0x1289/0x18d0 [ 307.056110][T11267] vidtv_mux_init+0x526/0xbf0 [ 307.056152][T11267] vidtv_start_feed+0x33e/0x4c0 [ 307.056179][T11267] ? __pfx_vidtv_start_feed+0x10/0x10 [ 307.056210][T11267] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 307.056249][T11267] ? mark_held_locks+0x40/0x70 [ 307.056289][T11267] ? __pfx_vidtv_start_feed+0x10/0x10 [ 307.056320][T11267] dmx_ts_feed_start_filtering+0xf6/0x220 [ 307.056359][T11267] dvb_dmxdev_start_feed+0x273/0x3f0 [ 307.056393][T11267] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 307.056428][T11267] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 307.056463][T11267] dvb_demux_do_ioctl+0xe64/0x1200 [ 307.056507][T11267] dvb_usercopy+0x167/0x340 [ 307.056530][T11267] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 307.056574][T11267] ? __pfx_dvb_usercopy+0x10/0x10 [ 307.056616][T11267] ? __fget_files+0x21f/0x3d0 [ 307.056652][T11267] dvb_demux_ioctl+0x29/0x40 [ 307.056680][T11267] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 307.056709][T11267] __x64_sys_ioctl+0x18e/0x210 [ 307.056749][T11267] do_syscall_64+0x106/0xf80 [ 307.056787][T11267] ? clear_bhb_loop+0x40/0x90 [ 307.056823][T11267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.056852][T11267] RIP: 0033:0x7f98b0b9c799 [ 307.056874][T11267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 307.056902][T11267] RSP: 002b:00007f98b1a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.056929][T11267] RAX: ffffffffffffffda RBX: 00007f98b0e15fa0 RCX: 00007f98b0b9c799 [ 307.056948][T11267] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 307.056965][T11267] RBP: 00007f98b0c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 307.056982][T11267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 307.056999][T11267] R13: 00007f98b0e16038 R14: 00007f98b0e15fa0 R15: 00007ffdf5865428 [ 307.057038][T11267] [ 307.372068][T11267] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 307.384027][T11267] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 307.392463][T11267] CPU: 0 UID: 0 PID: 11267 Comm: syz.0.1205 Tainted: G L syzkaller #0 PREEMPT(full) [ 307.403430][T11267] Tainted: [L]=SOFTLOCKUP [ 307.407761][T11267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 307.417830][T11267] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 307.423760][T11267] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 ed 5d db f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 c9 5d db f9 4d 85 e4 [ 307.443388][T11267] RSP: 0018:ffffc90002fdfa10 EFLAGS: 00010247 [ 307.449470][T11267] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc90005bf9000 [ 307.457461][T11267] RDX: 0000000000000000 RSI: ffffffff882ccf33 RDI: 0000000000000005 [ 307.465436][T11267] RBP: ffff888029f77940 R08: 0000000000000000 R09: 4453534204050000 [ 307.473418][T11267] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 307.481401][T11267] R13: ffff888066551440 R14: ffff88804b360f80 R15: ffff88802bd77d40 [ 307.489381][T11267] FS: 00007f98b1a0b6c0(0000) GS:ffff888124346000(0000) knlGS:0000000000000000 [ 307.498324][T11267] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 307.504917][T11267] CR2: 00007f98b0be9e80 CR3: 0000000078e3a000 CR4: 00000000003526f0 [ 307.512898][T11267] Call