last executing test programs: 6m19.622785481s ago: executing program 1 (id=581): mmap$auto(0x0, 0x420009, 0xfff, 0xeb1, 0x401, 0x7ffd) r0 = bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0xa, 0x1, 0xfffffeff) r4 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) pread64$auto(r4, 0x0, 0x2, 0x3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\x97U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/platform/vhci_hcd.0/usbmon/usbmon9/power/runtime_suspended_time\x00', 0x80100, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181500, 0x0) ioctl$auto_BLKALIGNOFF(r2, 0x127a, 0x0) sched_setattr$auto(r1, 0x0, 0x1) socket$nl_generic(0x10, 0x3, 0x10) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r5 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x100) close_range$auto(0x0, 0xfffffffffffff000, 0x2) newfstatat$auto(r5, 0x0, 0x0, 0x1000) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) fanotify_mark$auto(0xffffffffffffffff, 0x9, 0x1000000009, r0, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'gretap0\x00'}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_IPVS_CMD_GET_DAEMON(r6, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x40000) writev$auto(0xffffffffffffffff, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r7 = socket(0x1d, 0x2, 0x2) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'vcan0\x00'}) io_uring_setup$auto(0x1, 0x0) 6m18.460845092s ago: executing program 1 (id=586): sigaltstack$auto(&(0x7f00000000c0)={&(0x7f0000000180)="f038afe10105ff42e782ea31d34fd7bead1778c91029c17ebfc96bb68ab0b20380c0985c7702041eb7a604d8a298cd7b", 0x0, 0x7fffffff}, &(0x7f00000001c0)={0x0, 0x76, 0x20}) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) acct$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) r1 = open(0x0, 0x4000, 0x124) r2 = socket(0x2, 0x80802, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clock_settime$auto(0x14, &(0x7f0000000000)={0x8000000000000001, 0x20000000000004}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x27c, r4, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@HWSIM_ATTR_PMSR_RESULT={0x268, 0x1c, 0x0, 0x1, [@NL80211_PMSR_ATTR_PEERS={0x264, 0x5, 0x0, 0x1, [{0xc0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xb9, 0x1, "9111b602ef50277e4f9f544ee87d08ba72be300757d9370ecea440edd3f4e1cb11aa70d4378199cf47be0eed96f143bb3a9decfad1350f6ef2276424c31119fab334508f278ee6925f8da8e4cf91d4d1a89cbadf9f7d38e3d7cbc5f3017e5b7d4ae9e0498de6c721eb6a3ea5f71deaa24fba4729e5787fc6c332c11040188fdcc46ee994ca9331ec43af70bb473120cdf23c8d4c62fac4d00539aab91bd350d49b3fe99870c9a39478caa130119758ca9175873366"}]}, {0x11c, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x10, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x101}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0x80, 0x1, "9f311bcc948d89d51f82ac1a8eac3addec19169dbe35782c77858e7e5052d6450769f01595885300dae795ad02e372e6a62b268c854bd76d3e357db0c56ddb424d33432ab12eedec54c539e5277f988e95cdf4d603ef3cfd7402544330c54d002b438b33c2807bf5287e7e6e6f4248b280512f586880310e70442cc6"}, @NL80211_PMSR_PEER_ATTR_ADDR={0x85, 0x1, "c323662ad9fd972b6517ad8c32ecc54eb75fddd7ca350ffdeb492ac78372bf2be9e6ed5696f148cc98912e5f7b1a0bc88c1c222ecaf2977114f283b5856328ed103e5b4be6d608d3b75168c18ebb9805a34f400780ae1617d6de3a177639369b7ee6f57326a3438ae5f20a0eb5eef65458047a990166c169c91c5f4a8019b21ce9"}]}, {0x80, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0x7b, 0x1, "e80107d607ee79e75504db6178a2acfb36362f7cb6893125af92f2ec9963a072f83343fb2e5c5dd3b43903260b2750aa80f93d6eb0258f8d2ab5ccc94375eff03f8df012ea4911fb43a973224161bc11818ef75eabcdd1d3ed2b8d73b5f089d73056ab263e7c179ace79a550c862f834fc9a04a10f9924"}]}, {0x4}]}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(0xffffffffffffffff, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000002c0)={0x9, &(0x7f0000000000)={0x50, 0xf4, 0xb2}}) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000001640), 0x40, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, 0x0, 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd40, 0x1, 0x948f, 0x5, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0xa, 0x8, 0x6]}, 0x0) setgroups$auto(0xac2e, &(0x7f0000000180)=0x6) 6m17.711321757s ago: executing program 1 (id=587): sigaltstack$auto(&(0x7f00000000c0)={&(0x7f0000000180)="f038afe10105ff42e782ea31d34fd7bead1778c91029c17ebfc96bb68ab0b20380c0985c7702041eb7a604d8a298cd7b", 0x0, 0x7fffffff}, &(0x7f00000001c0)={0x0, 0x76, 0x20}) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) acct$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) r1 = open(0x0, 0x4000, 0x124) r2 = socket(0x2, 0x80802, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clock_settime$auto(0x14, &(0x7f0000000000)={0x8000000000000001, 0x20000000000004}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x28c, r4, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@HWSIM_ATTR_PMSR_RESULT={0x278, 0x1c, 0x0, 0x1, [@NL80211_PMSR_ATTR_PEERS={0x274, 0x5, 0x0, 0x1, [{0xc0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xb9, 0x1, "9111b602ef50277e4f9f544ee87d08ba72be300757d9370ecea440edd3f4e1cb11aa70d4378199cf47be0eed96f143bb3a9decfad1350f6ef2276424c31119fab334508f278ee6925f8da8e4cf91d4d1a89cbadf9f7d38e3d7cbc5f3017e5b7d4ae9e0498de6c721eb6a3ea5f71deaa24fba4729e5787fc6c332c11040188fdcc46ee994ca9331ec43af70bb473120cdf23c8d4c62fac4d00539aab91bd350d49b3fe99870c9a39478caa130119758ca9175873366"}]}, {0x11c, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x10, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x101}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0x80, 0x1, "9f311bcc948d89d51f82ac1a8eac3addec19169dbe35782c77858e7e5052d6450769f01595885300dae795ad02e372e6a62b268c854bd76d3e357db0c56ddb424d33432ab12eedec54c539e5277f988e95cdf4d603ef3cfd7402544330c54d002b438b33c2807bf5287e7e6e6f4248b280512f586880310e70442cc6"}, @NL80211_PMSR_PEER_ATTR_ADDR={0x85, 0x1, "c323662ad9fdfd2b6517ad8c32ecc54eb75fddd7ca350ffdeb492ac78372bf2be9e6ed5696f148cc98912e5f7b1a0bc88c1c222ecaf2977114f283b5856328ed103e5b4be6d608d3b75168c18ebb9805a34f400780ae1617d6de3a177639369b7ee6f57326a3438ae5f20a0eb5eef65458047a990166c169c91c5f4a8019b21ce9"}]}, {0x90, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0x8b, 0x1, "e80107d607ee79e75504db6178a2acfb36362f7cb6893125af92f2ec9963a072f83343fb2e5c5dd3b43903260b2750aa80f93d6eb0258f8d2ab5ccc94375eff03f8df012ea4911fb43a973224161bc11818ef75eabcdd1d3ed2b8d73b5f089d73056ab263e7c179ace79a550c862f834fc9a04a10f992488e4f82f28eeae4274cd80db3740e855"}]}, {0x4}]}]}]}, 0x28c}, 0x1, 0xf00, 0x0, 0x8000}, 0x0) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000002c0)={0x9, &(0x7f0000000000)={0x50, 0xf4, 0xb2}}) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000001640), 0x40, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r6, 0x0, 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd40, 0x1, 0x948f, 0x5, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0xa, 0x8, 0x6]}, 0x0) setgroups$auto(0xac2e, &(0x7f0000000180)=0x6) 6m16.664571998s ago: executing program 1 (id=590): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r0 = prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/rcu_normal\x00', 0x10b142, 0x0) write$auto(0x3, 0x0, 0x5c8) r1 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/per_cpu/cpu1/buffer_size_kb\x00', 0x300, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000980), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_CABLE_TEST_ACT(r2, &(0x7f0000000ac0)={0x0, 0x0, &(0x7f0000000a80)={&(0x7f0000000a40)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbff}, 0x14}}, 0x40000) read$auto_tracing_entries_fops_trace(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x20, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x40001, 0x0) ioctl$auto(0x3, 0x5402, r4) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) sendfile$auto(0x3, r5, 0x0, 0x400000000006) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mq_timedreceive$auto(r0, 0x0, 0x10000000000000, 0x0, 0x0) 6m16.160918303s ago: executing program 1 (id=592): request_key$auto_KEY_SPEC_SESSION_KEYRING(0x0, 0x0, 0x0, 0xfffffffffffffffd) rseq$auto(&(0x7f0000000300)={0xe, 0x401, 0x0, 0x6, 0xffffffff, 0x2}, 0x8000, 0x0, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) connect$auto(0xffffffffffffffff, &(0x7f0000000140)=@rc={0x1f, @any, 0x7}, 0x5) r0 = io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) r1 = socket(0x1d, 0x2, 0x7) keyctl$auto(0x9, 0xfffffffffffffffc, 0xfffffffffffffffd, 0xfffffffffffffffd, 0x1) r2 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r3}, 0x6a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vcan0\x00', 0x0}) connect$auto(0x3, &(0x7f00000018c0)=@can={0x1d, r4}, 0x18) recvmmsg$auto(0x3, &(0x7f0000000100)={{0x0, 0x9, &(0x7f0000000080)={0x0, 0x9}, 0x7, 0x0, 0x1, 0x4}, 0x4}, 0x10000, 0x300, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffcc}, 0x1, 0x0, 0x0, 0x2000009}, 0x9}, 0x3, 0x0) r5 = gettid() mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r6 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) r7 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="12", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r7, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r6, 0x0, 0xffffff4b) r8 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r8, &(0x7f0000001680)="a7", 0xfffffc96) kill$auto(r5, 0x11) ioctl$auto_XFS_IOC_FREESP64(r0, 0x40305825, &(0x7f0000000080)={0x5, 0x5, 0x9, 0x6, 0xdaec, 0xffffffffffffffff}) 6m13.489959821s ago: executing program 1 (id=596): syz_clone3(&(0x7f00000012c0)={0x100000, &(0x7f0000000000)=0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0), {0x41}, &(0x7f0000001340)=""/192, 0xc0, &(0x7f0000000280)=""/4096, &(0x7f0000001280)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0xb2) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) mlock$auto(0x81, 0xffff) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) setsockopt$auto(r1, 0x110, 0x2, 0x0, 0x40000) lseek$auto(0x3, 0x8, 0x3) mmap$auto(0x0, 0x20004, 0x1ff, 0x98, r0, 0x8000) move_pages$auto(0x1, 0x81000000f57, 0x0, 0x0, 0x0, 0x2) r2 = gettid() rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0x8, 0x2, @_sigchld={r2, 0x0, 0x401, 0x5, 0x3}}}) getgroups$auto(0xe, &(0x7f0000000000)=0x4a) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', 0x0) 5m58.179455229s ago: executing program 32 (id=596): syz_clone3(&(0x7f00000012c0)={0x100000, &(0x7f0000000000)=0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0), {0x41}, &(0x7f0000001340)=""/192, 0xc0, &(0x7f0000000280)=""/4096, &(0x7f0000001280)=[0xffffffffffffffff, 0xffffffffffffffff], 0x2}, 0x58) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0xb2) mmap$auto(0x0, 0x9, 0x3, 0x8012, 0x3, 0x8000) fallocate$auto(0x8000000000000003, 0x0, 0xd, 0xcbd5d) mlock$auto(0x81, 0xffff) r1 = socket(0x2000000000000021, 0x2, 0x10000000000002) setsockopt$auto(r1, 0x110, 0x2, 0x0, 0x40000) lseek$auto(0x3, 0x8, 0x3) mmap$auto(0x0, 0x20004, 0x1ff, 0x98, r0, 0x8000) move_pages$auto(0x1, 0x81000000f57, 0x0, 0x0, 0x0, 0x2) r2 = gettid() rt_tgsigqueueinfo$auto(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000100)={@siginfo_0_0={0x6, 0x8, 0x2, @_sigchld={r2, 0x0, 0x401, 0x5, 0x3}}}) getgroups$auto(0xe, &(0x7f0000000000)=0x4a) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x40) execve$auto(&(0x7f0000000180)='./file0\x00', &(0x7f0000000100)=&(0x7f0000000080)='\xac\x00', 0x0) 8.135206393s ago: executing program 4 (id=1792): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535", @raw=0xfffffffe}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0x1, 0x7ff, 0x1, 0x400000000009, 0xc4, 0x9, 0x6, 0x4, 0x3, 0x6, 0x1, 0x3, 0x4, 0x401, 0x6, 0x0, 0xa0, 0x5, 0x2, 0x3, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb75, 0x100000000, 0x3, 0x6, 0x7fffffffffffffff, 0x1, 0xd, 0x1, 0x71, 0x0, 0x8, 0x2, 0x3, 0xffffffffffffffff, 0x2d7, 0x1, 0x1, 0x6, 0x2, 0x800000001, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x40a, 0xd, 0x3fd, 0x8, 0x7, 0xffff, 0x50ce0883, 0xbd9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x1, 0x46e, 0xa5cf, 0x8, 0x7, 0xc16b, 0x6, 0x9, 0x6, 0x8000002, 0x8, 0x1, 0x3, 0x3, 0x5, 0x6, 0xffffffffffff0001, 0x100000000, 0x4, 0x8, 0x4, 0x2, 0x2000000003, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x7, 0x100, 0x14b, 0x2, 0x45f3, 0x0, 0x0, 0x4, 0x100, 0x8001, 0x0, 0x1, 0x7, 0x9, 0x1, 0x3, 0x0, 0x4, 0x7, 0x6, 0x25e2, 0xc9a, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x7, 0x9, 0xfffffffffffffff8, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) r0 = signalfd$auto(0xffffffffffffffff, &(0x7f0000000000)={0x8000000000000001}, 0x200) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x20, r1, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x64004401}, 0x800) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) r5 = syz_genetlink_get_family_id$auto_hsr(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_LIST(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x1c, r5, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@HSR_A_IFINDEX={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/smbd_max_send_size\x00', 0x101000, 0x0) pread64$auto(r6, 0x0, 0x8, 0xffff) sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(r0, &(0x7f0000000600)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r1, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0x5}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0xec}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040044}, 