last executing test programs: 7m0.120909202s ago: executing program 1 (id=262): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYBLOB='(\x00\x00\b', @ANYRES16=0x0, @ANYBLOB="1b0026bd7000fddbdf250300000004000800100003800c000a"], 0x28}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0003d7007000fedb0080060020800400000099b8775a6aec955510c50dd0253335eac72950f0c85614fb3eb33ee3b7ff221d6694d2a07495c8d918b62d9c38da5bb72025ebb18ab5413cd296e003c44f2396a62cf4b787819266c5cba52d0403"], 0x1c}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB=' \x00\''], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x7, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) 7m0.055845436s ago: executing program 1 (id=263): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0x11, 0x80000, 0x20102) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0xa) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) add_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000001c80)='\\\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffc) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0x1000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x4a42, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r1, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000080)="f431412ea2ffbb8d79d83a743ab87c098659cf6f30e6061cc6a664bfadf097e3d637f06ec1fdeab5b28719d69f986621e7f0e7a05fd75381ce69fb7562f46f3a8d8e9afdd0e88cc133b11296bccf991031e8d9c33af9940b73da27d7f91324464d3ab28225b26d2224fb852d261327c397cd1c9c7d6b73048c706524ac40fb4ad6eef870ae02ed2f78175b6d8906641a859210dd4f09") close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x10000, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket(0x11, 0x80003, 0x300) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) r5 = fcntl$getown(r4, 0x9) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000140)={{@inferred, 0x0, 0x4, 0x8, "3112d585005a616119e230f9ffb683dbedecd0bf828bbfba40f035f4be6b7fe5e2f94bd90484b07530cf08a8", @inferred=r5}, 0x200003, 0x5, 0x10004, @inferred, @enumerated={0x4000, 0x7ff, "c832bcbae48ab01ec23457b7fd2dd3547c4e2eeba79edd0d1599ded9cbfaf517162fbe6a6f50f1aaa18fb20cabb4f176263bb0e781e3d0a2f992e8fcdcec86d9", 0x400}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd73340238d212b6debe0ada55bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) io_uring_setup$auto(0x8, 0x0) setsockopt$auto(r3, 0x107, 0x14, 0x0, 0x4) 6m58.814578633s ago: executing program 1 (id=267): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/ram8/queue/max_integrity_segments\x00', 0x8080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000018c0)=""/189, 0xbd) (fail_nth: 3) 6m58.003818644s ago: executing program 1 (id=271): mmap$auto(0x2, 0x400008, 0xdf, 0x9b72, 0x2, 0x10000000008000) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r1 = openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000000), 0x102, 0x0) ioctl$auto_USB_RAW_IOCTL_EP_ENABLE(r1, 0x40095505, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) msgctl$auto_IPC_STAT(0x0, 0x2, 0x0) getsockopt$auto_SO_NETNS_COOKIE(r0, 0x5, 0x47, &(0x7f0000000040)='\x00', &(0x7f0000000080)=0x3) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/tracing/per_cpu/cpu0/trace\x00', 0x1, 0x0) pread64$auto(0xffffffffffffffff, 0x0, 0x200000000003, 0x2f4a3a23) r2 = ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv6/conf/ip6_vti0/stable_secret\x00', 0x2, 0x0) writev$auto(r2, &(0x7f0000000300)={&(0x7f0000000100)="c5844d15f621fc895cd1f5ffc46ecbd4979fc2cdc5ee9b44a99ff47b396e8ece444c77f1dd7be01052055c3ad803631db3fb11961fa6fcb010c959ec2131738555cf7eecda1e4fab7170b16ec4428c0377a09d0e333a7bcb3cfeae5b0d41a9c60c7544ee8ad3b0033e9b1adb064e0466c50fe8e3ac52ffbcd8e27fbbf019a6c92557e069ee640522fc4e3d6b095ed53cb0319e03485608b8a9c4604b89af3419dd67e0e7284f5e3e360a528cbd", 0x100000000200}, 0x4) 6m57.002963578s ago: executing program 1 (id=276): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x20342, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_TDR_ACT(0xffffffffffffffff, 0x0, 0x800) timer_create$auto(0x9, 0x0, 0x0) read$auto(0x3, 0x0, 0x8080) socket(0xa, 0x1, 0x100) write$auto(0x3, 0x0, 0xffd8) unshare$auto(0x40000080) process_mrelease$auto(0xffffffffffffffff, 0xa) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r0, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x60042, 0x0) add_key$auto_KEY_SPEC_USER_KEYRING(&(0x7f0000001c80)='\\\x00', 0x0, 0x0, 0xfeffff, 0xfffffffffffffffc) mkdir$auto(&(0x7f0000000100)='./file0\x00', 0xff) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x4a42, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) mmap$auto(0x1000000000, 0x100000400008, 0x1000000000000df, 0x4000009b73, r1, 0x8000) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000100)) ioctl$auto_SG_GET_SG_TABLESIZE(r1, 0x227f, &(0x7f0000000080)="7c942222f5f6077116421dc66d7e4c3525c062d1e7eb0c88c1c1f7b78c71b8bb8323a2aff67cbe54b60e54aea10067b46a752f302a612481d773bd813207f96a3533ccd2e424ff7c2bf0cb6b03c962338f57e1957d9bf83ad3453d293822130d513aa84f08c29079d2141ff244c49e2ed4d8") openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/admmidi2\x00', 0x40080, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0xd3e, 0x20, 0x9687, 0x100000000000003, 0x3c2a19d5, 0x6, 0x3, 0x62, 0x8, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x3, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 6m55.003201623s ago: executing program 1 (id=282): connect$auto(0xffffffffffffffff, &(0x7f00000000c0)=@tipc=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x1, 0x2}}, 0x4) (async) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x8009b72, 0x2, 0x9000) (async) close_range$auto(0x0, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) socket(0x2, 0x5, 0x0) (async) r0 = socket(0xa, 0x3, 0xff) (async) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmsg$auto_NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00@'], 0x1044}, 0x1, 0x0, 0x0, 0x4001}, 0x8000) (async, rerun: 32) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (rerun: 32) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x406a) (async, rerun: 64) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) (async, rerun: 64) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0x8) (async, rerun: 64) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async, rerun: 64) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0xffffffffffffffff, 0x7, r2) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000700), 0xffffffffffffffff) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp6\x00', 0x0, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_VPORT_CMD_SET(r3, 0x0, 0x40014) (async) write$auto(0xffffffffffffffff, 0x0, 0x400) (async, rerun: 32) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) (async, rerun: 32) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) 6m39.632640847s ago: executing program 32 (id=282): connect$auto(0xffffffffffffffff, &(0x7f00000000c0)=@tipc=@nameseq={0x1e, 0x1, 0x1, {0x40, 0x1, 0x2}}, 0x4) (async) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x8009b72, 0x2, 0x9000) (async) close_range$auto(0x0, 0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) close_range$auto(0x2, 0x8, 0x0) (async) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) (async) socket(0x2, 0x5, 0x0) (async) r0 = socket(0xa, 0x3, 0xff) (async) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x55) sendmsg$auto_NL80211_CMD_UPDATE_CONNECT_PARAMS(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[@ANYBLOB='\x00\x00@'], 0x1044}, 0x1, 0x0, 0x0, 0x4001}, 0x8000) (async, rerun: 32) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) (rerun: 32) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x406a) (async, rerun: 64) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) (async, rerun: 64) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0x8) (async, rerun: 64) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) (async, rerun: 64) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0xffffffffffffffff, 0x7, r2) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000700), 0xffffffffffffffff) (async) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/igmp6\x00', 0x0, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_VPORT_CMD_SET(r3, 0x0, 0x40014) (async) write$auto(0xffffffffffffffff, 0x0, 0x400) (async, rerun: 32) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) (async, rerun: 32) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) 6.141366662s ago: executing program 4 (id=2068): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) close_range$auto(r0, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r1 = socket(0x2, 0x2, 0x1) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_4={0x1f, r1, 0x1}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) unshare$auto(0x40000080) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp1\x00', 0x0, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r2, 0xc004500a, &(0x7f0000000000)) mmap$auto(0x0, 0x2020008, 0x1000000000000007, 0xeb1, 0x0, 0x1008000) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x801, 0x84) io_uring_setup$auto(0x4, 0x0) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) socketpair$auto(0x1e, 0x5, 0x80000, 0x0) io_uring_enter$auto(0x3, 0x0, 0x1, 0x3, 0x0, 0x2) io_uring_enter$auto(0x3, 0x3, 0x7, 0x5, 0x0, 0x7) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) open(&(0x7f0000000080)='./file0\x00', 0x22ac2, 0x5d745cb200ae4d7b) mount$auto(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)='afs\x00', 0x5, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) read$auto(0x3, 0x0, 0x7fffffff) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) pread64$auto(0xffffffffffffffff, 0x0, 0x40000000f42c, 0x80002) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000200bd7000fedbdf2502"], 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4) 5.243336801s ago: executing program 2 (id=2073): mmap$auto(0x2, 0x4020009, 0x9d, 0xeb1, 0x401, 0x8200) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x200000000008000) socket(0x2, 0x3, 0x6) r0 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) fanotify_init$auto(0x8, 0x1) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0x200, 0x4, 0x948b, 0x7, 0x20000003, 0x1, 0x3, 0x5, 0x5, 0xa, 0x6, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x880, 0x0, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x2000062, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) write$auto(0x1, 0x0, 0x80000000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/oom_adj\x00', 0x408040, 0x0) r2 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r2, 0x0) ioctl$auto(0xffffffffffffffff, 0x921064a2, 0x20000000020000a) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/132, 0x84) socket$nl_generic(0x10, 0x3, 0x10) 4.967704597s ago: executing program 4 (id=2074): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) unshare$auto(0x40000080) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x22a02, 0x0) write$auto(r1, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) close_range$auto(0x2, 0x8, 0x0) userfaultfd$auto(0x1) unshare$auto(0x40000080) unshare$auto(0x40000080) mmap$auto(0x0, 0x800000000e985, 0x5, 0xeb1, r0, 0x8000) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_11={0x2, 0x6, 0x6, 0x7, 0x1bb080, 0x97, 0xff, r2}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r2], 0xd4}, 0x1, 0x0, 0x0, 0x40050}, 0x20008000) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x7, &(0x7f0000000180)={@siginfo_0_0={0x0, 0x9c2a, 0xffffffff, @_sigsys={0x0, 0x5d35, 0x6}}}) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x8040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x10, 0x2, 0x3) getsockopt$auto(0xffffffffffffffff, 0x6, 0x7, &(0x7f0000000080)=':}\'*,\x00', &(0x7f00000000c0)=0xffffff89) mmap$auto(0x0, 0x400005, 0xdf, 0x18, 0x2, 0x8000) memfd_create$auto(0x0, 0xe) r3 = socket(0x8, 0x3, 0x0) getsockopt$auto(r3, 0x0, 0x80, 0x0, 0x0) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) 3.995273549s ago: executing program 2 (id=2080): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) sendmsg$auto_NL80211_CMD_DEL_MPATH(r0, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400c2c2", @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf2518000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) ioctl$auto(r0, 0x8922, 0x24) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0) pread64$auto(r2, 0x0, 0x0, 0x9) read$auto_mon_fops_text_t_mon_text(r2, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001a40), 0xffffffffffffffff) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x1dfbdb30) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/2t\x00', 0xb00, 0x0) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x408) getdents$auto(r4, &(0x7f00000004c0)={0x100, 0x7fffffffffffffff, 0x4}, 0x62d4) r5 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg1\x00', 0x646502, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram14\x00', 0x44ee02, 0x0) fsconfig$auto_HIDEPID_NO_ACCESS(r5, 0x6, &(0x7f0000000280)='/dev/snd/midiC2D0\x00', &(0x7f00000002c0)="e74d92f191b485eaf56ee335d933ef7cbd3dbf36456cd078243f1b6e5160a9031e1c8af79af3cbea78a1ff5ba6afae2a91b9d2df1482c6432d26fb20f6ec7137643c7ffdfa3a94019487165a574501a05f40ac9d574a1b8f9d67febe6f6913071e923fbaa138e157790feedaf9c0e90db128174544136ea20dc18d2f1bba543dafdaa7cd7ac8d94f7427870702d4654f3002c9d38a015f34edd563d6f16fde3ef35831ac801174487a", 0x1) 2.728567101s ago: executing program 4 (id=2084): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x129800, 0x0) ioctl$auto(r0, 0x9210642d, 0xc5) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/pid\x00') ioctl$auto(r1, 0x8004b70a, 0x1) 2.643283458s ago: executing program 0 (id=2085): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x8200, 0x6, 0x0, 0xc, 0xe3, 0x4e, 0x3}, 0x6f4) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) write$auto(0xffffffffffffffff, &(0x7f0000000180)='7k\x00\x00\x00\x00X\xb9\x0e\x11\xfb\x00\x00\x00\x00&!\x8f-\xfb\xea=\xc0\\\xec\xe7D\xe5V\xf1b\xa0\x9a\xa1\x88\xb4\x96\xf5\\\xad4\t\xca\x03\xe4\x15\v]\x00'/58, 0x82) socket(0x11, 0x80003, 0x300) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="020026bd7000fedbdf25030000000810030003020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a00010000000000000000000600070001000000060007000600000008000300"], 0x68}, 0x1, 0x0, 0x0, 0x44014}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.506576143s ago: executing program 2 (id=2086): statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x5, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7ff, 0x89, 0x26, 0x4, 0x200000000001, 0x384, 0xfffffffffffffffa, 0x8, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000000, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9]}, 0x9, 0xd) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0x8000, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) bpf$auto(0x6, 0x0, 0xc3c1) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) read$auto(r2, &(0x7f0000000380)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\x03\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xcf\xee\xd8%:bXj\xd5[UG\x8a\x8ab\x9a\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4\x95\xa3\xe1\x1f\xf7uw\a\xd0\x83{_>\x00\xff\xbb<\xccPV\xe5\xf2y\xcc\x15R\x9f\x90[\x89!\xc5\xd7I\xff\x91\xd1\x85$\xb1s-\xa6\x86$\x91\xd6:\xe27:;\x94\xd9\xe1\x86\xa6R\xff,\xb0\xf2\xc3\x11\x9d\xd9u\xfc\x85.\xce@LpA\xeb\xc5\xf0\xed\xe7\x03\xfb{?~R7,\xbbU$\x82h\xfc\xe3B \x86o\x1f\xe1^\xac\xa2Y.\xb3Je\xba;y\xba\xb4\xf4i\xfb+\x97`=\x9f6\xae0\xbdt\xaa}\xfa\x9b\x85{\x02\xad=\xc4x\xbd\x05\x80\xe4S\xca\xbb_\x9a\xda|\xee\xff77\x8e\xd4\xb8\xf450\x02\xd3\xdf_\x12I\x9a\x95\xeb\xfc\xb5\xc3\x11\xd2LY\xe1\xb08\x85\x7f\xff\xc6-\x1d\xd7Z\xcak\n\x10\xbf\xb7t\x1c\nK+\xbb\x04\x01\f0\x8f\x9f\x89\xaa\xd9\xfb\x88\xebH/k\x93Q\xc4\xda?\x0e\xcd\xd2 \x9d@\xb5\x97\x95O\xf8\x8cYx\xcd\xc9I\xbf5o\xe7(W\xba\xc1\xd3\xf3\xa9\xe0f\x03\xb9ijN\xf6U\xdb\xbb3\xc7%f,\xf6\x9c\x1c\xb4\xddMd\x91\x97\xe0\xe1\xe5\xf8\xa7\x8d0\xfe\x80I\xb2\xe2\x1e\x9a\xf5\xd9M\xdf\x02\x80\x1e\xe3\x1e\xb1\xf0\x1c\x11\xa2H\xdb\x8f\xff\'\x99\xf4C\x1e;\x81_\x1d\xf9\xcf7_\xca\t\xfe\xd55\x88d\xf8\b\xcc\xd35\xa8#\x18\xa2t\x92(\xd3\x1akF6\xf6\x1f/Z2\x80\xea]\x85\xebT:K=X\x19\xd3\x94\xdbI\xe9\x1f\xc0q,\x8b\xdd\x9fX\xfbp|\x92t\x8e7\x96R\xec\x80<\x0e3\xd5\xf9\x1fl\x9d\x0e\xc1\xf8c\x8ef\xbaD\x18b', 0x100000001) waitid$auto_P_ALL(0x0, 0x2, 0x0, 0x9, &(0x7f0000000b40)={{0x3d, 0x6}, {0xfffffffffffff4c5, 0x2}, 0x408, 0x8, 0x400, 0xdd0, 0x7, 0x5, 0x0, 0x1000000000000003, 0x9, 0x80000007, 0x100000000000, 0x96bd, 0x7ff, 0xbf0}) write$auto(r2, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) mlockall$auto(0x7) migrate_pages$auto(0x0, 0xa, &(0x7f0000000000)=0x5, &(0x7f0000000140)=0x2) ioctl$auto(0x3, 0xae60, 0x10000000000402) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/transparent_hugepage/hugepages-2048kB/shmem_enabled\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000000040)=""/44, 0x2c) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4400ae8f, &(0x7f00000000c0)={0xdd}) 2.498521691s ago: executing program 4 (id=2087): close_range$auto(0x2, 0x8, 0x0) getpid() mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) socket(0xa, 0x801, 0x84) r0 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000165c0)={0x0, 0x0, &(0x7f0000016580)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c349813d3eed18775d2c31760", @ANYRES16=r0, @ANYBLOB="79a327bd7000fbdbdf252000000005000f0050000000"], 0x1c}, 0x1, 0x0, 0x0, 0x2404c000}, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0x1000e6e) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/softnet_stat\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r2, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100000000000000000008000200", @ANYRES32=r2, @ANYBLOB="060006ff05000000080003009b"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.09057869s ago: executing program 0 (id=2090): mmap$auto(0x2, 0x4020009, 0x9d, 0xeb1, 0x401, 0x8200) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) socket(0x2, 0x3, 0xa) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) fanotify_init$auto(0x8, 0x1) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0x200, 0x4, 0x948b, 0x7, 0x20000003, 0x1, 0x3, 0x5, 0x5, 0xa, 0x6, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x880, 0x0, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x2000062, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) write$auto(0x1, 0x0, 0x80000000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/oom_adj\x00', 0x408040, 0x0) r2 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r2, 0x0) ioctl$auto(0xffffffffffffffff, 0x921064a2, 0x20000000020000a) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/132, 0x84) socket$nl_generic(0x10, 0x3, 0x10) 1.862798665s ago: executing program 2 (id=2092): mmap$auto(0x2, 0x4020009, 0x9d, 0xeb1, 0x401, 0x8200) r0 = syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x200000000008000) close_range$auto(0x2, 0x8, 0x0) r1 = socket(0x2, 0x3, 0x6) r2 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r2, 0x0) r3 = open(0x0, 0x22240, 0x55) fanotify_init$auto(0x8, 0x1) r4 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) statx$auto(r3, &(0x7f0000000080)='./file0\x00', 0x8d9f, 0x2, &(0x7f00000000c0)={0xdd8, 0x2, 0xef14, 0x9, 0x0, 0xffffffffffffffff, 0x5, 0x6, 0x80000000, 0x401, 0x0, 0x1, {0xd, 0x4}, {0x0, 0x3ff}, {0x6, 0x2}, {0x8, 0x1}, 0x9cd, 0x4, 0x5, 0x3, 0x4, 0x8180, 0x5, 0x0, 0x200, 0x3, 0x401, 0xffffffff, [0x1, 0x5, 0x12, 0x8, 0x5, 0x3, 0x2, 0x8000000000000000]}) r6 = openat$auto_rfcomm_sock_debugfs_fops_(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_XFS_IOC_FREESP(r3, 0x4030580b, &(0x7f0000000200)={0x9, 0x5, 0x2, 0x8, 0x0, r0}) r8 = wait4$auto(r0, &(0x7f0000000240)=0x647, 0xf75a, &(0x7f0000000340)={{0x8, 0x3}, {0x6}, 0x1, 0x0, 0xb312, 0x2, 0x2, 0x8, 0x7, 0x5, 0x7, 0x6, 0xb74, 0x0, 0x904, 