last executing test programs: 12m43.894699222s ago: executing program 3 (id=111): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/v4l-subdev7\x00', 0xc0803, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000000), 0xffffffffffffffff) socket(0x2, 0x801, 0x100) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010031bd7000fddbdf250c00000018000380110003807c48ae18f98fb3ddb5f303554f0000001800018014000200776c616e3000"/62], 0x44}, 0x1, 0x0, 0x0, 0x4008080}, 0x24048084) ioctl$auto(r0, 0xc0845658, r0) 12m43.578349472s ago: executing program 3 (id=114): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x7b) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) r2 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mq_timedsend$auto(r2, 0x0, 0x2, 0x9, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0)) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r3, 0x5001, 0x0) read$auto(r1, 0x0, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) socket(0x22, 0x3, 0x0) sendfile$auto(r0, r4, 0x0, 0x1000200) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000b00)='/dev/cuse\x00', 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r5 = io_uring_setup$auto(0x6, 0x0) socket(0x2, 0x801, 0x106) select$auto(0x5, 0x0, &(0x7f0000000140)={[0x9, 0x8, 0x3, 0x10, 0x3, 0x9, 0x9, 0xff, 0x3, 0x2, 0x2, 0x7, 0x100000001, 0x8000000000000001, 0x4, 0x9]}, 0x0, 0x0) r6 = socket(0x11, 0x80000, 0x84) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x460802, 0x0) ioctl$auto_MON_IOCX_MFETCH(0xffffffffffffffff, 0xc0109207, &(0x7f0000000180)={0x0, 0x3, 0x1830}) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'bond0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r8, r7, 0x0, 0x1ff, 0xffffffffffffffff, @relative_id=0x13, 0xe600}, 0xf) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'macvlan0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000280)={'veth0_macvtap\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PLCA_GET_STATUS(r5, &(0x7f0000000480)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000440)={&(0x7f0000000300)={0x110, 0x0, 0x400, 0x70bd28, 0x25dfdbfe, {}, [@ETHTOOL_A_PLCA_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip_vti0\x00'}]}, @ETHTOOL_A_PLCA_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_virt_wifi\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_PLCA_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_to_bond\x00'}, @ETHTOOL_A_HEADER_PHY_INDEX={0x8, 0x4, 0x8}]}, @ETHTOOL_A_PLCA_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7aac58c}]}, @ETHTOOL_A_PLCA_HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x4}]}, @ETHTOOL_A_PLCA_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}]}]}, 0x110}, 0x1, 0x0, 0x0, 0x20000008}, 0x20004000) 12m42.327769424s ago: executing program 3 (id=119): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0xa, 0x2, 0x3a) setsockopt$auto(r0, 0x29, 0x3b, &(0x7f0000000080)='\x15!\xa8^J/\xddCx4!\x00\xd3\x8f\x1e\x1b\xc3 \xe2\xa8\xd6\xd9\xc0\xa2\x0f\x88\xb1e\x8a\xd8?\xfe\xda\xc4\xef\xff(i\xc6@\x91[\vBj\x0eQ\xce\x16\'C\x8cYA\x92u\xd5\xb8\\\x82,\xe2=y\x9bR\xbcn\xa0c\x16~\x86\"t\xde\x14\xe4\xa5\xfe\xb5', 0x110) setsockopt$auto(0x400000000000003, 0x29, 0x37, 0xffffffffffffffff, 0x0) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) mmap$auto(0x0, 0x1000000002020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_KVM_GET_SUPPORTED_HV_CPUID(0xffffffffffffffff, 0xc008aec1, 0x0) mmap$auto(0x0, 0x2000a, 0x10000000000df, 0xeb2, 0x401, 0x8000) r2 = socket(0xa, 0x2, 0x88) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=r1, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb682167978b98b9976c2ef41"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40ca1) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x7, 0x7, 0xdf, 0x30, 0x69a5, 0x7) write$auto_ocfs2_control_fops_stack_user(0xffffffffffffffff, &(0x7f0000003900)='\t', 0x1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r3, 0x0, 0x20) io_cancel$auto(0x3, &(0x7f0000000000)={0x9, 0x40, 0xd, 0xd03, 0x1ff, 0xffffffffffffffff, 0x2, 0x8, 0x4a, 0x0, 0x1, r2}, &(0x7f0000000100)={0x5, 0xffffffffffffffff, 0x8, 0xae9}) mmap$auto(0x0, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) epoll_create$auto(0x4) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/cpuidle/current_governor\x00', 0xa42, 0x0) sendfile$auto(0xffffffffffffffff, r4, 0x0, 0x6) 12m38.42643566s ago: executing program 3 (id=136): mmap$auto(0x0, 0xc87, 0x5, 0xeb2, 0xffffffffffffffff, 0x1008000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x3, 0xff) (async) r0 = socket(0x9, 0x800, 0x1) mmap$auto(0x3, 0x40009, 0xe3, 0x9b72, r0, 0x28000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) (async) r1 = socket(0x1d, 0x6, 0x4) (async) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@l2={0x1f, 0x2, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x12}, 0xd}, 0x50) (async) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0x40000000000000df, 0x19b72, r1, 0xfffffffffffffffa) (async) recvfrom$auto(r1, &(0x7f0000000140)="2512683702c78aa366adde5483233ba62b5f1b0aa86d8137bc9e30cb56cbc69805ea2abbfb20dbed8e619f86d21290031ad3ff89dccea2abedcc8754725987450ef20d0111117f0b641631eecdaa6e7b0de194b5487fa6496ac851c8ba202961d0048e96c98298407192a22aab433167b74e190835b5c5f049a17f4e1b0e2c0bdb7c72dd3279a7eb42e48f26ecf8f7daee9d38c811405c0fe91bfeca6449723bebfc04628d49189a73f80d8a642a2306139006be", 0x100, 0x4, 0x0, 0x0) (async) capset$auto(0x0, 0x0) sendmsg$auto_MACSEC_CMD_DEL_TXSA(r1, &(0x7f00000056c0)={0x0, 0x0, &(0x7f0000005680)={&(0x7f00000000c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x20000050}, 0x20008090) (async) close_range$auto(0x2, 0x8, 0x0) (async) r2 = socket(0xa, 0x2, 0x0) r3 = socket(0x2, 0x2, 0x9) (async) close_range$auto(0x2, 0x8000, 0x0) open(0x0, 0xa22c0, 0x155) (async) r4 = socket(0x11, 0x80003, 0x3ff) setsockopt$auto(r4, 0x107, 0xf, 0x0, 0x6) (async) capset$auto(0x0, &(0x7f0000000000)={0x1, 0xc8, 0x48}) (async) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x48080}, 0x4004) (async) sendmmsg$auto(r3, &(0x7f00000006c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x4b}, 0x3, 0x0, 0x5}, 0x5}, 0x2, 0x3) (async) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) (async) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) (async) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 12m36.815777662s ago: executing program 3 (id=145): mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) futex$auto(0xfffffffffffffffd, 0x7, 0x5, 0x0, 0x0, 0x8) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) io_uring_setup$auto(0x9, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = open(&(0x7f0000000100)='.\x00', 0x0, 0x57e) fcntl$auto_F_ADD_SEALS(r0, 0x410, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone3(&(0x7f0000000180)={0xa7102000, 0x0, 0x0, 0x0, {0x2a}, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x2}, 0x58) r2 = openat$auto_ftrace_formats_fops_trace_printk(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/printk_formats\x00', 0x109000, 0x0) fchown$auto(r2, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) pipe2$auto(0x0, 0x80) syz_clone(0x84480000, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket(0x2, 0x1, 0x106) getsockopt$auto_SO_NOFCS(r3, 0x6, 0x2b, 0x0, 0x0) fchmod$auto(r1, 0x7439) 12m35.795396141s ago: executing program 3 (id=150): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/zram0/initstate\x00', 0x42000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000020c0)=""/4143, 0x102f) (fail_nth: 2) 12m20.362718552s ago: executing program 32 (id=150): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/zram0/initstate\x00', 0x42000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f00000020c0)=""/4143, 0x102f) (fail_nth: 2) 4m51.788486011s ago: executing program 0 (id=1912): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_NETDEV_CMD_PAGE_POOL_GET(0xffffffffffffffff, 0x0, 0x10) fcntl$auto_F_SETSIG(0xffffffffffffffff, 0xa, 0x400000000000) mmap$auto(0x1, 0x2, 0x44000000000dd, 0x17, 0x401, 0x7fff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39) write$auto(r0, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) 4m50.353610439s ago: executing program 0 (id=1917): r0 = openat$auto_stat_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x28c80, 0x0) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) mount$auto(0x0, &(0x7f0000000280)='}[,&*}\x00', &(0x7f0000000140)='nfsd\x00', 0x10001, 0x0) mount$auto(0x0, &(0x7f0000000740)='}[,&*}\x00', 0x0, 0xfffe, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r0, 0x8000) r1 = socket(0xa, 0x3, 0x5) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vhci_hcd.9/usbmon/usbmon28/power/runtime_suspended_time\x00', 0x400, 0x0) sendmmsg$auto(r1, &(0x7f0000000180)={{&(0x7f0000000040), 0x19, 0x0, 0x0, &(0x7f0000000040), 0x2, 0x80008003}, 0x8}, 0x5, 0x1c) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20002, 0x0) getxattrat$auto(0xffffffffffffff9c, &(0x7f00000001c0)='}[,&*}\x00', 0x40, &(0x7f0000000200)='),\x00', &(0x7f0000000240)={0x8, 0xb9, 0x3}, 0x4) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/system/cpu/vulnerabilities/mds\x00', 0xc3100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000040)=""/49, 0x31) pwrite64$auto(0xc8, 0x0, 0xfdf2, 0x3a) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) write$auto(0x3, 0x0, 0xfffffdf2) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r4, 0x1, 0x7ff) 4m50.130036303s ago: executing program 0 (id=1919): mmap$auto(0x0, 0x4, 0xdf, 0x80000000000eb1, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = getpid() process_vm_readv$auto(r0, &(0x7f00000001c0)={0x0, 0xfff}, 0x3, &(0x7f0000000280)={&(0x7f0000000100)="6c4bc0", 0xffffffff}, 0x6, 0x0) ioctl$auto_BLKTRACESETUP32(0xffffffffffffffff, 0xc0401273, &(0x7f0000000000)={"4a3520f871a9c1ae71b7cfeb0ed9e25037227d576671461179ed0939038c9120", 0x1, 0x6, 0x1ff, 0x200, 0x1, 0xffffffffffffffff}) gettid() mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) r1 = open(0x0, 0x10840, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) (async) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) mmap$auto(0x0, 0x1, 0xfd5, 0x12, r1, 0x0) (async) mmap$auto(0x0, 0x1, 0xfd5, 0x12, r1, 0x0) mmap$auto(0x9, 0x1ff, 0x4, 0x14, 0x3, 0x0) socket(0xa, 0x3, 0x73) mmap$auto(0xfffffffffffffff9, 0x2000a, 0x100000000009f, 0xeb2, 0x401, 0x8000) (async) mmap$auto(0xfffffffffffffff9, 0x2000a, 0x100000000009f, 0xeb2, 0x401, 0x8000) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) (async) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, 0x0, 0x668401, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/reset\x00', 0xa001, 0x0) (async) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/zram0/reset\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x01\x00\x01\x00\x00\x00\x00\x00\xc7k', 0x81) (async) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x01\x00\x01\x00\x00\x00\x00\x00\xc7k', 0x81) write$auto(r2, &(0x7f00000000c0)='/dev/audio1\x00', 0x100000a3d9) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x2, 0x0, 0x3, 0x0, 0xfffffffffffffffc, 0x2}, 0xed7138c}, 0x2, 0xd15f) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8800, 0x0) (async) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8800, 0x0) socket(0xa, 0x5, 0x84) (async) r4 = socket(0xa, 0x5, 0x84) sendto$auto(r4, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) (async) sendto$auto(r4, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe80000700"}, 0x1c) 4m49.150672646s ago: executing program 0 (id=1924): write$auto(0xffffffffffffffff, &(0x7f0000000100)='\x00', 0xfffffffffffffffa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x800008000) r0 = socketcall$auto(0xffe, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) socket(0x11, 0x80003, 0x300) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/irq/default_smp_affinity\x00', 0x48041, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) io_uring_setup$auto(0x2, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyzd\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x20461, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) socketpair$auto(0x5b, 0x2, 0x420000, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r1, 0x5437, 0x0) (fail_nth: 4) close_range$auto(0x2, 0x8, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto(0x3, 0x4010ae67, r0) sysfs$auto(0x2, 0x17, 0x0) close_range$auto(0x2, 0x8, 0x0) 4m47.864407571s ago: executing program 0 (id=1929): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0x11, 0x80003, 0x300) mmap$auto(0x0, 0x20009, 0x4000000800df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x3f000000) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) 4m47.472177985s ago: executing program 0 (id=1932): r0 = openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f00000000c0), 0x581800, 0x0) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, r0, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000380), r2) sendmsg$auto_BATADV_CMD_SET_MESH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010028bd7000fbdbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500300001000000140007006e65030063693000000000000000000053a52c87e6e1337f9bba16747e8df89f8741ad9205002f0000000000"], 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) syslog$auto_SYSLOG_ACTION_READ_CLEAR(0x4, 0x0, 0x100) mknod$auto(0x0, 0x1001, 0x4) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000140)={0x426c0, 0x20, 0x20}, 0x18) ioctl$auto(0xffffffffffffffff, 0x4008af03, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x2, 0x800000000000fb) madvise$auto(0x0, 0xffffffffffff0005, 0x19) landlock_restrict_self$auto(0xffffffffffffffff, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r5 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, 0x0, 0x505100, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) sysfs$auto(0x2, 0x1e, 0x0) ioctl$auto_TUNSETVNETLE2(r5, 0x400454dc, 0x0) write$auto(0x3, 0x0, 0xfdf3) socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, 0x0, 0xfffffff8, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 4m32.208172306s ago: executing program 33 (id=1932): r0 = openat$auto_virtual_ncidev_fops_virtual_ncidev(0xffffffffffffff9c, &(0x7f00000000c0), 0x581800, 0x0) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, r0, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000f40)={'batadv0\x00', 0x0}) r4 = syz_genetlink_get_family_id$auto_batadv(&(0x7f0000000380), r2) sendmsg$auto_BATADV_CMD_SET_MESH(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010028bd7000fbdbdf250f00000008000300", @ANYRES32=r3, @ANYBLOB="0500300001000000140007006e65030063693000000000000000000053a52c87e6e1337f9bba16747e8df89f8741ad9205002f0000000000"], 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x140080e4) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, r1, 0x8000) syslog$auto_SYSLOG_ACTION_READ_CLEAR(0x4, 0x0, 0x100) mknod$auto(0x0, 0x1001, 0x4) openat2$dir(0xffffffffffffff9c, 0x0, &(0x7f0000000140)={0x426c0, 0x20, 0x20}, 0x18) ioctl$auto(0xffffffffffffffff, 0x4008af03, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x2, 0x800000000000fb) madvise$auto(0x0, 0xffffffffffff0005, 0x19) landlock_restrict_self$auto(0xffffffffffffffff, 0x4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) r5 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) openat$auto_debugfs_devm_entry_ops_file(0xffffffffffffff9c, 0x0, 0x505100, 0x0) ioctl$auto(0x3, 0x400454ca, 0x38) sysfs$auto(0x2, 0x1e, 0x0) ioctl$auto_TUNSETVNETLE2(r5, 0x400454dc, 0x0) write$auto(0x3, 0x0, 0xfdf3) socket(0x10, 0x2, 0x0) sendmmsg$auto(r2, 0x0, 0xfffffff8, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 11.832048967s ago: executing program 4 (id=2919): openat$auto_proc_setgroups_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/setgroups\x00', 0x149002, 0x0) write$auto(0xffffffffffffffff, 0x0, 0xa) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x9) bind$auto(0x3, &(0x7f0000000000)=@nl=@kern={0x10, 0x0, 0x24, 0x400000}, 0x68) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000180)=ANY=[@ANYBLOB="e3402ab3e5d0bf6c6d771759d2067fb4d3f1c508418c7ff211b8f428577b43d10ea911c68e71f0aaf3e7b0214d4455e12aa76530333096a763d1a5981714f018e10491edf11baa16540a5f80b9ce95ad879be26134e5e6e02b0d1d1a703520a699cc757b8020f33770e8c28e05d3967daeeff5d18dc1a6f5546505876239bbf4e44889155972eae5ff1286cff8", @ANYRESHEX=0x0, @ANYRES16=r0, @ANYRES8=r1, @ANYRESHEX=r2], 0x14}}, 0x24048085) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x103003, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto_UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, &(0x7f0000000040)=0x7fffffff) io_uring_setup$auto(0x2008, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8000, 0x0) 9.152928277s ago: executing program 5 (id=2921): r0 = socket(0x23, 0x3, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000200)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x40098d1}, 0x20009004) write$auto(r0, &(0x7f0000000100)='\x00', 0xfffffffffffffffa) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/remove\x00', 0xa001, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) memfd_secret$auto(0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x17, 0x0) mbind$auto(0x85, 0xffffffffffffffe0, 0x9, &(0x7f0000000040)=0x9, 0x6, 0x5) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r1, 0x1, &(0x7f0000000000)='-\x00', &(0x7f0000000040), 0x0) setrlimit$auto(0x7ffb, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x40004) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) syz_clone3(&(0x7f0000000340)={0x1045100, 0x0, 0x0, 0x0, {0x31}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000980)='/proc/self/pagemap\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x39b8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/mac80211_hwsim/hwsim14/power/autosuspend_delay_ms\x00', 0x167b02, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/devices/virtual/net/bond0/bonding/arp_ip_target\x00', 0xa0002, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14be02, 0x0) ioctl$auto_BLKFLSBUF(r3, 0x1261, 0x0) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) 8.24206727s ago: executing program 4 (id=2923): bind$auto(0x3, &(0x7f0000000100)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/net/bond0/bonding/arp_validate\x00', 0x2002, 0x0) r0 = prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mbind$auto(0x2000, 0x7, 0x100000000, 0x0, 0x5, 0x2) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) fanotify_init$auto(0x5, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/advisor_target_scan_time\x00', 0x201, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.prio.class\x00', 0x183042, 0x0) pwritev$auto(r1, &(0x7f0000000100)={&(0x7f00000000c0), 0x8fe}, 0x3ff, 0x4, 0x4) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_GTP_CMD_ECHOREQ(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="ddffff", @ANYRES16=0x0, @ANYBLOB="01002abd7000fbdbdf2503000000080001"], 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x40000d4) sendmsg$auto_OVS_DP_CMD_DEL(0xffffffffffffffff, 0x0, 0x4001090) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) socket(0xa, 0x801, 0x84) readv$auto(0x3, 0x0, 0x9) socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f0026bd7000fcdbdf9907"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="18000000", @ANYBLOB='V'], 0x1ac}}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0xffffffff, &(0x7f0000000100)={0x0, 0xfc1}, 0x5, 0x0, 0x1, 0xa505}, 0x1800}, 0x9, 0x4008) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptys5\x00', 0x2000, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TIOCSTI2(r2, 0x5412, &(0x7f0000000200)="ff") 7.310508091s ago: executing program 4 (id=2929): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ptyu7\x00', 0x103040, 0x0) ioctl$auto(0x3, 0x540f, 0xffffffffffffffff) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, r0, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/irq/5/name\x00', 0x20800, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000001540)=""/4082, 0xff2) mmap$auto(0xffffffffffffff82, 0x20000a00004, 0x400002, 0x15, 0x602, 0x5) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x96141, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.6/usb7/quirks\x00', 0x80100, 0x0) socket(0x2, 0x1, 0xe6) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'ip6_vti0\x00'}) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f00000003c0)=""/122, 0x7a) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1214c2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="01002be87a31bd70fff9dbdf250100000006000200010000000500070058000000080009000800000008000a000800000014001f00000000000000000000000000000000001400200000000000000000000000ffffac"], 0x5c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) fsetxattr$auto(0x1, 0x0, 0x0, 0x4, 0x6) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/personality\x00', 0x4000, 0x0) fsetxattr$auto(r2, &(0x7f0000000380)='#\'!-^\x98\'\x00', &(0x7f0000002540)="7af535ac1874e73a99bf57b359c138d735a68d64b93ac93940ae09cf35ca5a6982a985903ddb1aafe0cadec24b755798b07040ef8966583bb5fdfeba788fa1223ea92787472033bf04f31876d236ee429cffd6288638d820ac0fe9134156b4008b6c004ef3355a77ad94ebfa9be13003784ebb431ff787329266bbb06e16031b599be47b2d23a83bb91d27808ad58871cb58bf23e1d7cdcb8e9cff7fbdce3072858b7868ffa1d5ef20b72dbfa71b0dbbf041caba13c9a8e1ee0a6dfeb3ae543f207c39f571551158e39fd1a48918a4442da18ef721ff1bff5f7f4356ce3ca212df0d6bbe7f173f52e98543cf1b035587956e36237a3828fcee44e87eb4a31eaf6d5a213b462c152115b2198c7b446103ea92c141f5fba41b9de14a4afb3b769a49965d33f2352f0f1d05b89f72abe0447dcfbaf66e78900336e528da8a5b18a156f680404156638eb663e065b0051fd98b2a45ee13b280770366ad5e59bf508b734eda81e0a8e6e3f90cecc784c1b6a84be90460a40ac56598d56f4716e95e0bd57c13780f04d6031de7786901b95c93446461e16f4f5558d65afebf55a3d31732e946f0e7fb2a8f6b08531f4381a0bddc86bd5afdbebf859c4a35f95052b1b362f9d96c4b483694676621cb99f07820548238a8fe2f1751e46d41025ea603c26799f951c682036b06a74a8101d66a4ce28497b04b971346d90ec42c5f04bf227ea8ae442f9e9e6234b039dddd4a8075acd1a063e8b1cfa60990e313ffc18565ab3e477216cd10cc7dbcbe4e0ac50403e57db022a37a25325bfad8f6ef0f091fced9c7f99847811f8e14e94d7239a964f17f74edae69ef2a5a1f3a9244ec8699cec0d65e62faed19375b1907209197853101b294bbaae2269203dc2292df2b3952d079413bbfbaa52f7697babc6e820f7c156b9dde68408b011ca1f0f8a3db9a3d6beca901a20e594cefd1d0f543e670170912cd28c01cd69f541c9475f8812b2adcd5b08f58366d1a8744d0db805629021e3cf863d37bc9fb23168fe19d0cd1bb38fe66cba76ad16e0ceeccd8e617ce1a26bcda28944e91070527084f3148f0d85aec9752218634fd07ce6b476dbfaf644862c10ed7808c6da1aeec8c3189a0f1e6c611b8fa0ab346db346d2ca306b3063935697231cd6f4cc0138d8bacd8e311503b303ae2cc0fb79fc9f3f944969f8e05fc4232c044706476929ef191e817be13baba1ac38a05dc74acb6d6a5ef712c8f02cc5907158bfb82a51543972be11b8f34a4caebb9ff2c4aa34fcd7323a9080dc6e8baccc3f18b58502216d40fd805fc56adf442f6f6eee18151f5177c66c48359ff5c821a12c0fa4d2a9045ce5abef28af2750ea416e38b1ba0562ca1cd152e3c7aba55bece4289ce5bba398b2ba516964cfd3ad798b0738c17483d3150361d196db521ff402c6ccb436facfe4ab86117a4d65323b99a5a256b89efef247795b5ea5512a7237e32011ebef92122a83db4ae0a446ce7f28e6c47dd0451de232a8ec541d04bef2087dd92142f666d4cff8afbec759cd31796411463f6f9ba67a80187c74e29a51e7bcc29f8b96714473c4a2ce1d02378209d5470e8720694e85f76a36cea6a9495c088ac775c0a9aaf7401189969d49247b9d1afdb479b105eccb2d81fef1e15fa0540935ed692f282d0075f2f3cec510574a6c35bbf3901577aea0416e36c51162974c63e7cb14a279be1bcf9499c516dda026ebc28caff5b7187469d5735361ac0adae808265f39d8e70783975fbee44da448ac93c49074111b474b43dc5d8b4516385ba24d76ebc22c61b0fc47a4c2ffd3dc086561c1553ca2e3f64f229c20db6ef9a630b1b19004c4545438c7fc2aac303dc9e14222340e4361882850e680a091e4ee5e9d60d172191596caba2bafb0f53b6792bfe819409dab3903a07a4d93e9e9146abe6d115544053a94e8226adece71397b768cb5da9fe5803615d901ace8ae1a27212f87baf712f9d769db06fca2db44f7e0f11d4e5dd734a67d920535a465c5cb32bac619afcecbaebffd6b5c4f93ad8f57621f87f13392073ac50c89812975443d6f814123404c8a1e849c6c3df4a6b2eedded92a673ac30fd497d413ef4505e709e68f9016513256576181bd0f7b21a42b6e0164762a45fc66864695fc5a5fd9144f0497bea8b7ab33b4b936a3599d378a9cf11622229e2ad63b477d28ce0655b0db08debda34e08080d4e295746c604d830483dc6009b015ac24b781ebd162a3fc83ad6313352591ebedb9720668b163a0d2a318f477a6cebce27c752c3627775b7e2abaeb006b4f4a2fefea9278135d05e66cb3f966651710059ae0aa50cb8da10091258089d70494f1f871667e5f45036230975b200e966be384d5d41e4b5eb5c115fe1cae9e63af0b6946ea952556e93556221c33ae4911d5281edf1f43f0abd5d42abf40943ecccee1c09fb095bd8bf578bb5a0ee33367e094e6f57a776c99d52db4201a497a21b51a5c3ca8da0f867b341683541506c5267c2516e52b496ae3e08c3a667314e6cfbec58581a98da6cc9ee9cd48b23fc4add2efde1d54f81b238d2d21c6b3b7c441549ebe4f6d0550c4c8f245afb833f22cdfcd8d7c92cf875bfb8b5007596ef9f9d9003e8f95f3280d9ee4be5701831d30f3f1ddb8b6385f62ff04d9f0bf5b91bcc6587d9197e8dc98110ea13a330770258ee990d329c4fd0aaac108322e5131bc35d8aa9b92fdc1bf53f2ada8dabd854583dd5fb51bc016757b462e25da2a362cd8b04d66de3367f66eb127104f18a142f5526b555382683e795b6cb12bd0b3e0a399585a95c0b67675b9baf5667d3069b79feab6d1c53536ec8bb53178be3a6483703bed5b7889d82304f8d687eb8f57697011f7eb84c5902b02d23214026221660fd2964c8d58e2e5241e31a138116050e84ac9bf190ef7efdf36476746dc20dbd796810c32d5bdc9f0d962b40d35057048ff0ccffb7e49c63e056b153e5c1e0dd77f97bf49af9d936e3fafddb1d36359aeb62c10eae371898960290a4cceb0ab399bb121600760d5213ebc9e2300098f5338d2ec95a96a73fb4381bac3ec52baf3560110acd970e71adab847da85f93e21aa1d4f9f816f126737d33ac6ab4ec79a460128bc92b99e7fbdd4e4971ca291f4e664ee39a192a149c1925f9938912d87ca7ea25978d4e272b1c1c83bd64ed15dea23e836d147ac06338209fb7f38db1e0e39fbd52765de37bbb3c7e491bf4a579e874c01399fc64fa3974a36f6f8ae4415374ed4ba2bb24736807b35e78a30452f1696e8633d1da474b2606df70330e098e0774b0e87a349ee297acf277117d1520dfd96080361fa1b22ecd5b24f51acf1c90c4676a25059922a71ea54c83324bc9ae12a3d9019cdd4a2c4b4718228df205fb9c7a7725b46d22268deeaa1907956f0b94c83849e06e7f274526454983d9295e83d5a625cc99b0bb5bcf0cc10487fe8c097f8d50c3722342741d45ef97ca13000779d2043d0ce395657f79f409552fc49782f91ce68606d208643d2fb0f868e5dcac1c29152740499cfbec78ace5af443af6413a5faa4e02309e81c178be98d11a9e6254a49af1e4f9f40f3062ad329fa125aa2abfc6d85de0e016a7f87ce7cbab4079840fd5ff2bfeb79ec4b09a978c9b70333772ef852512f168b23889fb4d74d6ed8e6c8a9db2fa0c7be931ba76aa5bc81fb13588b66e7b523bae143cead76877e3b185ac0930e7c3d1bcf73a4ed5dd1e6a1a5329ba62ce40bcac805baf9283a1d12c437ff75ead624d27a63a8df68c8bf9751919e396934ffc689270a53238efa5d8577699bffa957d4ad874a6291668720a06224a03a11cb0e939fe02f3270259c334be6ffe5faa52dfdbfa8c21ae3e926a9b3f9d876250892d8ec56845c50e904b30d14fe90308fd32633e27313f72545bde4e43ec8762279bae0cf7ba12d204b3e70a2fcbaa8f3264dc199391c9319089c722ce9d4eaee089d4c3c0be68cdbe91269d1422ceab0936f65fcaca65c46b8e2128fbf8be88ca77415884bc2328bf5b638e0c09e377df7d90dac77fba8950aef2a5aa3d69ed992cc9155934fdd225032cf1c534b79746e128fcb0abeb017347abbf20ad9f564db6fd4bae3b2080da8e8ebb316dc147e3c0fe72c41e18b772ac738fa6fe3e1d955b30344202a774062e13fbb190890a607a7db3507e93b925c47a09a5671b1e8b981af5056b91818d78a328ca69a9ed9fe23503ac15970104f5a07feabb4678cce0d1e0f5289c266446d8bd662a760c6a90c2fdd0fc0efd5870b9aff8950f4952800c8d9daa07e69720f48e0a9ebc93242b22ad99013a9f22", 