0x20040014) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) r7 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x9, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r7, 0x403c6f2b, 0x0) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(0x2, 0x8, 0x0) inotify_init1$auto(0x3000000000000) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) 7.108683372s ago: executing program 0 (id=1786): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, &(0x7f0000000140)=';') pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffc, 0x9, 0x3, 0xffffffff, 0x8000000000000081, 0x0, 0x1000000002f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x3f, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000240)={0x0, 0x7}, 0x3) shmctl$auto_SHM_UNLOCK(0x2, 0xc, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x3) 7.108413085s ago: executing program 4 (id=1787): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x1, 0x7ff) ptrace$auto(0x4012, r0, 0x177, 0x3) msync$auto(0x200000, 0x2000000005, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) clock_settime$auto(0x0, &(0x7f0000000000)={0x100000000, 0x3b9ac9ff}) adjtimex$auto(&(0x7f0000000280)={0xf, 0x0, 0xfffffffffffffffc, 0x100000001, 0x400000007f, 0x0, 0x4, 0x0, 0xe, 0x0, 0xfffe, {0x200000000000007}, 0x7fffffffffffffff, 0x80000001, 0x5, 0x1, 0x0, 0x6, 0x400000000, 0x7, 0x40000000000d, 0x2, 0x1015c8}) adjtimex$auto(&(0x7f0000000540)={0x72, 0x0, 0xff, 0x800, 0x5, 0x5, 0x9, 0x0, 0x101, 0x9533, 0x2, {0x200, 0x40000000000002}, 0x80, 0x100000001, 0x5, 0x6, 0x0, 0x100000004, 0x40000021, 0x18d, 0x6, 0x100000001, 0x2015, 0x0, 0x0, 0x0, 0x0, 0x7000000}) clock_adjtime$auto(0x47, &(0x7f0000000640)={0xb7, 0x0, 0xfffffffffffffffa, 0x2, 0xfffffffffffffffb, 0x6, 0x3, 0x0, 0x3, 0x6, 0xc, {0x0, 0x5}, 0xfffffffffffffff8, 0x200, 0x5, 0x7fffffff, 0x0, 0x17, 0x1, 0xaac, 0x5, 0x2, 0x2}) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bus/usb/035/001\x00', 0x100, 0x0) ioctl$auto_USBDEVFS_RESETEP(r1, 0x80045503, &(0x7f0000000380)) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r2 = socket(0x2, 0x3, 0xa) getsockopt$auto(r2, 0x0, 0x30, 0x0, &(0x7f0000000040)=0xdbb) write$auto(0xffffffffffffffff, 0x0, 0x1) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x7ffc) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x0, 0xffff7b6f, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[], 0x358c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x2, r1, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x5, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x103, 0x83, 0xfe, 0x6, 0xa9}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x800040, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x24, 0x0, 0x83) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x24048084) 6.487325791s ago: executing program 2 (id=1789): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0xd) ftruncate$auto(0x0, 0x8800000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ocfs2/max_locking_protocol\x00', 0xa2500, 0x0) socket(0xa, 0x2, 0x3a) setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) madvise$auto(0x80000000003, 0xffffffffffff0005, 0xc) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x1, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x300) pidfd_open$auto(0x1, 0x0) socket(0x2, 0x3, 0x100) r1 = bpf$auto(0x2, &(0x7f00000001c0)=@batch={0x8000000000009, 0x80000001, 0x10008, 0x8250, 0xa6d5, 0xffffffffffffffff, 0x6, 0x6}, 0xffffffff) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d8010000", @ANYRES16, @ANYBLOB="01002dbd7000fcdbdf25010000000c0002000500000000000000c5000700c1007cf7c27c120e3984130834a73f9221887ac28e443c4a1a7da8d2ddcf2890cce5822826764f3f410e53f43f300d2e04700395778e7935c99f6a38f6f3e56e7d8a18d15791b3b4f9378d743a8f0cbbe1c604a782030626ead26826f4790233f19c29fbaf1da77e1b84522d05ca0f4237b24aead87b47d41805fa9967d02ad2deba1895652b8d630c30213ed8f72c1066f1bb9fb1b242d08a55d32398d8d3c635008f2c61049c8abf600a98d1d2d0b0027aecaf27d20b6ff4129883e111e1c858000000dc00090069fccb38f57447a8af8c40a03b92af7adc0c48af4308483b99aa587ed8711b4a79a383c263698842365af6807d1be1800fd492770983a6df345fb472e9fa41b667af43bc36d7063b6b93ab7661925e8d71452acd95b788c31a32ae903b96b9ed9a5e3542c625105e8f21a5b41ff3d17f8704581f4b8b75ae741d0fba8cab2e187c93eeea89f6cf6ab7cc496e0bd9759cc0b408bbe0c6eae2aa29c2d97d48a55fc0ff937c90173d61cf652f97cb301e4d7e3bac0026732e22eadd3a6c5ffa4faed6855a86814c920a650a61936305d2713db1c92a238e265c080001007f0e00000c0002"], 0x1d8}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x8000) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000de, 0xeb1, 0x401, 0x8000) request_key$auto_KEY_SPEC_GROUP_KEYRING(&(0x7f0000000000)='/sys/fs/ocfs2/max_locking_protocol\x00', &(0x7f0000000040)='/sys/fs/ocfs2/max_locking_protocol\x00', &(0x7f0000000080)='\x00', 0xfffffffffffffffa) unshare$auto(0x40000080) wait4$auto(0xfffffff9, 0x0, 0x0, 0x0) pread64$auto(r0, 0x0, 0x8, 0x6) mmap$auto(0x400000000000000, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x6) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 5.732495329s ago: executing program 4 (id=1793): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x1, 0x7ff) ptrace$auto(0x4012, r0, 0x177, 0x3) msync$auto(0x200000, 0x2000000005, 0x6) mmap$auto(0x0, 0x2000c, 0xdf, 0xeb1, 0x401, 0x7ffc) clock_settime$auto(0x0, &(0x7f0000000000)={0x100000000, 0x3b9ac9ff}) adjtimex$auto(&(0x7f0000000280)={0xf, 0x0, 0xfffffffffffffffc, 0x100000001, 0x400000007f, 0x0, 0x4, 0x0, 0xe, 0xfffffffffffffffc, 0xfffe, {0x200000000000007}, 0x7fffffffffffffff, 0x80000001, 0x5, 0x1, 0x0, 0x6, 0x400000000, 0x7, 0x40000000000e, 0xfffffffffffffffe, 0x1015c8}) adjtimex$auto(&(0x7f0000000540)={0x72, 0x0, 0xff, 0x800, 0x5, 0x5, 0x9, 0x0, 0x101, 0x9533, 0x2, {0x200, 0x40000000000002}, 0x80, 0x100000001, 0x5, 0x6, 0x0, 0x100000004, 0x40000021, 0x18d, 0x6, 0x100000001, 0x2015}) clock_adjtime$auto(0x47, &(0x7f0000000640)={0xb7, 0x0, 0xfffffffffffffffa, 0x2, 0xfffffffffffffffb, 0x6, 0x3, 0x0, 0x3, 0x6, 0xc, {0x0, 0x5}, 0xfffffffffffffff8, 0x200, 0x5, 0x7fffffff, 0x0, 0x8, 0x1, 0xaac, 0x5, 0x2, 0x2}) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bus/usb/035/001\x00', 0x100, 0x0) ioctl$auto_USBDEVFS_RESETEP(r1, 0x80045503, &(0x7f0000000380)) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r2 = socket(0x2, 0x3, 0xa) getsockopt$auto(r2, 0x0, 0x30, 0x0, &(0x7f0000000040)=0xdbb) write$auto(0xffffffffffffffff, 0x0, 0x1) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x7ffc) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x0, 0xffff7b6f, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[], 0x358c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x2, r1, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x5, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x103, 0x83, 0xfe, 0x6, 0xa9}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x800040, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x24, 0x0, 0x83) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x24048084) 4.711869735s ago: executing program 2 (id=1794): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @broadcast}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) (async) write$auto(0x3, 0x0, 0x1) (async) writev$auto(0x3, 0x0, 0xe) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x3ff, 0x0, 0xfffffffffffffffd) (async) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) (async) socket(0x2b, 0x1, 0x0) (async, rerun: 64) bind$auto(0x3, 0x0, 0x6a) (async, rerun: 64) madvise$auto(0x4, 0x7, 0x2) write$auto(0xffffffffffffffff, &(0x7f0000000000)='.%{\x00', 0x8000) (async) r1 = openat$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/debug/dri/vkms/internal_clients\x00', 0xa8201, 0x0) lseek$auto(r1, 0x9, 0x0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) (async, rerun: 32) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) (async, rerun: 32) write$auto(0x3, 0x0, 0xfffffdef) 4.634582986s ago: executing program 4 (id=1795): mmap$auto(0x0, 0x2020009, 0x3, 0x11, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x4) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="ffa2"], 0x44}, 0x1, 0x0, 0x0, 0x10000000}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) bpf$auto(0x7, &(0x7f00000001c0)=@task_fd_query={0x0, 0xffffffffffffffff, 0x8, 0x20016, 0x9, 0x10000, 0x5f, 0x20000000000804, 0x2}, 0x6f0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.7/usb8/power/wakeup_total_time_ms\x00', 0x0, 0x0) socket(0x11, 0x2, 0x6) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/006/001\x00', 0x1, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x3) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x222680, 0x0) signalfd4$auto(0xffffffffffffffff, 0x0, 0x8, 0x800) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000100)='/dev/bus/usb/036/001\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x100, 0x7fff, 0x9, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x800455cc, 0x0) get_mempolicy$auto(0x0, &(0x7f0000000380)=0x7, 0x1, 0x0, 0xc76) 4.60291938s ago: executing program 3 (id=1796): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) 4.152228123s ago: executing program 3 (id=1797): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535", @raw=0xfffffffe}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0x1, 0x7ff, 0x1, 0x400000000009, 0xc4, 0x9, 0x6, 0x4, 0x3, 0x6, 0x1, 0x3, 0x4, 0x401, 0x6, 0x0, 0xa0, 0x5, 0x2, 0x3, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb75, 0x100000000, 0x3, 0x6, 0x7fffffffffffffff, 0x1, 0xd, 0x1, 0x71, 0x0, 0x8, 0x2, 0x3, 0xffffffffffffffff, 0x2d7, 0x1, 0x1, 0x6, 0x2, 0x800000001, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x40a, 0xd, 0x3fd, 0x8, 0x7, 0xffff, 0x50ce0883, 0xbd9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x1, 0x46e, 0xa5cf, 0x8, 0x7, 0xc16b, 0x6, 0x9, 0x6, 0x8000002, 0x8, 0x1, 0x3, 0x3, 0x5, 0x6, 0xffffffffffff0001, 0x100000000, 0x4, 0x8, 0x4, 0x2, 0x2000000003, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x7, 0x100, 0x14b, 0x2, 0x45f3, 0x0, 0x0, 0x4, 0x100, 0x8001, 0x0, 0x1, 0x7, 0x9, 0x1, 0x3, 0x0, 0x4, 0x7, 0x6, 0x25e2, 0xc9a, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x7, 0x9, 0xfffffffffffffff8, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) r0 = signalfd$auto(0xffffffffffffffff, &(0x7f0000000000)={0x8000000000000001}, 0x200) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x20, r1, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x64004401}, 0x800) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) r5 = syz_genetlink_get_family_id$auto_hsr(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_LIST(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x1c, r5, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@HSR_A_IFINDEX={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/smbd_max_send_size\x00', 0x101000, 0x0) pread64$auto(r6, 0x0, 0x8, 0xffff) sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(r0, &(0x7f0000000600)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r1, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0x5}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0xec}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040044}, 0x20040014) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) r7 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x9, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r7, 0x403c6f2b, 0x0) 3.979389389s ago: executing program 4 (id=1798): setresuid$auto(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/user\x00') prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x8) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x3) close_range$auto(0x0, 0x5, 0x0) pipe$auto(0x0) pipe$auto(0x0) tee$auto(0x2000000000000, 0x3, 0x402, 0xd) write$auto(0x1, 0x0, 0x100) madvise$auto(0x0, 0x200007, 0x19) 3.483918169s ago: executing program 2 (id=1799): r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) setrlimit$auto(0x0, 0x0) socket(0x2, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x542e, 0xffffffffffffffff) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r1 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x40901, 0x0) write$auto(r1, &(0x7f0000000040)='/sys/kernel/debug/dri/vkms/Writeback-1/edid_override\x00', 0x5) close_range$auto(0x2, 0xa, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2000, 0x0) r2 = socket(0xa, 0x3, 0xff) connect$auto(r2, &(0x7f00000018c0)=@generic={0xa}, 0x55) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) r3 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) open(0x0, 0x311280, 0x80) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/pci/devices\x00', 0x10b402, 0x0) pread64$auto(r4, 0x0, 0x8100000041, 0x413e) fcntl$auto(0x3, 0x4, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000cc0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_MPATH(r6, &(0x7f0000000d80)={0x0, 0x0, &(0x7f0000000d40)={&(0x7f0000000000)={0x14, r7, 0x301, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048090) r8 = open(&(0x7f0000000100)='.