0x7}) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000002a80)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000002b40)=ANY=[@ANYBLOB='<&\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fbdbdf2503000000990505807901108004009e8004000a809be5224cc0575a215eacd0ad973b20dafd6d6b1cfb38513120f1936c90d8a8f45f9d9a8567ad97dd09110426f82d7859e2ce8b67fbd664d31b1cbc25beb81dba3c0a1f6c3a5b459e3093c8d2740c2a7aea15757be275cc163bbfeacef69a994333d12fddf8b63e171b73a14eaec1633be6aeca08727f97d5eba721d61db6c8d554e244a82ad1b9d2fbc24a0dfdbc4868fe010a04f46803633027ef38d64db3bf59250988142cf3253231d3d1e114269c9099795eb188c1a1ba1ce0ea52f5f0d77f7240ca70b9f79dda04409c9c8c6e391373cb965e31433784a9ac43a282ce946cf8d74d3e2070ce6371de7af714003d00ff02000000000000000000000000000104002b800400388004008f000700d7005d2d0000ed121217db312bdd3d0970f393b81dd9e7be5e339ebaad2b5db9038b3b2c30265ec1cd075e9b5d92eb7abd04cc91acf5707d9f83b94d7f1bda8f798e32b23717b82ba802dd22e7be4adc1a87182cb95ec81bdc6dd7bd1a380000000400150014003d00fe8000000000000000000000000000aadd0d403d5b126ff09a5c1c3b9ccdb0185d52baa9dd391870f29afc97060533cd3e7de3a54b150e22dcce1050d8f46de326d73bd149e22cd0190364b93e5392182bec5ebe17ab8cbc53476d0dc98da81d8f1c61adcf95b466f32a28ae1ee546ff19e70ed940593fa661a88194ac71d3552d5fee0bfc01080dde49ea39321f4ad7ca812f75b4b30cb2aa7331227a3ca0e3f02eeb383bd8c83ee5c48c4d333d8fc382641c83a47a359ac743dc504b938651840b927b9f9abc378f58e6daff05e2de1661100c1392f5747b7729fef5df491420ca30cefa0a9b40a019688282ee908c7ae5d7012b90dad5747597ae4bbdb765a515d508c51cde1cb96203b9d62019ca5eb0e20932dd1c440cb88973db231b255cb1fd601db1fd9703e966d62297f428a651ff0f3626ba6f517a4bad5d9ef850de6796220bde24360f51e3f9614b2a3a6cf8391a021eccc3bedf48dba6451f117c6ed07ae3fda642ec5aa550be1bcab080075be302a7215eb0b6b81085e9de81f5dc32d0e2950878b0c215b50bd9d70c32ad7ecf9d79d62038785290183b3c60aa6cd20e70df8395970280bb3209952901767b0ca3d7a2f4a373e66d8c7ab1b15f7b2a05ac4625ca585fd8b9480515b830f8926ff8a19c7f53ffa7de7cce690ea09a5469043d28cafefa0b37362633e20cff26e8d949100dfb3aa0c8774ad81876bbd9bb388f7800d3da7ce41527721d34a422aeca977766cf4a82158a48fd339c56b1f8f6d48546bb25123ad45105b3da83047048741e707e03dbf6bc4482bfd7cd515f25e7938bad1f2475000900c44d448e45156e1b32a7337c9e03f6b31c53c2b5b8b4855c6da35edb17caedb580cb565b49ad60fa9c55e32072a2577b08ac542bef349cb5d0feeca3d2aa4321ba89755bd79a508655bc03dc4bb0e389dbcc69386364b04e30e6c91cfdb4401b3a6d2bb2271fe169019e4a90f5a1a3bac100000046ccd4f157c123ac9959608aaeca332de7a7f420b53100a04d418bd6b1734a7fa9fefddec353a60613786f4b443b9aef2864126c1de5c865cd9dd65e4039ca634adc675cbcf0f074837b6bc94c6661cd6921baeebcce605a3d227d5166d42d612bec580a472e4c26736efd843b9a6e265b9e81d3aee51e441161dca0f36d946870a21c83eb67a726d49a7e42d76ad68ab790331e7ec2b4c967d3c7061baf5fe0cccb15b16559ba48026ba5c79dd8d4d9e20e6a037c8d1462f19ee7a279f33ed5064b9b6519472d12a8f5535ab1cae8847b1d6620f781f6e052729e82d7a701d5bd7f8ed605fa1873a26923a80f7e8376413d1b6308004d00ac1414bbebd8a34bdb206e9faccde0de254dcacd8a920541a1d1114cc37f3e07beb326ce34019d192462c34e030362bae55ea84a966117e6960d074dc4f7ccf8be8e14e299f16b3c6f9179d127a657defc8dc7d7e7f6000000a5030480a9d37edaebe64f3e59fbd9a2d0500db3a92f94faf9a49b9751649c38fc7f47d208002800", @ANYRES32=r5, @ANYBLOB="8e01058004004c8004001c80040084803039a65b2115e7b87d21b80d6d196a3723fbafa1de2fa16b7dfff0d581d446e0543dc6201a0dedfb5bd56f47acbb702aa5c50fbeb2b002d339bd5a9d360cf5dad9917aed787e586b4f6194f416af54cfac6f973b6ca5d2db27cce2e81d1618642f52f43636bdc9b2359ee6ee4de818838f63cbcbffac92cce209bebd16b83019bf07ec04003a800400f080d185229ac88b89f2baf49c8f9d19aa29f68fae04e5681d96153fceae4817a64aa39380b65b0ae22788874d68f730040cfa12717dbb701a00d531c82d7fb80e9a5ac604ee6dc31e8409b0fd4bfe5647fd474107d5bd54ae628942d8da35412fe62fb99874de376407770b27de52d7b7fdd57c76e17c5e79cdf44ea1e53e0bd827f536e758ffb9757cf78943ae80af1e272f85d07a78e278a6a16259178d34ce0023fec83b8e45f89c53322d8a8c95094570a457c84bbafdb946c788ca0400df8004002080b6e16f7de897aa78c6ddc9cdaf936f9881eb39dbda6652e8b6de2347c789eb9bbf120029cbffcbb8f3a93b547723f400001400c000fc0100000000000000000000000000001d8a0cdb2aa57ee6434aaf1f58a6537ccf18c5f6aa5247504d37d380b899c6cb7987bdd7246219323ecec1a048f51566cc152e1d899560ecdbaafcef3e9873b10a9990e8ef827bbc2b2cb3de059808a2e88fb4c6c2b67e627410347163ac157ff367015380c100b900d57775e6a901177e3997f31b3c7bd05cf88ec7c3852470754ad64fa66bc90a83fa66ae2a809432b8b2dd9b328c892d8a49ce4c7bf3a31468dd6f8218ce724881d80cb595f1f0ccada5186e747091e675812eaf736d7c018a8ad592054e3525768920bd155e91aaec8cdc398ba5117b5953bd63c52c3a0078a7236b1a19879d5104ccf3a01d3a376965b0673ea7cdeee14d50913f24718bb96de92826ff04785ac443280d490e16afcbeb7335858dd5dbafda6c07573a81d2d29aaf0c240000000400bf8050b85120eade969f997fdcb11eda00283fecd5eb9953406b818d4eb0afed8b23347c1ec06089fc9882da5bdd198cedb7920525cc8578c83b8c3e014e8234b7a87dab423b946ab2b215ca37ed3a1884bcd732b6e276250e67485080187e8c9a82a3f7d89e1332f79f599605b452306106a46cc62dc649e8f2b54d1b7b5b40c3a930dad8c62a12e979105c26c78d9c9f17b6f0f910281a0fde5ba117000c0018800400168004005980000000e21408806b5c21084f9c79d6b06c80472094ee73501762ee04c8d228ed34dbaaf983eaf0151dd32913a8d59d649a762c1958634cd19d52a2b55f919ff7c9dc78a8871fd1ab0512b506e7d5d37dc7239d3f6246c00f6f3ecfa9e7dc53e46abb2ee4035fc428e0ca7fc7b282cd87c46f0e975c7d501ba02756a049c5dcf51e580b533969848254671b9862d531120b2e163f67a2f1ad3de8f8d4a96cac5aae730ea2d9ec6ce05922000d41614559753b13246708006900ffffffff28006180040015800800f500ac1e0101100002002f6465762f617564696f310008003500ffffffffa6124b800400bc8008006900", @ANYRES32=r1, @ANYBLOB="3e5b49ab493a3ba46f77cc4fa9793a8f02295ac85fa3661ad10a703db76c2a53b0966beb6afab3dff0100024002f6465762f617564696f310038953dd32141a0960d78053dfab22baf9b16500d9c8e32a8f3cbc748182f4feacaac4b93c81d9909cbcbe26b475958bb4c538ab933b38e8233f50dadde0121cd5f5bc2f9fde958814547c74e0e5b79ba9008108c3076dd631ad6c510bce9435fe2c41095afe4ee96cd5bb6e80a9a37759a44e991e5362bc1e2e42922de3f32e9958a5a87c4442ec6272ee3a4b4d2d5a9496f4b10adb5ec07f27374deea3e007a68647b5fd3a30dc5cf354929fa74229b6141cf89f713b01d9d9da9f87c8d676c30b1ec02f41589fafea27dc091534424235816f072af62fbecfe7be5903d927a90ef6225c8d228de1768a3144d40620d9a7093800c2e1f35e8638d5ce1a31b9356fcca7990a45628dcfc3d6ccb0c269a06a54a2fd472b7728928eac84983c42af8e23af3cc1e1fe51fab6401ec3d6d62aa25681563e644736a8a19045ecd025a718f063055a5d03470f39e11910c2e04a9d550cdc33d732ccaaed2845a8510cfc30ffefda2d2286d228d0d04e4863964595a8bd90deed8aef0518e1c8bdcb5dd4c67164837f0f92391c4d0ed6fd28e5f04f4719edc3a35d1bc9120b32fcc4a7d8c71f20e62430597db47ee43acff105ccd4944a3e304ef05734d6a95ebb04d5f54e2c077d9b683dc4705505148bd916fd92cc131bbb2abd68483ccafb14fc86e3618876a4fb595addf577430f7db3b5f7a31ee0494e43d2c71f3479cdba9dffbac4990e00617e244ce83b95336b234b5c968f7ceda70931a4afb75864fe9be4ac3450093db1dadf316f99fb717f2fdffb9fb0b94bb2cc286fff0b6d53ea4a997b65bbbd400cde0f7535b109b17a287844e3ab32a3f5deedeff8ba74949274a0126eb76e7da3c43b1267cda821f70d51e6c5141a6f16d99708651dcf8cf91d1cd2d77f495a5d9d143f549a94a69df676f10fff5987c2dfea60292e69e4ccb94885ced4cf3e3240184df180bda4438dcd6ae034e562938081553c48b4d26710fa50cb138da703fbbd7100d84df2f309adf448b0e815abde0a5bb873739e7d31819341d5a8858e9954f8a575975f8219bd81beb058f5cc32973981d58ef995b579b321d3eb4d3ca499122ba1c4110fd45403c7cd288f3b6357fe1777c35e19e1e6567b66bece4636b91bcc8bc06d9940de1a3d93573423d1899f292de2ff5aa6d8dee1c20d467e40ad9eea2050315a1b243084adcc7022003c85ae1b7f23e3336de8119b443cf9585cada3cf8725570c150a7711b4a5992aeccd911452306e49ace01a7450dc51152b91ceb52c9353cf37cf2968c577be94c3cce0e4e07186b39d8ff17304b3e4c626e9aa1a477aa7bcf3e5eadba10305750cb33b19c65605407a0e5ac01f12851a62ba261c96fd35fd66900988b45c949edab289f2a10bce50ee6465ad3457153e1716a8c74a70b76321c0da5bb37c28eba52e0aa0b8841429e28490efa67d2615a05bb866104eea9b825e576c022b8c2cfbdde8c4f08f15e5c9923fdf3ab3e77937d8431c9c4f3720df79128e7269e8f3af01488776e56a20244fa2a448528d8ebf8f066c2d60b3109e8bfdd20b5b9a4117bcc363ee0adf49c5e8d982ae2dfe464d14c1435eea473e9004778e78fb462afcfc650c3475c13bb8496a704f6680786c4c578c95c1603e454c90d3c003a879751aad2c0906edfd4aad7ae6a8d245ce0a097dfaa65aa9ff08812b24170a82c2a61f941eaed9ef47df62ad494954c740877480d33bcd6357374f22653f25ec2c22d7c7f599801a52c03e0f42d301e9b8de3f4d2e993ef23541ee63bf350736ffae404502ac172a0fe8e0959999f5bc413996bec854fc01e194c2b9864239fdb77aeca46d48775fe4fc4d61d513162739adfca636b7f398b3da024317e4d691f1c4f04bb6bb0970c8b4214ecb13f1034dec4486efe708ff17a1e2fffbaa048524b831548555c3263cc3c05fe92f47f03363335e9784eddf235d9da5f201e9815634649c84a168dc3d850b6b364cbf31ff46c9883579cdc6af55e5ecc1b473480a07857a4a7be078491d370eae2a3e5446086f3afd6d6322022dcf4b3766dae27243b824fd1e899e07e71a1c7f511062df7059ef1b4405e5f452467451fee28fa41e1888d3139a07003741b37341904b17cde18cf488ed5f5211f996d4ba9196bd75cf242da01fe29fb54351686319cd5de9485a9c8d53c42df5c3cc469c9f6ab8f464b0751e5a4c8bffef92c898d7446071a0f93b6a8e74b674f5c62631a7a4f1fc27ef4732864477283fbf877f0a14a9187db78637726ca2898e8d02374cecb87bf6e53f740b32d1ac42c29668d02a3570609764d4406ea88b2b2c6204ab74fc015c084f16aad3a8b58d6ce0b5f952c92e878138d3d899bbb6a799dd9035a2d0f08f510f1ae3fdeaeef89a252431f1f7991de1a7bb2ef116c51b091a09b48f6bf2dbd329084cbce7fb0751e95565112f9704fb73e765c82e0c5e98956aa74b6fdbe566139105419e3dccc6c3c87f5aebf075a52ea483d85c4cd8258386ea09c0226b1d960b66ea99ff9cd04fb7005fa0c6f3b9ca884a1efb10e0677862f5ec736d7d6709766c9b9390930d05ab63eff22d8547fc3271a173db1254c1fe84f37738399682cb74d144f48448a9282b5073314956788634bb96658bfee48ea609c2e96d8053ad618255932f2816f7e38e165f2abf4a2b85fcc7a455d904c06687951224ddefec34255af5fcf04f782be512e8b782c032bf6eadbb08a541b747eb17b97a3e3c3244a14ddd0562bddea3739f15777f48080a0b9fddeee43429b956ba38eda3476ad16bc4d724f4285209e7e2af51635816d7600a75a0f953d2e6bb559433999cdcb3a34d397784e5449c968229541adfe157a497842a8e7b47108962617ac0110f1cdcf5835b864fb1db30122f6d588b092d7918694ad4471a99829358ebe0d8542641f6052d5fc888c5c55cdd4c98ab0f5c60fdea04f4fbe82b17fe1ab6686b864981e8c59e85a652399cc168c53e2f701ad6f34e9b69034aced8d6326576f69878c460d9b6e451fe5bf3e31b43fa0da7618f78195f65c4b662ac828b0f9fdd947811ecb7371e71dc14c6f9360b50386e60ea9a50bc1321e72d2de14ac80ec546873686ed6a90145bdbf0f395610075beaef72adc5a07a9facb5bff960ab6e3434adba7e2a0755d0443eed72ad0527787c989e6e0038708d3c6f5f94ea79089f2ea802597d281bf5d25afe9dd156c6d75666f59f4d355251af76d97118a6325b3df4293901e4fb2bd4918127053127b4ff02392008c658ff4313722fdf28650c7b605641fbb3439ac3bc919a8445fd83e2c545e44adb2ca6fc4259132336039a050faaebaa0d8cd7b43170863bfd50cff6e95deb0eb120c906bf9cf2c866b49965ab4c6802edb10039a6fafc9fc3fff40a763d551412f5747eadf6160724d607a4305201b265501289654da07d2fbd25f45ebecff0c091cf6df9c0f32cc8e2bbd3fb5ef2ea9654b5d47906f2a914084f9f21d9c12dc4f2eba659eea5115b4add730f48a49f4710f8d78e1ab1a5544d26930028ffdcbb545b39be8f0fbf8b04eabad247fd3d042ff34c8e9dea0c177d33951883b3e3d244907384d59641b41aeb216b44c6f578133c89e96731e80d26b2fbf7f20728452796c03f340f0139a7d4cabb50ac6f4b4b789ec23d684514a9d3837c08b05191f071067815d5d41e13c9bd1698dd5c983075706465ef54d13419154f87ec9492c1fddf4a5887323d0d419cc64192a372ad3d7c08e192c851164670f631e015465f5b9863dc88bbac48415929d68f2a109b82d1d37acae091d5cbcdb30ef3500224d3c30846f80604e821be13eb18b74b25b469390f4c470fc0e468432f47a87aca01a362dd2c49197d90dbe62f753073e4d8aae48aa2e5b236c1f66a91de9bfc9276239fb6cbaba22e94a8b1cb9b71c3d916a8a951f0c5c311eaf9647853bf7023a1c62aa24a6af86be5a7fe87595ce417015083bd2ca6481004da94190a676f17bff248e2c7dc57415a60b6751c0f7d156cd5aeb1e11529b1246d692a50e4e0d888e7fd5628e14db4d87b85d685d96c86c2cc0416e62b9af56a30b3b6e512afe9e0ec49d67e96872d710e3e8889d08fbd958f60715db959f20d44d6e64a58fc72f051ef37c1bb2d5e92a7c7372d9459e022182afe60ceb92f2a069e0e206b57b698c52be79e00e42cdadb779eb900dcd9d804348e81f657d3de0b1bfef9cad8142c73052cd7b2fba8268fb5ab31355a7a03a79d5f7cef490d8806193b438725e86285a0fb91c7bbb9daf1486b4443ec0f1bdb704034fa69c822f36781bc5b0293460f689c7eb9a77fe5e5575662e91325f81bcc1c4c5f72470b0780bfb41e4fd0bd5a3e29cf87f02683142339b8517768ee4d0dfa871c2a7ed55b88b551d863d94f2a64be716d19136cf7b467685514d3241685e7633f5f8149f1ff38b9571dfcfa46a29a579b458517d6747aab5e25eb72c9547abe8bbc3929690045b1cef8267ed5c3707397602ebdc994825695a47410b38f577dd66501e10eb07888be84cae79b2dffd27ee282ed419f7b6ab99bcc26fd2a1b3c7035fd42296263334bc2dab9235cbcc0bf04996fa54cada26c771591355598f428c942191cc196c17895b6136783261a29388a66b2dda8665323a7b936ff6bdc239c87868e003bbc4768bfd32322694738e28a8636df7f380881b7fc801fb4e48e798be728159fffddb315c85af9f96565dd0223f236f5ef2802277aa2e5e10e81beb21ceea601d4b5e3ee8b8e04d8a52a4abf268727242715b17a81f87c5483347e030dd0700726d878b5994eb8cf515cab4528477858959e6f1f4c7e04ce41a0ab4a60abef7ee11b75e4debbac1c5715cd179adfde1d542fe464fb2c87a5869c49859b26f3e566366e2c5c0d09b839ca8a3d7d66e43551f5454697ebb1142a6c744cb2a1f7858e1aa27bb870d3a9b1c39ea60c80b2eb34c20858691a95b9751ab112dd458b96069ede6867806d175422865beae054ef2a1a59b7ce3e65e4f4d459639105c0fe14bd0abb6de51d9e6cc0507762fd2db93c992041c307b2a45f9e0bc196a134d84a111cae2a02acf667df369f1b9dd446d55958b7bd66b976e8ae7365093c2e797d141064ac1b9e76a8ca3a99a3655aeb45c0c4ffcafccf38d30ef36db28d08e4802aa8f78ae995fb0d2ab364e96527d3f03afe71d1666b042ec4a4b64da9072d76e46e2d7a8ba8d45632c62f5e84e4a8cf59836432ecb534388194a273239530f5b808338f60ebf8139fb0b57d508d5c3a7a099242e1f46df7994cd42f7c9e9e8d6ff23f8d3a8609af70f28b22271ba3e3b30515450ceb91346efdc70f0cc663b92ce9872d2d8b0850d6496edb72c8e22caa13ee1bf7d8eaedba23676a9a58ddadaee54053fb3d3763d65646a531812bb7b08a31b897005a0ea1be92a1c4616005ff74da641fc4736363377b66e24fd745c127ade3809ba11f30224fbcdc3396bf6a0f6b1f408cd49f2139da17e7e595cda0bcca9bac877a9a4551c127a3a11632ad7f9722ec651771b59979a3920d41ec02e1a578a99e798987b69b8cfe0426b0a44fc7ccca5fd16a0bc7c7a8839ff655790ce9d05f6cb65515e4e31d0585b85db3470ff336c55b5f8240ba2a9a47bd46a6338a2c0bb56e2d91a3bd86ee57b335b330a3e1fbb046c9a2de751ca7d4333dfd8e3fbe9208c8a95bba533611a6fdbe5997e4d0f22942a7018697a7ee2a1b929e91e4b4b5d311a59a5ce594cf572e189ad66ffc25af12b578f7a0ce4fd0a9d2f3f57d2c040f68a4d72309e89cb60f455a2b43a18b40b11eac48ca1353b096230e57def4f9d93a8e147515c1f279557623298e2e5097efc3a58c0c3011cb5db11822ddaa842581a9f884cbe0d7e5f953d75c29afb94bf33aeabdb4be555cddb053ef429fd590c4b57c772f1bd86b575208b00ca8259f0559c027d1386145da80085c0c2e8640487fde71d104d6fd1c0b65ddb9056ed6158190ae874878f0ca7922b2110bc26e986a52f0f3e4004c00f68c23adc147ee332501094d00df0b6e592c1e23d44b18ac2a08ca66665ffa708a19d71aba755642bdc9d0852661c33ba4f9bb3c1f20d49bd120449fade6b0564fda35212b92a9222d1951f192a6ab014d271d6ced5d19c43283b7b20dbfd99662453103409ac34b7071508c1d75201b7457d7d9b769c30c95850b7f022a10d782518789d4a60089124585073b85aae60df6a788ee790c975875d9e8bc8857003f29fd61039da9dd0814c1b0135994f87c5e7820b562dc242d54626449f328edf8de126bafb0197ab6948c43c6be367b10e3ae6cf7044490747b4dba5ae069b9bdc83079658ce8705bd351d62be98e2278f9b9d5fe70dadf4e03cc938555746bcac9941767123a904a4f7b838b27d472ec3dfbf1cc681e6bebd23501b0bd1a2ac42495fa68371dbc74de54a81f5cd317299e51b10095e085e403f6ce9402fa66c60725fd2cfa0dda785414d6c88cd56046dac50f1402385c498a766acef1a02b5aa704f116c07ab71a93e99957d700fef35a2f406379cec476a6b31b4601f44a0854f1493adf90a8c46dbc1721dfb8ec40d7f90f6a3419f0fda187db457732c16c0114847ae95160607b090400598000000c00350003000000000000009500be8064c38840f47ac9a91c676e1f00723b03d8ee8599619de3bea219f1e032b07f235a1887102b88c73e75673c59ab8e358f5cc533e86bf0acc7747bd63d3c061894517121b4e4d102547b494929770cb19e495da33ad8adda258fa2dd9b693e4c9e4c23669c200f274d39dcb05d746f2e4bd7d4f63d0113cae25565c599bf33bda7bb6fe1378389d4c3940400468004001780000000114d5741b12400c68ada91001ba06e586622c9e5d97536e8e7c641fe1447f2394c72610f6ef04a00fddbc4f14bc8a44833d44b869f85cc3788a82af7c3c13b2b064e349368477136bd77824d7a349a6969937ae605b90ea25066aeae8aef8a42a432c1b0e6888eed20a8dd7072b92fc9e3f3d54075dc4707bdfb9304181782fb643b8d9cab2eb390450a141cd6760030e1eaa462a3bb9ebdf4825d7d54a446531ba0c5412a0f628102c54f0f6155cf20dcd546e50000b202088008002800", @ANYRES32=r6, @ANYBLOB="4e4e7c4ea4677c93757e94abe97c2cabfac407f637f26c5e57fbc101905da8387a80cd1600a46653a8cd02dd6d801806743994547c4ecc1d872976f592632596a70fbe95f6e9347153cce8d00bd7a130f6c23f9512ea0f7e0fadb93bd57d054d385a244f68b59796e95f2ff38a909b8db23fc3bee15c19122c05428fc3a8abea0582ee2901967a9c5eb49bced74ff4ed32f82a1c6ba2106afa917298aaf5f2c20611a67ff74dffa6fba460d755fa5631581e5c0e0d40de366cac3362bd55ceb5f27711f0eb662829e7ba5ad864c5d601c18006005a00270000000400238006021bb1dfa04df4a67608c0f9ae25194eeea807824d5c3d03deab42828cd36c3f3df2108227b833c38e157918ebd73d60ac770a4bb9d4b4e918c92aba3a7d142ecd5da4bb08e956531385b7ba196fdc44d56352a6f0d794c4f2e7928c34ea483c35214e95a497d4ed9d7dae76496d9952d3422517a5d91a2e7c24c705fd443ad3a236b4a359e818ad2768696ca2102b5f8346f4b4c46f35c5978209c970efe1be279a75440d38dbb474f73e635ddb5ddd5ca1e189f4f6ef9ecb02f2489c96337b472a005d2231ded983151fcf496be485a1409baa2e8c8b2d75c58b247acf92bc61a0609272675a400a7a15eb0b501904d6f25b90d8fd162f92c66b2d3dc0c6688a9b168205b3dade205f96ab35949fc7df933093ffbb92df36f9df0603f3514cc3210b51c0615b00e6c9e0ef0d057e1d1fe4a8bbf9129d76cfe70cb313a79167cfe29da7a10470cc10165ec18dc6bb1dc0ff2f3b05fa8523b14ca01e0ee51b570454be26e340418bfa08c760c7d1e10bcac1509198f594b4a0e3a8c59514d4d282bfdd549bfc92256b6c51ec08d580a334bc5f5c51427be4b738bf9854d679d958d95a1745832c79f3fee242ada7f7a54ce53e2e9ef30a092873dcea0a9697765e8e422e4a000000005f01038008007a0027d8e794601b6740778ecd3b6e02147861acb30a8f80679885d0010ac7231ee493b280bb5b53963e0b88d2578ed40531d4f35fbb820d0503116786eda9ce86f77de24b6bc2ad50299e2564d60b90ca94ce1d2ab88cde87dce18f87251fbbbf761229ca65e122ce2c2a0d521769b597d6971acb26cf34265b09bf9db1a6746473a9372d3ec2", @ANYRES32=r7, @ANYBLOB="0427d512f5eacc6d67d29e971c62e1cc6fa062c2e81efe95035868f65c1dae48230b10ab72455f23c7c15eccb611cdfb661c4a5cdc0e5b9bf531810ec92e156b5d48232535181931f63a0655e57694edbd7d670c4d68571065c4a9789abd0ef4d6b10dbb7ed2d665ee0db7ec9da56192c1048e83c418ce74079ebae1633283f5131fad6eaca0782109720c1e1f8b5774c76d65264c60e8807fba654f001e80140005002001000000000000000000000000000216b8adde461e77cef58d49e4ba2bcb1ca28053960c2fbe4cbcaf1b38a970aa6f8a2069ec1b0622c95fde0d798606ae998c14bb1b30bce5006300538004003a80a64c58f891467339cf2ac85b918000e8aefc9ff53e93c0a5f2b681923189e31ba49903a18aaa397698d19cd0ec15f1df2962bf5e2979283c71976047e75e74a0cb24dc9ea12c2c9af045c0f1fc84476fb6006e08001000ff070000000400250000450105800148da3fee26bd243d93ac2c34b00473ed0229ff16cbdd313762bfaa0e4575833a3cdb5a18adf5faab829d4523e9880f2e738856505f4bb811c1743f0eef59dac04f9a7552205fd14264fb5ca243921f3e6ef98c446d3d94f68cbad823dca26d949b6dd6619f866bbde658246892940a14bf22cad061560919661a542e7c4c85195ac41601081954d2fe207e64ea3ec3b787d375bdfcea96703cc4009393e8b130edee77df4234adfd7b8d21cde2d59d47f6a33c47923798bf700342373759da6fe589147ba7987d18435da920183ac02d213c305370033aeb190e4e1dd0c14cfcb8553240632c43025caef0bf8e067611ad043db632519b799dc8ad14157eba17cf9d7f3c9ec529edef031ae60616b33887124cf33d57c5a3663a06e9e982efe67c7dd82b998f72256eb7bd10414830b20c256874cd81e78c53dbd626b48f064a000000a2020380100072002f6465762f766964656f31000400980004007200d500fd8008002c00", @ANYRES32=r0, @ANYBLOB="04001e8004000e000400728004005d8008000b0003000000506c713352749576007e385fcc2cbe529915ad435c6382f2ef6ed6c572ed0f5ea7f5b1914a383fedaa7ea10da347437ba200870c3d8fa6f68866fdc724fd3acab913e0b98733424d28cdd23defc29e355a67a8e7697699e256d5c305d89893b81ed128153e2fea244451125aec7f5e516eb1de87e56542586dbb6f4c9dc99cb788faa0d104e78332d45325cda01ee7bab5d3214eb5d395f98bd8dbcbebb5891b7f080c911bf50dc6cc3c33443f072a1f470000007da01fb589d02b37bb2825d733286973671041eeedfea3c4ad93cfd0e55cd87c75b15dc17d97b9357ba7c5ca88622c8160ea09d107c99faef8dbd108b37a88c551e3bce0d206eb251f55e39e1d28246d48a73d1a2222e12b019b8f3028ba25e95272eb14a89b902c51e582c7de314adb6135241cd340ff0fdd417d92f988ee748680e216607da68a7ab2fcdaf6f1c7a3229d21e3160b81a65ae30c0124800400488008005b00", @ANYRES32=r4, @ANYBLOB="fc007c00fc191bc6f306a07c11f5ecf70d12c6b68cbba2e0a7e8b81f0b442046632465c14df4bcbc0bd0a4ba12776303755b5edaf7d33d184dda4ba81aec34b001c526937dfb1d41e67a2da6f55d832f866906a71483f9e2e4776c170968a04d5fa884a7935cf4817a7b3e98761f45e7b75ca5f3c804fea4e43b104cc99983c63aebc5fd40199784ddf7a7c99a4e5ccb96cab324f21dc7bd6d1b3d144f6651d8c28b2d3168b2427c0f18eb6a0a7ef9f61305f25a4faed94a87882f965ec77e07625ccf484cdce038f8f50a70da5d3982e7316f7f2193b6ca3b4d3965c8e8ee45a5c2a833f7c754272682703a6414f68ad4a9b9ab47cdf0ece0dd2ba908004f00", @ANYRES32=r8, @ANYBLOB='\x00\x00'], 0x263c}, 0x1, 0x0, 0x0, 0x8001}, 0x40000) r9 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000002ac0)='/sys/devices/virtual/bluetooth/hci4/power\x00', 0x2, 0x0) write$auto(r9, &(0x7f0000002b00)='/dev/video1\x00', 0x6) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r10 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0x200, 0x4, 0x948b, 0x7, 0x20000003, 0x1, 0x3, 0x5, 0x5, 0xa, 0x6, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r10, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x880, 0x0, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x2000062, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) 1.741243824s ago: executing program 0 (id=2093): openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2102, 0x0) (async) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) (async, rerun: 64) syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid_for_children\x00') (async, rerun: 64) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r0, 0x8038550a, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_tracing_saved_tgids_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/saved_tgids\x00', 0x101002, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttynull\x00', 0x201, 0x0) (async, rerun: 64) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) (async, rerun: 64) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty42\x00', 0x40741, 0x0) ioctl$auto(0x3, 0x402c542d, r1) (async) write$auto(0x3, 0x0, 0xfffffdef) io_uring_register$auto_IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) (async) semctl$auto(0x2, 0x5, 0x13, 0x9) (async) mknod$auto(&(0x7f0000001040)=':,\x00', 0xca, 0xfffffffa) (async) r2 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/4096, 0xfffffe82) (async) munmap$auto(0x1, 0x4) (async) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, &(0x7f00000010c0)=&(0x7f0000001080)='\x8c\x82\xa5') 1.54761884s ago: executing program 4 (id=2095): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) sendmsg$auto_NL80211_CMD_DEL_MPATH(r0, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400c2c2", @ANYRES16=0x0, @ANYBLOB="000129bd7000fddbdf2518000000"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) ioctl$auto(r0, 0x8922, 0x24) socket(0x1d, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x55) r2 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/usb/usbmon/0u\x00', 0x22202, 0x0) pread64$auto(r2, 0x0, 0x0, 0x9) read$auto_mon_fops_text_t_mon_text(r2, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0x0, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000001a40), 0xffffffffffffffff) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x1dfbdb30) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/2t\x00', 0xb00, 0x0) lseek$auto(0xffffffffffffffff, 0x5, 0x0) getdents$auto(0xffffffffffffffff, &(0x7f00000004c0)={0x100, 0x7fffffffffffffff, 0x4}, 0x62d4) r4 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000180)='/dev/sg1\x00', 0x646502, 0x0) openat$auto_ftrace_set_event_notrace_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/tracing/set_event_notrace_pid\x00', 0x100242, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram14\x00', 0x44ee02, 0x0) fsconfig$auto_HIDEPID_NO_ACCESS(r4, 0x6, &(0x7f0000000280)='/dev/snd/midiC2D0\x00', &(0x7f00000002c0)="e74d92f191b485eaf56ee335d933ef7cbd3dbf36456cd078243f1b6e5160a9031e1c8af79af3cbea78a1ff5ba6afae2a91b9d2df1482c6432d26fb20f6ec7137643c7ffdfa3a94019487165a574501a05f40ac9d574a1b8f9d67febe6f6913071e923fbaa138e157790feedaf9c0e90db128174544136ea20dc18d2f1bba543dafdaa7cd7ac8d94f7427870702d4654f3002c9d38a015f34edd563d6f16fde3ef35831ac801174487a", 0x1) 1.490712682s ago: executing program 3 (id=2096): r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event1\x00', 0x34d802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, r0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) (async) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x88000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_GET_MSRS(r1, 0xc008ae88, &(0x7f0000000100)={0x3, 0x0, [{0x4b564d02, 0x10, 0x1}]}) 1.309245415s ago: executing program 3 (id=2097): mmap$auto(0x0, 0x402000b, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/sctp/assocs\x00', 0x80, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000000)={{0x0, 0x8000003, 0x0, 0x7, 0x0, 0x7, 0x201d55}, 0x2}, 0x800, 0x80000000) r1 = openat$auto_tracing_saved_cmdlines_size_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/saved_cmdlines_size\x00', 0x90841, 0x0) r2 = socket(0xa, 0x5, 0x84) r3 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f00000001c0), 0x101, 0x0) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2c, 0x3, 0x0) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) r5 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/008/001\x00', 0x8901, 0x0) ioctl$auto(r5, 0x5522, r5) ioctl$auto(r5, 0x5523, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r3, 0x4008af60, &(0x7f0000000180)=0x5) ioctl$auto_VHOST_VSOCK_SET_GUEST_CID(r4, 0x4008af60, &(0x7f0000000000)=0x5) r6 = openat$auto_rts_threshold_ops_(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/ieee80211/phy13/rts_threshold\x00', 0x10400, 0x0) write$auto(r6, &(0x7f0000000200)=':]5]]$-\'\x00', 0xe) sendto$auto(r2, 0x0, 0x401, 0x6358c0, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe8000"}, 0x1c) pidfd_send_signal$auto(r1, 0xfffffffe, &(0x7f0000000100)={@_si_pad}, 0x9) pread64$auto(r0, 0x0, 0x7, 0xffff) 1.086414469s ago: executing program 3 (id=2098): socket(0x23, 0x80805, 0x0) ioctl$auto(0x3, 0x89ed, 0xfffffffffffff4e0) socket(0x2d, 0x2, 0x0) r0 = openat$auto_page_owner_stack_operations_page_owner(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) io_uring_register$auto_IORING_UNREGISTER_NAPI(r0, 0x1c, &(0x7f0000000300)="545d0f8b3950ba030630c80549e0abd8d44f153443e3efa7dda65784d18f0b3d43c360c866dd7c208a09483941b4eb63217d428fd4b1f94bc3db894660b11dac313bcc23bde6fb7049df058bedd5362bdb6ad6a928b98b848f4a1bbfee7ea99fd7f8776b53e88afa0a478b2727fe", 0x2ec71a6d) socket(0x10, 0x2, 0x0) sendmsg$auto_NL802154_CMD_SET_BACKOFF_EXPONENT(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)={0x2c, 0x0, 0x100, 0xa5, 0x25dfdbfb, {}, [@NL802154_ATTR_PAGE={0x5, 0x7, 0x6}, @NL802154_ATTR_PID={0x8}, @NL802154_ATTR_CCA_OPT={0x8, 