last executing test programs: 18m59.085935358s ago: executing program 2 (id=1058): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) write$auto_cachefiles_daemon_fops_internal(0xffffffffffffffff, &(0x7f0000000500)='\n', 0x1) connect$auto(0x3, 0x0, 0x50) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000140)='/dev/video7\x00', 0x8280, 0x0) read$auto_v4l2_fops_v4l2_dev(r0, &(0x7f0000000000)=""/130, 0x82) select$auto(0x5, 0x0, 0x0, 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) ioctl$auto_TIOCGSID2(0xffffffffffffffff, 0x5429, &(0x7f0000000440)) close_range$auto(0x2, 0x8, 0x0) 18m58.10106845s ago: executing program 2 (id=1062): socket(0x6, 0x3, 0x37) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket(0x2, 0x3, 0x73) socket(0xa, 0x1, 0x84) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/mountinfo\x00', 0x28c40, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/midi2\x00', 0x101e41, 0x0) ioperm$auto(0x8, 0x7, 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyr0\x00', 0x60540, 0x0) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x40, 0x0) socket(0x15, 0xa, 0x0) mmap$auto(0x7, 0x1, 0xffffffffffffffff, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xffffffffffffffff, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x7, 0x0) lsm_list_modules$auto(0x0, 0x0, 0x0) r1 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000280), 0x141182, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r1, 0x40146f2c, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x40146f2b, 0x0) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x40802, 0x0) read$auto(r2, 0x0, 0xb4d3) unshare$auto(0x40000080) setsockopt$auto(0x400000000000003, 0x29, 0xc8, 0x0, 0x567) acct$auto(&(0x7f0000000280)='/dev/ocfs2_control\x00') 18m57.109079896s ago: executing program 2 (id=1066): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) sendto$auto(0x3, 0x0, 0x2000f, 0x101, 0x0, 0x1c) memfd_secret$auto(0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) pidfd_open$auto(0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x801, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x2, 0x1aa438a6, 0x6, 0x0, 0x15f4da0b, 0x6, 0x9, 0x100000000000000c, 0x8, 0x4, 0xfca, 0x9, 0x3, 0x4000000000000d]}, 0x0) 18m56.951785021s ago: executing program 2 (id=1069): mmap$auto(0x0, 0xfb1, 0xffffffff, 0x9b72, 0x2, 0x8000) r0 = getpgrp(0x0) ioprio_get$auto_IOPRIO_WHO_PGRP(0x2, r0) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv4/neigh/vlan1/base_reachable_time\x00', 0x40400, 0x0) read$auto(r1, 0x0, 0x1ff) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x2, 0x7) open_tree_attr$auto(r3, 0x0, 0x45, 0x0, 0x2) openat$auto(r3, &(0x7f0000000040)='./file0\x00', 0xd, 0x3) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000c00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'batadv0\x00'}) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0F:00/status\x00', 0xa140, 0x0) r5 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r5, &(0x7f0000000200)={0x0, 0x7}, 0x3) sendmsg$auto_NL80211_CMD_NOTIFY_RADAR(0xffffffffffffffff, 0x0, 0x4) io_setup$auto(0x207ffc, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000140)=""/122, 0x7a) 18m56.612893466s ago: executing program 2 (id=1070): mmap$auto(0x0, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) msgctl$auto_IPC_INFO(0xfffffff7, 0x3, &(0x7f0000000600)={{0x81, 0x0, 0x0, 0x2b2, 0xae5, 0x3ff, 0x4}, 0x0, &(0x7f00000005c0)=0xd9, 0x2, 0x3, 0x9, 0x7, 0x101, 0x3, 0x11, 0x2, @raw=0x2}) open(0x0, 0x161342, 0x100) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) getegid() r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x28f02, 0x0) open(0x0, 0x40800, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) pread64$auto(r1, 0x0, 0x10000000d, 0x5) read$auto(r1, 0x0, 0x2a52) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x9, 0x2, 0xb, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptya7\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r2, 0x40087101, 0x0) io_uring_setup$auto(0x59, 0x0) socket(0xa, 0x1, 0x7) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0x5}, 0x5, 0x5) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20242, 0x0) socket(0x2, 0x1, 0x0) mmap$auto(0x8, 0x420009, 0xdf, 0x10000000000eb1, 0x40000000000a5, 0x5) setuid$auto(0xe) write$auto(r0, &(0x7f00000000c0)='7\x7f\xb4\x86\x04|\x03\xcba\x00\x00\x00\x00\x00', 0x84) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) modify_ldt$auto(0x11, 0x0, 0x10) socket(0xa, 0x2, 0x0) setsockopt$auto(0x400000000000003, 0x29, 0x6, 0x0, 0x3) setreuid$auto(0x15, 0x5) 18m53.283596688s ago: executing program 2 (id=1072): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/tty/ttyw5/power/runtime_active_time\x00', 0x2a6063, 0x0) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0ro\x00', 0x4000, 0x0) setsockopt$auto(r1, 0x80, 0xfffffff8, &(0x7f0000000200)='.T\x00', 0x91b) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) request_key$auto(&(0x7f0000000500)='keyring\x00', &(0x7f0000000540)='\x00', 0x0, 0xffffffff) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ram14\x00', 0x420080, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x800000000805e, 0x3, 0x8000) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000640)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x103400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000680)=""/249, 0xf9) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, &(0x7f00000001c0)='/dev/virtual_nci\x00', 0x0) setresuid$auto(0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x88844}, 0x200088c0) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2100, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r6 = prctl$auto_PR_SET_MM_START_STACK(0x80000000, 0x5, 0x0, 0x2, 0x1) r7 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) ioctl$auto(r7, 0x3b82, r2) ioctl$auto_SNDRV_TIMER_IOCTL_PVERSION(r5, 0x80045400, &(0x7f0000000240)) write$auto(r4, &(0x7f0000000580)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\xf4\xf3\x8b\xa6[\xc3\xb6\x16^O\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k\x83\xcf\xc5D\xcc', 0x4) r8 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x2000000000, 0x10000000004, 0x4000000000df, 0x40eb1, r1, 0x300000000000) sched_setattr$auto(r8, 0x0, 0x7b) ioctl$auto_USBDEVFS_SETINTERFACE(r6, 0x80085504, &(0x7f0000000040)={0x3, 0x4}) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004680), 0xffffffffffffffff) mmap$auto(0x2, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) 18m37.739818679s ago: executing program 32 (id=1072): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/tty/ttyw5/power/runtime_active_time\x00', 0x2a6063, 0x0) r1 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000080)='/dev/mtd0ro\x00', 0x4000, 0x0) setsockopt$auto(r1, 0x80, 0xfffffff8, &(0x7f0000000200)='.T\x00', 0x91b) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) request_key$auto(&(0x7f0000000500)='keyring\x00', &(0x7f0000000540)='\x00', 0x0, 0xffffffff) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ram14\x00', 0x420080, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x800000000805e, 0x3, 0x8000) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000640)='/sys/bus/usb/drivers/usbip-host/match_busid\x00', 0x103400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000680)=""/249, 0xf9) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$auto_SO_RCVPRIORITY(0xffffffffffffffff, 0x2, 0x52, &(0x7f00000001c0)='/dev/virtual_nci\x00', 0x0) setresuid$auto(0x0, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x88844}, 0x200088c0) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x2100, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r6 = prctl$auto_PR_SET_MM_START_STACK(0x80000000, 0x5, 0x0, 0x2, 0x1) r7 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x80001, 0x0) ioctl$auto(r7, 0x3b82, r2) ioctl$auto_SNDRV_TIMER_IOCTL_PVERSION(r5, 0x80045400, &(0x7f0000000240)) write$auto(r4, &(0x7f0000000580)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\xf4\xf3\x8b\xa6[\xc3\xb6\x16^O\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k\x83\xcf\xc5D\xcc', 0x4) r8 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x2000000000, 0x10000000004, 0x4000000000df, 0x40eb1, r1, 0x300000000000) sched_setattr$auto(r8, 0x0, 0x7b) ioctl$auto_USBDEVFS_SETINTERFACE(r6, 0x80085504, &(0x7f0000000040)={0x3, 0x4}) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000004680), 0xffffffffffffffff) mmap$auto(0x2, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket(0x29, 0x2, 0x0) 9m33.77720382s ago: executing program 0 (id=2750): unshare$auto(0x40000080) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x20) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000048c0)='/dev/dsp1\x00', 0x20000, 0x0) (async) select$auto(0x4, 0x0, &(0x7f0000000100)={[0x9, 0x7, 0xfffffffffffffff9, 0x9, 0x7ff, 0x3, 0x6, 0x2, 0x9, 0xffff, 0x1ff, 0xd, 0x3, 0x200000201, 0x7, 0x6]}, 0x0, 0x0) (async) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0xca5c2, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async) recvfrom$auto(0xffffffffffffffff, 0x0, 0x0, 0x40, 0x0, 0x0) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x40}, 0x6a) (async) r2 = socket(0xa, 0x2, 0x0) sendmmsg$auto(r2, &(0x7f0000000180)={{&(0x7f0000000040), 0xb8, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x9}, 0x1, 0x8008) (async) close_range$auto(0x2, 0x8, 0x0) (async) prctl$auto(0x59616d61, 0xdaffffffffffffff, 0x1, 0x4, 0xfffffffffffffffb) (async, rerun: 64) sysfs$auto(0x3, 0x5a0, 0xffffffff00000000) (async, rerun: 64) prctl$auto(0x59616d61, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffe5) (async) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dri/renderD128\x00', 0x0, 0x0) (async) r4 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_UBI_IOCATT(r4, 0x40186f40, 0x0) (async) ioctl$auto(r3, 0x64c4, 0xffffffffffffffff) (async) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async) r5 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) (async) sendmmsg$auto(r5, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f0000000040)="4a67d23edb3100000000000000000075210d2de44406c2fb21", 0x49}, 0x5, &(0x7f0000000180), 0x5}, 0x1}, 0x2, 0x3) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) (async) r6 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r6, 0xffffffffffdffe00, &(0x7f0000000140)=';') (async) r7 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0x18bd01, 0x0) ioctl$auto_USBDEVFS_BULK(r7, 0xc0185502, &(0x7f0000000200)={0x81, 0x8, 0x1, 0x0}) 9m32.977231392s ago: executing program 0 (id=2755): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x5, 0x0) setsockopt$auto(r0, 0x10000000084, 0x12, 0x0, 0x4) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) mmap$auto(0x400, 0x81, 0x0, 0x13, 0xffffffffffffffff, 0x4) write$auto(0xffffffffffffffff, 0x0, 0x40) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe\x00', 0x101000, 0x0) close_range$auto(r2, 0x8, 0x2000005) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) faccessat2$auto(r1, &(0x7f0000000080)='./file0\x00', 0x81, 0x3) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) socket(0x2a, 0x2, 0x8001) socket(0x15, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xa, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x990, 0xffffffffffffffff, 0x1, 0x8, 0x4002a1, 0x95f4da0a, 0x8, 0x68ae9338, 0x62, 0x80000041, 0x4, 0x0, 0xc, 0x5, 0xfffffffffffffffe]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x7ff, 0x3, 0x15f4da0a, 0x3, 0x3, 0x1, 0x80000023, 0x7, 0x6d3e, 0xc, 0x2495dae0, 0x6]}, 0x0) 9m32.238745154s ago: executing program 0 (id=2756): r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(r0, 0xc0104d08, r0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty42\x00', 0x40741, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) mknod$auto(0x0, 0xea3, 0x2) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) ioctl$auto(0x3, 0x402c542d, r1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000140)='/proc/asound/card1/cable#0\x00', 0x8f3b7a51b80ebd01, 0x0) waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000340)={@siginfo_0_0={0x101, 0x2, 0x8000, @_sigsys={&(0x7f0000000240)="b089237097b88e40064c533331bb0ef0f3871bb6271d7c7ebbe31d346d27fcd831cda35f211ad5adaa038e646c925d67cb31086631f969ce129b0382463779415e39b70fdf797cdb0eca20afbf1e054a9d1bf9b9fa44a34ce03f43ec9f1a78f74d9ccfca985bd58f840af3597c60703d4620907775a0081ef431f8be10d6c7e35ff52ec27aa3d1eadd29fe6529475538b872e0ee7197cf928e9dff0c41514b651f787dcf714aff7f2ec83d8412b0ad30a25b00075552903ebc130811936d5bd79f1741067769d3a50baa767782d8d0426cfc", 0x9, 0x2}}}, 0x3ff, &(0x7f00000003c0)={{0x3, 0x1000000007}, {0xc, 0x4}, 0xc4, 0x5, 0x7f, 0xffffffffff000002, 0x9, 0x5, 0x400, 0x6, 0xa511, 0x100, 0x1, 0x6, 0xbdf6, 0x819b}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x401, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0xa, 0x0, 0x20) close_range$auto(0x2, 0x8, 0x0) socket(0x80000000000000a, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop7/trace/act_mask\x00', 0x402, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000080)='/dev/fuse\x00', 0x501, 0x0) ioctl$auto_FUSE_DEV_IOC_CLONE(r2, 0x8004e500, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xc01) write$auto(0x3, 0x0, 0xfffffdef) 9m31.293159511s ago: executing program 0 (id=2759): close_range$auto(0x0, 0xfffffffffffff000, 0x2) r0 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0xdaa0, 0x1, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r0, 0x0) inotify_init1$auto(0x3000000000000) mmap$auto(0x0, 0x2a, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) r1 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) bind$auto(0x3, &(0x7f0000000040)=@ethernet={0x1, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1cc5087217524dd0}}, 0x6a) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x4177, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x3, 0xa) getsockopt$auto_SO_DOMAIN(r2, 0x401, 0x27, &(0x7f0000000300)='/\x00\x00\x00\x00\x00\xf8\x00\x00', &(0x7f00000002c0)=0x2) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mkdir$auto(0x0, 0x89) socket(0x3, 0x80000, 0x4000003) socket$nl_generic(0x10, 0x3, 0x10) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, r1, 0x8000) r3 = eventfd$auto(0x80) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x1a1000, 0x0) readv$auto(r3, &(0x7f0000000380)={0x0, 0x8}, 0x8) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x80240, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0xfffffffffffffffd, 0x948b, 0x3, 0x800295f4da0a, 0x2, 0x0, 0x5f, 0x4, 0x50a7, 0x6d3f, 0x8, 0x2, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7f, 0x11, 0x1, 0x948f, 0x1005, 0x206, 0x7, 0xfffffffffffffff6, 0x7, 0x9, 0x79d, 0x6, 0x100000000000000, 0xfffffffffffffffe, 0xf]}, 0x0) 9m30.21744765s ago: executing program 0 (id=2764): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/bus/usb/037/001\x00', 0xa02, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000000c0)={0x23, 0x1, 0x2, 0x1, 0x7fa, 0xffff, &(0x7f0000000100)}) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r1, &(0x7f0000000100)='7\x00\\\xa0\x04\xdb\xc3\x8cnI\x9c\t\xbck\x17\xfe_9\xdf\v\x9d\xf7\xa9+n\xf19\x8ba\xe38\xf7u~\r\x91p\x90x\xd9y\xef\x06\xafs\x90\xf0\xf9\xc3\'r\xac\x8d\\\xccM\xe3\x05\x87\x8c\x1beu\xa6\xab\xb2}\xb6\xb8\xa1\xb4\x98\x0f\x9b(8\xb9\xcb\x88\x0e\x99\x81f&\xe4\xe1\xf1\xe0iS\x93\xea\xa1\xb8\xa6T\xf4G\xb0m\xe5!\xa3\xda\x83\xc1\b\xb3\xce\x1bq\x03\xf7\t\x8f', 0x81) getsockopt$auto_SO_COOKIE(r1, 0x8001, 0x39, 0x0, 0x0) mmap$auto(0x9, 0x7, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) syslog$auto(0x4, &(0x7f0000000040)='7\x00\\\xa0\x04\xdb\xc3\x8cnI\x9c\t\xbck\x17\xfe_9\xdf\v\x9d\xf7\xa9+n\xf19\x8ba\xe38\xf7u~\r\x91p\x90x\xd9y\xef\x06\xafs\x90\xf0\xf9\xc3\'r\xac\x8d\\\xccM\xe3\x05\x87\x8c\x1beu\xa6\xab\xb2}\xb6\xb8\xa1\xb4\x98\x0f\x9b(8\xb9\xcb\x88\x0e\x99\x81f&\xe4\xe1\xf1\xe0iS\x93\xea\xa1\xb8\xa6T\xf4G\xb0m\xe5!\xa3\xda\x83\xc1\b\xb3\xce\x1bq\x03\xf7\t\x8f', 0xf4) 9m29.070620584s ago: executing program 0 (id=2766): mmap$auto(0x5, 0x4, 0x4, 0x40eb1, 0xffffffffffffffff, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x80000000006, 0x4, 0x48eb1, 0xffffffffffffffff, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x110000, 0x6, 0x0) madvise$auto(0x0, 0x6, 0x66) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x8, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x1000000000000, 0x3, 0x4, 0x1000014, 0x401, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0xe779, 0x400000000007, 0xdf, 0x13, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x84) r0 = socket(0x28, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) clock_nanosleep$auto(0x8, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x2a2100, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) write$auto(r0, &(0x7f0000000080)='/dev/ttyS2\x00', 0xe) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS2\x00', 0x10000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 9m13.944146056s ago: executing program 33 (id=2766): mmap$auto(0x5, 0x4, 0x4, 0x40eb1, 0xffffffffffffffff, 0x300000000000) socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x80000000006, 0x4, 0x48eb1, 0xffffffffffffffff, 0x300000000000) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0xffffffffffffffff, 0x0, 0x110000, 0x6, 0x0) madvise$auto(0x0, 0x6, 0x66) madvise$auto(0x0, 0xffffffffffff0005, 0x19) sendmmsg$auto(0x3, 0x0, 0x8, 0x7000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) lseek$auto(0x3, 0x7fffffffffffffff, 0x0) mmap$auto(0x0, 0xa00006, 0x400002, 0x40ebe, 0xffffffffffffffff, 0x300000000000) io_uring_setup$auto(0x6, 0x0) mmap$auto(0x1000000000000, 0x3, 0x4, 0x1000014, 0x401, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0xe779, 0x400000000007, 0xdf, 0x13, 0xffffffffffffffff, 0x0) socket(0xa, 0x1, 0x84) r0 = socket(0x28, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) clock_nanosleep$auto(0x8, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x2a2100, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) write$auto(r0, &(0x7f0000000080)='/dev/ttyS2\x00', 0xe) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/ttyS2\x00', 0x10000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 9.569243298s ago: executing program 3 (id=4208): ioctl$auto(0x3, 0x40a0ae49, 0x38) ioctl$auto_XFS_IOC_EXCHANGE_RANGE(0xffffffffffffffff, 0x40285881, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x9, 0x81, 0xa006, 0x401}) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac1414200800"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0x3, 0x9) socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) close_range$auto(0x2, 0x8, 0x0) 5.946190587s ago: executing program 3 (id=4214): ioctl$auto_XFS_IOC_EXCHANGE_RANGE(0xffffffffffffffff, 0x40285881, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x9, 0x81, 0xa006, 0x401}) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac141420080001"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0x3, 0x9) socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 5.64323954s ago: executing program 3 (id=4217): mmap$auto(0xffffffffffffffff, 0x4020009, 0x6, 0x410, 0x401, 0xfff) mmap$auto(0xfffffffffffffffd, 0x2000f, 0x4000000000000000, 0x400000000e31, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4801}, 0x844) r0 = io_uring_setup$auto(0x8, &(0x7f0000000140)={0x0, 0x3, 0x9, 0x10004, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x8], {0x9, 0x1, 0x6, 0x2, 0x420, 0x1001, 0x3fdc, 0x6806, 0x5}, {0x2, 0x140, 0x54ed, 0x0, 0x301, 0xff, 0x7, 0xa, 0x3}}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000540)=ANY=[@ANYRESDEC=r0, @ANYBLOB="010027"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x39b8) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000003b80)='/dev/snd/pcmC0D0c\x00', 0x8100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(r2, 0xc2604110, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYRESOCT=r1, @ANYRESHEX=r3, @ANYBLOB="01002bbd7000fedbdf2516000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x2404c010) syz_clone(0x100, &(0x7f00000003c0)="edd37ad06217d8db0ae2279b431bb2a94903c0ef03d4499680d4e821693ee4f448f83abd6cb8bf49bebeb0e0b61233f250c886e3258e52811acaa2df504b9b7293dc1609cb4510dd22774c1fcc03313be36244a07fab98f264c4a41022d95868f978999e3a0c390e71a929b2704690744520fbb3adfbd092e2f25124076ce336db652204fe2dcffc16b3a37e7eb59a526f62a4691e9923f2177eed92562c6972d851d25fb1b9cdb23f394d00391c6be76a0ce2b5099afe86bfd2fe65e818b788ea572e0e8c87d52fc4471a31b291d7813ffed15644aedc5cd93007085fde014da1950ef8dd2503f69db15db2e5026e36885cedba92237d551c50", 0xfa, &(0x7f00000001c0), &(0x7f00000004c0), &(0x7f0000000500)="2472320c88c8e04bad91a352aeecd800804b4fdadf5d67fd21a1c762f79c686335d70e8998d787a8e62ee5e87173152a945c768555e4c3") r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/security/tomoyo/stat\x00', 0x1a1100, 0x0) write$auto_tomoyo_operations_securityfs_if(r5, &(0x7f00000002c0)="408db36d4854781b779225b5ee69adf1b94a4ca01efe3d355d289c4c6b009cec7f9b11e42fd683ce75eac2dc32c304111de5a6300adde99209eb1a5d2f78e3b5039f651a2bf86943b782f64a02d24c9b062250a6612a1ddcbf071b1ec7166e861b3ed6a1a7529ea6be31883052bfabb8b2bf48674c1689407ef08dd1a60971f28f6c6195a2ac4e7884bfe9decd47c51093b2b213eb8e7a15f530003fc9e81a5ad3110a128632e29f3b61bcf819545fa4052ae2744e40707f2de6c90e4b225515c3dee3d41f539cd336bda718a7cc7960b97207d008f78a25059c958fc52bd0e5640578058183be9df0ad8cd5343c00", 0xef) r6 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) read$auto_tracing_iter_fops_trace(r6, &(0x7f0000000600)=""/214, 0xd6) writev$auto(r4, &(0x7f0000000240)={&(0x7f0000000180), 0x9}, 0x400b) sysfs$auto(0x2, 0x4a, 0x0) fsopen$auto(0x0, 0x1) r7 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) pread64$auto(r7, 0x0, 0x2, 0x3) 4.564449258s ago: executing program 3 (id=4219): r0 = gettid() kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@buf=0x0, 0x8ab0, 0x6c0000c000, 0xc000}, 0x4) kill$auto(r0, 0x11) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x3000000, 0x0, 0x1, 0x0, 0x10000000000000, 0x2}, 0x895}, 0x3, 0x0) sendmsg$auto_NETDEV_CMD_NAPI_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0xfffffffffffffda0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="fc1f0000", @ANYRES16=0x0, @ANYBLOB="01002abd7000fddbdf250e000000"], 