0x8000000000000001, 0xd) write$auto(r3, 0x0, 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.3/usb15/15-0:1.0/usb15-port2/over_current_count\x00', 0x2000, 0x0) keyctl$auto_KEYCTL_INSTANTIATE_IOV(0x14, 0x40, 0x8, 0x34d, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sg0\x00', 0x8081, 0x0) close_range$auto(0x2, 0x8, 0x0) 6.787092082s ago: executing program 2 (id=2932): memfd_secret$auto(0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0xc0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x6) r1 = socket(0x2, 0x1, 0x0) close_range$auto(r1, r0, 0x8000) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x4e24, @remote}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800008}, 0x5, 0x20000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r2, 0x0, 0x400000000006) shutdown$auto(r1, 0x2) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x22a02, 0x0) write$auto(r3, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) accept4$auto(r3, 0x0, 0x0, 0xb83b) mremap$auto(0xc7, 0x4, 0x13, 0xb, 0x100000000) 6.178942626s ago: executing program 1 (id=2934): mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) (async) r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4004810}, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) r1 = socket(0x10, 0x2, 0x4) socket(0x10, 0x3, 0x6) (async) sendmsg$auto_NL80211_CMD_DEL_PMK(r1, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x40) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="f0020000", @ANYRES16=r0, @ANYBLOB="01002dbd7000fedbdf2505000000da0203800800c000e000000204002a000400110008002e00", @ANYRES32, @ANYBLOB="d152e64e22695352dd73864415aa8a78c65e6ab752fb4d469a47a092ae7d5061cdd9690cac4138553ecfbb1b32dd7c", @ANYBLOB], 0x2f0}, 0x1, 0x0, 0x0, 0x40000}, 0x20044050) (async) r2 = socket(0x8, 0x4, 0x1) setsockopt$auto(r2, 0x0, 0x28, 0x0, 0xc) io_uring_setup$auto(0x7ffffffb, &(0x7f00000004c0)={0x52, 0xd, 0x6, 0x81, 0x7, 0x8, 0xffffffffffffffff, [0x4000, 0x0, 0x4], {0x1, 0x6, 0x8c48, 0x29f, 0x100, 0x2, 0xb831, 0x5, 0x2}, {0x100, 0x20001, 0x4, 0x5, 0xfffffffe, 0x0, 0x76c5, 0x8, 0x100000000}}) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0x2, 0x1, 0x6) (async) openat$auto_ftrace_event_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/events/vmalloc/free_vmap_area_noflush/filter\x00', 0x602, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8502, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (async) prctl$auto(0x1000000003b, 0x100001, 0x4, 0x80a, 0x6) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_FBIOPUT_VSCREENINFO(r3, 0x4601, 0x0) socket(0x10, 0x2, 0x0) (async) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x3, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1c001b"], 0x1ac}}, 0x40000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x4000, 0x0) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0x7}, 0x2, 0x0, 0x0, 0x9}, 0x1537}, 0x3, 0x0) 6.176150194s ago: executing program 2 (id=2935): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000000040), r0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000008080)={0x40, r1, 0x1b, 0x70bd26, 0x25dfdbfd, {}, [@OVS_PACKET_ATTR_PROBE={0x4}, @OVS_PACKET_ATTR_ACTIONS={0x10, 0x3, 0x0, 0x1, [@nested={0xc, 0x17, 0x0, 0x1, [@nested={0x4, 0x7f}, @generic="1047b707"]}]}, @OVS_PACKET_ATTR_PACKET={0x12, 0x1, "898771f1c19f1779048590828847"}, @OVS_PACKET_ATTR_KEY={0x4}]}, 0x40}, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socketpair$auto(0x1e, 0x5, 0xfffffffe, 0x0) socket(0x25, 0x1, 0x0) mmap$auto(0x0, 0x4, 0x9c07, 0x9b72, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x787b, 0x6fffffc) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) r3 = io_uring_setup$auto(0xfffffffb, &(0x7f0000000080)={0x80000003, 0x6, 0x4002, 0x6, 0x4, 0x8, r2, [0xfffffffe, 0x0, 0xfffffffe], {0x9, 0x6, 0xe, 0x29f, 0xfd, 0x7f, 0x101, 0x6, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) r5 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r6 = setfsuid$auto(0xee00) r7 = setfsuid$auto(0xee01) setresuid$auto(r6, r7, r6) ioctl$auto(r5, 0x4b37, 0xffffffffffffffff) acct$auto(&(0x7f00000000c0)='/dev/nbd0\x00') unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) setuid$auto(0x800000000008) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) clone3$auto(&(0x7f0000000000)={0x200, 0x5, 0x7, 0x2, 0x1, 0x87, 0x8, 0xb, 0x4, 0x2, 0xcb6}, 0xaa) socket$nl_generic(0x10, 0x3, 0x10) mq_open$auto(&(0x7f00000000c0)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0xa7e, 0x6, &(0x7f0000000100)={0x2, 0x200, 0x9, 0xd}) madvise$auto(0x0, 0x2003f0, 0x15) r8 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000040), r3) sendmsg$auto_IPVS_CMD_ZERO(r4, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000280)={0x14c, r8, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x138, 0x1, 0x0, 0x1, [@generic="3c9eb215f55901074024f21e2306acd6131d54d306d8ad283a8f9a3134a51a47e979f73dd0eb6f0ba9baec3bdae6685ff81244bb00a499a859d2da2f88715ad5cbb930439e9fd17517ebb46e150a45dadb2f22c8dfc0", @generic="1a570990072156fbd1e8db0fd5f386987f6e164cfb2e783ac2a7e2e9b620dd5d8d4ee25fc3105e235819d0ec56128d22998fc77d978561bb130cd5368af04c64d6e3d62ea09a281840ba14210724d9ed5b4eff81b16175b6c29c93410417585373338c04a24e", @nested={0x76, 0x7b, 0x0, 0x1, [@nested={0x4, 0x10c}, @typed={0x4, 0x9b}, @generic="892121afea973d579a357be7977d65cf73128fbf5081c1fd44128dd1ba751e96418e2e521fe5e86e05f9eb0c02c6ac6d6e33a024115fc87fde66b9ca936cd528a9b3c33f09de132093283c1b03b11c978bb64cca7c248e773a79a90324f0d01b0818ad648508c8fb04ef"]}]}]}, 0x14c}, 0x1, 0x0, 0x0, 0x4000800}, 0x0) 6.171895232s ago: executing program 4 (id=2936): pipe2$auto(0x0, 0x0) r0 = open_tree_attr$auto(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x4) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_STOP_OLD(r0, 0x5421, &(0x7f0000000100)="3e9c7eaee5fafe68678b7f5e1648142b11c29c62ff58898ad47401e20a80535bbdf95a24c3c887c5311dc635af40547b5b0f67de14c757d510f892b993") socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0) r2 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r2, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0xf3a}}) r3 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ptrace$auto_PTRACE_SECCOMP_GET_METADATA(0x420d, 0x0, 0x7, 0x4) read$auto_vhci_fops_hci_vhci(r3, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x200948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x6, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) ioctl$auto_MON_IOCX_MFETCH(r1, 0xc0109207, &(0x7f0000000180)={&(0x7f0000000140)=0xfffffffe, 0x3}) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) acct$auto(&(0x7f00000001c0)='/dev/vhci\x00') madvise$auto(0x0, 0xffffffffffff0005, 0x4000018) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) lstat$auto(&(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x1000, 0x3, 0x89f, 0x5, 0xee00, 0xffffffffffffffff, 0x0, 0x5, 0xa37, 0x2, 0xb, 0x100000001, 0x3fa, 0xd, 0x8, 0x0, 0xa}) r5 = getpid() pidfd_open$auto(r5, 0x0) shmctl$auto_IPC_SET(0xa, 0x1, &(0x7f0000000380)={{0x5, 0x0, r4, 0x695a, 0x5, 0x5, 0x9}, 0x400, 0x7fffffffffffffff, 0xf, 0x2, @inferred=r5, @inferred, 0x1, 0x0, &(0x7f0000000300)="87e645d232c3f26a114fb3ad46a75cea79d7fdd03adf670c259ce8f8ac8b3167973299b018b023350ca5c41d6bacbe4527af36d708a8644540c4172c84015d6b183fde87155f870b8e7e8c58727809c385649d4fbc929cef84b71c4c8e8052c7fd513c084d5c763cc778fda1d16ef261b3345fecf7a8aa", &(0x7f0000001180)="1c6db4e0ec48ff2348c6964f3ff574e968922574ea1566be6c9d38d1ae7c981c992b078f0deb7aff3c4487624184d033e8746d66d3697b3ec0e46ac0f54c267e362fe71c2d44b4515a21c1b8ba92cfeaa41d59d9d853fa6e95b387c1c2ec4a9ecec5008ec42b08cc313a798e0d0ca447036b4c1ed3ae785d300a5586498187626228bd02ff798b9a2c95af1ca64c8a3b605d7e78f8462e4e3500c6fc7d5786b4f12799508a8e41482f9bb04e8ab798f0a0367fe88eb2f94d151b752a0b9ca6136539b1ca3c33b8daa87ecaedb7b3a6021e1e41f4b6406a581d3f08df1cf640477f178617a4dbea81df372b22a76adcdfd7e4a05fcaeb6f70b53093198708db6a219af190737f34013c6de0937c33a685c8a1f826980106ac671467ee88b2f08f65f803579a367ed8c6b5a468548a4bc8340bd4ccfb271c9ce7e1649784df855e967c0483a675d2aec443252ccb3851fe51e875121f8f0a5d2fbd4dc9118197cfcea6d3ebaa751060179cdc461bbb97de88d0b2f6000a63fae566bd7df3620fae936f2e5551a9c1e870fbfefedebfde9de7d27f5f64f5f959577a7c2bc6b7ca4d7ef95ce192b6883431e93ce05706be0de7d44d51f98e8f8fc62b90b3200ad7b5e49f02bae9fc4130677fcfab19fcc13de9e03035659577316f443e09d6b54971bbc289f66b3d26b02b4f03fb4a2d45f4f5c6bee3021db3e8511917922ecd07c5d7836fd1c6611e0921cee0b74f94aea0888d46afd69a2f6bd8451544d9bcf8bdb14ca35591b041e5337d74eff917317ce7d8710d1b1f9b1b2882484058d8416715c28c2794f87859a4353edbd44c58820068eaf7e459aa329bbbeccf9ab7606e6c05c8625b1eb35323c50c8dbf856a0061f41abe0111337dfe506d8bc2b4d7300a9060c0e27a09a03f6cc8ff02c396f82200d502becde782ccdbbcf34b053d15cccfefada41847547a183237bd95a26e6bd8d334348d241ee7b9abfecda2a48cd2e862117d025bc0c940ba9dbfc451da2030bdd5696159713bbd06192da15f2366a7e22faef030a3c71e60e45661f1a9ce3a3b823c9a8b5cb0f14b8152d1e2371b8e1749714466e3840267a14ac6bda7fb566cfe84c0af342496f8ec53f5a713da395783e38e75d8e9a332cdf880bf16dcf3415995fc095e253c5d90e53a5fb1946ef015e806a07a5253a4efab35b8184bb522561304692e89384fc5e3b0b77a1cf1f95e76185be69f7c4f6803403d290f642c606361cb1b678bb3953faf15d0f8644bb4f47fe9fa32a2b9c2150e7d0b3cdf5d5be7ff17f182a3034ddf87222c7426837b78917cacc6f207872c9d038efd42e10e3daf757611c8e243b8546470153fc37da945ed3cbbc3ffc7ba64802d5d85de621be1fc402787bead00cf73e4494f850f7e2b4aca6d39bbe5d90c3f46f6e6064725a84a871d434a269c21af6fa32b1bcd38c5cebd46edd2a38711deca0b68e011d800d32d0f15b587ab217ba147fe1155fac5f117b3f44212e9143390f30a6ebd195ac0e41c27ac098341f17ad866eaad97bcac34ad2937a7be2b2e54775251f3339ceef29369e5d3bdb2fa8f9cbb87e8b7310d8bfd6aef9e5a91503f0763a1cff9a684342cb5c12825fbfeef76b3b9be11a547ff99db7aadac712bfda9697166d4909b127c7be3119b567592cec807f1546058bb26c07fd899370a23955f1d67d522c31867b2c2a13e8c0b6f94c5a53c2df002993c1e55a1c92354c6642ffdc48eddc2ec8d284fc17b91958bbebd45c1dc25823badf087c07196c795e41f5143dc66ad17a5292d07ea16210b15e594aa5f6dfcc5a04f7b07bc3e8f1b47765f505b5de3b576f1ec9f462c9eb1b26e7a5e1333c19d6dc9b3754cfdfc9cd204d47ab753372cd4b90e70b348389938d63a1dae49fd87037d0c036b74ebc0b414e8264722185d25f9aa8a79a16249e38f9cc237997f73f4fb0b30997b5af6e608ba0ba967663122f557439401a42a785fe7845e6e7e6dd75f82b9a8e411dae3b70c4eba1a036c3cf66b5fe70c22bf6b9a7e5a6d740aed65216a8f47536fc148f01e1af5be8fe2f47586628850b127148ebd948030096394b71bc5e27bb61bd4c125089ef80c6924efb49550dff34c2ab0e4f24478d7f58f46ea65cff99dd16a1b192dc1f41604dfb13d674794c33bbc689bc9d459127309acb159a5eea51e4ef7f4d15ad5e30e8e8293335b21aea55a0bf4099549999e7975b8a603c75afc3691d096401074e8252b77b344bfe246eb571453a5011da466909ee77cf38f2f803e1d5fc5f9d01acb4da4a8241ae48eebd0e121eb16df5f4af89d329c576b6eb2c4a074c30ac68f88aa82b751151da1f5f75db4d19a7e192665084058c7929835e71c00df1f529b95836906fb995fea40cd64a30a674eb195749e2a8a15609a12bc8db1f65b669e574bf4284141e20b7dcfd9d54c024a8c4ce413e0f4d88fb88ab55eb73b0464351855df40c1e06a2cce8d7f36aee5f8a5459e9d60077cdc9db69c17b983df8a5370725886bc458c6c99710c6e8e19b03cc45e89d69e52b7589adad070eb98717a26cb4defe6b05d3ae3f33421c25c6f1f2ce4245d57b0e713d558d083e6583527c7c9373438995219ba7b53adbbc24b21d8adebe8490c54c7653d9bf1b95318c2ce939888fd9dffa51414e97dccc2be706a465561e6b4352c054a203c7fcfcc56503797e35f3a081ddc2d22b3a885a833583b1fceb44eb1efa6c971150708c752d234d6bc899161ca6e6f05cb49dca65618a186d47ae65a14fe29f3acc623c474ab40fe17cbed5f432aaf7fc44b76ce5b99627b8ea39b38c81437da833db2346c82a328a7e199030818723abc25ba723b959b0f8725d3ba4de4dbdc3a50b152349cb0fe846c2a3c473734f6842d8dcdf075db019fd92b07d45db78c022d1efba4b24bc111265079cce7586f50a1f4fb053141912f6b9ccc32fb09fcd31acec6930fe079753c4bfc12c3b94b14fbbd4dc46db22e072dd66abc34d4a914a1d2c72bd21514337c0c47112f0106704accc6226e7fed3d76a2bb4d9d09e54452b0d04cf3fe7ab08295599037fa54b686196e46cb09dd9baaba373eafadc363c41d6dcd5fcfee648d97949c46ba1d171625ad2de3711b52af18c0e1098ccfcbc41af771a4bd4aabee5e7545e4e04bdfc3a6820f6c48729b6f365c1108ca2443cf110557051c19cda3c03d2dc072ecab1dbbcb5bd28ae4806f743139ef347319db785508bffea20a2185bdfb1b497fe6a19f63e8a83bdb8999cdc44f03c5e6ede0942c253b690343e1bc3785a3368dd80577aa4889c62bb5eab6090481450faa55052a145b10825210d6c99abf7b40aab913740b32ac4180f118e8b2aedb73cef48611bd37c638ea4db942042e4142372d510e8b895cecb2863365e2ebff72f208bb46ecedbc6fd4eed4dd9f40d12ba7a0c2cffd30175cd1616aa92ee8087d3a0ebb40350f033e1634fdd3f1ba025b7f250f3e467b4bb83870e25efad9e2abd76a2fe77bc07bfa19f0aebed5f5f3099b8d828b62b8f91e315f248b7b90041dcaaf8ffdd346042cd1d57854393e2a7eccc877455e9225ebce1b54afe3f73187f3b4e40e9e8fa8466d12d03fa0a8f4ffbdf682ce6ea946d21cf07b99bc250ef5460a65130e29a753a677f811effe83893163aeefc588b7f7a6df19844bbd7eb9cb8a3ae42debb16d0d4eeebe2176bc023464c840bfb06a98a725cb24ad769bb5915c0b4711bc3130aeaa2e6020e7a55fa05cc177869839651215548ea0bcba44705529f6c0d64a6d1203ff004c3b5a5013e704c0772e7eebdb71ba06d8a83da445766655dfdeaa8c981c5d7c6de8341d79f75c7faee83d0a6cec9fb907c56316fc51ec3b115c8f7f3545b8f48efbe052f5a3315156fbaeb871bbacfb5bdedb375c4b5dcf7e6132aaa0c6b9b4c275e4bba3e41dd5c8dc23a0d78b0db703e6028d42ea3645a52e818a7965b0f1f69d14499d196111f110aafbf586d2b2482c77bfc4d7eef4722bf4f1c07b65c17d9d70eeb8ed8c747f579b42c2dcd30a19b922c659436905f4e1a1859b661c4744bda92ad7865695b7b8cf32dd818027ad55e9d6deadbad000bd5274b92ce3c63ff6f5825630bff4f04c97baca7b6f7e64e5ce923f3588e6b3f09c7c47ce4dd931d64a9249e800717f86020058c80c0481924a05a61811191c87b0d1fcb13a55c653e8e75d59eb71888b202b7eb105102b485b021100081ab674202757262ea3e849089b444e6078c46d48420569aa9bdf8e6ed25bb0e91e3e126a82a646984c3c2c0983d71e1b5bff95bd030b0b70e79ccbf21eca5f2453e4cc1b39d4d45ffe72064181b352297cc0f0e6bafb5bc4aacbd848ebb3cc01ddd26c0ac3eba444a7a73c36134d466251ac6c492551e406e15182bb3b9e48ea60ba83836d183b310c484438ef8ed089c7981acd70a0f015003e76459ddebc94f5245fff3d44adc020d0a255a7cc617b287a46906f6434c5a0ec4eec3b8dbb43ce1d989f3d32c28d5e7ce76ffff6ee244e6e6ae8425c61529896af90151d83cd2e5d31f40f4e46862d7a3e947f6a6e59d1c9861f58f6c7d6e8cb6208794469a1fc2eb9bcced5ac1125f8d0a8fc5ed3778eb3efd9333dacb4ce60a28d78f06d44214f0fdb5b450469f7d63ade81b95f71604cbdfe46f3614d71f47ad14ffa3e74fa39aa2156206988ddcfd0e86c1626ded23c22d78726748e66c3d51c3ed2a08d3ad850701bffb35052a6ac2a3e8fe51e57d881247c7f98a09f868373925fab15e0b2df16eaec0a99c956363d5f1fbc1db33dde235af925f335f34ad17bd9c4162ff51aa446d650e20b9d53bfe2b640ce8505cf5bf5c3175f094d4862197ebb55ee546e3850eacaf5433d5c3da5281930c225b9db621a06cda6189fadc8435ff4193010ef83a879a8975640da689b741984e62c63d291cf6d34836414732c243e598f1cfad985d98d16dec0e55faa045e9249c574864a452a750bc663e731e7b92a7e4f6c21018a86e6a5aa35d761f1dfc4a8511033245108eb8921408499cb788de8fd8efaf82db613c5dd622fa8e5b0fc8659d59f07257ab3252bd3f96c1e4095465d4a2ead541876b0cc71608d331852a821927585aa4f2fe0147f85ef78035c6a4303cbc218e4dccc8f074bb17b06157670e222f55cf13594495407be440f027f5818f82f5824653b35cc85cd0241d71fdcd49fa29afbade4e63f73afb71da1f21093479907bf0745845bb060e10c025b9e948935f1ac47c5f998dbed1379eb46a926f49e4b1215ea518f3c99cd278d33fd819073be79e70e9bddb82430693de4e56aa88052ef3dd7d80be1d4a84db8a01f8b5f0e4b7a7a64cbfc721aedd27c2ae903a649d7a4a75d7ac659d6553528946691c88254231d9536c0535b2e1f3cf59d615f7aab7f83291da0aaf2f39c4214085584c1ce168176ce57a69849e2deb64328ab4c194a7284cd2732cce3adf384209087db612378193e4561ced1546862847cd87aeea1256abf9539e560d9501a6889f72c108ad9569dde018a257540c097c7038b7d39c1067cb66b2e9c164c2456df3e6dbdbfe83b57739f255b3d1a288ff8d453f2eda15a0e25ce58cd0ef522178d13df39a7458bb916bb5b76c1bfe171888093cebb027d0258b7970bc6b7c96a04201a91800660bccc6801b0fc1da7d84357e155ca173ace7e93f8f3b66f0d3fda2dbfdf5b3d853af28a9c2a97a227d870762a048eb7d6a270258b4bb0f735054c1dac167ebd470a4209b9ca6f653984ea3a412aeb7a5d"}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) ioctl$auto(0x3, 0x8905, 0x38) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) futex$auto(0x0, 0x9, 0x2948, 0x0, 0x0, 0x9) 5.948021297s ago: executing program 1 (id=2937): r0 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsu\x00', 0x108002, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x301000, 0x0) r2 = socket(0x22, 0x3, 0x0) bind$auto(r2, &(0x7f0000000040)=@l2tp={0x2, 0x0, @multicast2}, 0x5) ioctl$auto(r1, 0x40104d01, r1) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) r3 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r3, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r3, 0x0, 0x7ff, 0xd) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x8000000eb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_WOWLAN(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4044010}, 0x40850) close_range$auto(r0, r0, 0x7) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x3, @remote}, 0x1000006a) close_range$auto(0x2, 0xa, 0x0) socket(0x2b, 0xa, 0x1001) socket(0xa, 0x2, 0x88) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xffffefff) mremap$auto(0x1fc000, 0xfee0, 0x3fd6, 0x3, 0xfffff000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x5}, 0x4, 0x9) 5.8363261s ago: executing program 2 (id=2938): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/net/afs/addr_prefs\x00', 0x102, 0x0) preadv$auto(r0, &(0x7f0000000180)={0x0, 0x3}, 0x2, 0xea, 0x1260) (async) socket(0xa, 0x3, 0x3b) (async) connect$auto(0x3, &(0x7f0000000000)=@generic={0x3, "0700ffffff01fffffbe000"}, 0x58) (async, rerun: 32) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) (rerun: 32) capset$auto(0x0, 0x0) r1 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r1, 0x7a7, 0x0) (async, rerun: 64) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r1, 0x7a0, 0x6) (async, rerun: 64) mmap$auto(0x0, 0x7ffffe, 0x800000db, 0x1009b72, 0xffffffffffffffff, 0x8000008000) (async) adjtimex$auto(0x0) (async, rerun: 32) ioctl$auto_RNDADDENTROPY2(0xffffffffffffffff, 0x40085203, &(0x7f00000001c0)=[0x1, 0x7]) (rerun: 32) open_tree$auto(0xffffffffffffff9c, 0x0, 0x200) (async) syz_genetlink_get_family_id$auto_ovs_datapath(0x0, 0xffffffffffffffff) (async) ioctl$auto_IOCTL_VMCI_QUEUEPAIR_ALLOC(r1, 0x7a8, 0x0) (async, rerun: 64) r2 = set_tid_address$auto(&(0x7f0000000140)=0x8a3) (rerun: 64) socket(0xa, 0x3, 0xff) (async) setsockopt$auto(0x400000000000003, 0x29, 0x8, 0x0, 0x1020056b) (async) prctl$auto(0x0, 0xffffffffffff7fff, r2, 0xd, 0x3) (async) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) (async) r3 = socket(0x2, 0x1, 0x0) setsockopt$auto_SO_TIMESTAMPING_OLD(r3, 0x6, 0x25, &(0x7f0000000040)='(\x00', 0x7) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async, rerun: 32) close_range$auto(0x2, 0x8000, 0x0) (rerun: 32) io_uring_setup$auto(0x6, 0x0) (async) io_uring_register$auto(0x2, 0x6, 0x0, 0x0) (async) socket(0x23, 0x2, 0x0) (async) futex_requeue$auto(&(0x7f0000000080)={0x1, 0x1}, 0x3, 0x9, 0x5) (async) futex_waitv$auto(&(0x7f00000000c0)={0x71, 0x4, 0x7}, 0x5a7, 0x80000000, &(0x7f0000000100)={0x7, 0x2}, 0x7) 5.591555759s ago: executing program 1 (id=2939): move_pages$auto(0x1, 0x20007, 0x0, 0x0, 0x0, 0x8000000000000000) socket(0x5, 0x3, 0x7fff) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000240)='/Ee\x01/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xe7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xff{GP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D', 0x7ffffffdffff8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) openat$auto(0xffffffffffffffff, &(0x7f0000000080)='}[,&*}\x00', 0xffff56b3, 0x3) r2 = getpid() process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x8, &(0x7f0000000280)={&(0x7f00000000c0), 0x1ffffffff}, 0x6, 0x0) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x307004, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r3, 0x4001af84, 0x0) writev$auto(r1, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x1, 0x0) socket(0x2, 0x5, 0x0) epoll_create$auto(0x4) r4 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r4, 0x0) capset$auto(0x0, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r5, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) epoll_ctl$auto(0x5, 0x3, r5, 0x0) close_range$auto(0x2, 0xa, 0x0) sendmsg$auto_KSMBD_EVENT_LOGIN_RESPONSE(0xffffffffffffffff, 0x0, 0x30004850) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) close_range$auto(0x2, 0x8, 0x0) 4.478883701s ago: executing program 1 (id=2940): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) setresuid$auto(0x0, 0x0, 0x0) r0 = socketpair$auto(0x1e, 0xfffffffc, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/fail-nth\x00', 0x101000, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon33\x00', 0x121200, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) syz_clone(0x5004000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/softirqs\x00', 0x0, 0x0) read$auto_proc_mountinfo_operations_mnt_namespace(r1, &(0x7f0000000040)=""/26, 0x1a) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) ioctl$auto_PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000140)=0x80000001) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x503083, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, 0x0, 0x40800) unshare$auto(0x40000080) keyctl$auto(0x7, 0xfffffffb, 0x0, 0x3e, 0x8) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r3) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r0, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={0x0, 0xfffffffffffffda4}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) bpf$auto(0x5, &(0x7f0000000080)=@bpf_attr_7={@prog_id=0xc, 0x92f1, 0x4, 0xffffffffffffffff}, 0xa) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) ioctl$auto_BTRFS_IOC_SCAN_DEV(0xffffffffffffffff, 0x50009404, 0x0) r5 = prctl$auto(0xc, 0x4, 0x0, 0xffffffffffeffffe, 0xfffffffffffffffc) mount$auto(0x0, 0xfffffffffffffffe, 0x0, 0x80, 0xfffffffffffffffe) write$auto(r4, &(0x7f0000000300)='/Eev/audio1\x00VI\xa3\xaa\xb1;\xb0J\xc6\xc0\'\xdbV\xd4\xee\xc2\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x5) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) mmap$auto(0xe, 0x7fffffffffffffff, 0x6a, 0xcfb4, r5, 0x108000) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) 4.477618993s ago: executing program 5 (id=2948): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, 0x0, 0x80400, 0x0) socket(0x10, 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x155) socket(0x2, 0x80802, 0x0) ioctl$auto_VHOST_SET_VRING_KICK(r1, 0x4008af20, &(0x7f0000000040)={0x0, r0}) setsockopt$auto(r2, 0x9, 0x67, 0x0, 0x10000001) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f0000000180)=@in={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f0000000000)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) 4.400018934s ago: executing program 2 (id=2941): r0 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r0, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="100000000214af"], 0x14}, 0x1, 0x0, 0x0, 0x20000045}, 0x24000044) write$auto(r0, &(0x7f0000000100)='\x00', 0xfffffffffffffffa) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sequencer2\x00', 0x100842, 0x0) memfd_create$auto(0x0, 0x4) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000001cc0), 0x101440, 0x0) read$auto_snd_timer_f_ops_timer(r2, &(0x7f0000000100)=""/98, 0xfffffc67) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r2, 0x40345410, &(0x7f0000000000)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) ioctl$auto_SNDRV_TIMER_IOCTL_START_OLD(r2, 0x5420, 0x0) read$auto_snd_timer_f_ops_timer(r2, &(0x7f0000000180)=""/137, 0x89) ioctl$auto_SNDCTL_TMR_CONTINUE(r1, 0x5404, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/dummy_hcd.7/usb8/remove\x00', 0xa001, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x2000, 0x100000008, 0x2100000000, 0x0, 0x6, 0x2) sysfs$auto(0x2, 0x17, 0x0) unshare$auto(0x8000000) semget$auto(0x0, 0x2e4a, 0x8000) r3 = setfsuid$auto(0xee00) r4 = setfsuid$auto(0xee01) setresuid$auto(r3, r4, r3) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x9, 0x6}, 0x1, 0x0) r5 = fsopen$auto(0x0, 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r5, 0x1, &(0x7f0000000000)='-\x00', &(0x7f0000000040), 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) 4.28246914s ago: executing program 5 (id=2942): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000000) r0 = bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_fd=0x2, 0x80}, 0x96) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_macsec(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_MACSEC_CMD_UPD_RXSC(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)={0x20, r3, 0x201, 0x70bd2a, 0x25dfdbfe, {}, [@MACSEC_ATTR_RXSC_CONFIG={0x4}, @MACSEC_ATTR_IFINDEX={0x8}]}, 0x20}}, 0x48010) sendmsg$auto_MACSEC_CMD_UPD_TXSA(r0, &(0x7f0000000680)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x14, r3, 0x20, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20004855}, 0x8800) socket(0xa, 0x3, 0x3a) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r5 