0xd, 0x7}]}, 0x2c}, 0x1, 0x0, 0x0, 0x2400008d}, 0x24004040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf25030000000800030004020000060007000080000008000200", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a0001000000000000000000060007000a00000008000200", @ANYRES32=0x0, @ANYBLOB="080140"], 0x68}, 0x1, 0x0, 0x0, 0x18a64d47ddeca1f0}, 0x40090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) getsockopt$auto(0x3, 0x11d, 0xb, 0x0, 0x0) 845.093628ms ago: executing program 2 (id=2099): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r0, 0x0, 0x81) write$auto(r0, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) clock_nanosleep$auto(0x2, 0x6, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) syz_clone(0x80f400, 0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x0, 0x200007, 0x19) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto(0xffffffffffffffff, 0x64cf, 0x1df) r2 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000040), r1) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)={0x14, r2, 0x1b, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000080), 0xffffffffffffffff) getpid() r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f00000000c0), r3) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r3, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f0000000180)={0x40, r4, 0x1, 0x70bd2c, 0x25dfdbfc, {}, [@ETHTOOL_A_TSINFO_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}]}, @ETHTOOL_A_TSINFO_HWTSTAMP_PROVIDER={0x14, 0x7, 0x0, 0x1, [@ETHTOOL_A_TS_HWTSTAMP_PROVIDER_INDEX={0x8, 0x1, 0xa7}, @ETHTOOL_A_TS_HWTSTAMP_PROVIDER_QUALIFIER={0x8, 0x2, 0x1}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x802}, 0x4000000) epoll_ctl$auto_EPOLL_CTL_DEL(r3, 0x2, 0xffffffffffffffff, &(0x7f00000000c0)={0x8000, 0x3}) setresuid$auto(0xffffffffffffffff, 0x0, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) write$auto(r5, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 831.851907ms ago: executing program 3 (id=2100): statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x44f, 0x7, 0x5, 0x1007181, 0x8a0d, 0x7, 0x7, 0x7ff, 0x89, 0x26, 0x4, 0x200000000001, 0x384, 0xfffffffffffffffa, 0x8, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x9, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4]}, 0x9, 0xd) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0x8000, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4400ae8f, &(0x7f00000000c0)={0xdd}) 696.617944ms ago: executing program 0 (id=2101): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) sendmsg$auto_TIPC_NL_MON_PEER_GET(0xffffffffffffffff, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000004c0)={0x2d8, 0x0, 0x4, 0x70bd25, 0x25dfdbff, {}, [@TIPC_NLA_SOCK={0x72, 0x2, 0x0, 0x1, [@typed={0x6, 0x8b, 0x0, 0x0, @str=')\x00'}, @generic="a1e8dc979efbe2d0838b8f70954bf4d37a1a24b5831d3999392540c16336c644ff34396a253505269b2930ff4513b222a8bbba08f96a529deb790940cff62c2424c0e49920abf60034b1e2b0521225c94c66359e0c16790bf3d2f1add1375a83cec97e3a1473"]}, @TIPC_NLA_NET={0x250, 0x7, 0x0, 0x1, [@generic="7e87f67d1ad6749e9a851d7f7c1d405f44dd41063928c689164ded2da0b239f1371f117c3ebe501397519a9c69518b5899f1fa6637eb97b2c6322659f1996dc1c3299b80756a135c1d24bcac3d9fedaf2ff7e63209bf3a3e0ff53ac674a01b275db13a2e076ee50e72b91072034b125addec080e29dea3d15a34afabc0dd3d9f279195fdf1595df6e594329f504b52dde0d1e592fdbeff47d00e96a6f1045389831d323e24db449b6f6459ba784d846db8ba076db479e42de12878103a1dc1a5838f471a9f203f77", @nested={0x184, 0x80, 0x0, 0x1, [@typed={0x8, 0x1d, 0x0, 0x0, @pid}, @generic="2a8aa330df8eb289e47e5de094fe501f00a3446cf38dd3c4fc0ca3299cc745988b87713583cc8eb7d6706dac7dde1087c4ba7bd85d2a44a688c3efe6ac6889d6b063e8ccee580450541bbcf0109b2c87e089b0c89c365641223cd08aa0ad3a2b2348c84d585343bf40a727141e688f245c724fd360d534ede520666922f7a43e97624b1438058d395fee45157d36a8992138830874022aaa191a169c55d8a8227dc2b304b1ecc6163b66341050ff8e6c1bb68b570323117213020de200f4b4388e08ddc0fd9268ca9096b4be0e252e758a04dab06645c852702b97d5d84aa2176d", @generic="5b718b2e3ec199025702ef7678b8ba3e5f695d9d6d63de445421f652847479c3cdefc847828c21ebe645f429fc4e3f274d1828ebaf2540c1175b424f543a0d6aa1f8b46fed2c0be83d4fe9ed5345906a9fd56a7930e0b13ca3a9033548a8539c83542a79586b7442", @typed={0x8, 0x12b, 0x0, 0x0, @fd}, @nested={0x4, 0xa1}, @generic="82da4b71c0692cc122a0629fc2f6edc9dcbf2345557ead6c6663ab779aeaec82db13c1"]}]}]}, 0x2d8}, 0x1, 0x0, 0x0, 0x4044014}, 0x800) r2 = socket(0x11, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r2, &(0x7f0000000640)={{&(0x7f0000000000), 0x5ae, &(0x7f0000000100)={&(0x7f0000000780)="4c030000000000002106000000000000005f6bba441810", 0x49}, 0x5, 0x0, 0x5, 0x1}, 0x1}, 0x2, 0x100) sendmsg$auto_BATADV_CMD_TP_METER(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x1, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20044010}, 0x44800) 638.733015ms ago: executing program 3 (id=2102): mmap$auto(0x2, 0x4020009, 0x9d, 0xeb1, 0x401, 0x8200) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) socket(0x2, 0x3, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x200000000008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r0 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r0, 0x0) open(0x0, 0x22240, 0x55) fanotify_init$auto(0x8, 0x1) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0xc0400, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x3, 0x200, 0x4, 0x948b, 0x7, 0x20000003, 0x1, 0x3, 0x5, 0x5, 0xa, 0x6, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x880, 0x0, 0x948e, 0xffffffffffffffff, 0x15f4da0a, 0x3, 0x1000, 0x2000062, 0x4000008000001f, 0x7, 0x6d3e, 0x6, 0x2, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) write$auto(0x1, 0x0, 0x80000000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/oom_adj\x00', 0x408040, 0x0) r2 = io_uring_setup$auto(0x5, 0x0) r3 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dri/renderD128\x00', 0x41a080, 0x0) ioctl$auto(r3, 0x921064a2, 0x20000000020000a) read$auto_rng_chrdev_ops_core(r2, &(0x7f0000000040)=""/132, 0x84) socket$nl_generic(0x10, 0x3, 0x10) 553.157095ms ago: executing program 0 (id=2103): close_range$auto(0x2, 0x8, 0x0) getpid() mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) socket(0xa, 0x801, 0x84) r0 = syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_SCAN(0xffffffffffffffff, &(0x7f00000165c0)={0x0, 0x0, &(0x7f0000016580)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c349813d3eed18775d2c31760", @ANYRES16=r0, @ANYBLOB="79a327bd7000fbdbdf252000000005000f0050000000"], 0x1c}, 0x1, 0x0, 0x0, 0x2404c000}, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) inotify_add_watch$auto(0xffffffffffffffff, 0x0, 0x1000e6e) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/net/softnet_stat\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000826bd7000fedbdf250300000008000400b70a0000060007000080000008000200", @ANYRES32=r2, @ANYBLOB="0a0005000180c200000e00000a0001000180c200000e00000a000100000000000000000008000200", @ANYRES32=r2, @ANYBLOB="060006ff05000000080003009b"], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 303.441764ms ago: executing program 3 (id=2104): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x1a5ac3, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x488, 0x0) (async) mmap$auto(0x0, 0x8, 0x2, 0x12, 0x2, 0x8000) (async) setresuid$auto(0x2, 0x7, 0x8080) madvise$auto(0x0, 0x2, 0x15) (async) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xc0400, 0x0) (async) socketpair$auto(0x1, 0x2, 0xfffffffd, 0x0) (async) r1 = open(0x0, 0x64842, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/ptyb0\x00', 0x5e1001, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) (async) unshare$auto(0x3) (async) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) (async) r2 = prctl$auto(0x1ff, 0x5, 0x0, 0x5, 0x9) r3 = fanotify_init$auto(0x1000, 0x1) sendmsg$auto_GTP_CMD_ECHOREQ(r3, 0x0, 0x8840) dup2$auto(r2, 0xffffffffffffffff) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram8\x00', 0x5e603, 0x0) fsync$auto(r4) (async) r5 = socket(0xa, 0x3, 0x3a) r6 = syz_genetlink_get_family_id$auto_batadv(0x0, r5) (async) r7 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/rxrpc/calls\x00', 0x121040, 0x0) pread64$auto(r7, &(0x7f0000000040)='\x00\x00\x00\x88\xde\x90\a\'\x9bM\xa0\x848\xbbz(\xe9\x05<\x82\xfe\xe2\xf6 \x0f8\xfb\xa7\xb4\xa0\x9e\xcb\xec\x9e{o2?\x0f\x11\x90^\xdf/\x84\x99!*\xe3\x99}x\xd4\xa5D\xfa\xe5\xf9od^\xa6', 0x7ff, 0x3) sendmsg$auto_BATADV_CMD_TP_METER(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r6, @ANYBLOB="00042dbd7000fcdbdf25020000000500110009000000"], 0x1c}, 0x1, 0x0, 0x0, 0x2000c001}, 0x40001) (async) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) (async) ioctl$auto(r5, 0x8982, 0x1) 135.997212ms ago: executing program 4 (id=2105): timer_create$auto(0x7, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC1\x00', 0x802, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000140)={{@inferred, 0x0, 0x4, 0x8, "3112d585005a616119e230f9ffb683dbedecd0bf828bbfba40f035f4be6b7fe5e2f94bd90484b07530cf08a8"}, 0x3, 0x5, 0x10004, @inferred, @enumerated={0x4000, 0x800, "c832bcbae48ab01ec23457b7fd2dd3547c4e2eeba79edd0d1599ded9cbfaf517162fbe6a6f50f1aaa18fb20cabb4f176263bb0e781e3d0a2f992e8fcdcec86d9", 0x400, 0xffffffff}, "7a9fc199a16a2311eacf2fc7ae1da978dc3e8090334fdd73340238d212b6debe0ada55bdd70925450e24e87212f0bcab84a16f7ce8cbce0bb32777702b8d7c2d"}) close_range$auto(0x2, 0x8, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000280), 0x8000, 0x0) fcntl$auto(0x3, 0x4, 0xa553) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) migrate_pages$auto(0x0, 0xa, 0x0, &(0x7f0000000140)=0x2) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(0x0, 0x1002, 0x0, &(0x7f0000001140), 0x0, 0x2) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) syz_clone3(&(0x7f00000000c0)={0x2000000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) 86.96754ms ago: executing program 0 (id=2106): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) mprotect$auto(0x8000000004, 0xc, 0x800000000000008) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_submit$auto(0x8000000000000001, 0x8, 0x0) io_uring_setup$auto(0xc, 0x0) (async) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) (async) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/rds/tcp/rds_tcp_rcvbuf\x00', 0x141241, 0x0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) openat$dir(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x40342, 0x149) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/events/vmalloc/alloc_vmap_area/filter\x00', 0x2, 0x0) (async) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r1, &(0x7f0000000200)={0x0, 0xb}, 0x200000003) (async) write$auto(0x3, 0x0, 0x5c8) pwrite64$auto(r0, 0x0, 0x6bc, 0x5) (async) remap_file_pages$auto(0x9, 0x7, 0xba00000, 0xd, 0x0) (async) r3 = ioctl$auto_NS_GET_USERNS(0xffffffffffffffff, 0xb701, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r3, 0x7fffffff, 0x0) (async) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty41\x00', 0x2800, 0x0) (async) r4 = openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/ieee80211/phy0/netdev:wlan0/active_links\x00', 0x82, 0x0) write$auto_debugfs_full_proxy_file_operations_internal(r4, 0x0, 0x20) (async) read$auto(0x3, 0x0, 0x80) 0s ago: executing program 2 (id=2107): mmap$auto(0x0, 0x20006, 0x10000000000df, 0x100000000eb3, 0x401, 0x1) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x7, 0x0) r0 = open(&(0x7f0000000100)='./cgroup.cpu/cgroup.procs\x00', 0x638e00, 0xb5d1af1605322dd0) open_by_handle_at$auto(r0, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x28, 0x0, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000001000)='/dev/binderfs/binder1\x00', 0x28000, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyt2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) socketpair$auto(0x5b, 0x2, 0x420000, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) socketpair$auto(0x3, 0xa, 0x8dbe, 0x0) lsm_get_self_attr$auto(0x64, 0x0, &(0x7f0000002440)=0x2, 0x0) close_range$auto(0x2, 0x8000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000080)=""/4, 0x4) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0182, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) fsmount$auto(0xffffffffffffffff, 0x5, 0x9) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_CREATE_VM(r2, 0xc048aeca, 0x0) kernel console output (not intermixed with test programs): 9 01 48 [ 320.997712][T10499] RSP: 002b:00007fe84db8b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 320.997727][T10499] RAX: ffffffffffffffda RBX: 00007fe84d015fa0 RCX: 00007fe84cd9c629 [ 320.997737][T10499] RDX: 000000000002aa01 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 320.997746][T10499] RBP: 00007fe84ce32b39 R08: 0000000000000000 R09: 0000000000000000 [ 320.997755][T10499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 320.997764][T10499] R13: 00007fe84d016038 R14: 00007fe84d015fa0 R15: 00007ffe72103ea8 [ 320.997784][T10499] [ 321.773384][T10508] netlink: 28 bytes leftover after parsing attributes in process `syz.0.876'. [ 321.782728][T10508] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 321.792872][T10508] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 321.811137][T10508] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 321.849314][T10508] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 322.349974][T10519] kAFS: No cell specified [ 322.571988][T10533] can: request_module (can-proto-4) failed. [ 322.885314][T10538] kAFS: No cell specified [ 323.143574][T10555] netlink: 21 bytes leftover after parsing attributes in process `syz.3.887'. [ 323.363726][T10565] FAULT_INJECTION: forcing a failure. [ 323.363726][T10565] name failslab, interval 1, probability 0, space 0, times 0 [ 323.415680][T10565] CPU: 0 UID: 0 PID: 10565 Comm: syz.0.897 Tainted: G U L syzkaller #0 PREEMPT(full) [ 323.415730][T10565] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 323.415741][T10565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 323.415758][T10565] Call Trace: [ 323.415767][T10565] [ 323.415777][T10565] dump_stack_lvl+0x100/0x190 [ 323.415831][T10565] should_fail_ex.cold+0x5/0xa [ 323.415863][T10565] ? tomoyo_realpath_from_path+0xb6/0x690 [ 323.415894][T10565] should_failslab+0xc2/0x120 [ 323.415940][T10565] __kmalloc_noprof+0xe0/0x850 [ 323.415988][T10565] tomoyo_realpath_from_path+0xb6/0x690 [ 323.416027][T10565] tomoyo_check_open_permission+0x2af/0x3c0 [ 323.416071][T10565] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 323.416152][T10565] ? do_raw_spin_lock+0x128/0x260 [ 323.416194][T10565] ? path_get+0x61/0x80 [ 323.416226][T10565] tomoyo_file_open+0x6b/0x90 [ 323.416260][T10565] security_file_open+0xb5/0x1e0 [ 323.416288][T10565] do_dentry_open+0x5aa/0x1660 [ 323.416334][T10565] ? security_inode_permission+0xbf/0x250 [ 323.416382][T10565] vfs_open+0x82/0x3f0 [ 323.416419][T10565] path_openat+0x208c/0x31a0 [ 323.416457][T10565] ? __pfx_path_openat+0x10/0x10 [ 323.416516][T10565] do_file_open+0x20e/0x430 [ 323.416546][T10565] ? __pfx_do_file_open+0x10/0x10 [ 323.416600][T10565] ? alloc_fd+0x476/0x790 [ 323.416668][T10565] ? do_getname+0x191/0x390 [ 323.416705][T10565] do_sys_openat2+0x10d/0x1e0 [ 323.416740][T10565] ? __pfx_do_sys_openat2+0x10/0x10 [ 323.416789][T10565] __x64_sys_openat+0x12d/0x210 [ 323.416831][T10565] ? __pfx___x64_sys_openat+0x10/0x10 [ 323.416881][T10565] do_syscall_64+0x106/0xf80 [ 323.416913][T10565] ? clear_bhb_loop+0x40/0x90 [ 323.416949][T10565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.416979][T10565] RIP: 0033:0x7f38ad39c629 [ 323.417002][T10565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 323.417029][T10565] RSP: 002b:00007f38ae1a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 323.417056][T10565] RAX: ffffffffffffffda RBX: 00007f38ad615fa0 RCX: 00007f38ad39c629 [ 323.417075][T10565] RDX: 0000000000020002 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 323.417093][T10565] RBP: 00007f38ad432b39 R08: 0000000000000000 R09: 0000000000000000 [ 323.417110][T10565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 323.417126][T10565] R13: 00007f38ad616038 R14: 00007f38ad615fa0 R15: 00007ffd213d5a78 [ 323.417164][T10565] [ 323.417222][T10565] ERROR: Out of memory at tomoyo_realpath_from_path. [ 323.696330][T10571] netlink: 28 bytes leftover after parsing attributes in process `syz.2.889'. [ 323.784913][T10571] bond0: (slave bond_slave_1): Releasing backup interface syzkaller syzkaller login: [ 324.357526][T10590] netlink: 28 bytes leftover after parsing attributes in process `syz.2.892'. [ 324.500996][T10593] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input26 [ 325.018910][T10596] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input27 [ 325.205914][T10600] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input28 [ 325.470137][T10603] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input29 [ 325.515470][T10623] netlink: 330 bytes leftover after parsing attributes in process `syz.0.899'. [ 325.718881][T10623] mac80211_hwsim hwsim2 : renamed from wlan0 (while UP) [ 325.893298][T10631] FAULT_INJECTION: forcing a failure. [ 325.893298][T10631] name failslab, interval 1, probability 0, space 0, times 0 [ 325.906108][T10631] CPU: 1 UID: 0 PID: 10631 Comm: syz.2.900 Tainted: G U L syzkaller #0 PREEMPT(full) [ 325.906144][T10631] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 325.906149][T10631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 325.906159][T10631] Call Trace: [ 325.906164][T10631] [ 325.906170][T10631] dump_stack_lvl+0x100/0x190 [ 325.906196][T10631] should_fail_ex.cold+0x5/0xa [ 325.906214][T10631] ? lsm_blob_alloc+0x68/0x90 [ 325.906229][T10631] should_failslab+0xc2/0x120 [ 325.906252][T10631] __kmalloc_noprof+0xe0/0x850 [ 325.906272][T10631] ? trace_kmalloc+0x101/0x130 [ 325.906288][T10631] lsm_blob_alloc+0x68/0x90 [ 325.906304][T10631] security_sk_alloc+0x2d/0x290 [ 325.906324][T10631] sk_prot_alloc+0x12a/0x2a0 [ 325.906346][T10631] sk_alloc+0x36/0xe80 [ 325.906361][T10631] __netlink_create+0x5e/0x2c0 [ 325.906375][T10631] ? __wake_up+0x3f/0x60 [ 325.906391][T10631] netlink_create+0x293/0x610 [ 325.906405][T10631] ? __pfx_genl_bind+0x10/0x10 [ 325.906423][T10631] ? __pfx_genl_unbind+0x10/0x10 [ 325.906447][T10631] ? __pfx_genl_release+0x10/0x10 [ 325.906468][T10631] __sock_create+0x339/0x860 [ 325.906492][T10631] __sys_socket+0x14d/0x260 [ 325.906511][T10631] ? exc_page_fault+0x6f/0xd0 [ 325.906526][T10631] ? __pfx___sys_socket+0x10/0x10 [ 325.906549][T10631] ? do_user_addr_fault+0x8d6/0x12f0 [ 325.906574][T10631] __x64_sys_socket+0x72/0xb0 [ 325.906593][T10631] ? lockdep_hardirqs_on+0x78/0x100 [ 325.906609][T10631] do_syscall_64+0x106/0xf80 [ 325.906624][T10631] ? clear_bhb_loop+0x40/0x90 [ 325.906642][T10631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.906657][T10631] RIP: 0033:0x7fbf56f9dec7 [ 325.906671][T10631] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 325.906684][T10631] RSP: 002b:00007fbf57e50f98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 325.906699][T10631] RAX: ffffffffffffffda RBX: 00007fbf57216180 RCX: 00007fbf56f9dec7 [ 325.906709][T10631] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 325.906718][T10631] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 325.906726][T10631] R10: 0000000000000000 R11: 0000000000000286 R12: 0000000000000000 [ 325.906734][T10631] R13: 00007fbf57216218 R14: 00007fbf57216180 R15: 00007ffe12693dd8 [ 325.906753][T10631] [ 326.614269][T10647] netlink: 28 bytes leftover after parsing attributes in process `syz.4.903'. [ 326.730186][T10647] bond0: (slave bond_slave_1): Releasing backup interface [ 326.860676][T10645] zswap: compressor not available [ 327.092145][T10659] kAFS: No cell specified [ 327.159898][T10664] netlink: 28 bytes leftover after parsing attributes in process `syz.4.906'. [ 327.173075][T10664] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 327.182699][T10664] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 327.192110][T10664] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 327.200833][T10664] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 329.124466][T10703] random: crng reseeded on system resumption [ 330.974562][T10734] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input30 [ 331.139794][T10739] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input31 [ 331.886857][T10751] kAFS: No cell specified [ 332.794589][T10777] netlink: 330 bytes leftover after parsing attributes in process `syz.4.929'. [ 332.813990][T10777] mac80211_hwsim hwsim13 : renamed from wlan0 (while UP) [ 332.860983][T10776] kAFS: No cell specified [ 334.881295][T10816] kAFS: No cell specified [ 335.714792][T10830] FAULT_INJECTION: forcing a failure. [ 335.714792][T10830] name failslab, interval 1, probability 0, space 0, times 0 [ 335.794016][T10830] CPU: 1 UID: 0 PID: 10830 Comm: syz.2.939 Tainted: G U L syzkaller #0 PREEMPT(full) [ 335.794047][T10830] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 335.794053][T10830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 335.794062][T10830] Call Trace: [ 335.794068][T10830] [ 335.794074][T10830] dump_stack_lvl+0x100/0x190 [ 335.794101][T10830] should_fail_ex.cold+0x5/0xa [ 335.794119][T10830] should_failslab+0xc2/0x120 [ 335.794143][T10830] __kmalloc_cache_noprof+0x7a/0x6f0 [ 335.794161][T10830] ? vhost_iotlb_add_range_ctx+0xf0/0xa80 [ 335.794187][T10830] vhost_iotlb_add_range_ctx+0xf0/0xa80 [ 335.794209][T10830] ? __kasan_kmalloc+0xaa/0xb0 [ 335.794233][T10830] vhost_dev_ioctl+0x907/0xe20 [ 335.794272][T10830] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 335.794318][T10830] vhost_net_ioctl+0x75f/0x1910 [ 335.794348][T10830] ? do_vfs_ioctl+0x226/0x13e0 [ 335.794383][T10830] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 335.794418][T10830] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 335.794442][T10830] ? find_held_lock+0x2b/0x80 [ 335.794464][T10830] ? __fget_files+0x215/0x3d0 [ 335.794483][T10830] ? hook_file_ioctl_common+0x146/0x410 [ 335.794509][T10830] ? __fget_files+0x21f/0x3d0 [ 335.794532][T10830] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 335.794550][T10830] __x64_sys_ioctl+0x18e/0x210 [ 335.794571][T10830] do_syscall_64+0x106/0xf80 [ 335.794587][T10830] ? clear_bhb_loop+0x40/0x90 [ 335.794605][T10830] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.794627][T10830] RIP: 0033:0x7fbf56f9c629 [ 335.794642][T10830] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 335.794658][T10830] RSP: 002b:00007fbf57e94028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 335.794674][T10830] RAX: ffffffffffffffda RBX: 00007fbf57215fa0 RCX: 00007fbf56f9c629 [ 335.794684][T10830] RDX: 0000200000000000 RSI: 000000004008af03 RDI: 000000000000000a [ 335.794694][T10830] RBP: 00007fbf57032b39 R08: 0000000000000000 R09: 0000000000000000 [ 335.794703][T10830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 335.794712][T10830] R13: 00007fbf57216038 R14: 00007fbf57215fa0 R15: 00007ffe12693dd8 [ 335.794732][T10830] [ 336.367718][T10849] futex_wake_op: syz.2.943 tries to shift op by -2048; fix this program [ 336.400316][T10849] futex_wake_op: syz.2.943 tries to shift op by -2048; fix this program [ 336.425660][T10849] 0x000000000001-0x000000020000 : "" [ 336.451791][T10849] ftl_cs: FTL header corrupt! [ 336.500486][T10852] misc userio: No port type given on /dev/userio [ 336.806897][T10855] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input32 [ 336.908359][T10856] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 338.977388][T10897] kAFS: No cell specified [ 339.845009][T10913] FAULT_INJECTION: forcing a failure. [ 339.845009][T10913] name fail_futex, interval 1, probability 0, space 0, times 0 [ 339.859925][T10913] CPU: 1 UID: 0 PID: 10913 Comm: syz.4.956 Tainted: G U L syzkaller #0 PREEMPT(full) [ 339.859953][T10913] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 339.859959][T10913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 339.859968][T10913] Call Trace: [ 339.859974][T10913] [ 339.859979][T10913] dump_stack_lvl+0x100/0x190 [ 339.860010][T10913] should_fail_ex.cold+0x5/0xa [ 339.860036][T10913] get_futex_key+0x1d2/0x1620 [ 339.860061][T10913] ? __pfx_get_futex_key+0x10/0x10 [ 339.860076][T10913] ? futex_hash+0x2c5/0x380 [ 339.860103][T10913] futex_wake+0xea/0x530 [ 339.860124][T10913] ? __pfx_futex_wait+0x10/0x10 [ 339.860144][T10913] ? __pfx_futex_wake+0x10/0x10 [ 339.860167][T10913] ? __lock_acquire+0x4a5/0x2630 [ 339.860189][T10913] do_futex+0x32b/0x350 [ 339.860207][T10913] ? __pfx_do_futex+0x10/0x10 [ 339.860226][T10913] ? find_held_lock+0x2b/0x80 [ 339.860250][T10913] __x64_sys_futex+0x34f/0x4d0 [ 339.860270][T10913] ? __fget_files+0x21f/0x3d0 [ 339.860291][T10913] ? __pfx___x64_sys_futex+0x10/0x10 [ 339.860316][T10913] do_syscall_64+0x106/0xf80 [ 339.860332][T10913] ? clear_bhb_loop+0x40/0x90 [ 339.860350][T10913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 339.860365][T10913] RIP: 0033:0x7fd7c819c629 [ 339.860379][T10913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 339.860393][T10913] RSP: 002b:00007fd7c90c00e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 339.860407][T10913] RAX: ffffffffffffffda RBX: 00007fd7c8415fa8 RCX: 00007fd7c819c629 [ 339.860417][T10913] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd7c8415fac [ 339.860426][T10913] RBP: 00007fd7c8415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 339.860435][T10913] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 339.860444][T10913] R13: 00007fd7c8416038 R14: 00007ffe2f884400 R15: 00007ffe2f8844e8 [ 339.860464][T10913] [ 340.665820][T10928] kAFS: No cell specified [ 342.933700][T10979] FAULT_INJECTION: forcing a failure. [ 342.933700][T10979] name fail_futex, interval 1, probability 0, space 0, times 0 [ 342.954126][T10979] CPU: 0 UID: 0 PID: 10979 Comm: syz.0.972 Tainted: G U L syzkaller #0 PREEMPT(full) [ 342.954179][T10979] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 342.954191][T10979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 342.954209][T10979] Call Trace: [ 342.954219][T10979] [ 342.954231][T10979] dump_stack_lvl+0x100/0x190 [ 342.954279][T10979] should_fail_ex.cold+0x5/0xa [ 342.954314][T10979] get_futex_key+0x1d2/0x1620 [ 342.954372][T10979] ? __pfx_get_futex_key+0x10/0x10 [ 342.954402][T10979] ? futex_hash+0x2c5/0x380 [ 342.954443][T10979] futex_wake+0xea/0x530 [ 342.954486][T10979] ? __pfx_futex_wait+0x10/0x10 [ 342.954527][T10979] ? __pfx_futex_wake+0x10/0x10 [ 342.954572][T10979] ? find_held_lock+0x2b/0x80 [ 342.954615][T10979] ? do_msgrcv+0x11fb/0x16f0 [ 342.954647][T10979] ? do_msgrcv+0x11fb/0x16f0 [ 342.954684][T10979] do_futex+0x32b/0x350 [ 342.954720][T10979] ? __pfx_do_futex+0x10/0x10 [ 342.954765][T10979] __x64_sys_futex+0x34f/0x4d0 [ 342.954815][T10979] ? __pfx___x64_sys_futex+0x10/0x10 [ 342.954867][T10979] do_syscall_64+0x106/0xf80 [ 342.954903][T10979] ? clear_bhb_loop+0x40/0x90 [ 342.954935][T10979] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 342.954962][T10979] RIP: 0033:0x7f38ad39c629 [ 342.954985][T10979] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 342.955014][T10979] RSP: 002b:00007f38ae1a70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 342.955042][T10979] RAX: ffffffffffffffda RBX: 00007f38ad615fa8 RCX: 00007f38ad39c629 [ 342.955061][T10979] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f38ad615fac [ 342.955079][T10979] RBP: 00007f38ad615fa0 R08: 0000000000000000 R09: 0000000000000000 [ 342.955096][T10979] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 342.955114][T10979] R13: 00007f38ad616038 R14: 00007ffd213d5990 R15: 00007ffd213d5a78 [ 342.955153][T10979] [ 344.203703][T10990] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 344.218824][T10990] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 344.254203][T10990] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 344.287489][T10990] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 344.601367][T11007] kAFS: No cell specified [ 345.405764][T11023] kAFS: No cell specified [ 345.511079][T11030] FAULT_INJECTION: forcing a failure. [ 345.511079][T11030] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 345.547241][T11030] CPU: 1 UID: 0 PID: 11030 Comm: syz.2.984 Tainted: G U L syzkaller #0 PREEMPT(full) [ 345.547295][T11030] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 345.547307][T11030] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 345.547324][T11030] Call Trace: [ 345.547333][T11030] [ 345.547345][T11030] dump_stack_lvl+0x100/0x190 [ 345.547392][T11030] should_fail_ex.cold+0x5/0xa [ 345.547423][T11030] _copy_from_user+0x2e/0xd0 [ 345.547466][T11030] load_msg+0x19e/0x4a0 [ 345.547500][T11030] do_msgrcv+0x209/0x16f0 [ 345.547533][T11030] ? __pfx_do_msg_fill+0x10/0x10 [ 345.547559][T11030] ? __pfx_do_futex+0x10/0x10 [ 345.547601][T11030] ? __pfx_do_msgrcv+0x10/0x10 [ 345.547629][T11030] ? __x64_sys_futex+0x34f/0x4d0 [ 345.547667][T11030] ? xfd_validate_state+0x129/0x190 [ 345.547713][T11030] ? do_syscall_64+0x106/0xf80 [ 345.547747][T11030] do_syscall_64+0x106/0xf80 [ 345.547777][T11030] ? clear_bhb_loop+0x40/0x90 [ 345.547813][T11030] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 345.547843][T11030] RIP: 0033:0x7fbf56f9c629 [ 345.547868][T11030] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 345.547895][T11030] RSP: 002b:00007fbf57e94028 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 345.547923][T11030] RAX: ffffffffffffffda RBX: 00007fbf57215fa0 RCX: 00007fbf56f9c629 [ 345.547943][T11030] RDX: 000000000000f55c RSI: 0000000000000000 RDI: 0000000000000000 [ 345.547961][T11030] RBP: 00007fbf57032b39 R08: 0000000000004a4d R09: 0000000000000000 [ 345.547979][T11030] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 345.547997][T11030] R13: 00007fbf57216038 R14: 00007fbf57215fa0 R15: 00007ffe12693dd8 [ 345.548034][T11030] [ 345.935291][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 346.229359][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 346.308554][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 346.308565][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 346.509602][T11043] pci 0000:00:01.0: [8086:7110] type 00 class 0x060100 conventional PCI endpoint [ 346.874635][T11053] netlink: 28 bytes leftover after parsing attributes in process `syz.4.992'. [ 346.987212][T11055] netlink: 330 bytes leftover after parsing attributes in process `syz.3.991'. [ 347.025288][T11055] mac80211_hwsim hwsim6 : renamed from wlan0 (while UP) [ 347.198294][T11058] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input34 [ 349.028690][T11089] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1003'. [ 349.695591][T11109] kAFS: No cell specified [ 351.678084][T11152] page: refcount:5 mapcount:4 mapping:0000000000000000 index:0x7f2166e50 pfn:0x78c00 [ 351.705141][T11152] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 351.714773][T11152] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 351.724030][T11152] raw: 00000007f2166e50 0000000000000000 0000000500000003 0000000000000000 [ 351.741547][T11152] page dumped because: unmovable page [ 351.749640][T11152] page_owner tracks the page as allocated [ 351.757716][T11152] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5816, tgid 5816 (syz-executor), ts 72420403748, free_ts 68838184585 [ 351.818315][T11152] post_alloc_hook+0x153/0x170 [ 351.823150][T11152] get_page_from_freelist+0x111d/0x3140 [ 351.915201][T11152] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 351.976884][T11152] alloc_pages_mpol+0x1fb/0x550 [ 352.046811][T11152] alloc_pages_noprof+0x131/0x390 [ 352.065022][T11152] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 352.085904][T11152] vmalloc_user_noprof+0x9e/0xe0 [ 352.090949][T11152] kcov_ioctl+0x4c/0x720 [ 352.155188][T11152] __x64_sys_ioctl+0x18e/0x210 [ 352.177117][T11152] do_syscall_64+0x106/0xf80 [ 352.205951][T11152] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.262717][T11152] page last free pid 5808 tgid 5808 stack trace: [ 352.363827][T11152] free_unref_folios+0xaea/0x1790 [ 352.434853][T11152] folios_put_refs+0x53c/0x840 [ 352.439756][T11152] free_pages_and_swap_cache+0x242/0x480 [ 352.545047][T11152] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 352.566371][T11152] tlb_finish_mmu+0x1b0/0x810 [ 352.595108][T11152] unmap_region+0x2d9/0x3b0 [ 352.605064][T11152] vms_complete_munmap_vmas+0xa4b/0xdd0 [ 352.635065][T11152] do_vmi_align_munmap+0x44f/0x5f0 [ 352.654397][T11152] do_vmi_munmap+0x1f8/0x3e0 [ 352.679335][T11152] __vm_munmap+0x196/0x390 [ 352.699670][T11152] __x64_sys_munmap+0x59/0x80 [ 352.724949][T11152] do_syscall_64+0x106/0xf80 [ 352.729597][T11152] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.427714][T11176] kAFS: No cell specified [ 354.014760][T11196] FAULT_INJECTION: forcing a failure. [ 354.014760][T11196] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 354.090498][T11196] CPU: 1 UID: 0 PID: 11196 Comm: syz.2.1024 Tainted: G U L syzkaller #0 PREEMPT(full) [ 354.090549][T11196] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 354.090560][T11196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 354.090576][T11196] Call Trace: [ 354.090585][T11196] [ 354.090595][T11196] dump_stack_lvl+0x100/0x190 [ 354.090640][T11196] should_fail_ex.cold+0x5/0xa [ 354.090672][T11196] _copy_from_user+0x2e/0xd0 [ 354.090713][T11196] parse_command+0xa0/0x270 [ 354.090742][T11196] ? __pfx_parse_command+0x10/0x10 [ 354.090772][T11196] bm_status_write+0x30/0x450 [ 354.090791][T11196] vfs_write+0x2aa/0x1070 [ 354.090814][T11196] ? __pfx_bm_status_write+0x10/0x10 [ 354.090830][T11196] ? __pfx_vfs_write+0x10/0x10 [ 354.090851][T11196] ? __fget_files+0x215/0x3d0 [ 354.090876][T11196] ? __fget_files+0x21f/0x3d0 [ 354.090902][T11196] ksys_write+0x12a/0x250 [ 354.090923][T11196] ? __pfx_ksys_write+0x10/0x10 [ 354.090950][T11196] do_syscall_64+0x106/0xf80 [ 354.090966][T11196] ? clear_bhb_loop+0x40/0x90 [ 354.090984][T11196] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 354.090999][T11196] RIP: 0033:0x7fbf56f9c629 [ 354.091012][T11196] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 354.091026][T11196] RSP: 002b:00007fbf57e94028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 354.091041][T11196] RAX: ffffffffffffffda RBX: 00007fbf57215fa0 RCX: 00007fbf56f9c629 [ 354.091051][T11196] RDX: 0000000000000002 RSI: 0000200000002100 RDI: 0000000000000003 [ 354.091059][T11196] RBP: 00007fbf57e94090 R08: 0000000000000000 R09: 0000000000000000 [ 354.091067][T11196] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 354.091075][T11196] R13: 00007fbf57216038 R14: 00007fbf57215fa0 R15: 00007ffe12693dd8 [ 354.091095][T11196] [ 355.127873][T11209] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 356.233734][T11220] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1032'. [ 356.262468][T11227] kAFS: No cell specified [ 356.793500][T11240] kAFS: No cell specified [ 356.920791][T11251] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1035'. [ 357.090385][T11251] mac80211_hwsim hwsim7 : renamed from wlan0 (while UP) [ 357.169172][T11256] [U] [ 357.171884][T11256] [U] [ 357.174554][T11256] [U] [ 357.177227][T11256] [U] [ 357.187222][T11256] [U] [ 357.189959][T11256] [U] [ 357.192693][T11256] [U] [ 357.195407][T11256] [U] [ 357.209327][T11256] [U] [ 357.212085][T11256] [U] [ 357.214803][T11256] [U] [ 357.217520][T11256] [U] [ 357.252324][T11256] [U] [ 357.255036][T11256] [U] [ 357.257742][T11256] [U] [ 357.260432][T11256] [U] [ 357.310914][T11256] [U] [ 357.313628][T11256] [U] [ 357.316308][T11256] [U] [ 357.318984][T11256] [U] [ 357.377598][T11256] [U] [ 357.380354][T11256] [U] [ 357.383072][T11256] [U] [ 357.385791][T11256] [U] [ 357.396530][T11256] [U] [ 357.399256][T11256] [U] [ 357.401931][T11256] [U] [ 357.404607][T11256] [U] [ 357.428270][T11256] [U] [ 357.431036][T11256] [U] [ 357.433760][T11256] [U] [ 357.436466][T11256] [U] [ 357.535659][T11256] [U] [ 357.538379][T11256] [U] [ 357.541058][T11256] [U] [ 357.543724][T11256] [U] [ 357.636104][T11256] [U] [ 357.638857][T11256] [U] [ 357.641560][T11256] [U] [ 357.644255][T11256] [U] [ 357.659359][T11256] [U] [ 357.662122][T11256] [U] [ 357.664838][T11256] [U] [ 357.667553][T11256] [U] [ 357.675511][T11256] [U] [ 357.678255][T11256] [U] [ 357.680974][T11256] [U] [ 357.683687][T11256] [U] [ 357.687521][T11256] [U] [ 357.690253][T11256] [U] [ 357.692971][T11256] [U] [ 357.695683][T11256] [U] [ 357.703953][T11256] [U] [ 357.706694][T11256] [U] [ 357.709408][T11256] [U] [ 357.712125][T11256] [U] [ 357.793956][T11256] [U] [ 357.796725][T11256] [U] [ 357.799432][T11256] [U] [ 357.802131][T11256] [U] [ 357.871476][T11256] [U] [ 357.874207][T11256] [U] [ 357.876902][T11256] [U] [ 357.879620][T11256] [U] [ 358.022442][T11256] [U] [ 358.025213][T11256] [U] [ 358.027940][T11256] [U] [ 358.030669][T11256] [U] [ 358.048588][T11256] [U] [ 358.051348][T11256] [U] [ 358.054068][T11256] [U] [ 358.056791][T11256] [U] [ 358.060237][T11256] [U] [ 358.062983][T11256] [U] [ 358.065707][T11256] [U] [ 358.068425][T11256] [U] [ 358.071500][T11256] [U] [ 358.074237][T11256] [U] [ 358.076955][T11256] [U] [ 358.079680][T11256] [U] [ 358.095441][T11256] [U] [ 358.098200][T11256] [U] [ 358.100904][T11256] [U] [ 358.103607][T11256] [U] [ 358.166941][T11276] EXT4-fs error (device sda1): trigger_test_error:130: comm syz.2.1042: 7 [ 358.184089][T11256] [U] [ 358.807894][T11282] kAFS: No cell specified [ 358.870893][T11294] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 359.003093][T11297] netlink: 'syz.3.1046': attribute type 3 has an invalid length. [ 359.055349][T11296] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input37 [ 359.250726][T11294] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input38 [ 360.284240][T11317] FAULT_INJECTION: forcing a failure. [ 360.284240][T11317] name failslab, interval 1, probability 0, space 0, times 0 [ 360.342355][T11317] CPU: 1 UID: 0 PID: 11317 Comm: syz.3.1049 Tainted: G U L syzkaller #0 PREEMPT(full) [ 360.342406][T11317] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 360.342418][T11317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 360.342435][T11317] Call Trace: [ 360.342445][T11317] [ 360.342456][T11317] dump_stack_lvl+0x100/0x190 [ 360.342504][T11317] should_fail_ex.cold+0x5/0xa [ 360.342537][T11317] should_failslab+0xc2/0x120 [ 360.342581][T11317] __kmalloc_node_noprof+0xe6/0x850 [ 360.342621][T11317] ? load_msg+0x43/0x4a0 [ 360.342657][T11317] load_msg+0x43/0x4a0 [ 360.342692][T11317] do_msgrcv+0x209/0x16f0 [ 360.342724][T11317] ? __pfx_do_msg_fill+0x10/0x10 [ 360.342753][T11317] ? __pfx_do_futex+0x10/0x10 [ 360.342807][T11317] ? __pfx_do_msgrcv+0x10/0x10 [ 360.342837][T11317] ? __x64_sys_futex+0x34f/0x4d0 [ 360.342880][T11317] ? xfd_validate_state+0x129/0x190 [ 360.342933][T11317] ? do_syscall_64+0x106/0xf80 [ 360.342964][T11317] do_syscall_64+0x106/0xf80 [ 360.342994][T11317] ? clear_bhb_loop+0x40/0x90 [ 360.343030][T11317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 360.343060][T11317] RIP: 0033:0x7fe84cd9c629 [ 360.343086][T11317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 360.343114][T11317] RSP: 002b:00007fe84db8b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 360.343142][T11317] RAX: ffffffffffffffda RBX: 00007fe84d015fa0 RCX: 00007fe84cd9c629 [ 360.343161][T11317] RDX: 000000000000f55c RSI: 0000000000000000 RDI: 0000000000000000 [ 360.343179][T11317] RBP: 00007fe84ce32b39 R08: 0000000000004a4d R09: 0000000000000000 [ 360.343197][T11317] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 360.343215][T11317] R13: 00007fe84d016038 R14: 00007fe84d015fa0 R15: 00007ffe72103ea8 [ 360.343254][T11317] [ 361.345076][T11338] QAT: Device 0 not found [ 362.088256][T11344] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input39 [ 362.274993][T11349] FAULT_INJECTION: forcing a failure. [ 362.274993][T11349] name failslab, interval 1, probability 0, space 0, times 0 [ 362.302407][T11349] CPU: 0 UID: 0 PID: 11349 Comm: syz.4.1059 Tainted: G U L syzkaller #0 PREEMPT(full) [ 362.302461][T11349] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 362.302473][T11349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 362.302491][T11349] Call Trace: [ 362.302500][T11349] [ 362.302511][T11349] dump_stack_lvl+0x100/0x190 [ 362.302569][T11349] should_fail_ex.cold+0x5/0xa [ 362.302602][T11349] should_failslab+0xc2/0x120 [ 362.302649][T11349] __kmalloc_node_noprof+0xe6/0x850 [ 362.302690][T11349] ? load_msg+0x43/0x4a0 [ 362.302726][T11349] load_msg+0x43/0x4a0 [ 362.302762][T11349] do_msgrcv+0x209/0x16f0 [ 362.302794][T11349] ? __pfx_do_msg_fill+0x10/0x10 [ 362.302823][T11349] ? __pfx_do_futex+0x10/0x10 [ 362.302870][T11349] ? __pfx_do_msgrcv+0x10/0x10 [ 362.302898][T11349] ? __x64_sys_futex+0x34f/0x4d0 [ 362.302935][T11349] ? xfd_validate_state+0x129/0x190 [ 362.302988][T11349] ? do_syscall_64+0x106/0xf80 [ 362.303019][T11349] do_syscall_64+0x106/0xf80 [ 362.303049][T11349] ? clear_bhb_loop+0x40/0x90 [ 362.303084][T11349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.303115][T11349] RIP: 0033:0x7fd7c819c629 [ 362.303139][T11349] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 362.303168][T11349] RSP: 002b:00007fd7c90c0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 362.303197][T11349] RAX: ffffffffffffffda RBX: 00007fd7c8415fa0 RCX: 00007fd7c819c629 [ 362.303217][T11349] RDX: 000000000000f55c RSI: 0000000000000000 RDI: 0000000000000000 [ 362.303234][T11349] RBP: 00007fd7c8232b39 R08: 0000000000004a4d R09: 0000000000000000 [ 362.303252][T11349] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 362.303269][T11349] R13: 00007fd7c8416038 R14: 00007fd7c8415fa0 R15: 00007ffe2f8844e8 [ 362.303307][T11349] [ 362.547815][T11345] netlink: 'syz.0.1056': attribute type 3 has an invalid length. [ 362.862225][T11351] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input40 [ 364.586475][T11397] QAT: Device 0 not found [ 364.600820][T11395] kAFS: No cell specified [ 364.757010][T11397] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 364.805007][T11397] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 364.813588][T11397] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 364.841140][T11397] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 365.798185][T11408] kAFS: No cell specified [ 366.381388][T11437] sd 0:0:1:0: PR command failed: 1026 [ 366.401913][T11437] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 366.422201][T11437] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 366.705710][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 366.865201][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 366.871493][ T5824] Bluetooth: hci1: command 0x0c1a tx timeout [ 366.877679][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 368.073547][T11474] random: crng reseeded on system resumption [ 368.765358][T11498] kAFS: No cell specified [ 371.550780][T11560] kAFS: No cell specified [ 371.780061][T11565] random: crng reseeded on system resumption [ 372.155373][T11568] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input41 [ 373.363599][T11594] [U] [ 373.366361][T11594] [U] [ 373.369086][T11594] [U] [ 373.371808][T11594] [U] [ 373.420906][T11594] [U] [ 373.423673][T11594] [U] [ 373.426395][T11594] [U] [ 373.429121][T11594] [U] [ 373.578902][T11598] nvme_fabrics: missing parameter 'transport=%s' [ 373.591923][T11598] nvme_fabrics: missing parameter 'nqn=%s' [ 373.592147][T11594] [U] [ 373.600469][T11594] [U] [ 373.603141][T11594] [U] [ 373.605807][T11594] [U] [ 373.660151][T11594] [U] [ 373.662916][T11594] [U] [ 373.665639][T11594] [U] [ 373.668337][T11594] [U] [ 373.685438][T11594] [U] [ 373.688207][T11594] [U] [ 373.690922][T11594] [U] [ 373.693640][T11594] [U] [ 373.709180][T11594] [U] [ 373.711939][T11594] [U] [ 373.714650][T11594] [U] [ 373.717358][T11594] [U] [ 373.788251][T11594] [U] [ 373.790969][T11594] [U] [ 373.793645][T11594] [U] [ 373.796318][T11594] [U] [ 373.852227][T11594] [U] [ 373.854963][T11594] [U] [ 373.857643][T11594] [U] [ 373.860313][T11594] [U] [ 374.297900][T11594] [U] [ 374.300753][T11594] [U] [ 374.303474][T11594] [U] [ 374.306196][T11594] [U] [ 374.311747][T11594] [U] [ 374.314481][T11594] [U] [ 374.317196][T11594] [U] [ 374.319903][T11594] [U] [ 374.323662][T11594] [U] [ 374.326382][T11594] [U] [ 374.329098][T11594] [U] [ 374.331806][T11594] [U] [ 374.337316][T11594] [U] [ 374.340054][T11594] [U] [ 374.342762][T11594] [U] [ 374.345473][T11594] [U] [ 374.685309][T11594] [U] [ 374.688070][T11594] [U] [ 374.690785][T11594] [U] [ 374.693501][T11594] [U] [ 374.728450][T11594] [U] [ 374.731219][T11594] [U] [ 374.733941][T11594] [U] [ 374.736653][T11594] [U] [ 374.809912][T11594] [U] [ 374.812698][T11594] [U] [ 374.815416][T11594] [U] [ 374.818134][T11594] [U] [ 374.848075][T11594] [U] [ 374.850874][T11594] [U] [ 374.853605][T11594] [U] [ 374.856333][T11594] [U] [ 374.915947][T11623] sp0: Synchronizing with TNC [ 374.990860][T11594] [U] [ 374.993627][T11594] [U] [ 374.996345][T11594] [U] [ 374.999060][T11594] [U] [ 375.050841][T11633] FAULT_INJECTION: forcing a failure. [ 375.050841][T11633] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 375.064206][T11633] CPU: 1 UID: 0 PID: 11633 Comm: syz.2.1119 Tainted: G U L syzkaller #0 PREEMPT(full) [ 375.064248][T11633] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 375.064257][T11633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 375.064272][T11633] Call Trace: [ 375.064281][T11633] [ 375.064290][T11633] dump_stack_lvl+0x100/0x190 [ 375.064333][T11633] should_fail_ex.cold+0x5/0xa [ 375.064365][T11633] _copy_from_user+0x2e/0xd0 [ 375.064407][T11633] parse_command+0xa0/0x270 [ 375.064435][T11633] ? __pfx_parse_command+0x10/0x10 [ 375.064472][T11633] bm_status_write+0x30/0x450 [ 375.064509][T11633] vfs_write+0x2aa/0x1070 [ 375.064550][T11633] ? __pfx_bm_status_write+0x10/0x10 [ 375.064582][T11633] ? __pfx_vfs_write+0x10/0x10 [ 375.064620][T11633] ? __fget_files+0x215/0x3d0 [ 375.064667][T11633] ? __fget_files+0x21f/0x3d0 [ 375.064716][T11633] ksys_write+0x12a/0x250 [ 375.064754][T11633] ? __pfx_ksys_write+0x10/0x10 [ 375.064804][T11633] do_syscall_64+0x106/0xf80 [ 375.064841][T11633] ? clear_bhb_loop+0x40/0x90 [ 375.064878][T11633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.064905][T11633] RIP: 