0x14}, 0x1, 0x0, 0x0, 0x20008040}, 0x20000004) r1 = getpid() sendmsg$auto_TIPC_NL_PEER_REMOVE(0xffffffffffffffff, &(0x7f00000110c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0xc004}, 0x40) process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) msync$auto(0x110c230000, 0x200001, 0x6) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7) r2 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card1\x00', 0x0, 0x0) ioctl$auto(r2, 0x9000643b, 0xcd) getpriority$auto_PRIO_PGRP(0x1, r0) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) 4.438164174s ago: executing program 5 (id=4220): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000840)={'wlan1\x00', 0x0}) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x7, 0x3e, 0xfffffffffffffffa, 0x1ffde, 0x7, 0x100000001, 0x2, 0x9, 0x3, 0x6, 0x4, 0xb4, 0x9, 0x2, 0x10000, 0x80, 0x7, 0x0, 0x7, 0x2000, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3]}, 0x1fe, 0x200d) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=r2, @ANYBLOB="0a00050000000000000000000a2001000000000000000a0001000000000200"/48, @ANYRES32=0x0, @ANYBLOB="0000006cc37a4855cdfcdb5344eb58bb082d9cee6cf0aa313cb7fa916df02ccc98e20b304765f3b725cd7975eca5a624cf55867a36328b011ac93f46a7635a66"], 0x68}, 0x1, 0x0, 0x0, 0x4044080}, 0x40090) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="e6a4d27afbcdf5181fa75a84b5e9aa95536eaf445c", @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r3 = socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vhci_hcd.12/usb34/34-0:1.0/usb34-port1/power/control\x00', 0x10040, 0x0) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) getcwd$auto(&(0x7f0000000000)='\x00', 0xc0000000000000) sendmsg$auto_NL80211_CMD_DEL_PMK(r0, &(0x7f0000000a00)={0x0, 0x0, &(0x7f00000009c0)={&(0x7f0000000880)={0x1c, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48880}, 0x80) syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000480), r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000140)={'vxcan1\x00', 0x0}) sendmsg$auto_BATADV_CMD_GET_TRANSTABLE_GLOBAL(r4, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c000000", @ANYRES32=r5, @ANYBLOB="c79f25bd70011bdbdf250700000008000300", @ANYRES32=r5, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0xc031}, 0x4045) 3.923866128s ago: executing program 5 (id=4223): getpgid$auto(0xffffffffffffffff) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x9, 0x400007, 0x20000000df, 0x9b72, r0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a9402, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) shmctl$auto_IPC_SET(0x4, 0x1, &(0x7f0000000280)={{0x80, 0xee00, 0xee00, 0xca6d, 0x8, 0x4bd6, 0x5}, 0xd21, 0x5, 0x8000000000000000, 0x1, @inferred=0xffffffffffffffff, @raw=0x440, 0x9, 0x0, &(0x7f0000000140)="4f0d6995e943b6bc1919e836e1a6e889b4881e233d3b51e066bb0a054c9e474be535fd29da", &(0x7f0000000200)="e3ac9b01ee8d985b677531eeeee5cb5bf774d2df4d9ae6dccbc98def20b72c7c2826a585ba3a8d67815abade214708a4ade77c6faa2f2889ca3e7989f32645dd597a3ae1b46e8d8c7e03ae6b8aaa49f6bf64cc5fa98e25"}) fsconfig$auto(r0, 0x800, &(0x7f0000000040)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/power/wakeup_abort_count\x00', 0x0, r1) write$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffffff, &(0x7f00000001c0)="624d1bfe595046ab5c98199adf260600de16baef6176e6021e1dce210500e8fdffff0000000000fffffffe00a7ed73de11691c13403c82be", 0x7b) process_mrelease$auto(0xffffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) write$auto(0x3, 0x0, 0x100082) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2, 0x1, 0x106) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) bind$auto(r2, &(0x7f0000000000)=@in={0x2, 0x3, @multicast1}, 0x6a) connect$auto(r2, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x23}}, 0x54) clone$auto(0x8ffe, 0xfffffffffffffffa, 0xffffffffffffffff, 0xfffffffffffffffc, 0x8) ioctl$auto(0x3, 0x80000541b, 0x38) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'bond_slave_0\x00'}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.658639397s ago: executing program 4 (id=4224): sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac141420080001"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0xa, 0x9) socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/ip6gre0/ioam6_id_wide\x00', 0x0, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/neigh/veth0_to_bond/delay_first_probe_time\x00', 0x8a042, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 3.268149474s ago: executing program 4 (id=4226): mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) io_uring_setup$auto(0x6, 0x0) (async, rerun: 64) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) (async) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) (async) preadv$auto(0x3, &(0x7f0000000040)={0x0, 0x5}, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x7069, 0x8, 0x19, 0x401, 0x8ffd) (async) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async, rerun: 32) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xae80, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0x2}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) (async) io_uring_register$auto(0x2, 0x1d, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mremap$auto(0x0, 0x7, 0x3fd6, 0x3, 0x200000) mremap$auto(0x1, 0x4, 0x3, 0x50a, 0x6) 3.21646894s ago: executing program 1 (id=4227): mmap$auto(0x0, 0x1, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) mmap$auto(0x0, 0x200004, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r0 = socket(0xa, 0x3, 0x3) recvmmsg$auto(r0, 0x0, 0xfffe, 0xf8fb, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/pci_bus/0000:00/rescan\x00', 0xc2801, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000800)='/sys/devices/virtual/bdi/43:384/max_bytes\x00', 0x181482, 0x0) read$auto(r2, 0x0, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x0, 0x1, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x20040c84}, 0x8010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) write$auto(r1, 0x0, 0x6) futex$auto(0x0, 0x8c, 0x1, 0x0, 0x0, 0x1) unshare$auto(0x40000080) ioctl$auto(0x3, 0x89e0, 0x91) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r3, 0x0, 0x20) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) writev$auto(r4, &(0x7f0000000200)={0x0, 0xb}, 0x3) r5 = mq_open$auto(&(0x7f0000000280)='\\*)A\x00', 0x7e, 0x9, 0x0) mq_notify$auto(r5, 0x0) ioctl$auto_BLKROSET(r5, 0x125d, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) 2.633540363s ago: executing program 4 (id=4228): mmap$auto(0xffffffffffffffff, 0x4020009, 0x6, 0x410, 0x401, 0xfff) mmap$auto(0xfffffffffffffffd, 0x2000f, 0x4000000000000000, 0x400000000e31, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4801}, 0x844) r0 = io_uring_setup$auto(0x8, &(0x7f0000000140)={0x0, 0x3, 0x9, 0x10004, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x8], {0x9, 0x1, 0x6, 0x2, 0x420, 0x1001, 0x3fdc, 0x6806, 0x5}, {0x2, 0x140, 0x54ed, 0x0, 0x301, 0xff, 0x7, 0xa, 0x3}}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000540)=ANY=[@ANYRESDEC=r0, @ANYBLOB="010027"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x39b8) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000003b80)='/dev/snd/pcmC0D0c\x00', 0x8100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(r2, 0xc2604110, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYRESOCT=r1, @ANYRESHEX=r3, @ANYBLOB="01002bbd7000fedbdf2516000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x2404c010) syz_clone(0x100, &(0x7f00000003c0)="edd37ad06217d8db0ae2279b431bb2a94903c0ef03d4499680d4e821693ee4f448f83abd6cb8bf49bebeb0e0b61233f250c886e3258e52811acaa2df504b9b7293dc1609cb4510dd22774c1fcc03313be36244a07fab98f264c4a41022d95868f978999e3a0c390e71a929b2704690744520fbb3adfbd092e2f25124076ce336db652204fe2dcffc16b3a37e7eb59a526f62a4691e9923f2177eed92562c6972d851d25fb1b9cdb23f394d00391c6be76a0ce2b5099afe86bfd2fe65e818b788ea572e0e8c87d52fc4471a31b291d7813ffed15644aedc5cd93007085fde014da1950ef8dd2503f69db15db2e5026e36885cedba92237d551c50", 0xfa, &(0x7f00000001c0), &(0x7f00000004c0), &(0x7f0000000500)="2472320c88c8e04bad91a352aeecd800804b4fdadf5d67fd21a1c762f79c686335d70e8998d787a8e62ee5e87173152a945c768555e4c3") r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/security/tomoyo/stat\x00', 0x1a1100, 0x0) write$auto_tomoyo_operations_securityfs_if(r5, &(0x7f00000002c0)="408db36d4854781b779225b5ee69adf1b94a4ca01efe3d355d289c4c6b009cec7f9b11e42fd683ce75eac2dc32c304111de5a6300adde99209eb1a5d2f78e3b5039f651a2bf86943b782f64a02d24c9b062250a6612a1ddcbf071b1ec7166e861b3ed6a1a7529ea6be31883052bfabb8b2bf48674c1689407ef08dd1a60971f28f6c6195a2ac4e7884bfe9decd47c51093b2b213eb8e7a15f530003fc9e81a5ad3110a128632e29f3b61bcf819545fa4052ae2744e40707f2de6c90e4b225515c3dee3d41f539cd336bda718a7cc7960b97207d008f78a25059c958fc52bd0e5640578058183be9df0ad8cd5343c00", 0xef) r6 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) read$auto_tracing_iter_fops_trace(r6, &(0x7f0000000600)=""/214, 0xd6) writev$auto(r4, &(0x7f0000000240)={&(0x7f0000000180), 0x9}, 0x400b) sysfs$auto(0x2, 0x4a, 0x0) fsopen$auto(0x0, 0x1) r7 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) pread64$auto(r7, 0x0, 0x2, 0x3) 2.469971931s ago: executing program 5 (id=4229): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x800, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) (async) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async, rerun: 32) close_range$auto(0x2, 0x8, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) (async) ioctl$auto_KVM_GET_MSRS(r1, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x571, 0x2, 0x8000b70d}]}) (async, rerun: 32) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) (rerun: 32) r3 = open(&(0x7f0000000800)='./file1\x00', 0x163ac1, 0x82) (async) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) socket(0x2, 0x1, 0x106) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) (async) sysfs$auto(0x2, 0x23, 0x0) (async) r4 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r4, 0x0, 0x4) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvmmsg$auto(r3, 0x0, 0x3, 0xdfff, 0x0) 2.159381811s ago: executing program 3 (id=4230): mmap$auto(0x200000000, 0x5, 0x8, 0x40009b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x89, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) ioctl$auto(0x3, 0xae60, 0x10000000000402) r1 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f00000002c0), r0) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f00000000c0), 0xffffffff}, 0x6, 0x0) r3 = setfsuid$auto(0xee00) setreuid$auto(r3, 0x0) r4 = waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x2001, 0x0) shmctl$auto_SHM_STAT_ANY(0x0, 0xf, &(0x7f00000006c0)={{0x7, r3, 0x0, 0x4, 0x6, 0x81, 0x48d}, 0x1, 0x5, 0x8, 0x2, @inferred=r4, @raw=0x5, 0x5, 0x0, 0x0, 0x0}) r6 = openat$auto_msft_opcode_fops_(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/bluetooth/hci5/msft_opcode\x00', 0xa4000, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r0, &(0x7f0000000880)={&(0x7f0000000100), 0xc, &(0x7f0000000840)={&(0x7f0000000300)={0x2c8, r1, 0x8, 0x70bd2d, 0x25dfdbfd, {}, [@OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x1c7, 0x1, 0x0, 0x1, [@typed={0xc, 0xb7, 0x0, 0x0, @u64=0x7}, @typed={0x8, 0x74, 0x0, 0x0, @uid=r5}, @typed={0x8, 0x6b, 0x0, 0x0, @pid=r2}, @nested={0xb1, 0x12e, 0x0, 0x1, [@nested={0x4, 0x39}, @typed={0x5, 0x1e, 0x0, 0x0, @str='\x00'}, @nested={0x10, 0xfc, 0x0, 0x1, [@typed={0x8, 0x70, 0x0, 0x0, @ipv4=@local}, @nested={0x4, 0x9}]}, @typed={0x8, 0x8d, 0x0, 0x0, @u32=0x8000}, @generic="471e7607f7024031a1d899be6e6ae86be6a36c97c0fafaa8ae6ef1050dac15e10b", @typed={0x8, 0x39, 0x0, 0x0, @fd=r6}, @generic="02c5af7958f926ddeb85834b03cef36b2e593bdf629eee039e13b5231734eef575a66b958990b829c65020b03af38aff554bd666d1a7aad45402b5b044f39bcdf374a1c0", @nested={0x4, 0x14c}, @nested={0x4, 0x76}, @typed={0x14, 0x147, 0x0, 0x0, @ipv6=@loopback}]}, @generic="76c0f940f7c6e9f552d83f61297bd151c1ffc3e3c76dcac59a26e7a4a90d6ab2f530a2370d99d1b469c369a9a8337026f46616f8288ef4c99faaa709aca0d3ffefcad5ae8752529eeb3c47fda69d2a47055ad5d9897aa4e2e94d4aea4d8e1d634e4e8cb1dde4f8b1fdac1a66d713365a35478ef55dc23f06bca7ddec26d86ad62a7715abc6fed64a2129c92925c36677acb5b541dc568cb57a0e49cf69bd88b0bf48d8ac4c1486916c7d98d1554854932b81b5d7e4f74d90c912f11fa175283fc73bc98cc8c10dd38925f2de5f3f5c0874a9ac4b0784568f966b0827208b8216ebd151eb0fa5e30deefa98cc385d770cbf1fb5"]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0xc, 0x1, 0x0, 0x1, [@typed={0x8, 0x135, 0x0, 0x0, @pid=r4}]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x15, 0x1, 0x0, 0x1, [@nested={0x4, 0x23}, @generic="0aad5b5b74fe4127f001c1155a"]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0xc4, 0x1, 0x0, 0x1, [@nested={0xbd, 0x13, 0x0, 0x1, [@typed={0x14, 0x11c, 0x0, 0x0, @ipv6=@loopback}, @nested={0x4, 0x78}, @generic="1a04a1a0aeb6da28e3e924fbd86ead5e7ea6659a1ce56b68cb01fae152687921b6a4ba9883c30bcda6538d9d1cac4ca581a2e31424c522a2f4f9ff3adc3fa8be2d4d9ba2bb6402495948d90218335625605abfa03ae451a4b7b4d9639b081a14c3565ab6206a9c1ecea49b4d21c3f81b729265d22c0a66ea1e3741f5c9e1dac1b81b43518292cdc3a8a54fc5f2095d2140c8288f08c9bf6195", @typed={0x8, 0xf2, 0x0, 0x0, @pid=r2}]}]}, @OVS_CT_LIMIT_ATTR_ZONE_LIMIT={0x4}]}, 0x2c8}, 0x1, 0x0, 0x0, 0x80}, 0x40) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0x1, 0x0, 0x80000000) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r7, &(0x7f0000001040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYRES16, @ANYBLOB="010025bd7000f7dbdf250100003f"], 0x14}, 0x1, 0x0, 0x0, 0x44000}, 0x0) r8 = socket(0x10, 0x2, 0x0) bind$auto(r8, &(0x7f0000000000)=@generic={0x10, "a500acb75c9cedd1b5e9a0d76293"}, 0x68) sendmsg$auto_NET_DM_CMD_CONFIG_GET(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="399b0000", @ANYRES16=0x0, @ANYBLOB="00042cbd7000ffdbdf250600000004001500050001000400000004000000040015000400140008000b000800000008000b0002000000"], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x8800) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)) munmap$auto(0x8000, 0xffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) 1.821287589s ago: executing program 5 (id=4231): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0) clock_getres$auto(0x10, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[], 0x1c}}, 0x0) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), 0xffffffffffffffff) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x1c, 0x9, 0x63, 0x0, 0x0, 0x0, 0x1000, 0x8, 0x80000000000000a, 0x40000402, 0x9, 0x9, 0xffffffff80000000, 0xd, 0x6, 0x200000100103}) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x29b010c0, 0x100000eb1, 0x40000000000a1, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)={0x20, r4, 0x1, 0x70bd28, 0x25dbdbfe, {}, [@ETHTOOL_A_TUNNEL_INFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000000) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000003c0)=ANY=[@ANYBLOB="14255e003e44b6cbb613d04d70925fbb7418c09a925f622d055c1246c937f96e7e170c4a315489ab494c63e2a0e1b20a2ba942c5a72a285eaa4f9ea2649c95a3532aaddf31947ef44962d8578997c4605937dddfd4d54c64c4d153060000005d91df41833137cd5c2f9bd90ab9e00d993261e9b6fcc31ae268d247a1f7f87b66c044663c5e1ad9d00fa244533e08b90b6646b713c9ea2294a16178deb70e2a", @ANYRES16=0x0, @ANYBLOB="01002bbd7000fedbdf2516000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4044000) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/security/tomoyo/stat\x00', 0x181000, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x0, 0xfa9d, 0x5, &(0x7f0000000280)=0xfa, 0x400, 0x3) set_mempolicy_home_node$auto(0x80000000, 0x10001, 0x80, 0x0) semctl$auto_SEM_INFO(0x5, 0x4, 0x13, 0x0) write$auto_tomoyo_operations_securityfs_if(r5, &(0x7f00000002c0)="408db36d4854781b779225b5ee69adf1b94a4ca01efe3d355d289c4c6b009cec7f9b11e42fd683ce75eac2dc32c304111de5a6300adde99209eb1a5d2f78e3b5039f651a2bf86943b782f64a02d24c9b062250a6612a1ddcbf071b1ec7166e861b3ed6a1a7529ea6be31883052bfabb8b2bf48674c1689407ef08dd1a60971f28f6c6195a2ac4e7884bfe9decd47c51093b2b213eb8e7a15f530003fc9e81a5ad3110a128632e29f3b61bcf819545fa4052ae2744e40707f2de6c90e4b225515c3dee3d41f539cd336bda718a7cc7960b97207d008f78a25059c958fc52bd0e5640578058183be9df0ad8cd5343c00", 0xef) r6 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/trace_options\x00', 0x0, 0x0) read$auto_tracing_iter_fops_trace(r6, &(0x7f0000000040)=""/219, 0xdb) writev$auto(r1, &(0x7f0000000240)={&(0x7f0000000180), 0x9}, 0xb) sysfs$auto(0x2, 0x4a, 0x0) 1.75304944s ago: executing program 4 (id=4232): openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptya7\x00', 0x80200, 0x0) 1.637184633s ago: executing program 1 (id=4233): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r3 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r2, 0x4b68, r3) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000680), r3) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000006c0)={'caif0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000001c0)={'virt_wifi0\x00', 0x0}) nanosleep$auto(&(0x7f0000000180)={0x3, 0x100000000044d4}, 0x0) sendmsg$auto_BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)={0x24, r4, 0xb11, 0x70bd27, 0x25dfdbfb, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4001}, 0x9800) 1.283872367s ago: executing program 1 (id=4234): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, 0x0) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x40, r2, 0x1b, 0x74bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x10, 0x3, 0x0, 0x1, [@nested={0xc, 0x16, 0x0, 0x1, [@nested={0x8, 0x1, 0x0, 0x1, [@nested={0x4788, 0x33}]}]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828848"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) 1.214660152s ago: executing program 5 (id=4235): ioctl$auto_XFS_IOC_EXCHANGE_RANGE(0xffffffffffffffff, 0x40285881, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x9, 0x81, 0xa006, 0x401}) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac141420080001"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket(0x11, 0x3, 0x9) socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 1.156556737s ago: executing program 4 (id=4236): sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0xa, 0x9) socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x8800, 0x0) socket(0xa, 0x2, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/ip6gre0/ioam6_id_wide\x00', 0x0, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 1.004576731s ago: executing program 1 (id=4237): ioctl$auto(0x3, 0x40a0ae49, 0x38) ioctl$auto_XFS_IOC_EXCHANGE_RANGE(0xffffffffffffffff, 0x40285881, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x9, 0x81, 0xa006, 0x401}) sendmsg$auto_TCP_METRICS_CMD_GET(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="0100f9020000fbdbdf250100000008000b00ac141420080001"], 0x24}, 0x1, 0x0, 0x0, 0x14}, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = socket(0x11, 0x3, 0x9) socket(0xa, 0x2, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYRES32=0x0, @ANYRES8=r0, @ANYRES8=r1], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) close_range$auto(0x2, 0x8, 0x0) 667.046094ms ago: executing program 1 (id=4238): mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) madvise$auto(0x0, 0x200007, 0x19) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x19, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x3, 0x40, 0x104, 0x8, 0x100000000}}) syz_clone(0x1002000, 0x0, 0x0, 0x0, 0x0, 0x0) futex_wake$auto(0x0, 0x5, 0x4, 0xa) futex_wake$auto(&(0x7f0000000000)="facff2b53ab3522cb329b5a87bdbc091f5a6ad597f2789e870d64db4cf6503135f5a750abc973b65703b664991ab45d13445d9c4df1d25210345f44468854c9689b943d1c65073bf11fd0c98fb48f9f4d67c0908e7470167", 0xfffffffffffffff8, 0xfff, 0x7f) 497.719733ms ago: executing program 5 (id=4239): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) futex$auto(&(0x7f0000000080)=0x1, 0xb, 0x1, 0x0, 0x0, 0xfffffffa) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) preadv2$auto(0x3, 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x2e) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) sched_setattr$auto(0x0, 0x0, 0x7b) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0xa, 0x1, 0x84) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r1 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/fb0\x00', 0x2a082, 0x0) ioctl$auto_FBIOPAN_DISPLAY(r1, 0x4606, &(0x7f0000000000)) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x4008) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x40000008000) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x0) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) uname$auto(0x0) setsockopt$auto(0x3, 0x81, 0x85, 0x0, 0x90) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) 433.835401ms ago: executing program 4 (id=4240): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0xd4, 0x8000) mknod$auto(&(0x7f0000000040)='./file0\x00', 0x9, 0x400) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/smaps_rollup\x00', 0x88882, 0x0) (async) r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/smaps_rollup\x00', 0x88882, 0x0) pread64$auto(r0, 0x0, 0x7fff, 0x3) close_range$auto(0x2, 0x8, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) unlinkat$auto(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x9d2) (async) unlinkat$auto(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x9d2) openat$auto_uprobe_events_ops_trace_uprobe(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/tracing/uprobe_events\x00', 0x428400, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cpu.max\x00', 0x20b02, 0x0) io_uring_register$auto_IORING_UNREGISTER_FILES(r1, 0x3, &(0x7f00000002c0)="193f32b995f0ecb4ddf8cd83baeda5c352a745215ad880cc4c561670de2d13131c656d339507302cd18b379f551569932d17bb17195ecfc677eb23ac801128003ef54e78817f1a", 0x80000000) (async) io_uring_register$auto_IORING_UNREGISTER_FILES(r1, 0x3, &(0x7f00000002c0)="193f32b995f0ecb4ddf8cd83baeda5c352a745215ad880cc4c561670de2d13131c656d339507302cd18b379f551569932d17bb17195ecfc677eb23ac801128003ef54e78817f1a", 0x80000000) sendfile$auto(r1, r1, &(0x7f0000000000)=0x3, 0xad6) (async) sendfile$auto(r1, r1, &(0x7f0000000000)=0x3, 0xad6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0xc, 0x5, 0x100, 0x11, r2, 