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) r7 = ioctl$auto_KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$auto(0x3, 0x4048aec9, r4) ioctl$auto_BLKTRACESETUP(r5, 0xc0481273, &(0x7f0000000080)={"e89f1ccb7436b931efa5e5c38c5ea165aa4acd874ff2feb919a033c9631636ca", 0x4, 0x0, 0xffff, 0xfffffffffffffff1, 0x1ff, 0x0}) r9 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r9, 0x104000000000010e, 0x8, 0x0, 0x20003fe) syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000000), r9) r10 = getuid() r11 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000300), 0xffffffffffffffff) r12 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_ADD_LINK_STA(r12, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000740)={0x30, r11, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NL80211_ATTR_HE_CAPABILITY={0x1a, 0x10d, "e2d1b2c3e0f4246df8a3901298f8aa701033e4ad8868"}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x40004) sendmsg$auto_NL80211_CMD_SET_REG(r1, &(0x7f0000000240)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000000500)={0xb4, r11, 0x200, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_TXQ_LIMIT={0x8, 0x10a, 0x2}, @NL80211_ATTR_S1G_CAPABILITY_MASK={0x96, 0x129, "05f3d3d0b81a0f4071c9a849b87a10cdd52e9d04640bc11bf831a02d5b771bf4e017581971e3e5fc8feca3c4858f984751907a596a92fefc84f4afdae83d4ddcf7035d789a2428a8281b83feaff9d162b6c555892e03fd9589b9233ebbbb6ed5a75bf8beb429004561d0d334e3a57be2ad056bf02325b710d969a4a97f49ddb444758ce21beb5bd1ed3c93ee1e5b808a8add"}]}, 0xb4}, 0x1, 0x0, 0x0, 0x8000}, 0x4048010) stat$auto(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340)={0x7, 0x3, 0x8cb1, 0x0, 0x0, 0xee01, 0x0, 0xd5d7, 0x381, 0x2, 0x5, 0x100000000, 0x0, 0x3, 0x3, 0x4}) r14 = wait4$auto(r8, &(0x7f0000000400)=0x1, 0x8, &(0x7f0000000440)={{0x2, 0x34}, {0x10}, 0xb, 0x1, 0x6, 0x6888a74a, 0x5, 0x2d10, 0xd31, 0x2bd, 0x7, 0x5, 0x6, 0x2, 0x3, 0x10000}) sendmsg$auto_TIPC_NL_NET_SET(r5, &(0x7f00000002c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f0000001200)={0x18c0, 0x0, 0x8, 0x1, 0x25dfdbfc, {}, [@TIPC_NLA_LINK={0x18a9, 0x4, 0x0, 0x1, [@typed={0x8, 0x3c, 0x0, 0x0, @pid=r8}, @generic="aa4e92b671476b4e814d2ebb56cd4d50272428cccd0ce2b658763664691d6e55d25356993bbe0565b73835a89c077ada7e8ac0cd33f499fecff13c43edf58a3fc8dc478237a155dc34465355cfa098c5a31402f67355a6c897e05374a2", @nested={0x17ce, 0x10b, 0x0, 0x1, [@nested={0x1ae, 0x99, 0x0, 0x1, [@generic="f725fce8f37a146638ef16d4f75adf66869b6f12a3f69265d5af9f68f85e166bd17a13d40e3481a3bf7096bed4a2fb0d40b62e891fbd424921fd8fb24edb07242ad88dc961cdfecb43007bfa1df7c2eccec3f5b8e188aab097e8999e8eaa0f2301c542c86965b1e14a48b68bde43561ab4920dc467f6582cb651231aef041bf23626befb43b9b70874f416809c66b310431ff4ed80f4ec0ea7c883384b383524e5e77759b5e7241b57855f7c64462a851a09af0c83064382b656037592c3279ff4149a89c233ac16f78ae6aed32046", @generic="c73cb9a6b55fe228c00196778f5e90c9725eb1a795dc48fded0631918d5a2a7d5a941e46527b474ca08364accf4320e5863d2d426c8292ad1e456949ab832bb5472a87c90fe20ae6ca1409ef325a7066fa15384394e9dbc9bf173b2280498063982032607fb04d711c65aa9e6401e43c67d25393fc242a3179ab813fc4dd7e8645891a87c7c55c0d75331b2caffb9abdf53428159a685003d4cd3638eb3ce6b1048d1541ec1ae50580e3f3d936520a41aafd025db748f1fbf64cf4327ef132e9080834ad7be649f615450fdcc7512142650d7cf5d497cd", @typed={0x4, 0x15}]}, @nested={0x118e, 0x144, 0x0, 0x1, [@generic="b2363b87c3b775a86d9394b5fd77", @generic="feba82b34667582bfc1745eec365229f92cd8a79ec2d78d38724075745b2c77b680a9ab07e072703e4596e8a820a1768397fc0355c1e6bbb385dc2e2e0934e0776d56e31be0e798ec94b53df70c907d2ff87582e2efbd0716f8fadcdda6a54b5ea96b5771f30d04719c35d616e667724ad507bdf2281f9e2408566bc8125c299f785186338e297550ebc037b6e38032eedffb472e26d8efa9336960ad0982bba7a6f18ef6ccd2c4da3bcb7fa8613c296e5ab8b7bc45486eee7770938cacaba45a6d84580ae4528fc57a9cabfb269d63279bee7c5f1333dd1c8961517fb479626a66b7f6751758786ecb29de1e873ac455eb9259cc5e0b90531f721e84c562867deec8caadda679c460c9bb73f9bb64339073ae9933e3cd0b3c40373adc44590fae3a960db13765aef76d0c7eb0fa9aec96c08ffa2ce24e5189fe631e9706105bebefd6c4abefe1925b2c725c6ba3c7fb1d6e6054df912ec0cf4d221b1b2a70bc32e2af1830c57360d00058202b8c12e9913393a27e50c15da24341b7f68cadca9ff59d1c62872dc826606bedf9af672f1b8a3336a8a22c43d93a724aa5f6021211f7e67f87eb5dc055049d902008dcbfa35539d707a7efac97231f501ab9744146321ca8e16ff3eaf0cbb4700b1e5eb669d00abe2c2f85ecdad52f1048cdf09df8d5cb5df80c60eccd63540a4c235c308ff76f543488ad72c2d264a26ffdb5996043bfa680b8baf0583b38cce54fb3dfb0d0e883f7d1d8f8b692b2c37c2d69df1ada69c3de43bf955d5d829c4858392da67cec7deb28ff1686958d15c6447709c97dfa9170dbf991e064865150a5b9469672b28d39535d75271129e907e82ac5b59f21a7bc37bd2bd7153be6813dc9028abc5c9b46a898fa85d7579dd3f2077af32be311aaa554a5b610cdc3c10ef4e649602bf93acd436625e8424b8048b6de058abbf1452230f68f2d19e214adc801996a26157b575dcd4f03d178fb74bdc75658cd5908d7ef0970f5858eb792dd2192c2113f2ada52337057873595ceb7563c823343a1c38594a9dd519e484bfcdd9dad47adca8707f323636d24a377ddd7a0a8e7db2161d5512e7acdebb531939a45ecbf84fa07a7a16761740397a09459b8f55196c81fce2fa18052652c5360e29d019f5bf71b15882c72757ee4de7ee09926e33df372aeebc924777589738ad5c3ef1abf712ae12a88014cd3a8780d9733231c8f33b318bd3ee28522a56b1bba386339558a8942f96b0e50182ada4d783c20ca0dd2ab568f68915608986ddf9d3a832610f4f9f6dda3192e64cad26adfd52024d6e91c609e939744aeee4843d44c66de9b8374e20044b149350c846afae3498256daeeb82dcda723fc040d5d4ffae9fb4baac934914cb1ad7b1a645c7c172fdf74c758a27893db4481e5fdfdd3e170b8dce5ce075ece1b28f7944b5e0dd5842dcf9928485df8c0f48d2d7f37802cda80ee83110d6d754ecae7a42a73dacc6295a0f4eef1976d1bd28021f557fe2ac3b47dc64d0ca805d1909a321cf158b8695e98675708e2eb807cc1a1400f0ed7087a18c5a1e571be2ec6e6723e0ceb1883959a772c1a3a65c1cd32235b58bd681ba713610cabce50f0a501500e4a3595a2271798491fa057eeab98706408f3f5299eb536d2c2dd25f5a71c4d0f77a81b351497eced8ad6412a6b7f0a8319015188ad5e2a469187b0bd814c96190df9746e0d9bd2419fba158098ca73d687f4b740e4c9ff73e93d052545f6ef0b87517bddfba6f0fe6eeba21a756e890e4aa6dc422919420abfc860d526c5ca9bdc035d9d62feff16c4968be8fe3ca45d4cf877fb99a827f7f59860c938ef02eb478dd9fa3488c5721a7d62fbdc8179814c059ddea1bf7a462162eff551684ed84c94805e0656414be1b585576fd9e62efa8e05001729206f4b2c4559a51f397f17afb6bee49c799bf214ec8b197c1806d851d7d80790a21fcd829bdac464d2b7b511b3bab270322f3c4c4fa255d254b0f1e83734fd1e33add24b12cd6c8f76ee45a11ad8679128e5be8b019c6a308fd7e43a9835f486c2cd1712d78efe13f8181b4c246e18e0114204d06935e026b7b1d4465dadc39725153a0bc86598c3a5c04fc415814db774560351ce5b2ddd63cea9c2d4a1eeef9fe6db1205d07f3f41f3ee20c601181236a2a95260a584150d0d6f29693c38e672e1160948d41e0bc10e573041fa527497df25c34083c63cfc5f3a4177d445de51fa04672f0f76f7e5d5fe63347c5369181dbeb53d337636664cab2d04393bec2448a9b0d1ae4e0424453ccf1332cfb15168cc43ec3ae6d39f7000448a36ad67ad87096863b673bea68be1a5b36c78fb7f94b63b9d6e5ae65a2ab6dfd4673778be3fd7421de03d88ee4509a95196cc65763c8fbdcc8e8e0ed085fd1daa94f12d320d577cb9c783dd6f9cc2fdbd2ed06cb2dc077dd4a5c0216f50d58368cc8179edbc1154c00f36303402e769e884c55ce144b592fa74fd0828adb444edb337848a3733284775787aecda77c4f7e939dadc29bd1d3c71508ac35af53fa9735f4259c82a5910e1f11a2e1b07e49776d70b27129b2c89e19f91e249030f7026c351e8801c2ae8857ab64884b1b51f727a35dcc0e6a681a47e0005307cdba55e969573d7e51e8b63f841d2424f08ca67373a02e9df3599cfeaf261713db3cbaddbf6a847002d0d252ae8bee6fdd93ebebe72dac8056b633f38ec40f2907e84552cf342a1f6a630eed6a8bea6be363edabe79c4a0f45d998dba23b7e9d40ea969c0ecd4c168d51671aec78de835b3db8e306bc925224308d3449be447ee9ad5c5bf728b805ea358990a93d92461883e1b3cb4a9290960f616e18be125ea1e9de6a3f809b390c85f660473f76d4fce1d54455f6a48c335c5b2a60852d11510f9ec6ffba8f43c95ab3a8548a2dea719aec15471845d98948ef008a9cb036164915b0efc21611e649121a44452320d1890bedd38a8ebd2ea851662dd85f14786570d62191cb8d2ec7701e4bff4f35142dcbd70cd371d2945c30f78054e416cb845024da91c19f2270ab7dbac01b9a27fae1e2173d5cd0a40b0d4622748f92875ae849c106dde2f347ada371ec23e56c5fbd7be4410005633d9a7253df46ad3c36f79c6e2c26d50c60be791de68f3b9e741791a1255a0045510fd444e388d2cbfe988f6def3d28e85fa7b91ea27c5eca2064ec13e0642bbfc11b27f64bd8f0436f07593faf3816b2740339fd0d1eacf3cb46a4b193599715c56ee75d4f8f48afa630f81786dc1c47dfd498f15a415ced23ec95821d8af71103a6c5cf498776210e62f3b412d95b159a3c5213dabb36c4ae856b7f040d6f418d98f2acdf20676fbccc743676fdc131960fd914eb8fdb53f6f90e83f43d9d50f5dc78ba71ae933fab53c00c99561773927b529a7215525032f1c0e74bcb7457b08a949bdf504c812a572700af4f2f8f2c52a8aaaacfaae48e828b979d05385b1d9f8db3c4f3e1afb23926c321bf61fe296d2e8f78044739e2aa6b3c9cba1a3ea96f6daf250a6a785941d6fc35956ce117b3ae5033536676b7da8fbd0a6f83df2c53268d2ddb74471f7334203e0fce8ecebe85b3e0a7cc64210aeef579ae8df04b4fa5756baa5f979a574571fda9d6f88ce05b603bc2da76688937a4b9d8f04cd5041e4745d92afa498fe3be3a13753c9a944ff3519fa00a02b22e4e46a37f6a8708551026396d20a308c4fc0a4d19e537fdd02213b41d5944f1227adaf3211d9cc0705e320cd0dae2bde8b90347f6e804ae30f2d85c203e1bb0aad84262ef6052a2f5ef5aa82b9b75e3e182fd6da1cd69dadee9bf0021c59d182aa18f5c6dd7d0928080f9cf48006564a42d531a23ffcb2bdb8d030a081f7b9935fa44f453be3f20fd83739ecfcb8a17850cfe2bec9ada271a3dbacf22555a3b690459063967ee5dd622efc5dab15f01ab869afd52db7cdfc512a10337c3f48b6775304372fc293102550a9de3f35bcd791b1c5ebaeebec46d9c049738d3af2c087adc0dff37f851353ee91e9ed91ef7f716e1d2b15ff48e22c0b394a34b6f3593d41265d33657c29a9bdc51e30f116bf1dd866d65f37dc0f5522ec32d386757ba6845a152ef542f4b2fb16c63b38a3d18a946e74b00f225c1daaf9eea04c7884ff6440a590a9eca6d7a8a4e8d2ea11f74bdb1ad88799cb4b6c0aa917cca20d162e5906caf3f566c77ae0a166fee92014ea1af409e03d7b9a77c00d5133ef963e8a86ae06b29dc33d64d2ba649a3733b95df506c67f62981cb7f98d5ef02cd5afec0d872739d257eb2f98df7405cac713c0843788565ca970880e28aba5933ea99488bc348606b0a839a0692b2fa0d1b5e892492319c5947c07a6941c7c6adc6fa15c5268d644e1c6392a66f0f821586283e0038ef16eba6b168824f8556b3aeb4f17665a1dda31b0b40ac37ebb2ce9365d1d3d0e491e4ed767b3398b6041a00516b8c045db143133650fc7e5ab79fbcd9b8122c99dfcfbf8f86f29be2cc4cc1e1d27247342005007d07a3ca993384ab368a19b946f3aedecdcf1a2a588fd0cf6dcb6121180f81e1c4dcfa17b21fc2f5cd6d22aa51e72d368e9b62276fb4dfb48c19a4d06e2ac45817e978e1a005fce22cfbe051d87fc80d36aea94be455641e03e8423fccca991f712617b47164f6aeddec2e8a4fed77f46861f9bfccdd64d722bb64b14066085b2802402a9b1fbde807fc52bfc3038c468796940ea22e834315a38d784060bd56db3409290d51de22d3f831b1b1678b685a1e51c8b469bd8e8a714449a0dd74c1c9913e5d00d4586f254ffed9312ead682dbc53e40be03e2618961546dd1dd2e7428109279c01d1931b6dca46f30c75a0bf4af8354209d39827a5c60154823104ee68958174f1c433e8c3a5339728ae37d130ac47160879287f58efecef9ec6396a9a10fd3969ebc2ace428c72485d07743e3a0174029778d5e031e8589b61678564ff7c5eaf9e1f85dc2f0ffd150408622b77862e6778e3ce860f6496c674a3587b0fd267a8574e8cbc595cab9698f4fe01bb7948ea23659847e58ddb9a649efa26278699e6eeea388c20bf2b5282fafc738d763698473968062eccde99f476283a33cddb2155a1912660fe56e79e278c66419f82bdabcccf3ac7ab54ee6e63e51e815a21560dae996cdf9d9bf7b747d42bc2be8b634bef1a7b1133739ac2930f2345f06de090b9caf3d2846d336559361abc2d0ee49d8dba8e09457ab3128d93355a9f7b767800bd637deb5184038e26d70b81ae8289089356f3947114a43b9787d6887f9d4abdefa4339d48ec47c4cb4ae22c701536a3d3e28f8867867a906d84061fadedfe64135602fa865596595ff48ebda9227bbd3cad01a351fe660bd9dc68211967b12c4c6f21a3d4d0b4617f491eb55b64b44d2a42cf6adda3b5b441cda2369b4419803c6b728aac4e6dcd87b0489e81e7e137abd2d927a1d89804789301a87796666a09270c4b54da19c8e013cff113326336e016495dcb00799539eee288b5d12798ab92236baa2b6db4e905b97e28f7a37fda4fb7f4a4fb7c69c8f92e6b708642cc6edfa70d64ac5e2a0d796330135614c11303cb578a7908d20d76ad4d032cc6cacc3da9255cf26a972f7951e5e5174f61a7d1a717f829d020283abcdb8ff4087c5c924387a75cea27175dc617478380ab4651f8a06e251bbcecdcdc5ced8d2e675ab087feb82ee085841c075a404b2781de6fb71843a965e440e84da50cc566ba4977013a16dce1e41fe3a0da81a1f9", @generic="6ef09dc0344b0a2058f24bf921df1b6dcf41b23aab29f37bcf163932bcee606d54cb250db6f332862da64e1f076713dbe2d73ca6e1fa30f01a300ff07a34f0188ba212c97e7144f0e636996a80eff33973f5f363f47797f5672a72d937c0e0901ffe050fca68db118b536417e2db0cfb0ee34726f578dd55706504b8c0abd39cac85a65822876540463f5269f8a6e77301223f29a195394e162f0aaef9960594e9fd13ca554fb5b1d3733cf3c6e8cd876e420eb070a54beaf9483fdbe322f86dc6b72169effa4a5c4e34f7d73c4a9f18d566d3d37e51d6a80aeb", @typed={0x8, 0x1, 0x0, 0x0, @u32=0x7ff}, @nested={0x4, 0x144}, @generic="cefa103c0c724ebb18796cf56c2078cc5ee9de5577b6dde5840096ed4dc908829df5c2abf536c72ccb18adf99b7c043796d0456367db20bb6715e8c043d6c9cadd4415157f33d5a3b2bad798123497c11cc6a412bc6073c72afdbb62a5419b4eb8ab32c2a35098a8173645392b026e8b59732c521bcc4d73dd511923af0c3b464e8eaee622afbcdf2a6e0cdefee7fb6b22c9d2dfe801"]}, @typed={0x8, 0x40, 0x0, 0x0, @uid=r10}, @generic="9329817f3e546f2ffb6bdf72a137857c123d8b1a399f7a5569cf81a752029f7a2a647f94fc73ae8c618a0b984f4e6b7060e0dca68cc883f50e170755e7279f8852f31c62eced0dc5a19a201af3b58c7353326d665fc77827faf030132a8d53c4b3ce39e22fd7320cb3a3f878a43ad7f5e6dbf8a171dc72493b5736eaf7a549aaae65a8b25035b554dbc82bb87540fc7cab8486a0a7fe3666509c308426bb16509510b787d19d787394d591fa3fa112025920a812341e1455f13bbd2ed4180104568b44d20bb2145064352b7abae0801d40d903660fd846cafe2c43ae626a90bd5f559dda5a5f270f0dd875a013e25e82facade3265f4816cccc5f2a593112f", @nested={0x1b0, 0x9b, 0x0, 0x1, [@generic="f22735472704a2f3e95a4fe0c394124dbb7e9c4569c4393304f78e0fdf5a21902c7aefaf2521838707fa3dbaeddfca82b180c34f8eaf8a8171", @typed={0x8, 0x6c, 0x0, 0x0, @fd=r9}, @generic="715ba7cff53c44259ebef6c1f4dcedc79ac2081b7d9dd755b480bf6d484e7590fceeb4d5feac1e7a501374787f45027effedfeda60db6a64bef525a463a111d68df7dac5435aff5ad7b085e2a48ba22f6f155f946a5a6eb1941db168495df5fbb1abb53104b5c5837ba4c71c9c87c187ccbcebe107023f6df7370c0d1ddcb12ca02990e97d2656ab127d6f65b1bba8dc1986f010232f91832e701ea660e713fb0ff575911c594780e3ed3e79dc0e097af593d246ae06c62945ee3785591cdad41b6323befa95b8e7277a56d833580826d4bd3be3d8d8b5af8afea5d8df17851b6ba734945ed0583a29bb9e7335a79135582a59", @generic="3bbc99f4e0c59be81784366cb9c54c3043dac77fd44a8ad9f52a66053038ca34dd5728f7df9ed429fa011d8bfdc54951b5d9590b0b0340530089e06123e04fb88d", @typed={0x8, 0xc8, 0x0, 0x0, @uid=r13}, @generic="40c2f2af0eb2852e77d4581d7f0a86e6f4abcafbf62834", @typed={0x8, 0x15d, 0x0, 0x0, @pid=r8}, @typed={0xd, 0x4c, 0x0, 0x0, @str='/dev/kvm\x00'}]}, @nested={0x10, 0x112, 0x0, 0x1, [@nested={0x4, 0x93}, @typed={0x8, 0x104, 0x0, 0x0, @pid=r14}]}, @typed={0x8, 0xf5, 0x0, 0x0, @u32=0x33b}, @generic="f8b9e7bf8e7b1552edb55616a5810fdc68782a8cbbcd305587fec24544fd0d3c749e6540b73bf4fb4ffce59ba60ea77c7887e7d830368f04792205d50fb64a3807c4256cb51e67b13f89627249d0b53dfeb47ce86a4ab773c4360bfa19e736534061ef878a00fcbf0fe2c30011ce9a1dcc1641c56d74571b58c4f9383fb9b3cbf7e4da824fb9a9c8bb85b93f045584a474bdfe353f3d695252f5c6e0169ccb98b70e140f5ea6d174fb7fb098c40af2f6b07875b6523118cc70c9db9b2816a8b196a620a312540c2601ae9400aa2b105b1878c4c434f96a01a5d3fb7168983b03eea5e469a0a9a5eaac2b29", @generic, @nested={0xd0, 0x1a, 0x0, 0x1, [@nested={0x4, 0x14d}, @typed={0x8, 0x100, 0x0, 0x0, @fd=r4}, @generic="24e5b8722fbf30ba2aae013378a4527cc6b839cd2ee04b8adee52aed7d6fef5463e32501a6cf43a0a29de549c7d9572075b6d514da36", @nested={0x4, 0x11}, @generic="82748a59dff5c81807f605efaa0e3d9884a231ac115aaa29034e1375b501d554dd8eec49e606796519c33e751404f641141fb6d3d04b204e607a1dd29455e6b5bbc81dce4c653ab2304c05195b2fd42f40a6aec7036ecd3712ad7cbbc39dd2c6f981b4702967e175642f37e2", @generic="ef8d23af78741ff129685afa4493f3e81789687e927c28cc101d"]}]}, @nested={0x60, 0x9f, 0x0, 0x1, [@generic, @typed={0x8, 0x60, 0x0, 0x0, @fd=r7}, @nested={0x4, 0xb7}, @typed={0x36, 0x136, 0x0, 0x0, @str='/sys/devices/system/memory/memory12/power/control\x00'}, @nested={0x4, 0x15d}, @typed={0xc, 0x38, 0x0, 0x0, @u64=0x40}, @nested={0x4, 0xe0}, @nested={0x4}]}, @typed={0x8, 0xd7, 0x0, 0x0, @fd=r9}, @typed={0x5, 0x53, 0x0, 0x0, @str='\x00'}]}]}, 0x18c0}, 0x1, 0x0, 0x0, 0x24040000}, 0x20) 4.103325144s ago: executing program 2 (id=2943): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) socket(0x10, 0x2, 0x14) (async) socket(0x11, 0x80003, 0x300) (async) socket(0x1d, 0x2, 0x7) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x3fd, 0x8000) (async) io_uring_setup$auto(0x3, 0x0) (async) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) (rerun: 64) close_range$auto(0x2, r0, 0x0) (async) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 32) ioctl$auto(0x3, 0xae41, r1) (async, rerun: 32) ioctl$auto_KVM_CREATE_VM(r0, 0x4040aea0, 0x0) socket(0x2, 0x1, 0x0) (async) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) (async) socket(0xa, 0x2, 0x73) (async) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) (async, rerun: 32) socket(0xa, 0x5, 0x0) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r2 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r2, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r2], 0x1ac}}, 0x40000) (async) r3 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/008/001\x00', 0x14001, 0x0) ioctl$auto_USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f0000000140)={0x1560, 0x9, &(0x7f0000000300)="edffbbce097b9524685b623f15e0a1c1e89239b350337a9f23622726387ecd5ce1ebd7b8650091080794e96543e074a1b96b3c144caa780e3a7a7a79a1fe010fdeeef5b84fc69c7ccad2e4fd2a9cba35a3867af7ead89653b31db09e9d0f5ad8713dce1efd417235f07daf373b1710bba25c2c9c8b7c48594e73b47fe5a4971ce50a454acfc24d3a0153f8f575708a9931b3b5d6a1c63bc0e701dcc4316648b6d6adda470891d91ab53350272f0f6606bcf02cbabfdd928b9241e8e7341220b591eb80d6eee0b49a9e503b7ac269dd"}) 3.807666281s ago: executing program 5 (id=2944): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket(0x2, 0x80002, 0x73) getsockname$auto(r2, &(0x7f0000000000)=@isdn={0x22, 0x9, 0x0, 0x1, 0x10}, &(0x7f00000000c0)=0xd) sendmsg$auto_ETHTOOL_MSG_TSINFO_GET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x20, r1, 0x936355e497c8b7e5, 0x70bd25, 0x25dddbfc, {}, [@ETHTOOL_A_TSINFO_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4010}, 0x4048800) fcntl$auto(r0, 0xac, 0x8) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2000, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) cachestat$auto(r0, &(0x7f0000000080)={0x40000000000000, 0x3ff}, &(0x7f0000000100)={0x4, 0x94, 0x0, 0x2, 0xff}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mprotect$auto(0x0, 0x806121, 0x6) fcntl$auto(0x8000000000000001, 0x26, 0x8) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/usbip-vudc.0/udc/usbip-vudc.0/is_a_peripheral\x00', 0x100580, 0x0) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/virtual/tty/ptmx/uevent\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r5, &(0x7f0000000040)=""/4096, 0x1000) read$auto(r4, &(0x7f0000000500)='/\x91\xecsys/|fices/p4k,\xfd\xf8\xcf)\x05/\xd0A\x92\x95a\xaf\xc0l\xb2\xb2J\xb07\"usb\fQ3{\x04\xe2I3/23-0:1.0/ep_81/int\x00\x0fS\xe6x\x13\xbaCSJU\x1e\x92-\xcf\x9b\x04\x00\x00\x10\x00\x00\x00\x00G\xf4\x9e.\xb52\xdd\x8e\x16>\x86Nl\x16\xeb\x00\x00\x00\x00\x00\x00\xb9\xab\xf8\xf99-\xd9y\xe1\xa9ixB\xbcQS\xcfw\x8cg\x87\x86|\x12\xdf\x0eu\b\x1d/\xa0\xa2f\x10\x7f>f5\x17\xfas\r\xe1\'\x15;\xb8\xc0\xe3\xdb6\xf5\xdd\xa3n{\xa0.\xe8He\vOks\x1d3\xb8ANNX\xbb\xe4I\xd8\x88\xdf\x1b\x90\xc0\xb6\xf2\xcd\x8b\xc2l\xe0\x82\x12\xf2\x05\xfd\xed\xac$\xea\xf5\x1e\x02\x1e\xae6\xbb\xe5\x054\xd7\x81\xdcu\vo\x94m\\2\x9f\xe0f\xf5j\f\x8bB\xc9\x16lA\\-\xebE(\xe1{\x84\x99\xdcb\xf3\xac5\x97\xbe\xe7\xb4\x8b\xe0U\xe1c\xd4+\x98\t\xbbQa\x00\x00\x00\x00\xc3h\x84v\xa2{|\xb7\x7f\x84\x80\xa5\xc47\x94\x83D\xa1\xca\xe9U\xf2\x04a\xc6\xd0\x90\xcbw\x01\xf3\xf8_\xa1P\x9e\xb4i\xa2\xf7\b\xdePd\xcf}\xc3\xa0:f\xa9\xb1\xff\xbeG!\xcf\x83f,\xf8\x89\xde\x96\x15\xc1\x9b!V/\xd9\x02\xaa\xbc\x03\xa6v\xdc\xde', 0x4) 3.423476456s ago: executing program 5 (id=2945): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000480)='/sys/power/resume\x00', 0x189002, 0x0) sendfile$auto(r0, r0, 0x0, 0x3) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffffd}, 0x6, 0xa, 0x5) mmap$auto(0x0, 0x20005, 0x7fffffff, 0xeb1, 0xffffffffffffffff, 0x7ffe) close_range$auto(r0, 0xffffffffffffffff, 0x40) socket(0x15, 0xa, 0x3) mmap$auto(0x1, 0x2000d, 0x3, 0x8000eb1, 0xffffffffffffffff, 0x100010008000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xffffffffffffffc0, 0x800000000006, 0x9b72, 0x2, 0x8006) socket(0xa, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x0, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xe3, 0xbb72, 0x2, 0x8000) bind$auto(r2, 0x0, 0x6e) sendmmsg$auto(r1, 0x0, 0x9, 0x90) socketpair$auto(0x9, 0x7, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x40200, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x40040}, 0x800) socketpair$auto(0x4004, 0x5, 0xfffffffc, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x14}, 0x3}, 0x55) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c"], 0x1c}, 0x1, 0x0, 0x0, 0x20040004}, 0x20008810) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x5, &(0x7f00000002c0)={0x0, 0xc4}, 0x4, 0x0, 0x0, 0x9}, 0x807}, 0x3, 0x0) write$auto(0x3, 0x0, 0xfffffdef) 2.692258126s ago: executing program 4 (id=2946): memfd_secret$auto(0x0) openat$auto_tap_fops_tap(0xffffffffffffff9c, 0x0, 0x1, 0x0) socket(0x1a, 0x1, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x40001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x3) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) socket(0x2b, 0x1, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) r2 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) ioctl$auto_FITRIM3(r2, 0xc0185879, &(0x7f0000000200)={0xfff, 0x6c0, 0x9}) r3 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000000000), 0x0) futimesat$auto(r3, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x7, 0xfffffffffffeffff}) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000240), 0x400000, 0x0) r4 = socket(0xa, 0x1, 0x84) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) write$auto(r5, &(0x7f0000000040)='Fm_\xbd\xc3!\x00', 0x7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r4, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) 1.747174327s ago: executing program 5 (id=2947): r0 = socket(0x10, 0x2, 0x4) setsockopt$auto_SO_ATTACH_REUSEPORT_EBPF(r0, 0x1, 0x34, &(0x7f0000000100)='/proc/asound/card0/pcm0c/sub7/status\x00', 0xe81) (async) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x840, 0x0) (async, rerun: 32) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (rerun: 32) 1.512488143s ago: executing program 1 (id=2949): bpf$auto(0xfffffffe, &(0x7f00000001c0)=@test={0xffffffffffffffff, 0xffff, 0xfffff0b6, 0xffff, 0x88, 0xac1, 0x2, 0x36242398, 0x7ff, 0x3bb, 0x8, 0xffff, 0x1, 0x81, 0x68198}, 0x6f2) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14ab3f) r0 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) fcntl$auto(r0, 0x400, 0x1) truncate$auto(&(0x7f0000000080)='./file0\x00', 0x7f) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) r1 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) 1.171555005s ago: executing program 1 (id=2950): syz_genetlink_get_family_id$auto_net_shaper(0x0, 0xffffffffffffffff) (async) mmap$auto(0x0, 0x20006, 0xdf, 0xeb1, 0x401, 0x8000) (async) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 32) socket(0x15, 0x5, 0x7) (async, rerun: 32) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time_for_children\x00') ioctl$NS_GET_PARENT(r0, 0xb701, 0x0) (async) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) (async) madvise$auto(0x110c230000, 0x1, 0x9) getrandom$auto(0x0, 0x3, 0x80000001) statmount$auto(0x0, &(0x7f0000000180)={0x9, 0xfffffffe, 0x44f, 0xa, 0x10, 0x1007181, 0x0, 0x62, 0x7, 0x800, 0x0, 0x26, 0x4, 0x200003fffffe, 0xfffffffffffffff5, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x862, 0xf, 0x22002, 0x200, 0x0, 0x62f, 0x6, 0x0, 0x0, 0x0, 0xb626, [0xfffffffffffffffe, 0xffffffffffff04ef, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9e, 0x0, 0xa7, 0xfffffffffffffffd, 0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffd, 0x40, 0x81, 0x8a0, 0xb, 0x81, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x1000, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100002, 0x0, 0x3ff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4000000000000]}, 0x800000000000b, 0xbc) (async, rerun: 64) r1 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) (rerun: 64) ioctl$auto__ctl_fops_dm_ioctl(r1, 0xfffffff7effffd0c, &(0x7f00000001c0)) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) close_range$auto(0x2, 0x8, 0x0) (async, rerun: 64) socket(0x2, 0x80002, 0x73) (async) socket(0xa, 0x1, 0x84) (async) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) (async) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x28) getsockopt$auto_SO_PROTOCOL(r1, 0x9, 0x26, &(0x7f0000000000)='{,]-Y/\x00', &(0x7f00000000c0)=0xe) (async, rerun: 32) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (rerun: 32) msync$auto(0x110c230000, 0x200001, 0x6) 580.70277ms ago: executing program 4 (id=2951): r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket(0x15, 0x5, 0x0) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000140)='/proc/cmdline\x00', 0x60082, 0x0) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) pipe$auto(0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/SecurityFlags\x00', 0x101000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000080)=""/4096, 0x1000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket(0xa, 0x2, 0x88) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa}, 0x46) write$auto(0x3, 0x0, 0xffd8) r3 = socket(0xa, 0x801, 0x84) getsockopt$auto(r3, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r2) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) write$auto(r0, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x84) 0s ago: executing program 2 (id=2952): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a5, 0x47ffff7a) openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) connect$auto(r0, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x5) kernel console output (not intermixed with test programs): audit_log_start [ 723.283388][T17270] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 723.306902][T17270] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 723.317574][T17270] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 723.339163][T17270] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 