0033:0x7fbf56f9c629 [ 375.064926][T11633] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 375.064952][T11633] RSP: 002b:00007fbf57e94028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 375.064978][T11633] RAX: ffffffffffffffda RBX: 00007fbf57215fa0 RCX: 00007fbf56f9c629 [ 375.064996][T11633] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 0000000000000003 [ 375.065012][T11633] RBP: 00007fbf57e94090 R08: 0000000000000000 R09: 0000000000000000 [ 375.065028][T11633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 375.065044][T11633] R13: 00007fbf57216038 R14: 00007fbf57215fa0 R15: 00007ffe12693dd8 [ 375.065082][T11633] [ 375.256431][T11594] [U] [ 375.259174][T11594] [U] [ 375.261880][T11594] [U] [ 375.264662][T11594] [U] [ 375.267890][T11594] [U] [ 375.270665][T11594] [U] [ 375.273337][T11594] [U] [ 375.276035][T11594] [U] [ 375.279098][T11594] [U] [ 375.281910][T11594] [U] [ 375.284625][T11594] [U] [ 375.287338][T11594] [U] [ 375.290682][T11594] [U] [ 375.293409][T11594] [U] [ 375.296120][T11594] [U] [ 375.298838][T11594] [U] [ 375.303474][T11594] [U] [ 375.306172][T11594] [U] [ 375.308844][T11594] [U] [ 375.311510][T11594] [U] [ 375.314623][T11594] [U] [ 375.317346][T11594] [U] [ 375.320058][T11594] [U] [ 375.322774][T11594] [U] [ 375.325831][T11594] [U] [ 375.328551][T11594] [U] [ 375.331272][T11594] [U] [ 375.333987][T11594] [U] [ 375.337474][T11594] [U] [ 375.340208][T11594] [U] [ 375.342934][T11594] [U] [ 375.345654][T11594] [U] [ 375.348734][T11594] [U] [ 375.351466][T11594] [U] [ 375.354184][T11594] [U] [ 375.356902][T11594] [U] [ 375.367642][T11594] [U] [ 375.370391][T11594] [U] [ 375.373080][T11594] [U] [ 375.375782][T11594] [U] [ 375.378705][T11594] [U] [ 375.381383][T11594] [U] [ 375.384050][T11594] [U] [ 375.386751][T11594] [U] [ 375.390704][T11594] [U] [ 375.393433][T11594] [U] [ 375.396149][T11594] [U] [ 375.398864][T11594] [U] [ 375.402125][T11594] [U] [ 375.404851][T11594] [U] [ 375.407545][T11594] [U] [ 375.410211][T11594] [U] [ 375.413462][T11594] [U] [ 375.416174][T11594] [U] [ 375.418882][T11594] [U] [ 375.421587][T11594] [U] [ 375.424754][T11594] [U] [ 375.427442][T11594] [U] [ 375.430112][T11594] [U] [ 375.432784][T11594] [U] [ 375.509789][T11601] [U] [ 375.783340][T11648] netlink: 'syz.4.1123': attribute type 4 has an invalid length. [ 378.654848][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.669700][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.005092][T11712] [U] [ 379.007859][T11712] [U] [ 379.010582][T11712] [U] [ 379.013386][T11712] [U] [ 379.017194][T11712] [U] [ 379.019931][T11712] [U] [ 379.022641][T11712] [U] [ 379.025349][T11712] [U] [ 379.086604][T11712] [U] [ 379.089375][T11712] [U] [ 379.092101][T11712] [U] [ 379.094804][T11712] [U] [ 379.116793][T11712] [U] [ 379.119593][T11712] [U] [ 379.122305][T11712] [U] [ 379.125007][T11712] [U] [ 379.134586][T11712] [U] [ 379.137337][T11712] [U] [ 379.140045][T11712] [U] [ 379.142743][T11712] [U] [ 379.165481][T11712] [U] [ 379.168242][T11712] [U] [ 379.170934][T11712] [U] [ 379.173618][T11712] [U] [ 379.177350][T11712] [U] [ 379.180053][T11712] [U] [ 379.182726][T11712] [U] [ 379.185421][T11712] [U] [ 379.219897][T11712] [U] [ 379.222660][T11712] [U] [ 379.225390][T11712] [U] [ 379.228108][T11712] [U] [ 379.356078][T11712] [U] [ 379.358838][T11712] [U] [ 379.361553][T11712] [U] [ 379.364267][T11712] [U] [ 379.409636][T11712] [U] [ 379.412399][T11712] [U] [ 379.415112][T11712] [U] [ 379.417846][T11712] [U] [ 379.426645][T11712] [U] [ 379.429397][T11712] [U] [ 379.432116][T11712] [U] [ 379.434833][T11712] [U] [ 379.441451][T11712] [U] [ 379.444217][T11712] [U] [ 379.446935][T11712] [U] [ 379.449651][T11712] [U] [ 379.453472][T11712] [U] [ 379.456209][T11712] [U] [ 379.458924][T11712] [U] [ 379.461728][T11712] [U] [ 379.499378][T11712] [U] [ 379.502144][T11712] [U] [ 379.504862][T11712] [U] [ 379.507557][T11712] [U] [ 379.516185][T11712] [U] [ 379.518934][T11712] [U] [ 379.521652][T11712] [U] [ 379.524397][T11712] [U] [ 379.527536][T11712] [U] [ 379.530265][T11712] [U] [ 379.532982][T11712] [U] [ 379.535694][T11712] [U] [ 379.555367][T11712] [U] [ 379.558129][T11712] [U] [ 379.560851][T11712] [U] [ 379.563571][T11712] [U] [ 379.621884][T11712] [U] [ 379.624621][T11712] [U] [ 379.627304][T11712] [U] [ 379.629977][T11712] [U] [ 379.715650][T11712] [U] [ 379.718372][T11712] [U] [ 379.721059][T11712] [U] [ 379.723733][T11712] [U] [ 379.803673][T11712] [U] [ 379.806390][T11712] [U] [ 379.809076][T11712] [U] [ 379.811749][T11712] [U] [ 379.995618][T11712] [U] [ 379.998376][T11712] [U] [ 380.001070][T11712] [U] [ 380.003740][T11712] [U] [ 380.049274][T11712] [U] [ 380.052034][T11712] [U] [ 380.054750][T11712] [U] [ 380.057477][T11712] [U] [ 380.238440][T11742] db_root: not a directory: /dev/audio1 [ 380.244742][ T30] audit: type=1800 audit(4294967311.770:11): pid=11742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1139" name="dbroot" dev="configfs" ino=40049 res=0 errno=0 [ 380.274260][T11712] [U] [ 380.276974][T11712] [U] [ 380.279648][T11712] [U] [ 380.282320][T11712] [U] [ 380.407946][T11712] [U] [ 380.410688][T11712] [U] [ 380.413369][T11712] [U] [ 380.416047][T11712] [U] [ 380.562734][T11712] [U] [ 380.565471][T11712] [U] [ 380.568179][T11712] [U] [ 380.570882][T11712] [U] [ 380.676029][T11712] [U] [ 380.678775][T11712] [U] [ 380.681447][T11712] [U] [ 380.684118][T11712] [U] [ 380.787440][T11712] [U] [ 382.476203][T11795] kAFS: No cell specified [ 382.532246][T11790] hub 1-0:1.0: USB hub found [ 382.558141][T11790] hub 1-0:1.0: 1 port detected [ 385.999904][T11873] FAULT_INJECTION: forcing a failure. [ 385.999904][T11873] name failslab, interval 1, probability 0, space 0, times 0 [ 386.038169][T11873] CPU: 0 UID: 0 PID: 11873 Comm: syz.0.1176 Tainted: G U L syzkaller #0 PREEMPT(full) [ 386.038222][T11873] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 386.038235][T11873] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 386.038252][T11873] Call Trace: [ 386.038262][T11873] [ 386.038272][T11873] dump_stack_lvl+0x100/0x190 [ 386.038320][T11873] should_fail_ex.cold+0x5/0xa [ 386.038353][T11873] should_failslab+0xc2/0x120 [ 386.038399][T11873] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 386.038438][T11873] ? security_file_alloc+0x34/0x2c0 [ 386.038483][T11873] ? trace_kmem_cache_alloc+0xf3/0x120 [ 386.038518][T11873] security_file_alloc+0x34/0x2c0 [ 386.038556][T11873] init_file+0x95/0x480 [ 386.038586][T11873] alloc_empty_file+0x73/0x1c0 [ 386.038619][T11873] alloc_file_pseudo+0x13a/0x230 [ 386.038653][T11873] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 386.038688][T11873] ? _raw_spin_unlock+0x28/0x50 [ 386.038730][T11873] ? alloc_fd+0x476/0x790 [ 386.038782][T11873] __anon_inode_getfile+0xe8/0x280 [ 386.038820][T11873] __anon_inode_getfd+0x5c/0xe0 [ 386.038856][T11873] do_inotify_init+0x483/0x5e0 [ 386.038892][T11873] __x64_sys_inotify_init1+0x30/0x40 [ 386.038924][T11873] do_syscall_64+0x106/0xf80 [ 386.038953][T11873] ? clear_bhb_loop+0x40/0x90 [ 386.038989][T11873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.039019][T11873] RIP: 0033:0x7f38ad39c629 [ 386.039043][T11873] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 386.039071][T11873] RSP: 002b:00007f38ae1a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 386.039099][T11873] RAX: ffffffffffffffda RBX: 00007f38ad615fa0 RCX: 00007f38ad39c629 [ 386.039118][T11873] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 386.039135][T11873] RBP: 00007f38ad432b39 R08: 0000000000000000 R09: 0000000000000000 [ 386.039153][T11873] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 386.039169][T11873] R13: 00007f38ad616038 R14: 00007f38ad615fa0 R15: 00007ffd213d5a78 [ 386.039207][T11873] [ 386.072345][T11875] nvme_fabrics: missing parameter 'transport=%s' [ 386.340979][T11875] nvme_fabrics: missing parameter 'nqn=%s' [ 386.609939][T11884] FAULT_INJECTION: forcing a failure. [ 386.609939][T11884] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 386.643926][T11884] CPU: 0 UID: 0 PID: 11884 Comm: syz.2.1170 Tainted: G U L syzkaller #0 PREEMPT(full) [ 386.643976][T11884] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 386.643986][T11884] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 386.644003][T11884] Call Trace: [ 386.644012][T11884] [ 386.644022][T11884] dump_stack_lvl+0x100/0x190 [ 386.644069][T11884] should_fail_ex.cold+0x5/0xa [ 386.644102][T11884] _copy_to_user+0x32/0xd0 [ 386.644146][T11884] simple_read_from_buffer+0xcb/0x170 [ 386.644189][T11884] proc_fail_nth_read+0x1af/0x230 [ 386.644222][T11884] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 386.644252][T11884] ? rw_verify_area+0xce/0x6d0 [ 386.644284][T11884] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 386.644310][T11884] vfs_read+0x1e4/0xb30 [ 386.644352][T11884] ? __pfx_vfs_read+0x10/0x10 [ 386.644387][T11884] ? __fget_files+0x215/0x3d0 [ 386.644432][T11884] ? __fget_files+0x21f/0x3d0 [ 386.644481][T11884] ksys_read+0x12a/0x250 [ 386.644517][T11884] ? __pfx_ksys_read+0x10/0x10 [ 386.644565][T11884] do_syscall_64+0x106/0xf80 [ 386.644595][T11884] ? clear_bhb_loop+0x40/0x90 [ 386.644637][T11884] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.644666][T11884] RIP: 0033:0x7fbf56f5cece [ 386.644690][T11884] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 386.644717][T11884] RSP: 002b:00007fbf57e93fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 386.644744][T11884] RAX: ffffffffffffffda RBX: 00007fbf57e946c0 RCX: 00007fbf56f5cece [ 386.644763][T11884] RDX: 000000000000000f RSI: 00007fbf57e940a0 RDI: 0000000000000004 [ 386.644779][T11884] RBP: 00007fbf57e94090 R08: 0000000000000000 R09: 0000000000000000 [ 386.644796][T11884] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 386.644813][T11884] R13: 00007fbf57216038 R14: 00007fbf57215fa0 R15: 00007ffe12693dd8 [ 386.644851][T11884] [ 387.083110][T11892] FAULT_INJECTION: forcing a failure. [ 387.083110][T11892] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 387.129203][T11892] CPU: 0 UID: 0 PID: 11892 Comm: syz.2.1172 Tainted: G U L syzkaller #0 PREEMPT(full) [ 387.129250][T11892] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 387.129260][T11892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 387.129275][T11892] Call Trace: [ 387.129284][T11892] [ 387.129294][T11892] dump_stack_lvl+0x100/0x190 [ 387.129335][T11892] should_fail_ex.cold+0x5/0xa [ 387.129363][T11892] _copy_to_user+0x32/0xd0 [ 387.129410][T11892] simple_read_from_buffer+0xcb/0x170 [ 387.129450][T11892] proc_fail_nth_read+0x1af/0x230 [ 387.129481][T11892] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 387.129512][T11892] ? rw_verify_area+0xce/0x6d0 [ 387.129547][T11892] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 387.129578][T11892] vfs_read+0x1e4/0xb30 [ 387.129620][T11892] ? __pfx_vfs_read+0x10/0x10 [ 387.129656][T11892] ? __fget_files+0x215/0x3d0 [ 387.129704][T11892] ? __fget_files+0x21f/0x3d0 [ 387.129754][T11892] ksys_read+0x12a/0x250 [ 387.129791][T11892] ? __pfx_ksys_read+0x10/0x10 [ 387.129840][T11892] do_syscall_64+0x106/0xf80 [ 387.129869][T11892] ? clear_bhb_loop+0x40/0x90 [ 387.129902][T11892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.129930][T11892] RIP: 0033:0x7fbf56f5cece [ 387.129954][T11892] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 387.129980][T11892] RSP: 002b:00007fbf57e93fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 387.130011][T11892] RAX: ffffffffffffffda RBX: 00007fbf57e946c0 RCX: 00007fbf56f5cece [ 387.130029][T11892] RDX: 000000000000000f RSI: 00007fbf57e940a0 RDI: 0000000000000004 [ 387.130046][T11892] RBP: 00007fbf57e94090 R08: 0000000000000000 R09: 0000000000000000 [ 387.130063][T11892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 387.130079][T11892] R13: 00007fbf57216038 R14: 00007fbf57215fa0 R15: 00007ffe12693dd8 [ 387.130117][T11892] [ 390.454593][T11979] ubi31: attaching mtd0 [ 390.470388][T11979] ubi31: scanning is finished [ 390.528703][T11979] ubi31: empty MTD device detected [ 391.175196][T11979] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 391.214860][T11979] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3518 bytes [ 391.259869][T11979] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 391.288572][T11979] ubi31: VID header offset: 514 (aligned 514), data offset: 578 [ 391.334795][T11979] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 391.364598][T11979] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 20 [ 391.394592][T11979] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 3547213194 [ 391.443083][T11979] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 391.525296][T11993] ubi31: background thread "ubi_bgt31d" started, PID 11993 [ 393.784626][ T5910] Process accounting resumed [ 396.237980][T12100] kAFS: No cell specified [ 398.575288][T12132] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1233'. [ 398.607211][ T5837] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 398.614778][ T5837] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 399.613367][T12146] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1228'. [ 399.990220][T12153] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1229'. [ 402.980366][ T5824] Bluetooth: hci0: unexpected event 0x1d length: 6 > 5 [ 406.249498][T12271] kAFS: No cell specified [ 406.321562][ T5824] Bluetooth: hci1: unexpected event 0x3c length: 254 > 7 [ 406.662937][T12283] zswap: compressor not available [ 407.174758][T12299] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1263'. [ 408.878589][ T5824] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 408.886213][ T5824] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 411.229945][T12379] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1277'. [ 411.321514][ T5824] Bluetooth: hci3: unexpected event 0x1d length: 6 > 5 [ 412.240358][T12396] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1282'. [ 412.674965][T12419] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 412.847707][ T5946] Process accounting resumed [ 416.751708][T12498] bonding: no command found in bonding_masters - use +ifname or -ifname [ 417.037927][T12502] zswap: compressor not available [ 418.345363][T12529] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1308'. [ 420.473904][T12580] zswap: compressor not available [ 421.189795][T12585] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 421.214903][T12585] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 421.221380][T12585] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 421.231137][T12585] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 421.867617][T12614] bridge0: port 3(dummy0) entered blocking state [ 421.888716][T12614] bridge0: port 3(dummy0) entered disabled state [ 421.926182][T12614] dummy0: entered allmulticast mode [ 421.970689][T12614] dummy0: entered promiscuous mode [ 421.995195][T12614] bridge0: port 3(dummy0) entered blocking state [ 422.001659][T12614] bridge0: port 3(dummy0) entered forwarding state [ 422.547610][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 423.267654][ T5837] Bluetooth: hci3: command 0x0c1a tx timeout [ 423.273836][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 423.280109][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 424.534640][T12679] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1333'. [ 424.681290][T12671] zswap: compressor not available [ 426.600178][T12709] ubi0: attaching mtd1 [ 426.604304][T12709] ubi0 error: ubi_attach_mtd_dev: bad VID header (16777279) or data offsets (16777343) [ 428.148338][T12740] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1346'. [ 429.169674][T12767] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1354'. [ 429.513979][T12774] bridge0: port 4(gretap0) entered blocking state [ 429.521576][T12774] bridge0: port 4(gretap0) entered disabled state [ 429.568839][T12774] gretap0: entered allmulticast mode [ 429.613000][T12774] gretap0: entered promiscuous mode [ 429.620305][T12774] bridge0: port 4(gretap0) entered blocking state [ 429.626863][T12774] bridge0: port 4(gretap0) entered forwarding state [ 430.883150][T12785] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 430.889794][T12785] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 430.896172][T12785] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 430.902954][T12785] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 431.471444][T12804] FAULT_INJECTION: forcing a failure. [ 431.471444][T12804] name failslab, interval 1, probability 0, space 0, times 0 [ 431.561710][T12804] CPU: 0 UID: 0 PID: 12804 Comm: syz.3.1363 Tainted: G U L syzkaller #0 PREEMPT(full) [ 431.561760][T12804] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 431.561771][T12804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 431.561789][T12804] Call Trace: [ 431.561798][T12804] [ 431.561809][T12804] dump_stack_lvl+0x100/0x190 [ 431.561873][T12804] should_fail_ex.cold+0x5/0xa [ 431.561907][T12804] ? lsm_blob_alloc+0x68/0x90 [ 431.561938][T12804] should_failslab+0xc2/0x120 [ 431.561985][T12804] __kmalloc_noprof+0xe0/0x850 [ 431.562025][T12804] ? trace_kmem_cache_alloc+0xf3/0x120 [ 431.562059][T12804] lsm_blob_alloc+0x68/0x90 [ 431.562103][T12804] security_sk_alloc+0x2d/0x290 [ 431.562145][T12804] sk_prot_alloc+0x1d1/0x2a0 [ 431.562196][T12804] sk_alloc+0x36/0xe80 [ 431.562230][T12804] inet6_create+0x385/0x12b0 [ 431.562265][T12804] ? inet6_create+0x7f/0x12b0 [ 431.562316][T12804] __sock_create+0x339/0x860 [ 431.562364][T12804] __sys_socket+0x14d/0x260 [ 431.562413][T12804] ? __pfx___sys_socket+0x10/0x10 [ 431.562465][T12804] __x64_sys_socket+0x72/0xb0 [ 431.562512][T12804] ? lockdep_hardirqs_on+0x78/0x100 [ 431.562545][T12804] do_syscall_64+0x106/0xf80 [ 431.562575][T12804] ? clear_bhb_loop+0x40/0x90 [ 431.562610][T12804] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.562640][T12804] RIP: 0033:0x7fe84cd9c629 [ 431.562673][T12804] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 431.562702][T12804] RSP: 002b:00007fe84db8b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 431.562729][T12804] RAX: ffffffffffffffda RBX: 00007fe84d015fa0 RCX: 00007fe84cd9c629 [ 431.562748][T12804] RDX: 000000000000003a RSI: 0000000000000002 RDI: 000000000000000a [ 431.562766][T12804] RBP: 00007fe84ce32b39 R08: 0000000000000000 R09: 0000000000000000 [ 431.562784][T12804] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.562801][T12804] R13: 00007fe84d016038 R14: 00007fe84d015fa0 R15: 00007ffe72103ea8 [ 431.562838][T12804] [ 432.388534][ T5824] Bluetooth: hci0: command 0x0c1a tx timeout [ 432.947183][ T5824] Bluetooth: hci4: command 0x0c1a tx timeout [ 432.953315][ T5824] Bluetooth: hci3: command 0x0c1a tx timeout [ 432.957381][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 433.142600][T12845] batman_adv: Routing algorithm '7' is not supported [ 434.446332][T12887] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 434.506704][T12887] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 434.779765][T12901] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1384'. [ 435.334349][T12922] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 435.484943][T12928] FAULT_INJECTION: forcing a failure. [ 435.484943][T12928] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 435.521714][T12928] CPU: 1 UID: 0 PID: 12928 Comm: syz.4.1393 Tainted: G U L syzkaller #0 PREEMPT(full) [ 435.521764][T12928] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 435.521775][T12928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 435.521799][T12928] Call Trace: [ 435.521810][T12928] [ 435.521819][T12928] dump_stack_lvl+0x100/0x190 [ 435.521869][T12928] should_fail_ex.cold+0x5/0xa [ 435.521898][T12928] ? prepare_alloc_pages+0x16d/0x5f0 [ 435.521931][T12928] should_fail_alloc_page+0xeb/0x140 [ 435.521982][T12928] prepare_alloc_pages+0x1f0/0x5f0 [ 435.522022][T12928] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 435.522068][T12928] ? stack_trace_save+0x8e/0xc0 [ 435.522113][T12928] ? __pfx_stack_trace_save+0x10/0x10 [ 435.522160][T12928] ? stack_depot_save_flags+0x27/0x9d0 [ 435.522214][T12928] ? kasan_save_stack+0x3f/0x50 [ 435.522256][T12928] ? kasan_save_stack+0x30/0x50 [ 435.522297][T12928] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 435.522338][T12928] ? __pmd_alloc+0xbf/0x9c0 [ 435.522364][T12928] ? __handle_mm_fault+0xa99/0x2b60 [ 435.522396][T12928] ? handle_mm_fault+0x36d/0xa20 [ 435.522428][T12928] ? populate_vma_page_range+0x267/0x3f0 [ 435.522460][T12928] ? do_mlock+0x3f0/0x7f0 [ 435.522493][T12928] ? __x64_sys_mlock+0x59/0x80 [ 435.522530][T12928] ? do_syscall_64+0x106/0xf80 [ 435.522560][T12928] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.522603][T12928] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 435.522648][T12928] ? policy_nodemask+0xed/0x4f0 [ 435.522697][T12928] alloc_pages_mpol+0x1fb/0x550 [ 435.522744][T12928] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 435.522808][T12928] alloc_pages_noprof+0x131/0x390 [ 435.522858][T12928] pte_alloc_one+0x1e/0x3e0 [ 435.522891][T12928] do_fault+0x8cc/0x1950 [ 435.522920][T12928] ? __pmd_alloc+0x6aa/0x9c0 [ 435.522955][T12928] __handle_mm_fault+0x180f/0x2b60 [ 435.522997][T12928] ? mt_find+0x45e/0x8e0 [ 435.523033][T12928] ? __pfx___handle_mm_fault+0x10/0x10 [ 435.523067][T12928] ? __pfx_mt_find+0x10/0x10 [ 435.523125][T12928] handle_mm_fault+0x36d/0xa20 [ 435.523163][T12928] __get_user_pages+0xf9c/0x34d0 [ 435.523205][T12928] ? __pfx___get_user_pages+0x10/0x10 [ 435.523242][T12928] populate_vma_page_range+0x267/0x3f0 [ 435.523275][T12928] ? __pfx_populate_vma_page_range+0x10/0x10 [ 435.523303][T12928] ? __pfx_find_vma_intersection+0x10/0x10 [ 435.523349][T12928] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 435.523389][T12928] __mm_populate+0x107/0x3a0 [ 435.523421][T12928] ? __pfx___mm_populate+0x10/0x10 [ 435.523454][T12928] ? up_write+0x290/0x4f0 [ 435.523497][T12928] do_mlock+0x3f0/0x7f0 [ 435.523540][T12928] ? __pfx_do_mlock+0x10/0x10 [ 435.523592][T12928] ? __x64_sys_futex+0x34f/0x4d0 [ 435.523626][T12928] ? __x64_sys_futex+0x358/0x4d0 [ 435.523665][T12928] ? xfd_validate_state+0x129/0x190 [ 435.523717][T12928] __x64_sys_mlock+0x59/0x80 [ 435.523756][T12928] do_syscall_64+0x106/0xf80 [ 435.523786][T12928] ? clear_bhb_loop+0x40/0x90 [ 435.523830][T12928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 435.523860][T12928] RIP: 0033:0x7fd7c819c629 [ 435.523884][T12928] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 435.523912][T12928] RSP: 002b:00007fd7c90c0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 435.523939][T12928] RAX: ffffffffffffffda RBX: 00007fd7c8415fa0 RCX: 00007fd7c819c629 [ 435.523957][T12928] RDX: 0000000000000000 RSI: 0000000000080006 RDI: 0000000000000112 [ 435.523973][T12928] RBP: 00007fd7c8232b39 R08: 0000000000000000 R09: 0000000000000000 [ 435.523989][T12928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 435.524003][T12928] R13: 00007fd7c8416038 R14: 00007fd7c8415fa0 R15: 00007ffe2f8844e8 [ 435.524039][T12928] [ 435.930537][T12928] netlink: 25 bytes