Trace: [ 307.516187][T11267] [ 307.519140][T11267] vidtv_channel_si_init+0x12fc/0x18d0 [ 307.524647][T11267] vidtv_mux_init+0x526/0xbf0 [ 307.529352][T11267] vidtv_start_feed+0x33e/0x4c0 [ 307.534222][T11267] ? __pfx_vidtv_start_feed+0x10/0x10 [ 307.539608][T11267] ? __pfx_vidtv_bridge_on_new_pkts_avail+0x10/0x10 [ 307.546233][T11267] ? mark_held_locks+0x40/0x70 [ 307.551017][T11267] ? __pfx_vidtv_start_feed+0x10/0x10 [ 307.556405][T11267] dmx_ts_feed_start_filtering+0xf6/0x220 [ 307.562144][T11267] dvb_dmxdev_start_feed+0x273/0x3f0 [ 307.567441][T11267] dvb_dmxdev_filter_start+0x1b6/0xdd0 [ 307.572915][T11267] ? dvb_dmxdev_add_pid+0x2a1/0x380 [ 307.578141][T11267] dvb_demux_do_ioctl+0xe64/0x1200 [ 307.583315][T11267] dvb_usercopy+0x167/0x340 [ 307.587839][T11267] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 307.593385][T11267] ? __pfx_dvb_usercopy+0x10/0x10 [ 307.598403][T11267] ? __fget_files+0x21f/0x3d0 [ 307.603082][T11267] dvb_demux_ioctl+0x29/0x40 [ 307.607672][T11267] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 307.612951][T11267] __x64_sys_ioctl+0x18e/0x210 [ 307.617710][T11267] do_syscall_64+0x106/0xf80 [ 307.622292][T11267] ? clear_bhb_loop+0x40/0x90 [ 307.626956][T11267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 307.632833][T11267] RIP: 0033:0x7f98b0b9c799 [ 307.637229][T11267] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 307.656827][T11267] RSP: 002b:00007f98b1a0b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 307.665468][T11267] RAX: ffffffffffffffda RBX: 00007f98b0e15fa0 RCX: 00007f98b0b9c799 [ 307.673526][T11267] RDX: 0000000000000000 RSI: 0000000040146f2c RDI: 0000000000000002 [ 307.681934][T11267] RBP: 00007f98b0c32c99 R08: 0000000000000000 R09: 0000000000000000 [ 307.689904][T11267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 307.697907][T11267] R13: 00007f98b0e16038 R14: 00007f98b0e15fa0 R15: 00007ffdf5865428 [ 307.705879][T11267] [ 307.708911][T11267] Modules linked in: [ 307.713248][T11267] ---[ end trace 0000000000000000 ]--- [ 307.734453][T11267] RIP: 0010:vidtv_psi_desc_assign+0x24/0x90 [ 307.758820][T11267] Code: 90 90 90 90 90 90 0f 1f 40 d6 41 54 55 48 89 f5 53 48 89 fb e8 ed 5d db f9 48 89 da 48 b8 00 00 00 00 00 fc ff df 48 c1 ea 03 <80> 3c 02 00 75 4c 4c 8b 23 49 39 ec 74 36 e8 c9 5d db f9 4d 85 e4 [ 307.816211][T11267] RSP: 0018:ffffc90002fdfa10 EFLAGS: 00010247 [ 307.844502][T11267] RAX: dffffc0000000000 RBX: 0000000000000005 RCX: ffffc90005bf9000 [ 307.865682][T11267] RDX: 0000000000000000 RSI: ffffffff882ccf33 RDI: 0000000000000005 [ 307.885080][T11267] RBP: ffff888029f77940 R08: 0000000000000000 R09: 4453534204050000 [ 307.906781][T11267] R10: 0000000000000005 R11: 0000000000000000 R12: 0000000000000000 [ 307.923740][T11267] R13: ffff888066551440 R14: ffff88804b360f80 R15: ffff88802bd77d40 [ 307.936802][T11267] FS: 00007f98b1a0b6c0(0000) GS:ffff888124346000(0000) knlGS:0000000000000000 [ 307.950282][T11267] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 307.967812][T11267] CR2: 0000001b30bafff8 CR3: 0000000078e3a000 CR4: 00000000003526f0 [ 307.976517][T11267] Kernel panic - not syncing: Fatal exception [ 307.982859][T11267] Kernel Offset: disabled [ 307.987181][T11267] Rebooting in 86400 seconds..