723.709454][T17286] FAULT_INJECTION: forcing a failure. [ 723.709454][T17286] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 723.819001][T17286] CPU: 1 UID: 0 PID: 17286 Comm: syz.1.2389 Tainted: G U L syzkaller #0 PREEMPT(full) [ 723.819056][T17286] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 723.819069][T17286] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 723.819090][T17286] Call Trace: [ 723.819102][T17286] [ 723.819114][T17286] dump_stack_lvl+0x100/0x190 [ 723.819171][T17286] should_fail_ex.cold+0x5/0xa [ 723.819211][T17286] _copy_to_user+0x32/0xd0 [ 723.819255][T17286] simple_read_from_buffer+0xcb/0x170 [ 723.819312][T17286] proc_fail_nth_read+0x1af/0x230 [ 723.819358][T17286] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 723.819404][T17286] ? rw_verify_area+0xce/0x6d0 [ 723.819454][T17286] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 723.819497][T17286] vfs_read+0x1e4/0xb30 [ 723.819557][T17286] ? __pfx_vfs_read+0x10/0x10 [ 723.819619][T17286] ? __fget_files+0x215/0x3d0 [ 723.819661][T17286] ? __fget_files+0x21f/0x3d0 [ 723.819706][T17286] ksys_read+0x12a/0x250 [ 723.819738][T17286] ? __pfx_ksys_read+0x10/0x10 [ 723.819780][T17286] do_syscall_64+0x106/0xf80 [ 723.819827][T17286] ? clear_bhb_loop+0x40/0x90 [ 723.819869][T17286] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 723.819904][T17286] RIP: 0033:0x7fb0b1d5cfce [ 723.819932][T17286] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 723.819964][T17286] RSP: 002b:00007fb0b2d1dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 723.819994][T17286] RAX: ffffffffffffffda RBX: 00007fb0b2d1e6c0 RCX: 00007fb0b1d5cfce [ 723.820017][T17286] RDX: 000000000000000f RSI: 00007fb0b2d1e0a0 RDI: 0000000000000005 [ 723.820038][T17286] RBP: 00007fb0b2d1e090 R08: 0000000000000000 R09: 0000000000000000 [ 723.820059][T17286] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 723.820080][T17286] R13: 00007fb0b2016038 R14: 00007fb0b2015fa0 R15: 00007ffd1696c6d8 [ 723.820125][T17286] [ 723.905739][T17288] netlink: ct_mark mask cannot be 0 [ 724.875281][T17313] cougar: G6 mapped to space [ 725.359277][T12902] Bluetooth: hci1: command 0x0c1a tx timeout [ 725.366299][T13082] Bluetooth: hci2: command 0x0c1a tx timeout [ 725.373148][T12904] Bluetooth: hci4: command 0x0419 tx timeout [ 725.379648][T13875] Bluetooth: hci3: command 0x0c1a tx timeout [ 725.715497][T17320] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2394'. [ 725.726935][T17322] snd_virmidi snd_virmidi.0: control 61678:131081:268435459:y:0 is already present [ 726.131341][ T30] audit: type=1804 audit(4294990120.896:26): pid=17334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2397" name="/newroot/543/file0" dev="tmpfs" ino=2871 res=1 errno=0 [ 726.185575][T17348] FAULT_INJECTION: forcing a failure. [ 726.185575][T17348] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 726.229049][T17348] CPU: 1 UID: 0 PID: 17348 Comm: syz.2.2399 Tainted: G U L syzkaller #0 PREEMPT(full) [ 726.229104][T17348] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 726.229118][T17348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 726.229139][T17348] Call Trace: [ 726.229151][T17348] [ 726.229164][T17348] dump_stack_lvl+0x100/0x190 [ 726.229220][T17348] should_fail_ex.cold+0x5/0xa [ 726.229260][T17348] _copy_from_user+0x2e/0xd0 [ 726.229301][T17348] copy_msghdr_from_user+0x9f/0x4f0 [ 726.229344][T17348] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 726.229402][T17348] ___sys_sendmsg+0x106/0x1e0 [ 726.229444][T17348] ? __pfx____sys_sendmsg+0x10/0x10 [ 726.229532][T17348] __sys_sendmsg+0x170/0x220 [ 726.229582][T17348] ? __pfx___sys_sendmsg+0x10/0x10 [ 726.229657][T17348] do_syscall_64+0x106/0xf80 [ 726.229716][T17348] ? clear_bhb_loop+0x40/0x90 [ 726.229759][T17348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 726.229795][T17348] RIP: 0033:0x7f11fe99c799 [ 726.229824][T17348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 726.229857][T17348] RSP: 002b:00007f11ff806028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 726.229888][T17348] RAX: ffffffffffffffda RBX: 00007f11fec15fa0 RCX: 00007f11fe99c799 [ 726.229911][T17348] RDX: 000000002400c884 RSI: 0000200000001c00 RDI: 0000000000000003 [ 726.229933][T17348] RBP: 00007f11ff806090 R08: 0000000000000000 R09: 0000000000000000 [ 726.229954][T17348] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 726.229974][T17348] R13: 00007f11fec16038 R14: 00007f11fec15fa0 R15: 00007ffc71eeac78 [ 726.230019][T17348] [ 726.463850][T17339] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 726.469992][T17339] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 726.476034][T17339] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 726.482082][T17339] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 726.999608][T17356] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 727.017180][T17356] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 727.061008][T17356] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 727.067120][T17356] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 727.830802][T17372] Invalid ELF header magic: != ELF [ 727.973416][T17378] raw_sendmsg: syz.5.2410 forgot to set AF_INET. Fix it! [ 728.242466][T17385] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 728.271057][T17385] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 728.279603][T17385] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 728.290469][T17385] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 729.116079][T17403] netlink: zone id is out of range [ 729.964307][T17426] FAULT_INJECTION: forcing a failure. [ 729.964307][T17426] name failslab, interval 1, probability 0, space 0, times 0 [ 730.038962][T17426] CPU: 1 UID: 0 PID: 17426 Comm: syz.1.2424 Tainted: G U L syzkaller #0 PREEMPT(full) [ 730.039018][T17426] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 730.039033][T17426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 730.039054][T17426] Call Trace: [ 730.039066][T17426] [ 730.039080][T17426] dump_stack_lvl+0x100/0x190 [ 730.039140][T17426] should_fail_ex.cold+0x5/0xa [ 730.039183][T17426] should_failslab+0xc2/0x120 [ 730.039224][T17426] __kmalloc_cache_noprof+0x7a/0x6f0 [ 730.039273][T17426] ? p9_client_create+0xaf/0xd40 [ 730.039411][T17426] p9_client_create+0xaf/0xd40 [ 730.039467][T17426] ? __pfx_p9_client_create+0x10/0x10 [ 730.039529][T17426] ? lockdep_init_map_type+0x5c/0x250 [ 730.039578][T17426] ? __raw_spin_lock_init+0x3a/0x110 [ 730.039639][T17426] v9fs_session_init+0x40/0xce0 [ 730.039784][T17426] ? kasan_save_track+0x14/0x30 [ 730.039846][T17426] v9fs_get_tree+0xb8/0xb50 [ 730.039899][T17426] ? rcu_is_watching+0x12/0xc0 [ 730.039955][T17426] ? __pfx_v9fs_get_tree+0x10/0x10 [ 730.040029][T17426] ? bpf_lsm_capable+0x9/0x10 [ 730.040067][T17426] ? security_capable+0x80/0x260 [ 730.040127][T17426] vfs_get_tree+0x92/0x320 [ 730.040178][T17426] vfs_cmd_create+0xd7/0x2a0 [ 730.040227][T17426] __do_sys_fsconfig+0x55a/0xcb0 [ 730.040274][T17426] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 730.040338][T17426] do_syscall_64+0x106/0xf80 [ 730.040386][T17426] ? clear_bhb_loop+0x40/0x90 [ 730.040429][T17426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 730.040465][T17426] RIP: 0033:0x7fb0b1d9c799 [ 730.040494][T17426] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 730.040528][T17426] RSP: 002b:00007fb0b2cdc028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 730.040563][T17426] RAX: ffffffffffffffda RBX: 00007fb0b2016180 RCX: 00007fb0b1d9c799 [ 730.040587][T17426] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 730.040609][T17426] RBP: 00007fb0b1e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 730.040630][T17426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 730.040651][T17426] R13: 00007fb0b2016218 R14: 00007fb0b2016180 R15: 00007ffd1696c6d8 [ 730.040696][T17426] [ 730.320081][T13082] Bluetooth: hci1: command 0x0c1a tx timeout [ 730.326373][T12902] Bluetooth: hci2: command 0x0c1a tx timeout [ 730.338498][T12904] Bluetooth: hci4: command 0x0419 tx timeout [ 730.345896][T13875] Bluetooth: hci3: command 0x0c1a tx timeout [ 730.366701][T17433] vhci_hcd vhci_hcd.2: invalid port number 253 [ 730.396583][T17433] vhci_hcd vhci_hcd.2: invalid port number 253 [ 731.023752][T17453] FAULT_INJECTION: forcing a failure. [ 731.023752][T17453] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 731.037113][T17453] CPU: 0 UID: 0 PID: 17453 Comm: syz.4.2432 Tainted: G U L syzkaller #0 PREEMPT(full) [ 731.037166][T17453] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 731.037180][T17453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 731.037201][T17453] Call Trace: [ 731.037213][T17453] [ 731.037226][T17453] dump_stack_lvl+0x100/0x190 [ 731.037281][T17453] should_fail_ex.cold+0x5/0xa [ 731.037320][T17453] _copy_from_iter+0x1f4/0x1690 [ 731.037365][T17453] ? __asan_memset+0x23/0x50 [ 731.037415][T17453] ? __pfx__copy_from_iter+0x10/0x10 [ 731.037454][T17453] ? __pfx___alloc_skb+0x10/0x10 [ 731.037512][T17453] ? __pfx___might_resched+0x10/0x10 [ 731.037560][T17453] ? __lock_acquire+0x4a5/0x2630 [ 731.037613][T17453] netlink_sendmsg+0x808/0xda0 [ 731.037681][T17453] ? __pfx_netlink_sendmsg+0x10/0x10 [ 731.037728][T17453] ? __import_iovec+0x1d2/0x640 [ 731.037769][T17453] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 731.037827][T17453] ____sys_sendmsg+0x9e1/0xb70 [ 731.037858][T17453] ? __pfx_netlink_sendmsg+0x10/0x10 [ 731.037913][T17453] ? __pfx_____sys_sendmsg+0x10/0x10 [ 731.037964][T17453] ___sys_sendmsg+0x190/0x1e0 [ 731.038002][T17453] ? __pfx____sys_sendmsg+0x10/0x10 [ 731.038085][T17453] __sys_sendmsg+0x170/0x220 [ 731.038133][T17453] ? __pfx___sys_sendmsg+0x10/0x10 [ 731.038204][T17453] do_syscall_64+0x106/0xf80 [ 731.038249][T17453] ? clear_bhb_loop+0x40/0x90 [ 731.038290][T17453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.038323][T17453] RIP: 0033:0x7f30ce19c799 [ 731.038351][T17453] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 731.038382][T17453] RSP: 002b:00007f30cf05e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 731.038413][T17453] RAX: ffffffffffffffda RBX: 00007f30ce415fa0 RCX: 00007f30ce19c799 [ 731.038435][T17453] RDX: 000000002400c884 RSI: 0000200000001c00 RDI: 0000000000000003 [ 731.038456][T17453] RBP: 00007f30cf05e090 R08: 0000000000000000 R09: 0000000000000000 [ 731.038477][T17453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 731.038498][T17453] R13: 00007f30ce416038 R14: 00007f30ce415fa0 R15: 00007ffda62cfb28 [ 731.038540][T17453] [ 731.283860][T17458] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2433'. [ 731.338613][T17454] Invalid ELF header magic: != ELF [ 731.746699][T17465] FAULT_INJECTION: forcing a failure. [ 731.746699][T17465] name failslab, interval 1, probability 0, space 0, times 0 [ 731.779016][T17465] CPU: 1 UID: 0 PID: 17465 Comm: syz.1.2444 Tainted: G U L syzkaller #0 PREEMPT(full) [ 731.779069][T17465] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 731.779092][T17465] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 731.779112][T17465] Call Trace: [ 731.779125][T17465] [ 731.779138][T17465] dump_stack_lvl+0x100/0x190 [ 731.779202][T17465] should_fail_ex.cold+0x5/0xa [ 731.779239][T17465] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 731.779279][T17465] should_failslab+0xc2/0x120 [ 731.779315][T17465] __kmalloc_noprof+0xe0/0x850 [ 731.779364][T17465] ? rcu_is_watching+0x12/0xc0 [ 731.779422][T17465] genl_family_rcv_msg_attrs_parse.isra.0+0xc2/0x280 [ 731.779469][T17465] genl_family_rcv_msg_doit+0xc7/0x300 [ 731.779510][T17465] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 731.779547][T17465] ? genl_get_cmd+0x3ef/0x720 [ 731.779591][T17465] ? __dev_queue_xmit+0x5af/0x4800 [ 731.779730][T17465] ? __radix_tree_lookup+0x217/0x2b0 [ 731.779782][T17465] genl_rcv_msg+0x560/0x800 [ 731.779823][T17465] ? __pfx_genl_rcv_msg+0x10/0x10 [ 731.779859][T17465] ? __pfx_tipc_nl_media_get+0x10/0x10 [ 731.779924][T17465] netlink_rcv_skb+0x159/0x420 [ 731.779977][T17465] ? __pfx_genl_rcv_msg+0x10/0x10 [ 731.780015][T17465] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 731.780094][T17465] ? netlink_deliver_tap+0x1ae/0xcc0 [ 731.780151][T17465] genl_rcv+0x28/0x40 [ 731.780181][T17465] netlink_unicast+0x5aa/0x870 [ 731.780238][T17465] ? __pfx_netlink_unicast+0x10/0x10 [ 731.780288][T17465] ? __pfx___might_resched+0x10/0x10 [ 731.780338][T17465] ? __lock_acquire+0x4a5/0x2630 [ 731.780395][T17465] netlink_sendmsg+0x8b0/0xda0 [ 731.780455][T17465] ? __pfx_netlink_sendmsg+0x10/0x10 [ 731.780505][T17465] ? __import_iovec+0x1d2/0x640 [ 731.780549][T17465] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 731.780611][T17465] ____sys_sendmsg+0x9e1/0xb70 [ 731.780645][T17465] ? __pfx_netlink_sendmsg+0x10/0x10 [ 731.780702][T17465] ? __pfx_____sys_sendmsg+0x10/0x10 [ 731.780758][T17465] ___sys_sendmsg+0x190/0x1e0 [ 731.780801][T17465] ? __pfx____sys_sendmsg+0x10/0x10 [ 731.780891][T17465] __sys_sendmsg+0x170/0x220 [ 731.780942][T17465] ? __pfx___sys_sendmsg+0x10/0x10 [ 731.781019][T17465] do_syscall_64+0x106/0xf80 [ 731.781066][T17465] ? clear_bhb_loop+0x40/0x90 [ 731.781128][T17465] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 731.781163][T17465] RIP: 0033:0x7fb0b1d9c799 [ 731.781191][T17465] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 731.781222][T17465] RSP: 002b:00007fb0b2d1e028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 731.781254][T17465] RAX: ffffffffffffffda RBX: 00007fb0b2015fa0 RCX: 00007fb0b1d9c799 [ 731.781276][T17465] RDX: 000000002400c884 RSI: 0000200000001c00 RDI: 0000000000000003 [ 731.781297][T17465] RBP: 00007fb0b2d1e090 R08: 0000000000000000 R09: 0000000000000000 [ 731.781318][T17465] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 731.781337][T17465] R13: 00007fb0b2016038 R14: 00007fb0b2015fa0 R15: 00007ffd1696c6d8 [ 731.781381][T17465] [ 732.244886][T17472] FAULT_INJECTION: forcing a failure. [ 732.244886][T17472] name failslab, interval 1, probability 0, space 0, times 0 [ 732.307747][T17472] CPU: 0 UID: 0 PID: 17472 Comm: syz.1.2438 Tainted: G U L syzkaller #0 PREEMPT(full) [ 732.307808][T17472] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 732.307823][T17472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 732.307845][T17472] Call Trace: [ 732.307858][T17472] [ 732.307873][T17472] dump_stack_lvl+0x100/0x190 [ 732.307934][T17472] should_fail_ex.cold+0x5/0xa [ 732.307976][T17472] should_failslab+0xc2/0x120 [ 732.308023][T17472] __kmalloc_cache_noprof+0x7a/0x6f0 [ 732.308071][T17472] ? tomoyo_write_log2+0x333/0xbc0 [ 732.308125][T17472] tomoyo_write_log2+0x333/0xbc0 [ 732.308178][T17472] tomoyo_supervisor+0x15e/0x1340 [ 732.308239][T17472] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 732.308306][T17472] ? tomoyo_realpath_from_path+0x19c/0x690 [ 732.308369][T17472] ? tomoyo_realpath_from_path+0x19c/0x690 [ 732.308415][T17472] ? kfree+0x1f6/0x6b0 [ 732.308464][T17472] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 732.308516][T17472] tomoyo_path_number_perm+0x445/0x580 [ 732.308561][T17472] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 732.308600][T17472] ? futex_wait+0x125/0x380 [ 732.308691][T17472] ? find_held_lock+0x2b/0x80 [ 732.308725][T17472] ? __fget_files+0x215/0x3d0 [ 732.308756][T17472] ? hook_file_ioctl_common+0x146/0x410 [ 732.308807][T17472] ? __fget_files+0x21f/0x3d0 [ 732.308850][T17472] security_file_ioctl+0xd3/0x230 [ 732.308892][T17472] __x64_sys_ioctl+0xb7/0x210 [ 732.308949][T17472] do_syscall_64+0x106/0xf80 [ 732.309006][T17472] ? clear_bhb_loop+0x40/0x90 [ 732.309051][T17472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.309089][T17472] RIP: 0033:0x7fb0b1d9c799 [ 732.309119][T17472] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 732.309154][T17472] RSP: 002b:00007fb0b2d1e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 732.309189][T17472] RAX: ffffffffffffffda RBX: 00007fb0b2015fa0 RCX: 00007fb0b1d9c799 [ 732.309213][T17472] RDX: 0000200000000080 RSI: 0000000040345410 RDI: 0000000000000003 [ 732.309236][T17472] RBP: 00007fb0b1e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 732.309258][T17472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 732.309280][T17472] R13: 00007fb0b2016038 R14: 00007fb0b2015fa0 R15: 00007ffd1696c6d8 [ 732.309327][T17472] [ 732.681336][T17434] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 732.681369][T17434] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 732.713314][T17434] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 732.713381][T17434] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 732.720910][T17434] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 732.728014][T17434] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 732.737314][T17434] Bluetooth: hci3: Unknown advertising packet type: 0x72 [ 732.745091][T17434] Bluetooth: hci3: Unknown advertising packet type: 0x14 [ 732.753167][T17434] Bluetooth: hci3: Malformed LE Event: 0x0d [ 732.829612][T17467] FAULT_INJECTION: forcing a failure. [ 732.829612][T17467] name failslab, interval 1, probability 0, space 0, times 0 [ 732.966937][T17467] CPU: 0 UID: 0 PID: 17467 Comm: syz.2.2436 Tainted: G U L syzkaller #0 PREEMPT(full) [ 732.966981][T17467] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 732.966991][T17467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 732.967007][T17467] Call Trace: [ 732.967016][T17467] [ 732.967026][T17467] dump_stack_lvl+0x100/0x190 [ 732.967070][T17467] should_fail_ex.cold+0x5/0xa [ 732.967100][T17467] should_failslab+0xc2/0x120 [ 732.967127][T17467] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 732.967169][T17467] ? __alloc_skb+0x140/0x710 [ 732.967208][T17467] __alloc_skb+0x140/0x710 [ 732.967247][T17467] ? __alloc_skb+0x5b7/0x710 [ 732.967281][T17467] ? __pfx___alloc_skb+0x10/0x10 [ 732.967315][T17467] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 732.967353][T17467] ? audit_log_start+0x29d/0x930 [ 732.967390][T17467] ? lockdep_init_map_type+0x5c/0x250 [ 732.967644][T17467] audit_log_start+0x350/0x930 [ 732.967691][T17467] ? __pfx_audit_log_start+0x10/0x10 [ 732.967731][T17467] ? arch_do_signal_or_restart+0x1f9/0x770 [ 732.967765][T17467] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 732.967809][T17467] audit_seccomp+0x60/0x190 [ 732.967849][T17467] ? exc_general_protection+0x12e/0x250 [ 732.967879][T17467] __secure_computing+0x26d/0x2c0 [ 732.967958][T17467] do_syscall_64+0x568/0xf80 [ 732.968007][T17467] ? clear_bhb_loop+0x40/0x90 [ 732.968065][T17467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 732.968107][T17467] RIP: 0033:0x7f11fe99c799 [ 732.968130][T17467] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 732.968155][T17467] RSP: 002b:00007f11ff805a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 732.968179][T17467] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f11fe99c799 [ 732.968197][T17467] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 732.968212][T17467] RBP: 00007f11ff806030 R08: 0000000000000000 R09: 000000000000000b [ 732.968228][T17467] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000022110 [ 732.968244][T17467] R13: 00007f11fec16038 R14: 00007f11fec15fa0 R15: 00007ffc71eeac78 [ 732.968276][T17467] [ 732.968304][T17467] audit: audit_lost=2 audit_rate_limit=0 audit_backlog_limit=64 [ 733.269651][T17467] audit: out of memory in audit_log_start [ 733.280955][T17483] Invalid ELF header magic: != ELF [ 733.599183][ T5889] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 733.605393][T17434] Bluetooth: hci4: command 0x0419 tx timeout [ 734.440644][T17505] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 734.701240][T17508] Unable to find swap-space signature [ 735.028538][T17505] futex_wake_op: syz.4.2445 tries to shift op by -2048; fix this program [ 735.706439][T17529] FAULT_INJECTION: forcing a failure. [ 735.706439][T17529] name failslab, interval 1, probability 0, space 0, times 0 [ 735.742450][T17529] CPU: 0 UID: 0 PID: 17529 Comm: syz.5.2451 Tainted: G U L syzkaller #0 PREEMPT(full) [ 735.742510][T17529] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 735.742526][T17529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 735.742548][T17529] Call Trace: [ 735.742561][T17529] [ 735.742575][T17529] dump_stack_lvl+0x100/0x190 [ 735.742635][T17529] should_fail_ex.cold+0x5/0xa [ 735.742678][T17529] ? snd_pcm_plugin_build+0x64/0x650 [ 735.742821][T17529] should_failslab+0xc2/0x120 [ 735.742861][T17529] __kmalloc_noprof+0xe0/0x850 [ 735.742915][T17529] ? __kmalloc_noprof+0x320/0x850 [ 735.742977][T17529] snd_pcm_plugin_build+0x64/0x650 [ 735.743024][T17529] ? snd_pcm_plugin_build+0x4b7/0x650 [ 735.743073][T17529] snd_pcm_plugin_build_linear+0x254/0x850 [ 735.743138][T17529] ? __pfx_snd_pcm_plugin_build_linear+0x10/0x10 [ 735.743194][T17529] ? snd_pcm_hw_params+0x262/0x1cb0 [ 735.743299][T17529] snd_pcm_plug_format_plugins+0x536/0x1430 [ 735.743354][T17529] ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10 [ 735.743409][T17529] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 735.743467][T17529] snd_pcm_oss_change_params_locked+0x2e3c/0x39f0 [ 735.743530][T17529] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 735.743571][T17529] ? __pfx___mutex_lock+0x10/0x10 [ 735.743623][T17529] ? __mutex_unlock_slowpath+0x15c/0x790 [ 735.743705][T17529] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 735.743754][T17529] snd_pcm_oss_ioctl+0x1c08/0x3720 [ 735.743799][T17529] ? __fget_files+0x215/0x3d0 [ 735.743831][T17529] ? hook_file_ioctl_common+0x146/0x410 [ 735.743873][T17529] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 735.743919][T17529] ? __fget_files+0x21f/0x3d0 [ 735.743957][T17529] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 735.743999][T17529] __x64_sys_ioctl+0x18e/0x210 [ 735.744053][T17529] do_syscall_64+0x106/0xf80 [ 735.744106][T17529] ? clear_bhb_loop+0x40/0x90 [ 735.744145][T17529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 735.744179][T17529] RIP: 0033:0x7fb33359c799 [ 735.744207][T17529] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 735.744242][T17529] RSP: 002b:00007fb3343b7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 735.744276][T17529] RAX: ffffffffffffffda RBX: 00007fb333815fa0 RCX: 00007fb33359c799 [ 735.744300][T17529] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000005 [ 735.744320][T17529] RBP: 00007fb333632c99 R08: 0000000000000000 R09: 0000000000000000 [ 735.744342][T17529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 735.744364][T17529] R13: 00007fb333816038 R14: 00007fb333815fa0 R15: 00007ffc4d1640e8 [ 735.744409][T17529] [ 737.590175][T12888] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 737.600599][T12888] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 737.608587][T12888] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 737.635284][T12888] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 737.643198][T12888] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 738.104802][T17559] FAULT_INJECTION: forcing a failure. [ 738.104802][T17559] name failslab, interval 1, probability 0, space 0, times 0 [ 738.189120][T17559] CPU: 1 UID: 0 PID: 17559 Comm: syz.5.2458 Tainted: G U L syzkaller #0 PREEMPT(full) [ 738.189161][T17559] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 738.189171][T17559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 738.189186][T17559] Call Trace: [ 738.189194][T17559] [ 738.189204][T17559] dump_stack_lvl+0x100/0x190 [ 738.189246][T17559] should_fail_ex.cold+0x5/0xa [ 738.189274][T17559] should_failslab+0xc2/0x120 [ 738.189300][T17559] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 738.189339][T17559] ? __alloc_skb+0x140/0x710 [ 738.189377][T17559] __alloc_skb+0x140/0x710 [ 738.189407][T17559] ? __alloc_skb+0x5b7/0x710 [ 738.189437][T17559] ? __pfx___alloc_skb+0x10/0x10 [ 738.189468][T17559] ? genl_rcv_msg+0x4be/0x800 [ 738.189500][T17559] netlink_ack+0x117/0xb80 [ 738.189545][T17559] netlink_rcv_skb+0x333/0x420 [ 738.189583][T17559] ? __pfx_genl_rcv_msg+0x10/0x10 [ 738.189609][T17559] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 738.189658][T17559] ? netlink_deliver_tap+0x1ae/0xcc0 [ 738.189698][T17559] genl_rcv+0x28/0x40 [ 738.189718][T17559] netlink_unicast+0x5aa/0x870 [ 738.189760][T17559] ? __pfx_netlink_unicast+0x10/0x10 [ 738.189796][T17559] ? __pfx___might_resched+0x10/0x10 [ 738.189832][T17559] ? __lock_acquire+0x4a5/0x2630 [ 738.189871][T17559] netlink_sendmsg+0x8b0/0xda0 [ 738.189918][T17559] ? __pfx_netlink_sendmsg+0x10/0x10 [ 738.189954][T17559] ? __import_iovec+0x1d2/0x640 [ 738.189986][T17559] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 738.190029][T17559] ____sys_sendmsg+0x9e1/0xb70 [ 738.190053][T17559] ? __pfx_netlink_sendmsg+0x10/0x10 [ 738.190092][T17559] ? __pfx_____sys_sendmsg+0x10/0x10 [ 738.190130][T17559] ___sys_sendmsg+0x190/0x1e0 [ 738.190164][T17559] ? __pfx____sys_sendmsg+0x10/0x10 [ 738.190225][T17559] __sys_sendmsg+0x170/0x220 [ 738.190260][T17559] ? __pfx___sys_sendmsg+0x10/0x10 [ 738.190313][T17559] do_syscall_64+0x106/0xf80 [ 738.190347][T17559] ? clear_bhb_loop+0x40/0x90 [ 738.190376][T17559] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 738.190401][T17559] RIP: 0033:0x7fb33359c799 [ 738.190420][T17559] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 738.190443][T17559] RSP: 002b:00007fb3343b7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 738.190467][T17559] RAX: ffffffffffffffda RBX: 00007fb333815fa0 RCX: 00007fb33359c799 [ 738.190483][T17559] RDX: 000000002400c884 RSI: 0000200000001c00 RDI: 0000000000000003 [ 738.190498][T17559] RBP: 00007fb3343b7090 R08: 0000000000000000 R09: 0000000000000000 [ 738.190513][T17559] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 738.190528][T17559] R13: 00007fb333816038 R14: 