\x00', 0x0, 0x57e) fcntl$auto_F_ADD_SEALS(r8, 0x410, 0x0) r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x40400, 0x48) fchmod$auto(r9, 0x7439) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_TCP_METRICS_CMD_GET(r5, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000bc0)={&(0x7f0000000040)={0x14, r3, 0x89c1beb01534ff9b, 0x70bd29, 0x25dfd3f9}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$auto_SNDCTL_DSP_GETOPTR(r0, 0x800c5012, 0x0) 3.483536875s ago: executing program 3 (id=1800): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535", @raw=0xfffffffe}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0x1, 0x7ff, 0x1, 0x400000000009, 0xc4, 0x9, 0x6, 0x4, 0x3, 0x6, 0x1, 0x3, 0x4, 0x401, 0x6, 0x0, 0xa0, 0x5, 0x2, 0x3, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb75, 0x100000000, 0x3, 0x6, 0x7fffffffffffffff, 0x1, 0xd, 0x1, 0x71, 0x0, 0x8, 0x2, 0x3, 0xffffffffffffffff, 0x2d7, 0x1, 0x1, 0x6, 0x2, 0x800000001, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x40a, 0xd, 0x3fd, 0x8, 0x7, 0xffff, 0x50ce0883, 0xbd9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x1, 0x46e, 0xa5cf, 0x8, 0x7, 0xc16b, 0x6, 0x9, 0x6, 0x8000002, 0x8, 0x1, 0x3, 0x3, 0x5, 0x6, 0xffffffffffff0001, 0x100000000, 0x4, 0x8, 0x4, 0x2, 0x2000000003, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x7, 0x100, 0x14b, 0x2, 0x45f3, 0x0, 0x0, 0x4, 0x100, 0x8001, 0x0, 0x1, 0x7, 0x9, 0x1, 0x3, 0x0, 0x4, 0x7, 0x6, 0x25e2, 0xc9a, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x7, 0x9, 0xfffffffffffffff8, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) r0 = signalfd$auto(0xffffffffffffffff, &(0x7f0000000000)={0x8000000000000001}, 0x200) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x20, r1, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x64004401}, 0x800) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) r5 = syz_genetlink_get_family_id$auto_hsr(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_LIST(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x1c, r5, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@HSR_A_IFINDEX={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/smbd_max_send_size\x00', 0x101000, 0x0) pread64$auto(r6, 0x0, 0x8, 0xffff) sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(r0, &(0x7f0000000600)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r1, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0x5}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0xec}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040044}, 0x20040014) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) r7 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r7, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(0x2, 0x8, 0x0) inotify_init1$auto(0x3000000000000) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) 3.474613432s ago: executing program 0 (id=1801): sigaltstack$auto(&(0x7f00000000c0)={&(0x7f0000000180)="f038afe10105ff42e782ea31d34fd7bead1778c91029c17ebfc96bb68ab0b20380c0985c7702041eb7a604d8a298cd7b", 0x0, 0x7fffffff}, &(0x7f00000001c0)={0x0, 0x76, 0x20}) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) acct$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) r1 = open(0x0, 0x4000, 0x124) r2 = socket(0x2, 0x80802, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clock_settime$auto(0x14, &(0x7f0000000000)={0x8000000000000001, 0x20000000000004}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x28c, r4, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@HWSIM_ATTR_PMSR_RESULT={0x278, 0x1c, 0x0, 0x1, [@NL80211_PMSR_ATTR_PEERS={0x274, 0x5, 0x0, 0x1, [{0xc0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xb9, 0x1, "9111b602ef50277e4f9f544ee87d08ba72be300757d9370ecea440edd3f4e1cb11aa70d4378199cf47be0eed96f143bb3a9decfad1350f6ef2276424c31119fab334508f278ee6925f8da8e4cf91d4d1a89cbadf9f7d38e3d7cbc5f3017e5b7d4ae9e0498de6c721eb6a3ea5f71deaa24fba4729e5787fc6c332c11040188fdcc46ee994ca9331ec43af70bb473120cdf23c8d4c62fac4d00539aab91bd350d49b3fe99870c9a39478caa130119758ca9175873366"}]}, {0x11c, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x10, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x101}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0x80, 0x1, "9f311bcc948d89d51f82ac1a8eac3addec19169dbe35782c77858e7e5052d6450769f01595885300dae795ad02e372e6a62b268c854bd76d3e357db0c56ddb424d33432ab12eedec54c539e5277f988e95cdf4d603ef3cfd7402544330c54d002b438b33c2807bf5287e7e6e6f4248b280512f586880310e70442cc6"}, @NL80211_PMSR_PEER_ATTR_ADDR={0x85, 0x1, "c323662ad9fdfd2b6517ad8c32ecc54eb75fddd7ca350ffdeb492ac78372bf2be9e6ed5696f148cc98912e5f7b1a0bc88c1c222ecaf2977114f283b5856328ed103e5b4be6d608d3b75168c18ebb9805a34f400780ae1617d6de3a177639369b7ee6f57326a3438ae5f20a0eb5eef65458047a990166c169c91c5f4a8019b21ce9"}]}, {0x90, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0x8b, 0x1, "e80107d607ee79e75504db6178a2acfb36362f7cb6893125af92f2ec9963a072f83343fb2e5c5dd3b43903260b2750aa80f93d6eb0258f8d2ab5ccc94375eff03f8df012ea4911fb43a973224161bc11818ef75eabcdd1d3ed2b8d73b5f089d73056ab263e7c179ace79a550c862f834fc9a04a10f992488e4f82f28eeae4274cd80db3740e855"}]}, {0x4}]}]}]}, 0x28c}, 0x1, 0x0, 0x30, 0x8000}, 0x0) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000002c0)={0x9, &(0x7f0000000000)={0x50, 0xf4, 0xb2}}) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000001640), 0x40, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r6, 0x0, 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd40, 0x1, 0x948f, 0x5, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0xa, 0x8, 0x6]}, 0x0) setgroups$auto(0xac2e, &(0x7f0000000180)=0x6) 3.119945133s ago: executing program 3 (id=1802): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x1, 0x7ff) ptrace$auto(0x4012, r0, 0x177, 0x3) msync$auto(0x200000, 0x2000000005, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) clock_settime$auto(0x0, &(0x7f0000000000)={0x100000000, 0x3b9ac9ff}) adjtimex$auto(&(0x7f0000000280)={0xf, 0x0, 0xfffffffffffffffc, 0x100000001, 0x400000007f, 0x0, 0x4, 0x0, 0xe, 0x0, 0xfffe, {0x200000000000007}, 0x7fffffffffffffff, 0x80000001, 0x5, 0x1, 0x0, 0x6, 0x400000000, 0x7, 0x40000000000d, 0x2, 0x1015c8}) adjtimex$auto(&(0x7f0000000540)={0x72, 0x0, 0xff, 0x800, 0x5, 0x5, 0x9, 0x0, 0x101, 0x9533, 0x2, {0x200, 0x40000000000002}, 0x80, 0x100000001, 0x5, 0x6, 0x0, 0x100000004, 0x40000021, 0x18d, 0x6, 0x100000001, 0x2015, 0x0, 0x0, 0x0, 0x0, 0x7000000}) clock_adjtime$auto(0x47, &(0x7f0000000640)={0xb7, 0x0, 0xfffffffffffffffa, 0x2, 0xfffffffffffffffb, 0x6, 0x3, 0x0, 0x3, 0x6, 0xc, {0x0, 0x5}, 0xfffffffffffffff8, 0x200, 0x5, 0x7fffffff, 0x0, 0x17, 0x1, 0xaac, 0x5, 0x2, 0x2}) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bus/usb/035/001\x00', 0x100, 0x0) ioctl$auto_USBDEVFS_RESETEP(r1, 0x80045503, &(0x7f0000000380)) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r2 = socket(0x2, 0x3, 0xa) getsockopt$auto(r2, 0x0, 0x30, 0x0, &(0x7f0000000040)=0xdbb) write$auto(0xffffffffffffffff, 0x0, 0x1) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x7ffc) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x0, 0xffff7b6f, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[], 0x358c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x2, r1, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x5, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x103, 0x83, 0xfe, 0x6, 0xa9}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x800040, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x24, 0x0, 0x83) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x24048084) 2.284319384s ago: executing program 0 (id=1803): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0xd) ftruncate$auto(0x0, 0x8800000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/fs/ocfs2/max_locking_protocol\x00', 0xa2500, 0x0) socket(0xa, 0x2, 0x3a) setsockopt$auto(0x3, 0x1, 0x35, 0x0, 0x9) mmap$auto(0x0, 0x2020009, 0x126, 0xf8, 0xffffffffffffffff, 0x8000) madvise$auto(0x80000000003, 0xffffffffffff0005, 0xc) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x1, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x11, 0x80003, 0x300) pidfd_open$auto(0x1, 0x0) socket(0x2, 0x3, 0x100) r1 = bpf$auto(0x2, &(0x7f00000001c0)=@batch={0x8000000000009, 0x80000001, 0x10008, 0x8250, 0xa6d5, 0xffffffffffffffff, 0x6, 0x6}, 0xffffffff) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d8010000", @ANYRES16, @ANYBLOB="01002dbd7000fcdbdf25010000000c0002000500000000000000c5000700c1007cf7c27c120e3984130834a73f9221887ac28e443c4a1a7da8d2ddcf2890cce5822826764f3f410e53f43f300d2e04700395778e7935c99f6a38f6f3e56e7d8a18d15791b3b4f9378d743a8f0cbbe1c604a782030626ead26826f4790233f19c29fbaf1da77e1b84522d05ca0f4237b24aead87b47d41805fa9967d02ad2deba1895652b8d630c30213ed8f72c1066f1bb9fb1b242d08a55d32398d8d3c635008f2c61049c8abf600a98d1d2d0b0027aecaf27d20b6ff4129883e111e1c858000000dc00090069fccb38f57447a8af8c40a03b92af7adc0c48af4308483b99aa587ed8711b4a79a383c263698842365af6807d1be1800fd492770983a6df345fb472e9fa41b667af43bc36d7063b6b93ab7661925e8d71452acd95b788c31a32ae903b96b9ed9a5e3542c625105e8f21a5b41ff3d17f8704581f4b8b75ae741d0fba8cab2e187c93eeea89f6cf6ab7cc496e0bd9759cc0b408bbe0c6eae2aa29c2d97d48a55fc0ff937c90173d61cf652f97cb301e4d7e3bac0026732e22eadd3a6c5ffa4faed6855a86814c920a650a61936305d2713db1c92a238e265c080001007f0e00000c0002"], 0x1d8}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB="01"], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x8000) socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000de, 0xeb1, 0x401, 0x8000) request_key$auto_KEY_SPEC_GROUP_KEYRING(&(0x7f0000000000)='/sys/fs/ocfs2/max_locking_protocol\x00', &(0x7f0000000040)='/sys/fs/ocfs2/max_locking_protocol\x00', &(0x7f0000000080)='\x00', 0xfffffffffffffffa) unshare$auto(0x40000080) wait4$auto(0xfffffff9, 0x0, 0x0, 0x0) pread64$auto(r0, 0x0, 0x8, 0x6) mmap$auto(0x400000000000000, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x6) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2.283992021s ago: executing program 2 (id=1804): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto(0x10, r0, 0x1, 0x7ff) ptrace$auto(0x4012, r0, 0x177, 0x3) msync$auto(0x200000, 0x2000000005, 0x6) mmap$auto(0x0, 0x2000c, 0xdf, 0xeb1, 0x401, 0x7ffc) clock_settime$auto(0x0, &(0x7f0000000000)={0x100000000, 0x3b9ac9ff}) adjtimex$auto(&(0x7f0000000280)={0xf, 0x0, 0xfffffffffffffffc, 0x100000001, 0x400000007f, 0x0, 0x4, 0x0, 0xe, 0xfffffffffffffffc, 0xfffe, {0x200000000000007}, 0x7fffffffffffffff, 0x80000001, 0x5, 0x1, 0x0, 0x6, 0x400000000, 0x7, 0x40000000000e, 0xfffffffffffffffe, 0x1015c8}) adjtimex$auto(&(0x7f0000000540)={0x72, 0x0, 0xff, 0x800, 0x5, 0x5, 0x9, 0x0, 0x101, 0x9533, 0x2, {0x200, 0x40000000000002}, 0x80, 0x100000001, 0x5, 0x6, 0x0, 0x100000004, 0x40000021, 0x18d, 0x6, 0x100000001, 0x2015}) clock_adjtime$auto(0x47, &(0x7f0000000640)={0xb7, 0x0, 0xfffffffffffffffa, 0x2, 0xfffffffffffffffb, 0x6, 0x3, 0x0, 0x3, 0x6, 0xc, {0x0, 0x5}, 0xfffffffffffffff8, 0x200, 0x5, 0x7fffffff, 0x0, 0x8, 0x1, 0xaac, 0x5, 0x2, 0x2}) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000240)='/dev/bus/usb/035/001\x00', 0x100, 0x0) ioctl$auto_USBDEVFS_RESETEP(r1, 0x80045503, &(0x7f0000000380)) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r2 = socket(0x2, 0x3, 0xa) getsockopt$auto(r2, 0x0, 0x30, 0x0, &(0x7f0000000040)=0xdbb) write$auto(0xffffffffffffffff, 0x0, 0x1) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x7ffc) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) rt_sigqueueinfo$auto(0x0, 0xffff7b6f, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000640)=ANY=[], 0x358c}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) close_range$auto(0x2, r1, 0x2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x5, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x103, 0x83, 0xfe, 0x6, 0xa9}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x800040, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x24, 0x0, 0x83) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x24048084) 1.293020447s ago: executing program 3 (id=1805): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mlock$auto(0x1000, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000", @ANYBLOB="120027", @ANYBLOB="5de1523353782950330a"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB='J'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x8000, 0x200, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs1\x00', 0x108002, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB='H'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x4, 0x9, 0x20eb2, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) migrate_pages$auto(0x0, 0x8, 0x0, &(0x7f00000001c0)=0x7b) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/adsp1\x00', 0x40440, 0x0) setxattrat$auto(0xffffffffffffffff, 0x0, 0x1000, &(0x7f00000000c0)='ns/mnt\x00', 0x0, 0xa7) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0)) readv$auto(r1, &(0x7f0000000200)={0x0, 0xfffc}, 0x3) 1.067509049s ago: executing program 0 (id=1806): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) 791.107716ms ago: executing program 2 (id=1807): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535", @raw=0xfffffffe}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0x1, 0x7ff, 0x1, 0x400000000009, 0xc4, 0x9, 0x6, 0x4, 0x3, 0x6, 0x1, 0x3, 0x4, 0x401, 0x6, 0x0, 0xa0, 0x5, 0x2, 0x3, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb75, 0x100000000, 0x3, 0x6, 0x7fffffffffffffff, 0x1, 0xd, 0x1, 0x71, 0x0, 0x8, 0x2, 0x3, 0xffffffffffffffff, 0x2d7, 0x1, 0x1, 0x6, 0x2, 0x800000001, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x40a, 0xd, 0x3fd, 0x8, 0x7, 0xffff, 0x50ce0883, 0xbd9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x1, 0x46e, 0xa5cf, 0x8, 0x7, 0xc16b, 0x6, 0x9, 0x6, 0x8000002, 0x8, 0x1, 0x3, 0x3, 0x5, 0x6, 0xffffffffffff0001, 0x100000000, 0x4, 0x8, 0x4, 0x2, 0x2000000003, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x7, 0x100, 0x14b, 0x2, 0x45f3, 0x0, 0x0, 0x4, 0x100, 0x8001, 0x0, 0x1, 0x7, 0x9, 0x1, 0x3, 0x0, 0x4, 0x7, 0x6, 0x25e2, 