leftover after parsing attributes in process `syz.4.1393'. [ 436.862974][T12959] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1398'. [ 437.246741][T12966] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1400'. [ 437.746846][T12992] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 437.912684][T12989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1407'. [ 438.695288][T13010] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 438.714314][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 438.723510][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 438.732718][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 438.754402][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 438.790657][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 438.812768][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 438.843082][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 438.984157][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 439.061814][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 439.097159][T13012] futex_wake_op: syz.3.1411 tries to shift op by -2048; fix this program [ 439.723199][T13044] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1414'. [ 440.070285][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.078334][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.176847][T13051] nbd: must specify at least one socket [ 440.916397][T13073] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 440.978667][T13076] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1423'. [ 442.342050][T13099] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1429'. [ 442.501675][T13106] nbd: must specify at least one socket [ 444.561874][T13166] nbd: must specify at least one socket [ 444.581250][T13166] FAULT_INJECTION: forcing a failure. [ 444.581250][T13166] name failslab, interval 1, probability 0, space 0, times 0 [ 444.684854][T13166] CPU: 0 UID: 0 PID: 13166 Comm: syz.4.1444 Tainted: G U L syzkaller #0 PREEMPT(full) [ 444.684903][T13166] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 444.684914][T13166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 444.684930][T13166] Call Trace: [ 444.684940][T13166] [ 444.684950][T13166] dump_stack_lvl+0x100/0x190 [ 444.684999][T13166] should_fail_ex.cold+0x5/0xa [ 444.685031][T13166] should_failslab+0xc2/0x120 [ 444.685064][T13166] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 444.685087][T13166] ? __alloc_skb+0x140/0x710 [ 444.685105][T13166] __alloc_skb+0x140/0x710 [ 444.685118][T13166] ? __alloc_skb+0x5b7/0x710 [ 444.685132][T13166] ? __pfx___alloc_skb+0x10/0x10 [ 444.685145][T13166] ? rtnl_prop_list_size+0x144/0x2c0 [ 444.685162][T13166] ? if_nlmsg_size+0x4a4/0xb30 [ 444.685181][T13166] rtmsg_ifinfo_build_skb+0x81/0x260 [ 444.685203][T13166] unregister_netdevice_many_notify+0x12b6/0x2580 [ 444.685230][T13166] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 444.685249][T13166] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 444.685279][T13166] unregister_netdevice_queue+0x30b/0x3c0 [ 444.685298][T13166] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 444.685316][T13166] ? __pfx_locks_remove_file+0x10/0x10 [ 444.685335][T13166] ppp_release+0x211/0x230 [ 444.685350][T13166] ? __pfx_ppp_release+0x10/0x10 [ 444.685363][T13166] __fput+0x3ff/0xb40 [ 444.685384][T13166] task_work_run+0x150/0x240 [ 444.685406][T13166] ? __pfx_task_work_run+0x10/0x10 [ 444.685433][T13166] exit_to_user_mode_loop+0x100/0x4a0 [ 444.685453][T13166] do_syscall_64+0x668/0xf80 [ 444.685469][T13166] ? clear_bhb_loop+0x40/0x90 [ 444.685487][T13166] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 444.685502][T13166] RIP: 0033:0x7fd7c819c629 [ 444.685516][T13166] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 444.685531][T13166] RSP: 002b:00007fd7c90c0028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 444.685545][T13166] RAX: 0000000000000000 RBX: 00007fd7c8415fa0 RCX: 00007fd7c819c629 [ 444.685555][T13166] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 444.685563][T13166] RBP: 00007fd7c8232b39 R08: 0000000000000000 R09: 0000000000000000 [ 444.685571][T13166] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 444.685580][T13166] R13: 00007fd7c8416038 R14: 00007fd7c8415fa0 R15: 00007ffe2f8844e8 [ 444.685600][T13166] [ 445.540646][T13180] block nbd7: not configured, cannot reconfigure [ 446.686768][T13220] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1459'. [ 447.094851][T13229] dyndbg: bad flag-op , at start of  [ 447.105791][T13229] dyndbg: flags parse failed [ 447.356554][ T30] audit: type=1326 audit(4294967313.270:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13233 comm="syz.2.1463" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbf56f9c629 code=0x0 [ 448.270637][T13216] kexec: Could not allocate control_code_buffer [ 448.840607][T13274] vivid-007: ================= START STATUS ================= [ 448.884856][T13274] vivid-007: Generate PTS: true [ 448.923975][T13274] vivid-007: Generate SCR: true [ 448.934333][T13274] tpg source WxH: 320x240 (Y'CbCr) [ 448.975710][T13274] tpg field: 1 [ 448.984188][T13274] tpg crop: (0,0)/320x240 [ 448.999658][T13274] tpg compose: (0,0)/320x240 [ 449.016332][T13274] tpg colorspace: 8 [ 449.101533][T13274] tpg transfer function: 0/0 [ 449.106183][T13274] tpg Y'CbCr encoding: 0/0 [ 449.124526][T13274] tpg quantization: 0/0 [ 449.226694][T13274] tpg RGB range: 0/2 [ 449.265186][T13274] vivid-007: ================== END STATUS ================== [ 449.702938][T13284] sp0: Synchronizing with TNC [ 451.300895][T13326] zswap: compressor not available [ 451.307397][T13325] zswap: compressor not available [ 452.106128][T13348] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 452.164606][T13351] dyndbg: bad flag-op , at start of  [ 452.177086][T13351] dyndbg: flags parse failed [ 452.886006][T13366] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1491'. [ 453.217904][ T5832] rtc_cmos 00:00: Alarms can be up to one day in the future [ 453.247299][ T5832] rtc_cmos 00:00: Alarms can be up to one day in the future [ 453.261873][ T5832] rtc_cmos 00:00: Alarms can be up to one day in the future [ 453.280913][ T5832] rtc_cmos 00:00: Alarms can be up to one day in the future [ 453.359822][ T5832] rtc rtc0: __rtc_set_alarm: err=-22 [ 453.536285][T13383] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1496'. [ 454.647381][T13402] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 455.801482][T13445] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 456.664958][T13461] kAFS: No cell specified [ 456.916778][T13465] kAFS: No cell specified [ 457.911593][T13501] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1518'. [ 458.352857][T13505] ecryptfs_miscdev_write: Invalid packet size [192] [ 459.689221][T13533] vivid-007: ================= START STATUS ================= [ 459.696872][T13533] vivid-007: Generate PTS: true [ 459.744777][T13533] vivid-007: Generate SCR: true [ 459.758252][T13533] tpg source WxH: 320x240 (Y'CbCr) [ 459.769250][T13533] tpg field: 1 [ 459.772719][T13533] tpg crop: (0,0)/320x240 [ 459.793785][T13533] tpg compose: (0,0)/320x240 [ 459.809511][T13533] tpg colorspace: 8 [ 459.823887][T13533] tpg transfer function: 0/0 [ 459.837182][T13533] tpg Y'CbCr encoding: 0/0 [ 459.841653][T13533] tpg quantization: 0/0 [ 459.845831][T13533] tpg RGB range: 0/2 [ 459.852902][T13534] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 459.877852][T13533] vivid-007: ================== END STATUS ================== [ 460.541079][T13553] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1531'. [ 461.252628][T13577] netlink: 'syz.2.1534': attribute type 1 has an invalid length. [ 461.810272][T13581] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1535'. [ 461.855933][T13578] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 461.902919][T13578] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 461.932110][T13578] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 461.954392][T13578] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 463.335602][T13622] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 463.907231][T12840] Bluetooth: hci1: command 0x0c1a tx timeout [ 463.907229][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 463.989385][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 463.995594][T12840] Bluetooth: hci3: command 0x0c1a tx timeout [ 464.359328][T13638] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1545'. [ 466.608627][T13684] block nbd7: not configured, cannot reconfigure [ 466.627627][T13684] block nbd7: not configured, cannot reconfigure [ 466.634164][T13684] block nbd7: not configured, cannot reconfigure [ 466.643760][T13684] block nbd7: not configured, cannot reconfigure [ 466.651807][T13684] block nbd7: not configured, cannot reconfigure [ 466.690878][T13684] block nbd7: not configured, cannot reconfigure [ 466.729277][T13684] block nbd7: not configured, cannot reconfigure [ 466.756554][T13684] block nbd7: not configured, cannot reconfigure [ 466.766897][T13684] block nbd7: not configured, cannot reconfigure [ 466.777447][T13684] block nbd7: not configured, cannot reconfigure [ 466.807436][T13684] block nbd7: not configured, cannot reconfigure [ 466.823421][T13684] block nbd7: not configured, cannot reconfigure [ 466.868784][T13684] block nbd7: not configured, cannot reconfigure [ 466.951283][T13684] block nbd7: not configured, cannot reconfigure [ 466.960194][T13684] block nbd7: not configured, cannot reconfigure [ 466.969091][T13684] block nbd7: not configured, cannot reconfigure [ 466.976875][T13684] block nbd7: not configured, cannot reconfigure [ 466.984078][T13684] block nbd7: not configured, cannot reconfigure [ 466.993640][T13684] block nbd7: not configured, cannot reconfigure [ 467.002022][T13684] block nbd7: not configured, cannot reconfigure [ 467.009485][T13684] block nbd7: not configured, cannot reconfigure [ 467.017429][T13684] block nbd7: not configured, cannot reconfigure [ 467.024035][T13684] block nbd7: not configured, cannot reconfigure [ 467.057591][T13684] block nbd7: not configured, cannot reconfigure [ 467.065452][T13684] block nbd7: not configured, cannot reconfigure [ 467.107555][T13684] block nbd7: not configured, cannot reconfigure [ 469.260274][T13728] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1565'. [ 469.919651][T13745] kAFS: No cell specified syzkaller syzkaller login: [ 472.581435][T13805] kAFS: No cell specified [ 473.523730][T13828] FAULT_INJECTION: forcing a failure. [ 473.523730][T13828] name failslab, interval 1, probability 0, space 0, times 0 [ 473.536806][T13828] CPU: 1 UID: 0 PID: 13828 Comm: syz.2.1584 Tainted: G U L syzkaller #0 PREEMPT(full) [ 473.536834][T13828] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 473.536840][T13828] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 473.536849][T13828] Call Trace: [ 473.536855][T13828] [ 473.536862][T13828] dump_stack_lvl+0x100/0x190 [ 473.536890][T13828] should_fail_ex.cold+0x5/0xa [ 473.536908][T13828] should_failslab+0xc2/0x120 [ 473.536932][T13828] __kmalloc_cache_noprof+0x7a/0x6f0 [ 473.536951][T13828] ? tipc_nametbl_insert_publ+0x6f5/0x1580 [ 473.536974][T13828] tipc_nametbl_insert_publ+0x6f5/0x1580 [ 473.537017][T13828] tipc_nametbl_publish+0x137/0x260 [ 473.537055][T13828] tipc_sk_publish+0x1d8/0x430 [ 473.537083][T13828] ? __pfx_tipc_sk_publish+0x10/0x10 [ 473.537104][T13828] ? __local_bh_enable_ip+0x9e/0x120 [ 473.537122][T13828] tipc_sk_bind+0x16f/0x380 [ 473.537141][T13828] tipc_bind+0x18d/0x280 [ 473.537161][T13828] __sys_bind+0x1a9/0x260 [ 473.537183][T13828] ? __pfx___sys_bind+0x10/0x10 [ 473.537217][T13828] __x64_sys_bind+0x72/0xb0 [ 473.537237][T13828] ? lockdep_hardirqs_on+0x78/0x100 [ 473.537255][T13828] do_syscall_64+0x106/0xf80 [ 473.537270][T13828] ? clear_bhb_loop+0x40/0x90 [ 473.537289][T13828] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.537304][T13828] RIP: 0033:0x7fbf56f9c629 [ 473.537319][T13828] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 473.537334][T13828] RSP: 002b:00007fbf57e73028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 473.537351][T13828] RAX: ffffffffffffffda RBX: 00007fbf57216090 RCX: 00007fbf56f9c629 [ 473.537361][T13828] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000001 [ 473.537369][T13828] RBP: 00007fbf57032b39 R08: 0000000000000000 R09: 0000000000000000 [ 473.537378][T13828] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 473.537386][T13828] R13: 00007fbf57216128 R14: 00007fbf57216090 R15: 00007ffe12693dd8 [ 473.537406][T13828] [ 473.738946][T13828] tipc: Failed to bind to 64,0,2 [ 474.378389][T13838] nbd: must specify an index to disconnect [ 474.520692][T13845] netlink: 'syz.2.1587': attribute type 33 has an invalid length. [ 474.528803][T13845] netlink: 322 bytes leftover after parsing attributes in process `syz.2.1587'. [ 474.751307][T13852] netlink: 'syz.3.1590': attribute type 1 has an invalid length. [ 474.811377][T13856] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1591'. [ 474.950588][T13858] kAFS: No cell specified [ 475.229900][T13852] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 475.256038][T13852] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 475.280252][T13852] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 475.299137][T13852] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 475.777707][T13872] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 475.834385][T13873] Console: switching to colour frame buffer device 128x48 [ 476.060593][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 476.069350][ T5831] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 477.267505][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 477.273600][T12840] Bluetooth: hci0: command 0x0c1a tx timeout [ 477.347162][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 477.353295][T12840] Bluetooth: hci3: command 0x0c1a tx timeout [ 477.901761][T13909] kAFS: No cell specified [ 478.520208][T13921] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1610'. [ 478.874446][T13930] sp0: Synchronizing with TNC [ 479.929963][ T5831] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 481.238617][T13977] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1620'. [ 481.259322][T13976] FAULT_INJECTION: forcing a failure. [ 481.259322][T13976] name failslab, interval 1, probability 0, space 0, times 0 [ 481.272449][T13976] CPU: 0 UID: 0 PID: 13976 Comm: syz.3.1619 Tainted: G U L syzkaller #0 PREEMPT(full) [ 481.272502][T13976] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 481.272514][T13976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 481.272533][T13976] Call Trace: [ 481.272543][T13976] [ 481.272556][T13976] dump_stack_lvl+0x100/0x190 [ 481.272605][T13976] should_fail_ex.cold+0x5/0xa [ 481.272638][T13976] should_failslab+0xc2/0x120 [ 481.272687][T13976] __kmalloc_cache_noprof+0x7a/0x6f0 [ 481.272732][T13976] ? tipc_nametbl_insert_publ+0x5a/0x1580 [ 481.272777][T13976] tipc_nametbl_insert_publ+0x5a/0x1580 [ 481.272814][T13976] ? do_raw_spin_lock+0x128/0x260 [ 481.272855][T13976] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 481.272906][T13976] tipc_nametbl_publish+0x137/0x260 [ 481.272948][T13976] tipc_sk_publish+0x1d8/0x430 [ 481.272987][T13976] ? __pfx_tipc_sk_publish+0x10/0x10 [ 481.273027][T13976] ? __local_bh_enable_ip+0x9e/0x120 [ 481.273063][T13976] tipc_sk_bind+0x16f/0x380 [ 481.273103][T13976] tipc_bind+0x18d/0x280 [ 481.273142][T13976] __sys_bind+0x1a9/0x260 [ 481.273188][T13976] ? __pfx___sys_bind+0x10/0x10 [ 481.273255][T13976] __x64_sys_bind+0x72/0xb0 [ 481.273296][T13976] ? lockdep_hardirqs_on+0x78/0x100 [ 481.273328][T13976] do_syscall_64+0x106/0xf80 [ 481.273358][T13976] ? clear_bhb_loop+0x40/0x90 [ 481.273393][T13976] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.273424][T13976] RIP: 0033:0x7fe84cd9c629 [ 481.273448][T13976] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 481.273476][T13976] RSP: 002b:00007fe84aff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 481.273504][T13976] RAX: ffffffffffffffda RBX: 00007fe84d016090 RCX: 00007fe84cd9c629 [ 481.273524][T13976] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000001 [ 481.273542][T13976] RBP: 00007fe84ce32b39 R08: 0000000000000000 R09: 0000000000000000 [ 481.273559][T13976] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 481.273576][T13976] R13: 00007fe84d016128 R14: 00007fe84d016090 R15: 00007ffe72103ea8 [ 481.273616][T13976] [ 481.557458][T13981] netlink: 'syz.0.1621': attribute type 33 has an invalid length. [ 481.565318][T13981] netlink: 322 bytes leftover after parsing attributes in process `syz.0.1621'. [ 482.329945][T14001] futex_atomic_op_inuser: 25 callbacks suppressed [ 482.329968][T14001] futex_wake_op: syz.2.1626 tries to shift op by -2048; fix this program [ 482.366209][T14001] futex_wake_op: syz.2.1626 tries to shift op by -2048; fix this program [ 482.426379][T14006] 0x000000000001-0x000000020000 : "" [ 482.502424][T14006] ftl_cs: FTL header corrupt! [ 482.707701][T14020] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1632'. [ 482.963233][T14030] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1632'. [ 485.144747][T14065] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1637'. [ 485.167686][T14065] \: renamed from lo (while UP) [ 485.340280][T14048] kexec: Could not allocate control_code_buffer [ 485.492388][T14069] FAULT_INJECTION: forcing a failure. [ 485.492388][T14069] name fail_futex, interval 1, probability 0, space 0, times 0 [ 485.537301][T14069] CPU: 1 UID: 0 PID: 14069 Comm: syz.2.1639 Tainted: G U L syzkaller #0 PREEMPT(full) [ 485.537353][T14069] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 485.537363][T14069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 485.537382][T14069] Call Trace: [ 485.537391][T14069] [ 485.537402][T14069] dump_stack_lvl+0x100/0x190 [ 485.537452][T14069] should_fail_ex.cold+0x5/0xa [ 485.537486][T14069] get_futex_key+0x1d2/0x1620 [ 485.537524][T14069] ? __pfx_get_futex_key+0x10/0x10 [ 485.537560][T14069] ? blk_finish_plug+0x83/0xa0 [ 485.537590][T14069] ? madvise_do_behavior+0x1fc/0x510 [ 485.537625][T14069] futex_wake+0xea/0x530 [ 485.537663][T14069] ? madvise_unlock+0x154/0x220 [ 485.537694][T14069] ? __pfx_futex_wake+0x10/0x10 [ 485.537754][T14069] ? madvise_unlock+0xa9/0x220 [ 485.537789][T14069] do_futex+0x32b/0x350 [ 485.537825][T14069] ? __pfx_do_futex+0x10/0x10 [ 485.537863][T14069] ? find_held_lock+0x2b/0x80 [ 485.537908][T14069] __x64_sys_futex+0x34f/0x4d0 [ 485.537956][T14069] ? __pfx___x64_sys_futex+0x10/0x10 [ 485.538008][T14069] do_syscall_64+0x106/0xf80 [ 485.538039][T14069] ? clear_bhb_loop+0x40/0x90 [ 485.538074][T14069] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 485.538103][T14069] RIP: 0033:0x7fbf56f9c629 [ 485.538128][T14069] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 485.538156][T14069] RSP: 002b:00007fbf57e940e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 485.538184][T14069] RAX: ffffffffffffffda RBX: 00007fbf57215fa8 RCX: 00007fbf56f9c629 [ 485.538206][T14069] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fbf57215fac [ 485.538225][T14069] RBP: 00007fbf57215fa0 R08: 0000000000000000 R09: 0000000000000000 [ 485.538242][T14069] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 485.538259][T14069] R13: 00007fbf57216038 R14: 00007ffe12693cf0 R15: 00007ffe12693dd8 [ 485.538296][T14069] [ 485.816545][T14074] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 487.065389][ T5831] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 487.078630][ T5831] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 487.099783][T14089] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1644'. [ 487.209066][T14091] ptrace attach of "./syz-executor exec"[5820] was attempted by ""[14091] [ 490.064196][T14142] FAULT_INJECTION: forcing a failure. [ 490.064196][T14142] name failslab, interval 1, probability 0, space 0, times 0 [ 490.079849][T14142] CPU: 1 UID: 0 PID: 14142 Comm: syz.0.1656 Tainted: G U L syzkaller #0 PREEMPT(full) [ 490.079878][T14142] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 490.079884][T14142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 490.079894][T14142] Call Trace: [ 490.079900][T14142] [ 490.079906][T14142] dump_stack_lvl+0x100/0x190 [ 490.079934][T14142] should_fail_ex.cold+0x5/0xa [ 490.079951][T14142] should_failslab+0xc2/0x120 [ 490.079975][T14142] __kvmalloc_node_noprof+0xfa/0xa00 [ 490.079997][T14142] ? vmemdup_user+0x2a/0xe0 [ 490.080025][T14142] vmemdup_user+0x2a/0xe0 [ 490.080046][T14142] path_setxattrat+0x29e/0x3b0 [ 490.080070][T14142] ? __pfx_path_setxattrat+0x10/0x10 [ 490.080095][T14142] ? __pfx_poll_select_finish+0x10/0x10 [ 490.080132][T14142] ? xfd_validate_state+0x129/0x190 [ 490.080156][T14142] __x64_sys_fsetxattr+0xc5/0x140 [ 490.080170][T14142] ? do_syscall_64+0x95/0xf80 [ 490.080185][T14142] ? lockdep_hardirqs_on+0x78/0x100 [ 490.080201][T14142] do_syscall_64+0x106/0xf80 [ 490.080217][T14142] ? clear_bhb_loop+0x40/0x90 [ 490.080236][T14142] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 490.080251][T14142] RIP: 0033:0x7f38ad39c629 [ 490.080265][T14142] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 490.080279][T14142] RSP: 002b:00007f38ae1a7028 EFLAGS: 00000246 ORIG_RAX: 00000000000000be [ 490.080293][T14142] RAX: ffffffffffffffda RBX: 00007f38ad615fa0 RCX: 00007f38ad39c629 [ 490.080303][T14142] RDX: 0000000000000000 RSI: 0000200000002ac0 RDI: ffffffffffffffff [ 490.080312][T14142] RBP: 00007f38ad432b39 R08: 0000000000000000 R09: 0000000000000000 [ 490.080321][T14142] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000000 [ 490.080329][T14142] R13: 00007f38ad616038 R14: 00007f38ad615fa0 R15: 00007ffd213d5a78 [ 490.080348][T14142] [ 490.627626][T14159] netlink: 'syz.3.1661': attribute type 2 has an invalid length. [ 490.965416][T14141] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 490.987279][T14141] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 491.017334][T14141] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 491.066655][T14141] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 491.081783][T14141] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 491.237573][T14143] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_cmd_wq": -EINTR [ 492.707062][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout [ 493.003480][T14211] futex_wake_op: syz.2.1669 tries to shift op by -2048; fix this program [ 493.020160][T14211] futex_wake_op: syz.2.1669 tries to shift op by -2048; fix this program [ 493.037139][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 493.043225][T12840] Bluetooth: hci1: command 0x0c1a tx timeout [ 493.107178][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 493.510585][T14224] futex_wake_op: syz.0.1673 tries to shift op by -2048; fix this program [ 493.519916][T14224] futex_wake_op: syz.0.1673 tries to shift op by -2048; fix this program [ 493.551195][T14224] 0x000000000001-0x000000020000 : "" [ 493.719274][T14224] ftl_cs: FTL header corrupt! [ 493.752592][T14230] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1674'. [ 