00007fb333815fa0 R15: 00007ffc4d1640e8 [ 738.190558][T17559] [ 738.998284][T17561] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.068677][T17552] chnl_net:caif_netlink_parms(): no params data found [ 739.096360][T17572] netlink: 'syz.5.2460': attribute type 4 has an invalid length. [ 739.116177][T17572] netlink: 314 bytes leftover after parsing attributes in process `syz.5.2460'. [ 739.179802][T17574] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 739.230565][T17561] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.302823][T17574] tc_dump_action: action bad kind [ 739.405116][T17561] bridge0: port 2(netdevsim1) entered disabled state [ 739.432588][T17561] netdevsim netdevsim1 netdevsim1 (unregistering): left allmulticast mode [ 739.443471][T17561] netdevsim netdevsim1 netdevsim1 (unregistering): left promiscuous mode [ 739.454077][T17561] bridge0: port 2(netdevsim1) entered disabled state [ 739.477675][T17561] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.546288][T17552] bridge0: port 1(bridge_slave_0) entered blocking state [ 739.578913][T17552] bridge0: port 1(bridge_slave_0) entered disabled state [ 739.589112][T17552] bridge_slave_0: entered allmulticast mode [ 739.628997][T17552] bridge_slave_0: entered promiscuous mode [ 739.689030][T12888] Bluetooth: hci0: command tx timeout [ 739.701952][T17561] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 739.763668][T17552] bridge0: port 2(bridge_slave_1) entered blocking state [ 739.809380][T17552] bridge0: port 2(bridge_slave_1) entered disabled state [ 739.826818][T17552] bridge_slave_1: entered allmulticast mode [ 739.853627][T17552] bridge_slave_1: entered promiscuous mode [ 739.982999][T17552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 740.012804][T17552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 740.103385][T17552] team0: Port device team_slave_0 added [ 740.128151][T17552] team0: Port device team_slave_1 added [ 740.344394][T17552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 740.352856][T17552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 740.436518][T17552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 740.555610][T17552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 740.564467][T17552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 740.645540][T17552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 740.867543][T17601] usb usb37: usbfs: process 17601 (syz.5.2466) did not claim interface 0 before use [ 740.958106][T17552] hsr_slave_0: entered promiscuous mode [ 740.966071][T17552] hsr_slave_1: entered promiscuous mode [ 740.974964][T17552] debugfs: 'hsr0' already exists in 'hsr' [ 740.985480][T17552] Cannot create hsr debugfs directory [ 740.991554][T17561] bridge_slave_0: left allmulticast mode [ 740.997284][T17561] bridge_slave_0: left promiscuous mode [ 741.005041][T17561] bridge0: port 1(bridge_slave_0) entered disabled state [ 741.319433][T17561] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 741.364921][T17561] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 741.405175][T17561] bond0 (unregistering): Released all slaves [ 741.517261][T17561] : left promiscuous mode [ 741.593188][T17561] HfR: left promiscuous mode [ 741.759112][T12888] Bluetooth: hci0: command tx timeout [ 742.722483][T17649] ptp ptp0: new virtual clock ptp1 [ 742.746353][T17649] ptp ptp0: guarantee physical clock free running [ 743.031642][T17653] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2471'. [ 743.469955][T17561] hsr_slave_0: left promiscuous mode [ 743.476269][T17561] hsr_slave_1: left promiscuous mode [ 743.490348][T17561] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 743.512381][T17561] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 743.534925][T17561] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 743.547924][T17561] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 743.608435][T17561] veth1_macvtap: left promiscuous mode [ 743.615052][T17561] veth0_macvtap: left promiscuous mode [ 743.633246][T17667] futex_wake_op: syz.5.2476 tries to shift op by -2048; fix this program [ 743.662640][T17667] futex_wake_op: syz.5.2476 tries to shift op by -2048; fix this program [ 743.684934][T17668] 0x000000000001-0x000000020000 : "" [ 743.715248][T17668] ftl_cs: FTL header corrupt! [ 743.840026][T12888] Bluetooth: hci0: command tx timeout [ 743.842165][T17669] ERROR: Out of memory at tomoyo_memory_ok. [ 744.042776][T17561] team0 (unregistering): Port device team_slave_1 removed [ 744.091938][T17561] team0 (unregistering): Port device team_slave_0 removed [ 744.704007][T17552] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 744.777743][T17552] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 744.846117][T17552] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 744.895251][T17552] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 745.745907][T17552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 745.797569][T17688] kexec: Could not allocate control_code_buffer [ 745.921101][T12888] Bluetooth: hci0: command tx timeout [ 746.032781][T17552] 8021q: adding VLAN 0 to HW filter on device team0 [ 746.087356][T17557] bridge0: port 1(bridge_slave_0) entered blocking state [ 746.094738][T17557] bridge0: port 1(bridge_slave_0) entered forwarding state [ 746.152927][T17560] bridge0: port 2(bridge_slave_1) entered blocking state [ 746.160206][T17560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 746.401271][T17724] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 746.456033][T17724] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 746.487046][T17724] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 746.570569][T17724] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 746.680206][T17724] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 746.931745][T17552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 747.073614][T17750] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2489'. [ 747.101718][T17751] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2489'. [ 747.131659][T17552] veth0_vlan: entered promiscuous mode [ 747.184799][T17552] veth1_vlan: entered promiscuous mode [ 747.210991][T17757] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 747.288707][T17552] veth0_macvtap: entered promiscuous mode [ 747.316250][T17552] veth1_macvtap: entered promiscuous mode [ 747.358758][T17552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 747.401346][T17552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 747.438773][T14173] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.474435][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.484025][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.510118][T14173] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.543189][T14173] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 747.544962][T17764] FAULT_INJECTION: forcing a failure. [ 747.544962][T17764] name failslab, interval 1, probability 0, space 0, times 0 [ 747.571229][T17764] CPU: 1 UID: 0 PID: 17764 Comm: syz.2.2493 Tainted: G U L syzkaller #0 PREEMPT(full) [ 747.571288][T17764] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 747.571312][T17764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 747.571334][T17764] Call Trace: [ 747.571346][T17764] [ 747.571359][T17764] dump_stack_lvl+0x100/0x190 [ 747.571419][T17764] should_fail_ex.cold+0x5/0xa [ 747.571461][T17764] should_failslab+0xc2/0x120 [ 747.571499][T17764] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 747.571553][T17764] ? security_file_alloc+0x34/0x2c0 [ 747.571597][T17764] ? trace_kmem_cache_alloc+0xf3/0x120 [ 747.571644][T17764] security_file_alloc+0x34/0x2c0 [ 747.571688][T17764] init_file+0x95/0x480 [ 747.571731][T17764] alloc_empty_file+0x73/0x1c0 [ 747.571778][T17764] path_openat+0xe8/0x31a0 [ 747.571813][T17764] ? kasan_save_stack+0x3f/0x50 [ 747.571867][T17764] ? kasan_save_stack+0x30/0x50 [ 747.571921][T17764] ? kasan_save_track+0x14/0x30 [ 747.571973][T17764] ? __kasan_slab_alloc+0x89/0x90 [ 747.572003][T17764] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 747.572054][T17764] ? do_getname+0x35/0x390 [ 747.572100][T17764] ? do_sys_openat2+0xc5/0x1e0 [ 747.572147][T17764] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.572187][T17764] ? __pfx_path_openat+0x10/0x10 [ 747.572236][T17764] do_file_open+0x20e/0x430 [ 747.572275][T17764] ? __pfx_do_file_open+0x10/0x10 [ 747.572348][T17764] ? alloc_fd+0x476/0x790 [ 747.572387][T17764] ? do_getname+0x191/0x390 [ 747.572435][T17764] do_sys_openat2+0x10d/0x1e0 [ 747.572480][T17764] ? __pfx_do_sys_openat2+0x10/0x10 [ 747.572528][T17764] ? __sys_sendmsg+0x18f/0x220 [ 747.572588][T17764] __x64_sys_openat+0x12d/0x210 [ 747.572638][T17764] ? __pfx___x64_sys_openat+0x10/0x10 [ 747.572699][T17764] do_syscall_64+0x106/0xf80 [ 747.572749][T17764] ? clear_bhb_loop+0x40/0x90 [ 747.572792][T17764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 747.572827][T17764] RIP: 0033:0x7f11fe99c799 [ 747.572856][T17764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 747.572890][T17764] RSP: 002b:00007f11ff806028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 747.572923][T17764] RAX: ffffffffffffffda RBX: 00007f11fec15fa0 RCX: 00007f11fe99c799 [ 747.572947][T17764] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 747.572970][T17764] RBP: 00007f11fea32c99 R08: 0000000000000000 R09: 0000000000000000 [ 747.572991][T17764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 747.573012][T17764] R13: 00007f11fec16038 R14: 00007f11fec15fa0 R15: 00007ffc71eeac78 [ 747.573056][T17764] [ 747.669920][T14173] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 748.055799][T14172] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 748.063964][T14172] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 748.129876][T14173] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 748.146213][T14173] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 748.162366][T17774] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 748.180515][T17774] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 748.192169][T17774] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 748.205489][T17774] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 748.465660][T17783] vhci_hcd vhci_hcd.2: SetHubDepth req not supported for USB 2.0 roothub [ 748.495166][T17783] vhci_hcd vhci_hcd.2: SetHubDepth req not supported for USB 2.0 roothub [ 750.111849][T17792] kexec: Could not allocate control_code_buffer [ 750.241753][T12888] Bluetooth: hci0: command 0x0c1a tx timeout [ 750.256870][T17434] Bluetooth: hci1: command 0x0c1a tx timeout [ 750.263139][T13875] Bluetooth: hci2: command 0x0c1a tx timeout [ 750.269554][T13082] Bluetooth: hci4: command 0x0419 tx timeout [ 750.543825][T17837] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input45 [ 750.701465][T17825] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 751.129059][T17839] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input46 [ 752.026621][T17850] debugfs: '!PjE r҄y*"l-y–L̓]' already exists in 'ieee80211' [ 752.321276][T17434] Bluetooth: hci0: command 0x0c1a tx timeout [ 752.573518][T12888] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 753.108464][T17873] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 753.127400][T17873] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 753.203854][T17873] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 753.230239][T17873] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 753.674265][T17898] debugfs: '!PjE r҄y*"l-y–L̓]' already exists in 'ieee80211' [ 753.759997][T17901] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 753.776433][T17901] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 753.793189][T17901] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 753.815442][T17901] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 755.839887][T12888] Bluetooth: hci0: command 0x0c1a tx timeout [ 755.845980][T17434] Bluetooth: hci1: command 0x0c1a tx timeout [ 755.852322][T13082] Bluetooth: hci2: command 0x0c1a tx timeout [ 755.858346][T13082] Bluetooth: hci4: command 0x0419 tx timeout [ 756.629121][T17965] futex_wake_op: syz.2.2538 tries to shift op by -2048; fix this program [ 756.689253][T17965] futex_wake_op: syz.2.2538 tries to shift op by -2048; fix this program [ 756.712438][T17966] 0x000000000001-0x000000020000 : "" [ 756.756298][T17966] ftl_cs: FTL header corrupt! [ 756.975922][T17967] ERROR: Out of memory at tomoyo_memory_ok. [ 757.095449][T17972] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 757.107576][T17972] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 757.118640][T17972] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 757.144147][T17972] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 757.642119][T17985] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input47 [ 757.818918][T17987] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 757.835023][T17983] FAULT_INJECTION: forcing a failure. [ 757.835023][T17983] name failslab, interval 1, probability 0, space 0, times 0 [ 757.861733][T17987] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 757.867927][T17987] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 757.892786][T17987] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 757.919150][T17983] CPU: 1 UID: 0 PID: 17983 Comm: syz.4.2543 Tainted: G U L syzkaller #0 PREEMPT(full) [ 757.919204][T17983] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 757.919219][T17983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 757.919246][T17983] Call Trace: [ 757.919259][T17983] [ 757.919278][T17983] dump_stack_lvl+0x100/0x190 [ 757.919339][T17983] should_fail_ex.cold+0x5/0xa [ 757.919401][T17983] should_failslab+0xc2/0x120 [ 757.919440][T17983] __kmalloc_cache_noprof+0x7a/0x6f0 [ 757.919489][T17983] ? alloc_tty_struct+0x96/0x8c0 [ 757.919546][T17983] ? ptmx_open+0x102/0x3c0 [ 757.919672][T17983] alloc_tty_struct+0x96/0x8c0 [ 757.919726][T17983] ? __mutex_unlock_slowpath+0x15c/0x790 [ 757.919792][T17983] ? __pfx_alloc_tty_struct+0x10/0x10 [ 757.919851][T17983] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 757.919915][T17983] tty_init_dev.part.0+0x20/0x470 [ 757.919976][T17983] tty_init_dev+0x60/0x80 [ 757.920032][T17983] ptmx_open+0x15e/0x3c0 [ 757.920074][T17983] ? __pfx_ptmx_open+0x10/0x10 [ 757.920116][T17983] chrdev_open+0x234/0x6a0 [ 757.920152][T17983] ? __pfx_apparmor_file_open+0x10/0x10 [ 757.920212][T17983] ? __pfx_chrdev_open+0x10/0x10 [ 757.920251][T17983] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 757.920300][T17983] do_dentry_open+0x6d8/0x1660 [ 757.920334][T17983] ? __pfx_chrdev_open+0x10/0x10 [ 757.920380][T17983] vfs_open+0x82/0x3f0 [ 757.920429][T17983] path_openat+0x208c/0x31a0 [ 757.920481][T17983] ? __pfx_path_openat+0x10/0x10 [ 757.920534][T17983] do_file_open+0x20e/0x430 [ 757.920574][T17983] ? __pfx_do_file_open+0x10/0x10 [ 757.920643][T17983] ? alloc_fd+0x476/0x790 [ 757.920682][T17983] ? do_getname+0x191/0x390 [ 757.920730][T17983] do_sys_openat2+0x10d/0x1e0 [ 757.920784][T17983] ? __pfx_do_sys_openat2+0x10/0x10 [ 757.920835][T17983] ? __fget_files+0x21f/0x3d0 [ 757.920877][T17983] __x64_sys_openat+0x12d/0x210 [ 757.920925][T17983] ? __pfx___x64_sys_openat+0x10/0x10 [ 757.920990][T17983] do_syscall_64+0x106/0xf80 [ 757.921039][T17983] ? clear_bhb_loop+0x40/0x90 [ 757.921082][T17983] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 757.921118][T17983] RIP: 0033:0x7f30ce19c799 [ 757.921148][T17983] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 757.921183][T17983] RSP: 002b:00007f30cf05e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 757.921218][T17983] RAX: ffffffffffffffda RBX: 00007f30ce415fa0 RCX: 00007f30ce19c799 [ 757.921243][T17983] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 757.921266][T17983] RBP: 00007f30ce232c99 R08: 0000000000000000 R09: 0000000000000000 [ 757.921289][T17983] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 757.921311][T17983] R13: 00007f30ce416038 R14: 00007f30ce415fa0 R15: 00007ffda62cfb28 [ 757.921358][T17983] [ 758.409972][T17990] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input48 [ 759.839007][T13082] Bluetooth: hci4: command 0x0419 tx timeout [ 759.919054][T13082] Bluetooth: hci0: command 0x0c1a tx timeout [ 759.925246][T12888] Bluetooth: hci1: command 0x0c1a tx timeout [ 759.931403][T17434] Bluetooth: hci2: command 0x0c1a tx timeout [ 760.030596][T18030] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 760.042608][T18030] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 760.053993][T18030] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 760.062140][T18030] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 760.398031][T18049] Invalid ELF header magic: != ELF [ 761.213417][T18079] HfR: entered promiscuous mode [ 761.590334][T18088] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 761.597382][T18088] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 761.622101][T18088] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 761.628378][T18088] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 761.944984][T18107] sd 0:0:1:0: PR command failed: 1026 [ 761.950526][T18107] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 761.957428][T18107] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 761.994444][T18108] sd 0:0:1:0: PR command failed: 1026 [ 762.006151][T18108] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 762.039072][T18108] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 762.298410][T18111] Invalid ELF header magic: != ELF [ 762.769743][T18123] FAULT_INJECTION: forcing a failure. [ 762.769743][T18123] name failslab, interval 1, probability 0, space 0, times 0 [ 762.887021][T18123] CPU: 1 UID: 0 PID: 18123 Comm: syz.4.2572 Tainted: G U L syzkaller #0 PREEMPT(full) [ 762.887076][T18123] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 762.887090][T18123] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 762.887110][T18123] Call Trace: [ 762.887122][T18123] [ 762.887135][T18123] dump_stack_lvl+0x100/0x190 [ 762.887191][T18123] should_fail_ex.cold+0x5/0xa [ 762.887229][T18123] should_failslab+0xc2/0x120 [ 762.887263][T18123] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 762.887313][T18123] ? taskstats_exit+0x650/0xbd0 [ 762.887373][T18123] taskstats_exit+0x650/0xbd0 [ 762.887426][T18123] ? __pfx_acct_update_integrals+0x10/0x10 [ 762.887461][T18123] ? __pfx_taskstats_exit+0x10/0x10 [ 762.887516][T18123] ? rcu_read_lock_any_held+0x6a/0xa0 [ 762.887549][T18123] ? exit_signals+0x395/0xaf0 [ 762.887590][T18123] do_exit+0x659/0x2b60 [ 762.887651][T18123] ? __pfx_do_exit+0x10/0x10 [ 762.887695][T18123] ? do_raw_spin_lock+0x128/0x260 [ 762.887744][T18123] ? find_held_lock+0x2b/0x80 [ 762.887774][T18123] ? get_signal+0x7e0/0x21e0 [ 762.887814][T18123] do_group_exit+0xd5/0x2a0 [ 762.887863][T18123] get_signal+0x1ec7/0x21e0 [ 762.887913][T18123] ? __pfx_get_signal+0x10/0x10 [ 762.887951][T18123] ? do_futex+0x192/0x350 [ 762.888000][T18123] arch_do_signal_or_restart+0x91/0x770 [ 762.888045][T18123] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 762.888101][T18123] ? __pfx___x64_sys_futex+0x10/0x10 [ 762.888156][T18123] exit_to_user_mode_loop+0x86/0x4a0 [ 762.888205][T18123] do_syscall_64+0x668/0xf80 [ 762.888249][T18123] ? clear_bhb_loop+0x40/0x90 [ 762.888292][T18123] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.888327][T18123] RIP: 0033:0x7f30ce19c799 [ 762.888355][T18123] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 762.888390][T18123] RSP: 002b:00007f30cf05e0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 762.888423][T18123] RAX: fffffffffffffe00 RBX: 00007f30ce415fa8 RCX: 00007f30ce19c799 [ 762.888445][T18123] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f30ce415fa8 [ 762.888466][T18123] RBP: 00007f30ce415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 762.888486][T18123] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 762.888507][T18123] R13: 00007f30ce416038 R14: 00007ffda62cfa40 R15: 00007ffda62cfb28 [ 762.888551][T18123] [ 763.605169][T13082] Bluetooth: hci4: command 0x0419 tx timeout [ 763.679557][T13082] Bluetooth: hci0: command 0x0c1a tx timeout [ 763.685947][T12888] Bluetooth: hci1: command 0x0c1a tx timeout [ 763.692349][T17434] Bluetooth: hci2: command 0x0c1a tx timeout [ 766.411828][T18170] FAULT_INJECTION: forcing a failure. [ 766.411828][T18170] name fail_futex, interval 1, probability 0, space 0, times 0 [ 766.518991][T18170] CPU: 1 UID: 0 PID: 18170 Comm: syz.4.2581 Tainted: G U L syzkaller #0 PREEMPT(full) [ 766.519045][T18170] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 766.519059][T18170] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 766.519079][T18170] Call Trace: [ 766.519090][T18170] [ 766.519103][T18170] dump_stack_lvl+0x100/0x190 [ 766.519158][T18170] should_fail_ex.cold+0x5/0xa [ 766.519197][T18170] should_fail_futex+0x4c/0x60 [ 766.519240][T18170] __x64_sys_futex+0x1f0/0x4d0 [ 766.519300][T18170] ? __pfx___x64_sys_futex+0x10/0x10 [ 766.519359][T18170] do_syscall_64+0x106/0xf80 [ 766.519405][T18170] ? clear_bhb_loop+0x40/0x90 [ 766.519447][T18170] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 766.519481][T18170] RIP: 0033:0x7f30ce19c799 [ 766.519508][T18170] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 766.519541][T18170] RSP: 002b:00007ffda62cfc88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 766.519573][T18170] RAX: ffffffffffffffda RBX: 00000000000bb0dd RCX: 00007f30ce19c799 [ 766.519596][T18170] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f30ce415fac [ 766.519617][T18170] RBP: 0000000000000032 R08: 0000000000000000 R09: 0000000000000000 [ 766.519638][T18170] R10: 00007ffda62cfd90 R11: 0000000000000246 R12: 00007ffda62cfdb0 [ 766.519661][T18170] R13: 00007f30ce415fac R14: 00000000000bb10f R15: 00007ffda62cfd90 [ 766.519706][T18170] [ 766.687776][T18183] netlink: 'syz.1.2586': attribute type 2 has an invalid length. [ 766.711784][T18176] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 766.879256][T18176] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 766.895687][T18176] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 766.943945][T18176] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 767.095152][T18191] blkio.reset_stats is deprecated [ 767.482979][T13082] Bluetooth: hci1: Unable to find connection for big 0xd2 [ 768.807832][T13082] Bluetooth: hci4: command 0x0419 tx timeout [ 768.960119][T13082] Bluetooth: hci0: command 0x0c1a tx timeout [ 768.966505][T17434] Bluetooth: hci1: command 0x0c1a tx timeout [ 768.973154][T12888] Bluetooth: hci2: command 0x0c1a tx timeout [ 770.049641][T17434] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 770.069468][T17434] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 770.106329][T17434] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 770.117238][T17434] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 770.132036][T17434] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 770.481118][T18268] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 770.876771][T18256] chnl_net:caif_netlink_parms(): no params data found [ 771.001300][T18276] FAULT_INJECTION: forcing a failure. [ 771.001300][T18276] name failslab, interval 1, probability 0, space 0, times 0 [ 771.046752][T18276] CPU: 1 UID: 0 PID: 18276 Comm: syz.5.2611 Tainted: G U L syzkaller #0 PREEMPT(full) [ 771.046807][T18276] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 771.046821][T18276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 771.046842][T18276] Call Trace: [ 771.046852][T18276] [ 771.046863][T18276] dump_stack_lvl+0x100/0x190 [ 771.046911][T18276] should_fail_ex.cold+0x5/0xa [ 771.046942][T18276] ? tomoyo_encode2+0xfb/0x3c0 [ 771.046977][T18276] should_failslab+0xc2/0x120 [ 771.047007][T18276] __kmalloc_noprof+0xe0/0x850 [ 771.047048][T18276] ? d_absolute_path+0x136/0x1b0 [ 771.047091][T18276] tomoyo_encode2+0xfb/0x3c0 [ 771.047132][T18276] tomoyo_encode+0x29/0x50 [ 771.047166][T18276] tomoyo_realpath_from_path+0x18c/0x690 [ 771.047212][T18276] tomoyo_path_number_perm+0x23c/0x580 [ 771.047249][T18276] ? tomoyo_path_number_perm+0x22e/0x580 [ 771.047283][T18276] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 771.047346][T18276] ? find_held_lock+0x2b/0x80 [ 771.047404][T18276] ? __fget_files+0x215/0x3d0 [ 771.047429][T18276] ? hook_file_ioctl_common+0x146/0x410 [ 771.047468][T18276] ? __fget_files+0x21f/0x3d0 [ 771.047500][T18276] security_file_ioctl+0xd3/0x230 [ 771.047533][T18276] __x64_sys_ioctl+0xb7/0x210 [ 771.047577][T18276] do_syscall_64+0x106/0xf80 [ 771.047616][T18276] ? clear_bhb_loop+0x40/0x90 [ 771.047651][T18276] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.047680][T18276] RIP: 0033:0x7fb33359c799 [ 771.047702][T18276] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 771.047730][T18276] RSP: 002b:00007fb3343b7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 771.047756][T18276] RAX: ffffffffffffffda RBX: 00007fb333815fa0 RCX: 00007fb33359c799 [ 771.047775][T18276] RDX: 0000200000000780 RSI: 0000000040084504 RDI: 0000000000000003 [ 771.047793][T18276] RBP: 00007fb3343b7090 R08: 0000000000000000 R09: 0000000000000000 [ 771.047810][T18276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 771.047827][T18276] R13: 00007fb333816038 R14: 00007fb333815fa0 R15: 00007ffc4d1640e8 [ 771.047863][T18276] [ 771.047900][T18276] ERROR: Out of memory at tomoyo_realpath_from_path. [ 771.394639][T18256] bridge0: port 1(bridge_slave_0) entered blocking state [ 771.404386][T18256] bridge0: port 1(bridge_slave_0) entered disabled state [ 771.419974][T18280] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 771.425349][T18256] bridge_slave_0: entered allmulticast mode [ 771.426554][T18280] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 