0xfffffffffffffff6) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) (async) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x94441, 0x0) (async) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x94441, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0) r5 = landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x3, 0x3}, 0x18, 0x0) bpf$auto(0x0, &(0x7f00000003c0)=@task_fd_query={0x5, 0x21ea, 0x7ff, 0x3, 0x0, 0x80000001, r5}, 0x6f4) read$auto(r4, 0x0, 0x20) (async) read$auto(r4, 0x0, 0x20) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x48041, 0x0) write$auto(r6, 0x0, 0x6) unshare$auto(0x40000080) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/vhci_hcd.0/usb9/9-0:1.0/usb9-port3/quirks\x00', 0x20001, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000000)="b2", 0x1) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) (async) r8 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/neigh/bond_slave_1/ucast_solicit\x00', 0x101202, 0x0) sendfile$auto(r2, r8, 0x0, 0x1) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) 52.937283ms ago: executing program 1 (id=4241): mmap$auto(0xffffffffffffffff, 0x4020009, 0x6, 0x410, 0x401, 0xfff) mmap$auto(0xfffffffffffffffd, 0x2000f, 0x4000000000000000, 0x400000000e31, 0xffffffffffffffff, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4801}, 0x844) r0 = io_uring_setup$auto(0x8, &(0x7f0000000140)={0x0, 0x3, 0x9, 0x10004, 0xc, 0xc05, 0xffffffffffffffff, [0x7fd, 0x1001, 0x8], {0x9, 0x1, 0x6, 0x2, 0x420, 0x1001, 0x3fdc, 0x6806, 0x5}, {0x2, 0x140, 0x54ed, 0x0, 0x301, 0xff, 0x7, 0xa, 0x3}}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000540)=ANY=[@ANYRESDEC=r0, @ANYBLOB="010027"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x39b8) r2 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000003b80)='/dev/snd/pcmC0D0c\x00', 0x8100, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_REFINE2(r2, 0xc2604110, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/dynamic_debug/control\x00', 0x482, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000005c0)=ANY=[@ANYRESOCT=r1, @ANYRESHEX=r3, @ANYBLOB="01002bbd7000fedbdf2516000000"], 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x2404c010) syz_clone(0x100, &(0x7f00000003c0)="edd37ad06217d8db0ae2279b431bb2a94903c0ef03d4499680d4e821693ee4f448f83abd6cb8bf49bebeb0e0b61233f250c886e3258e52811acaa2df504b9b7293dc1609cb4510dd22774c1fcc03313be36244a07fab98f264c4a41022d95868f978999e3a0c390e71a929b2704690744520fbb3adfbd092e2f25124076ce336db652204fe2dcffc16b3a37e7eb59a526f62a4691e9923f2177eed92562c6972d851d25fb1b9cdb23f394d00391c6be76a0ce2b5099afe86bfd2fe65e818b788ea572e0e8c87d52fc4471a31b291d7813ffed15644aedc5cd93007085fde014da1950ef8dd2503f69db15db2e5026e36885cedba92237d551c50", 0xfa, &(0x7f00000001c0), &(0x7f00000004c0), &(0x7f0000000500)="2472320c88c8e04bad91a352aeecd800804b4fdadf5d67fd21a1c762f79c686335d70e8998d787a8e62ee5e87173152a945c768555e4c3") r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/security/tomoyo/stat\x00', 0x1a1100, 0x0) write$auto_tomoyo_operations_securityfs_if(r5, &(0x7f00000002c0)="408db36d4854781b779225b5ee69adf1b94a4ca01efe3d355d289c4c6b009cec7f9b11e42fd683ce75eac2dc32c304111de5a6300adde99209eb1a5d2f78e3b5039f651a2bf86943b782f64a02d24c9b062250a6612a1ddcbf071b1ec7166e861b3ed6a1a7529ea6be31883052bfabb8b2bf48674c1689407ef08dd1a60971f28f6c6195a2ac4e7884bfe9decd47c51093b2b213eb8e7a15f530003fc9e81a5ad3110a128632e29f3b61bcf819545fa4052ae2744e40707f2de6c90e4b225515c3dee3d41f539cd336bda718a7cc7960b97207d008f78a25059c958fc52bd0e5640578058183be9df0ad8cd5343c00", 0xef) r6 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) read$auto_tracing_iter_fops_trace(r6, &(0x7f0000000600)=""/214, 0xd6) writev$auto(r4, &(0x7f0000000240)={&(0x7f0000000180), 0x9}, 0x400b) sysfs$auto(0x2, 0x4a, 0x0) fsopen$auto(0x0, 0x1) r7 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) pread64$auto(r7, 0x0, 0x2, 0x3) 0s ago: executing program 3 (id=4242): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/net/afs/cells\x00', 0x181800, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/uevent_helper\x00', 0x20681, 0x0) write$auto(r0, &(0x7f0000000040)='/dev/ram14\x00', 0x2) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000140)=0x643) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/virtual/block/zram0/mm_stat\x00', 0x8900, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)=""/233, 0xe9) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r1, 0x4008af60, &(0x7f0000000000)=0x5) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r4 = socket(0xa, 0x1, 0x84) io_uring_setup$auto(0x401, 0x0) getsockopt$auto(r4, 0x84, 0x14, 0x0, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) setreuid$auto(0x0, 0x7fffffffffffffff) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) kernel console output (not intermixed with test programs): shmem_zero_setup+0x93/0x1b0 [ 1316.081931][T24715] __mmap_region+0x22ff/0x2ad0 [ 1316.081956][T24715] ? __pfx___mmap_region+0x10/0x10 [ 1316.081975][T24715] ? __lock_acquire+0x436/0x2890 [ 1316.082008][T24715] ? finish_task_switch.isra.0+0x207/0xbd0 [ 1316.082031][T24715] ? lockdep_hardirqs_on+0x7c/0x110 [ 1316.082048][T24715] ? finish_task_switch.isra.0+0x207/0xbd0 [ 1316.082112][T24715] ? rcu_is_watching+0x12/0xc0 [ 1316.082141][T24715] mmap_region+0x1ab/0x3f0 [ 1316.082162][T24715] ? __get_unmapped_area+0x267/0x3f0 [ 1316.082189][T24715] do_mmap+0xa3e/0x1210 [ 1316.082225][T24715] ? __pfx_do_mmap+0x10/0x10 [ 1316.082250][T24715] ? __pfx_down_write_killable+0x10/0x10 [ 1316.082274][T24715] vm_mmap_pgoff+0x29e/0x470 [ 1316.082302][T24715] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1316.082331][T24715] ? __x64_sys_futex+0x1e0/0x4c0 [ 1316.082350][T24715] ? __x64_sys_futex+0x1e9/0x4c0 [ 1316.082373][T24715] ksys_mmap_pgoff+0x7d/0x5c0 [ 1316.082397][T24715] ? xfd_validate_state+0x61/0x180 [ 1316.082412][T24715] ? __pfx_ksys_write+0x10/0x10 [ 1316.082440][T24715] __x64_sys_mmap+0x125/0x190 [ 1316.082460][T24715] do_syscall_64+0xcd/0xf80 [ 1316.082478][T24715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1316.082495][T24715] RIP: 0033:0x7fa8da38f7c9 [ 1316.082510][T24715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1316.082526][T24715] RSP: 002b:00007fa8db2ae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1316.082542][T24715] RAX: ffffffffffffffda RBX: 00007fa8da5e6180 RCX: 00007fa8da38f7c9 [ 1316.082553][T24715] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1316.082563][T24715] RBP: 00007fa8da413f91 R08: fffffffffffffffa R09: 0000000000008000 [ 1316.082573][T24715] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1316.082583][T24715] R13: 00007fa8da5e6218 R14: 00007fa8da5e6180 R15: 00007ffc86ecbd48 [ 1316.082605][T24715] [ 1316.407737][T24669] lowmem_reserve[]: 0 0 1 1 1 [ 1316.412578][T24669] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1316.442754][T24669] lowmem_reserve[]: 0 0 0 0 0 [ 1316.447908][T24669] Node 1 Normal free:3908480kB boost:0kB min:55548kB low:69432kB high:83316kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:964kB local_pcp:964kB free_cma:0kB [ 1316.480264][T24669] lowmem_reserve[]: 0 0 0 0 0 [ 1316.485142][T24669] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1316.498459][T24669] Node 0 DMA32: 1050*4kB (UE) 4060*8kB (UM) 3132*16kB (UE) 0*32kB 339*64kB (UME) 600*128kB (UME) 523*256kB (UME) 279*512kB (UME) 135*1024kB (UM) 11*2048kB (UME) 105*4096kB (UM) = 1052872kB [ 1316.517674][T24669] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1316.530021][T24669] Node 1 Normal: 208*4kB (UME) 54*8kB (UME) 33*16kB (UME) 202*32kB (UME) 89*64kB (UME) 38*128kB (UME) 14*256kB (UME) 6*512kB (UME) 2*1024kB (UM) 5*2048kB (UME) 945*4096kB (M) = 3908480kB [ 1316.549015][T24669] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1316.558962][T24669] Node 0 hugepages_total=1 hugepages_free=0 hugepages_surp=1 hugepages_size=2048kB [ 1316.568410][T24669] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1316.578053][T24669] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1316.587403][T24669] 95076 total pagecache pages [ 1316.592145][T24669] 0 pages in swap cache [ 1316.596327][T24669] Free swap = 124996kB [ 1316.601624][T24669] Total swap = 124996kB [ 1316.605830][T24669] 2097051 pages RAM [ 1316.609669][T24669] 0 pages HighMem/MovableOnly [ 1316.614487][T24669] 429780 pages reserved [ 1316.618724][T24669] 0 pages cma reserved [ 1317.204954][T24718] netlink: 'syz.1.3636': attribute type 1 has an invalid length. [ 1317.214418][T24718] netlink: 33 bytes leftover after parsing attributes in process `syz.1.3636'. [ 1317.405832][T24728] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1317.451783][T24728] FAULT_INJECTION: forcing a failure. [ 1317.451783][T24728] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1317.501919][T24728] CPU: 0 UID: 0 PID: 24728 Comm: syz.4.3639 Tainted: G L syzkaller #0 PREEMPT(full) [ 1317.501948][T24728] Tainted: [L]=SOFTLOCKUP [ 1317.501954][T24728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1317.501971][T24728] Call Trace: [ 1317.501977][T24728] [ 1317.501984][T24728] dump_stack_lvl+0x16c/0x1f0 [ 1317.502006][T24728] should_fail_ex+0x512/0x640 [ 1317.502031][T24728] get_futex_key+0x1d0/0x15f0 [ 1317.502053][T24728] ? __pfx_get_futex_key+0x10/0x10 [ 1317.502070][T24728] ? find_held_lock+0x2b/0x80 [ 1317.502099][T24728] futex_wake+0xea/0x530 [ 1317.502124][T24728] ? __pfx_futex_wake+0x10/0x10 [ 1317.502148][T24728] ? __pfx_vfs_writev+0x10/0x10 [ 1317.502174][T24728] ? do_writev+0x218/0x340 [ 1317.502200][T24728] do_futex+0x1e3/0x350 [ 1317.502221][T24728] ? __pfx_do_futex+0x10/0x10 [ 1317.502239][T24728] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1317.502264][T24728] __x64_sys_futex+0x1e0/0x4c0 [ 1317.502285][T24728] ? fput+0x70/0xf0 [ 1317.502302][T24728] ? __pfx___x64_sys_futex+0x10/0x10 [ 1317.502323][T24728] ? __pfx_do_writev+0x10/0x10 [ 1317.502352][T24728] do_syscall_64+0xcd/0xf80 [ 1317.502370][T24728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1317.502388][T24728] RIP: 0033:0x7fa8da38f7c9 [ 1317.502403][T24728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1317.502420][T24728] RSP: 002b:00007fa8db2f00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1317.502437][T24728] RAX: ffffffffffffffda RBX: 00007fa8da5e5fa8 RCX: 00007fa8da38f7c9 [ 1317.502449][T24728] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa8da5e5fac [ 1317.502459][T24728] RBP: 00007fa8da5e5fa0 R08: 00007fa8db2f1000 R09: 0000000000000000 [ 1317.502469][T24728] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1317.502478][T24728] R13: 00007fa8da5e6038 R14: 00007ffc86ecbc60 R15: 00007ffc86ecbd48 [ 1317.502500][T24728] [ 1317.951262][T24728] FAULT_INJECTION: forcing a failure. [ 1317.951262][T24728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1317.981287][T24728] CPU: 0 UID: 0 PID: 24728 Comm: syz.4.3639 Tainted: G L syzkaller #0 PREEMPT(full) [ 1317.981316][T24728] Tainted: [L]=SOFTLOCKUP [ 1317.981322][T24728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1317.981332][T24728] Call Trace: [ 1317.981338][T24728] [ 1317.981345][T24728] dump_stack_lvl+0x16c/0x1f0 [ 1317.981367][T24728] should_fail_ex+0x512/0x640 [ 1317.981392][T24728] _copy_from_user+0x2e/0xd0 [ 1317.981413][T24728] kstrtouint_from_user+0xd6/0x1d0 [ 1317.981440][T24728] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1317.981465][T24728] ? __lock_acquire+0x436/0x2890 [ 1317.981485][T24728] ? iovec_from_user+0xbb/0x140 [ 1317.981511][T24728] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1317.981528][T24728] proc_fail_nth_write+0x83/0x220 [ 1317.981545][T24728] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1317.981569][T24728] vfs_writev+0x5df/0xde0 [ 1317.981599][T24728] ? __pfx_vfs_writev+0x10/0x10 [ 1317.981622][T24728] ? fdget_pos+0x2a2/0x370 [ 1317.981652][T24728] ? __fget_files+0x20e/0x3c0 [ 1317.981682][T24728] ? do_writev+0x132/0x340 [ 1317.981704][T24728] do_writev+0x132/0x340 [ 1317.981727][T24728] ? __pfx_do_writev+0x10/0x10 [ 1317.981757][T24728] do_syscall_64+0xcd/0xf80 [ 1317.981776][T24728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1317.981794][T24728] RIP: 0033:0x7fa8da38f7c9 [ 1317.981808][T24728] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1317.981826][T24728] RSP: 002b:00007fa8db2f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1317.981843][T24728] RAX: ffffffffffffffda RBX: 00007fa8da5e5fa0 RCX: 00007fa8da38f7c9 [ 1317.981854][T24728] RDX: 0000000000000003 RSI: 0000200000000200 RDI: 0000000000000003 [ 1317.981864][T24728] RBP: 00007fa8da413f91 R08: 0000000000000000 R09: 0000000000000000 [ 1317.981873][T24728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1317.981883][T24728] R13: 00007fa8da5e6038 R14: 00007fa8da5e5fa0 R15: 00007ffc86ecbd48 [ 1317.981906][T24728] [ 1318.760165][T24739] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1319.532392][T24753] FAULT_INJECTION: forcing a failure. [ 1319.532392][T24753] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1319.641366][T24753] CPU: 0 UID: 0 PID: 24753 Comm: syz.4.3645 Tainted: G L syzkaller #0 PREEMPT(full) [ 1319.641397][T24753] Tainted: [L]=SOFTLOCKUP [ 1319.641404][T24753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1319.641419][T24753] Call Trace: [ 1319.641426][T24753] [ 1319.641433][T24753] dump_stack_lvl+0x16c/0x1f0 [ 1319.641455][T24753] should_fail_ex+0x512/0x640 [ 1319.641481][T24753] should_fail_alloc_page+0xe7/0x130 [ 1319.641511][T24753] prepare_alloc_pages+0x401/0x670 [ 1319.641540][T24753] ? rcu_is_watching+0x12/0xc0 [ 1319.641567][T24753] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 1319.641589][T24753] ? should_fail_alloc_page+0xee/0x130 [ 1319.641617][T24753] ? rcu_is_watching+0x12/0xc0 [ 1319.641640][T24753] ? trace_mm_page_alloc+0x11b/0x180 [ 1319.641666][T24753] ? __alloc_frozen_pages_noprof+0x292/0x2430 [ 1319.641690][T24753] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1319.641712][T24753] ? find_held_lock+0x2b/0x80 [ 1319.641735][T24753] ? is_bpf_text_address+0x8a/0x1a0 [ 1319.641758][T24753] ? bpf_ksym_find+0x124/0x1c0 [ 1319.641778][T24753] ? kernel_text_address+0x8d/0x100 [ 1319.641798][T24753] ? __kernel_text_address+0xd/0x40 [ 1319.641816][T24753] ? unwind_get_return_address+0x59/0xa0 [ 1319.641847][T24753] alloc_pages_bulk_noprof+0x77a/0x1410 [ 1319.641868][T24753] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1319.641896][T24753] ? policy_nodemask+0xea/0x4e0 [ 1319.641925][T24753] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1319.641947][T24753] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1319.641990][T24753] __kasan_populate_vmalloc+0xfb/0x220 [ 1319.642018][T24753] alloc_vmap_area+0x98d/0x2a50 [ 1319.642053][T24753] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1319.642084][T24753] __get_vm_area_node+0x1ca/0x330 [ 1319.642116][T24753] __vmalloc_node_range_noprof+0x247/0x16b0 [ 1319.642135][T24753] ? kernel_clone+0xfc/0x910 [ 1319.642160][T24753] ? local_lock_release+0x99/0x130 [ 1319.642183][T24753] ? kernel_clone+0xfc/0x910 [ 1319.642213][T24753] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1319.642231][T24753] ? __memcg_slab_post_alloc_hook+0x472/0x880 [ 1319.642253][T24753] ? rcu_is_watching+0x12/0xc0 [ 1319.642277][T24753] ? kernel_clone+0xfc/0x910 [ 1319.642301][T24753] __vmalloc_node_noprof+0xad/0xf0 [ 1319.642318][T24753] ? kernel_clone+0xfc/0x910 [ 1319.642345][T24753] copy_process+0x619/0x7430 [ 1319.642370][T24753] ? __pfx___futex_wait+0x10/0x10 [ 1319.642401][T24753] ? __pfx_copy_process+0x10/0x10 [ 1319.642431][T24753] ? futex_private_hash_put+0x160/0x1b0 [ 1319.642453][T24753] kernel_clone+0xfc/0x910 [ 1319.642480][T24753] ? __pfx_kernel_clone+0x10/0x10 [ 1319.642517][T24753] __do_sys_clone+0xce/0x120 [ 1319.642542][T24753] ? __pfx___do_sys_clone+0x10/0x10 [ 1319.642577][T24753] ? xfd_validate_state+0x61/0x180 [ 1319.642592][T24753] ? __pfx_ksys_write+0x10/0x10 [ 1319.642623][T24753] do_syscall_64+0xcd/0xf80 [ 1319.642641][T24753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1319.642658][T24753] RIP: 0033:0x7fa8da38f7c9 [ 1319.642674][T24753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1319.642690][T24753] RSP: 002b:00007fa8db2cefe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1319.642707][T24753] RAX: ffffffffffffffda RBX: 00007fa8da5e6090 RCX: 00007fa8da38f7c9 [ 1319.642718][T24753] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040011 [ 1319.642728][T24753] RBP: 00007fa8da413f91 R08: 0000000000000000 R09: 0000000000000000 [ 1319.642738][T24753] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1319.642749][T24753] R13: 00007fa8da5e6128 R14: 00007fa8da5e6090 R15: 00007ffc86ecbd48 [ 1319.642772][T24753] [ 1322.336577][T24763] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1322.416116][T24763] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1322.534310][T24763] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1322.593347][T24763] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1322.838673][T24763] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1322.953631][T24772] netlink: 'syz.4.3651': attribute type 1 has an invalid length. [ 1322.985737][T24763] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1323.013070][T24763] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1323.038174][T24772] netlink: 33 bytes leftover after parsing attributes in process `syz.4.3651'. [ 1323.203579][T24763] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1323.249185][T24763] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1323.478520][T24763] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1324.263187][T24808] FAULT_INJECTION: forcing a failure. [ 1324.263187][T24808] name failslab, interval 1, probability 0, space 0, times 0 [ 1324.399371][ T6660] Bluetooth: hci3: command 0x0c1a tx timeout [ 1324.466700][T24808] CPU: 0 UID: 0 PID: 24808 Comm: syz.3.3656 Tainted: G L syzkaller #0 PREEMPT(full) [ 1324.466731][T24808] Tainted: [L]=SOFTLOCKUP [ 1324.466737][T24808] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1324.466746][T24808] Call Trace: [ 1324.466753][T24808] [ 1324.466760][T24808] dump_stack_lvl+0x16c/0x1f0 [ 1324.466782][T24808] should_fail_ex+0x512/0x640 [ 1324.466803][T24808] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1324.466827][T24808] should_failslab+0xc2/0x120 [ 1324.466854][T24808] kmem_cache_alloc_noprof+0x83/0x770 [ 1324.466875][T24808] ? dup_fd+0x52/0xc70 [ 1324.466917][T24808] ? dup_fd+0x52/0xc70 [ 1324.466940][T24808] dup_fd+0x52/0xc70 [ 1324.466968][T24808] ? apparmor_task_alloc+0x2c1/0x3b0 [ 1324.466990][T24808] copy_process+0x255d/0x7430 [ 1324.467016][T24808] ? preempt_schedule_thunk+0x16/0x30 [ 1324.467042][T24808] ? __pfx_copy_process+0x10/0x10 [ 1324.467067][T24808] ? find_held_lock+0x2b/0x80 [ 1324.467092][T24808] ? futex_private_hash_put+0x160/0x1b0 [ 1324.467114][T24808] kernel_clone+0xfc/0x910 [ 1324.467140][T24808] ? __pfx_futex_wake+0x10/0x10 [ 1324.467163][T24808] ? __pfx_kernel_clone+0x10/0x10 [ 1324.467199][T24808] __do_sys_clone+0xce/0x120 [ 1324.467224][T24808] ? __pfx___do_sys_clone+0x10/0x10 [ 1324.467259][T24808] ? xfd_validate_state+0x61/0x180 [ 1324.467274][T24808] ? __pfx_ksys_write+0x10/0x10 [ 1324.467305][T24808] do_syscall_64+0xcd/0xf80 [ 1324.467323][T24808] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1324.467340][T24808] RIP: 0033:0x7fd06ff8f7c9 [ 1324.467354][T24808] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1324.467371][T24808] RSP: 002b:00007fd070edafe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1324.467387][T24808] RAX: ffffffffffffffda RBX: 00007fd0701e6090 RCX: 00007fd06ff8f7c9 [ 1324.467398][T24808] RDX: 0000000000000000 RSI: 0000000000020010 RDI: 0000000000040011 [ 1324.467408][T24808] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1324.467418][T24808] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1324.467427][T24808] R13: 00007fd0701e6128 R14: 00007fd0701e6090 R15: 00007ffe92787528 [ 1324.467448][T24808] [ 1325.093925][T24817] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3659'. [ 1325.141276][ T6660] Bluetooth: hci5: command 0x0c1a tx timeout [ 1325.147349][ T6660] Bluetooth: hci1: command 0x0c1a tx timeout [ 1325.153368][ T6660] Bluetooth: hci2: command 0x0406 tx timeout [ 1325.173773][T12957] Bluetooth: hci0: command 0x0c1a tx timeout [ 1325.391272][T24517] Bluetooth: hci6: command 0x0c1a tx timeout [ 1326.933620][T24845] netlink: 'syz.3.3664': attribute type 1 has an invalid length. [ 1327.088911][T24845] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3664'. [ 1327.203192][T12957] Bluetooth: hci2: command 0x0406 tx timeout [ 1327.209243][T24517] Bluetooth: hci0: command 0x0c1a tx timeout [ 1327.431902][T24517] Bluetooth: hci6: command 0x0c1a tx timeout [ 1328.373498][T24859] binder: 24858:24859 ioctl 80e85411 200000000100 returned -22 [ 1328.434042][T24859] netlink: 342 bytes leftover after parsing attributes in process `syz.5.3669'. [ 1328.815977][T24867] FAULT_INJECTION: forcing a failure. [ 1328.815977][T24867] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1328.840504][T24861] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3668'. [ 1328.911293][T24867] CPU: 0 UID: 0 PID: 24867 Comm: syz.3.3670 Tainted: G L syzkaller #0 PREEMPT(full) [ 1328.911322][T24867] Tainted: [L]=SOFTLOCKUP [ 1328.911328][T24867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1328.911338][T24867] Call Trace: [ 1328.911344][T24867] [ 1328.911352][T24867] dump_stack_lvl+0x16c/0x1f0 [ 1328.911375][T24867] should_fail_ex+0x512/0x640 [ 1328.911401][T24867] should_fail_alloc_page+0xe7/0x130 [ 1328.911430][T24867] prepare_alloc_pages+0x401/0x670 [ 1328.911457][T24867] ? rcu_is_watching+0x12/0xc0 [ 1328.911483][T24867] __alloc_frozen_pages_noprof+0x18b/0x2430 [ 1328.911504][T24867] ? should_fail_alloc_page+0xee/0x130 [ 1328.911533][T24867] ? rcu_is_watching+0x12/0xc0 [ 1328.911557][T24867] ? trace_mm_page_alloc+0x11b/0x180 [ 1328.911583][T24867] ? __alloc_frozen_pages_noprof+0x292/0x2430 [ 1328.911607][T24867] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1328.911630][T24867] ? find_held_lock+0x2b/0x80 [ 1328.911652][T24867] ? is_bpf_text_address+0x8a/0x1a0 [ 1328.911675][T24867] ? bpf_ksym_find+0x124/0x1c0 [ 1328.911695][T24867] ? kernel_text_address+0x8d/0x100 [ 1328.911714][T24867] ? __kernel_text_address+0xd/0x40 [ 1328.911733][T24867] ? unwind_get_return_address+0x59/0xa0 [ 1328.911762][T24867] alloc_pages_bulk_noprof+0x77a/0x1410 [ 1328.911783][T24867] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1328.911810][T24867] ? policy_nodemask+0xea/0x4e0 [ 1328.911838][T24867] ? __pfx_alloc_pages_bulk_noprof+0x10/0x10 [ 1328.911861][T24867] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1328.911903][T24867] __kasan_populate_vmalloc+0xfb/0x220 [ 1328.911931][T24867] alloc_vmap_area+0x98d/0x2a50 [ 1328.911964][T24867] ? __pfx_alloc_vmap_area+0x10/0x10 [ 1328.911995][T24867] __get_vm_area_node+0x1ca/0x330 [ 1328.912025][T24867] __vmalloc_node_range_noprof+0x247/0x16b0 [ 1328.912043][T24867] ? kernel_clone+0xfc/0x910 [ 1328.912068][T24867] ? local_lock_release+0x99/0x130 [ 1328.912091][T24867] ? kernel_clone+0xfc/0x910 [ 1328.912120][T24867] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1328.912139][T24867] ? __memcg_slab_post_alloc_hook+0x472/0x880 [ 1328.912161][T24867] ? rcu_is_watching+0x12/0xc0 [ 1328.912186][T24867] ? kernel_clone+0xfc/0x910 [ 1328.912209][T24867] __vmalloc_node_noprof+0xad/0xf0 [ 1328.912226][T24867] ? kernel_clone+0xfc/0x910 [ 1328.912252][T24867] copy_process+0x619/0x7430 [ 1328.912278][T24867] ? __pfx___futex_wait+0x10/0x10 [ 1328.912300][T24867] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1328.912326][T24867] ? lockdep_hardirqs_on+0x7c/0x110 [ 1328.912348][T24867] ? __pfx_copy_process+0x10/0x10 [ 1328.912373][T24867] ? find_held_lock+0x2b/0x80 [ 1328.912397][T24867] ? futex_private_hash_put+0x160/0x1b0 [ 1328.912419][T24867] kernel_clone+0xfc/0x910 [ 1328.912445][T24867] ? __pfx_kernel_clone+0x10/0x10 [ 1328.912482][T24867] __do_sys_clone+0xce/0x120 [ 1328.912507][T24867] ? __pfx___do_sys_clone+0x10/0x10 [ 1328.912541][T24867] ? xfd_validate_state+0x61/0x180 [ 1328.912557][T24867] ? __pfx_ksys_write+0x10/0x10 [ 1328.912586][T24867] do_syscall_64+0xcd/0xf80 [ 1328.912605][T24867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1328.912622][T24867] RIP: 0033:0x7fd06ff8f7c9 [ 1328.912637][T24867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1328.912653][T24867] RSP: 002b:00007fd070edafe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1328.912670][T24867] RAX: ffffffffffffffda RBX: 00007fd0701e6090 RCX: 00007fd06ff8f7c9 [ 1328.912681][T24867] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040011 [ 1328.912690][T24867] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1328.912700][T24867] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1328.912709][T24867] R13: 00007fd0701e6128 R14: 00007fd0701e6090 R15: 00007ffe92787528 [ 1328.912731][T24867] [ 1328.912800][T24867] warn_alloc: 1 callbacks suppressed [ 1328.912810][T24867] syz.3.3670: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null) [ 1329.611224][T24517] Bluetooth: hci6: command 0x0c1a tx timeout [ 1331.492082][T24867] ,cpuset=/,mems_allowed=0-1 [ 1331.523579][T24867] CPU: 0 UID: 0 PID: 24867 Comm: syz.3.3670 Tainted: G L syzkaller #0 PREEMPT(full) [ 1331.523608][T24867] Tainted: [L]=SOFTLOCKUP [ 1331.523614][T24867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1331.523624][T24867] Call Trace: [ 1331.523631][T24867] [ 1331.523638][T24867] dump_stack_lvl+0x16c/0x1f0 [ 1331.523660][T24867] warn_alloc+0x248/0x3a0 [ 1331.523683][T24867] ? __pfx_warn_alloc+0x10/0x10 [ 1331.523705][T24867] ? kfree+0x2f8/0x6e0 [ 1331.523723][T24867] ? __get_vm_area_node+0x2cd/0x330 [ 1331.523754][T24867] ? __get_vm_area_node+0x2cd/0x330 [ 1331.523779][T24867] ? __get_vm_area_node+0x1dc/0x330 [ 1331.523807][T24867] ? __get_vm_area_node+0x208/0x330 [ 1331.523844][T24867] __vmalloc_node_range_noprof+0xbe0/0x16b0 [ 1331.523863][T24867] ? local_lock_release+0x99/0x130 [ 1331.523887][T24867] ? kernel_clone+0xfc/0x910 [ 1331.523929][T24867] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 1331.523949][T24867] ? __memcg_slab_post_alloc_hook+0x472/0x880 [ 1331.523972][T24867] ? rcu_is_watching+0x12/0xc0 [ 1331.523998][T24867] ? kernel_clone+0xfc/0x910 [ 1331.524025][T24867] __vmalloc_node_noprof+0xad/0xf0 [ 1331.524043][T24867] ? kernel_clone+0xfc/0x910 [ 1331.524071][T24867] copy_process+0x619/0x7430 [ 1331.524097][T24867] ? __pfx___futex_wait+0x10/0x10 [ 1331.524119][T24867] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1331.524147][T24867] ? lockdep_hardirqs_on+0x7c/0x110 [ 1331.524170][T24867] ? __pfx_copy_process+0x10/0x10 [ 1331.524195][T24867] ? find_held_lock+0x2b/0x80 [ 1331.524224][T24867] ? futex_private_hash_put+0x160/0x1b0 [ 1331.524251][T24867] kernel_clone+0xfc/0x910 [ 1331.524282][T24867] ? __pfx_kernel_clone+0x10/0x10 [ 1331.524319][T24867] __do_sys_clone+0xce/0x120 [ 1331.524345][T24867] ? __pfx___do_sys_clone+0x10/0x10 [ 1331.524380][T24867] ? xfd_validate_state+0x61/0x180 [ 1331.524396][T24867] ? __pfx_ksys_write+0x10/0x10 [ 1331.524427][T24867] do_syscall_64+0xcd/0xf80 [ 1331.524445][T24867] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1331.524463][T24867] RIP: 0033:0x7fd06ff8f7c9 [ 1331.524478][T24867] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1331.524495][T24867] RSP: 002b:00007fd070edafe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1331.524514][T24867] RAX: ffffffffffffffda RBX: 00007fd0701e6090 RCX: 00007fd06ff8f7c9 [ 1331.524526][T24867] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040011 [ 1331.524536][T24867] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1331.524546][T24867] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1331.524556][T24867] R13: 00007fd0701e6128 R14: 00007fd0701e6090 R15: 00007ffe92787528 [ 1331.524583][T24867] [ 1331.527202][T24867] Mem-Info: [ 1332.271360][T24902] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input71 [ 1333.388211][T24867] active_anon:49953 inactive_anon:45 isolated_anon:0 [ 1333.388211][T24867] active_file:9972 inactive_file:49167 isolated_file:0 [ 1333.388211][T24867] unevictable:768 dirty:738 writeback:0 [ 1333.388211][T24867] slab_reclaimable:12663 slab_unreclaimable:101923 [ 1333.388211][T24867] mapped:56004 shmem:37008 pagetables:1388 [ 1333.388211][T24867] sec_pagetables:0 bounce:0 [ 1333.388211][T24867] kernel_misc_reclaimable:0 [ 1333.388211][T24867] free:1240910 free_pcp:9002 free_cma:0 [ 1333.727630][T24867] Node 0 active_anon:203384kB inactive_anon:180kB active_file:39888kB inactive_file:196532kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:221692kB dirty:2952kB writeback:0kB shmem:150164kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:14144kB pagetables:5320kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1333.926562][T24867] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:128kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 1334.093887][T24867] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1334.316056][T24867] lowmem_reserve[]: 0 2481 2483 2483 2483 [ 1334.361316][T24867] Node 0 DMA32 free:1018296kB boost:0kB min:34332kB low:42912kB high:51492kB reserved_highatomic:0KB free_highatomic:0KB active_anon:221276kB inactive_anon:180kB active_file:39888kB inactive_file:196540kB unevictable:1536kB writepending:3024kB zspages:0kB present:3129332kB managed:2540980kB mlocked:0kB bounce:0kB free_pcp:36672kB local_pcp:36672kB free_cma:0kB [ 1334.660093][T24867] lowmem_reserve[]: 0 0 1 1 1 [ 1334.701268][T24867] Node 0 Normal free:12kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 1334.923861][T24867] lowmem_reserve[]: 0 0 0 0 0 [ 1334.974257][T24867] Node 1 Normal free:3908232kB boost:0kB min:55548kB low:69432kB high:83316kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:1144kB local_pcp:1144kB free_cma:0kB [ 1335.220686][T24867] lowmem_reserve[]: 0 0 0 0 0 [ 1335.254706][T24867] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 1335.352126][T24867] Node 0 DMA32: 1660*4kB (UME) 4336*8kB (UM) 3156*16kB (UE) 112*32kB (U) 223*64kB (UME) 273*128kB (UME) 526*256kB (UME) 284*512kB (UME) 138*1024kB (UM) 5*2048kB (ME) 103*4096kB (M) = 998128kB [ 1335.507033][T24867] Node 0 Normal: 1*4kB (U) 1*8kB (U) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 12kB [ 1335.594672][T24867] Node 1 Normal: 148*4kB (UME) 53*8kB (UE) 33*16kB (UME) 202*32kB (UME) 89*64kB (UME) 38*128kB (UME) 14*256kB (UME) 6*512kB (UME) 2*1024kB (UM) 5*2048kB (UME) 945*4096kB (M) = 3908232kB [ 1335.755936][T24867] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1335.831386][T24867] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1335.881650][T24867] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 1335.949714][T24867] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 1336.015073][T24867] 104465 total pagecache pages [ 1336.070598][T24867] 0 pages in swap cache [ 1336.091948][T24867] Free swap = 124996kB [ 1336.113050][T24867] Total swap = 124996kB [ 1336.150456][T24867] 2097051 pages RAM [ 1336.178868][T24867] 0 pages HighMem/MovableOnly [ 1336.231296][T24867] 429780 pages reserved [ 1336.251387][T24867] 0 pages cma reserved [ 1336.486276][T24935] zero sized request [ 1338.724042][T24517] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1338.944568][T24974] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input72 [ 1340.747451][T24977] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input73 [ 1344.359036][T25019] FAULT_INJECTION: forcing a failure. [ 1344.359036][T25019] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1344.901810][T25019] CPU: 0 UID: 0 PID: 25019 Comm: syz.1.3703 Tainted: G L syzkaller #0 PREEMPT(full) [ 1344.901840][T25019] Tainted: [L]=SOFTLOCKUP [ 1344.901846][T25019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1344.901856][T25019] Call Trace: [ 1344.901862][T25019] [ 1344.901869][T25019] dump_stack_lvl+0x16c/0x1f0 [ 1344.901898][T25019] should_fail_ex+0x512/0x640 [ 1344.901924][T25019] get_futex_key+0x1085/0x15f0 [ 1344.901946][T25019] ? __pfx_get_futex_key+0x10/0x10 [ 1344.901966][T25019] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 1344.901992][T25019] ? __up_read+0x2d1/0x700 [ 1344.902014][T25019] futex_wake+0xea/0x530 [ 1344.902035][T25019] ? do_user_addr_fault+0x829/0x1370 [ 1344.902059][T25019] ? __pfx_futex_wake+0x10/0x10 [ 1344.902082][T25019] ? do_user_addr_fault+0x843/0x1370 [ 1344.902105][T25019] ? irqentry_exit+0x1dd/0x8c0 [ 1344.902121][T25019] ? lockdep_hardirqs_on+0x7c/0x110 [ 1344.902137][T25019] ? irqentry_exit+0x1dd/0x8c0 [ 1344.902152][T25019] ? trace_irq_disable.constprop.0+0xd4/0x110 [ 1344.902183][T25019] do_futex+0x1e3/0x350 [ 1344.902203][T25019] ? __pfx_do_futex+0x10/0x10 [ 1344.902228][T25019] mm_release+0x24e/0x300 [ 1344.902252][T25019] do_exit+0x69e/0x2bd0 [ 1344.902273][T25019] ? __pfx_do_exit+0x10/0x10 [ 1344.902289][T25019] ? do_raw_spin_lock+0x12c/0x2b0 [ 1344.902308][T25019] ? find_held_lock+0x2b/0x80 [ 1344.902334][T25019] do_group_exit+0xd3/0x2a0 [ 1344.902352][T25019] get_signal+0x2671/0x26d0 [ 1344.902384][T25019] ? __pfx_get_signal+0x10/0x10 [ 1344.902409][T25019] ? do_futex+0x122/0x350 [ 1344.902430][T25019] arch_do_signal_or_restart+0x8f/0x7a0 [ 1344.902457][T25019] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1344.902486][T25019] ? fput+0x70/0xf0 [ 1344.902503][T25019] ? __pfx___x64_sys_futex+0x10/0x10 [ 1344.902527][T25019] exit_to_user_mode_loop+0x8c/0x540 [ 1344.902551][T25019] do_syscall_64+0x4ee/0xf80 [ 1344.902570][T25019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1344.902587][T25019] RIP: 0033:0x7fb57b78f7c9 [ 1344.902602][T25019] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1344.902619][T25019] RSP: 002b:00007fb57c6870e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1344.902636][T25019] RAX: fffffffffffffe00 RBX: 00007fb57b9e6098 RCX: 00007fb57b78f7c9 [ 1344.902647][T25019] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007fb57b9e6098 [ 1344.902656][T25019] RBP: 00007fb57b9e6090 R08: 0000000000000000 R09: 0000000000000000 [ 1344.902666][T25019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1344.902676][T25019] R13: 00007fb57b9e6128 R14: 00007ffc9747b8a0 R15: 00007ffc9747b988 [ 1344.902698][T25019] [ 1348.671522][T25051] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3711'. [ 1354.593497][T25101] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3720'. [ 1355.036773][T24517] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1355.093473][T25103] FAULT_INJECTION: forcing a failure. [ 1355.093473][T25103] name failslab, interval 1, probability 0, space 0, times 0 [ 1355.173035][T25103] CPU: 0 UID: 0 PID: 25103 Comm: syz.4.3721 Tainted: G L syzkaller #0 PREEMPT(full) [ 1355.173064][T25103] Tainted: [L]=SOFTLOCKUP [ 1355.173070][T25103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1355.173080][T25103] Call Trace: [ 1355.173086][T25103] [ 1355.173093][T25103] dump_stack_lvl+0x16c/0x1f0 [ 1355.173115][T25103] should_fail_ex+0x512/0x640 [ 1355.173136][T25103] ? fs_reclaim_acquire+0xae/0x150 [ 1355.173166][T25103] should_failslab+0xc2/0x120 [ 1355.173192][T25103] __kmalloc_noprof+0xeb/0x910 [ 1355.173212][T25103] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1355.173242][T25103] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 1355.173266][T25103] tomoyo_realpath_from_path+0xc2/0x6e0 [ 1355.173298][T25103] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1355.173322][T25103] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1355.173365][T25103] ? do_raw_spin_lock+0x12c/0x2b0 [ 1355.173391][T25103] tomoyo_file_open+0x6b/0x90 [ 1355.173409][T25103] security_file_open+0x84/0x1e0 [ 1355.173433][T25103] do_dentry_open+0x597/0x1590 [ 1355.173465][T25103] ? security_inode_permission+0xbf/0x260 [ 1355.173490][T25103] vfs_open+0x82/0x3f0 [ 1355.173512][T25103] path_openat+0x2078/0x3140 [ 1355.173544][T25103] ? __pfx_path_openat+0x10/0x10 [ 1355.173578][T25103] do_filp_open+0x20b/0x470 [ 1355.173605][T25103] ? __pfx_do_filp_open+0x10/0x10 [ 1355.173647][T25103] ? alloc_fd+0x471/0x7d0 [ 1355.173679][T25103] do_sys_openat2+0x121/0x290 [ 1355.173698][T25103] ? __pfx_do_sys_openat2+0x10/0x10 [ 1355.173727][T25103] __x64_sys_openat+0x174/0x210 [ 1355.173747][T25103] ? __pfx___x64_sys_openat+0x10/0x10 [ 1355.173776][T25103] do_syscall_64+0xcd/0xf80 [ 1355.173795][T25103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1355.173812][T25103] RIP: 0033:0x7fa8da38f7c9 [ 1355.173827][T25103] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1355.173844][T25103] RSP: 002b:00007fa8db2f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1355.173869][T25103] RAX: ffffffffffffffda RBX: 00007fa8da5e5fa0 RCX: 00007fa8da38f7c9 [ 1355.173880][T25103] RDX: 000000000014fa02 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1355.173890][T25103] RBP: 00007fa8da413f91 R08: 0000000000000000 R09: 0000000000000000 [ 1355.173900][T25103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1355.173909][T25103] R13: 00007fa8da5e6038 R14: 00007fa8da5e5fa0 R15: 00007ffc86ecbd48 [ 1355.173931][T25103] [ 1355.176956][T25103] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1358.446011][T25144] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3730'. [ 1358.459565][T25141] netlink: 'syz.4.3738': attribute type 1 has an invalid length. [ 1358.521341][T25141] netlink: 33 bytes leftover after parsing attributes in process `syz.4.3738'. [ 1359.805799][T25154] netlink: 'syz.4.3733': attribute type 1 has an invalid length. [ 1359.881274][T25154] netlink: 33 bytes leftover after parsing attributes in process `syz.4.3733'. [ 1359.990048][T25154] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3733'. [ 1360.201573][T25165] FAULT_INJECTION: forcing a failure. [ 1360.201573][T25165] name failslab, interval 1, probability 0, space 0, times 0 [ 1360.327148][T25165] CPU: 0 UID: 0 PID: 25165 Comm: syz.5.3735 Tainted: G L syzkaller #0 PREEMPT(full) [ 1360.327179][T25165] Tainted: [L]=SOFTLOCKUP [ 1360.327185][T25165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1360.327195][T25165] Call Trace: [ 1360.327202][T25165] [ 1360.327209][T25165] dump_stack_lvl+0x16c/0x1f0 [ 1360.327232][T25165] should_fail_ex+0x512/0x640 [ 1360.327253][T25165] ? fs_reclaim_acquire+0xae/0x150 [ 1360.327282][T25165] should_failslab+0xc2/0x120 [ 1360.327309][T25165] __kmalloc_noprof+0xeb/0x910 [ 1360.327329][T25165] ? tomoyo_encode2+0x100/0x3e0 [ 1360.327357][T25165] ? tomoyo_encode2+0x100/0x3e0 [ 1360.327380][T25165] tomoyo_encode2+0x100/0x3e0 [ 1360.327407][T25165] tomoyo_encode+0x29/0x50 [ 1360.327431][T25165] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1360.327462][T25165] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1360.327485][T25165] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1360.327528][T25165] ? do_raw_spin_lock+0x12c/0x2b0 [ 1360.327554][T25165] tomoyo_file_open+0x6b/0x90 [ 1360.327572][T25165] security_file_open+0x84/0x1e0 [ 1360.327596][T25165] do_dentry_open+0x597/0x1590 [ 1360.327623][T25165] ? security_inode_permission+0xbf/0x260 [ 1360.327648][T25165] vfs_open+0x82/0x3f0 [ 1360.327669][T25165] path_openat+0x2078/0x3140 [ 1360.327702][T25165] ? __pfx_path_openat+0x10/0x10 [ 1360.327735][T25165] do_filp_open+0x20b/0x470 [ 1360.327762][T25165] ? __pfx_do_filp_open+0x10/0x10 [ 1360.327802][T25165] ? alloc_fd+0x471/0x7d0 [ 1360.327841][T25165] do_sys_openat2+0x121/0x290 [ 1360.327861][T25165] ? __pfx_do_sys_openat2+0x10/0x10 [ 1360.327888][T25165] __x64_sys_openat+0x174/0x210 [ 1360.327909][T25165] ? __pfx___x64_sys_openat+0x10/0x10 [ 1360.327938][T25165] do_syscall_64+0xcd/0xf80 [ 1360.327957][T25165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1360.327974][T25165] RIP: 0033:0x7f86d3d8f7c9 [ 1360.327989][T25165] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1360.328006][T25165] RSP: 002b:00007f86d4c0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1360.328022][T25165] RAX: ffffffffffffffda RBX: 00007f86d3fe6090 RCX: 00007f86d3d8f7c9 [ 1360.328033][T25165] RDX: 0000000000000800 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1360.328043][T25165] RBP: 00007f86d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1360.328053][T25165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1360.328062][T25165] R13: 00007f86d3fe6128 R14: 00007f86d3fe6090 R15: 00007ffc8ed9e738 [ 1360.328084][T25165] [ 1360.328103][T25165] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1361.654682][T25176] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3739'. [ 1361.937448][T25176] __vm_enough_memory: pid: 25176, comm: syz.1.3739, bytes: 4398046511104 not enough memory for the allocation [ 1362.323354][T25185] netlink: 'syz.5.3741': attribute type 1 has an invalid length. [ 1362.411293][T25185] netlink: 33 bytes leftover after parsing attributes in process `syz.5.3741'. [ 1362.465466][T25190] netlink: 'syz.3.3742': attribute type 1 has an invalid length. [ 1362.477550][T25187] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3741'. [ 1363.271266][T24517] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1363.461484][T25197] FAULT_INJECTION: forcing a failure. [ 1363.461484][T25197] name failslab, interval 1, probability 0, space 0, times 0 [ 1363.572491][T25202] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3745'. [ 1363.779763][T25197] CPU: 0 UID: 0 PID: 25197 Comm: syz.1.3744 Tainted: G L syzkaller #0 PREEMPT(full) [ 1363.779795][T25197] Tainted: [L]=SOFTLOCKUP [ 1363.779802][T25197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1363.779811][T25197] Call Trace: [ 1363.779818][T25197] [ 1363.779825][T25197] dump_stack_lvl+0x16c/0x1f0 [ 1363.779848][T25197] should_fail_ex+0x512/0x640 [ 1363.779869][T25197] ? fs_reclaim_acquire+0xae/0x150 [ 1363.779912][T25197] should_failslab+0xc2/0x120 [ 1363.779939][T25197] __kmalloc_noprof+0xeb/0x910 [ 1363.779958][T25197] ? tomoyo_encode2+0x100/0x3e0 [ 1363.779986][T25197] ? tomoyo_encode2+0x100/0x3e0 [ 1363.780010][T25197] tomoyo_encode2+0x100/0x3e0 [ 1363.780038][T25197] tomoyo_encode+0x29/0x50 [ 1363.780062][T25197] tomoyo_realpath_from_path+0x18f/0x6e0 [ 1363.780094][T25197] tomoyo_check_open_permission+0x2ab/0x3c0 [ 1363.780117][T25197] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1363.780160][T25197] ? do_raw_spin_lock+0x12c/0x2b0 [ 1363.780186][T25197] tomoyo_file_open+0x6b/0x90 [ 1363.780204][T25197] security_file_open+0x84/0x1e0 [ 1363.780227][T25197] do_dentry_open+0x597/0x1590 [ 1363.780255][T25197] ? security_inode_permission+0xbf/0x260 [ 1363.780280][T25197] vfs_open+0x82/0x3f0 [ 1363.780301][T25197] path_openat+0x2078/0x3140 [ 1363.780334][T25197] ? __pfx_path_openat+0x10/0x10 [ 1363.780367][T25197] do_filp_open+0x20b/0x470 [ 1363.780394][T25197] ? __pfx_do_filp_open+0x10/0x10 [ 1363.780436][T25197] ? alloc_fd+0x471/0x7d0 [ 1363.780468][T25197] do_sys_openat2+0x121/0x290 [ 1363.780488][T25197] ? __pfx_do_sys_openat2+0x10/0x10 [ 1363.780520][T25197] __x64_sys_openat+0x174/0x210 [ 1363.780540][T25197] ? __pfx___x64_sys_openat+0x10/0x10 [ 1363.780569][T25197] do_syscall_64+0xcd/0xf80 [ 1363.780588][T25197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1363.780605][T25197] RIP: 0033:0x7fb57b78f7c9 [ 1363.780620][T25197] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1363.780636][T25197] RSP: 002b:00007fb57c6a8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1363.780653][T25197] RAX: ffffffffffffffda RBX: 00007fb57b9e5fa0 RCX: 00007fb57b78f7c9 [ 1363.780664][T25197] RDX: 000000000014fa02 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1363.780675][T25197] RBP: 00007fb57b813f91 R08: 0000000000000000 R09: 0000000000000000 [ 1363.780686][T25197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1363.780696][T25197] R13: 00007fb57b9e6038 R14: 00007fb57b9e5fa0 R15: 00007ffc9747b988 [ 1363.780719][T25197] [ 1365.129769][T25197] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1366.470775][T25223] netlink: 'syz.5.3750': attribute type 3 has an invalid length. [ 1366.615254][T25223] netlink: 332 bytes leftover after parsing attributes in process `syz.5.3750'. [ 1366.713315][T24517] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1366.884162][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1366.890474][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1367.249981][T25234] netlink: 