0xc9a, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x7, 0x9, 0xfffffffffffffff8, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) r0 = signalfd$auto(0xffffffffffffffff, &(0x7f0000000000)={0x8000000000000001}, 0x200) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x20, r1, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x64004401}, 0x800) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) r5 = syz_genetlink_get_family_id$auto_hsr(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_LIST(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x1c, r5, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@HSR_A_IFINDEX={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/smbd_max_send_size\x00', 0x101000, 0x0) pread64$auto(r6, 0x0, 0x8, 0xffff) sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(r0, &(0x7f0000000600)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r1, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0x5}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0xec}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040044}, 0x20040014) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) r7 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) io_uring_setup$auto(0x9, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r7, 0x403c6f2b, 0x0) 698.457878ms ago: executing program 4 (id=1808): mmap$auto(0x0, 0x84dd, 0xdf, 0xeb1, 0x401, 0x8000) r0 = getpid() process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000100)="58e7a2329fbdfb4986a26faf4182257497e4856e4a66e5177fa5d4eb558a61b740471c000000007e973d778cb0026ab17c9fe9252ff86e659e", 0xffffffff}, 0x6, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@iter_create={0x15, 0x8}, 0x7) ioctl$auto_SG_GET_TIMEOUT(r1, 0x2202, &(0x7f0000000140)="7d07e9eedc3cd5895c6cb9a8c5b3ca8d0c718a0ed11f953b51d4f657b4acc87e8dd2b2fe3cee7b0b6486ca299ab6e98a4ea70de38801c52e5030aef0218d45de3f8c4c14b103d32370159034c381583c05a1dc1a66df8dc1f0044439b1079075a5ddd448d81005edce61647a432b2dac050fa704efc539681d5b61eb1022fd") 479.074169ms ago: executing program 2 (id=1809): sigaltstack$auto(&(0x7f00000000c0)={&(0x7f0000000180)="f038afe10105ff42e782ea31d34fd7bead1778c91029c17ebfc96bb68ab0b20380c0985c7702041eb7a604d8a298cd7b", 0x0, 0x7fffffff}, &(0x7f00000001c0)={0x0, 0x76, 0x20}) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) acct$auto(0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) r1 = open(0x0, 0x4000, 0x124) r2 = socket(0x2, 0x80802, 0x0) sendmsg$auto_OVS_DP_CMD_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) clock_settime$auto(0x14, &(0x7f0000000000)={0x8000000000000001, 0x20000000000004}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x28c, r4, 0x1, 0x70bd2a, 0x25dfdbff, {}, [@HWSIM_ATTR_PMSR_RESULT={0x278, 0x1c, 0x0, 0x1, [@NL80211_PMSR_ATTR_PEERS={0x274, 0x5, 0x0, 0x1, [{0xc0, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0xb9, 0x1, "9111b602ef50277e4f9f544ee87d08ba72be300757d9370ecea440edd3f4e1cb11aa70d4378199cf47be0eed96f143bb3a9decfad1350f6ef2276424c31119fab334508f278ee6925f8da8e4cf91d4d1a89cbadf9f7d38e3d7cbc5f3017e5b7d4ae9e0498de6c721eb6a3ea5f71deaa24fba4729e5787fc6c332c11040188fdcc46ee994ca9331ec43af70bb473120cdf23c8d4c62fac4d00539aab91bd350d49b3fe99870c9a39478caa130119758ca9175873366"}]}, {0x11c, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_RESP={0x10, 0x4, 0x0, 0x1, [@NL80211_PMSR_RESP_ATTR_HOST_TIME={0xc, 0x3, 0x101}]}, @NL80211_PMSR_PEER_ATTR_ADDR={0x80, 0x1, "9f311bcc948d89d51f82ac1a8eac3addec19169dbe35782c77858e7e5052d6450769f01595885300dae795ad02e372e6a62b268c854bd76d3e357db0c56ddb424d33432ab12eedec54c539e5277f988e95cdf4d603ef3cfd7402544330c54d002b438b33c2807bf5287e7e6e6f4248b280512f586880310e70442cc6"}, @NL80211_PMSR_PEER_ATTR_ADDR={0x85, 0x1, "c323662ad9fdfd2b6517ad8c32ecc54eb75fddd7ca350ffdeb492ac78372bf2be9e6ed5696f148cc98912e5f7b1a0bc88c1c222ecaf2977114f283b5856328ed103e5b4be6d608d3b75168c18ebb9805a34f400780ae1617d6de3a177639369b7ee6f57326a3438ae5f20a0eb5eef65458047a990166c169c91c5f4a8019b21ce9"}]}, {0x90, 0x0, 0x0, 0x1, [@NL80211_PMSR_PEER_ATTR_ADDR={0x8b, 0x1, "e80107d607ee79e75504db6178a2acfb36362f7cb6893125af92f2ec9963a072f83343fb2e5c5dd3b43903260b2750aa80f93d6eb0258f8d2ab5ccc94375eff03f8df012ea4911fb43a973224161bc11818ef75eabcdd1d3ed2b8d73b5f089d73056ab263e7c179ace79a550c862f834fc9a04a10f992488e4f82f28eeae4274cd80db3740e855"}]}, {0x4}]}]}]}, 0x28c}, 0x1, 0x300000000000000, 0x0, 0x8000}, 0x0) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) ioctl$auto_PPPIOCSPASS(r5, 0x40107447, &(0x7f0000000040)={0x6, 0x0}) ioctl$auto_PPPIOCSPASS(r1, 0x40107447, &(0x7f00000002c0)={0x9, &(0x7f0000000000)={0x50, 0xf4, 0xb2}}) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000001640), 0x40, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000100)='/proc/fs/cifs/mount_params\x00', 0x802, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r6, 0x0, 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000340)={[0x1ff, 0x7, 0xd40, 0x1, 0x948f, 0x5, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x62, 0x80000001, 0x7, 0x6d3f, 0xa, 0x8, 0x6]}, 0x0) setgroups$auto(0xac2e, &(0x7f0000000180)=0x6) 220.849739ms ago: executing program 3 (id=1810): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) getrlimit$auto(0x3, 0x0) fdatasync$auto(r0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/035/001\x00', 0x1102, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xc8d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\xc6\x00\x89\te\x8d\a\xfb\\n\x89C:\x84D\x10u\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8ea182, 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x1000, 0x0) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r2, 0xffffffffffdffe00, &(0x7f0000000140)=';') pselect6$auto(0x9, &(0x7f0000000300)={[0x9, 0x4, 0x9, 0x6, 0x8001, 0x4000000000002bc8, 0xffc, 0x9, 0x3, 0xffffffff, 0x8000000000000081, 0x0, 0x1000000002f, 0x2, 0x8, 0xfffffffffffffffe]}, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysfs$auto(0x2, 0x3f, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio1\x00', 0x20b42, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r3, &(0x7f0000000240)={0x0, 0x7}, 0x3) shmctl$auto_SHM_UNLOCK(0x2, 0xc, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x3) 220.011876ms ago: executing program 0 (id=1818): io_uring_setup$auto(0x59, &(0x7f0000000640)={0xd, 0x1d, 0x437fe, 0x2, 0x7, 0x400a, 0xffffffffffffffff, [0xfffffff7], {0x3, 0x6, 0x8c48, 0x29b, 0x3, 0x7b, 0x0, 0x5, 0xfffffffffffffffd}, {0x100, 0x20001, 0xd40d, 0xfffffffe, 0x2, 0x0, 0x8, 0xc, 0x100000000}}) r0 = gettid() r1 = openat$auto_btrfs_ctl_fops_super(0xffffffffffffff9c, &(0x7f0000000280), 0x115002, 0x0) bpf$auto_BPF_LINK_GET_NEXT_ID(0x1f, &(0x7f00000002c0)=@test={r1, 0x0, 0x7, 0x2, 0x40000, 0x2, 0xfffffff7, 0x5, 0x44, 0x4, 0x9, 0x8, 0x3, 0x5, 0x5}, 0x8d3c) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000300)='/dev/mtd0\x00', 0x28082, 0x0) ioctl$auto(r2, 0x4d13, r2) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) shmdt$auto(0x0) process_vm_readv$auto(0x0, 0x0, 0x0, 0x0, 0x6, 0x4000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r3, 0x5425, 0x0) io_uring_setup$auto(0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r4, 0x5408, 0x0) tkill$auto(r0, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/security/tomoyo/audit\x00', 0x42e80, 0x0) read$auto(r5, 0x0, 0xb4d3) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x44003, 0x0) ioctl$auto_BLKPG(r6, 0x1269, 0x300) process_vm_readv$auto(r0, &(0x7f00000000c0)={&(0x7f0000000000)="c527f7bd15ff8f963e6b9fb769cccd3eac654209b15b514c76b6dc05637ebda9abcd4011ceb825f082ab24be2792e661f862533a068fd9877ec5b50514f08d78b8a6c6557b080ea5fe92f229a253f7adbc0055eb10ef4a0c47b433ab47298dd8195037fc864c7303222b77f1ba54636bf7b0a6e72cc0b4004d9147bf10163dc33de5556a998c341cd445b6ce697f78fce2d8c8d96e0742183c58bec7e183125a361947d1a7374c74", 0x5}, 0xfffffffffffffffb, &(0x7f0000000200)={&(0x7f0000000100)="21f3addda704f5f5ff4608c78f2b110f1e20c159f9826708a9f0a6cd24957f12d8fb868ddc083d337e2e3c90ce2b444734172bc127c9d555be2c7b9417bef4dd4c07c8a5a685357d6f33876481dc2ba2f57dd9e27053cf475c33dce32e227c8ecc77d767fd3e3cf385d06675b0fa4430ec34e799a9cdda8850d6f3cd6112980f7bb3d287497fb4aaa7e88050da420490732385f54c5ef2e986703b15bd13dcb9388c5a3957a0d7fa7be6c47aed17a582cc821c3ac8e8583f4f69b4f37144310bfa20f77e74c5bd527b8698649ca22efe29fc8ba14e0a80e49e6410e1c6774a2f6159f64033e9013fc0b5b593e431c6f4d08f1cff598a6387c5e8b7ce", 0x8}, 0xfffffffffffffff9, 0x401) r7 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self/pagemap\x00', 0x200, 0x0) execveat$auto(r7, &(0x7f0000000380)='./file0\x00', &(0x7f0000000400)=&(0x7f00000003c0)='/proc/self/pagemap\x00', &(0x7f0000000480)=&(0x7f0000000440)='&+&,\'\x00', 0x3) 0s ago: executing program 0 (id=1811): mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x1272, 0x8000) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000100)={{@raw=0xb, 0x3, 0xcf, 0x8, "16a0d89bf208384515b5375a677609aa1bc737276563c3d5a2fca999d5797ab7a10a4d2bc341c4bd369ae535", @raw=0xfffffffe}, 0x1, @integer=@value=[0x6d, 0x7, 0x0, 0xbb, 0x4, 0x80000000, 0x1, 0x7ff, 0x1, 0x400000000009, 0xc4, 0x9, 0x6, 0x4, 0x3, 0x6, 0x1, 0x3, 0x4, 0x401, 0x6, 0x0, 0xa0, 0x5, 0x2, 0x3, 0x5, 0xa, 0x8, 0x1, 0x8, 0x7f, 0xffffffffffffdb75, 0x100000000, 0x3, 0x6, 0x7fffffffffffffff, 0x1, 0xd, 0x1, 0x71, 0x0, 0x8, 0x2, 0x3, 0xffffffffffffffff, 0x2d7, 0x1, 0x1, 0x6, 0x2, 0x800000001, 0x6, 0x7, 0x0, 0x6, 0x4, 0x3, 0x40a, 0xd, 0x3fd, 0x8, 0x7, 0xffff, 0x50ce0883, 0xbd9, 0x5, 0x2, 0xd8f, 0x80000000, 0x0, 0x1, 0x46e, 0xa5cf, 0x8, 0x7, 0xc16b, 0x6, 0x9, 0x6, 0x8000002, 0x8, 0x1, 0x3, 0x3, 0x5, 0x6, 0xffffffffffff0001, 0x100000000, 0x4, 0x8, 0x4, 0x2, 0x2000000003, 0xfffffffffffffffe, 0x20007cf9, 0x40, 0x2, 0x7, 0x100, 0x14b, 0x2, 0x45f3, 0x0, 0x0, 0x4, 0x100, 0x8001, 0x0, 0x1, 0x7, 0x9, 0x1, 0x3, 0x0, 0x4, 0x7, 0x6, 0x25e2, 0xc9a, 0xd09, 0x40, 0x2, 0xffffffffffffff00, 0x7, 0x9, 0xfffffffffffffff8, 0x40], "f3fadb90a56b67d92a5b28b4b23f332550b1e5454e2027fb1a37efe81bbc27deaf7c3100aab088cdb3b40dad335c9174f18934845ac3152fef1e0f42b42471efc0225a4ebe7e05ce3d4ab429805d5921633ffbce8f1a82ff9dec6c288f431cb7005b85ca8633c55d49bbdf4bd9cac1046064001bca7ba37e4b5eacf1940c9a78"}) r0 = signalfd$auto(0xffffffffffffffff, &(0x7f0000000000)={0x8000000000000001}, 0x200) r1 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000002c0), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL802154_CMD_SET_CCA_MODE(r2, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000000)={0x20, r1, 0x101, 0x70bd2b, 0x25dfdbfd, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x1}]}, 0x20}, 0x1, 0x0, 0x0, 0x64004401}, 0x800) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'hsr0\x00', 0x0}) r5 = syz_genetlink_get_family_id$auto_hsr(&(0x7f00000008c0), 0xffffffffffffffff) sendmsg$auto_HSR_C_GET_NODE_LIST(r3, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000900)={0x1c, r5, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@HSR_A_IFINDEX={0x8, 0x2, r4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x40) r6 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/cifs/smbd_max_send_size\x00', 0x101000, 0x0) pread64$auto(r6, 0x0, 0x8, 0xffff) sendmsg$auto_NL802154_CMD_SET_MAX_ASSOCIATIONS(r0, &(0x7f0000000600)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r1, 0x400, 0x70bd2d, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0x5}, @NL802154_ATTR_MIN_BE={0x5, 0x11, 0x3}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r4}, @NL802154_ATTR_SCAN_TYPE={0x5, 0x1f, 0xec}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040044}, 0x20040014) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) io_uring_setup$auto(0x9, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(0xffffffffffffffff, 0x403c6f2b, 0x0) read$auto(0x3, 0x0, 0x80) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) close_range$auto(0x2, 0x8, 0x0) inotify_init1$auto(0x3000000000000) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x382, 0x0) kernel console output (not intermixed with test programs): Opcode 0x0c1a failed: -4 [ 381.768252][T10823] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 381.784256][T10823] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 381.824039][T10823] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 382.904518][T10861] [U] /Eev/aJ'Vݧ$d [ 382.909385][T10861] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 382.918316][T10861] [U] WwK E6?