493.946840][T14237] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1675'. [ 495.187128][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 496.345667][T14283] netlink: 'syz.4.1686': attribute type 2 has an invalid length. [ 499.236122][T14354] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1705'. [ 500.244013][T14379] kAFS: No cell specified [ 501.063746][T14398] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1715'. [ 501.404987][T14406] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1716'. [ 501.467511][T14407] EXT4-fs error (device sda1): ext4_validate_block_bitmap:423: comm syz.0.1717: bg 2: bad block bitmap checksum [ 501.487481][T14407] EXT4-fs (sda1): Delayed block allocation failed for inode 2026 at logical offset 7 with max blocks 1 with error 74 [ 501.509108][T14407] EXT4-fs (sda1): This should not happen!! Data will be lost [ 501.509108][T14407] [ 501.522669][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.529105][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.741500][T14431] kAFS: No cell specified [ 504.790302][T14487] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1737'. [ 504.911078][T14484] kAFS: No cell specified [ 506.341417][T14517] Invalid ELF header magic: != ELF [ 506.370022][T14523] futex_wake_op: syz.2.1745 tries to shift op by -2048; fix this program [ 506.719325][T14529] futex_wake_op: syz.2.1745 tries to shift op by -2048; fix this program [ 507.058122][T14538] kAFS: No cell specified [ 507.089898][ T5831] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.097656][ T5831] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.104844][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.112924][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.126456][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.134422][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.141878][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.149392][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.158146][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.165575][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.173317][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.180739][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.187521][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.194901][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.201617][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.209074][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.215752][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.223335][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.237244][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.244698][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.251576][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.260156][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.266953][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.274483][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.281271][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.288783][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.295502][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.302924][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.309615][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.317085][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.323933][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.331468][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.338266][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.345695][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.352481][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.360194][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.366877][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.374350][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.381375][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.388798][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.395547][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.402967][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.409686][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.417143][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.423849][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.431294][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.438076][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.445493][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.452293][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.459722][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.466391][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.473829][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.480566][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.488001][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.494715][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.502144][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.508848][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.516226][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.522934][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.530350][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.537090][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.544501][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.551252][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.558883][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.565572][T12840] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 507.572999][T12840] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 507.727949][T14553] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1750'. [ 509.204361][T14585] zswap: compressor not available [ 509.479755][T14611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.490984][T14611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 510.213264][T14632] block2mtd: illegal erase size [ 511.369861][ T30] audit: type=1806 audit(4294967377.280:13): xattr="." res=0 [ 511.379732][T14664] ptrace attach of "./syz-executor exec"[5821] was attempted by "\x07FVs>.2F˂a-m 0Ft'aS\x5c=:#% q-ۇ{VaL37\x0a \x0c\x5c\x0a),W㢐ai,қ1I6\x0bx9k4E\x0d>:&U~u$9\x5cpHVݎ>Q\x0aAD=#*4ꋲ9OO\x22h\x0dDMgz;Ns84\x5cƋV_._pBlG;Fh1H?\x09ְ40눴ޓ9\x1bjB^2`IG̲=ft/IRC|ke\x5ceXwEtXtZl^7{V3PȦR\x22r\x5cl1ֆn_O-m5\x07:krc8yb\x0cLO!CkjmWc˥c[K9;Jpάv$5ėGl(b ʩ,x+Pn\x5c5U\x0dR(4_o^Cswq\x22erC\x0bL*-x!nZ{{;lSײo$k-H1Q=(elL]T@\x0dit^ǵ1:p\x07-.@KCdSy\x0bYLGoEqӤ\x227fs]fq ;WtY'}q0fu1}(}-g}[qbz3TaNb,\x07+S2)8\x5c3h*z I9IwظܷӳUD`IA{['\x0d6/o- #osmqP\x22-Kn@ydja[\x0brό\x0bi._;LFQs/~A GzYoa [ 511.849343][T14685] futex_wake_op: syz.3.1776 tries to shift op by -2048; fix this program [ 511.999909][T14687] program syz.2.1775 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 513.005677][T14702] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1779'. [ 513.243325][T14713] FAULT_INJECTION: forcing a failure. [ 513.243325][T14713] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 513.267194][T14713] CPU: 0 UID: 0 PID: 14713 Comm: syz.4.1780 Tainted: G U L syzkaller #0 PREEMPT(full) [ 513.267239][T14713] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 513.267250][T14713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 513.267265][T14713] Call Trace: [ 513.267274][T14713] [ 513.267284][T14713] dump_stack_lvl+0x100/0x190 [ 513.267330][T14713] should_fail_ex.cold+0x5/0xa [ 513.267363][T14713] _copy_from_user+0x2e/0xd0 [ 513.267404][T14713] core_sys_select+0x472/0xbb0 [ 513.267453][T14713] ? __pfx_core_sys_select+0x10/0x10 [ 513.267491][T14713] ? get_pid_task+0xfc/0x250 [ 513.267530][T14713] ? get_pid_task+0x106/0x250 [ 513.267586][T14713] ? __mutex_unlock_slowpath+0x15c/0x790 [ 513.267620][T14713] ? __fget_files+0x215/0x3d0 [ 513.267660][T14713] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 513.267696][T14713] kern_select+0x20c/0x270 [ 513.267723][T14713] ? __pfx_kern_select+0x10/0x10 [ 513.267754][T14713] ? __pfx_ksys_write+0x10/0x10 [ 513.267778][T14713] __x64_sys_select+0xbd/0x160 [ 513.267798][T14713] ? do_syscall_64+0x95/0xf80 [ 513.267813][T14713] ? lockdep_hardirqs_on+0x78/0x100 [ 513.267836][T14713] do_syscall_64+0x106/0xf80 [ 513.267860][T14713] ? clear_bhb_loop+0x40/0x90 [ 513.267891][T14713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.267914][T14713] RIP: 0033:0x7fd7c819c629 [ 513.267927][T14713] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.267942][T14713] RSP: 002b:00007fd7c905d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 513.267957][T14713] RAX: ffffffffffffffda RBX: 00007fd7c8416270 RCX: 00007fd7c819c629 [ 513.267966][T14713] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 513.267975][T14713] RBP: 00007fd7c905d090 R08: 0000000000000000 R09: 0000000000000000 [ 513.267991][T14713] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 513.268000][T14713] R13: 00007fd7c8416308 R14: 00007fd7c8416270 R15: 00007ffe2f8844e8 [ 513.268019][T14713] [ 513.773419][T14683] kexec: Could not allocate control_code_buffer [ 514.233394][T14740] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1788'. [ 514.281519][T14740] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1788'. [ 515.986233][T14774] FAULT_INJECTION: forcing a failure. [ 515.986233][T14774] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 515.999787][T14774] CPU: 1 UID: 0 PID: 14774 Comm: syz.2.1794 Tainted: G U L syzkaller #0 PREEMPT(full) [ 515.999834][T14774] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 515.999844][T14774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 515.999858][T14774] Call Trace: [ 515.999866][T14774] [ 515.999875][T14774] dump_stack_lvl+0x100/0x190 [ 515.999915][T14774] should_fail_ex.cold+0x5/0xa [ 515.999947][T14774] core_sys_select+0x5d1/0xbb0 [ 515.999993][T14774] ? __pfx_core_sys_select+0x10/0x10 [ 516.000037][T14774] ? get_pid_task+0xfc/0x250 [ 516.000073][T14774] ? get_pid_task+0x106/0x250 [ 516.000124][T14774] ? __mutex_unlock_slowpath+0x15c/0x790 [ 516.000156][T14774] ? __fget_files+0x215/0x3d0 [ 516.000197][T14774] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 516.000232][T14774] kern_select+0x20c/0x270 [ 516.000270][T14774] ? __pfx_kern_select+0x10/0x10 [ 516.000295][T14774] ? __pfx_ksys_write+0x10/0x10 [ 516.000319][T14774] __x64_sys_select+0xbd/0x160 [ 516.000340][T14774] ? do_syscall_64+0x95/0xf80 [ 516.000355][T14774] ? lockdep_hardirqs_on+0x78/0x100 [ 516.000371][T14774] do_syscall_64+0x106/0xf80 [ 516.000385][T14774] ? clear_bhb_loop+0x40/0x90 [ 516.000409][T14774] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 516.000424][T14774] RIP: 0033:0x7fbf56f9c629 [ 516.000437][T14774] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 516.000452][T14774] RSP: 002b:00007fbf57e31028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 516.000466][T14774] RAX: ffffffffffffffda RBX: 00007fbf57216270 RCX: 00007fbf56f9c629 [ 516.000476][T14774] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 516.000484][T14774] RBP: 00007fbf57e31090 R08: 0000000000000000 R09: 0000000000000000 [ 516.000493][T14774] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 516.000501][T14774] R13: 00007fbf57216308 R14: 00007fbf57216270 R15: 00007ffe12693dd8 [ 516.000520][T14774] [ 516.542372][T14791] syz.0.1798 (14791): attempted to duplicate a private mapping with mremap. This is not supported. [ 516.670889][ T30] audit: type=1800 audit(4294967382.590:14): pid=14791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1798" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 517.581834][T14827] vhci_hcd vhci_hcd.2: invalid port number 16 [ 517.591182][T14827] vhci_hcd vhci_hcd.2: invalid port number 16 [ 517.630114][T14829] vhci_hcd vhci_hcd.2: invalid port number 16 [ 517.692042][T14829] vhci_hcd vhci_hcd.2: invalid port number 16 [ 518.985427][T14855] kAFS: No cell specified [ 519.161618][T14863] zswap: compressor not available [ 519.599385][T14869] zswap: compressor not available [ 519.908471][T14882] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1817'. [ 520.543100][T14873] page: refcount:6 mapcount:5 mapping:0000000000000000 index:0x7f2166e50 pfn:0x78c00 [ 520.557287][T14873] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 520.567719][T14873] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 520.576316][T14873] raw: 00000007f2166e50 0000000000000000 0000000600000004 0000000000000000 [ 520.595662][T14873] page dumped because: unmovable page [ 520.605345][T14873] page_owner tracks the page as allocated [ 520.624506][T14873] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5816, tgid 5816 (syz-executor), ts 72420403748, free_ts 68838184585 [ 520.680456][T14873] post_alloc_hook+0x153/0x170 [ 520.685264][T14873] get_page_from_freelist+0x111d/0x3140 [ 520.714356][T14873] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 520.747718][T14873] alloc_pages_mpol+0x1fb/0x550 [ 520.752617][T14873] alloc_pages_noprof+0x131/0x390 [ 520.789138][T14873] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 520.811730][T14873] vmalloc_user_noprof+0x9e/0xe0 [ 520.830176][T14873] kcov_ioctl+0x4c/0x720 [ 520.834458][T14873] __x64_sys_ioctl+0x18e/0x210 [ 520.858427][T14873] do_syscall_64+0x106/0xf80 [ 520.863081][T14873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 520.887157][T14873] page last free pid 5808 tgid 5808 stack trace: [ 520.900876][T14873] free_unref_folios+0xaea/0x1790 [ 520.933246][T14873] folios_put_refs+0x53c/0x840 [ 520.938151][T14873] free_pages_and_swap_cache+0x242/0x480 [ 520.966939][T14873] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 520.973114][T14873] tlb_finish_mmu+0x1b0/0x810 [ 521.007819][T14873] unmap_region+0x2d9/0x3b0 [ 521.037130][T14873] vms_complete_munmap_vmas+0xa4b/0xdd0 [ 521.070459][T14873] do_vmi_align_munmap+0x44f/0x5f0 [ 521.075616][T14873] do_vmi_munmap+0x1f8/0x3e0 [ 521.101166][T14873] __vm_munmap+0x196/0x390 [ 521.162652][T14873] __x64_sys_munmap+0x59/0x80 [ 521.180507][T14873] do_syscall_64+0x106/0xf80 [ 521.193989][T14873] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.083094][T14913] kAFS: No cell specified [ 522.468391][T14925] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1827'. [ 523.283515][ T30] audit: type=1800 audit(4294967389.200:15): pid=14939 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1831" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 523.351067][T14944] Invalid ELF header magic: != ELF [ 524.987914][T14995] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1842'. [ 525.288152][T14997] QAT: Device 0 not found [ 525.370633][T14997] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 525.768221][T14997] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 525.791360][T14997] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 525.840975][T14997] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 525.986074][T15005] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1844'. [ 526.050877][T15005] netlink: 294 bytes leftover after parsing attributes in process `syz.2.1844'. [ 526.149202][T15005] netlink: 4096 bytes leftover after parsing attributes in process `syz.2.1844'. [ 527.187673][T15045] FAULT_INJECTION: forcing a failure. [ 527.187673][T15045] name failslab, interval 1, probability 0, space 0, times 0 [ 527.217095][T15045] CPU: 1 UID: 0 PID: 15045 Comm: syz.4.1852 Tainted: G U L syzkaller #0 PREEMPT(full) [ 527.217125][T15045] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 527.217131][T15045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 527.217140][T15045] Call Trace: [ 527.217145][T15045] [ 527.217152][T15045] dump_stack_lvl+0x100/0x190 [ 527.217179][T15045] should_fail_ex.cold+0x5/0xa [ 527.217197][T15045] should_failslab+0xc2/0x120 [ 527.217222][T15045] __kmalloc_cache_noprof+0x7a/0x6f0 [ 527.217241][T15045] ? mqueue_init_fs_context+0x4b/0x690 [ 527.217264][T15045] mqueue_init_fs_context+0x4b/0x690 [ 527.217292][T15045] alloc_fs_context+0x60c/0xf40 [ 527.217311][T15045] mq_init_ns+0x16e/0x820 [ 527.217333][T15045] copy_ipcs+0x3dd/0x7e0 [ 527.217354][T15045] create_new_namespaces+0x20a/0xac0 [ 527.217369][T15045] ? security_capable+0x80/0x260 [ 527.217389][T15045] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 527.217406][T15045] ksys_unshare+0x455/0xab0 [ 527.217424][T15045] ? __pfx_ksys_unshare+0x10/0x10 [ 527.217448][T15045] __x64_sys_unshare+0x31/0x40 [ 527.217465][T15045] do_syscall_64+0x106/0xf80 [ 527.217481][T15045] ? clear_bhb_loop+0x40/0x90 [ 527.217498][T15045] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 527.217513][T15045] RIP: 0033:0x7fd7c819c629 [ 527.217527][T15045] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 527.217541][T15045] RSP: 002b:00007fd7c90c0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 527.217555][T15045] RAX: ffffffffffffffda RBX: 00007fd7c8415fa0 RCX: 00007fd7c819c629 [ 527.217565][T15045] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 527.217573][T15045] RBP: 00007fd7c8232b39 R08: 0000000000000000 R09: 0000000000000000 [ 527.217582][T15045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 527.217590][T15045] R13: 00007fd7c8416038 R14: 00007fd7c8415fa0 R15: 00007ffe2f8844e8 [ 527.217610][T15045] [ 527.428294][T12840] Bluetooth: hci0: command 0x0c1a tx timeout [ 527.555788][T15035] Invalid ELF header magic: != ELF [ 527.753171][T15048] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1853'. [ 527.828601][T12840] Bluetooth: hci3: command 0x0c1a tx timeout [ 527.830102][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 527.907090][ T5831] Bluetooth: hci4: command 0x0c1a tx timeout [ 528.420274][T15076] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 530.392650][T15111] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1866'. [ 532.889860][T15152] kAFS: No cell specified [ 533.163150][T15162] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 533.178934][T15162] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 533.184973][T15162] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 533.203253][T15162] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 533.912911][T15194] kAFS: No cell specified [ 535.189038][ T5831] Bluetooth: hci3: command 0x0c1a tx timeout [ 535.195174][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout [ 535.196873][T12840] Bluetooth: hci0: command 0x0c1a tx timeout [ 535.271581][T12840] Bluetooth: hci4: command 0x0c1a tx timeout [ 535.360647][T15227] kAFS: No cell specified [ 536.034160][T15251] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1897'. [ 536.063385][ T30] audit: type=1326 audit(4294968424.983:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15249 comm="syz.0.1898" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f38ad39c629 code=0x0 [ 536.136012][T15251] \: renamed from lo (while UP) [ 536.353076][T15259] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1900'. [ 536.734428][T15267] kAFS: No cell specified [ 536.743395][T15274] FAULT_INJECTION: forcing a failure. [ 536.743395][T15274] name failslab, interval 1, probability 0, space 0, times 0 [ 536.756738][T15274] CPU: 1 UID: 0 PID: 15274 Comm: syz.2.1902 Tainted: G U L syzkaller #0 PREEMPT(full) [ 536.756781][T15274] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 536.756790][T15274] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 536.756805][T15274] Call Trace: [ 536.756813][T15274] [ 536.756823][T15274] dump_stack_lvl+0x100/0x190 [ 536.756866][T15274] should_fail_ex.cold+0x5/0xa [ 536.756898][T15274] should_failslab+0xc2/0x120 [ 536.756940][T15274] __kmalloc_cache_noprof+0x7a/0x6f0 [ 536.756972][T15274] ? __io_uring_add_tctx_node+0x16f/0x3b0 [ 536.757030][T15274] __io_uring_add_tctx_node+0x16f/0x3b0 [ 536.757069][T15274] ? __pfx___io_uring_add_tctx_node+0x10/0x10 [ 536.757111][T15274] ? __fget_files+0x21f/0x3d0 [ 536.757154][T15274] __io_uring_add_tctx_node_from_submit+0x89/0x130 [ 536.757196][T15274] __do_sys_io_uring_enter+0x1492/0x1a20 [ 536.757232][T15274] ? __fget_files+0x21f/0x3d0 [ 536.757269][T15274] ? __pfx___do_sys_io_uring_enter+0x10/0x10 [ 536.757304][T15274] ? fput+0x79/0x100 [ 536.757332][T15274] ? ksys_write+0x1ac/0x250 [ 536.757369][T15274] ? __pfx_ksys_write+0x10/0x10 [ 536.757418][T15274] do_syscall_64+0x106/0xf80 [ 536.757448][T15274] ? clear_bhb_loop+0x40/0x90 [ 536.757482][T15274] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.757510][T15274] RIP: 0033:0x7fbf56f9c629 [ 536.757532][T15274] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 536.757559][T15274] RSP: 002b:00007fbf57e52028 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 536.757585][T15274] RAX: ffffffffffffffda RBX: 00007fbf57216180 RCX: 00007fbf56f9c629 [ 536.757603][T15274] RDX: 0000000000000007 RSI: 0000000000000003 RDI: 0000000000000003 [ 536.757619][T15274] RBP: 00007fbf57e52090 R08: 0000000000000000 R09: 0000000000000007 [ 536.757636][T15274] R10: 0000000000000005 R11: 0000000000000246 R12: 0000000000000001 [ 536.757652][T15274] R13: 00007fbf57216218 R14: 00007fbf57216180 R15: 00007ffe12693dd8 [ 536.757693][T15274] [ 537.002409][T15269] kAFS: No cell specified [ 537.637400][T15295] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 537.979287][T15303] zswap: compressor not available [ 538.134275][T15310] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1911'. [ 538.587733][T15320] blktrace: Concurrent blktraces are not allowed on loop2 [ 540.262763][T15354] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1920'. [ 540.404337][T15366] FAULT_INJECTION: forcing a failure. [ 540.404337][T15366] name failslab, interval 1, probability 0, space 0, times 0 [ 540.451681][T15366] CPU: 1 UID: 0 PID: 15366 Comm: syz.3.1921 Tainted: G U L syzkaller #0 PREEMPT(full) [ 540.451712][T15366] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 540.451719][T15366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 540.451727][T15366] Call Trace: [ 540.451733][T15366] [ 540.451740][T15366] dump_stack_lvl+0x100/0x190 [ 540.451768][T15366] should_fail_ex.cold+0x5/0xa [ 540.451786][T15366] should_failslab+0xc2/0x120 [ 540.451818][T15366] __kmalloc_node_noprof+0xe6/0x850 [ 540.451840][T15366] ? load_msg+0x43/0x4a0 [ 540.451858][T15366] load_msg+0x43/0x4a0 [ 540.451876][T15366] do_msgrcv+0x209/0x16f0 [ 540.451893][T15366] ? __pfx_do_msg_fill+0x10/0x10 [ 540.451908][T15366] ? __pfx_do_futex+0x10/0x10 [ 540.451931][T15366] ? __pfx_do_msgrcv+0x10/0x10 [ 540.451947][T15366] ? __x64_sys_futex+0x34f/0x4d0 [ 540.451967][T15366] ? xfd_validate_state+0x129/0x190 [ 540.451994][T15366] ? do_syscall_64+0x106/0xf80 [ 540.452009][T15366] do_syscall_64+0x106/0xf80 [ 540.452024][T15366] ? clear_bhb_loop+0x40/0x90 [ 540.452042][T15366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.452058][T15366] RIP: 0033:0x7fe84cd9c629 [ 540.452071][T15366] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 540.452085][T15366] RSP: 002b:00007fe84aff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000046 [ 540.452100][T15366] RAX: ffffffffffffffda RBX: 00007fe84d016090 RCX: 00007fe84cd9c629 [ 540.452110][T15366] RDX: 000000000000f55c RSI: 0000000000000000 RDI: 0000000000000000 [ 540.452118][T15366] RBP: 00007fe84ce32b39 R08: 0000000000004a4d