'syz.5.3752': attribute type 1 has an invalid length. [ 1367.392868][T25234] netlink: 33 bytes leftover after parsing attributes in process `syz.5.3752'. [ 1367.481421][T25230] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3752'. [ 1367.521341][T25232] zswap: compressor not available [ 1368.699745][T22658] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1369.110708][T22658] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1369.623285][T25256] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3760'. [ 1369.824096][T22658] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1369.918703][T12957] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1369.929582][T12957] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1369.937465][T12957] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1369.957137][T12957] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1369.967501][T12957] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1370.187694][T22658] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1371.268876][T22658] netdevsim netdevsim25 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1371.425078][T25257] chnl_net:caif_netlink_parms(): no params data found [ 1371.982022][T22658] bridge_slave_1: left allmulticast mode [ 1372.042335][T22658] bridge_slave_1: left promiscuous mode [ 1372.048092][T22658] bridge0: port 2(bridge_slave_1) entered disabled state [ 1372.081523][T12957] Bluetooth: hci4: command tx timeout [ 1372.163575][T22658] bridge_slave_0: left allmulticast mode [ 1372.183017][ T30] audit: type=1806 audit(1769088441.588:37): xattr="." res=0 [ 1372.233252][T22658] bridge_slave_0: left promiscuous mode [ 1372.270981][T22658] bridge0: port 1(bridge_slave_0) entered disabled state [ 1372.768263][T25295] netlink: 'syz.3.3765': attribute type 1 has an invalid length. [ 1372.832468][T25295] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3765'. [ 1372.942955][T25301] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3765'. [ 1373.521534][T25317] blktrace: Concurrent blktraces are not allowed on loop2 [ 1374.151326][T12957] Bluetooth: hci4: command tx timeout [ 1374.190088][T22658] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1374.242056][T22658] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1374.291731][T22658] bond0 (unregistering): Released all slaves [ 1374.428710][T22658] tipc: Left network mode [ 1374.495332][T25257] bridge0: port 1(bridge_slave_0) entered blocking state [ 1374.552973][T25257] bridge0: port 1(bridge_slave_0) entered disabled state [ 1374.611961][T25257] bridge_slave_0: entered allmulticast mode [ 1374.648187][T25257] bridge_slave_0: entered promiscuous mode [ 1374.774686][T25257] bridge0: port 2(bridge_slave_1) entered blocking state [ 1374.823210][T25257] bridge0: port 2(bridge_slave_1) entered disabled state [ 1374.875544][T25257] bridge_slave_1: entered allmulticast mode [ 1374.922467][T25257] bridge_slave_1: entered promiscuous mode [ 1375.152055][T25329] zswap: compressor not available [ 1375.233157][T25335] kAFS: bad VL server IP address [ 1375.270206][T25336] kAFS: bad VL server IP address [ 1375.344232][T25257] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1375.631030][T25257] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1376.030186][T25257] team0: Port device team_slave_0 added [ 1376.094436][T22658] hsr_slave_0: left promiscuous mode [ 1376.124149][T22658] hsr_slave_1: left promiscuous mode [ 1376.155129][T22658] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1376.200399][T22658] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1376.231990][T12957] Bluetooth: hci4: command tx timeout [ 1376.255812][T22658] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1376.296905][T22658] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1376.389799][T22658] veth1_macvtap: left promiscuous mode [ 1376.461458][T22658] veth1_vlan: left promiscuous mode [ 1376.500623][T22658] veth0_vlan: left promiscuous mode [ 1378.315856][T12957] Bluetooth: hci4: command tx timeout [ 1378.332653][T22658] team0 (unregistering): Port device team_slave_1 removed [ 1378.464031][T22658] team0 (unregistering): Port device team_slave_0 removed [ 1379.642608][T25257] team0: Port device team_slave_1 added [ 1379.892300][T25257] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1379.899276][T25257] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1380.031283][T25257] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1380.095731][T25257] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1380.116699][T25257] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1380.221192][T25257] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1380.733935][T25257] hsr_slave_0: entered promiscuous mode [ 1380.805895][T25257] hsr_slave_1: entered promiscuous mode [ 1380.836808][T25257] debugfs: 'hsr0' already exists in 'hsr' [ 1380.881239][T25257] Cannot create hsr debugfs directory [ 1382.076143][T25385] mkiss: ax0: crc mode is auto. [ 1383.312564][T25397] netlink: 'syz.5.3778': attribute type 1 has an invalid length. [ 1383.382986][T25397] netlink: 33 bytes leftover after parsing attributes in process `syz.5.3778'. [ 1384.800817][T25257] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1384.914161][T25257] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1384.977651][T25257] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1385.006958][T25421] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3780'. [ 1385.129504][T25257] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1385.139733][T25424] FAULT_INJECTION: forcing a failure. [ 1385.139733][T25424] name failslab, interval 1, probability 0, space 0, times 0 [ 1385.251489][T25424] CPU: 0 UID: 0 PID: 25424 Comm: syz.3.3781 Tainted: G L syzkaller #0 PREEMPT(full) [ 1385.251518][T25424] Tainted: [L]=SOFTLOCKUP [ 1385.251525][T25424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1385.251535][T25424] Call Trace: [ 1385.251542][T25424] [ 1385.251549][T25424] dump_stack_lvl+0x16c/0x1f0 [ 1385.251571][T25424] should_fail_ex+0x512/0x640 [ 1385.251593][T25424] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 1385.251619][T25424] should_failslab+0xc2/0x120 [ 1385.251646][T25424] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 1385.251668][T25424] ? __pfx___might_resched+0x10/0x10 [ 1385.251693][T25424] ? sock_alloc_inode+0x25/0x1c0 [ 1385.251713][T25424] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1385.251728][T25424] ? sock_alloc_inode+0x25/0x1c0 [ 1385.251742][T25424] sock_alloc_inode+0x25/0x1c0 [ 1385.251757][T25424] alloc_inode+0x64/0x240 [ 1385.251777][T25424] sock_alloc+0x40/0x280 [ 1385.251803][T25424] __sock_create+0xc2/0x8a0 [ 1385.251833][T25424] __sys_socket+0x14d/0x260 [ 1385.251852][T25424] ? __pfx___sys_socket+0x10/0x10 [ 1385.251870][T25424] ? xfd_validate_state+0x61/0x180 [ 1385.251885][T25424] ? __sys_setsockopt+0x140/0x1a0 [ 1385.251911][T25424] __x64_sys_socket+0x72/0xb0 [ 1385.251929][T25424] ? lockdep_hardirqs_on+0x7c/0x110 [ 1385.251946][T25424] do_syscall_64+0xcd/0xf80 [ 1385.251965][T25424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1385.251982][T25424] RIP: 0033:0x7fd06ff8f7c9 [ 1385.251997][T25424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1385.252014][T25424] RSP: 002b:00007fd070efc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1385.252030][T25424] RAX: ffffffffffffffda RBX: 00007fd0701e5fa0 RCX: 00007fd06ff8f7c9 [ 1385.252041][T25424] RDX: 0000000000000001 RSI: 0000000000000002 RDI: 000000000000002a [ 1385.252051][T25424] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1385.252060][T25424] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1385.252070][T25424] R13: 00007fd0701e6038 R14: 00007fd0701e5fa0 R15: 00007ffe92787528 [ 1385.252091][T25424] [ 1385.252100][T25424] net_ratelimit: 5 callbacks suppressed [ 1385.252109][T25424] socket: no more sockets [ 1386.226413][T25257] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1386.293107][T25442] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3783'. [ 1386.341824][T25257] 8021q: adding VLAN 0 to HW filter on device team0 [ 1386.423097][T19428] bridge0: port 1(bridge_slave_0) entered blocking state [ 1386.430230][T19428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1386.579183][T19428] bridge0: port 2(bridge_slave_1) entered blocking state [ 1386.586385][T19428] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1386.978907][T25424] FAULT_INJECTION: forcing a failure. [ 1386.978907][T25424] name failslab, interval 1, probability 0, space 0, times 0 [ 1387.063887][T25459] sg_write: data in/out 65500/90 bytes for SCSI command 0x0-- guessing data in; [ 1387.063887][T25459] program syz.4.3786 not setting count and/or reply_len properly [ 1387.102792][T25424] CPU: 0 UID: 0 PID: 25424 Comm: syz.3.3781 Tainted: G L syzkaller #0 PREEMPT(full) [ 1387.102824][T25424] Tainted: [L]=SOFTLOCKUP [ 1387.102838][T25424] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1387.102847][T25424] Call Trace: [ 1387.102854][T25424] [ 1387.102861][T25424] dump_stack_lvl+0x16c/0x1f0 [ 1387.102884][T25424] should_fail_ex+0x512/0x640 [ 1387.102905][T25424] ? __kmalloc_noprof+0xca/0x910 [ 1387.102927][T25424] should_failslab+0xc2/0x120 [ 1387.102954][T25424] __kmalloc_noprof+0xeb/0x910 [ 1387.102974][T25424] ? lsm_blob_alloc+0x68/0x90 [ 1387.103003][T25424] ? lsm_blob_alloc+0x68/0x90 [ 1387.103029][T25424] lsm_blob_alloc+0x68/0x90 [ 1387.103055][T25424] security_task_alloc+0x2c/0x260 [ 1387.103080][T25424] copy_process+0x2456/0x7430 [ 1387.103106][T25424] ? __pfx___futex_wait+0x10/0x10 [ 1387.103137][T25424] ? __pfx_copy_process+0x10/0x10 [ 1387.103166][T25424] ? futex_private_hash_put+0x160/0x1b0 [ 1387.103191][T25424] kernel_clone+0xfc/0x910 [ 1387.103218][T25424] ? __pfx_kernel_clone+0x10/0x10 [ 1387.103254][T25424] __do_sys_clone+0xce/0x120 [ 1387.103279][T25424] ? __pfx___do_sys_clone+0x10/0x10 [ 1387.103314][T25424] ? xfd_validate_state+0x61/0x180 [ 1387.103329][T25424] ? __pfx_ksys_write+0x10/0x10 [ 1387.103359][T25424] do_syscall_64+0xcd/0xf80 [ 1387.103378][T25424] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1387.103394][T25424] RIP: 0033:0x7fd06ff8f7c9 [ 1387.103409][T25424] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1387.103425][T25424] RSP: 002b:00007fd070efbfe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1387.103442][T25424] RAX: ffffffffffffffda RBX: 00007fd0701e5fa0 RCX: 00007fd06ff8f7c9 [ 1387.103452][T25424] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000040011 [ 1387.103462][T25424] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1387.103472][T25424] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1387.103482][T25424] R13: 00007fd0701e6038 R14: 00007fd0701e5fa0 R15: 00007ffe92787528 [ 1387.103502][T25424] [ 1387.706187][T25464] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 1387.714843][T25464] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 1388.442727][T25257] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1388.625075][T25257] veth0_vlan: entered promiscuous mode [ 1388.721331][T25257] veth1_vlan: entered promiscuous mode [ 1388.992434][T25257] veth0_macvtap: entered promiscuous mode [ 1389.091390][T25257] veth1_macvtap: entered promiscuous mode [ 1389.223962][T25257] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1389.313194][T25257] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1389.424415][T22659] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1389.497435][T22659] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1389.619028][T22659] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1389.703868][T22659] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1390.156772][T18930] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1390.235954][T18930] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1390.441956][ T9543] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1390.517051][ T9543] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1390.930266][T25508] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1392.559779][T25543] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3797'. [ 1393.086024][T25548] netlink: 'syz.4.3800': attribute type 1 has an invalid length. [ 1393.158645][T25548] netlink: 33 bytes leftover after parsing attributes in process `syz.4.3800'. [ 1394.183931][T25566] netlink: 'syz.5.3805': attribute type 1 has an invalid length. [ 1394.234454][T25566] netlink: 33 bytes leftover after parsing attributes in process `syz.5.3805'. [ 1400.373750][T25676] input: jJǸí¸ü;9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input75 [ 1400.480165][T25676] FAULT_INJECTION: forcing a failure. [ 1400.480165][T25676] name failslab, interval 1, probability 0, space 0, times 0 [ 1400.647430][T25676] CPU: 0 UID: 0 PID: 25676 Comm: syz.5.3823 Tainted: G L syzkaller #0 PREEMPT(full) [ 1400.647460][T25676] Tainted: [L]=SOFTLOCKUP [ 1400.647466][T25676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1400.647476][T25676] Call Trace: [ 1400.647482][T25676] [ 1400.647490][T25676] dump_stack_lvl+0x16c/0x1f0 [ 1400.647512][T25676] should_fail_ex+0x512/0x640 [ 1400.647533][T25676] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1400.647557][T25676] should_failslab+0xc2/0x120 [ 1400.647583][T25676] kmem_cache_alloc_noprof+0x83/0x770 [ 1400.647604][T25676] ? __kernfs_new_node+0xd2/0x9b0 [ 1400.647630][T25676] ? __kernfs_new_node+0xd2/0x9b0 [ 1400.647649][T25676] __kernfs_new_node+0xd2/0x9b0 [ 1400.647672][T25676] ? __pfx___kernfs_new_node+0x10/0x10 [ 1400.647697][T25676] ? find_held_lock+0x2b/0x80 [ 1400.647722][T25676] ? kernfs_root+0xee/0x2a0 [ 1400.647746][T25676] kernfs_new_node+0x13c/0x1e0 [ 1400.647773][T25676] __kernfs_create_file+0x53/0x350 [ 1400.647800][T25676] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1400.647824][T25676] sysfs_merge_group+0x1aa/0x340 [ 1400.647846][T25676] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1400.647870][T25676] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1400.647896][T25676] ? bus_to_subsys+0x131/0x160 [ 1400.647916][T25676] dpm_sysfs_add+0x237/0x280 [ 1400.647943][T25676] device_add+0x9cc/0x1980 [ 1400.647971][T25676] ? __pfx_device_add+0x10/0x10 [ 1400.647995][T25676] ? __pfx_exact_lock+0x10/0x10 [ 1400.648024][T25676] ? kobject_get+0xbb/0x150 [ 1400.648043][T25676] cdev_device_add+0x12b/0x270 [ 1400.648059][T25676] evdev_connect+0x3a4/0x4c0 [ 1400.648087][T25676] input_attach_handler.isra.0+0x176/0x250 [ 1400.648114][T25676] input_register_device+0xab9/0x11b0 [ 1400.648137][T25676] ? input_ff_create+0x1d1/0x350 [ 1400.648158][T25676] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 1400.648178][T25676] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1400.648200][T25676] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1400.648225][T25676] ? find_held_lock+0x2b/0x80 [ 1400.648256][T25676] ? __pfx_uinput_ioctl+0x10/0x10 [ 1400.648276][T25676] __x64_sys_ioctl+0x18e/0x210 [ 1400.648299][T25676] do_syscall_64+0xcd/0xf80 [ 1400.648318][T25676] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1400.648335][T25676] RIP: 0033:0x7f86d3d8f7c9 [ 1400.648349][T25676] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1400.648365][T25676] RSP: 002b:00007f86d4c0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1400.648382][T25676] RAX: ffffffffffffffda RBX: 00007f86d3fe6090 RCX: 00007f86d3d8f7c9 [ 1400.648393][T25676] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000009 [ 1400.648402][T25676] RBP: 00007f86d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1400.648412][T25676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1400.648421][T25676] R13: 00007f86d3fe6128 R14: 00007f86d3fe6090 R15: 00007ffc8ed9e738 [ 1400.648443][T25676] [ 1401.433441][T25676] input: failed to attach handler evdev to device input75, error: -12 [ 1402.735240][T25714] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3831'. [ 1404.325487][T25732] futex_wake_op: syz.1.3834 tries to shift op by -2048; fix this program [ 1404.581957][T25732] futex_wake_op: syz.1.3834 tries to shift op by -2048; fix this program [ 1405.559476][T25753] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3835'. [ 1406.699323][T25764] input: jJǸí¸ü;9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input76 [ 1406.810651][T25764] FAULT_INJECTION: forcing a failure. [ 1406.810651][T25764] name failslab, interval 1, probability 0, space 0, times 0 [ 1406.931786][T25764] CPU: 0 UID: 0 PID: 25764 Comm: syz.3.3837 Tainted: G L syzkaller #0 PREEMPT(full) [ 1406.931824][T25764] Tainted: [L]=SOFTLOCKUP [ 1406.931830][T25764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1406.931840][T25764] Call Trace: [ 1406.931846][T25764] [ 1406.931853][T25764] dump_stack_lvl+0x16c/0x1f0 [ 1406.931875][T25764] should_fail_ex+0x512/0x640 [ 1406.931897][T25764] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1406.931921][T25764] should_failslab+0xc2/0x120 [ 1406.931948][T25764] kmem_cache_alloc_noprof+0x83/0x770 [ 1406.931969][T25764] ? __kernfs_new_node+0xd2/0x9b0 [ 1406.931995][T25764] ? __kernfs_new_node+0xd2/0x9b0 [ 1406.932015][T25764] __kernfs_new_node+0xd2/0x9b0 [ 1406.932038][T25764] ? __pfx___kernfs_new_node+0x10/0x10 [ 1406.932063][T25764] ? find_held_lock+0x2b/0x80 [ 1406.932087][T25764] ? kernfs_root+0xee/0x2a0 [ 1406.932111][T25764] kernfs_new_node+0x13c/0x1e0 [ 1406.932139][T25764] __kernfs_create_file+0x53/0x350 [ 1406.932157][T25764] sysfs_add_file_mode_ns+0x207/0x3c0 [ 1406.932182][T25764] sysfs_merge_group+0x1aa/0x340 [ 1406.932205][T25764] ? __pfx_sysfs_merge_group+0x10/0x10 [ 1406.932229][T25764] ? __pfx_dev_add_physical_location+0x10/0x10 [ 1406.932256][T25764] ? bus_to_subsys+0x131/0x160 [ 1406.932275][T25764] dpm_sysfs_add+0x237/0x280 [ 1406.932301][T25764] device_add+0x9cc/0x1980 [ 1406.932330][T25764] ? __pfx_device_add+0x10/0x10 [ 1406.932354][T25764] ? __pfx_exact_lock+0x10/0x10 [ 1406.932383][T25764] ? kobject_get+0xbb/0x150 [ 1406.932403][T25764] cdev_device_add+0x12b/0x270 [ 1406.932425][T25764] evdev_connect+0x3a4/0x4c0 [ 1406.932453][T25764] input_attach_handler.isra.0+0x176/0x250 [ 1406.932481][T25764] input_register_device+0xab9/0x11b0 [ 1406.932505][T25764] ? input_ff_create+0x1d1/0x350 [ 1406.932525][T25764] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 1406.932546][T25764] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1406.932568][T25764] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1406.932593][T25764] ? find_held_lock+0x2b/0x80 [ 1406.932628][T25764] ? __pfx_uinput_ioctl+0x10/0x10 [ 1406.932649][T25764] __x64_sys_ioctl+0x18e/0x210 [ 1406.932672][T25764] do_syscall_64+0xcd/0xf80 [ 1406.932690][T25764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1406.932708][T25764] RIP: 0033:0x7fd06ff8f7c9 [ 1406.932723][T25764] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1406.932739][T25764] RSP: 002b:00007fd070edb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1406.932756][T25764] RAX: ffffffffffffffda RBX: 00007fd0701e6090 RCX: 00007fd06ff8f7c9 [ 1406.932767][T25764] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000009 [ 1406.932777][T25764] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1406.932787][T25764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1406.932804][T25764] R13: 00007fd0701e6128 R14: 00007fd0701e6090 R15: 00007ffe92787528 [ 1406.932827][T25764] [ 1407.615166][T25760] FAULT_INJECTION: forcing a failure. [ 1407.615166][T25760] name failslab, interval 1, probability 0, space 0, times 0 [ 1407.641277][T25760] CPU: 0 UID: 0 PID: 25760 Comm: syz.1.3836 Tainted: G L syzkaller #0 PREEMPT(full) [ 1407.641310][T25760] Tainted: [L]=SOFTLOCKUP [ 1407.641316][T25760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1407.641325][T25760] Call Trace: [ 1407.641333][T25760] [ 1407.641340][T25760] dump_stack_lvl+0x16c/0x1f0 [ 1407.641362][T25760] should_fail_ex+0x512/0x640 [ 1407.641384][T25760] ? kmem_cache_alloc_lru_noprof+0x66/0x770 [ 1407.641409][T25760] should_failslab+0xc2/0x120 [ 1407.641437][T25760] kmem_cache_alloc_lru_noprof+0x87/0x770 [ 1407.641460][T25760] ? sock_alloc_inode+0x25/0x1c0 [ 1407.641480][T25760] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1407.641495][T25760] ? sock_alloc_inode+0x25/0x1c0 [ 1407.641509][T25760] sock_alloc_inode+0x25/0x1c0 [ 1407.641524][T25760] alloc_inode+0x64/0x240 [ 1407.641544][T25760] sock_alloc+0x40/0x280 [ 1407.641570][T25760] __sock_create+0xc2/0x8a0 [ 1407.641592][T25760] inet_ctl_sock_create+0x94/0x230 [ 1407.641615][T25760] ? __pfx_inet_ctl_sock_create+0x10/0x10 [ 1407.641634][T25760] ? lockdep_init_map_type+0x5c/0x270 [ 1407.641653][T25760] ? do_init_timer+0xc9/0x110 [ 1407.641682][T25760] ? __pfx_sctp_ctrlsock_init+0x10/0x10 [ 1407.641708][T25760] sctp_ctrlsock_init+0x40/0xf0 [ 1407.641735][T25760] ops_init+0x1e2/0x5f0 [ 1407.641762][T25760] setup_net+0x11d/0x3a0 [ 1407.641796][T25760] ? __pfx_setup_net+0x10/0x10 [ 1407.641819][T25760] ? lockdep_init_map_type+0x5c/0x270 [ 1407.641837][T25760] ? mutex_init_lockep+0x110/0x150 [ 1407.641858][T25760] copy_net_ns+0x351/0x7c0 [ 1407.641876][T25760] create_new_namespaces+0x3ea/0xab0 [ 1407.641907][T25760] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1407.641934][T25760] ksys_unshare+0x45b/0xa40 [ 1407.641950][T25760] ? __pfx_ksys_unshare+0x10/0x10 [ 1407.641967][T25760] ? xfd_validate_state+0x61/0x180 [ 1407.641990][T25760] __x64_sys_unshare+0x31/0x40 [ 1407.642005][T25760] do_syscall_64+0xcd/0xf80 [ 1407.642023][T25760] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1407.642041][T25760] RIP: 0033:0x7faec678f7c9 [ 1407.642057][T25760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1407.642073][T25760] RSP: 002b:00007faec75a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1407.642090][T25760] RAX: ffffffffffffffda RBX: 00007faec69e5fa0 RCX: 00007faec678f7c9 [ 1407.642101][T25760] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1407.642110][T25760] RBP: 00007faec6813f91 R08: 0000000000000000 R09: 0000000000000000 [ 1407.642120][T25760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1407.642130][T25760] R13: 