(I,k8D [ 382.923501][T10861] [U] [ 382.926174][T10861] [U] [ 382.928854][T10861] [U] PWpLv*MP [ 382.934380][T10861] [U] r-$i3MX [ 382.938600][T10861] [U] mNatղF [ 383.061239][T10861] [U] jrbZqμXv۠b [ 384.473412][T10900] dump_stack_lvl+0x100/0x190 [ 384.473455][T10900] should_fail_ex.cold+0x5/0xa [ 384.473477][T10900] ? prepare_alloc_pages+0x16d/0x5f0 [ 384.473504][T10900] should_fail_alloc_page+0xeb/0x140 [ 384.473531][T10900] prepare_alloc_pages+0x1f0/0x5f0 [ 384.473567][T10900] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 384.473605][T10900] ? stack_trace_save+0x8e/0xc0 [ 384.473625][T10900] ? __pfx_stack_trace_save+0x10/0x10 [ 384.473646][T10900] ? stack_depot_save_flags+0x27/0x9d0 [ 384.473675][T10900] ? kasan_save_stack+0x3f/0x50 [ 384.473710][T10900] ? kasan_save_stack+0x30/0x50 [ 384.473756][T10900] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 384.473786][T10900] ? __pmd_alloc+0xbf/0x9c0 [ 384.473806][T10900] ? __handle_mm_fault+0xa99/0x2b60 [ 384.473829][T10900] ? handle_mm_fault+0x36d/0xa20 [ 384.473853][T10900] ? exc_page_fault+0x6f/0xd0 [ 384.473875][T10900] ? rep_movs_alternative+0x4a/0x90 [ 384.473902][T10900] ? _copy_from_iter+0x355/0x1690 [ 384.473921][T10900] ? netlink_sendmsg+0x808/0xda0 [ 384.473946][T10900] ? ____sys_sendmsg+0x9e1/0xb70 [ 384.473973][T10900] ? ___sys_sendmsg+0x190/0x1e0 [ 384.474008][T10900] ? __sys_sendmmsg+0x205/0x430 [ 384.474031][T10900] ? __x64_sys_sendmmsg+0x9c/0x100 [ 384.474055][T10900] ? do_syscall_64+0x106/0xf80 [ 384.474078][T10900] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.474109][T10900] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 384.474141][T10900] ? policy_nodemask+0xed/0x4f0 [ 384.474164][T10900] alloc_pages_mpol+0x1fb/0x550 [ 384.474186][T10900] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 384.474216][T10900] alloc_pages_noprof+0x131/0x390 [ 384.474241][T10900] pte_alloc_one+0x1e/0x3e0 [ 384.474267][T10900] do_fault+0x8cc/0x1950 [ 384.474292][T10900] ? __pmd_alloc+0x6aa/0x9c0 [ 384.474321][T10900] __handle_mm_fault+0x180f/0x2b60 [ 384.474353][T10900] ? mt_find+0x45e/0x8e0 [ 384.474381][T10900] ? __pfx___handle_mm_fault+0x10/0x10 [ 384.474406][T10900] ? __pfx_mt_find+0x10/0x10 [ 384.474448][T10900] ? find_vma+0xbf/0x140 [ 384.474470][T10900] ? __pfx_find_vma+0x10/0x10 [ 384.474493][T10900] handle_mm_fault+0x36d/0xa20 [ 384.474530][T10900] do_user_addr_fault+0x74c/0x12f0 [ 384.474578][T10900] exc_page_fault+0x6f/0xd0 [ 384.474608][T10900] asm_exc_page_fault+0x26/0x30 [ 384.474634][T10900] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 384.474672][T10900] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 384.474697][T10900] RSP: 0018:ffffc90006ba77b8 EFLAGS: 00050206 [ 384.474718][T10900] RAX: 0000000000000001 RBX: ffff888048db1040 RCX: 00000000000000c4 [ 384.474734][T10900] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff888048db1040 [ 384.474750][T10900] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed10091b6220 [ 384.474767][T10900] R10: ffff888048db1103 R11: 0000000000000000 R12: ffffc90006ba7d40 [ 384.474785][T10900] R13: 0000000000000000 R14: 00000000000000c4 R15: 0000000000000000 [ 384.474821][T10900] _copy_from_iter+0x355/0x1690 [ 384.474854][T10900] ? __asan_memset+0x23/0x50 [ 384.474892][T10900] ? __pfx__copy_from_iter+0x10/0x10 [ 384.474919][T10900] ? __pfx___alloc_skb+0x10/0x10 [ 384.474966][T10900] netlink_sendmsg+0x808/0xda0 [ 384.475018][T10900] ? __pfx_netlink_sendmsg+0x10/0x10 [ 384.475052][T10900] ? __import_iovec+0x1d2/0x640 [ 384.475082][T10900] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 384.475125][T10900] ____sys_sendmsg+0x9e1/0xb70 [ 384.475161][T10900] ? __pfx_netlink_sendmsg+0x10/0x10 [ 384.475200][T10900] ? __pfx_____sys_sendmsg+0x10/0x10 [ 384.475245][T10900] ? __pfx__kstrtoull+0x10/0x10 [ 384.475285][T10900] ___sys_sendmsg+0x190/0x1e0 [ 384.475328][T10900] ? __pfx____sys_sendmsg+0x10/0x10 [ 384.475388][T10900] ? find_held_lock+0x2b/0x80 [ 384.475439][T10900] __sys_sendmmsg+0x205/0x430 [ 384.475477][T10900] ? __pfx___sys_sendmmsg+0x10/0x10 [ 384.475523][T10900] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 384.475574][T10900] ? fput+0x79/0x100 [ 384.475605][T10900] ? ksys_write+0x1ac/0x250 [ 384.475630][T10900] ? __pfx_ksys_write+0x10/0x10 [ 384.475662][T10900] __x64_sys_sendmmsg+0x9c/0x100 [ 384.475694][T10900] ? lockdep_hardirqs_on+0x78/0x100 [ 384.475724][T10900] do_syscall_64+0x106/0xf80 [ 384.475753][T10900] ? clear_bhb_loop+0x40/0x90 [ 384.475785][T10900] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.475813][T10900] RIP: 0033:0x7f033c79c799 [ 384.475836][T10900] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 384.475862][T10900] RSP: 002b:00007f033d6dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 384.475888][T10900] RAX: ffffffffffffffda RBX: 00007f033ca16090 RCX: 00007f033c79c799 [ 384.475906][T10900] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 384.475923][T10900] RBP: 00007f033d6dc090 R08: 0000000000000000 R09: 0000000000000000 [ 384.475940][T10900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.475956][T10900] R13: 00007f033ca16128 R14: 00007f033ca16090 R15: 00007fffd72688e8 [ 384.475986][T10900] [ 386.917398][T10919] nla_validate_range_unsigned: 9 callbacks suppressed [ 386.917422][T10919] netlink: 'syz.4.1056': attribute type 11 has an invalid length. [ 386.932803][T10919] netlink: 'syz.4.1056': attribute type 11 has an invalid length. [ 386.940933][T10919] netlink: 'syz.4.1056': attribute type 11 has an invalid length. [ 387.063347][T10919] netlink: 'syz.4.1056': attribute type 11 has an invalid length. [ 388.415558][T10924] [U] /Eev/aJ'Vݧ$d [ 388.420447][T10924] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 388.429422][T10924] [U] WwK E6?(I,k8D [ 388.434636][T10924] [U] [ 388.437350][T10924] [U] [ 388.440027][T10924] [U] PWpLv*MP [ 388.445569][T10924] [U] r-$i3MX [ 388.449790][T10924] [U] mNatղF [ 388.535392][T10924] [U] jrbZqμXv۠b [ 390.851851][T10977] dump_stack_lvl+0x100/0x190 [ 390.851892][T10977] should_fail_ex.cold+0x5/0xa [ 390.851916][T10977] ? prepare_alloc_pages+0x16d/0x5f0 [ 390.851948][T10977] should_fail_alloc_page+0xeb/0x140 [ 390.851973][T10977] prepare_alloc_pages+0x1f0/0x5f0 [ 390.852005][T10977] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 390.852045][T10977] ? stack_trace_save+0x8e/0xc0 [ 390.852070][T10977] ? __pfx_stack_trace_save+0x10/0x10 [ 390.852095][T10977] ? stack_depot_save_flags+0x27/0x9d0 [ 390.852132][T10977] ? kasan_save_stack+0x3f/0x50 [ 390.852171][T10977] ? kasan_save_stack+0x30/0x50 [ 390.852211][T10977] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 390.852251][T10977] ? __pmd_alloc+0xbf/0x9c0 [ 390.852281][T10977] ? __handle_mm_fault+0xa99/0x2b60 [ 390.852312][T10977] ? handle_mm_fault+0x36d/0xa20 [ 390.852351][T10977] ? exc_page_fault+0x6f/0xd0 [ 390.852380][T10977] ? rep_movs_alternative+0x4a/0x90 [ 390.852417][T10977] ? _copy_from_iter+0x355/0x1690 [ 390.852440][T10977] ? netlink_sendmsg+0x808/0xda0 [ 390.852472][T10977] ? ____sys_sendmsg+0x9e1/0xb70 [ 390.852506][T10977] ? ___sys_sendmsg+0x190/0x1e0 [ 390.852540][T10977] ? __sys_sendmmsg+0x205/0x430 [ 390.852569][T10977] ? __x64_sys_sendmmsg+0x9c/0x100 [ 390.852596][T10977] ? do_syscall_64+0x106/0xf80 [ 390.852623][T10977] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.852662][T10977] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 390.852704][T10977] ? policy_nodemask+0xed/0x4f0 [ 390.852736][T10977] alloc_pages_mpol+0x1fb/0x550 [ 390.852767][T10977] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 390.852806][T10977] alloc_pages_noprof+0x131/0x390 [ 390.852838][T10977] pte_alloc_one+0x1e/0x3e0 [ 390.852870][T10977] do_fault+0x8cc/0x1950 [ 390.852901][T10977] ? __pmd_alloc+0x6aa/0x9c0 [ 390.852936][T10977] __handle_mm_fault+0x180f/0x2b60 [ 390.852977][T10977] ? mt_find+0x45e/0x8e0 [ 390.853014][T10977] ? __pfx___handle_mm_fault+0x10/0x10 [ 390.853048][T10977] ? __pfx_mt_find+0x10/0x10 [ 390.853103][T10977] ? find_vma+0xbf/0x140 [ 390.853129][T10977] ? __pfx_find_vma+0x10/0x10 [ 390.853160][T10977] handle_mm_fault+0x36d/0xa20 [ 390.853204][T10977] do_user_addr_fault+0x74c/0x12f0 [ 390.853257][T10977] exc_page_fault+0x6f/0xd0 [ 390.853290][T10977] asm_exc_page_fault+0x26/0x30 [ 390.853318][T10977] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 390.853368][T10977] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 390.853395][T10977] RSP: 0018:ffffc900061df7b8 EFLAGS: 00050206 [ 390.853418][T10977] RAX: 0000000000000001 RBX: ffff88805a875040 RCX: 00000000000000c4 [ 390.853436][T10977] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88805a875040 [ 390.853453][T10977] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100b50ea20 [ 390.853470][T10977] R10: ffff88805a875103 R11: 0000000000000000 R12: ffffc900061dfd40 [ 390.853488][T10977] R13: 0000000000000000 R14: 00000000000000c4 R15: 0000000000000000 [ 390.853524][T10977] _copy_from_iter+0x355/0x1690 [ 390.853557][T10977] ? __asan_memset+0x23/0x50 [ 390.853593][T10977] ? __pfx__copy_from_iter+0x10/0x10 [ 390.853619][T10977] ? __pfx___alloc_skb+0x10/0x10 [ 390.853664][T10977] netlink_sendmsg+0x808/0xda0 [ 390.853705][T10977] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.853739][T10977] ? __import_iovec+0x1d2/0x640 [ 390.853770][T10977] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 390.853809][T10977] ____sys_sendmsg+0x9e1/0xb70 [ 390.853842][T10977] ? __pfx_netlink_sendmsg+0x10/0x10 [ 390.853879][T10977] ? __pfx_____sys_sendmsg+0x10/0x10 [ 390.853924][T10977] ? __pfx__kstrtoull+0x10/0x10 [ 390.853963][T10977] ___sys_sendmsg+0x190/0x1e0 [ 390.854003][T10977] ? __pfx____sys_sendmsg+0x10/0x10 [ 390.854062][T10977] ? find_held_lock+0x2b/0x80 [ 390.854113][T10977] __sys_sendmmsg+0x205/0x430 [ 390.854152][T10977] ? __pfx___sys_sendmmsg+0x10/0x10 [ 390.854198][T10977] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 390.854250][T10977] ? fput+0x79/0x100 [ 390.854280][T10977] ? ksys_write+0x1ac/0x250 [ 390.854304][T10977] ? __pfx_ksys_write+0x10/0x10 [ 390.854341][T10977] __x64_sys_sendmmsg+0x9c/0x100 [ 390.854375][T10977] ? lockdep_hardirqs_on+0x78/0x100 [ 390.854405][T10977] do_syscall_64+0x106/0xf80 [ 390.854432][T10977] ? clear_bhb_loop+0x40/0x90 [ 390.854466][T10977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 390.854495][T10977] RIP: 0033:0x7f033c79c799 [ 390.854518][T10977] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 390.854544][T10977] RSP: 002b:00007f033d6dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 390.854570][T10977] RAX: ffffffffffffffda RBX: 00007f033ca16090 RCX: 00007f033c79c799 [ 390.854589][T10977] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 390.854606][T10977] RBP: 00007f033d6dc090 R08: 0000000000000000 R09: 0000000000000000 [ 390.854623][T10977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 390.854639][T10977] R13: 00007f033ca16128 R14: 00007f033ca16090 R15: 00007fffd72688e8 [ 390.854677][T10977] [ 391.535656][T10984] input: f as /devices/virtual/input/input12 [ 391.914589][T10987] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1070'. [ 392.445871][T10981] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 392.462333][T10981] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 392.481260][T10981] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 392.623867][T10981] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 392.795263][T10994] FAULT_INJECTION: forcing a failure. [ 392.795263][T10994] name failslab, interval 1, probability 0, space 0, times 0 [ 392.880153][T10994] CPU: 1 UID: 0 PID: 10994 Comm: syz.0.1071 Tainted: G U L syzkaller #0 PREEMPT(full) [ 392.880180][T10994] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 392.880186][T10994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 392.880195][T10994] Call Trace: [ 392.880200][T10994] [ 392.880207][T10994] dump_stack_lvl+0x100/0x190 [ 392.880235][T10994] should_fail_ex.cold+0x5/0xa [ 392.880253][T10994] should_failslab+0xc2/0x120 [ 392.880268][T10994] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 392.880291][T10994] ? tracefs_alloc_inode+0x2c/0x140 [ 392.880379][T10994] ? __pfx_tracefs_alloc_inode+0x10/0x10 [ 392.880401][T10994] tracefs_alloc_inode+0x2c/0x140 [ 392.880422][T10994] ? __pfx_tracefs_alloc_inode+0x10/0x10 [ 392.880444][T10994] alloc_inode+0x68/0x250 [ 392.880464][T10994] new_inode+0x22/0x1c0 [ 392.880484][T10994] tracefs_get_inode+0x19/0x80 [ 392.880506][T10994] eventfs_get_inode+0x53/0x520 [ 392.880522][T10994] eventfs_root_lookup+0x23c/0xa50 [ 392.880537][T10994] ? __pfx_eventfs_root_lookup+0x10/0x10 [ 392.880554][T10994] ? lockdep_init_map_type+0x5c/0x250 [ 392.880586][T10994] ? lockdep_init_map_type+0x5c/0x250 [ 392.880623][T10994] __lookup_slow+0x251/0x460 [ 392.880660][T10994] ? __pfx___lookup_slow+0x10/0x10 [ 392.880689][T10994] ? __d_lookup+0x266/0x4a0 [ 392.880713][T10994] lookup_slow+0x50/0x70 [ 392.880732][T10994] link_path_walk+0x1377/0x1cc0 [ 392.880761][T10994] path_openat+0x1be/0x31a0 [ 392.880775][T10994] ? kasan_save_stack+0x3f/0x50 [ 392.880795][T10994] ? kasan_save_stack+0x30/0x50 [ 392.880816][T10994] ? kasan_save_track+0x14/0x30 [ 392.880837][T10994] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 392.880862][T10994] ? __pfx_path_openat+0x10/0x10 [ 392.880884][T10994] do_file_open+0x20e/0x430 [ 392.880900][T10994] ? __pfx_do_file_open+0x10/0x10 [ 392.880929][T10994] ? alloc_fd+0x476/0x790 [ 392.880945][T10994] ? do_getname+0x191/0x390 [ 392.880964][T10994] do_sys_openat2+0x10d/0x1e0 [ 392.880984][T10994] ? __pfx_do_sys_openat2+0x10/0x10 [ 392.881010][T10994] __x64_sys_openat+0x12d/0x210 [ 392.881029][T10994] ? __pfx___x64_sys_openat+0x10/0x10 [ 392.881055][T10994] do_syscall_64+0x106/0xf80 [ 392.881072][T10994] ? clear_bhb_loop+0x40/0x90 [ 392.881090][T10994] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 392.881105][T10994] RIP: 0033:0x7f430299c799 [ 392.881118][T10994] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 392.881135][T10994] RSP: 002b:00007f43038e3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 392.881153][T10994] RAX: ffffffffffffffda RBX: 00007f4302c15fa0 RCX: 00007f430299c799 [ 392.881163][T10994] RDX: 0000000000101800 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 392.881172][T10994] RBP: 00007f4302a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 392.881181][T10994] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 392.881190][T10994] R13: 00007f4302c16038 R14: 00007f4302c15fa0 R15: 00007fffdf453338 [ 392.881210][T10994] [ 