R09: 0000000000000000 [ 540.452127][T15366] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000000 [ 540.452135][T15366] R13: 00007fe84d016128 R14: 00007fe84d016090 R15: 00007ffe72103ea8 [ 540.452155][T15366] [ 541.222598][T15384] netlink: 'syz.4.1925': attribute type 1 has an invalid length. [ 541.291335][T15387] syz.2.1926(15387): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 541.936921][T15408] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1931'. [ 543.084349][T15449] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1938'. [ 543.137182][T15451] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1938'. [ 543.654186][T15462] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1943'. [ 545.644476][T15514] zswap: compressor not available [ 545.770380][T15514] zswap: compressor not available [ 545.895796][T15514] zswap: compressor not available [ 546.126278][T15514] zswap: compressor not available [ 546.245692][T15539] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1955'. [ 546.308388][T15537] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1956'. [ 546.390117][T15514] zswap: compressor not available [ 547.274571][T15558] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 548.137213][T15581] FAULT_INJECTION: forcing a failure. [ 548.137213][T15581] name failslab, interval 1, probability 0, space 0, times 0 [ 548.158236][T15581] CPU: 0 UID: 0 PID: 15581 Comm: syz.0.1966 Tainted: G U L syzkaller #0 PREEMPT(full) [ 548.158288][T15581] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 548.158299][T15581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 548.158316][T15581] Call Trace: [ 548.158325][T15581] [ 548.158336][T15581] dump_stack_lvl+0x100/0x190 [ 548.158386][T15581] should_fail_ex.cold+0x5/0xa [ 548.158420][T15581] should_failslab+0xc2/0x120 [ 548.158467][T15581] __kmalloc_cache_noprof+0x7a/0x6f0 [ 548.158501][T15581] ? alloc_mnt_ns+0xce/0x520 [ 548.158546][T15581] alloc_mnt_ns+0xce/0x520 [ 548.158586][T15581] copy_mnt_ns+0x220/0xc30 [ 548.158616][T15581] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 548.158663][T15581] ? create_new_namespaces+0x30/0xac0 [ 548.158693][T15581] ? rcu_is_watching+0x12/0xc0 [ 548.158739][T15581] create_new_namespaces+0xd3/0xac0 [ 548.158767][T15581] ? bpf_lsm_capable+0x9/0x10 [ 548.158799][T15581] ? security_capable+0x80/0x260 [ 548.158840][T15581] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 548.158873][T15581] ksys_unshare+0x455/0xab0 [ 548.158914][T15581] ? __pfx_ksys_unshare+0x10/0x10 [ 548.158962][T15581] __x64_sys_unshare+0x31/0x40 [ 548.158998][T15581] do_syscall_64+0x106/0xf80 [ 548.159029][T15581] ? clear_bhb_loop+0x40/0x90 [ 548.159065][T15581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.159094][T15581] RIP: 0033:0x7f38ad39c629 [ 548.159123][T15581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 548.159151][T15581] RSP: 002b:00007f38ae1a7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 548.159180][T15581] RAX: ffffffffffffffda RBX: 00007f38ad615fa0 RCX: 00007f38ad39c629 [ 548.159200][T15581] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 548.159217][T15581] RBP: 00007f38ad432b39 R08: 0000000000000000 R09: 0000000000000000 [ 548.159235][T15581] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 548.159252][T15581] R13: 00007f38ad616038 R14: 00007f38ad615fa0 R15: 00007ffd213d5a78 [ 548.159289][T15581] [ 549.599471][T15624] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 549.903258][T15627] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1975'. [ 552.017310][T15669] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 552.418451][T15656] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 552.465897][T15656] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 552.507673][T15656] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 552.575136][T15656] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 553.319542][T15683] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1989'. [ 553.598712][T12840] Bluetooth: hci0: command 0x0c1a tx timeout [ 554.158658][T15704] random: crng reseeded on system resumption [ 554.478690][T12840] Bluetooth: hci1: command 0x0c1a tx timeout [ 554.560839][T12840] Bluetooth: hci3: command 0x0c1a tx timeout [ 554.638888][T12840] Bluetooth: hci4: command 0x0c1a tx timeout [ 554.832940][T15733] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 560.452240][T15794] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 561.361931][T15815] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2013'. [ 562.462536][T15791] Process accounting resumed [ 562.966857][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.983214][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.416221][T15863] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 564.160580][T15872] openvswitch: netlink: IPv4 tunnel dst address is zero [ 564.352894][T15877] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3541179465 (7082358930 ns) > initial count (6107293052 ns). Using initial count to start timer. [ 564.814689][T15895] can0: slcan on ttyS2. [ 564.925481][T15893] can0 (unregistered): slcan off ttyS2. [ 565.887026][T15939] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 566.657630][T15961] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input45 [ 567.049609][T15963] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input46 [ 568.587498][T16014] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2043'. [ 568.823130][T16018] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 569.630992][T16042] misc userio: Invalid payload size [ 570.487798][T16055] futex_wake_op: syz.4.2051 tries to shift op by -2048; fix this program [ 570.510165][T16055] futex_wake_op: syz.4.2051 tries to shift op by -2048; fix this program [ 570.522607][T16058] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2053'. [ 570.639616][T16055] 0x000000000001-0x000000020000 : "" [ 570.709874][T16055] ftl_cs: FTL header corrupt! [ 571.660090][T16068] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2056'. [ 571.885166][T16077] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2057'. [ 571.911724][T16077] \: renamed from lo (while UP) [ 572.012626][T16080] netlink: 330 bytes leftover after parsing attributes in process `syz.2.2058'. [ 572.056128][T16080] \: renamed from lo (while UP) [ 572.452186][T16083] random: crng reseeded on system resumption [ 572.514862][T16083] Restarting kernel threads ... [ 572.533832][T16083] Done restarting kernel threads. [ 572.757669][T16087] ksmbd: Unknown IPC event: 14, ignore. [ 572.767451][T16087] FAULT_INJECTION: forcing a failure. [ 572.767451][T16087] name failslab, interval 1, probability 0, space 0, times 0 [ 572.782803][T16087] CPU: 0 UID: 0 PID: 16087 Comm: syz.2.2059 Tainted: G U L syzkaller #0 PREEMPT(full) [ 572.782856][T16087] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 572.782868][T16087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 572.782886][T16087] Call Trace: [ 572.782896][T16087] [ 572.782907][T16087] dump_stack_lvl+0x100/0x190 [ 572.782955][T16087] should_fail_ex.cold+0x5/0xa [ 572.782988][T16087] should_failslab+0xc2/0x120 [ 572.783035][T16087] __kmalloc_cache_noprof+0x7a/0x6f0 [ 572.783082][T16087] ? ima_d_path+0xc9/0x260 [ 572.783121][T16087] ? xattr_resolve_name+0x27d/0x3f0 [ 572.783169][T16087] ima_d_path+0xc9/0x260 [ 572.783205][T16087] ? __pfx_ima_d_path+0x10/0x10 [ 572.783253][T16087] ? __pfx_ima_get_hash_algo+0x10/0x10 [ 572.783297][T16087] process_measurement+0x1b25/0x2350 [ 572.783346][T16087] ? __pfx_process_measurement+0x10/0x10 [ 572.783383][T16087] ? trace_contention_end+0x140/0x180 [ 572.783427][T16087] ? find_held_lock+0x2b/0x80 [ 572.783470][T16087] ? trace_array_get+0xd8/0x100 [ 572.783513][T16087] ? trace_array_get+0xd8/0x100 [ 572.783603][T16087] ? bpf_lsm_locked_down+0x9/0x10 [ 572.783636][T16087] ? security_locked_down+0x70/0x1e0 [ 572.783668][T16087] ? tracing_open_generic+0x94/0xc0 [ 572.783714][T16087] ? subsystem_open+0x1bc/0x4b0 [ 572.783742][T16087] ? inode_to_bdi+0x9e/0x160 [ 572.783789][T16087] ima_file_check+0xcc/0x120 [ 572.783825][T16087] ? __pfx_ima_file_check+0x10/0x10 [ 572.783871][T16087] security_file_post_open+0xc4/0x210 [ 572.783915][T16087] path_openat+0x1418/0x31a0 [ 572.783955][T16087] ? __pfx_path_openat+0x10/0x10 [ 572.784013][T16087] do_file_open+0x20e/0x430 [ 572.784048][T16087] ? __pfx_do_file_open+0x10/0x10 [ 572.784102][T16087] ? alloc_fd+0x476/0x790 [ 572.784149][T16087] ? do_getname+0x191/0x390 [ 572.784183][T16087] do_sys_openat2+0x10d/0x1e0 [ 572.784218][T16087] ? __pfx_do_sys_openat2+0x10/0x10 [ 572.784266][T16087] __x64_sys_openat+0x12d/0x210 [ 572.784303][T16087] ? __pfx___x64_sys_openat+0x10/0x10 [ 572.784353][T16087] do_syscall_64+0x106/0xf80 [ 572.784383][T16087] ? clear_bhb_loop+0x40/0x90 [ 572.784419][T16087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.784449][T16087] RIP: 0033:0x7fbf56f9c629 [ 572.784473][T16087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 572.784500][T16087] RSP: 002b:00007fbf57e94028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 572.784528][T16087] RAX: ffffffffffffffda RBX: 00007fbf57215fa0 RCX: 00007fbf56f9c629 [ 572.784547][T16087] RDX: 0000000000000400 RSI: 00002000000001c0 RDI: ffffffffffffff9c [ 572.784566][T16087] RBP: 00007fbf57032b39 R08: 0000000000000000 R09: 0000000000000000 [ 572.784583][T16087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 572.784600][T16087] R13: 00007fbf57216038 R14: 00007fbf57215fa0 R15: 00007ffe12693dd8 [ 572.784639][T16087] [ 573.341515][T16100] [U] [ 573.344383][T16100] [U] [ 573.347104][T16100] [U] [ 573.349829][T16100] [U] [ 573.352566][T16100] [U] [ 573.403359][T16100] [U] [ 573.406164][T16100] [U] [ 573.408867][T16100] [U] [ 573.411552][T16100] [U] [ 573.449675][T16100] [U] [ 573.452441][T16100] [U] [ 573.455138][T16100] [U] [ 573.457821][T16100] [U] [ 573.491243][T16100] [U] [ 573.493964][T16100] [U] [ 573.496671][T16100] [U] [ 573.499360][T16100] [U] [ 573.597886][T16100] [U] [ 573.600609][T16100] [U] [ 573.603285][T16100] [U] [ 573.605961][T16100] [U] [ 573.636308][T16100] [U] [ 573.639025][T16100] [U] [ 573.641716][T16100] [U] [ 573.644401][T16100] [U] [ 573.659686][T16100] [U] [ 573.662404][T16100] [U] [ 573.665077][T16100] [U] [ 573.667748][T16100] [U] [ 573.692028][T16100] [U] [ 573.694746][T16100] [U] [ 573.697420][T16100] [U] [ 573.700091][T16100] [U] [ 573.723425][T16100] [U] [ 573.726141][T16100] [U] [ 573.728844][T16100] [U] [ 573.731553][T16100] [U] [ 573.758625][T16100] [U] [ 573.761345][T16100] [U] [ 573.764023][T16100] [U] [ 573.766698][T16100] [U] [ 573.792661][T16100] [U] [ 573.795382][T16100] [U] [ 573.798056][T16100] [U] [ 573.800737][T16100] [U] [ 573.845347][T16100] [U] [ 573.848105][T16100] [U] [ 573.850822][T16100] [U] [ 573.853533][T16100] [U] [ 573.918623][T16100] [U] [ 573.921349][T16100] [U] [ 573.924018][T16100] [U] [ 573.926724][T16100] [U] [ 573.982582][T16100] [U] [ 573.985299][T16100] [U] [ 573.987995][T16100] [U] [ 573.990708][T16100] [U] [ 574.091792][T16100] [U] [ 574.094508][T16100] [U] [ 574.097180][T16100] [U] [ 574.099893][T16100] [U] [ 574.171505][T16100] [U] [ 574.174268][T16100] [U] [ 574.177012][T16100] [U] [ 574.179749][T16100] [U] [ 574.256170][T16100] [U] [ 574.258882][T16100] [U] [ 574.261592][T16100] [U] [ 574.264263][T16100] [U] [ 574.308694][T16100] [U] [ 574.419942][T16117] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2066'. [ 574.988389][T16135] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 575.182869][T16141] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2071'. [ 575.222349][T16133] kAFS: No cell specified [ 576.121325][T16165] FAULT_INJECTION: forcing a failure. [ 576.121325][T16165] name failslab, interval 1, probability 0, space 0, times 0 [ 576.292578][T16165] CPU: 0 UID: 0 PID: 16165 Comm: syz.4.2074 Tainted: G U L syzkaller #0 PREEMPT(full) [ 576.292629][T16165] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 576.292640][T16165] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 576.292663][T16165] Call Trace: [ 576.292672][T16165] [ 576.292682][T16165] dump_stack_lvl+0x100/0x190 [ 576.292734][T16165] should_fail_ex.cold+0x5/0xa [ 576.292769][T16165] should_failslab+0xc2/0x120 [ 576.292814][T16165] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 576.292854][T16165] ? new_userfaultfd+0x7d/0x400 [ 576.292889][T16165] ? xfd_validate_state+0x129/0x190 [ 576.292935][T16165] new_userfaultfd+0x7d/0x400 [ 576.292976][T16165] __x64_sys_userfaultfd+0x4b/0xb0 [ 576.293020][T16165] do_syscall_64+0x106/0xf80 [ 576.293051][T16165] ? clear_bhb_loop+0x40/0x90 [ 576.293085][T16165] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.293112][T16165] RIP: 0033:0x7fd7c819c629 [ 576.293134][T16165] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 576.293158][T16165] RSP: 002b:00007fd7c909f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000143 [ 576.293184][T16165] RAX: ffffffffffffffda RBX: 00007fd7c8416090 RCX: 00007fd7c819c629 [ 576.293203][T16165] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 576.293218][T16165] RBP: 00007fd7c8232b39 R08: 0000000000000000 R09: 0000000000000000 [ 576.293235][T16165] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 576.293251][T16165] R13: 00007fd7c8416128 R14: 00007fd7c8416090 R15: 00007ffe2f8844e8 [ 576.293287][T16165] [ 577.352382][T16198] kAFS: No cell specified [ 577.388584][T16202] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 577.411293][T16198] netlink: 'syz.0.2083': attribute type 1 has an invalid length. [ 578.143295][T16209] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2085'. [ 578.378803][T16218] netlink: 330 bytes leftover after parsing attributes in process `syz.4.2087'. [ 580.288228][T16269] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input47 [ 580.409524][T16284] netlink: 330 bytes leftover after parsing attributes in process `syz.0.2103'. [ 580.700364][T16296] FAULT_INJECTION: forcing a failure. [ 580.700364][T16296] name failslab, interval 1, probability 0, space 0, times 0 [ 580.703311][ T84] ------------[ cut here ]------------ [ 580.718852][ T84] wlan0: Failed check-sdata-in-driver check, flags: 0x0 [ 580.725902][ T84] WARNING: net/mac80211/driver-ops.h:1723 at ieee80211_set_active_links+0x2d0/0x9d0, CPU#1: kworker/u8:5/84 [ 580.737627][ T84] Modules linked in: [ 580.742020][ T84] CPU: 1 UID: 0 PID: 84 Comm: kworker/u8:5 Tainted: G U L syzkaller #0 PREEMPT(full) [ 580.752997][ T84] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 580.758295][ T84] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 580.768712][ T84] Workqueue: events_unbound cfg80211_wiphy_work [ 580.770867][T16296] CPU: 0 UID: 0 PID: 16296 Comm: syz.0.2106 Tainted: G U L syzkaller #0 PREEMPT(full) [ 580.770911][T16296] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 580.770920][T16296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 580.770935][T16296] Call Trace: [ 580.770944][T16296] [ 580.770953][T16296] dump_stack_lvl+0x100/0x190 [ 580.770997][T16296] should_fail_ex.cold+0x5/0xa [ 580.771041][T16296] should_failslab+0xc2/0x120 [ 580.771083][T16296] __kmalloc_cache_noprof+0x7a/0x6f0 [ 580.771115][T16296] ? alloc_tty_struct+0x96/0x8c0 [ 580.771155][T16296] alloc_tty_struct+0x96/0x8c0 [ 580.771189][T16296] ? __pfx_alloc_tty_struct+0x10/0x10 [ 580.771232][T16296] tty_init_dev.part.0+0x20/0x470 [ 580.771268][T16296] tty_open+0xa63/0xfa0 [ 580.771306][T16296] ? __pfx_tty_open+0x10/0x10 [ 580.771335][T16296] ? chrdev_open+0x589/0x6a0 [ 580.771374][T16296] ? chrdev_open+0x589/0x6a0 [ 580.771419][T16296] ? __pfx_tty_open+0x10/0x10 [ 580.771450][T16296] chrdev_open+0x234/0x6a0 [ 580.771492][T16296] ? __pfx_chrdev_open+0x10/0x10 [ 580.771533][T16296] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 580.771583][T16296] do_dentry_open+0x6d8/0x1660 [ 580.771622][T16296] ? __pfx_chrdev_open+0x10/0x10 [ 580.771671][T16296] vfs_open+0x82/0x3f0 [ 580.771706][T16296] path_openat+0x208c/0x31a0 [ 580.771745][T16296] ? __pfx_path_openat+0x10/0x10 [ 580.771800][T16296] do_file_open+0x20e/0x430 [ 580.771826][T16296] ? __pfx_do_file_open+0x10/0x10 [ 580.771878][T16296] ? alloc_fd+0x476/0x790 [ 580.771921][T16296] ? do_getname+0x191/0x390 [ 580.771954][T16296] do_sys_openat2+0x10d/0x1e0 [ 580.771986][T16296] ? __pfx_do_sys_openat2+0x10/0x10 [ 580.772031][T16296] __x64_sys_openat+0x12d/0x210 [ 580.772069][T16296] ? __pfx___x64_sys_openat+0x10/0x10 [ 580.772115][T16296] do_syscall_64+0x106/0xf80 [ 580.772144][T16296] ? clear_bhb_loop+0x40/0x90 [ 580.772177][T16296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.772205][T16296] RIP: 0033:0x7f38ad39c629 [ 580.772227][T16296] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 580.772253][T16296] RSP: 002b:00007f38ae186028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 580.772278][T16296] RAX: ffffffffffffffda RBX: 00007f38ad616090 RCX: 00007f38ad39c629 [ 580.772296][T16296] RDX: 0000000000002800 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 580.772313][T16296] RBP: 00007f38ad432b39 R08: 0000000000000000 R09: 0000000000000000 [ 580.772329][T16296] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 580.772344][T16296] R13: 00007f38ad616128 R14: 00007f38ad616090 R15: 00007ffd213d5a78 [ 580.772381][T16296] [ 581.041738][ T84] RIP: 0010:ieee80211_set_active_links+0x2d7/0x9d0 [ 581.048356][ T84] Code: 06 00 00 e8 bb 76 05 f7 48 8b 34 24 48 81 c6 20 01 00 00 48 89 34 24 e8 a7 76 05 f7 48 8d 3d 20 d8 e7 05 48 8b 34 24 44 89 fa <67> 48 0f b9 3a e9 e0 fe ff ff e8 8a 76 05 f7 0f b7 c5 4c 8d bb 30 [ 581.068065][ T84] RSP: 0018:ffffc900025cfaf0 EFLAGS: 00010293 [ 581.074222][ T84] RAX: 0000000000000000 RBX: ffff88802976aa90 RCX: ffffffff8b0283fe [ 581.082269][ T84] RDX: 0000000000000000 RSI: ffff888029768120 RDI: ffffffff90ea5c80 [ 581.090682][ T84] RBP: 000000000000000a R08: 0000000000000005 R09: 0000000000000000 [ 581.098709][ T84] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880297697f8 [ 581.106772][ T84] R13: 0000000000000000 R14: ffff8880298c0e80 R15: 0000000000000000 [ 581.114806][ T84] FS: 0000000000000000(0000) GS:ffff888124451000(0000) knlGS:0000000000000000 [ 581.123828][ T84] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 581.130434][ T84] CR2: 00007fd7c81577b0 CR3: 0000000034f4e000 CR4: 00000000003526f0 [ 581.138470][ T84] Call Trace: [ 581.141976][ T84] [ 581.144931][ T84] ? __lock_acquire+0x4a5/0x2630 [ 581.149917][ T84] ieee80211_if_parse_active_links+0xbb/0x120 [ 581.156125][ T84] ? __pfx_ieee80211_if_parse_active_links+0x10/0x10 [ 581.162909][ T84] ? lockdep_count_backward_deps+0xfa/0x140 [ 581.168847][ T84] ? ieee80211_if_write_sdata_handler+0x1a/0x90 [ 581.175195][ T84] ? __pfx_ieee80211_if_write_sdata_handler+0x10/0x10 [ 581.182057][ T84] wiphy_locked_debugfs_write_work+0xe6/0x1c0 [ 581.188579][ T84] ? trace_wiphy_work_run+0x73/0x240 [ 581.193976][ T84] cfg80211_wiphy_work+0x446/0x5c0 [ 581.199210][ T84] process_one_work+0x9d7/0x1920 [ 581.204275][ T84] ? __pfx_process_one_work+0x10/0x10 [ 581.209706][ T84] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 581.215481][ T84] worker_thread+0x5da/0xe40 [ 581.220131][ T84] ? kthread+0x13a/0x450 [ 581.224471][ T84] ? __pfx_worker_thread+0x10/0x10 [ 581.229621][ T84] kthread+0x370/0x450 [ 581.233783][ T84] ? __pfx_kthread+0x10/0x10 [ 581.238412][ T84] ret_from_fork+0x754/0xd80 [ 581.243269][ T84] ? __pfx_ret_from_fork+0x10/0x10 [ 581.248430][ T84] ? __switch_to+0x7b4/0x1120 [ 581.253184][ T84] ? __pfx_kthread+0x10/0x10 [ 581.257821][ T84] ret_from_fork_asm+0x1a/0x30 [ 581.262702][ T84] [ 581.265730][ T84] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 581.273017][ T84] CPU: 1 UID: 0 PID: 84 Comm: kworker/u8:5 Tainted: G U L syzkaller #0 PREEMPT(full) [ 581.283907][ T84] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 581.289115][ T84] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 581.299181][ T84] Workqueue: events_unbound cfg80211_wiphy_work [ 581.305448][ T84] Call Trace: [ 581.308726][ T84] [ 581.311654][ T84] dump_stack_lvl+0x100/0x190 [ 581.316346][ T84] vpanic+0x552/0x970 [ 581.320335][ T84] ? __pfx_vpanic+0x10/0x10 [ 581.324851][ T84] panic+0xd1/0xe0 [ 581.328575][ T84] ? __pfx_panic+0x10/0x10 [ 581.333006][ T84] ? check_panic_on_warn+0x1f/0x90 [ 581.338148][ T84] check_panic_on_warn.cold+0x19/0x34 [ 581.343611][ T84] ? ieee80211_set_active_links+0x2d0/0x9d0 [ 581.349598][ T84] __warn.cold+0x191/0x348 [ 581.354028][ T84] __report_bug+0x296/0x3d0 [ 581.358542][ T84] ? ieee80211_set_active_links+0x2d0/0x9d0 [ 581.364441][ T84] ? __pfx___report_bug+0x10/0x10 [ 581.369468][ T84] ? __lock_acquire+0x4a5/0x2630 [ 581.374415][ T84] ? ieee80211_set_active_links+0x26e/0x9d0 [ 581.380317][ T84] ? __mod_timer+0x409/0xca0 [ 581.384922][ T84] report_bug_entry+0xe1/0x290 [ 581.389696][ T84] ? ieee80211_set_active_links+0x2d7/0x9d0 [ 581.395596][ T84] handle_bug+0x1c9/0x2a0 [ 581.399941][ T84] exc_invalid_op+0x17/0x50 [ 581.404455][ T84] asm_exc_invalid_op+0x1a/0x20 [ 581.409309][ T84] RIP: 0010:ieee80211_set_active_links+0x2d7/0x9d0 [ 581.415819][ T84] Code: 06 00 00 e8 bb 76 05 f7 48 8b 34 24 48 81 c6 20 01 00 00 48 89 34 24 e8 a7 76 05 f7 48 8d 3d 20 d8 e7 05 48 8b 34 24 44 89 fa <67> 48 0f b9 3a e9 e0 fe ff ff e8 8a 76 05 f7 0f b7 c5 4c 8d bb 30 [ 581.435694][ T84] RSP: 0018:ffffc900025cfaf0 EFLAGS: 00010293 [ 581.441767][ T84] RAX: 0000000000000000 RBX: ffff88802976aa90 RCX: ffffffff8b0283fe [ 581.449740][ T84] RDX: 0000000000000000 RSI: ffff888029768120 RDI: ffffffff90ea5c80 [ 581.457715][ T84] RBP: 000000000000000a R08: 0000000000000005 R09: 0000000000000000 [ 581.465685][ T84] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880297697f8 [ 581.473656][ T84] R13: 0000000000000000 R14: ffff8880298c0e80 R15: 0000000000000000 [ 581.481635][ T84] ? ieee80211_set_active_links+0x26e/0x9d0 [ 581.487547][ T84] ? __lock_acquire+0x4a5/0x2630 [ 581.492586][ T84] ieee80211_if_parse_active_links+0xbb/0x120 [ 581.498672][ T84] ? __pfx_ieee80211_if_parse_active_links+0x10/0x10 [ 581.505372][ T84] ? lockdep_count_backward_deps+0xfa/0x140 [ 581.511276][ T84] ? ieee80211_if_write_sdata_handler+0x1a/0x90 [ 581.517639][ T84] ? __pfx_ieee80211_if_write_sdata_handler+0x10/0x10 [ 581.524419][ T84] wiphy_locked_debugfs_write_work+0xe6/0x1c0 [ 581.530503][ T84] ? trace_wiphy_work_run+0x73/0x240 [ 581.535795][ T84] cfg80211_wiphy_work+0x446/0x5c0 [ 581.540918][ T84] process_one_work+0x9d7/0x1920 [ 581.545885][ T84] ? __pfx_process_one_work+0x10/0x10 [ 581.551290][ T84] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 581.556961][ T84] worker_thread+0x5da/0xe40 [ 581.561599][ T84] ? kthread+0x13a/0x450 [ 581.565851][ T84] ? __pfx_worker_thread+0x10/0x10 [ 581.570975][ T84] kthread+0x370/0x450 [ 581.575055][ T84] ? __pfx_kthread+0x10/0x10 [ 581.579653][ T84] ret_from_fork+0x754/0xd80 [ 581.584265][ T84] ? __pfx_ret_from_fork+0x10/0x10 [ 581.589394][ T84] ? __switch_to+0x7b4/0x1120 [ 581.594079][ T84] ? __pfx_kthread+0x10/0x10 [ 581.598694][ T84] ret_from_fork_asm+0x1a/0x30 [ 581.603506][ T84] [ 581.606905][ T84] Kernel Offset: disabled [ 581.611231][ T84] Rebooting in 86400 seconds..