00007faec69e6038 R14: 00007faec69e5fa0 R15: 00007ffc7a470268 [ 1407.642151][T25760] [ 1407.642160][T25760] socket: no more sockets [ 1407.987969][T25764] input: failed to attach handler evdev to device input76, error: -12 [ 1408.484157][T25779] netlink: 'syz.3.3841': attribute type 1 has an invalid length. [ 1408.544276][T25779] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3841'. [ 1408.569054][T25784] FAULT_INJECTION: forcing a failure. [ 1408.569054][T25784] name failslab, interval 1, probability 0, space 0, times 0 [ 1408.606099][T25786] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3841'. [ 1408.618732][T25784] CPU: 0 UID: 0 PID: 25784 Comm: syz.5.3842 Tainted: G L syzkaller #0 PREEMPT(full) [ 1408.618766][T25784] Tainted: [L]=SOFTLOCKUP [ 1408.618773][T25784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1408.618783][T25784] Call Trace: [ 1408.618796][T25784] [ 1408.618803][T25784] dump_stack_lvl+0x16c/0x1f0 [ 1408.618826][T25784] should_fail_ex+0x512/0x640 [ 1408.618847][T25784] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1408.618871][T25784] should_failslab+0xc2/0x120 [ 1408.618898][T25784] __kmalloc_cache_noprof+0x80/0x800 [ 1408.618920][T25784] ? crtc_or_fake_commit.part.0+0x7f/0x110 [ 1408.618945][T25784] ? crtc_or_fake_commit.part.0+0x7f/0x110 [ 1408.618965][T25784] crtc_or_fake_commit.part.0+0x7f/0x110 [ 1408.618986][T25784] drm_atomic_helper_setup_commit+0x1066/0x15d0 [ 1408.619020][T25784] drm_atomic_helper_commit+0xa9/0x380 [ 1408.619043][T25784] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 1408.619067][T25784] drm_atomic_commit+0x234/0x300 [ 1408.619088][T25784] ? __pfx_drm_atomic_commit+0x10/0x10 [ 1408.619107][T25784] ? __pfx___drm_printfn_info+0x10/0x10 [ 1408.619137][T25784] ? drm_client_rotation+0x4da/0x6a0 [ 1408.619163][T25784] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 1408.619193][T25784] ? __mutex_lock+0x27b/0x1ca0 [ 1408.619211][T25784] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1408.619234][T25784] ? trace_contention_end+0xdd/0x110 [ 1408.619275][T25784] drm_client_modeset_commit_locked+0x14d/0x580 [ 1408.619302][T25784] drm_client_modeset_commit+0x4f/0x80 [ 1408.619326][T25784] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1408.619352][T25784] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 1408.619378][T25784] drm_fbdev_client_restore+0x1b/0x30 [ 1408.619396][T25784] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1408.619413][T25784] drm_client_dev_restore+0x200/0x2a0 [ 1408.619440][T25784] drm_release+0x2c6/0x360 [ 1408.619463][T25784] ? __pfx_drm_release+0x10/0x10 [ 1408.619483][T25784] __fput+0x402/0xb70 [ 1408.619506][T25784] task_work_run+0x150/0x240 [ 1408.619527][T25784] ? __pfx_task_work_run+0x10/0x10 [ 1408.619544][T25784] ? __do_sys_close_range+0x278/0x730 [ 1408.619578][T25784] exit_to_user_mode_loop+0xfb/0x540 [ 1408.619602][T25784] do_syscall_64+0x4ee/0xf80 [ 1408.619621][T25784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1408.619638][T25784] RIP: 0033:0x7f86d3d8f7c9 [ 1408.619653][T25784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1408.619669][T25784] RSP: 002b:00007f86d4c2f038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1408.619685][T25784] RAX: 0000000000000000 RBX: 00007f86d3fe5fa0 RCX: 00007f86d3d8f7c9 [ 1408.619696][T25784] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1408.619705][T25784] RBP: 00007f86d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1408.619715][T25784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1408.619725][T25784] R13: 00007f86d3fe6038 R14: 00007f86d3fe5fa0 R15: 00007ffc8ed9e738 [ 1408.619749][T25784] [ 1411.259557][T25806] Invalid ELF header magic: != ELF [ 1411.751217][T24517] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1411.949498][T25808] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3846'. [ 1412.380522][T25815] zswap: compressor not available [ 1412.535934][T25828] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3850'. [ 1412.602539][T25833] FAULT_INJECTION: forcing a failure. [ 1412.602539][T25833] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1412.656258][T25828] veth0_macvtap: left promiscuous mode [ 1412.741441][T25833] CPU: 0 UID: 5 PID: 25833 Comm: syz.5.3851 Tainted: G L syzkaller #0 PREEMPT(full) [ 1412.741471][T25833] Tainted: [L]=SOFTLOCKUP [ 1412.741477][T25833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1412.741487][T25833] Call Trace: [ 1412.741494][T25833] [ 1412.741502][T25833] dump_stack_lvl+0x16c/0x1f0 [ 1412.741524][T25833] should_fail_ex+0x512/0x640 [ 1412.741551][T25833] get_futex_key+0x1d0/0x15f0 [ 1412.741574][T25833] ? __pfx_get_futex_key+0x10/0x10 [ 1412.741591][T25833] ? __lock_acquire+0x436/0x2890 [ 1412.741614][T25833] futex_wake+0xea/0x530 [ 1412.741637][T25833] ? lock_acquire+0x179/0x330 [ 1412.741654][T25833] ? __pfx_futex_wake+0x10/0x10 [ 1412.741682][T25833] ? proc_id_connector+0x2eb/0x650 [ 1412.741701][T25833] do_futex+0x1e3/0x350 [ 1412.741721][T25833] ? __pfx_do_futex+0x10/0x10 [ 1412.741746][T25833] __x64_sys_futex+0x1e0/0x4c0 [ 1412.741777][T25833] ? __pfx___x64_sys_futex+0x10/0x10 [ 1412.741799][T25833] ? __sys_setresuid+0x6ad/0x1160 [ 1412.741825][T25833] do_syscall_64+0xcd/0xf80 [ 1412.741844][T25833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1412.741861][T25833] RIP: 0033:0x7f86d3d8f7c9 [ 1412.741876][T25833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1412.741893][T25833] RSP: 002b:00007f86d4c0e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1412.741910][T25833] RAX: ffffffffffffffda RBX: 00007f86d3fe6098 RCX: 00007f86d3d8f7c9 [ 1412.741921][T25833] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f86d3fe609c [ 1412.741930][T25833] RBP: 00007f86d3fe6090 R08: 00007f86d4c30000 R09: 0000000000000000 [ 1412.741940][T25833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1412.741950][T25833] R13: 00007f86d3fe6128 R14: 00007ffc8ed9e650 R15: 00007ffc8ed9e738 [ 1412.741971][T25833] [ 1413.390133][T25830] zswap: compressor not available [ 1413.395941][T25839] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3852'. [ 1413.751452][T25843] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3853'. [ 1414.683730][T25846] FAULT_INJECTION: forcing a failure. [ 1414.683730][T25846] name failslab, interval 1, probability 0, space 0, times 0 [ 1414.831213][T25846] CPU: 0 UID: 0 PID: 25846 Comm: syz.5.3854 Tainted: G L syzkaller #0 PREEMPT(full) [ 1414.831242][T25846] Tainted: [L]=SOFTLOCKUP [ 1414.831248][T25846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1414.831258][T25846] Call Trace: [ 1414.831265][T25846] [ 1414.831272][T25846] dump_stack_lvl+0x16c/0x1f0 [ 1414.831294][T25846] should_fail_ex+0x512/0x640 [ 1414.831316][T25846] ? __kmalloc_noprof+0xca/0x910 [ 1414.831338][T25846] should_failslab+0xc2/0x120 [ 1414.831366][T25846] __kmalloc_noprof+0xeb/0x910 [ 1414.831384][T25846] ? do_init_timer+0xc9/0x110 [ 1414.831411][T25846] ? ops_init+0x77/0x5f0 [ 1414.831440][T25846] ? ops_init+0x77/0x5f0 [ 1414.831463][T25846] ops_init+0x77/0x5f0 [ 1414.831490][T25846] setup_net+0x11d/0x3a0 [ 1414.831516][T25846] ? __pfx_setup_net+0x10/0x10 [ 1414.831540][T25846] ? lockdep_init_map_type+0x5c/0x270 [ 1414.831558][T25846] ? mutex_init_lockep+0x110/0x150 [ 1414.831578][T25846] copy_net_ns+0x351/0x7c0 [ 1414.831596][T25846] create_new_namespaces+0x3ea/0xab0 [ 1414.831624][T25846] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1414.831649][T25846] ksys_unshare+0x45b/0xa40 [ 1414.831665][T25846] ? __pfx_ksys_unshare+0x10/0x10 [ 1414.831682][T25846] ? xfd_validate_state+0x61/0x180 [ 1414.831704][T25846] __x64_sys_unshare+0x31/0x40 [ 1414.831719][T25846] do_syscall_64+0xcd/0xf80 [ 1414.831746][T25846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1414.831764][T25846] RIP: 0033:0x7f86d3d8f7c9 [ 1414.831778][T25846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1414.831794][T25846] RSP: 002b:00007f86d4c2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1414.831811][T25846] RAX: ffffffffffffffda RBX: 00007f86d3fe5fa0 RCX: 00007f86d3d8f7c9 [ 1414.831822][T25846] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1414.831832][T25846] RBP: 00007f86d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1414.831842][T25846] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1414.831852][T25846] R13: 00007f86d3fe6038 R14: 00007f86d3fe5fa0 R15: 00007ffc8ed9e738 [ 1414.831874][T25846] [ 1415.918669][T25858] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3863'. [ 1416.826779][T25864] netlink: 'syz.3.3857': attribute type 1 has an invalid length. [ 1416.895332][T25864] netlink: 33 bytes leftover after parsing attributes in process `syz.3.3857'. [ 1417.010478][T25868] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3857'. [ 1417.527463][T25870] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3859'. [ 1417.642907][T25846] netlink: 122 bytes leftover after parsing attributes in process `syz.5.3854'. [ 1417.696970][T25879] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3860'. [ 1418.331690][T25885] FAULT_INJECTION: forcing a failure. [ 1418.331690][T25885] name failslab, interval 1, probability 0, space 0, times 0 [ 1418.450974][T25885] CPU: 0 UID: 0 PID: 25885 Comm: syz.3.3862 Tainted: G L syzkaller #0 PREEMPT(full) [ 1418.451004][T25885] Tainted: [L]=SOFTLOCKUP [ 1418.451010][T25885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1418.451021][T25885] Call Trace: [ 1418.451028][T25885] [ 1418.451035][T25885] dump_stack_lvl+0x16c/0x1f0 [ 1418.451058][T25885] should_fail_ex+0x512/0x640 [ 1418.451079][T25885] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1418.451108][T25885] should_failslab+0xc2/0x120 [ 1418.451136][T25885] __kmalloc_cache_noprof+0x80/0x800 [ 1418.451157][T25885] ? drm_atomic_helper_setup_commit+0x8d7/0x15d0 [ 1418.451184][T25885] ? drm_atomic_helper_setup_commit+0x8d7/0x15d0 [ 1418.451206][T25885] ? _raw_spin_unlock+0x28/0x50 [ 1418.451230][T25885] drm_atomic_helper_setup_commit+0x8d7/0x15d0 [ 1418.451263][T25885] drm_atomic_helper_commit+0xa9/0x380 [ 1418.451288][T25885] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 1418.451311][T25885] drm_atomic_commit+0x234/0x300 [ 1418.451332][T25885] ? __pfx_drm_atomic_commit+0x10/0x10 [ 1418.451351][T25885] ? __pfx___drm_printfn_info+0x10/0x10 [ 1418.451381][T25885] ? drm_client_rotation+0x4da/0x6a0 [ 1418.451407][T25885] drm_client_modeset_commit_atomic+0x69d/0x7e0 [ 1418.451437][T25885] ? __mutex_lock+0x27b/0x1ca0 [ 1418.451454][T25885] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 1418.451477][T25885] ? trace_contention_end+0xdd/0x110 [ 1418.451518][T25885] drm_client_modeset_commit_locked+0x14d/0x580 [ 1418.451546][T25885] drm_client_modeset_commit+0x4f/0x80 [ 1418.451570][T25885] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 1418.451596][T25885] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 1418.451622][T25885] drm_fbdev_client_restore+0x1b/0x30 [ 1418.451641][T25885] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 1418.451658][T25885] drm_client_dev_restore+0x200/0x2a0 [ 1418.451686][T25885] drm_release+0x2c6/0x360 [ 1418.451709][T25885] ? __pfx_drm_release+0x10/0x10 [ 1418.451737][T25885] __fput+0x402/0xb70 [ 1418.451762][T25885] task_work_run+0x150/0x240 [ 1418.451783][T25885] ? __pfx_task_work_run+0x10/0x10 [ 1418.451800][T25885] ? __do_sys_close_range+0x278/0x730 [ 1418.451836][T25885] exit_to_user_mode_loop+0xfb/0x540 [ 1418.451862][T25885] do_syscall_64+0x4ee/0xf80 [ 1418.451882][T25885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1418.451900][T25885] RIP: 0033:0x7fd06ff8f7c9 [ 1418.451914][T25885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1418.451930][T25885] RSP: 002b:00007fd070efc038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1418.451947][T25885] RAX: 0000000000000000 RBX: 00007fd0701e5fa0 RCX: 00007fd06ff8f7c9 [ 1418.451957][T25885] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1418.451966][T25885] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1418.451977][T25885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1418.451986][T25885] R13: 00007fd0701e6038 R14: 00007fd0701e5fa0 R15: 00007ffe92787528 [ 1418.452011][T25885] [ 1419.337050][T25892] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3865'. [ 1419.801171][T25900] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3866'. [ 1421.366605][T25921] netlink: 'syz.5.3870': attribute type 1 has an invalid length. [ 1421.416690][T25921] netlink: 33 bytes leftover after parsing attributes in process `syz.5.3870'. [ 1421.544909][T25929] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3870'. [ 1422.337762][T25943] FAULT_INJECTION: forcing a failure. [ 1422.337762][T25943] name failslab, interval 1, probability 0, space 0, times 0 [ 1422.682019][T25943] CPU: 0 UID: 0 PID: 25943 Comm: syz.3.3873 Tainted: G L syzkaller #0 PREEMPT(full) [ 1422.682048][T25943] Tainted: [L]=SOFTLOCKUP [ 1422.682055][T25943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1422.682065][T25943] Call Trace: [ 1422.682071][T25943] [ 1422.682078][T25943] dump_stack_lvl+0x16c/0x1f0 [ 1422.682102][T25943] should_fail_ex+0x512/0x640 [ 1422.682123][T25943] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1422.682147][T25943] should_failslab+0xc2/0x120 [ 1422.682175][T25943] kmem_cache_alloc_noprof+0x83/0x770 [ 1422.682196][T25943] ? __proc_create+0x2c8/0x8d0 [ 1422.682232][T25943] ? __proc_create+0x2c8/0x8d0 [ 1422.682253][T25943] __proc_create+0x2c8/0x8d0 [ 1422.682278][T25943] ? __pfx___proc_create+0x10/0x10 [ 1422.682305][T25943] ? _raw_write_unlock+0x28/0x50 [ 1422.682320][T25943] ? proc_register+0x559/0x8b0 [ 1422.682347][T25943] proc_create_reg+0x7d/0x180 [ 1422.682373][T25943] proc_create_net_data+0x8e/0x1c0 [ 1422.682398][T25943] ? __pfx_proc_create_net_data+0x10/0x10 [ 1422.682428][T25943] ? __pfx_kcm_proc_init_net+0x10/0x10 [ 1422.682454][T25943] kcm_proc_init_net+0xa3/0x120 [ 1422.682479][T25943] ops_init+0x1e2/0x5f0 [ 1422.682507][T25943] setup_net+0x11d/0x3a0 [ 1422.682532][T25943] ? __pfx_setup_net+0x10/0x10 [ 1422.682556][T25943] ? lockdep_init_map_type+0x5c/0x270 [ 1422.682574][T25943] ? mutex_init_lockep+0x110/0x150 [ 1422.682595][T25943] copy_net_ns+0x351/0x7c0 [ 1422.682613][T25943] create_new_namespaces+0x3ea/0xab0 [ 1422.682641][T25943] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1422.682667][T25943] ksys_unshare+0x45b/0xa40 [ 1422.682683][T25943] ? __pfx_ksys_unshare+0x10/0x10 [ 1422.682699][T25943] ? xfd_validate_state+0x61/0x180 [ 1422.682728][T25943] __x64_sys_unshare+0x31/0x40 [ 1422.682743][T25943] do_syscall_64+0xcd/0xf80 [ 1422.682761][T25943] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1422.682778][T25943] RIP: 0033:0x7fd06ff8f7c9 [ 1422.682793][T25943] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1422.682811][T25943] RSP: 002b:00007fd070edb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1422.682828][T25943] RAX: ffffffffffffffda RBX: 00007fd0701e6090 RCX: 00007fd06ff8f7c9 [ 1422.682840][T25943] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1422.682851][T25943] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1422.682862][T25943] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1422.682872][T25943] R13: 00007fd0701e6128 R14: 00007fd0701e6090 R15: 00007ffe92787528 [ 1422.682895][T25943] [ 1423.021867][T25947] netlink: 122 bytes leftover after parsing attributes in process `syz.3.3873'. [ 1423.941873][T25957] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3875'. [ 1424.017652][T25959] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3876'. [ 1424.273530][T25961] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3877'. [ 1424.694430][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3882'. [ 1424.858845][T25968] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3880'. [ 1425.332087][T24517] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 1425.813276][T25998] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3886'. [ 1427.333599][T26016] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3889'. [ 1427.351230][T24517] Bluetooth: hci4: command tx timeout [ 1427.692748][T26022] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3891'. [ 1427.818097][T26027] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3892'. [ 1428.319539][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1428.326000][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1428.425728][T26031] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3894'. [ 1428.444668][T26032] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3893'. [ 1430.603765][T26052] FAULT_INJECTION: forcing a failure. [ 1430.603765][T26052] name failslab, interval 1, probability 0, space 0, times 0 [ 1430.751559][T26052] CPU: 0 UID: 0 PID: 26052 Comm: syz.4.3899 Tainted: G L syzkaller #0 PREEMPT(full) [ 1430.751590][T26052] Tainted: [L]=SOFTLOCKUP [ 1430.751596][T26052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1430.751605][T26052] Call Trace: [ 1430.751612][T26052] [ 1430.751619][T26052] dump_stack_lvl+0x16c/0x1f0 [ 1430.751641][T26052] should_fail_ex+0x512/0x640 [ 1430.751662][T26052] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1430.751685][T26052] should_failslab+0xc2/0x120 [ 1430.751713][T26052] __kmalloc_cache_noprof+0x80/0x800 [ 1430.751732][T26052] ? lockdep_init_map_type+0x5c/0x270 [ 1430.751750][T26052] ? rfkill_fop_open+0x1b6/0x750 [ 1430.751820][T26052] ? __pfx_rfkill_fop_open+0x10/0x10 [ 1430.751843][T26052] ? rfkill_fop_open+0x1b6/0x750 [ 1430.751865][T26052] ? __pfx_rfkill_fop_open+0x10/0x10 [ 1430.751889][T26052] rfkill_fop_open+0x1b6/0x750 [ 1430.751915][T26052] ? __pfx_rfkill_fop_open+0x10/0x10 [ 1430.751940][T26052] misc_open+0x26d/0x450 [ 1430.751962][T26052] ? __pfx_misc_open+0x10/0x10 [ 1430.751982][T26052] chrdev_open+0x234/0x6a0 [ 1430.751997][T26052] ? __pfx_apparmor_file_open+0x10/0x10 [ 1430.752016][T26052] ? __pfx_chrdev_open+0x10/0x10 [ 1430.752043][T26052] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1430.752074][T26052] do_dentry_open+0x748/0x1590 [ 1430.752099][T26052] ? __pfx_chrdev_open+0x10/0x10 [ 1430.752131][T26052] vfs_open+0x82/0x3f0 [ 1430.752152][T26052] path_openat+0x2078/0x3140 [ 1430.752185][T26052] ? __pfx_path_openat+0x10/0x10 [ 1430.752219][T26052] do_filp_open+0x20b/0x470 [ 1430.752245][T26052] ? __pfx_do_filp_open+0x10/0x10 [ 1430.752286][T26052] ? alloc_fd+0x471/0x7d0 [ 1430.752317][T26052] do_sys_openat2+0x121/0x290 [ 1430.752336][T26052] ? __pfx_do_sys_openat2+0x10/0x10 [ 1430.752364][T26052] __x64_sys_openat+0x174/0x210 [ 1430.752384][T26052] ? __pfx___x64_sys_openat+0x10/0x10 [ 1430.752412][T26052] do_syscall_64+0xcd/0xf80 [ 1430.752430][T26052] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1430.752447][T26052] RIP: 0033:0x7fa8da38f7c9 [ 1430.752462][T26052] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1430.752478][T26052] RSP: 002b:00007fa8db2f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1430.752495][T26052] RAX: ffffffffffffffda RBX: 00007fa8da5e5fa0 RCX: 00007fa8da38f7c9 [ 1430.752505][T26052] RDX: 0000000000002000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1430.752515][T26052] RBP: 00007fa8da413f91 R08: 0000000000000000 R09: 0000000000000000 [ 1430.752524][T26052] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1430.752534][T26052] R13: 00007fa8da5e6038 R14: 00007fa8da5e5fa0 R15: 00007ffc86ecbd48 [ 1430.752556][T26052] [ 1431.074372][T26056] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3901'. [ 1432.093444][T26078] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3905'. [ 1432.849025][T26089] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3908'. [ 1434.231309][T24517] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1434.492605][T26105] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3911'. [ 1436.004200][T26125] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3916'. [ 1436.663897][T26130] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input77 [ 1438.622008][T26159] ima: policy update failed [ 1438.663518][ T30] audit: type=1802 audit(1769088508.068:38): pid=26159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.3924" res=0 errno=0 [ 1439.449776][T26173] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3927'. [ 1439.893534][T26182] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3929'. [ 1440.243009][T26187] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3931'. [ 1441.929412][T26209] sctp: [Deprecated]: syz.1.3934 (pid 26209) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1441.929412][T26209] Use struct sctp_sack_info instead [ 1442.411382][T26221] input: f¬ as /devices/virtual/input/input78 [ 1442.607611][T26222] zram: Removed device: zram0 [ 1442.955928][T26228] netlink: 9 bytes leftover after parsing attributes in process `syz.4.3938'. [ 1444.094559][T26231] zswap: compressor not available [ 1445.052477][T26256] random: crng reseeded on system resumption [ 1445.102071][T26268] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3945'. [ 1446.595609][T26293] dyndbg: bad flag-op /, at start of /sys/kern [ 1446.645795][T26293] dyndbg: flags parse failed [ 1447.013552][T26299] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3949'. [ 1448.986776][T26333] dyndbg: bad flag-op /, at start of /sys/kern [ 1449.074945][T26333] dyndbg: flags parse failed [ 1449.528054][T26342] netlink: 'syz.4.3959': attribute type 22 has an invalid length. [ 1449.586834][T26342] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3959'. [ 1450.328931][T26354] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3960'. [ 1450.390990][T26356] program syz.1.3962 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1450.468382][T26356] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1452.082125][T26381] netlink: 9 bytes leftover after parsing attributes in process `syz.5.3967'. [ 1454.572396][T26411] program syz.4.3973 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1454.722685][T26411] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1455.025245][T26420] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3974'. [ 1455.116017][T26414] random: crng reseeded on system resumption [ 1456.150406][T26437] netlink: 