393.363272][T11007] Invalid ELF header magic: != ELF [ 393.784009][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 394.274291][T11023] snd_virmidi snd_virmidi.0: control 61678:131081:3:y:1 is already present [ 394.335588][T11028] netlink: 342 bytes leftover after parsing attributes in process `syz.2.1078'. [ 394.513504][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 394.521855][ T5832] Bluetooth: hci2: command 0x0c1a tx timeout [ 394.523103][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 394.848052][ T29] audit: type=1800 audit(4294967320.420:11): pid=11041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1080" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 394.934670][T11039] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1081'. [ 395.641338][T11051] FAULT_INJECTION: forcing a failure. [ 395.641338][T11051] name failslab, interval 1, probability 0, space 0, times 0 [ 395.704599][T11051] CPU: 0 UID: 0 PID: 11051 Comm: syz.4.1082 Tainted: G U L syzkaller #0 PREEMPT(full) [ 395.704643][T11051] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 395.704653][T11051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 395.704669][T11051] Call Trace: [ 395.704678][T11051] [ 395.704689][T11051] dump_stack_lvl+0x100/0x190 [ 395.704734][T11051] should_fail_ex.cold+0x5/0xa [ 395.704768][T11051] should_failslab+0xc2/0x120 [ 395.704796][T11051] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 395.704837][T11051] ? ptlock_alloc+0x1f/0x70 [ 395.704880][T11051] ptlock_alloc+0x1f/0x70 [ 395.704914][T11051] pte_alloc_one+0x84/0x3e0 [ 395.704946][T11051] do_fault+0x8cc/0x1950 [ 395.704976][T11051] ? __pmd_alloc+0x6aa/0x9c0 [ 395.705011][T11051] __handle_mm_fault+0x180f/0x2b60 [ 395.705053][T11051] ? mt_find+0x45e/0x8e0 [ 395.705090][T11051] ? __pfx___handle_mm_fault+0x10/0x10 [ 395.705126][T11051] ? __pfx_mt_find+0x10/0x10 [ 395.705181][T11051] ? find_vma+0xbf/0x140 [ 395.705208][T11051] ? __pfx_find_vma+0x10/0x10 [ 395.705239][T11051] handle_mm_fault+0x36d/0xa20 [ 395.705284][T11051] do_user_addr_fault+0x74c/0x12f0 [ 395.705338][T11051] exc_page_fault+0x6f/0xd0 [ 395.705372][T11051] asm_exc_page_fault+0x26/0x30 [ 395.705400][T11051] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 395.705444][T11051] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 cf 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 395.705469][T11051] RSP: 0018:ffffc90005c8f7b8 EFLAGS: 00050206 [ 395.705490][T11051] RAX: 0000000000000001 RBX: ffff88807ba67400 RCX: 00000000000000c4 [ 395.705507][T11051] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffff88807ba67400 [ 395.705523][T11051] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed100f74ce98 [ 395.705540][T11051] R10: ffff88807ba674c3 R11: 0000000000000000 R12: ffffc90005c8fd40 [ 395.705558][T11051] R13: 0000000000000000 R14: 00000000000000c4 R15: 0000000000000000 [ 395.705593][T11051] _copy_from_iter+0x355/0x1690 [ 395.705625][T11051] ? __asan_memset+0x23/0x50 [ 395.705662][T11051] ? __pfx__copy_from_iter+0x10/0x10 [ 395.705689][T11051] ? __pfx___alloc_skb+0x10/0x10 [ 395.705735][T11051] netlink_sendmsg+0x808/0xda0 [ 395.705779][T11051] ? __pfx_netlink_sendmsg+0x10/0x10 [ 395.705813][T11051] ? __import_iovec+0x1d2/0x640 [ 395.705843][T11051] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 395.705888][T11051] ____sys_sendmsg+0x9e1/0xb70 [ 395.705925][T11051] ? __pfx_netlink_sendmsg+0x10/0x10 [ 395.705962][T11051] ? __pfx_____sys_sendmsg+0x10/0x10 [ 395.706007][T11051] ? __pfx__kstrtoull+0x10/0x10 [ 395.706049][T11051] ___sys_sendmsg+0x190/0x1e0 [ 395.706091][T11051] ? __pfx____sys_sendmsg+0x10/0x10 [ 395.706143][T11051] ? find_held_lock+0x2b/0x80 [ 395.706188][T11051] __sys_sendmmsg+0x205/0x430 [ 395.706222][T11051] ? __pfx___sys_sendmmsg+0x10/0x10 [ 395.706263][T11051] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 395.706308][T11051] ? fput+0x79/0x100 [ 395.706335][T11051] ? ksys_write+0x1ac/0x250 [ 395.706357][T11051] ? __pfx_ksys_write+0x10/0x10 [ 395.706386][T11051] __x64_sys_sendmmsg+0x9c/0x100 [ 395.706415][T11051] ? lockdep_hardirqs_on+0x78/0x100 [ 395.706450][T11051] do_syscall_64+0x106/0xf80 [ 395.706478][T11051] ? clear_bhb_loop+0x40/0x90 [ 395.706508][T11051] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.706534][T11051] RIP: 0033:0x7f161c79c799 [ 395.706553][T11051] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 395.706577][T11051] RSP: 002b:00007f161d6a0028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 395.706600][T11051] RAX: ffffffffffffffda RBX: 00007f161ca16090 RCX: 00007f161c79c799 [ 395.706617][T11051] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 395.706632][T11051] RBP: 00007f161d6a0090 R08: 0000000000000000 R09: 0000000000000000 [ 395.706648][T11051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 395.706663][T11051] R13: 00007f161ca16128 R14: 00007f161ca16090 R15: 00007ffef19c1f98 [ 395.706696][T11051] [ 397.111757][T11072] Invalid ELF header magic: != ELF [ 397.435884][ T5835] Bluetooth: hci2: unexpected event 0x1d length: 6 > 5 [ 397.660756][T11086] snd_virmidi snd_virmidi.0: control 61678:131081:3:y:1 is already present [ 398.213909][T11106] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1093'. [ 398.740446][T11121] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1096'. [ 402.728616][T11171] Invalid ELF header magic: != ELF [ 402.871156][T11189] snd_virmidi snd_virmidi.0: control 61678:131081:3:y:1 is already present [ 403.389441][T11194] [U] /Eev/aJ'Vݧ$d [ 403.394307][T11194] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 403.403239][T11194] [U] WwK E6?(I,k8D [ 403.408427][T11194] [U] [ 403.411099][T11194] [U] [ 403.413838][T11194] [U] PWpLv*MP [ 403.419403][T11194] [U] r-$i3MX [ 403.423655][T11194] [U] mNatղF [ 403.457872][T11194] [U] jrbZqμXv۠b [ 409.208489][T11328] dump_stack_lvl+0x100/0x190 [ 409.208539][T11328] should_fail_ex.cold+0x5/0xa [ 409.208574][T11328] ? lsm_blob_alloc+0x68/0x90 [ 409.208715][T11328] should_failslab+0xc2/0x120 [ 409.208747][T11328] __kmalloc_noprof+0xe0/0x850 [ 409.208801][T11328] ? trace_kmalloc+0x101/0x130 [ 409.208838][T11328] lsm_blob_alloc+0x68/0x90 [ 409.208874][T11328] security_sk_alloc+0x2d/0x290 [ 409.208918][T11328] sk_prot_alloc+0x12a/0x2a0 [ 409.208962][T11328] sk_alloc+0x36/0xe80 [ 409.208996][T11328] __netlink_create+0x5e/0x2c0 [ 409.209031][T11328] ? __wake_up+0x3f/0x60 [ 409.209066][T11328] netlink_create+0x293/0x610 [ 409.209099][T11328] ? __pfx_genl_bind+0x10/0x10 [ 409.209138][T11328] ? __pfx_genl_unbind+0x10/0x10 [ 409.209177][T11328] ? __pfx_genl_release+0x10/0x10 [ 409.209222][T11328] __sock_create+0x339/0x860 [ 409.209273][T11328] __sys_socket+0x14d/0x260 [ 409.209297][T11328] ? exc_page_fault+0x6f/0xd0 [ 409.209331][T11328] ? __pfx___sys_socket+0x10/0x10 [ 409.209362][T11328] ? do_user_addr_fault+0x8d6/0x12f0 [ 409.209412][T11328] __x64_sys_socket+0x72/0xb0 [ 409.209438][T11328] ? lockdep_hardirqs_on+0x78/0x100 [ 409.209473][T11328] do_syscall_64+0x106/0xf80 [ 409.209507][T11328] ? clear_bhb_loop+0x40/0x90 [ 409.209541][T11328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.209572][T11328] RIP: 0033:0x7f033c79e007 [ 409.209596][T11328] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 409.209624][T11328] RSP: 002b:00007f033d6b9f98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 409.209652][T11328] RAX: ffffffffffffffda RBX: 00007f033ca16180 RCX: 00007f033c79e007 [ 409.209672][T11328] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 409.209690][T11328] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 409.209708][T11328] R10: 0000200000000140 R11: 0000000000000286 R12: 0000000000000000 [ 409.209726][T11328] R13: 00007f033ca16218 R14: 00007f033ca16180 R15: 00007fffd72688e8 [ 409.209765][T11328] [ 409.646660][T11322] netlink: 'syz.2.1122': attribute type 4 has an invalid length. [ 409.657565][T11322] netlink: 'syz.2.1122': attribute type 1 has an invalid length. [ 409.755359][T11333] snd_virmidi snd_virmidi.0: control 61678:131081:3:y:1 is already present [ 410.285744][T11348] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1127'. [ 411.161358][T11357] [U] /Eev/aJ'Vݧ$d [ 411.166253][T11357] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 411.175228][T11357] [U] WwK E6?(I,k8D [ 411.180442][T11357] [U] [ 411.183146][T11357] [U] [ 411.185825][T11357] [U] PWpLv*MP [ 411.191362][T11357] [U] r-$i3MX [ 411.195601][T11357] [U] mNatղF [ 411.212807][T11357] [U] jrbZqμXv۠b [ 415.947464][T11451] dump_stack_lvl+0x100/0x190 [ 415.947520][T11451] should_fail_ex.cold+0x5/0xa [ 415.947555][T11451] get_futex_key+0x1d2/0x1620 [ 415.947595][T11451] ? __pfx_get_futex_key+0x10/0x10 [ 415.947629][T11451] ? bpf_lsm_bpf+0x9/0x10 [ 415.947660][T11451] ? __sys_bpf+0x173/0x4b90 [ 415.947695][T11451] futex_wake+0xea/0x530 [ 415.947733][T11451] ? __pfx___sys_bpf+0x10/0x10 [ 415.947764][T11451] ? __pfx_futex_wait+0x10/0x10 [ 415.947805][T11451] ? __pfx_futex_wake+0x10/0x10 [ 415.947851][T11451] ? ksys_write+0x190/0x250 [ 415.947886][T11451] do_futex+0x32b/0x350 [ 415.947923][T11451] ? __pfx_do_futex+0x10/0x10 [ 415.947969][T11451] __x64_sys_futex+0x34f/0x4d0 [ 415.948009][T11451] ? __pfx___x64_sys_futex+0x10/0x10 [ 415.948060][T11451] do_syscall_64+0x106/0xf80 [ 415.948096][T11451] ? clear_bhb_loop+0x40/0x90 [ 415.948131][T11451] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.948160][T11451] RIP: 0033:0x7f161c79c799 [ 415.948183][T11451] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 415.948211][T11451] RSP: 002b:00007f161d6c10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 415.948238][T11451] RAX: ffffffffffffffda RBX: 00007f161ca15fa8 RCX: 00007f161c79c799 [ 415.948257][T11451] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f161ca15fac [ 415.948275][T11451] RBP: 00007f161ca15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 415.948292][T11451] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 415.948310][T11451] R13: 00007f161ca16038 R14: 00007ffef19c1eb0 R15: 00007ffef19c1f98 [ 415.948348][T11451] [ 417.949740][T11468] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1154'. [ 417.962615][T11467] netlink: 146 bytes leftover after parsing attributes in process `syz.4.1153'. [ 418.688407][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880326d5000: rx timeout, send abort [ 419.196675][ C1] vcan0: j1939_tp_rxtimer: 0xffff8880326d5000: abort rx timeout. Force session deactivation [ 419.751860][T11505] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 419.845941][T11505] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 419.924464][T11505] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 419.930582][T11505] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 420.626366][T11522] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1164'. [ 421.784176][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 421.864174][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 421.944394][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout [ 421.952293][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 422.110003][T11550] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1171'. [ 422.469888][T11562] FAULT_INJECTION: forcing a failure. [ 422.469888][T11562] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 422.726539][T11562] CPU: 0 UID: 0 PID: 11562 Comm: syz.2.1174 Tainted: G U L syzkaller #0 PREEMPT(full) [ 422.726566][T11562] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 422.726572][T11562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 422.726581][T11562] Call Trace: [ 422.726586][T11562] [ 422.726593][T11562] dump_stack_lvl+0x100/0x190 [ 422.726620][T11562] should_fail_ex.cold+0x5/0xa [ 422.726642][T11562] ? prepare_alloc_pages+0x16d/0x5f0 [ 422.726662][T11562] should_fail_alloc_page+0xeb/0x140 [ 422.726679][T11562] prepare_alloc_pages+0x1f0/0x5f0 [ 422.726696][T11562] ? mas_wr_store_entry+0x6d2/0x2390 [ 422.726719][T11562] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 422.726740][T11562] ? perf_event_mmap+0xbc/0xe40 [ 422.726763][T11562] ? vms_complete_munmap_vmas+0x1e1/0xdd0 [ 422.726784][T11562] ? mas_store_prealloc+0x893/0xfb0 [ 422.726804][T11562] ? __pfx_perf_event_mmap+0x10/0x10 [ 422.726828][T11562] ? __pfx_vms_complete_munmap_vmas+0x10/0x10 [ 422.726848][T11562] ? vma_wants_writenotify+0x10b/0x390 [ 422.726869][T11562] ? __pfx_vma_wants_writenotify+0x10/0x10 [ 422.726891][T11562] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 422.726916][T11562] ? vma_set_page_prot+0xb1/0x120 [ 422.726937][T11562] ? mas_ascend+0x53d/0xb30 [ 422.726953][T11562] ? __pfx___mmap_region+0x10/0x10 [ 422.726971][T11562] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 422.726996][T11562] ? policy_nodemask+0xed/0x4f0 [ 422.727012][T11562] alloc_pages_mpol+0x1fb/0x550 [ 422.727028][T11562] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 422.727049][T11562] alloc_pages_noprof+0x131/0x390 [ 422.727065][T11562] __pmd_alloc+0x3b/0x9c0 [ 422.727084][T11562] __handle_mm_fault+0xa99/0x2b60 [ 422.727106][T11562] ? mt_find+0x45e/0x8e0 [ 422.727125][T11562] ? __pfx___handle_mm_fault+0x10/0x10 [ 422.727143][T11562] ? __pfx_mt_find+0x10/0x10 [ 422.727176][T11562] handle_mm_fault+0x36d/0xa20 [ 422.727206][T11562] __get_user_pages+0xf9c/0x34d0 [ 422.727231][T11562] ? __pfx___get_user_pages+0x10/0x10 [ 422.727253][T11562] populate_vma_page_range+0x267/0x3f0 [ 422.727272][T11562] ? __pfx_populate_vma_page_range+0x10/0x10 [ 