771.448989][T18280] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 771.455276][T18280] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 771.459810][T18256] bridge_slave_0: entered promiscuous mode [ 771.482802][T18256] bridge0: port 2(bridge_slave_1) entered blocking state [ 771.491817][T18280] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 771.497924][T18280] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 771.498501][T18256] bridge0: port 2(bridge_slave_1) entered disabled state [ 771.531231][T18256] bridge_slave_1: entered allmulticast mode [ 771.545039][T18256] bridge_slave_1: entered promiscuous mode [ 771.655191][T18256] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 771.701006][T18256] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 771.722528][T18280] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 771.798448][T18256] team0: Port device team_slave_0 added [ 771.811330][T18256] team0: Port device team_slave_1 added [ 772.007016][T18256] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 772.029364][T18256] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 772.090186][T18256] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 772.255038][T18256] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 772.279056][T18256] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 772.317904][T18256] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 772.444669][T17561] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 772.939595][T18256] hsr_slave_0: entered promiscuous mode [ 772.955922][T18256] hsr_slave_1: entered promiscuous mode [ 773.002651][T17561] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 773.243730][T17561] netdevsim netdevsim4 netdevsim1 (unregistering): left allmulticast mode [ 773.325988][T17561] netdevsim netdevsim4 netdevsim1 (unregistering): left promiscuous mode [ 773.339884][T17561] bridge0: port 3(netdevsim1) entered disabled state [ 773.415723][T17561] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 773.444363][T17434] Bluetooth: hci2: command 0x0c1a tx timeout [ 773.521670][T17434] Bluetooth: hci3: command 0x041b tx timeout [ 773.530654][T12888] Bluetooth: hci0: command 0x0c1a tx timeout [ 773.536812][T12888] Bluetooth: hci1: command 0x0c1a tx timeout [ 773.597444][T17561] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 774.203891][T18323] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2622'. [ 774.361924][T17561] veth0_to_bridge: left allmulticast mode [ 774.402795][T17561] veth0_to_bridge: left promiscuous mode [ 774.439261][T17561] bridge0: port 4(veth0_to_bridge) entered disabled state [ 774.474861][T17561] bridge_slave_1: left allmulticast mode [ 774.484860][T17561] bridge_slave_1: left promiscuous mode [ 774.491070][T17561] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.553842][T17561] bridge_slave_0: left allmulticast mode [ 774.561039][T17561] bridge_slave_0: left promiscuous mode [ 774.566873][T17561] bridge0: port 1(bridge_slave_0) entered disabled state [ 774.902570][T18347] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2625'. [ 775.417048][T17561] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 775.436086][T17561] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 775.474978][T17561] bond0 (unregistering): Released all slaves [ 775.550412][T18362] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 775.602219][T17434] Bluetooth: hci3: command 0x041b tx timeout [ 775.834394][T17561] HfR: left promiscuous mode [ 777.219951][T18256] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 777.245332][T18256] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 777.265476][T18256] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 777.324368][T18256] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 777.679143][T17434] Bluetooth: hci3: command 0x041b tx timeout [ 778.035712][T18413] Invalid ELF header magic: != ELF [ 778.071174][T17561] hsr_slave_0: left promiscuous mode [ 778.116841][T17561] hsr_slave_1: left promiscuous mode [ 778.135627][T17561] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 778.153742][T17561] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 778.230534][T17561] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 778.238692][T17561] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 778.274665][T17561] veth1_macvtap: left promiscuous mode [ 778.285423][T17561] veth0_macvtap: left promiscuous mode [ 778.293313][T17561] veth1_vlan: left promiscuous mode [ 779.059569][T17561] team0 (unregistering): Port device team_slave_1 removed [ 779.079947][T17561] team0 (unregistering): Port device team_slave_0 removed [ 779.759022][T17434] Bluetooth: hci3: command 0x041b tx timeout [ 780.287846][T18256] 8021q: adding VLAN 0 to HW filter on device bond0 [ 780.386803][T18256] 8021q: adding VLAN 0 to HW filter on device team0 [ 780.570775][T14159] bridge0: port 1(bridge_slave_0) entered blocking state [ 780.577994][T14159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 780.698415][T14159] bridge0: port 2(bridge_slave_1) entered blocking state [ 780.705698][T14159] bridge0: port 2(bridge_slave_1) entered forwarding state [ 781.711503][T18256] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 781.839201][T17434] Bluetooth: hci3: command 0x041b tx timeout [ 782.086713][T18461] Invalid ELF header magic: != ELF [ 782.277013][T18256] veth0_vlan: entered promiscuous mode [ 782.297547][T18256] veth1_vlan: entered promiscuous mode [ 782.344516][T18256] veth0_macvtap: entered promiscuous mode [ 782.386182][T18256] veth1_macvtap: entered promiscuous mode [ 782.599794][T18473] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 782.860868][T18256] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 782.912503][T18256] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 782.966477][T17558] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.028458][T17558] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.056193][T17558] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.075193][T17558] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 783.345843][T18480] sp0: Synchronizing with TNC [ 783.413437][T17560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 783.436103][T17560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 783.543655][T17561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 783.563431][T17561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 783.928997][T17434] Bluetooth: hci3: command 0x041b tx timeout [ 784.749735][T18505] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 785.834203][T18531] zswap: compressor not available [ 785.961922][T18527] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 786.072587][T18527] File: /dev/nullb0 PID: 18527 Comm: syz.5.2655 [ 786.656124][T18546] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 787.139255][T18545] zswap: compressor not available [ 788.409505][T18570] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 788.433816][T18572] vivid-007: ================= START STATUS ================= [ 788.449621][T18572] vivid-007: Generate PTS: true [ 788.454522][T18572] vivid-007: Generate SCR: true [ 788.492139][T18572] tpg source WxH: 320x240 (Y'CbCr) [ 788.497341][T18572] tpg field: 1 [ 788.547665][T18572] tpg crop: (0,0)/320x240 [ 788.559224][T18572] tpg compose: (0,0)/320x240 [ 788.563915][T18572] tpg colorspace: 8 [ 788.568748][T18572] tpg transfer function: 0/0 [ 788.574003][T18572] tpg Y'CbCr encoding: 0/0 [ 788.578577][T18572] tpg quantization: 0/0 [ 788.587587][T18572] tpg RGB range: 0/2 [ 788.591935][T18572] vivid-007: ================== END STATUS ================== [ 788.609550][T18577] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 788.620399][T18577] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 788.676912][T18577] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 788.763453][T18577] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 790.639324][T17434] Bluetooth: hci0: command 0x0c1a tx timeout [ 790.645396][T17434] Bluetooth: hci1: command 0x0c1a tx timeout [ 790.651733][T12888] Bluetooth: hci2: command 0x0c1a tx timeout [ 790.799691][T17434] Bluetooth: hci3: command 0x041b tx timeout [ 790.859506][T18609] ERROR: Out of memory at tomoyo_memory_ok. [ 791.441698][T18621] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 791.459208][T18621] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 791.478565][T18621] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 791.585700][T18613] zswap: compressor not available [ 791.593782][T18621] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 792.760542][T18637] Invalid ELF header magic: != ELF [ 793.523239][T17434] Bluetooth: hci0: command 0x0c1a tx timeout [ 793.529659][T12888] Bluetooth: hci1: command 0x0c1a tx timeout [ 793.535723][T12888] Bluetooth: hci2: command 0x0c1a tx timeout [ 793.600702][T12888] Bluetooth: hci3: command 0x041b tx timeout [ 794.005582][T18658] FAULT_INJECTION: forcing a failure. [ 794.005582][T18658] name failslab, interval 1, probability 0, space 0, times 0 [ 794.098076][T18664] FAULT_INJECTION: forcing a failure. [ 794.098076][T18664] name failslab, interval 1, probability 0, space 0, times 0 [ 794.131509][T18658] CPU: 1 UID: 0 PID: 18658 Comm: syz.5.2683 Tainted: G U L syzkaller #0 PREEMPT(full) [ 794.131563][T18658] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 794.131576][T18658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 794.131595][T18658] Call Trace: [ 794.131606][T18658] [ 794.131618][T18658] dump_stack_lvl+0x100/0x190 [ 794.131672][T18658] should_fail_ex.cold+0x5/0xa [ 794.131711][T18658] should_failslab+0xc2/0x120 [ 794.131753][T18658] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 794.131810][T18658] ? __kernfs_new_node+0xd2/0x960 [ 794.131866][T18658] __kernfs_new_node+0xd2/0x960 [ 794.131919][T18658] ? __pfx___kernfs_new_node+0x10/0x10 [ 794.131976][T18658] ? find_held_lock+0x2b/0x80 [ 794.132008][T18658] ? kernfs_root+0xee/0x2a0 [ 794.132062][T18658] ? kernfs_root+0xee/0x2a0 [ 794.132120][T18658] kernfs_new_node+0x11b/0x1a0 [ 794.132181][T18658] __kernfs_create_file+0x53/0x350 [ 794.132225][T18658] sysfs_add_file_mode_ns+0x207/0x3c0 [ 794.132282][T18658] internal_create_group+0x593/0xf40 [ 794.132343][T18658] ? __pfx_internal_create_group+0x10/0x10 [ 794.132400][T18658] ? kernfs_create_link+0x1bd/0x240 [ 794.132446][T18658] internal_create_groups+0x9d/0x150 [ 794.132500][T18658] device_add+0x71a/0x1950 [ 794.132627][T18658] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 794.132685][T18658] ? __pfx_device_add+0x10/0x10 [ 794.132725][T18658] ? lockdep_init_map_type+0x5c/0x250 [ 794.132798][T18658] ? __init_waitqueue_head+0xca/0x150 [ 794.132859][T18658] netdev_register_kobject+0x1a9/0x3d0 [ 794.132980][T18658] register_netdevice+0x12e0/0x2210 [ 794.133035][T18658] ? __pfx_register_netdevice+0x10/0x10 [ 794.133094][T18658] ? __pfx_loopback_net_init+0x10/0x10 [ 794.133180][T18658] register_netdev+0x34/0x50 [ 794.133232][T18658] loopback_net_init+0x7a/0x170 [ 794.133270][T18658] ? __pfx_loopback_net_init+0x10/0x10 [ 794.133304][T18658] ops_init+0x1e2/0x5f0 [ 794.133356][T18658] setup_net+0x118/0x3a0 [ 794.133407][T18658] ? __pfx_setup_net+0x10/0x10 [ 794.133453][T18658] ? lockdep_init_map_type+0x5c/0x250 [ 794.133500][T18658] ? mutex_init_lockep+0x110/0x150 [ 794.133551][T18658] copy_net_ns+0x46f/0x7c0 [ 794.133586][T18658] create_new_namespaces+0x3ea/0xac0 [ 794.133631][T18658] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 794.133671][T18658] ksys_unshare+0x473/0xad0 [ 794.133712][T18658] ? __pfx_ksys_unshare+0x10/0x10 [ 794.133780][T18658] __x64_sys_unshare+0x31/0x40 [ 794.133818][T18658] do_syscall_64+0x106/0xf80 [ 794.133862][T18658] ? clear_bhb_loop+0x40/0x90 [ 794.133904][T18658] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.133938][T18658] RIP: 0033:0x7fb33359c799 [ 794.133964][T18658] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 794.133997][T18658] RSP: 002b:00007fb334396028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 794.134027][T18658] RAX: ffffffffffffffda RBX: 00007fb333816090 RCX: 00007fb33359c799 [ 794.134047][T18658] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 794.134068][T18658] RBP: 00007fb333632c99 R08: 0000000000000000 R09: 0000000000000000 [ 794.134088][T18658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 794.134106][T18658] R13: 00007fb333816128 R14: 00007fb333816090 R15: 00007ffc4d1640e8 [ 794.134151][T18658] [ 794.141740][T18664] CPU: 0 UID: 0 PID: 18664 Comm: syz.2.2684 Tainted: G U L syzkaller #0 PREEMPT(full) [ 794.141908][T18664] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 794.141940][T18664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 794.142002][T18664] Call Trace: [ 794.142026][T18664] [ 794.142056][T18664] dump_stack_lvl+0x100/0x190 [ 794.142197][T18664] should_fail_ex.cold+0x5/0xa [ 794.142289][T18664] should_failslab+0xc2/0x120 [ 794.142388][T18664] __kvmalloc_node_noprof+0xfa/0xa00 [ 794.142526][T18664] ? seq_read_iter+0x819/0x1270 [ 794.142689][T18664] seq_read_iter+0x819/0x1270 [ 794.142984][T18664] kernfs_fop_read_iter+0x46c/0x610 [ 794.143119][T18664] ? rw_verify_area+0xce/0x6d0 [ 794.143283][T18664] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 794.143389][T18664] vfs_read+0x825/0xb30 [ 794.143535][T18664] ? __pfx_vfs_read+0x10/0x10 [ 794.143690][T18664] ksys_read+0x12a/0x250 [ 794.143775][T18664] ? __pfx_ksys_read+0x10/0x10 [ 794.143889][T18664] do_syscall_64+0x106/0xf80 [ 794.144013][T18664] ? clear_bhb_loop+0x40/0x90 [ 794.144128][T18664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 794.144224][T18664] RIP: 0033:0x7f11fe99c799 [ 794.144303][T18664] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 794.144385][T18664] RSP: 002b:00007f11ff806028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 794.144462][T18664] RAX: ffffffffffffffda RBX: 00007f11fec15fa0 RCX: 00007f11fe99c799 [ 794.144525][T18664] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 794.144591][T18664] RBP: 00007f11ff806090 R08: 0000000000000000 R09: 0000000000000000 [ 794.144651][T18664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 794.144711][T18664] R13: 00007f11fec16038 R14: 00007f11fec15fa0 R15: 00007ffc71eeac78 [ 794.144822][T18664] [ 794.726667][T18643] Invalid ELF header magic: != ELF [ 794.880178][T18661] Invalid ELF header magic: != ELF [ 795.910891][T18673] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 795.930297][T18673] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 795.979265][T18673] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 796.006533][T18673] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 796.423772][T18675] zswap: compressor not available [ 797.919064][T12888] Bluetooth: hci2: command 0x0c1a tx timeout [ 798.002634][T12888] Bluetooth: hci0: command 0x0c1a tx timeout [ 798.008707][T12888] Bluetooth: hci1: command 0x0c1a tx timeout [ 798.079900][T12888] Bluetooth: hci3: command 0x041b tx timeout [ 798.880943][T18728] FAULT_INJECTION: forcing a failure. [ 798.880943][T18728] name fail_futex, interval 1, probability 0, space 0, times 0 [ 798.908938][T18728] CPU: 0 UID: 0 PID: 18728 Comm: syz.2.2699 Tainted: G U L syzkaller #0 PREEMPT(full) [ 798.908998][T18728] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 798.909012][T18728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 798.909033][T18728] Call Trace: [ 798.909045][T18728] [ 798.909058][T18728] dump_stack_lvl+0x100/0x190 [ 798.909131][T18728] should_fail_ex.cold+0x5/0xa [ 798.909178][T18728] get_futex_key+0x1d2/0x1620 [ 798.909227][T18728] ? __pfx_get_futex_key+0x10/0x10 [ 798.909271][T18728] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 798.909320][T18728] ? lockdep_hardirqs_on+0x78/0x100 [ 798.909381][T18728] ? iput+0x3a/0x40 [ 798.909423][T18728] ? hugetlb_file_setup+0x2c8/0x5b0 [ 798.909471][T18728] futex_wake+0xea/0x530 [ 798.909530][T18728] ? __pfx_futex_wake+0x10/0x10 [ 798.909591][T18728] ? up_write+0x290/0x4f0 [ 798.909649][T18728] do_futex+0x32b/0x350 [ 798.909697][T18728] ? __pfx_do_futex+0x10/0x10 [ 798.909754][T18728] __x64_sys_futex+0x34f/0x4d0 [ 798.909806][T18728] ? __pfx___x64_sys_futex+0x10/0x10 [ 798.909855][T18728] ? __pfx___x64_sys_shmget+0x10/0x10 [ 798.909915][T18728] do_syscall_64+0x106/0xf80 [ 798.909964][T18728] ? clear_bhb_loop+0x40/0x90 [ 798.910007][T18728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 798.910044][T18728] RIP: 0033:0x7f11fe99c799 [ 798.910073][T18728] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 798.910109][T18728] RSP: 002b:00007f11ff8060e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 798.910148][T18728] RAX: ffffffffffffffda RBX: 00007f11fec15fa8 RCX: 00007f11fe99c799 [ 798.910173][T18728] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f11fec15fac [ 798.910197][T18728] RBP: 00007f11fec15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 798.910218][T18728] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 798.910242][T18728] R13: 00007f11fec16038 R14: 00007ffc71eeab90 R15: 00007ffc71eeac78 [ 798.910287][T18728] [ 801.182775][T18764] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 801.195327][T18764] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 801.304085][T18764] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 801.357859][T18764] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 801.873169][T18784] FAULT_INJECTION: forcing a failure. [ 801.873169][T18784] name failslab, interval 1, probability 0, space 0, times 0 [ 801.923349][T18784] CPU: 0 UID: 0 PID: 18784 Comm: syz.5.2711 Tainted: G U L syzkaller #0 PREEMPT(full) [ 801.923409][T18784] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 801.923424][T18784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 801.923446][T18784] Call Trace: [ 801.923457][T18784] [ 801.923471][T18784] dump_stack_lvl+0x100/0x190 [ 801.923529][T18784] should_fail_ex.cold+0x5/0xa [ 801.923570][T18784] should_failslab+0xc2/0x120 [ 801.923608][T18784] __kmalloc_cache_noprof+0x7a/0x6f0 [ 801.923656][T18784] ? p9_client_create+0xaf/0xd40 [ 801.923719][T18784] p9_client_create+0xaf/0xd40 [ 801.923768][T18784] ? __pfx_p9_client_create+0x10/0x10 [ 801.923842][T18784] ? lockdep_init_map_type+0x5c/0x250 [ 801.923892][T18784] ? __raw_spin_lock_init+0x3a/0x110 [ 801.923952][T18784] v9fs_session_init+0x40/0xce0 [ 801.924003][T18784] ? kasan_save_track+0x14/0x30 [ 801.924062][T18784] v9fs_get_tree+0xb8/0xb50 [ 801.924113][T18784] ? rcu_is_watching+0x12/0xc0 [ 801.924168][T18784] ? __pfx_v9fs_get_tree+0x10/0x10 [ 801.924225][T18784] ? bpf_lsm_capable+0x9/0x10 [ 801.924260][T18784] ? security_capable+0x80/0x260 [ 801.924320][T18784] vfs_get_tree+0x92/0x320 [ 801.924369][T18784] vfs_cmd_create+0xd7/0x2a0 [ 801.924424][T18784] __do_sys_fsconfig+0x55a/0xcb0 [ 801.924474][T18784] ? __pfx___do_sys_fsconfig+0x10/0x10 [ 801.924541][T18784] do_syscall_64+0x106/0xf80 [ 801.924588][T18784] ? clear_bhb_loop+0x40/0x90 [ 801.924633][T18784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.924669][T18784] RIP: 0033:0x7fb33359c799 [ 801.924697][T18784] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 801.924733][T18784] RSP: 002b:00007fb334375028 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 801.924768][T18784] RAX: ffffffffffffffda RBX: 00007fb333816180 RCX: 00007fb33359c799 [ 801.924800][T18784] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000007 [ 801.924821][T18784] RBP: 00007fb333632c99 R08: 0000000000000000 R09: 0000000000000000 [ 801.924843][T18784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 801.924865][T18784] R13: 00007fb333816218 R14: 00007fb333816180 R15: 00007ffc4d1640e8 [ 801.924912][T18784] [ 802.707706][T18799] synth uevent: /module/au0828: unknown uevent action string [ 802.832503][T18795] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input50 [ 802.929651][T18799] FAULT_INJECTION: forcing a failure. [ 802.929651][T18799] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 802.966647][T18799] CPU: 1 UID: 0 PID: 18799 Comm: syz.5.2715 Tainted: G U L syzkaller #0 PREEMPT(full) [ 802.966704][T18799] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 802.966717][T18799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 802.966737][T18799] Call Trace: [ 802.966747][T18799] [ 802.966758][T18799] dump_stack_lvl+0x100/0x190 [ 802.966810][T18799] should_fail_ex.cold+0x5/0xa [ 802.966839][T18799] ? prepare_alloc_pages+0x16d/0x5f0 [ 802.966877][T18799] should_fail_alloc_page+0xeb/0x140 [ 802.966910][T18799] prepare_alloc_pages+0x1f0/0x5f0 [ 802.966948][T18799] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 802.967001][T18799] ? stack_trace_save+0x8e/0xc0 [ 802.967031][T18799] ? __pfx_stack_trace_save+0x10/0x10 [ 802.967069][T18799] ? stack_depot_save_flags+0x27/0x9d0 [ 802.967108][T18799] ? is_bpf_text_address+0x8a/0x1a0 [ 802.967165][T18799] ? is_bpf_text_address+0x8a/0x1a0 [ 802.967211][T18799] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 802.967257][T18799] ? kasan_save_stack+0x3f/0x50 [ 802.967301][T18799] ? kasan_save_track+0x14/0x30 [ 802.967344][T18799] ? kmem_cache_alloc_node_noprof+0x25a/0x6f0 [ 802.967387][T18799] ? alloc_vmap_area+0x186c/0x2bd0 [ 802.967414][T18799] ? __get_vm_area_node+0x1ca/0x330 [ 802.967444][T18799] ? __vmalloc_node_range_noprof+0x213/0x1530 [ 802.967479][T18799] ? __vmalloc_node_noprof+0xad/0xf0 [ 802.967512][T18799] ? copy_process+0x5ec/0x7a40 [ 802.967543][T18799] ? kernel_clone+0xfc/0x9a0 [ 802.967573][T18799] ? __do_sys_clone+0xd9/0x120 [ 802.967604][T18799] ? do_syscall_64+0x106/0xf80 [ 802.967670][T18799] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 802.967720][T18799] ? policy_nodemask+0xed/0x4f0 [ 802.967755][T18799] alloc_pages_mpol+0x1fb/0x550 [ 802.967788][T18799] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 802.967829][T18799] alloc_pages_noprof+0x131/0x390 [ 802.967862][T18799] get_free_pages_noprof+0x10/0xb0 [ 802.967891][T18799] __kasan_populate_vmalloc+0xa0/0x210 [ 802.967943][T18799] alloc_vmap_area+0x95d/0x2bd0 [ 802.967988][T18799] ? __pfx_alloc_vmap_area+0x10/0x10 [ 802.968029][T18799] __get_vm_area_node+0x1ca/0x330 [ 802.968069][T18799] __vmalloc_node_range_noprof+0x213/0x1530 [ 802.968107][T18799] ? kernel_clone+0xfc/0x9a0 [ 802.968138][T18799] ? find_held_lock+0x2b/0x80 [ 802.968173][T18799] ? local_lock_release+0x99/0x130 [ 802.968208][T18799] ? local_lock_release+0x99/0x130 [ 802.968248][T18799] ? kernel_clone+0xfc/0x9a0 [ 802.968283][T18799] ? find_held_lock+0x2b/0x80 [ 802.968310][T18799] ? rcu_read_unlock+0x17/0x60 [ 802.968342][T18799] ? rcu_read_unlock+0x17/0x60 [ 802.968373][T18799] ? obj_cgroup_charge_account+0x46d/0x640 [ 802.968407][T18799] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 802.968446][T18799] ? __memcg_slab_post_alloc_hook+0x51b/0x990 [ 802.968484][T18799] ? rcu_is_watching+0x12/0xc0 [ 802.968529][T18799] ? trace_kmem_cache_alloc+0xf3/0x120 [ 802.968563][T18799] ? kernel_clone+0xfc/0x9a0 [ 802.968594][T18799] __vmalloc_node_noprof+0xad/0xf0 [ 802.968631][T18799] ? kernel_clone+0xfc/0x9a0 [ 802.968668][T18799] copy_process+0x5ec/0x7a40 [ 802.968709][T18799] ? __pfx___futex_wait+0x10/0x10 [ 802.968752][T18799] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 802.968793][T18799] ? lockdep_hardirqs_on+0x78/0x100 [ 802.968851][T18799] ? __pfx_copy_process+0x10/0x10 [ 802.968888][T18799] ? find_held_lock+0x2b/0x80 [ 802.968929][T18799] kernel_clone+0xfc/0x9a0 [ 802.968960][T18799] ? __pfx_futex_wait+0x10/0x10 [ 802.969006][T18799] ? __pfx_kernel_clone+0x10/0x10 [ 802.969059][T18799] __do_sys_clone+0xd9/0x120 [ 802.969093][T18799] ? __pfx___do_sys_clone+0x10/0x10 [ 802.969161][T18799] do_syscall_64+0x106/0xf80 [ 802.969202][T18799] ? clear_bhb_loop+0x40/0x90 [ 802.969239][T18799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 802.969270][T18799] RIP: 0033:0x7fb33359c799 [ 802.969296][T18799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 802.969325][T18799] RSP: 002b:00007fb3343b6fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 802.969354][T18799] RAX: ffffffffffffffda RBX: 00007fb333815fa0 RCX: 00007fb33359c799 [ 802.969375][T18799] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 802.969392][T18799] RBP: 00007fb333632c99 R08: 0000000000000000 R09: 0000000000000000 [ 802.969410][T18799] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 802.969428][T18799] R13: 00007fb333816038 R14: 00007fb333815fa0 R15: 00007ffc4d1640e8 [ 802.969468][T18799] [ 803.429073][T12888] Bluetooth: hci1: command 0x0c1a tx timeout [ 803.435202][T12888] Bluetooth: hci2: command 0x0c1a tx timeout [ 803.441360][T12888] Bluetooth: hci3: command 0x041b tx timeout [ 803.447437][T12888] Bluetooth: hci0: command 0x0c1a tx timeout [ 803.506687][T18799] syz.5.2715: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 803.523948][T18799] CPU: 0 UID: 0 PID: 18799 Comm: syz.5.2715 Tainted: G U L syzkaller #0 PREEMPT(full) [ 803.524009][T18799] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 803.524024][T18799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 803.524045][T18799] Call Trace: [ 803.524057][T18799] [ 803.524071][T18799] dump_stack_lvl+0x100/0x190 [ 803.524129][T18799] warn_alloc.cold+0x95/0x1c1 [ 803.524192][T18799] ? __pfx_warn_alloc+0x10/0x10 [ 803.524250][T18799] ? lockdep_hardirqs_on+0x78/0x100 [ 803.524308][T18799] ? __get_vm_area_node+0x2c5/0x330 [ 803.524359][T18799] ? __get_vm_area_node+0x208/0x330 [ 803.524409][T18799] __vmalloc_node_range_noprof+0xbf4/0x1530 [ 803.524488][T18799] ? find_held_lock+0x2b/0x80 [ 803.524522][T18799] ? local_lock_release+0x99/0x130 [ 803.524565][T18799] ? local_lock_release+0x99/0x130 [ 803.524612][T18799] ? kernel_clone+0xfc/0x9a0 [ 803.524655][T18799] ? find_held_lock+0x2b/0x80 [ 803.524688][T18799] ? rcu_read_unlock+0x17/0x60 [ 803.524726][T18799] ? rcu_read_unlock+0x17/0x60 [ 803.524766][T18799] ? obj_cgroup_charge_account+0x46d/0x640 [ 803.524807][T18799] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 803.524856][T18799] ? __memcg_slab_post_alloc_hook+0x51b/0x990 [ 803.524902][T18799] ? rcu_is_watching+0x12/0xc0 [ 803.524956][T18799] ? trace_kmem_cache_alloc+0xf3/0x120 [ 803.524998][T18799] ? kernel_clone+0xfc/0x9a0 [ 803.525038][T18799] __vmalloc_node_noprof+0xad/0xf0 [ 803.525082][T18799] ? kernel_clone+0xfc/0x9a0 [ 803.525128][T18799] copy_process+0x5ec/0x7a40 [ 803.525172][T18799] ? __pfx___futex_wait+0x10/0x10 [ 803.525225][T18799] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 803.525281][T18799] ? lockdep_hardirqs_on+0x78/0x100 [ 803.525345][T18799] ? __pfx_copy_process+0x10/0x10 [ 803.525388][T18799] ? find_held_lock+0x2b/0x80 [ 803.525440][T18799] kernel_clone+0xfc/0x9a0 [ 803.525479][T18799] ? __pfx_futex_wait+0x10/0x10 [ 803.525535][T18799] ? __pfx_kernel_clone+0x10/0x10 [ 803.525600][T18799] __do_sys_clone+0xd9/0x120 [ 803.525641][T18799] ? __pfx___do_sys_clone+0x10/0x10 [ 803.525718][T18799] do_syscall_64+0x106/0xf80 [ 803.525763][T18799] ? clear_bhb_loop+0x40/0x90 [ 803.525803][T18799] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 803.525837][T18799] RIP: 0033:0x7fb33359c799 [ 803.525867][T18799] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 803.525902][T18799] RSP: 002b:00007fb3343b6fd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 803.525936][T18799] RAX: ffffffffffffffda RBX: 00007fb333815fa0 RCX: 00007fb33359c799 [ 803.525961][T18799] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000011 [ 803.525983][T18799] RBP: 00007fb333632c99 R08: 0000000000000000 R09: 0000000000000000 [ 803.526006][T18799] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 803.526027][T18799] R13: 00007fb333816038 R14: 00007fb333815fa0 R15: 00007ffc4d1640e8 [ 803.526072][T18799] [ 803.526086][T18799] Mem-Info: [ 803.972849][T18799] active_anon:28079 inactive_anon:18 isolated_anon:0 [ 803.972849][T18799] active_file:9181 inactive_file:52522 isolated_file:0 [ 803.972849][T18799] unevictable:780 dirty:382 writeback:0 [ 803.972849][T18799] slab_reclaimable:12477 slab_unreclaimable:96188 [ 803.972849][T18799] mapped:26023 shmem:15709 pagetables:1521 [ 803.972849][T18799] sec_pagetables:0 bounce:0 [ 803.972849][T18799] kernel_misc_reclaimable:0 [ 803.972849][T18799] free:1276248 free_pcp:19211 free_cma:0 [ 804.039603][T18799] Node 0 active_anon:110508kB inactive_anon:72kB active_file:36724kB inactive_file:209952kB unevictable:1584kB isolated(anon):0kB isolated(file):0kB mapped:104092kB dirty:1528kB writeback:0kB shmem:59492kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12356kB pagetables:6028kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 804.139090][T18799] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:64kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 804.158998][T18804] serio: Serial port pty6 [ 804.176497][T18799] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 804.227800][T18799] lowmem_reserve[]: 0 2477 2478 2478 2478 [ 804.234062][T18799] Node 0 DMA32 free:1170056kB boost:0kB min:34304kB low:42880kB high:51456kB reserved_highatomic:0KB free_highatomic:0KB active_anon:95880kB inactive_anon:72kB active_file:36724kB inactive_file:209952kB unevictable:1576kB writepending:1676kB zspages:28kB present:3129332kB managed:2537380kB mlocked:40kB bounce:0kB free_pcp:72128kB local_pcp:22064kB free_cma:0kB [ 804.320793][T18799] lowmem_reserve[]: 0 0 1 1 1 [ 804.327280][T18799] Node 0 Normal free:0kB boost:0kB min:12kB low:12kB high:12kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1060kB mlocked:0kB bounce:0kB free_pcp:24kB local_pcp:12kB free_cma:0kB [ 804.388326][T18799] lowmem_reserve[]: 0 0 0 0 0 [ 804.400682][T18799] Node 1 Normal free:3931896kB boost:0kB min:55580kB low:69472kB high:83364kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:9032kB local_pcp:5652kB free_cma:0kB [ 804.459127][T18799] lowmem_reserve[]: 0 0 0 0 0 [ 804.468932][T18799] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 804.489060][T18799] Node 0 DMA32: 3551*4kB (UME) 4661*8kB (UME) 3423*16kB (UME) 165*32kB (UME) 863*64kB (UME) 500*128kB (UME) 488*256kB (UME) 274*512kB (UME) 137*1024kB (UME) 27*2048kB (UME) 118*4096kB (UM) = 1174900kB [ 804.555696][T18799] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 804.593354][T18799] Node 1 Normal: 0*4kB 1*8kB (U) 1*16kB (U) 1*32kB (U) 1*64kB (U) 1*128kB (U) 2*256kB (UM) 0*512kB 3*1024kB (UM) 0*2048kB 959*4096kB (M) = 3931896kB [ 804.645584][T18818] futex_wake_op: syz.1.2719 tries to shift op by -2048; fix this program [ 804.655410][T18799] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 804.677010][T18818] futex_wake_op: syz.1.2719 tries to shift op by -2048; fix this program [ 804.696935][T18799] Node 0 hugepages_total=5 hugepages_free=5 hugepages_surp=0 hugepages_size=2048kB [ 804.747110][T18799] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 804.792414][T18816] 0x000000000001-0x000000020000 : "" [ 804.796861][T18799] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 804.827963][T18799] 70144 total pagecache pages [ 804.833931][T18799] 20 pages in swap cache [ 804.838384][T18799] Free swap = 124316kB [ 804.843343][T18799] Total swap = 124996kB [ 804.847588][T18799] 2097051 pages RAM [ 804.854525][T18816] ftl_cs: FTL header corrupt! [ 804.859358][T18799] 0 pages HighMem/MovableOnly [ 804.866092][T18799] 430826 pages reserved [ 804.871291][T18799] 0 pages cma reserved [ 805.080616][T18826] ERROR: Out of memory at tomoyo_memory_ok. [ 805.299319][T18836] netlink: 338 bytes leftover after parsing attributes in process `syz.5.2723'. [ 805.316740][T18838] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 805.742449][T18845] FAULT_INJECTION: forcing a failure. [ 805.742449][T18845] name failslab, interval 1, probability 0, space 0, times 0 [ 805.772742][T18845] CPU: 0 UID: 0 PID: 18845 Comm: syz.1.2725 Tainted: G U L syzkaller #0 PREEMPT(full) [ 805.772797][T18845] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 805.772811][T18845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 805.772831][T18845] Call Trace: [ 805.772843][T18845] [ 805.772855][T18845] dump_stack_lvl+0x100/0x190 [ 805.772915][T18845] should_fail_ex.cold+0x5/0xa [ 805.772956][T18845] should_failslab+0xc2/0x120 [ 805.772993][T18845] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 805.773044][T18845] ? __pmd_alloc+0xbf/0x950 [ 805.773092][T18845] __pmd_alloc+0xbf/0x950 [ 805.773136][T18845] __handle_mm_fault+0xa99/0x2b60 [ 805.773190][T18845] ? mt_find+0x45e/0x8e0 [ 805.773244][T18845] ? __pfx___handle_mm_fault+0x10/0x10 [ 805.773288][T18845] ? __pfx_mt_find+0x10/0x10 [ 805.773370][T18845] ? find_vma+0xbf/0x140 [ 805.773403][T18845] ? __pfx_find_vma+0x10/0x10 [ 805.773441][T18845] handle_mm_fault+0x36d/0xa20 [ 805.773496][T18845] do_user_addr_fault+0x74c/0x12f0 [ 805.773565][T18845] exc_page_fault+0x6f/0xd0 [ 805.773613][T18845] asm_exc_page_fault+0x26/0x30 [ 805.773647][T18845] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 805.773685][T18845] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 805.773717][T18845] RSP: 0018:ffffc90005a27ae8 EFLAGS: 00050246 [ 805.773744][T18845] RAX: 64656c6261736964 RBX: 0000000000000000 RCX: 0000000000000008 [ 805.773767][T18845] RDX: 0000000000000001 RSI: ffff888081b26000 RDI: 0000000000000000 [ 805.773788][T18845] RBP: ffffc90005a27d80 R08: 0000000000000000 R09: ffffed1010364c00 [ 805.773810][T18845] R10: ffff888081b26007 R11: 0000000000000000 R12: 0000000000000008 [ 805.773831][T18845] R13: 00007ffffffff000 R14: ffff888081b26000 R15: 0000000000000008 [ 805.773876][T18845] _copy_to_iter+0x391/0x1720 [ 805.773923][T18845] ? _raw_spin_unlock_irq+0x23/0x50 [ 805.773967][T18845] ? __pfx__copy_to_iter+0x10/0x10 [ 805.774006][T18845] ? kernfs_seq_stop+0xcd/0x120 [ 805.774075][T18845] ? kernfs_put_active+0x93/0xe0 [ 805.774136][T18845] seq_read_iter+0xdab/0x1270 [ 805.774208][T18845] kernfs_fop_read_iter+0x46c/0x610 [ 805.774250][T18845] ? rw_verify_area+0xce/0x6d0 [ 805.774298][T18845] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 805.774340][T18845] vfs_read+0x825/0xb30 [ 805.774408][T18845] ? __pfx_vfs_read+0x10/0x10 [ 805.774489][T18845] ksys_read+0x12a/0x250 [ 805.774521][T18845] ? __pfx_ksys_read+0x10/0x10 [ 805.774566][T18845] do_syscall_64+0x106/0xf80 [ 805.774612][T18845] ? clear_bhb_loop+0x40/0x90 [ 805.774655][T18845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 805.774691][T18845] RIP: 0033:0x7efd4b39c799 [ 805.774719][T18845] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 805.774753][T18845] RSP: 002b:00007efd4c22e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 805.774784][T18845] RAX: ffffffffffffffda RBX: 00007efd4b615fa0 RCX: 00007efd4b39c799 [ 805.774807][T18845] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 805.774827][T18845] RBP: 00007efd4c22e090 R08: 0000000000000000 R09: 0000000000000000 [ 805.774847][T18845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 805.774868][T18845] R13: 00007efd4b616038 R14: 00007efd4b615fa0 R15: 00007ffd12d8def8 [ 805.774913][T18845] [ 807.350651][T18875] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 807.357022][T18875] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 807.436325][T18875] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 807.446743][T18875] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 808.074308][T18902] FAULT_INJECTION: forcing a failure. [ 808.074308][T18902] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 808.097333][T18902] CPU: 1 UID: 0 PID: 18902 Comm: syz.4.2734 Tainted: G U L syzkaller #0 PREEMPT(full) [ 808.097388][T18902] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 808.097401][T18902] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 808.097421][T18902] Call Trace: [ 808.097433][T18902] [ 808.097446][T18902] dump_stack_lvl+0x100/0x190 [ 808.097503][T18902] should_fail_ex.cold+0x5/0xa [ 808.097536][T18902] ? prepare_alloc_pages+0x16d/0x5f0 [ 808.097592][T18902] should_fail_alloc_page+0xeb/0x140 [ 808.097634][T18902] prepare_alloc_pages+0x1f0/0x5f0 [ 808.097672][T18902] ? unwind_get_return_address+0x59/0xa0 [ 808.097716][T18902] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 808.097779][T18902] ? stack_trace_save+0x8e/0xc0 [ 808.097813][T18902] ? __pfx_stack_trace_save+0x10/0x10 [ 808.097848][T18902] ? stack_depot_save_flags+0x27/0x9d0 [ 808.097891][T18902] ? stack_trace_save+0x8e/0xc0 [ 808.097927][T18902] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 808.097982][T18902] ? kasan_save_stack+0x30/0x50 [ 808.098034][T18902] ? __kasan_slab_alloc+0x89/0x90 [ 808.098065][T18902] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 808.098131][T18902] ? __pmd_alloc+0xbf/0x950 [ 808.098168][T18902] ? __handle_mm_fault+0xa99/0x2b60 [ 808.098212][T18902] ? handle_mm_fault+0x36d/0xa20 [ 808.098262][T18902] ? do_user_addr_fault+0x74c/0x12f0 [ 808.098316][T18902] ? exc_page_fault+0x6f/0xd0 [ 808.098362][T18902] ? asm_exc_page_fault+0x26/0x30 [ 808.098395][T18902] ? rep_movs_alternative+0x33/0x90 [ 808.098434][T18902] ? do_syscall_64+0x106/0xf80 [ 808.098480][T18902] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.098525][T18902] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 808.098594][T18902] ? policy_nodemask+0xed/0x4f0 [ 808.098635][T18902] alloc_pages_mpol+0x1fb/0x550 [ 808.098675][T18902] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 808.098724][T18902] ? __pfx_filemap_map_pages+0x10/0x10 [ 808.098776][T18902] alloc_pages_noprof+0x131/0x390 [ 808.098819][T18902] pte_alloc_one+0x1c/0x3d0 [ 808.098855][T18902] __do_fault+0x359/0x550 [ 808.098890][T18902] ? __pfx_filemap_map_pages+0x10/0x10 [ 808.098936][T18902] do_fault+0x2db/0x1990 [ 808.098972][T18902] ? __pmd_alloc+0x3fb/0x950 [ 808.099010][T18902] __handle_mm_fault+0x180f/0x2b60 [ 808.099062][T18902] ? mt_find+0x45e/0x8e0 [ 808.099113][T18902] ? __pfx___handle_mm_fault+0x10/0x10 [ 808.099156][T18902] ? __pfx_mt_find+0x10/0x10 [ 808.099228][T18902] ? find_vma+0xbf/0x140 [ 808.099259][T18902] ? __pfx_find_vma+0x10/0x10 [ 808.099296][T18902] handle_mm_fault+0x36d/0xa20 [ 808.099348][T18902] do_user_addr_fault+0x74c/0x12f0 [ 808.099416][T18902] exc_page_fault+0x6f/0xd0 [ 808.099464][T18902] asm_exc_page_fault+0x26/0x30 [ 808.099498][T18902] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 808.099535][T18902] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 808.099576][T18902] RSP: 0018:ffffc9000624fae8 EFLAGS: 00050246 [ 808.099604][T18902] RAX: 64656c6261736964 RBX: 0000000000000000 RCX: 0000000000000008 [ 808.099626][T18902] RDX: 0000000000000001 RSI: ffff888038b02000 RDI: 0000000000000000 [ 808.099647][T18902] RBP: ffffc9000624fd80 R08: 0000000000000000 R09: ffffed1007160400 [ 808.099669][T18902] R10: ffff888038b02007 R11: 0000000000000000 R12: 0000000000000008 [ 808.099690][T18902] R13: 00007ffffffff000 R14: ffff888038b02000 R15: 0000000000000008 [ 808.099734][T18902] _copy_to_iter+0x391/0x1720 [ 808.099779][T18902] ? _raw_spin_unlock_irq+0x23/0x50 [ 808.099825][T18902] ? __pfx__copy_to_iter+0x10/0x10 [ 808.099863][T18902] ? kernfs_seq_stop+0xcd/0x120 [ 808.099907][T18902] ? kernfs_put_active+0x93/0xe0 [ 808.099964][T18902] seq_read_iter+0xdab/0x1270 [ 808.100031][T18902] kernfs_fop_read_iter+0x46c/0x610 [ 808.100069][T18902] ? rw_verify_area+0xce/0x6d0 [ 808.100117][T18902] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 808.100159][T18902] vfs_read+0x825/0xb30 [ 808.100219][T18902] ? __pfx_vfs_read+0x10/0x10 [ 808.100299][T18902] ksys_read+0x12a/0x250 [ 808.100332][T18902] ? __pfx_ksys_read+0x10/0x10 [ 808.100376][T18902] do_syscall_64+0x106/0xf80 [ 808.100422][T18902] ? clear_bhb_loop+0x40/0x90 [ 808.100462][T18902] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 808.100496][T18902] RIP: 0033:0x7fd2f8d9c799 [ 808.100523][T18902] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 808.100555][T18902] RSP: 002b:00007fd2f6ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 808.100594][T18902] RAX: ffffffffffffffda RBX: 00007fd2f9015fa0 RCX: 00007fd2f8d9c799 [ 808.100617][T18902] RDX: 0000000000000008 RSI: 0000000000000000 RDI: 0000000000000003 [ 808.100637][T18902] RBP: 00007fd2f6ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 808.100658][T18902] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 808.100679][T18902] R13: 00007fd2f9016038 R14: 00007fd2f9015fa0 R15: 00007ffe34d9f1c8 [ 808.100724][T18902] [ 808.888284][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.888370][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.439010][T12888] Bluetooth: hci0: command 0x0c1a tx timeout [ 809.445209][T12888] Bluetooth: hci1: command 0x0c1a tx timeout [ 809.451653][T17434] Bluetooth: hci2: command 0x0c1a tx timeout [ 809.522476][T12888] Bluetooth: hci3: command 0x041b tx timeout [ 810.509871][T18941] random: crng reseeded on system resumption [ 810.827873][T18954] ubi8: attaching mtd4 [ 810.842355][T18954] ubi8 error: ubi_attach_mtd_dev: bad VID header (16) or data offsets (80) [ 811.332626][T18962] FAULT_INJECTION: forcing a failure. [ 811.332626][T18962] name failslab, interval 1, probability 0, space 0, times 0 [ 811.345433][T18962] CPU: 1 UID: 0 PID: 18962 Comm: syz.1.2747 Tainted: G U L syzkaller #0 PREEMPT(full) [ 811.345487][T18962] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 811.345501][T18962] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 811.345521][T18962] Call Trace: [ 811.345532][T18962] [ 811.345545][T18962] dump_stack_lvl+0x100/0x190 [ 811.345601][T18962] should_fail_ex.cold+0x5/0xa [ 811.345641][T18962] should_failslab+0xc2/0x120 [ 811.345679][T18962] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 811.345730][T18962] ? __d_alloc+0x34/0xa80 [ 811.345775][T18962] __d_alloc+0x34/0xa80 [ 811.345815][T18962] d_alloc_pseudo+0x1c/0xc0 [ 811.345863][T18962] alloc_file_pseudo+0xcf/0x230 [ 811.345909][T18962] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 811.345957][T18962] ? __lock_acquire+0x4a5/0x2630 [ 811.346008][T18962] __shmem_file_setup+0x221/0x490 [ 811.346057][T18962] ? __pfx___shmem_file_setup+0x10/0x10 [ 811.346105][T18962] ? do_raw_spin_lock+0x128/0x260 [ 811.346153][T18962] ? find_held_lock+0x2b/0x80 [ 811.346185][T18962] ? alloc_fd+0x476/0x790 [ 811.346215][T18962] ? alloc_fd+0x476/0x790 [ 811.346260][T18962] memfd_alloc_file+0x247/0x620 [ 811.346306][T18962] ? _raw_spin_unlock+0x28/0x50 [ 811.346348][T18962] ? __pfx_memfd_alloc_file+0x10/0x10 [ 811.346407][T18962] __do_sys_memfd_create+0x236/0x3d0 [ 811.346456][T18962] do_syscall_64+0x106/0xf80 [ 811.346499][T18962] ? clear_bhb_loop+0x40/0x90 [ 811.346540][T18962] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 811.346573][T18962] RIP: 0033:0x7efd4b39c799 [ 811.346600][T18962] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 811.346633][T18962] RSP: 002b:00007efd4c20d028 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 811.346665][T18962] RAX: ffffffffffffffda RBX: 00007efd4b616090 RCX: 00007efd4b39c799 [ 811.346688][T18962] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 0000200000000080 [ 811.346709][T18962] RBP: 00007efd4b432c99 R08: 0000000000000000 R09: 0000000000000000 [ 811.346730][T18962] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 811.346751][T18962] R13: 00007efd4b616128 R14: 00007efd4b616090 R15: 00007ffd12d8def8 [ 811.346794][T18962] [ 812.379469][T18976] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 812.399122][T18976] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 812.439312][T18976] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 812.445974][T18976] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 812.820309][T18967] zswap: compressor  not available [ 813.029090][T19000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies. [ 814.280780][T19020] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 814.289106][T19020] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 814.296028][T19020] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 814.313533][T19020] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 815.077002][T19045] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 815.519235][T19053] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2763'. [ 816.318937][T12888] Bluetooth: hci3: command 0x041b tx timeout [ 816.325256][T13082] Bluetooth: hci0: command 0x0c1a tx timeout [ 816.334299][T17434] Bluetooth: hci1: command 0x0c1a tx timeout [ 816.340401][T13875] Bluetooth: hci2: command 0x0c1a tx timeout [ 817.993975][T19094] Invalid ELF header magic: != ELF [ 819.537507][T19126] FAULT_INJECTION: forcing a failure. [ 819.537507][T19126] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 819.642272][T19126] CPU: 0 UID: 0 PID: 19126 Comm: syz.1.2782 Tainted: G U L syzkaller #0 PREEMPT(full) [ 819.642328][T19126] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 819.642342][T19126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 819.642387][T19126] Call Trace: [ 819.642399][T19126] [ 819.642412][T19126] dump_stack_lvl+0x100/0x190 [ 819.642469][T19126] should_fail_ex.cold+0x5/0xa [ 819.642510][T19126] _copy_to_user+0x32/0xd0 [ 819.642554][T19126] simple_read_from_buffer+0xcb/0x170 [ 819.642611][T19126] proc_fail_nth_read+0x1af/0x230 [ 819.642656][T19126] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 819.642701][T19126] ? rw_verify_area+0xce/0x6d0 [ 819.642750][T19126] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 819.642792][T19126] vfs_read+0x1e4/0xb30 [ 819.642860][T19126] ? __pfx_vfs_read+0x10/0x10 [ 819.642909][T19126] ? __fget_files+0x215/0x3d0 [ 819.642952][T19126] ? __fget_files+0x21f/0x3d0 [ 819.642996][T19126] ksys_read+0x12a/0x250 [ 819.643028][T19126] ? __pfx_ksys_read+0x10/0x10 [ 819.643071][T19126] do_syscall_64+0x106/0xf80 [ 819.643116][T19126] ? clear_bhb_loop+0x40/0x90 [ 819.643157][T19126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 819.643192][T19126] RIP: 0033:0x7efd4b35cfce [ 819.643219][T19126] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 819.643252][T19126] RSP: 002b:00007efd4c22dfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 819.643284][T19126] RAX: ffffffffffffffda RBX: 00007efd4c22e6c0 RCX: 00007efd4b35cfce [ 819.643308][T19126] RDX: 000000000000000f RSI: 00007efd4c22e0a0 RDI: 0000000000000004 [ 819.643330][T19126] RBP: 00007efd4c22e090 R08: 0000000000000000 R09: 0000000000000000 [ 819.643352][T19126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 819.643381][T19126] R13: 00007efd4b616038 R14: 00007efd4b615fa0 R15: 00007ffd12d8def8 [ 819.643428][T19126] [ 820.551739][T19143] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2786'. [ 820.562835][T19145] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 823.933088][T19184] netlink: 504 bytes leftover after parsing attributes in process `syz.4.2795'. [ 824.111393][T19194] smpboot: CPU 1 is now offline [ 824.433583][T19200] netlink: 'syz.2.2798': attribute type 4 has an invalid length. [ 824.539191][T19204] netlink: 'syz.2.2798': attribute type 4 has an invalid length. [ 824.650637][T19200] netlink: 314 bytes leftover after parsing attributes in process `syz.2.2798'. [ 824.767980][T19204] netlink: 314 bytes leftover after parsing attributes in process `syz.2.2798'. [ 825.979239][T19221] block2mtd: illegal erase size [ 827.440288][T19256] netlink: 334 bytes leftover after parsing attributes in process `syz.4.2808'. [ 828.369487][T19268] CIFS: VFS: Invalid SecurityFlags: [ 831.660041][T19319] netlink: 'syz.2.2821': attribute type 1 has an invalid length. [ 831.710007][T19319] netlink: 322 bytes leftover after parsing attributes in process `syz.2.2821'. [ 832.380304][T19325] zswap: compressor not available [ 836.632750][T19368] [U] ^C [ 837.125610][T19384] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 843.292413][T19457] ERROR: Out of memory at tomoyo_memory_ok. [ 843.480442][T19457] FAULT_INJECTION: forcing a failure. [ 843.480442][T19457] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 843.687272][T19460] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2850'. [ 843.729220][T19457] CPU: 0 UID: 0 PID: 19457 Comm: syz.4.2849 Tainted: G U L syzkaller #0 PREEMPT(full) [ 843.729264][T19457] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 843.729275][T19457] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 843.729291][T19457] Call Trace: [ 843.729300][T19457] [ 843.729310][T19457] dump_stack_lvl+0x100/0x190 [ 843.729354][T19457] should_fail_ex.cold+0x5/0xa [ 843.729379][T19457] ? prepare_alloc_pages+0x16d/0x5f0 [ 843.729411][T19457] should_fail_alloc_page+0xeb/0x140 [ 843.729441][T19457] prepare_alloc_pages+0x1f0/0x5f0 [ 843.729475][T19457] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 843.729518][T19457] ? __pfx_stack_trace_save+0x10/0x10 [ 843.729545][T19457] ? stack_depot_save_flags+0x27/0x9d0 [ 843.729577][T19457] ? kasan_save_stack+0x3f/0x50 [ 843.729616][T19457] ? kasan_save_stack+0x30/0x50 [ 843.729663][T19457] ? kasan_save_track+0x14/0x30 [ 843.729711][T19457] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 843.729757][T19457] ? __pfx_css_rstat_updated+0x10/0x10 [ 843.729800][T19457] ? lock_acquire+0x1cf/0x380 [ 843.729852][T19457] ? find_held_lock+0x2b/0x80 [ 843.729875][T19457] ? page_table_check_set+0x49a/0xa10 [ 843.729899][T19457] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 843.729944][T19457] ? policy_nodemask+0xed/0x4f0 [ 843.729973][T19457] alloc_pages_mpol+0x1fb/0x550 [ 843.730002][T19457] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 843.730037][T19457] folio_alloc_mpol_noprof+0x36/0x340 [ 843.730071][T19457] vma_alloc_folio_noprof+0xed/0x1d0 [ 843.730103][T19457] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 843.730144][T19457] do_anonymous_page+0xb3a/0x1fb0 [ 843.730189][T19457] __handle_mm_fault+0x1d42/0x2b60 [ 843.730233][T19457] ? __pfx___handle_mm_fault+0x10/0x10 [ 843.730270][T19457] ? pte_offset_map_lock+0x174/0x320 [ 843.730296][T19457] ? find_held_lock+0x2b/0x80 [ 843.730330][T19457] ? follow_page_pte+0x5b3/0x1400 [ 843.730364][T19457] handle_mm_fault+0x36d/0xa20 [ 843.730405][T19457] __get_user_pages+0xf9c/0x34d0 [ 843.730444][T19457] ? __pfx___get_user_pages+0x10/0x10 [ 843.730481][T19457] populate_vma_page_range+0x267/0x3f0 [ 843.730515][T19457] ? __pfx_populate_vma_page_range+0x10/0x10 [ 843.730545][T19457] ? __pfx_find_vma_intersection+0x10/0x10 [ 843.730574][T19457] ? do_mmap+0x93f/0x12f0 [ 843.730605][T19457] __mm_populate+0x107/0x3a0 [ 843.730637][T19457] ? __pfx___mm_populate+0x10/0x10 [ 843.730670][T19457] ? up_write+0x290/0x4f0 [ 843.730710][T19457] vm_mmap_pgoff+0x37f/0x470 [ 843.730742][T19457] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 843.730778][T19457] ? do_futex+0x192/0x350 [ 843.730812][T19457] ? __pfx_do_futex+0x10/0x10 [ 843.730845][T19457] ? fdget+0x18b/0x210 [ 843.730872][T19457] ksys_mmap_pgoff+0xe1/0x650 [ 843.730899][T19457] ? __x64_sys_futex+0x34f/0x4d0 [ 843.730932][T19457] ? __x64_sys_futex+0x358/0x4d0 [ 843.730966][T19457] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 843.730994][T19457] ? xfd_validate_state+0x129/0x190 [ 843.731038][T19457] __x64_sys_mmap+0x125/0x190 [ 843.731079][T19457] do_syscall_64+0x106/0xf80 [ 843.731116][T19457] ? clear_bhb_loop+0x40/0x90 [ 843.731148][T19457] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 843.731176][T19457] RIP: 0033:0x7fd2f8d9c799 [ 843.731198][T19457] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 843.731224][T19457] RSP: 002b:00007fd2f6ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 843.731249][T19457] RAX: ffffffffffffffda RBX: 00007fd2f9015fa0 RCX: 00007fd2f8d9c799 [ 843.731267][T19457] RDX: 000000000000000b RSI: 0000000000400008 RDI: 0000000000000000 [ 843.731283][T19457] RBP: 00007fd2f8e32c99 R08: 0000000000000002 R09: 0000000000008000 [ 843.731299][T19457] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 