9 bytes leftover after parsing attributes in process `syz.3.3979'. [ 1456.796918][T26446] netlink: 25 bytes leftover after parsing attributes in process `syz.4.3984'. [ 1457.107729][T26452] FAULT_INJECTION: forcing a failure. [ 1457.107729][T26452] name failslab, interval 1, probability 0, space 0, times 0 [ 1457.214662][T26452] CPU: 0 UID: 0 PID: 26452 Comm: syz.3.3985 Tainted: G L syzkaller #0 PREEMPT(full) [ 1457.214692][T26452] Tainted: [L]=SOFTLOCKUP [ 1457.214699][T26452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1457.214709][T26452] Call Trace: [ 1457.214715][T26452] [ 1457.214722][T26452] dump_stack_lvl+0x16c/0x1f0 [ 1457.214744][T26452] should_fail_ex+0x512/0x640 [ 1457.214765][T26452] ? __kmalloc_cache_noprof+0x5f/0x800 [ 1457.214788][T26452] should_failslab+0xc2/0x120 [ 1457.214815][T26452] __kmalloc_cache_noprof+0x80/0x800 [ 1457.214836][T26452] ? rfkill_fop_open+0x1b6/0x750 [ 1457.214864][T26452] ? rfkill_fop_open+0x1b6/0x750 [ 1457.214887][T26452] rfkill_fop_open+0x1b6/0x750 [ 1457.214914][T26452] ? __pfx_rfkill_fop_open+0x10/0x10 [ 1457.214939][T26452] misc_open+0x26d/0x450 [ 1457.214960][T26452] ? __pfx_misc_open+0x10/0x10 [ 1457.214981][T26452] chrdev_open+0x234/0x6a0 [ 1457.214995][T26452] ? __pfx_apparmor_file_open+0x10/0x10 [ 1457.215014][T26452] ? __pfx_chrdev_open+0x10/0x10 [ 1457.215041][T26452] ? fsnotify_open_perm_and_set_mode+0x17c/0xa60 [ 1457.215073][T26452] do_dentry_open+0x748/0x1590 [ 1457.215098][T26452] ? __pfx_chrdev_open+0x10/0x10 [ 1457.215130][T26452] vfs_open+0x82/0x3f0 [ 1457.215152][T26452] path_openat+0x2078/0x3140 [ 1457.215184][T26452] ? __pfx_path_openat+0x10/0x10 [ 1457.215218][T26452] do_filp_open+0x20b/0x470 [ 1457.215245][T26452] ? __pfx_do_filp_open+0x10/0x10 [ 1457.215286][T26452] ? alloc_fd+0x471/0x7d0 [ 1457.215317][T26452] do_sys_openat2+0x121/0x290 [ 1457.215337][T26452] ? __pfx_do_sys_openat2+0x10/0x10 [ 1457.215365][T26452] __x64_sys_openat+0x174/0x210 [ 1457.215385][T26452] ? __pfx___x64_sys_openat+0x10/0x10 [ 1457.215414][T26452] do_syscall_64+0xcd/0xf80 [ 1457.215432][T26452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1457.215449][T26452] RIP: 0033:0x7fd06ff8f7c9 [ 1457.215464][T26452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1457.215480][T26452] RSP: 002b:00007fd070efc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1457.215497][T26452] RAX: ffffffffffffffda RBX: 00007fd0701e5fa0 RCX: 00007fd06ff8f7c9 [ 1457.215508][T26452] RDX: 0000000000002000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1457.215518][T26452] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1457.215528][T26452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1457.215538][T26452] R13: 00007fd0701e6038 R14: 00007fd0701e5fa0 R15: 00007ffe92787528 [ 1457.215560][T26452] [ 1458.587320][T26479] netlink: 9 bytes leftover after parsing attributes in process `syz.1.3992'. [ 1458.912027][T26488] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3995'. [ 1463.311679][T26551] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 1463.492063][T26548] nvme_fabrics: missing parameter 'transport=%s' [ 1463.582784][T26548] nvme_fabrics: missing parameter 'nqn=%s' [ 1463.698801][T26538] zswap: compressor not available [ 1464.452312][T26557] openvswitch: netlink: ct_state flags aa1414ac unsupported [ 1464.865350][T26563] FAULT_INJECTION: forcing a failure. [ 1464.865350][T26563] name failslab, interval 1, probability 0, space 0, times 0 [ 1464.956735][T26563] CPU: 0 UID: 0 PID: 26563 Comm: syz.3.4013 Tainted: G L syzkaller #0 PREEMPT(full) [ 1464.956765][T26563] Tainted: [L]=SOFTLOCKUP [ 1464.956771][T26563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1464.956781][T26563] Call Trace: [ 1464.956787][T26563] [ 1464.956794][T26563] dump_stack_lvl+0x16c/0x1f0 [ 1464.956816][T26563] should_fail_ex+0x512/0x640 [ 1464.956837][T26563] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1464.956861][T26563] should_failslab+0xc2/0x120 [ 1464.956889][T26563] kmem_cache_alloc_noprof+0x83/0x770 [ 1464.956910][T26563] ? alloc_empty_file+0x55/0x1e0 [ 1464.956933][T26563] ? alloc_empty_file+0x55/0x1e0 [ 1464.956950][T26563] alloc_empty_file+0x55/0x1e0 [ 1464.956970][T26563] alloc_file_pseudo+0x13a/0x230 [ 1464.956990][T26563] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1464.957016][T26563] __shmem_file_setup+0x1a8/0x350 [ 1464.957049][T26563] shmem_zero_setup+0x93/0x1b0 [ 1464.957072][T26563] __mmap_region+0x22ff/0x2ad0 [ 1464.957097][T26563] ? __pfx___mmap_region+0x10/0x10 [ 1464.957115][T26563] ? __lock_acquire+0x436/0x2890 [ 1464.957148][T26563] ? finish_task_switch.isra.0+0x207/0xbd0 [ 1464.957173][T26563] ? lockdep_hardirqs_on+0x7c/0x110 [ 1464.957190][T26563] ? finish_task_switch.isra.0+0x207/0xbd0 [ 1464.957253][T26563] ? rcu_is_watching+0x12/0xc0 [ 1464.957284][T26563] mmap_region+0x1ab/0x3f0 [ 1464.957305][T26563] ? __get_unmapped_area+0x267/0x3f0 [ 1464.957333][T26563] do_mmap+0xa3e/0x1210 [ 1464.957362][T26563] ? __pfx_do_mmap+0x10/0x10 [ 1464.957388][T26563] ? __pfx_down_write_killable+0x10/0x10 [ 1464.957413][T26563] vm_mmap_pgoff+0x29e/0x470 [ 1464.957442][T26563] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1464.957471][T26563] ? __x64_sys_futex+0x1e0/0x4c0 [ 1464.957490][T26563] ? __x64_sys_futex+0x1e9/0x4c0 [ 1464.957513][T26563] ksys_mmap_pgoff+0x7d/0x5c0 [ 1464.957538][T26563] ? xfd_validate_state+0x61/0x180 [ 1464.957553][T26563] ? __pfx_ksys_write+0x10/0x10 [ 1464.957580][T26563] __x64_sys_mmap+0x125/0x190 [ 1464.957600][T26563] do_syscall_64+0xcd/0xf80 [ 1464.957619][T26563] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.957637][T26563] RIP: 0033:0x7fd06ff8f7c9 [ 1464.957652][T26563] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1464.957669][T26563] RSP: 002b:00007fd070efc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1464.957691][T26563] RAX: ffffffffffffffda RBX: 00007fd0701e5fa0 RCX: 00007fd06ff8f7c9 [ 1464.957702][T26563] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1464.957719][T26563] RBP: 00007fd070013f91 R08: fffffffffffffffa R09: 0000000000008000 [ 1464.957729][T26563] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1464.957739][T26563] R13: 00007fd0701e6038 R14: 00007fd0701e5fa0 R15: 00007ffe92787528 [ 1464.957762][T26563] [ 1465.740802][T24517] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1466.346183][T26579] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input79 [ 1466.663749][T26585] FAULT_INJECTION: forcing a failure. [ 1466.663749][T26585] name failslab, interval 1, probability 0, space 0, times 0 [ 1466.969371][T26585] CPU: 0 UID: 0 PID: 26585 Comm: syz.4.4017 Tainted: G L syzkaller #0 PREEMPT(full) [ 1466.969402][T26585] Tainted: [L]=SOFTLOCKUP [ 1466.969408][T26585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1466.969418][T26585] Call Trace: [ 1466.969424][T26585] [ 1466.969431][T26585] dump_stack_lvl+0x16c/0x1f0 [ 1466.969453][T26585] should_fail_ex+0x512/0x640 [ 1466.969474][T26585] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1466.969497][T26585] should_failslab+0xc2/0x120 [ 1466.969525][T26585] kmem_cache_alloc_noprof+0x83/0x770 [ 1466.969546][T26585] ? getname_flags.part.0+0x4c/0x550 [ 1466.969570][T26585] ? getname_flags.part.0+0x4c/0x550 [ 1466.969588][T26585] getname_flags.part.0+0x4c/0x550 [ 1466.969610][T26585] getname_flags+0x93/0xf0 [ 1466.969634][T26585] do_sys_openat2+0xb9/0x290 [ 1466.969653][T26585] ? __pfx_do_sys_openat2+0x10/0x10 [ 1466.969680][T26585] __x64_sys_openat+0x174/0x210 [ 1466.969700][T26585] ? __pfx___x64_sys_openat+0x10/0x10 [ 1466.969727][T26585] do_syscall_64+0xcd/0xf80 [ 1466.969746][T26585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1466.969763][T26585] RIP: 0033:0x7fa8da38f7c9 [ 1466.969777][T26585] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1466.969793][T26585] RSP: 002b:00007fa8db2f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1466.969809][T26585] RAX: ffffffffffffffda RBX: 00007fa8da5e5fa0 RCX: 00007fa8da38f7c9 [ 1466.969820][T26585] RDX: 000000000014f602 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1466.969830][T26585] RBP: 00007fa8da413f91 R08: 0000000000000000 R09: 0000000000000000 [ 1466.969840][T26585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1466.969849][T26585] R13: 00007fa8da5e6038 R14: 00007fa8da5e5fa0 R15: 00007ffc86ecbd48 [ 1466.969871][T26585] [ 1467.495274][T26592] __vm_enough_memory: pid: 26592, comm: syz.3.4018, bytes: 4398046511104 not enough memory for the allocation [ 1470.602387][T26620] zswap: compressor not available [ 1470.861718][T26632] netlink: 17 bytes leftover after parsing attributes in process `syz.3.4026'. [ 1470.960650][T26613] No such timeout policy "" [ 1470.996544][T26634] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4028'. [ 1471.005716][T26613] netlink: Failed to associated timeout policy '' [ 1471.389059][T26640] FAULT_INJECTION: forcing a failure. [ 1471.389059][T26640] name failslab, interval 1, probability 0, space 0, times 0 [ 1471.500920][T26640] CPU: 0 UID: 0 PID: 26640 Comm: syz.5.4031 Tainted: G L syzkaller #0 PREEMPT(full) [ 1471.500951][T26640] Tainted: [L]=SOFTLOCKUP [ 1471.500957][T26640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1471.500967][T26640] Call Trace: [ 1471.500974][T26640] [ 1471.500981][T26640] dump_stack_lvl+0x16c/0x1f0 [ 1471.501004][T26640] should_fail_ex+0x512/0x640 [ 1471.501025][T26640] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1471.501050][T26640] should_failslab+0xc2/0x120 [ 1471.501083][T26640] kmem_cache_alloc_noprof+0x83/0x770 [ 1471.501104][T26640] ? getname_flags.part.0+0x4c/0x550 [ 1471.501129][T26640] ? getname_flags.part.0+0x4c/0x550 [ 1471.501146][T26640] getname_flags.part.0+0x4c/0x550 [ 1471.501168][T26640] getname_flags+0x93/0xf0 [ 1471.501191][T26640] do_sys_openat2+0xb9/0x290 [ 1471.501211][T26640] ? __pfx_do_sys_openat2+0x10/0x10 [ 1471.501238][T26640] __x64_sys_openat+0x174/0x210 [ 1471.501259][T26640] ? __pfx___x64_sys_openat+0x10/0x10 [ 1471.501289][T26640] do_syscall_64+0xcd/0xf80 [ 1471.501307][T26640] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1471.501324][T26640] RIP: 0033:0x7f86d3d8f7c9 [ 1471.501338][T26640] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1471.501355][T26640] RSP: 002b:00007f86d4c2f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1471.501371][T26640] RAX: ffffffffffffffda RBX: 00007f86d3fe5fa0 RCX: 00007f86d3d8f7c9 [ 1471.501382][T26640] RDX: 000000000014f602 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1471.501392][T26640] RBP: 00007f86d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1471.501402][T26640] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1471.501412][T26640] R13: 00007f86d3fe6038 R14: 00007f86d3fe5fa0 R15: 00007ffc8ed9e738 [ 1471.501434][T26640] [ 1471.689747][T26645] ptrace attach of "./syz-executor exec"[18212] was attempted by "./syz-executor exec"[26645] [ 1473.595922][T26678] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4040'. [ 1473.632110][T26680] netlink: 17 bytes leftover after parsing attributes in process `syz.5.4039'. [ 1473.841656][T26673] zswap: compressor not available [ 1474.882203][T26704] FAULT_INJECTION: forcing a failure. [ 1474.882203][T26704] name failslab, interval 1, probability 0, space 0, times 0 [ 1474.983132][T26704] CPU: 0 UID: 0 PID: 26704 Comm: syz.3.4046 Tainted: G L syzkaller #0 PREEMPT(full) [ 1474.983162][T26704] Tainted: [L]=SOFTLOCKUP [ 1474.983169][T26704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1474.983179][T26704] Call Trace: [ 1474.983186][T26704] [ 1474.983193][T26704] dump_stack_lvl+0x16c/0x1f0 [ 1474.983216][T26704] should_fail_ex+0x512/0x640 [ 1474.983236][T26704] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1474.983261][T26704] should_failslab+0xc2/0x120 [ 1474.983289][T26704] kmem_cache_alloc_noprof+0x83/0x770 [ 1474.983311][T26704] ? skb_clone+0x190/0x3f0 [ 1474.983339][T26704] ? skb_clone+0x190/0x3f0 [ 1474.983362][T26704] skb_clone+0x190/0x3f0 [ 1474.983387][T26704] netlink_deliver_tap+0xabd/0xd30 [ 1474.983418][T26704] netlink_unicast+0x64c/0x870 [ 1474.983448][T26704] ? __pfx_netlink_unicast+0x10/0x10 [ 1474.983473][T26704] ? __asan_memset+0x23/0x50 [ 1474.983494][T26704] ? __build_skb_around+0x278/0x390 [ 1474.983513][T26704] ? is_vmalloc_addr+0x86/0xa0 [ 1474.983535][T26704] netlink_sendmsg+0x8c8/0xdd0 [ 1474.983566][T26704] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1474.983595][T26704] ? aa_sock_msg_perm.constprop.0+0x100/0x1b0 [ 1474.983626][T26704] ____sys_sendmsg+0xa5d/0xc30 [ 1474.983644][T26704] ? copy_msghdr_from_user+0x10a/0x160 [ 1474.983668][T26704] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1474.983685][T26704] ? preempt_schedule_thunk+0x16/0x30 [ 1474.983706][T26704] ? try_to_wake_up+0xa67/0x1860 [ 1474.983733][T26704] ___sys_sendmsg+0x134/0x1d0 [ 1474.983759][T26704] ? __pfx____sys_sendmsg+0x10/0x10 [ 1474.983784][T26704] ? futex_private_hash_put+0x160/0x1b0 [ 1474.983827][T26704] __sys_sendmsg+0x16d/0x220 [ 1474.983851][T26704] ? __pfx___sys_sendmsg+0x10/0x10 [ 1474.983875][T26704] ? __x64_sys_futex+0x1e0/0x4c0 [ 1474.983907][T26704] do_syscall_64+0xcd/0xf80 [ 1474.983925][T26704] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1474.983942][T26704] RIP: 0033:0x7fd06ff8f7c9 [ 1474.983956][T26704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1474.983973][T26704] RSP: 002b:00007fd070efc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1474.983990][T26704] RAX: ffffffffffffffda RBX: 00007fd0701e5fa0 RCX: 00007fd06ff8f7c9 [ 1474.984000][T26704] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 1474.984010][T26704] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1474.984020][T26704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1474.984029][T26704] R13: 00007fd0701e6038 R14: 00007fd0701e5fa0 R15: 00007ffe92787528 [ 1474.984051][T26704] [ 1476.037257][T26700] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input80 [ 1478.304192][T26731] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4049'. [ 1479.701540][T26743] zswap: compressor not available [ 1479.779245][T26761] netlink: 9 bytes leftover after parsing attributes in process `syz.1.4056'. [ 1480.196361][ T30] audit: type=1800 audit(1769088549.598:39): pid=26763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="" name="lu_gp_id" dev="configfs" ino=121216 res=0 errno=0 [ 1481.222335][T26758] No such timeout policy "" [ 1481.253169][T26758] netlink: Failed to associated timeout policy '' [ 1481.912159][T24517] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1482.030683][T26791] FAULT_INJECTION: forcing a failure. [ 1482.030683][T26791] name failslab, interval 1, probability 0, space 0, times 0 [ 1482.135885][T26791] CPU: 0 UID: 0 PID: 26791 Comm: syz.3.4063 Tainted: G L syzkaller #0 PREEMPT(full) [ 1482.135928][T26791] Tainted: [L]=SOFTLOCKUP [ 1482.135935][T26791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1482.135945][T26791] Call Trace: [ 1482.135952][T26791] [ 1482.135958][T26791] dump_stack_lvl+0x16c/0x1f0 [ 1482.135981][T26791] should_fail_ex+0x512/0x640 [ 1482.136002][T26791] ? __kmalloc_noprof+0xca/0x910 [ 1482.136024][T26791] should_failslab+0xc2/0x120 [ 1482.136052][T26791] __kmalloc_noprof+0xeb/0x910 [ 1482.136071][T26791] ? __pfx_inc_ucount+0x10/0x10 [ 1482.136087][T26791] ? net_alloc_generic+0x1e/0x70 [ 1482.136116][T26791] ? net_alloc_generic+0x1e/0x70 [ 1482.136139][T26791] net_alloc_generic+0x1e/0x70 [ 1482.136164][T26791] copy_net_ns+0xc6/0x7c0 [ 1482.136178][T26791] ? copy_cgroup_ns+0x71/0x980 [ 1482.136197][T26791] create_new_namespaces+0x3ea/0xab0 [ 1482.136226][T26791] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1482.136251][T26791] ksys_unshare+0x45b/0xa40 [ 1482.136267][T26791] ? __pfx_ksys_unshare+0x10/0x10 [ 1482.136283][T26791] ? xfd_validate_state+0x61/0x180 [ 1482.136306][T26791] __x64_sys_unshare+0x31/0x40 [ 1482.136320][T26791] do_syscall_64+0xcd/0xf80 [ 1482.136339][T26791] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1482.136356][T26791] RIP: 0033:0x7fd06ff8f7c9 [ 1482.136371][T26791] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1482.136388][T26791] RSP: 002b:00007fd070efc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1482.136405][T26791] RAX: ffffffffffffffda RBX: 00007fd0701e5fa0 RCX: 00007fd06ff8f7c9 [ 1482.136416][T26791] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1482.136426][T26791] RBP: 00007fd070013f91 R08: 0000000000000000 R09: 0000000000000000 [ 1482.136435][T26791] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1482.136445][T26791] R13: 00007fd0701e6038 R14: 00007fd0701e5fa0 R15: 00007ffe92787528 [ 1482.136467][T26791] [ 1483.944817][T26805] FAULT_INJECTION: forcing a failure. [ 1483.944817][T26805] name failslab, interval 1, probability 0, space 0, times 0 [ 1484.068557][T26805] CPU: 0 UID: 0 PID: 26805 Comm: syz.5.4065 Tainted: G L syzkaller #0 PREEMPT(full) [ 1484.068587][T26805] Tainted: [L]=SOFTLOCKUP [ 1484.068594][T26805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1484.068604][T26805] Call Trace: [ 1484.068611][T26805] [ 1484.068618][T26805] dump_stack_lvl+0x16c/0x1f0 [ 1484.068642][T26805] should_fail_ex+0x512/0x640 [ 1484.068663][T26805] ? __kmalloc_node_track_caller_noprof+0xcb/0x930 [ 1484.068700][T26805] should_failslab+0xc2/0x120 [ 1484.068728][T26805] __kmalloc_node_track_caller_noprof+0xec/0x930 [ 1484.068753][T26805] ? kstrdup_const+0x63/0x80 [ 1484.068779][T26805] ? kstrdup+0x53/0x100 [ 1484.068797][T26805] kstrdup+0x53/0x100 [ 1484.068817][T26805] kstrdup_const+0x63/0x80 [ 1484.068837][T26805] alloc_vfsmnt+0xea/0x6b0 [ 1484.068856][T26805] ? __pfx___might_resched+0x10/0x10 [ 1484.068881][T26805] clone_mnt+0x4b/0x930 [ 1484.068905][T26805] copy_tree+0xee/0xbd0 [ 1484.068929][T26805] ? __pfx_down_write+0x10/0x10 [ 1484.068953][T26805] copy_mnt_ns+0x2c3/0xc40 [ 1484.068970][T26805] ? create_new_namespaces+0x30/0xab0 [ 1484.068997][T26805] create_new_namespaces+0xd3/0xab0 [ 1484.069019][T26805] ? bpf_lsm_capable+0x9/0x10 [ 1484.069042][T26805] ? security_capable+0x7e/0x260 [ 1484.069061][T26805] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1484.069087][T26805] ksys_unshare+0x45b/0xa40 [ 1484.069103][T26805] ? __pfx_ksys_unshare+0x10/0x10 [ 1484.069119][T26805] ? xfd_validate_state+0x61/0x180 [ 1484.069141][T26805] __x64_sys_unshare+0x31/0x40 [ 1484.069156][T26805] do_syscall_64+0xcd/0xf80 [ 1484.069174][T26805] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1484.069191][T26805] RIP: 0033:0x7f86d3d8f7c9 [ 1484.069205][T26805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1484.069222][T26805] RSP: 002b:00007f86d4c0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1484.069238][T26805] RAX: ffffffffffffffda RBX: 00007f86d3fe6090 RCX: 00007f86d3d8f7c9 [ 1484.069249][T26805] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 1484.069259][T26805] RBP: 00007f86d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1484.069269][T26805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1484.069278][T26805] R13: 00007f86d3fe6128 R14: 00007f86d3fe6090 R15: 00007ffc8ed9e738 [ 1484.069300][T26805] [ 1485.307631][T26823] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 1486.000783][T26842] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input81 [ 1486.573673][ T30] audit: type=1800 audit(1769088555.978:40): pid=26857 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4073" name="features" dev="configfs" ino=121706 res=0 errno=0 [ 1488.120653][T26846] binder: 26845:26846 ioctl c018620c 0 returned -1 [ 1488.273130][T26877] [U] [ 1488.275950][T26877] [U] [ 1488.278661][T26877] [U] [ 1488.281350][T26877] [U] [ 1488.423862][T26877] [U] [ 1488.426600][T26877] [U] [ 1488.429292][T26877] [U] [ 1488.431987][T26877] [U] [ 1488.498265][T26877] [U] [ 1488.500998][T26877] [U] [ 1488.503695][T26877] [U] [ 1488.506379][T26877] [U] [ 1488.584673][T26877] [U] [ 1488.587425][T26877] [U] [ 1488.590116][T26877] [U] [ 1488.592807][T26877] [U] [ 1488.658846][T26877] [U] [ 1488.661587][T26877] [U] [ 1488.664273][T26877] [U] [ 1488.666960][T26877] [U] [ 1488.732040][T26877] [U] [ 1488.734769][T26877] [U] [ 1488.737477][T26877] [U] [ 1488.740167][T26877] [U] [ 1488.835179][T26877] [U] [ 1489.052106][T26887] ima: policy update failed [ 1489.066875][ T30] audit: type=1802 audit(1769088558.458:41): pid=26887 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.4079" res=0 errno=0 [ 1489.216857][T26904] netlink: 9 bytes leftover after parsing attributes in process `syz.4.4081'. [ 1489.515439][T26915] FAULT_INJECTION: forcing a failure. [ 1489.515439][T26915] name failslab, interval 1, probability 0, space 0, times 0 [ 1489.572792][T26917] netlink: 9 bytes leftover after parsing attributes in process `syz.4.4083'. [ 1489.606640][T26915] CPU: 0 UID: 0 PID: 26915 Comm: syz.1.4082 Tainted: G L syzkaller #0 PREEMPT(full) [ 1489.606678][T26915] Tainted: [L]=SOFTLOCKUP [ 1489.606685][T26915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1489.606695][T26915] Call Trace: [ 1489.606702][T26915] [ 1489.606709][T26915] dump_stack_lvl+0x16c/0x1f0 [ 1489.606732][T26915] should_fail_ex+0x512/0x640 [ 1489.606753][T26915] ? kmem_cache_alloc_noprof+0x62/0x770 [ 1489.606777][T26915] should_failslab+0xc2/0x120 [ 1489.606804][T26915] kmem_cache_alloc_noprof+0x83/0x770 [ 1489.606826][T26915] ? create_new_namespaces+0x30/0xab0 [ 1489.606854][T26915] ? create_new_namespaces+0x30/0xab0 [ 1489.606876][T26915] create_new_namespaces+0x30/0xab0 [ 1489.606898][T26915] ? bpf_lsm_capable+0x9/0x10 [ 1489.606920][T26915] ? security_capable+0x7e/0x260 [ 1489.606940][T26915] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1489.606972][T26915] ksys_unshare+0x45b/0xa40 [ 1489.606989][T26915] ? __pfx_ksys_unshare+0x10/0x10 [ 1489.607005][T26915] ? xfd_validate_state+0x61/0x180 [ 1489.607028][T26915] __x64_sys_unshare+0x31/0x40 [ 1489.607046][T26915] do_syscall_64+0xcd/0xf80 [ 1489.607064][T26915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1489.607082][T26915] RIP: 0033:0x7faec678f7c9 [ 1489.607096][T26915] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1489.607112][T26915] RSP: 002b:00007faec75a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1489.607128][T26915] RAX: ffffffffffffffda RBX: 00007faec69e5fa0 RCX: 00007faec678f7c9 [ 1489.607139][T26915] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1489.607148][T26915] RBP: 00007faec6813f91 R08: 0000000000000000 R09: 0000000000000000 [ 1489.607158][T26915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1489.607167][T26915] R13: 00007faec69e6038 R14: 00007faec69e5fa0 R15: 00007ffc7a470268 [ 1489.607188][T26915] [ 1490.107925][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1490.127138][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1491.562173][T26938] futex_wake_op: syz.4.4089 tries to shift op by -2048; fix this program [ 1491.647619][T26938] futex_wake_op: syz.4.4089 tries to shift op by -2048; fix this program [ 1492.199718][T26950] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4093'. [ 1492.568947][T26960] futex_wake_op: syz.1.4094 tries to shift op by -2048; fix this program [ 1492.661761][T26960] futex_wake_op: syz.1.4094 tries to shift op by -2048; fix this program [ 1495.708291][T27010] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4102'. [ 1496.952569][T24517] Bluetooth: hci4: command 0x0406 tx timeout [ 1500.380548][T27062] netlink: 342 bytes leftover after parsing attributes in process `syz.5.4109'. [ 1500.572210][T27065] netlink: 9 bytes leftover after parsing attributes in process `syz.1.4110'. [ 1500.967606][T27073] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4112'. [ 1501.736657][T27096] ICMPv6: process `syz.4.4117' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 1502.281425][T27095] zswap: compressor not available [ 1503.422228][T27095] FAULT_INJECTION: forcing a failure. [ 1503.422228][T27095] name failslab, interval 1, probability 0, space 0, times 0 [ 1503.595418][T27095] CPU: 0 UID: 0 PID: 27095 Comm: syz.5.4116 Tainted: G L syzkaller #0 PREEMPT(full) [ 1503.595447][T27095] Tainted: [L]=SOFTLOCKUP [ 1503.595453][T27095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1503.595463][T27095] Call Trace: [ 1503.595469][T27095] [ 1503.595476][T27095] dump_stack_lvl+0x16c/0x1f0 [ 1503.595499][T27095] should_fail_ex+0x512/0x640 [ 1503.595520][T27095] ? __kmalloc_noprof+0xca/0x910 [ 1503.595541][T27095] should_failslab+0xc2/0x120 [ 1503.595568][T27095] __kmalloc_noprof+0xeb/0x910 [ 1503.595588][T27095] ? lsm_blob_alloc+0x68/0x90 [ 1503.595626][T27095] ? lsm_blob_alloc+0x68/0x90 [ 1503.595650][T27095] lsm_blob_alloc+0x68/0x90 [ 1503.595677][T27095] security_prepare_creds+0x2f/0x270 [ 1503.595704][T27095] prepare_creds+0x5d6/0x940 [ 1503.595726][T27095] copy_creds+0xa7/0xa50 [ 1503.595748][T27095] copy_process+0x130f/0x7430 [ 1503.595777][T27095] ? __pfx_do_swap_page+0x10/0x10 [ 1503.595801][T27095] ? __pfx_copy_process+0x10/0x10 [ 1503.595828][T27095] ? rcu_is_watching+0x12/0xc0 [ 1503.595851][T27095] ? ___pte_offset_map+0x175/0x380 [ 1503.595880][T27095] kernel_clone+0xfc/0x910 [ 1503.595906][T27095] ? __pfx_kernel_clone+0x10/0x10 [ 1503.595944][T27095] __do_sys_clone+0xce/0x120 [ 1503.595969][T27095] ? __pfx___do_sys_clone+0x10/0x10 [ 1503.595994][T27095] ? count_memcg_events+0x122/0x290 [ 1503.596028][T27095] ? do_user_addr_fault+0x843/0x1370 [ 1503.596054][T27095] do_syscall_64+0xcd/0xf80 [ 1503.596072][T27095] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1503.596089][T27095] RIP: 0033:0x7f86d3d8f7c9 [ 1503.596104][T27095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1503.596120][T27095] RSP: 002b:00007f86d4c0dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000038 [ 1503.596137][T27095] RAX: ffffffffffffffda RBX: 00007f86d3fe6090 RCX: 00007f86d3d8f7c9 [ 1503.596149][T27095] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1503.596158][T27095] RBP: 00007f86d3e13f91 R08: 0000000000000000 R09: 0000000000000000 [ 1503.596168][T27095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1503.596177][T27095] R13: 00007f86d3fe6128 R14: 00007f86d3fe6090 R15: 00007ffc8ed9e738 [ 1503.596199][T27095] [ 1504.134388][T27125] netlink: 342 bytes leftover after parsing attributes in process `syz.3.4121'. [ 1508.080426][T27176] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4134'. [ 1510.002435][T27213] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4143'. [ 1510.420521][T27213] mac80211_hwsim hwsim30 ›: renamed from wlan0 (while UP) [ 1511.881720][T27237] cgroup: fork rejected by pids controller in /syz1 [ 1515.843545][T27285] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4150'. [ 1516.199030][T27287] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4147'. [ 1518.471402][T27343] netlink: 330 bytes leftover after parsing attributes in process `syz.5.4163'. [ 1518.597777][T27343] mac80211_hwsim hwsim25 ›: renamed from wlan0 (while UP) [ 1519.370941][T27353] HfR: entered promiscuous mode [ 1520.484938][T27376] netlink: 17 bytes leftover after parsing attributes in process `syz.5.4170'. [ 1520.862819][T27381] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4171'. [ 1520.929571][T27381] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4171'. [ 1521.462897][T27388] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4172'. [ 1522.835019][T27416] netlink: 13 bytes leftover after parsing attributes in process `syz.5.4176'. [ 1523.159727][T27421] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4178'. [ 1523.206608][T27422] netlink: 17 bytes leftover after parsing attributes in process `syz.4.4179'. [ 1523.598296][T27431] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4183'. [ 1524.492080][T27446] netlink: 13 bytes leftover after parsing attributes in process `syz.1.4187'. [ 1525.176420][T27456] netlink: 25 bytes leftover after parsing attributes in process `syz.1.4190'. [ 1527.357461][T27477] netlink: 25 bytes leftover after parsing attributes in process `syz.5.4193'. [ 1527.774068][T27484] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4196'. [ 1527.819045][T27483] FAULT_INJECTION: forcing a failure. [ 1527.819045][T27483] name failslab, interval 1, probability 0, space 0, times 0 [ 1527.931721][T27483] CPU: 0 UID: 0 PID: 27483 Comm: syz.1.4197 Tainted: G L syzkaller #0 PREEMPT(full) [ 1527.931751][T27483] Tainted: [L]=SOFTLOCKUP [ 1527.931757][T27483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1527.931767][T27483] Call Trace: [ 1527.931774][T27483] [ 1527.931781][T27483] dump_stack_lvl+0x16c/0x1f0 [ 1527.931804][T27483] should_fail_ex+0x512/0x640 [ 1527.931825][T27483] ? __kmalloc_cache_node_noprof+0x62/0x830 [ 1527.931853][T27483] should_failslab+0xc2/0x120 [ 1527.931879][T27483] __kmalloc_cache_node_noprof+0x83/0x830 [ 1527.931905][T27483] ? bdi_alloc+0x44/0x170 [ 1527.931933][T27483] ? bdi_alloc+0x44/0x170 [ 1527.931954][T27483] bdi_alloc+0x44/0x170 [ 1527.931978][T27483] __alloc_disk_node+0xac/0x6b0 [ 1527.932010][T27483] __blk_alloc_disk+0xd0/0x160 [ 1527.932037][T27483] ? __pfx___blk_alloc_disk+0x10/0x10 [ 1527.932077][T27483] ? lockdep_init_map_type+0x5c/0x270 [ 1527.932096][T27483] ? __raw_spin_lock_init+0x3a/0x110 [ 1527.932118][T27483] ? __pfx_hot_add_show+0x10/0x10 [ 1527.932136][T27483] zram_add+0x164/0x6f0 [ 1527.932153][T27483] ? __pfx_zram_add+0x10/0x10 [ 1527.932184][T27483] ? find_held_lock+0x2b/0x80 [ 1527.932211][T27483] ? __pfx_hot_add_show+0x10/0x10 [ 1527.932227][T27483] ? __pfx_class_attr_show+0x10/0x10 [ 1527.932252][T27483] hot_add_show+0x21/0x80 [ 1527.932269][T27483] class_attr_show+0x72/0xa0 [ 1527.932295][T27483] sysfs_kf_seq_show+0x216/0x3e0 [ 1527.932318][T27483] seq_read_iter+0x50e/0x12d0 [ 1527.932352][T27483] kernfs_fop_read_iter+0x46c/0x610 [ 1527.932380][T27483] ? rw_verify_area+0xcf/0x6c0 [ 1527.932404][T27483] vfs_read+0x8bf/0xcf0 [ 1527.932433][T27483] ? __pfx_vfs_read+0x10/0x10 [ 1527.932471][T27483] ksys_read+0x12a/0x250 [ 1527.932495][T27483] ? __pfx_ksys_read+0x10/0x10 [ 1527.932526][T27483] do_syscall_64+0xcd/0xf80 [ 1527.932545][T27483] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1527.932575][T27483] RIP: 0033:0x7faec678f7c9 [ 1527.932590][T27483] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1527.932608][T27483] RSP: 002b:00007faec75a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1527.932626][T27483] RAX: ffffffffffffffda RBX: 00007faec69e5fa0 RCX: 00007faec678f7c9 [ 1527.932636][T27483] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 000000000000000a [ 1527.932648][T27483] RBP: 00007faec6813f91 R08: 0000000000000000 R09: 0000000000000000 [ 1527.932658][T27483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1527.932669][T27483] R13: 00007faec69e6038 R14: 00007faec69e5fa0 R15: 00007ffc7a470268 [ 1527.932693][T27483] [ 1528.350687][T27489] nbd: must specify at least one socket [ 1528.723960][T27483] zram: Error allocating disk structure for device 0 [ 1530.137557][T27522] FAULT_INJECTION: forcing a failure. [ 1530.137557][T27522] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1530.242024][T27522] CPU: 0 UID: 0 PID: 27522 Comm: syz.1.4206 Tainted: G L syzkaller #0 PREEMPT(full) [ 1530.242054][T27522] Tainted: [L]=SOFTLOCKUP [ 1530.242060][T27522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1530.242069][T27522] Call Trace: [ 1530.242076][T27522] [ 1530.242082][T27522] dump_stack_lvl+0x16c/0x1f0 [ 1530.242104][T27522] should_fail_ex+0x512/0x640 [ 1530.242129][T27522] _copy_to_iter+0x463/0x1710 [ 1530.242155][T27522] ? __pfx__copy_to_iter+0x10/0x10 [ 1530.242176][T27522] ? single_next+0xd/0x40 [ 1530.242196][T27522] ? traverse.part.0.constprop.0+0x2c5/0x650 [ 1530.242227][T27522] seq_read_iter+0x71e/0x12d0 [ 1530.242250][T27522] ? aa_file_perm+0x2ad/0x1560 [ 1530.242284][T27522] seq_read+0x3a3/0x570 [ 1530.242307][T27522] ? __pfx_seq_read+0x10/0x10 [ 1530.242335][T27522] ? get_pid_task+0xfc/0x250 [ 1530.242360][T27522] full_proxy_read+0x131/0x1a0 [ 1530.242385][T27522] ? __pfx_full_proxy_read+0x10/0x10 [ 1530.242410][T27522] vfs_read+0x1e4/0xcf0 [ 1530.242439][T27522] ? __pfx_vfs_read+0x10/0x10 [ 1530.242462][T27522] ? find_held_lock+0x2b/0x80 [ 1530.242485][T27522] ? __fget_files+0x204/0x3c0 [ 1530.242513][T27522] ? __fget_files+0x20e/0x3c0 [ 1530.242536][T27522] ? __fget_files+0x170/0x3c0 [ 1530.242565][T27522] __x64_sys_pread64+0x1eb/0x250 [ 1530.242599][T27522] ? __pfx___x64_sys_pread64+0x10/0x10 [ 1530.242632][T27522] do_syscall_64+0xcd/0xf80 [ 1530.242651][T27522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1530.242668][T27522] RIP: 0033:0x7faec678f7c9 [ 1530.242683][T27522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1530.242700][T27522] RSP: 002b:00007faec75a4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000011 [ 1530.242717][T27522] RAX: ffffffffffffffda RBX: 00007faec69e5fa0 RCX: 00007faec678f7c9 [ 1530.242728][T27522] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000007 [ 1530.242737][T27522] RBP: 00007faec75a4090 R08: 0000000000000000 R09: 0000000000000000 [ 1530.242747][T27522] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 1530.242757][T27522] R13: 00007faec69e6038 R14: 00007faec69e5fa0 R15: 00007ffc7a470268 [ 1530.242780][T27522] [ 1530.724816][T27528] netlink: 9 bytes leftover after parsing attributes in process `syz.3.4208'. [ 1531.198667][T27524] zswap: compressor not available [ 1533.669561][T27550] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4213'. [ 1533.820222][ T6660] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1535.948783][T27583] netlink: 13 bytes leftover after parsing attributes in process `syz.4.4222'. [ 1536.339363][T27589] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4224'. [ 1536.910581][T27604] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 1537.253797][T27577] kexec: Could not allocate control_code_buffer [ 1538.929085][T27631] netlink: 9 bytes leftover after parsing attributes in process `syz.5.4235'. [ 1538.949530][T27634] netlink: 13 bytes leftover after parsing attributes in process `syz.1.4237'. [ 1538.970837][T27633] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4236'. [ 1540.102976][T27644] ================================================================== [ 1540.102991][T27644] BUG: KASAN: use-after-free in fbcon_prepare_logo+0xa03/0xc70 [ 1540.103019][T27644] Read of size 256 at addr ffff88803eb663c0 by task syz.4.4240/27644 [ 1540.103034][T27644] [ 1540.103045][T27644] CPU: 0 UID: 0 PID: 27644 Comm: syz.4.4240 Tainted: G L syzkaller #0 PREEMPT(full) [ 1540.103069][T27644] Tainted: [L]=SOFTLOCKUP [ 1540.103075][T27644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1540.103085][T27644] Call Trace: [ 1540.103091][T27644] [ 1540.103098][T27644] dump_stack_lvl+0x116/0x1f0 [ 1540.103116][T27644] print_report+0xcd/0x630 [ 1540.103142][T27644] ? __virt_addr_valid+0x81/0x610 [ 1540.103168][T27644] ? __phys_addr+0xe8/0x180 [ 1540.103194][T27644] ? fbcon_prepare_logo+0xa03/0xc70 [ 1540.103213][T27644] kasan_report+0xe0/0x110 [ 1540.103239][T27644] ? fbcon_prepare_logo+0xa03/0xc70 [ 1540.103261][T27644] kasan_check_range+0x100/0x1b0 [ 1540.103279][T27644] __asan_memcpy+0x23/0x60 [ 1540.103299][T27644] fbcon_prepare_logo+0xa03/0xc70 [ 1540.103323][T27644] fbcon_init+0xda0/0x1930 [ 1540.103343][T27644] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 1540.103366][T27644] visual_init+0x320/0x620 [ 1540.103387][T27644] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 1540.103415][T27644] store_bind+0x61d/0x760 [ 1540.103439][T27644] ? sysfs_file_kobj+0xe4/0x290 [ 1540.103457][T27644] ? __pfx_store_bind+0x10/0x10 [ 1540.103480][T27644] dev_attr_store+0x58/0x80 [ 1540.103505][T27644] ? __pfx_dev_attr_store+0x10/0x10 [ 1540.103528][T27644] sysfs_kf_write+0xf2/0x150 [ 1540.103553][T27644] kernfs_fop_write_iter+0x3af/0x570 [ 1540.103580][T27644] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1540.103597][T27644] iter_file_splice_write+0xa24/0x12b0 [ 1540.103630][T27644] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1540.103658][T27644] ? __pfx_copy_splice_read+0x10/0x10 [ 1540.103687][T27644] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1540.103715][T27644] direct_splice_actor+0x192/0x6c0 [ 1540.103742][T27644] splice_direct_to_actor+0x345/0xa30 [ 1540.103768][T27644] ? __pfx_direct_splice_actor+0x10/0x10 [ 1540.103800][T27644] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1540.103828][T27644] do_splice_direct+0x174/0x240 [ 1540.103853][T27644] ? __pfx_do_splice_direct+0x10/0x10 [ 1540.103879][T27644] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1540.103905][T27644] ? rw_verify_area+0xcf/0x6c0 [ 1540.103928][T27644] do_sendfile+0xb06/0xe50 [ 1540.103953][T27644] ? __pfx_do_sendfile+0x10/0x10 [ 1540.103977][T27644] ? __x64_sys_futex+0x1e0/0x4c0 [ 1540.103997][T27644] ? __x64_sys_futex+0x1e9/0x4c0 [ 1540.104018][T27644] __x64_sys_sendfile64+0x1d8/0x220 [ 1540.104035][T27644] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1540.104055][T27644] do_syscall_64+0xcd/0xf80 [ 1540.104073][T27644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1540.104090][T27644] RIP: 0033:0x7fa8da38f7c9 [ 1540.104105][T27644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1540.104123][T27644] RSP: 002b:00007fa8db2f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1540.104140][T27644] RAX: ffffffffffffffda RBX: 00007fa8da5e5fa0 RCX: 00007fa8da38f7c9 [ 1540.104152][T27644] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000003 [ 1540.104162][T27644] RBP: 00007fa8da413f91 R08: 0000000000000000 R09: 0000000000000000 [ 1540.104173][T27644] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1540.104183][T27644] R13: 00007fa8da5e6038 R14: 00007fa8da5e5fa0 R15: 00007ffc86ecbd48 [ 1540.104199][T27644] [ 1540.104205][T27644] [ 1540.104210][T27644] The buggy address belongs to the physical page: [ 1540.104217][T27644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3eb66 [ 1540.104233][T27644] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1540.104247][T27644] page_type: f0(buddy) [ 1540.104262][T27644] raw: 00fff00000000000 ffffea0000e07608 ffffea0002094108 0000000000000000 [ 1540.104277][T27644] raw: 0000000000000000 0000000000000001 00000000f0000000 0000000000000000 [ 1540.104287][T27644] page dumped because: kasan: bad access detected [ 1540.104294][T27644] page_owner tracks the page as freed [ 1540.104300][T27644] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xcc0(GFP_KERNEL), pid 2, tgid 2 (kthreadd), ts 1336768008260, free_ts 1361389021969 [ 1540.104325][T27644] post_alloc_hook+0x1af/0x220 [ 1540.104343][T27644] get_page_from_freelist+0xd0b/0x31a0 [ 1540.104362][T27644] __alloc_frozen_pages_noprof+0x25f/0x2430 [ 1540.104382][T27644] alloc_pages_bulk_noprof+0x77a/0x1410 [ 1540.104402][T27644] __kasan_populate_vmalloc+0xfb/0x220 [ 1540.104423][T27644] alloc_vmap_area+0x98d/0x2a50 [ 1540.104446][T27644] __get_vm_area_node+0x1ca/0x330 [ 1540.104472][T27644] __vmalloc_node_range_noprof+0x247/0x16b0 [ 1540.104488][T27644] __vmalloc_node_noprof+0xad/0xf0 [ 1540.104503][T27644] copy_process+0x619/0x7430 [ 1540.104526][T27644] kernel_clone+0xfc/0x910 [ 1540.104556][T27644] kernel_thread+0xd7/0x120 [ 1540.104579][T27644] kthreadd+0x503/0x800 [ 1540.104594][T27644] ret_from_fork+0x983/0xb10 [ 1540.104610][T27644] ret_from_fork_asm+0x1a/0x30 [ 1540.104634][T27644] page last free pid 24670 tgid 24670 stack trace: [ 1540.104643][T27644] __free_frozen_pages+0x7df/0x1170 [ 1540.104659][T27644] kasan_depopulate_vmalloc_pte+0x5b/0x80 [ 1540.104680][T27644] __apply_to_page_range+0xac1/0x13f0 [ 1540.104696][T27644] __kasan_release_vmalloc+0xd1/0xe0 [ 1540.104717][T27644] purge_vmap_node+0x1ba/0xad0 [ 1540.104740][T27644] __purge_vmap_area_lazy+0x9d2/0xc00 [ 1540.104763][T27644] drain_vmap_area_work+0x27/0x40 [ 1540.104787][T27644] process_one_work+0x9ba/0x1b20 [ 1540.104804][T27644] worker_thread+0x6c8/0xf10 [ 1540.104820][T27644] kthread+0x3c5/0x780 [ 1540.104835][T27644] ret_from_fork+0x983/0xb10 [ 1540.104850][T27644] ret_from_fork_asm+0x1a/0x30 [ 1540.104874][T27644] [ 1540.104878][T27644] Memory state around the buggy address: [ 1540.104887][T27644] ffff88803eb66280: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1540.104899][T27644] ffff88803eb66300: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1540.104910][T27644] >ffff88803eb66380: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1540.104920][T27644] ^ [ 1540.104929][T27644] ffff88803eb66400: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1540.104941][T27644] ffff88803eb66480: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 1540.104950][T27644] ================================================================== [ 1540.189351][T27644] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1540.189372][T27644] CPU: 0 UID: 0 PID: 27644 Comm: syz.4.4240 Tainted: G L syzkaller #0 PREEMPT(full) [ 1540.189399][T27644] Tainted: [L]=SOFTLOCKUP [ 1540.189406][T27644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026 [ 1540.189416][T27644] Call Trace: [ 1540.189424][T27644] [ 1540.189434][T27644] dump_stack_lvl+0x3d/0x1f0 [ 1540.189455][T27644] vpanic+0x640/0x6f0 [ 1540.189477][T27644] panic+0xca/0xd0 [ 1540.189493][T27644] ? __pfx_panic+0x10/0x10 [ 1540.189510][T27644] ? fbcon_prepare_logo+0xa03/0xc70 [ 1540.189531][T27644] ? preempt_schedule_common+0x44/0xc0 [ 1540.189573][T27644] ? preempt_schedule_thunk+0x16/0x30 [ 1540.189592][T27644] ? check_panic_on_warn+0x1f/0xb0 [ 1540.189612][T27644] check_panic_on_warn+0xab/0xb0 [ 1540.189633][T27644] end_report+0x107/0x160 [ 1540.189659][T27644] kasan_report+0xee/0x110 [ 1540.189686][T27644] ? fbcon_prepare_logo+0xa03/0xc70 [ 1540.189709][T27644] kasan_check_range+0x100/0x1b0 [ 1540.189727][T27644] __asan_memcpy+0x23/0x60 [ 1540.189749][T27644] fbcon_prepare_logo+0xa03/0xc70 [ 1540.189773][T27644] fbcon_init+0xda0/0x1930 [ 1540.189793][T27644] ? __pfx_drm_fb_helper_set_par+0x10/0x10 [ 1540.189817][T27644] visual_init+0x320/0x620 [ 1540.189838][T27644] do_bind_con_driver.isra.0+0x57a/0xbf0 [ 1540.189866][T27644] store_bind+0x61d/0x760 [ 1540.189891][T27644] ? sysfs_file_kobj+0xe4/0x290 [ 1540.189909][T27644] ? __pfx_store_bind+0x10/0x10 [ 1540.189933][T27644] dev_attr_store+0x58/0x80 [ 1540.189958][T27644] ? __pfx_dev_attr_store+0x10/0x10 [ 1540.189983][T27644] sysfs_kf_write+0xf2/0x150 [ 1540.190001][T27644] kernfs_fop_write_iter+0x3af/0x570 [ 1540.190027][T27644] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1540.190045][T27644] iter_file_splice_write+0xa24/0x12b0 [ 1540.190077][T27644] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1540.190106][T27644] ? __pfx_copy_splice_read+0x10/0x10 [ 1540.190136][T27644] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1540.190163][T27644] direct_splice_actor+0x192/0x6c0 [ 1540.190190][T27644] splice_direct_to_actor+0x345/0xa30 [ 1540.190217][T27644] ? __pfx_direct_splice_actor+0x10/0x10 [ 1540.190245][T27644] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1540.190273][T27644] do_splice_direct+0x174/0x240 [ 1540.190299][T27644] ? __pfx_do_splice_direct+0x10/0x10 [ 1540.190325][T27644] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1540.190351][T27644] ? rw_verify_area+0xcf/0x6c0 [ 1540.190374][T27644] do_sendfile+0xb06/0xe50 [ 1540.190404][T27644] ? __pfx_do_sendfile+0x10/0x10 [ 1540.190429][T27644] ? __x64_sys_futex+0x1e0/0x4c0 [ 1540.190449][T27644] ? __x64_sys_futex+0x1e9/0x4c0 [ 1540.190470][T27644] __x64_sys_sendfile64+0x1d8/0x220 [ 1540.190487][T27644] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1540.190508][T27644] do_syscall_64+0xcd/0xf80 [ 1540.190525][T27644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1540.190543][T27644] RIP: 0033:0x7fa8da38f7c9 [ 1540.190563][T27644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1540.190581][T27644] RSP: 002b:00007fa8db2f0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1540.190599][T27644] RAX: ffffffffffffffda RBX: 00007fa8da5e5fa0 RCX: 00007fa8da38f7c9 [ 1540.190611][T27644] RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000003 [ 1540.190621][T27644] RBP: 00007fa8da413f91 R08: 0000000000000000 R09: 0000000000000000 [ 1540.190632][T27644] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1540.190643][T27644] R13: 00007fa8da5e6038 R14: 00007fa8da5e5fa0 R15: 00007ffc86ecbd48 [ 1540.190659][T27644] [ 1540.190726][T27644] Kernel Offset: disabled