422.727290][T11562] ? __pfx_find_vma_intersection+0x10/0x10 [ 422.727306][T11562] ? do_mmap+0x93f/0x12f0 [ 422.727324][T11562] __mm_populate+0x107/0x3a0 [ 422.727342][T11562] ? __pfx___mm_populate+0x10/0x10 [ 422.727360][T11562] ? up_write+0x290/0x4f0 [ 422.727386][T11562] vm_mmap_pgoff+0x37f/0x470 [ 422.727404][T11562] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 422.727422][T11562] ? do_futex+0x192/0x350 [ 422.727440][T11562] ? __pfx_do_futex+0x10/0x10 [ 422.727461][T11562] ksys_mmap_pgoff+0xe1/0x650 [ 422.727477][T11562] ? __x64_sys_futex+0x34f/0x4d0 [ 422.727494][T11562] ? __x64_sys_futex+0x358/0x4d0 [ 422.727512][T11562] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 422.727528][T11562] ? xfd_validate_state+0x129/0x190 [ 422.727552][T11562] __x64_sys_mmap+0x125/0x190 [ 422.727575][T11562] do_syscall_64+0x106/0xf80 [ 422.727592][T11562] ? clear_bhb_loop+0x40/0x90 [ 422.727610][T11562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.727625][T11562] RIP: 0033:0x7f033c79c799 [ 422.727639][T11562] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 422.727653][T11562] RSP: 002b:00007f033d6fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 422.727668][T11562] RAX: ffffffffffffffda RBX: 00007f033ca15fa0 RCX: 00007f033c79c799 [ 422.727678][T11562] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 422.727687][T11562] RBP: 00007f033c832bd9 R08: 0000000000000002 R09: 0000000000008000 [ 422.727696][T11562] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 422.727706][T11562] R13: 00007f033ca16038 R14: 00007f033ca15fa0 R15: 00007fffd72688e8 [ 422.727726][T11562] [ 423.398269][T11569] netlink: zone id is out of range [ 423.435665][T11569] netlink: zone id is out of range [ 423.481203][T11569] netlink: zone id is out of range [ 423.489224][T11571] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1176'. [ 423.498867][T11569] netlink: zone id is out of range [ 423.498883][T11569] netlink: zone id is out of range [ 423.498894][T11569] netlink: zone id is out of range [ 423.498904][T11569] netlink: zone id is out of range [ 423.498915][T11569] netlink: zone id is out of range [ 423.498926][T11569] netlink: zone id is out of range [ 423.498936][T11569] netlink: zone id is out of range [ 424.823020][T11582] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1178'. [ 426.087313][T11607] netlink: 'syz.4.1183': attribute type 11 has an invalid length. [ 426.095234][T11607] netlink: 'syz.4.1183': attribute type 11 has an invalid length. [ 426.103050][T11607] netlink: 'syz.4.1183': attribute type 11 has an invalid length. [ 426.335196][T11607] netlink: 'syz.4.1183': attribute type 11 has an invalid length. [ 428.675170][T11624] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1186'. [ 429.049950][T11631] No such timeout policy "" [ 429.105638][T11631] net_ratelimit: 8 callbacks suppressed [ 429.105666][T11631] netlink: Failed to associated timeout policy '' [ 429.560711][T11641] [U] /Eev/aJ'Vݧ$d [ 429.565614][T11641] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 429.574594][T11641] [U] WwK E6?(I,k8D [ 429.579828][T11641] [U] [ 429.582547][T11641] [U] [ 429.585239][T11641] [U] PWpLv*MP [ 429.590793][T11641] [U] r-$i3MX [ 429.595048][T11641] [U] mNatղF [ 429.694128][T11641] [U] jrbZqμXv۠b [ 451.345406][T11986] dump_stack_lvl+0x100/0x190 [ 451.345453][T11986] should_fail_ex.cold+0x5/0xa [ 451.345487][T11986] ? constrain_params_by_rules+0x175/0xcc0 [ 451.345588][T11986] should_failslab+0xc2/0x120 [ 451.345620][T11986] __kmalloc_noprof+0xe0/0x850 [ 451.345669][T11986] constrain_params_by_rules+0x175/0xcc0 [ 451.345700][T11986] ? arch_stack_walk+0xa6/0xf0 [ 451.345742][T11986] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 451.345774][T11986] ? stack_trace_save+0x8e/0xc0 [ 451.345809][T11986] ? kfree+0x1f6/0x6b0 [ 451.345850][T11986] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 451.345964][T11986] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 451.346007][T11986] ? snd_pcm_oss_read+0x3d4/0x730 [ 451.346032][T11986] ? vfs_read+0x1e4/0xb30 [ 451.346072][T11986] ? ksys_read+0x12a/0x250 [ 451.346111][T11986] ? do_syscall_64+0x106/0xf80 [ 451.346144][T11986] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.346174][T11986] ? snd_interval_refine+0x2d0/0x580 [ 451.346243][T11986] snd_pcm_hw_refine+0x7e7/0xad0 [ 451.346283][T11986] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 451.346339][T11986] snd_pcm_hw_param_last+0x2b2/0x660 [ 451.346392][T11986] snd_pcm_hw_param_near.constprop.0+0x546/0x850 [ 451.346444][T11986] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 451.346492][T11986] ? calc_src_frames.isra.0+0x17c/0x1c0 [ 451.346530][T11986] snd_pcm_oss_change_params_locked+0x193a/0x39f0 [ 451.346593][T11986] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 451.346665][T11986] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 451.346713][T11986] snd_pcm_oss_read+0x3d4/0x730 [ 451.346745][T11986] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 451.346776][T11986] vfs_read+0x1e4/0xb30 [ 451.346830][T11986] ? __pfx_vfs_read+0x10/0x10 [ 451.346871][T11986] ? find_held_lock+0x2b/0x80 [ 451.346897][T11986] ? __fget_files+0x215/0x3d0 [ 451.346923][T11986] ? __fget_files+0x215/0x3d0 [ 451.346955][T11986] ? __fget_files+0x21f/0x3d0 [ 451.346993][T11986] ksys_read+0x12a/0x250 [ 451.347035][T11986] ? __pfx_ksys_read+0x10/0x10 [ 451.347087][T11986] do_syscall_64+0x106/0xf80 [ 451.347118][T11986] ? clear_bhb_loop+0x40/0x90 [ 451.347152][T11986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.347182][T11986] RIP: 0033:0x7f430299c799 [ 451.347205][T11986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 451.347233][T11986] RSP: 002b:00007f43038e3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 451.347261][T11986] RAX: ffffffffffffffda RBX: 00007f4302c15fa0 RCX: 00007f430299c799 [ 451.347279][T11986] RDX: 0000000000008080 RSI: 0000000000000000 RDI: 0000000000000003 [ 451.347294][T11986] RBP: 00007f4302a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 451.347309][T11986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.347323][T11986] R13: 00007f4302c16038 R14: 00007f4302c15fa0 R15: 00007fffdf453338 [ 451.347358][T11986] [ 451.742439][T11986] FAULT_INJECTION: forcing a failure. [ 451.742439][T11986] name failslab, interval 1, probability 0, space 0, times 0 [ 451.769604][T11986] CPU: 1 UID: 0 PID: 11986 Comm: syz.0.1262 Tainted: G U L syzkaller #0 PREEMPT(full) [ 451.769653][T11986] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 451.769662][T11986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 451.769679][T11986] Call Trace: [ 451.769688][T11986] [ 451.769698][T11986] dump_stack_lvl+0x100/0x190 [ 451.769745][T11986] should_fail_ex.cold+0x5/0xa [ 451.769780][T11986] should_failslab+0xc2/0x120 [ 451.769812][T11986] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 451.769854][T11986] ? skb_clone+0x190/0x400 [ 451.769895][T11986] skb_clone+0x190/0x400 [ 451.769929][T11986] netlink_deliver_tap+0xaed/0xcc0 [ 451.769973][T11986] netlink_unicast+0x650/0x870 [ 451.770016][T11986] ? __pfx_netlink_unicast+0x10/0x10 [ 451.770068][T11986] netlink_sendmsg+0x8b0/0xda0 [ 451.770111][T11986] ? __pfx_netlink_sendmsg+0x10/0x10 [ 451.770148][T11986] ? __import_iovec+0x1d2/0x640 [ 451.770181][T11986] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 451.770228][T11986] ____sys_sendmsg+0x9e1/0xb70 [ 451.770268][T11986] ? __pfx_netlink_sendmsg+0x10/0x10 [ 451.770309][T11986] ? __pfx_____sys_sendmsg+0x10/0x10 [ 451.770369][T11986] ? __pfx_futex_wake_mark+0x10/0x10 [ 451.770417][T11986] ___sys_sendmsg+0x190/0x1e0 [ 451.770460][T11986] ? __pfx____sys_sendmsg+0x10/0x10 [ 451.770539][T11986] __sys_sendmsg+0x170/0x220 [ 451.770567][T11986] ? __pfx___sys_sendmsg+0x10/0x10 [ 451.770593][T11986] ? __x64_sys_futex+0x34f/0x4d0 [ 451.770642][T11986] do_syscall_64+0x106/0xf80 [ 451.770673][T11986] ? clear_bhb_loop+0x40/0x90 [ 451.770706][T11986] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.770734][T11986] RIP: 0033:0x7f430299c799 [ 451.770757][T11986] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 451.770783][T11986] RSP: 002b:00007f43038e3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 451.770806][T11986] RAX: ffffffffffffffda RBX: 00007f4302c15fa0 RCX: 00007f430299c799 [ 451.770822][T11986] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 000000000000000a [ 451.770839][T11986] RBP: 00007f4302a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 451.770857][T11986] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.770873][T11986] R13: 00007f4302c16038 R14: 00007f4302c15fa0 R15: 00007fffdf453338 [ 451.770911][T11986] [ 452.394889][T11990] [U] /Eev/aJ'Vݧ$d [ 452.399791][T11990] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 452.408769][T11990] [U] WwK E6?(I,k8D [ 452.413993][T11990] [U] [ 452.416717][T11990] [U] [ 452.419406][T11990] [U] PWpLv*MP [ 452.424963][T11990] [U] r-$i3MX [ 452.429213][T11990] [U] mNatղF [ 452.455801][T11990] [U] jrbZqμXv۠b [ 458.352073][T12096] dump_stack_lvl+0x100/0x190 [ 458.352122][T12096] should_fail_ex.cold+0x5/0xa [ 458.352157][T12096] should_failslab+0xc2/0x120 [ 458.352186][T12096] __kmalloc_cache_node_noprof+0x7d/0x770 [ 458.352230][T12096] ? mem_cgroup_css_alloc+0xae8/0x1e00 [ 458.352269][T12096] mem_cgroup_css_alloc+0xae8/0x1e00 [ 458.352309][T12096] cgroup_apply_control_enable+0x4c3/0xbd0 [ 458.352369][T12096] cgroup_mkdir+0x57f/0x1330 [ 458.352419][T12096] ? __pfx_cgroup_mkdir+0x10/0x10 [ 458.352464][T12096] kernfs_iop_mkdir+0x111/0x190 [ 458.352507][T12096] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 458.352550][T12096] vfs_mkdir+0x361/0x850 [ 458.352593][T12096] filename_mkdirat+0x48b/0x5e0 [ 458.352629][T12096] ? __pfx_filename_mkdirat+0x10/0x10 [ 458.352661][T12096] ? strncpy_from_user+0x19d/0x2d0 [ 458.352719][T12096] ? do_getname+0x191/0x390 [ 458.352759][T12096] __x64_sys_mkdir+0x6b/0x90 [ 458.352791][T12096] do_syscall_64+0x106/0xf80 [ 458.352824][T12096] ? clear_bhb_loop+0x40/0x90 [ 458.352860][T12096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.352889][T12096] RIP: 0033:0x7f161c79c799 [ 458.352913][T12096] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 458.352941][T12096] RSP: 002b:00007f161d6c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 458.352970][T12096] RAX: ffffffffffffffda RBX: 00007f161ca15fa0 RCX: 00007f161c79c799 [ 458.352989][T12096] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 458.353007][T12096] RBP: 00007f161c832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 458.353025][T12096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 458.353041][T12096] R13: 00007f161ca16038 R14: 00007f161ca15fa0 R15: 00007ffef19c1f98 [ 458.353085][T12096] [ 458.937105][T12106] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1290'. [ 458.947543][T12107] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1291'. [ 460.664991][T12125] futex_wake_op: syz.4.1294 tries to shift op by -2048; fix this program [ 460.793017][T12125] futex_wake_op: syz.4.1294 tries to shift op by -2048; fix this program [ 460.805039][T12125] 0x000000000001-0x000000020000 : "" [ 461.267157][T12125] ftl_cs: FTL header corrupt! [ 462.985727][ T29] audit: type=1804 audit(4294975109.075:17): pid=12166 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1303" name="/newroot/sys/kernel/debug/tracing/set_event" dev="tracefs" ino=1074 res=1 errno=0 [ 463.096130][T12168] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1304'. [ 463.321845][T12176] __vm_enough_memory: pid: 12176, comm: syz.4.1305, bytes: 4398046511104 not enough memory for the allocation [ 463.988991][T12191] netlink: 'syz.3.1309': attribute type 11 has an invalid length. [ 464.030438][T12191] netlink: 'syz.3.1309': attribute type 11 has an invalid length. [ 464.085866][T12194] device-mapper: ioctl: Invalid ioctl structure: uuid [ 464.085866][T12194] , name , dev 700000007 [ 464.153745][T12191] netlink: 'syz.3.1309': attribute type 11 has an invalid length. [ 464.249956][T12191] netlink: 'syz.3.1309': attribute type 11 has an invalid length. [ 466.301320][T12221] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1317'. [ 466.311645][T12215] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1314'. [ 466.710819][T12235] Invalid ELF header magic: != ELF [ 466.895532][T12243] netlink: 'syz.0.1320': attribute type 11 has an invalid length. [ 467.008762][T12243] netlink: 'syz.0.1320': attribute type 11 has an invalid length. [ 467.054868][T12243] netlink: 'syz.0.1320': attribute type 11 has an invalid length. [ 467.122230][T12243] netlink: 'syz.0.1320': attribute type 11 has an invalid length. [ 470.004640][T12280] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1327'. [ 470.261053][T12284] [U] /Eev/aJ'Vݧ$d [ 470.265953][T12284] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 470.274933][T12284] [U] WwK E6?