843.731314][T19457] R13: 00007fd2f9016038 R14: 00007fd2f9015fa0 R15: 00007ffe34d9f1c8 [ 843.731346][T19457] [ 850.204242][T19460] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 850.543187][T19460] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 850.759416][T19460] bond0 (unregistering): Released all slaves [ 855.282552][T19521] ERROR: Out of memory at tomoyo_memory_ok. [ 856.335305][T12888] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 856.776924][T19533] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 856.824895][T19533] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 857.699294][T12888] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 857.699326][T12888] Bluetooth: hci3: unexpected subevent 0x06 length: 725 > 10 [ 859.774569][T12888] Bluetooth: hci3: command 0x041b tx timeout [ 862.052448][T19594] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 862.150094][T17434] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 862.150127][T17434] Bluetooth: hci0: unexpected subevent 0x06 length: 725 > 10 [ 862.195039][T19594] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 862.683066][T19602] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 862.737029][T12888] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 862.785275][T19602] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 862.909198][T19602] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 863.075667][T19602] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 864.742838][T12888] Bluetooth: hci2: command 0x0c1a tx timeout [ 864.816580][T12888] Bluetooth: hci1: command 0x0c1a tx timeout [ 864.976368][T12888] Bluetooth: hci0: command 0x0c1a tx timeout [ 865.137734][T12888] Bluetooth: hci3: command 0x041b tx timeout [ 865.337863][T19628] blktrace: Concurrent blktraces are not allowed on loop2 [ 865.512131][T19647] FAULT_INJECTION: forcing a failure. [ 865.512131][T19647] name failslab, interval 1, probability 0, space 0, times 0 [ 865.586788][T19647] CPU: 0 UID: 0 PID: 19647 Comm: syz.5.2889 Tainted: G U L syzkaller #0 PREEMPT(full) [ 865.586838][T19647] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 865.586848][T19647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 865.586864][T19647] Call Trace: [ 865.586873][T19647] [ 865.586883][T19647] dump_stack_lvl+0x100/0x190 [ 865.586927][T19647] should_fail_ex.cold+0x5/0xa [ 865.586957][T19647] should_failslab+0xc2/0x120 [ 865.586984][T19647] __kmalloc_cache_noprof+0x7a/0x6f0 [ 865.587018][T19647] ? __kthread_create_on_node+0xce/0x3f0 [ 865.587048][T19647] ? lockdep_init_map_type+0x5c/0x250 [ 865.587087][T19647] ? __pfx_rescuer_thread+0x10/0x10 [ 865.587124][T19647] __kthread_create_on_node+0xce/0x3f0 [ 865.587154][T19647] ? vsnprintf+0x4ee/0x1240 [ 865.587187][T19647] ? __pfx___kthread_create_on_node+0x10/0x10 [ 865.587232][T19647] ? __pfx_rescuer_thread+0x10/0x10 [ 865.587271][T19647] kthread_create_on_node+0xc7/0x100 [ 865.587338][T19647] ? __pfx_kthread_create_on_node+0x10/0x10 [ 865.587368][T19647] ? __pfx_scnprintf+0x10/0x10 [ 865.587432][T19647] init_rescuer+0x321/0x550 [ 865.587467][T19647] ? __pfx_init_rescuer+0x10/0x10 [ 865.587509][T19647] ? wq_adjust_max_active+0x352/0x4a0 [ 865.587551][T19647] __alloc_workqueue+0xc90/0x1880 [ 865.587592][T19647] alloc_workqueue_noprof+0xd2/0x200 [ 865.587623][T19647] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 865.587658][T19647] ? kobject_init+0x159/0x1b0 [ 865.587764][T19647] ? __alloc_disk_node+0x4d8/0x6b0 [ 865.587842][T19647] nbd_dev_add+0x51a/0xb10 [ 865.587901][T19647] ? find_held_lock+0x2b/0x80 [ 865.587926][T19647] ? __pfx_nbd_dev_add+0x10/0x10 [ 865.587949][T19647] ? nbd_genl_connect+0x131a/0x1a40 [ 865.587993][T19647] ? bpf_lsm_capable+0x9/0x10 [ 865.588022][T19647] ? __radix_tree_lookup+0x217/0x2b0 [ 865.588060][T19647] nbd_genl_connect+0xb8d/0x1a40 [ 865.588087][T19647] ? rcu_is_watching+0x12/0xc0 [ 865.588130][T19647] ? __pfx_nbd_genl_connect+0x10/0x10 [ 865.588158][T19647] ? __nla_parse+0x40/0x60 [ 865.588200][T19647] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 865.588231][T19647] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 865.588265][T19647] genl_family_rcv_msg_doit+0x214/0x300 [ 865.588296][T19647] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 865.588323][T19647] ? genl_get_cmd+0x3ef/0x720 [ 865.588355][T19647] ? __dev_queue_xmit+0x5af/0x4800 [ 865.588384][T19647] ? __radix_tree_lookup+0x217/0x2b0 [ 865.588422][T19647] genl_rcv_msg+0x560/0x800 [ 865.588451][T19647] ? __pfx_genl_rcv_msg+0x10/0x10 [ 865.588478][T19647] ? __pfx_nbd_genl_connect+0x10/0x10 [ 865.588517][T19647] netlink_rcv_skb+0x159/0x420 [ 865.588558][T19647] ? __pfx_genl_rcv_msg+0x10/0x10 [ 865.588586][T19647] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 865.588639][T19647] ? netlink_deliver_tap+0x1ae/0xcc0 [ 865.588682][T19647] genl_rcv+0x28/0x40 [ 865.588704][T19647] netlink_unicast+0x5aa/0x870 [ 865.588753][T19647] ? __pfx_netlink_unicast+0x10/0x10 [ 865.588809][T19647] netlink_sendmsg+0x8b0/0xda0 [ 865.588855][T19647] ? __pfx_netlink_sendmsg+0x10/0x10 [ 865.588894][T19647] ? __import_iovec+0x1d2/0x640 [ 865.588928][T19647] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 865.588976][T19647] ____sys_sendmsg+0x9e1/0xb70 [ 865.589002][T19647] ? __pfx_netlink_sendmsg+0x10/0x10 [ 865.589045][T19647] ? __pfx_____sys_sendmsg+0x10/0x10 [ 865.589077][T19647] ? try_to_wake_up+0x644/0x1a80 [ 865.589109][T19647] ___sys_sendmsg+0x190/0x1e0 [ 865.589140][T19647] ? __pfx____sys_sendmsg+0x10/0x10 [ 865.589169][T19647] ? futex_private_hash_put+0x107/0x1c0 [ 865.589234][T19647] __sys_sendmsg+0x170/0x220 [ 865.589272][T19647] ? __pfx___sys_sendmsg+0x10/0x10 [ 865.589308][T19647] ? __x64_sys_futex+0x34f/0x4d0 [ 865.589359][T19647] do_syscall_64+0x106/0xf80 [ 865.589395][T19647] ? clear_bhb_loop+0x40/0x90 [ 865.589426][T19647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 865.589453][T19647] RIP: 0033:0x7fb33359c799 [ 865.589475][T19647] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 865.589509][T19647] RSP: 002b:00007fb3343b7028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 865.589533][T19647] RAX: ffffffffffffffda RBX: 00007fb333815fa0 RCX: 00007fb33359c799 [ 865.589551][T19647] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 000000000000000b [ 865.589567][T19647] RBP: 00007fb333632c99 R08: 0000000000000000 R09: 0000000000000000 [ 865.589583][T19647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 865.589598][T19647] R13: 00007fb333816038 R14: 00007fb333815fa0 R15: 00007ffc4d1640e8 [ 865.589631][T19647] [ 866.044144][T19647] workqueue: Failed to create a rescuer kthread for wq "nbd4129-recv": -ENOMEM [ 866.047439][T19647] block (null): Could not allocate knbd recv work queue. [ 866.603706][T19647] nbd: failed to add new device [ 866.764575][T19666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2891'. [ 868.152175][T19732] futex_wake_op: syz.2.2896 tries to shift op by -2048; fix this program [ 869.140162][T19753] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 870.359625][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.365997][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.808242][T19766] NFSD: Failed to start, no listeners configured. [ 874.039260][T19816] FAULT_INJECTION: forcing a failure. [ 874.039260][T19816] name failslab, interval 1, probability 0, space 0, times 0 [ 874.091097][T19816] CPU: 0 UID: 0 PID: 19816 Comm: syz.4.2913 Tainted: G U L syzkaller #0 PREEMPT(full) [ 874.091141][T19816] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 874.091151][T19816] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 874.091167][T19816] Call Trace: [ 874.091177][T19816] [ 874.091188][T19816] dump_stack_lvl+0x100/0x190 [ 874.091239][T19816] should_fail_ex.cold+0x5/0xa [ 874.091269][T19816] should_failslab+0xc2/0x120 [ 874.091297][T19816] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 874.091341][T19816] ? __kthread_create_on_node+0x186/0x3f0 [ 874.091379][T19816] kvasprintf+0xbc/0x150 [ 874.091495][T19816] ? __pfx_kvasprintf+0x10/0x10 [ 874.091537][T19816] ? __pfx_rescuer_thread+0x10/0x10 [ 874.091573][T19816] __kthread_create_on_node+0x186/0x3f0 [ 874.091604][T19816] ? vsnprintf+0x4ee/0x1240 [ 874.091638][T19816] ? __pfx___kthread_create_on_node+0x10/0x10 [ 874.091684][T19816] ? __pfx_rescuer_thread+0x10/0x10 [ 874.091722][T19816] kthread_create_on_node+0xc7/0x100 [ 874.091753][T19816] ? __pfx_kthread_create_on_node+0x10/0x10 [ 874.091783][T19816] ? __pfx_scnprintf+0x10/0x10 [ 874.091832][T19816] init_rescuer+0x321/0x550 [ 874.091867][T19816] ? __pfx_init_rescuer+0x10/0x10 [ 874.091910][T19816] ? wq_adjust_max_active+0x352/0x4a0 [ 874.091952][T19816] __alloc_workqueue+0xc90/0x1880 [ 874.091992][T19816] alloc_workqueue_noprof+0xd2/0x200 [ 874.092024][T19816] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 874.092065][T19816] ? kobject_init+0x159/0x1b0 [ 874.092106][T19816] ? __alloc_disk_node+0x4d8/0x6b0 [ 874.092144][T19816] nbd_dev_add+0x51a/0xb10 [ 874.092169][T19816] ? find_held_lock+0x2b/0x80 [ 874.092194][T19816] ? __pfx_nbd_dev_add+0x10/0x10 [ 874.092217][T19816] ? nbd_genl_connect+0x131a/0x1a40 [ 874.092266][T19816] ? bpf_lsm_capable+0x9/0x10 [ 874.092295][T19816] ? __radix_tree_lookup+0x217/0x2b0 [ 874.092334][T19816] nbd_genl_connect+0xb8d/0x1a40 [ 874.092360][T19816] ? rcu_is_watching+0x12/0xc0 [ 874.092403][T19816] ? __pfx_nbd_genl_connect+0x10/0x10 [ 874.092431][T19816] ? __nla_parse+0x40/0x60 [ 874.092472][T19816] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1a0/0x280 [ 874.092502][T19816] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x280 [ 874.092537][T19816] genl_family_rcv_msg_doit+0x214/0x300 [ 874.092567][T19816] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 874.092595][T19816] ? genl_get_cmd+0x3ef/0x720 [ 874.092626][T19816] ? __dev_queue_xmit+0x5af/0x4800 [ 874.092655][T19816] ? __radix_tree_lookup+0x217/0x2b0 [ 874.092692][T19816] genl_rcv_msg+0x560/0x800 [ 874.092722][T19816] ? __pfx_genl_rcv_msg+0x10/0x10 [ 874.092749][T19816] ? __pfx_nbd_genl_connect+0x10/0x10 [ 874.092788][T19816] netlink_rcv_skb+0x159/0x420 [ 874.092828][T19816] ? __pfx_genl_rcv_msg+0x10/0x10 [ 874.092856][T19816] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 874.092908][T19816] ? netlink_deliver_tap+0x1ae/0xcc0 [ 874.092951][T19816] genl_rcv+0x28/0x40 [ 874.092973][T19816] netlink_unicast+0x5aa/0x870 [ 874.093017][T19816] ? __pfx_netlink_unicast+0x10/0x10 [ 874.093069][T19816] netlink_sendmsg+0x8b0/0xda0 [ 874.093114][T19816] ? __pfx_netlink_sendmsg+0x10/0x10 [ 874.093153][T19816] ? __import_iovec+0x1d2/0x640 [ 874.093186][T19816] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 874.093240][T19816] ____sys_sendmsg+0x9e1/0xb70 [ 874.093265][T19816] ? __pfx_netlink_sendmsg+0x10/0x10 [ 874.093309][T19816] ? __pfx_____sys_sendmsg+0x10/0x10 [ 874.093341][T19816] ? try_to_wake_up+0x644/0x1a80 [ 874.093373][T19816] ___sys_sendmsg+0x190/0x1e0 [ 874.093404][T19816] ? __pfx____sys_sendmsg+0x10/0x10 [ 874.093433][T19816] ? futex_private_hash_put+0x107/0x1c0 [ 874.093497][T19816] __sys_sendmsg+0x170/0x220 [ 874.093535][T19816] ? __pfx___sys_sendmsg+0x10/0x10 [ 874.093572][T19816] ? __x64_sys_futex+0x34f/0x4d0 [ 874.093623][T19816] do_syscall_64+0x106/0xf80 [ 874.093659][T19816] ? clear_bhb_loop+0x40/0x90 [ 874.093691][T19816] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 874.093718][T19816] RIP: 0033:0x7fd2f8d9c799 [ 874.093740][T19816] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 874.093773][T19816] RSP: 002b:00007fd2f6fd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 874.093798][T19816] RAX: ffffffffffffffda RBX: 00007fd2f9016090 RCX: 00007fd2f8d9c799 [ 874.093816][T19816] RDX: 0000000020040000 RSI: 0000200000000500 RDI: 000000000000000b [ 874.093832][T19816] RBP: 00007fd2f8e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 874.093848][T19816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 874.093863][T19816] R13: 00007fd2f9016128 R14: 00007fd2f9016090 R15: 00007ffe34d9f1c8 [ 874.093896][T19816] [ 874.552971][T19816] workqueue: Failed to create a rescuer kthread for wq "nbd4129-recv": -ENOMEM [ 874.553049][T19816] block (null): Could not allocate knbd recv work queue. [ 875.213821][T19816] nbd: failed to add new device [ 875.331599][T12888] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 880.041867][T14173] netdevsim netdevsim100 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 880.429013][T12888] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 881.008431][T19895] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2928'. [ 881.072916][T19895] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2928'. [ 881.395478][T19900] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 881.436056][T19900] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 881.572559][T19900] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 881.685306][T19900] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 881.909167][T19913] FAULT_INJECTION: forcing a failure. [ 881.909167][T19913] name fail_futex, interval 1, probability 0, space 0, times 0 [ 881.965720][T19913] CPU: 0 UID: 0 PID: 19913 Comm: syz.2.2932 Tainted: G U L syzkaller #0 PREEMPT(full) [ 881.965763][T19913] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 881.965774][T19913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 881.965790][T19913] Call Trace: [ 881.965799][T19913] [ 881.965809][T19913] dump_stack_lvl+0x100/0x190 [ 881.965853][T19913] should_fail_ex.cold+0x5/0xa [ 881.965883][T19913] get_futex_key+0x1d2/0x1620 [ 881.965918][T19913] ? __pfx_get_futex_key+0x10/0x10 [ 881.965967][T19913] futex_wait_setup+0x83/0x510 [ 881.966015][T19913] __futex_wait+0x19f/0x300 [ 881.966057][T19913] ? __pfx___futex_wait+0x10/0x10 [ 881.966095][T19913] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 881.966130][T19913] ? lockdep_hardirqs_on+0x78/0x100 [ 881.966170][T19913] ? __pfx_futex_wake_mark+0x10/0x10 [ 881.966214][T19913] ? futex_hash+0x2c5/0x380 [ 881.966252][T19913] futex_wait+0xed/0x380 [ 881.966292][T19913] ? __pfx_futex_wait+0x10/0x10 [ 881.966346][T19913] do_futex+0x1ef/0x350 [ 881.966380][T19913] ? __pfx_do_futex+0x10/0x10 [ 881.966411][T19913] ? __pfx___do_sys_mremap+0x10/0x10 [ 881.966449][T19913] ? __fget_files+0x21f/0x3d0 [ 881.966480][T19913] __x64_sys_futex+0x34f/0x4d0 [ 881.966518][T19913] ? __pfx___x64_sys_futex+0x10/0x10 [ 881.966563][T19913] do_syscall_64+0x106/0xf80 [ 881.966598][T19913] ? clear_bhb_loop+0x40/0x90 [ 881.966629][T19913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 881.966656][T19913] RIP: 0033:0x7f11fe99c799 [ 881.966677][T19913] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 881.966703][T19913] RSP: 002b:00007f11ff8060e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 881.966728][T19913] RAX: ffffffffffffffda RBX: 00007f11fec15fa8 RCX: 00007f11fe99c799 [ 881.966745][T19913] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f11fec15fa8 [ 881.966761][T19913] RBP: 00007f11fec15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 881.966777][T19913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 881.966793][T19913] R13: 00007f11fec16038 R14: 00007ffc71eeab90 R15: 00007ffc71eeac78 [ 881.966826][T19913] [ 882.388024][T19921] openvswitch: netlink: Message has 4 unknown bytes. [ 883.468590][T17434] Bluetooth: hci1: command 0x0c1a tx timeout [ 883.474682][T13082] Bluetooth: hci2: command 0x0c1a tx timeout [ 883.626908][T17434] Bluetooth: hci0: command 0x0c1a tx timeout [ 883.706988][T17434] Bluetooth: hci3: command 0x041b tx timeout [ 884.717393][T19969] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2943'. [ 885.466793][T12888] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 888.147786][T19997] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_cmd_wq": -EINTR [ 888.579085][T20088] ================================================================== [ 888.579136][T20088] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 888.579218][T20088] Read of size 8 at addr ffff8880604ff360 by task syz.4.2951/20088 [ 888.579239][T20088] [ 888.579254][T20088] CPU: 0 UID: 0 PID: 20088 Comm: syz.4.2951 Tainted: G U L syzkaller #0 PREEMPT(full) [ 888.579293][T20088] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 888.579312][T20088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 888.579329][T20088] Call Trace: [ 888.579337][T20088] [ 888.579347][T20088] dump_stack_lvl+0x100/0x190 [ 888.579385][T20088] print_report+0x156/0x4c9 [ 888.579422][T20088] ? __virt_addr_valid+0x81/0x620 [ 888.579454][T20088] ? __phys_addr+0xe8/0x180 [ 888.579487][T20088] ? fbcon_prepare_logo+0x94e/0xc60 [ 888.579512][T20088] kasan_report+0xdf/0x1e0 [ 888.579540][T20088] ? fbcon_prepare_logo+0x94e/0xc60 [ 888.579570][T20088] kasan_check_range+0x10f/0x1e0 [ 888.579601][T20088] __asan_memcpy+0x23/0x60 [ 888.579637][T20088] fbcon_prepare_logo+0x94e/0xc60 [ 888.579669][T20088] fbcon_init+0x10a0/0x1820 [ 888.579699][T20088] visual_init+0x320/0x620 [ 888.579730][T20088] do_bind_con_driver.isra.0+0x636/0x9c0 [ 888.579770][T20088] store_bind+0x609/0x730 [ 888.579807][T20088] ? __pfx_store_bind+0x10/0x10 [ 888.579839][T20088] dev_attr_store+0x58/0x80 [ 888.579892][T20088] ? __pfx_dev_attr_store+0x10/0x10 [ 888.579920][T20088] sysfs_kf_write+0xf2/0x150 [ 888.579952][T20088] kernfs_fop_write_iter+0x3e0/0x5f0 [ 888.579978][T20088] ? __pfx_sysfs_kf_write+0x10/0x10 [ 888.580010][T20088] vfs_write+0x6ac/0x1070 [ 888.580033][T20088] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 888.580070][T20088] ? __pfx_vfs_write+0x10/0x10 [ 888.580102][T20088] ksys_write+0x12a/0x250 [ 888.580124][T20088] ? __pfx_ksys_write+0x10/0x10 [ 888.580152][T20088] do_syscall_64+0x106/0xf80 [ 888.580188][T20088] ? clear_bhb_loop+0x40/0x90 [ 888.580217][T20088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.580243][T20088] RIP: 0033:0x7fd2f8d9c799 [ 888.580265][T20088] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 888.580291][T20088] RSP: 002b:00007fd2f6ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 888.580321][T20088] RAX: ffffffffffffffda RBX: 00007fd2f9015fa0 RCX: 00007fd2f8d9c799 [ 888.580340][T20088] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 888.580357][T20088] RBP: 00007fd2f8e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 888.580373][T20088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 888.580389][T20088] R13: 00007fd2f9016038 R14: 00007fd2f9015fa0 R15: 00007ffe34d9f1c8 [ 888.580414][T20088] [ 888.580423][T20088] [ 888.580429][T20088] Allocated by task 20088: [ 888.580442][T20088] kasan_save_stack+0x30/0x50 [ 888.580480][T20088] kasan_save_track+0x14/0x30 [ 888.580518][T20088] __kasan_kmalloc+0xaa/0xb0 [ 888.580555][T20088] __kmalloc_noprof+0x301/0x850 [ 888.580592][T20088] vc_do_resize+0x1da/0x10f0 [ 888.580622][T20088] fbcon_startup+0x423/0xbf0 [ 888.580646][T20088] do_bind_con_driver.isra.0+0x2ac/0x9c0 [ 888.580679][T20088] store_bind+0x609/0x730 [ 888.580710][T20088] dev_attr_store+0x58/0x80 [ 888.580735][T20088] sysfs_kf_write+0xf2/0x150 [ 888.580764][T20088] kernfs_fop_write_iter+0x3e0/0x5f0 [ 888.580789][T20088] vfs_write+0x6ac/0x1070 [ 888.580809][T20088] ksys_write+0x12a/0x250 [ 888.580829][T20088] do_syscall_64+0x106/0xf80 [ 888.580863][T20088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.580888][T20088] [ 888.580894][T20088] Freed by task 20088: [ 888.580905][T20088] kasan_save_stack+0x30/0x50 [ 888.580943][T20088] kasan_save_track+0x14/0x30 [ 888.580980][T20088] kasan_save_free_info+0x3b/0x70 [ 888.581012][T20088] __kasan_slab_free+0x5f/0x80 [ 888.581033][T20088] kfree+0x1f6/0x6b0 [ 888.581062][T20088] vc_do_resize+0xe45/0x10f0 [ 888.581092][T20088] fbcon_startup+0x423/0xbf0 [ 888.581116][T20088] do_bind_con_driver.isra.0+0x2ac/0x9c0 [ 888.581150][T20088] store_bind+0x609/0x730 [ 888.581180][T20088] dev_attr_store+0x58/0x80 [ 888.581206][T20088] sysfs_kf_write+0xf2/0x150 [ 888.581234][T20088] kernfs_fop_write_iter+0x3e0/0x5f0 [ 888.581259][T20088] vfs_write+0x6ac/0x1070 [ 888.581279][T20088] ksys_write+0x12a/0x250 [ 888.581305][T20088] do_syscall_64+0x106/0xf80 [ 888.581339][T20088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.581364][T20088] [ 888.581370][T20088] The buggy address belongs to the object at ffff8880604ff300 [ 888.581370][T20088] which belongs to the cache kmalloc-64 of size 64 [ 888.581391][T20088] The buggy address is located 32 bytes to the right of [ 888.581391][T20088] allocated 64-byte region [ffff8880604ff300, ffff8880604ff340) [ 888.581417][T20088] [ 888.581424][T20088] The buggy address belongs to the physical page: [ 888.581435][T20088] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x604ff [ 888.581458][T20088] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 888.581479][T20088] page_type: f5(slab) [ 888.581501][T20088] raw: 00fff00000000000 ffff88813fe3c8c0 dead000000000100 dead000000000122 [ 888.581525][T20088] raw: 0000000000000000 0000000800200020 00000000f5000000 0000000000000000 [ 888.581541][T20088] page dumped because: kasan: bad access detected [ 888.581553][T20088] page_owner tracks the page as allocated [ 888.581562][T20088] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5827, tgid 5827 (syz-executor), ts 93072414044, free_ts 30034019452 [ 888.581606][T20088] post_alloc_hook+0x153/0x170 [ 888.581638][T20088] get_page_from_freelist+0x111d/0x3140 [ 888.581674][T20088] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 888.581712][T20088] new_slab+0xa6/0x6b0 [ 888.581741][T20088] refill_objects+0x26b/0x400 [ 888.581774][T20088] __pcs_replace_empty_main+0x1ab/0x660 [ 888.581811][T20088] __kmalloc_cache_noprof+0x493/0x6f0 [ 888.581843][T20088] task_numa_work+0xf50/0x1c10 [ 888.581873][T20088] task_work_run+0x150/0x240 [ 888.581907][T20088] exit_to_user_mode_loop+0x100/0x4a0 [ 888.581939][T20088] do_syscall_64+0x668/0xf80 [ 888.581972][T20088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.581997][T20088] page last free pid 1 tgid 1 stack trace: [ 888.582011][T20088] __free_frozen_pages+0x7e1/0x10d0 [ 888.582041][T20088] free_contig_range+0xde/0x1d0 [ 888.582071][T20088] destroy_args+0xa8/0x7a0 [ 888.582137][T20088] debug_vm_pgtable+0x1b66/0x34c0 [ 888.582160][T20088] do_one_initcall+0x11d/0x760 [ 888.582185][T20088] kernel_init_freeable+0x6e5/0x7a0 [ 888.582227][T20088] kernel_init+0x1f/0x1e0 [ 888.582250][T20088] ret_from_fork+0x754/0xd80 [ 888.582286][T20088] ret_from_fork_asm+0x1a/0x30 [ 888.582318][T20088] [ 888.582324][T20088] Memory state around the buggy address: [ 888.582337][T20088] ffff8880604ff200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 888.582356][T20088] ffff8880604ff280: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 888.582375][T20088] >ffff8880604ff300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 888.582390][T20088] ^ [ 888.582405][T20088] ffff8880604ff380: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 888.582424][T20088] ffff8880604ff400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 888.582439][T20088] ================================================================== [ 888.582459][T20088] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 888.582478][T20088] CPU: 0 UID: 0 PID: 20088 Comm: syz.4.2951 Tainted: G U L syzkaller #0 PREEMPT(full) [ 888.582516][T20088] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 888.582526][T20088] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 888.582543][T20088] Call Trace: [ 888.582552][T20088] [ 888.582562][T20088] dump_stack_lvl+0x100/0x190 [ 888.582599][T20088] vpanic+0x552/0x970 [ 888.582623][T20088] ? __pfx_vpanic+0x10/0x10 [ 888.582647][T20088] ? __pfx_vprintk_emit+0x10/0x10 [ 888.582675][T20088] ? fbcon_prepare_logo+0x94e/0xc60 [ 888.582701][T20088] panic+0xd1/0xe0 [ 888.582724][T20088] ? __pfx_panic+0x10/0x10 [ 888.582752][T20088] ? fbcon_prepare_logo+0x94e/0xc60 [ 888.582781][T20088] check_panic_on_warn.cold+0x19/0x34 [ 888.582810][T20088] end_report.part.0+0x3a/0x90 [ 888.582846][T20088] kasan_report.cold+0xe/0x18 [ 888.582883][T20088] ? fbcon_prepare_logo+0x94e/0xc60 [ 888.582914][T20088] kasan_check_range+0x10f/0x1e0 [ 888.582945][T20088] __asan_memcpy+0x23/0x60 [ 888.582981][T20088] fbcon_prepare_logo+0x94e/0xc60 [ 888.583014][T20088] fbcon_init+0x10a0/0x1820 [ 888.583044][T20088] visual_init+0x320/0x620 [ 888.583073][T20088] do_bind_con_driver.isra.0+0x636/0x9c0 [ 888.583113][T20088] store_bind+0x609/0x730 [ 888.583150][T20088] ? __pfx_store_bind+0x10/0x10 [ 888.583184][T20088] dev_attr_store+0x58/0x80 [ 888.583212][T20088] ? __pfx_dev_attr_store+0x10/0x10 [ 888.583241][T20088] sysfs_kf_write+0xf2/0x150 [ 888.583274][T20088] kernfs_fop_write_iter+0x3e0/0x5f0 [ 888.583306][T20088] ? __pfx_sysfs_kf_write+0x10/0x10 [ 888.583340][T20088] vfs_write+0x6ac/0x1070 [ 888.583363][T20088] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 888.583393][T20088] ? __pfx_vfs_write+0x10/0x10 [ 888.583426][T20088] ksys_write+0x12a/0x250 [ 888.583449][T20088] ? __pfx_ksys_write+0x10/0x10 [ 888.583477][T20088] do_syscall_64+0x106/0xf80 [ 888.583512][T20088] ? clear_bhb_loop+0x40/0x90 [ 888.583542][T20088] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.583569][T20088] RIP: 0033:0x7fd2f8d9c799 [ 888.583588][T20088] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 888.583614][T20088] RSP: 002b:00007fd2f6ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 888.583639][T20088] RAX: ffffffffffffffda RBX: 00007fd2f9015fa0 RCX: 00007fd2f8d9c799 [ 888.583657][T20088] RDX: 0000000000000084 RSI: 0000200000000040 RDI: 0000000000000003 [ 888.583674][T20088] RBP: 00007fd2f8e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 888.583691][T20088] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 888.583707][T20088] R13: 00007fd2f9016038 R14: 00007fd2f9015fa0 R15: 00007ffe34d9f1c8 [ 888.583733][T20088] [ 888.583796][T20088] Kernel Offset: disabled