(I,k8D [ 470.280151][T12284] [U] [ 470.282855][T12284] [U] [ 470.285537][T12284] [U] PWpLv*MP [ 470.291080][T12284] [U] r-$i3MX [ 470.295320][T12284] [U] mNatղF [ 470.349296][T12284] [U] jrbZqμXv۠b [ 470.907476][T12304] dump_stack_lvl+0x100/0x190 [ 470.907529][T12304] should_fail_ex.cold+0x5/0xa [ 470.907564][T12304] get_futex_key+0x1d2/0x1620 [ 470.907604][T12304] ? __pfx_get_futex_key+0x10/0x10 [ 470.907642][T12304] ? __pfx____sys_sendmsg+0x10/0x10 [ 470.907694][T12304] futex_wake+0xea/0x530 [ 470.907739][T12304] ? __pfx_futex_wake+0x10/0x10 [ 470.907797][T12304] do_futex+0x32b/0x350 [ 470.907834][T12304] ? __pfx_do_futex+0x10/0x10 [ 470.907874][T12304] ? __sys_sendmsg+0x18f/0x220 [ 470.907911][T12304] __x64_sys_futex+0x34f/0x4d0 [ 470.907953][T12304] ? __pfx___x64_sys_futex+0x10/0x10 [ 470.908005][T12304] do_syscall_64+0x106/0xf80 [ 470.908039][T12304] ? clear_bhb_loop+0x40/0x90 [ 470.908074][T12304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.908104][T12304] RIP: 0033:0x7f5a4599c799 [ 470.908129][T12304] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 470.908156][T12304] RSP: 002b:00007f5a468ce0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 470.908184][T12304] RAX: ffffffffffffffda RBX: 00007f5a45c15fa8 RCX: 00007f5a4599c799 [ 470.908204][T12304] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5a45c15fac [ 470.908221][T12304] RBP: 00007f5a45c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 470.908239][T12304] R10: 0000000000000034 R11: 0000000000000246 R12: 0000000000000000 [ 470.908256][T12304] R13: 00007f5a45c16038 R14: 00007fff2f0fb180 R15: 00007fff2f0fb268 [ 470.908293][T12304] [ 471.404263][T12312] nvme_fcloop: unknown parameter or missing value '1' [ 472.977847][T12328] netlink: 'syz.2.1338': attribute type 23 has an invalid length. [ 474.144658][T12333] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1339'. [ 475.506126][T12361] netlink: 'syz.0.1344': attribute type 11 has an invalid length. [ 475.576021][T12361] netlink: 'syz.0.1344': attribute type 11 has an invalid length. [ 475.589957][T12361] netlink: 'syz.0.1344': attribute type 11 has an invalid length. [ 475.662422][T12361] netlink: 'syz.0.1344': attribute type 11 has an invalid length. [ 476.277822][T12376] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1350'. [ 476.552079][T12382] zswap: compressor  not available [ 477.063892][ T1211] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 477.072950][ T5835] Bluetooth: hci2: command 0x0c1a tx timeout [ 477.727364][T12380] zswap: compressor not available [ 477.817899][T12410] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 479.588891][T12459] netlink: 'syz.4.1365': attribute type 11 has an invalid length. [ 479.597441][T12459] netlink: 'syz.4.1365': attribute type 11 has an invalid length. [ 479.622246][T12459] netlink: 'syz.4.1365': attribute type 11 has an invalid length. [ 479.723495][T12459] netlink: 'syz.4.1365': attribute type 11 has an invalid length. [ 481.065576][T12479] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1372'. [ 482.666702][ T5835] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 483.015086][T12531] netlink: 'syz.3.1383': attribute type 11 has an invalid length. [ 483.023176][T12531] netlink: 'syz.3.1383': attribute type 11 has an invalid length. [ 483.328300][T12531] netlink: 'syz.3.1383': attribute type 11 has an invalid length. [ 483.401448][T12531] netlink: 'syz.3.1383': attribute type 11 has an invalid length. [ 485.134090][T12550] nbd: illegal input index -1073741824 [ 486.014117][T12556] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 487.163473][T12567] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 487.703478][T12585] FAULT_INJECTION: forcing a failure. [ 487.703478][T12585] name failslab, interval 1, probability 0, space 0, times 0 [ 487.754310][T12585] CPU: 0 UID: 0 PID: 12585 Comm: syz.2.1395 Tainted: G U L syzkaller #0 PREEMPT(full) [ 487.754360][T12585] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 487.754372][T12585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 487.754389][T12585] Call Trace: [ 487.754399][T12585] [ 487.754409][T12585] dump_stack_lvl+0x100/0x190 [ 487.754457][T12585] should_fail_ex.cold+0x5/0xa [ 487.754492][T12585] should_failslab+0xc2/0x120 [ 487.754523][T12585] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 487.754565][T12585] ? mqueue_alloc_inode+0x25/0x50 [ 487.754673][T12585] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 487.754727][T12585] ? __pfx_mqueue_alloc_inode+0x10/0x10 [ 487.754766][T12585] mqueue_alloc_inode+0x25/0x50 [ 487.754802][T12585] alloc_inode+0x68/0x250 [ 487.754839][T12585] new_inode+0x22/0x1c0 [ 487.754878][T12585] mqueue_get_inode+0x2e/0xe00 [ 487.754915][T12585] ? sget_fc+0x801/0xc70 [ 487.754957][T12585] ? __pfx_mqueue_fill_super+0x10/0x10 [ 487.754993][T12585] mqueue_fill_super+0x14d/0x260 [ 487.755030][T12585] get_tree_nodev+0xdd/0x190 [ 487.755075][T12585] mqueue_get_tree+0xf1/0x130 [ 487.755111][T12585] vfs_get_tree+0x92/0x320 [ 487.755151][T12585] fc_mount_longterm+0x1a/0x270 [ 487.755192][T12585] mq_init_ns+0x482/0x820 [ 487.755236][T12585] copy_ipcs+0x3dd/0x7e0 [ 487.755280][T12585] create_new_namespaces+0x20a/0xac0 [ 487.755310][T12585] ? security_capable+0x80/0x260 [ 487.755355][T12585] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 487.755389][T12585] ksys_unshare+0x473/0xad0 [ 487.755427][T12585] ? __pfx_ksys_unshare+0x10/0x10 [ 487.755476][T12585] __x64_sys_unshare+0x31/0x40 [ 487.755510][T12585] do_syscall_64+0x106/0xf80 [ 487.755543][T12585] ? clear_bhb_loop+0x40/0x90 [ 487.755578][T12585] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 487.755613][T12585] RIP: 0033:0x7f033c79c799 [ 487.755637][T12585] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 487.755666][T12585] RSP: 002b:00007f033d6fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 487.755693][T12585] RAX: ffffffffffffffda RBX: 00007f033ca15fa0 RCX: 00007f033c79c799 [ 487.755711][T12585] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000006c000000 [ 487.755735][T12585] RBP: 00007f033c832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 487.755752][T12585] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 487.755769][T12585] R13: 00007f033ca16038 R14: 00007f033ca15fa0 R15: 00007fffd72688e8 [ 487.755808][T12585] [ 488.807800][T12567] input: failed to attach handler evdev to device input16, error: -4 [ 488.887944][T12585] zswap: compressor not available [ 489.101526][T12594] [U] /Eev/aJ'Vݧ$d [ 489.106430][T12594] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 489.115407][T12594] [U] WwK E6?(I,k8D [ 489.120622][T12594] [U] [ 489.123343][T12594] [U] [ 489.126032][T12594] [U] PWpLv*MP [ 489.131588][T12594] [U] r-$i3MX [ 489.135841][T12594] [U] mNatղF [ 489.235702][T12588] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 489.576189][T12594] [U] jrbZqμXv۠b [ 494.874116][T12655] dump_stack_lvl+0x100/0x190 [ 494.874160][T12655] should_fail_ex.cold+0x5/0xa [ 494.874192][T12655] ? tomoyo_realpath_from_path+0xb6/0x690 [ 494.874225][T12655] should_failslab+0xc2/0x120 [ 494.874253][T12655] __kmalloc_noprof+0xe0/0x850 [ 494.874301][T12655] tomoyo_realpath_from_path+0xb6/0x690 [ 494.874341][T12655] tomoyo_path_number_perm+0x23c/0x580 [ 494.874383][T12655] ? tomoyo_path_number_perm+0x22e/0x580 [ 494.874427][T12655] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 494.874505][T12655] ? find_held_lock+0x2b/0x80 [ 494.874527][T12655] ? __fget_files+0x215/0x3d0 [ 494.874549][T12655] ? hook_file_ioctl_common+0x146/0x410 [ 494.874692][T12655] ? __fget_files+0x21f/0x3d0 [ 494.874723][T12655] security_file_ioctl+0xd3/0x230 [ 494.874793][T12655] __x64_sys_ioctl+0xb7/0x210 [ 494.874834][T12655] do_syscall_64+0x106/0xf80 [ 494.874864][T12655] ? clear_bhb_loop+0x40/0x90 [ 494.874898][T12655] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.874925][T12655] RIP: 0033:0x7f033c79c799 [ 494.874948][T12655] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 494.874974][T12655] RSP: 002b:00007f033d6fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 494.874998][T12655] RAX: ffffffffffffffda RBX: 00007f033ca15fa0 RCX: 00007f033c79c799 [ 494.875015][T12655] RDX: 000020000000c380 RSI: 00000000c0606610 RDI: 0000000000000003 [ 494.875040][T12655] RBP: 00007f033d6fd090 R08: 0000000000000000 R09: 0000000000000000 [ 494.875057][T12655] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 494.875073][T12655] R13: 00007f033ca16038 R14: 00007f033ca15fa0 R15: 00007fffd72688e8 [ 494.875112][T12655] [ 494.875206][T12655] ERROR: Out of memory at tomoyo_realpath_from_path. [ 495.227094][ T29] audit: type=1800 audit(4294967311.060:18): pid=12659 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1412" name="members" dev="configfs" ino=53036 res=0 errno=0 [ 495.280164][T12653] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 495.412862][T12653] File: /dev/ram5 PID: 12653 Comm: syz.3.1409 [ 495.524119][T12664] netlink: 'syz.2.1413': attribute type 11 has an invalid length. [ 495.654036][T12664] netlink: 'syz.2.1413': attribute type 11 has an invalid length. [ 495.703930][T12664] netlink: 'syz.2.1413': attribute type 11 has an invalid length. [ 495.942242][T12664] netlink: 'syz.2.1413': attribute type 11 has an invalid length. [ 496.112468][T12670] netlink: 326 bytes leftover after parsing attributes in process `syz.4.1414'. [ 496.617247][T12672] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1415'. [ 499.362260][T12705] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1422'. [ 500.109361][T12717] binder: 12715:12717 ioctl c018620c 2000000000c0 returned -22 [ 500.220630][T12717] binder: 12715:12717 ioctl c018620c 2000000000c0 returned -22 [ 500.382376][T12717] binder: 12715:12717 ioctl c018620c 2000000000c0 returned -22 [ 500.484045][T12717] binder: 12715:12717 ioctl c018620c 2000000000c0 returned -22 [ 500.548645][T12717] binder: 12715:12717 ioctl c018620c 2000000000c0 returned -22 [ 500.879590][T12721] FAULT_INJECTION: forcing a failure. [ 500.879590][T12721] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 501.021392][T12721] CPU: 0 UID: 0 PID: 12721 Comm: syz.4.1423 Tainted: G U L syzkaller #0 PREEMPT(full) [ 501.021439][T12721] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 501.021449][T12721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 501.021464][T12721] Call Trace: [ 501.021472][T12721] [ 501.021485][T12721] dump_stack_lvl+0x100/0x190 [ 501.021530][T12721] should_fail_ex.cold+0x5/0xa [ 501.021557][T12721] ? prepare_alloc_pages+0x16d/0x5f0 [ 501.021590][T12721] should_fail_alloc_page+0xeb/0x140 [ 501.021622][T12721] prepare_alloc_pages+0x1f0/0x5f0 [ 501.021659][T12721] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 501.021710][T12721] ? rcu_is_watching+0x12/0xc0 [ 501.021750][T12721] ? mod_memcg_lruvec_state+0x1a6/0x630 [ 501.021790][T12721] ? __mod_zone_page_state+0xe2/0x190 [ 501.021827][T12721] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 501.021866][T12721] ? lru_gen_add_folio+0x20f/0x13e0 [ 501.021914][T12721] ? folios_put_refs+0x66d/0x840 [ 501.021959][T12721] ? __pfx_folios_put_refs+0x10/0x10 [ 501.022003][T12721] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 501.022048][T12721] ? policy_nodemask+0xed/0x4f0 [ 501.022080][T12721] alloc_pages_mpol+0x1fb/0x550 [ 501.022110][T12721] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 501.022139][T12721] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 501.022179][T12721] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 501.022225][T12721] folio_alloc_mpol_noprof+0x36/0x340 [ 501.022261][T12721] shmem_alloc_folio+0x135/0x160 [ 501.022296][T12721] shmem_alloc_and_add_folio+0x371/0xd40 [ 501.022344][T12721] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 501.022394][T12721] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 501.022442][T12721] shmem_get_folio_gfp+0x6ab/0x1900 [ 501.022490][T12721] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 501.022532][T12721] ? filemap_map_pages+0xe69/0x2020 [ 501.022573][T12721] shmem_fault+0x1f9/0xa20 [ 501.022612][T12721] ? __lock_acquire+0x4a5/0x2630 [ 501.022645][T12721] ? __pfx_shmem_fault+0x10/0x10 [ 501.022690][T12721] ? __pfx_filemap_map_pages+0x10/0x10 [ 501.022739][T12721] __do_fault+0x10d/0x550 [ 501.022770][T12721] do_fault+0xaf9/0x1950 [ 501.022805][T12721] __handle_mm_fault+0x180f/0x2b60 [ 501.022847][T12721] ? mt_find+0x45e/0x8e0 [ 501.022882][T12721] ? __pfx___handle_mm_fault+0x10/0x10 [ 501.022916][T12721] ? __pfx_mt_find+0x10/0x10 [ 501.022970][T12721] ? find_vma+0xbf/0x140 [ 501.022995][T12721] ? __pfx_find_vma+0x10/0x10 [ 501.023024][T12721] handle_mm_fault+0x36d/0xa20 [ 501.023066][T12721] do_user_addr_fault+0x74c/0x12f0 [ 501.023119][T12721] exc_page_fault+0x6f/0xd0 [ 501.023153][T12721] asm_exc_page_fault+0x26/0x30 [ 501.023180][T12721] RIP: 0010:__get_user_8+0x14/0x30 [ 501.023206][T12721] Code: ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <48> 8b 10 31 c0 0f 01 ca e9 7f 8c 04 00 66 66 2e 0f 1f 84 00 00 00 [ 501.023232][T12721] RSP: 0018:ffffc9000459fd38 EFLAGS: 00050287 [ 501.023254][T12721] RAX: 0000000000005990 RBX: 0000000000000000 RCX: ffffc9000459fcdc [ 501.023271][T12721] RDX: 00007ffffffff000 RSI: ffffffff8255ff91 RDI: ffffffff8c1af920 [ 501.023289][T12721] RBP: 0000000000000b32 R08: 0000000000000001 R09: 00000000000001c5 [ 501.023305][T12721] R10: 0000000000000200 R11: 0000000000000000 R12: 00000000ffffffff [ 501.023321][T12721] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 501.023348][T12721] ? __might_fault+0x111/0x140 [ 501.023399][T12721] kernel_move_pages+0x325/0x13f0 [ 501.023444][T12721] ? __pfx_kernel_move_pages+0x10/0x10 [ 501.023491][T12721] ? xfd_validate_state+0x129/0x190 [ 501.023536][T12721] __x64_sys_move_pages+0xe0/0x1c0 [ 501.023568][T12721] ? do_syscall_64+0x95/0xf80 [ 501.023600][T12721] ? lockdep_hardirqs_on+0x78/0x100 [ 501.023630][T12721] do_syscall_64+0x106/0xf80 [ 501.023661][T12721] ? clear_bhb_loop+0x40/0x90 [ 501.023689][T12721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.023714][T12721] RIP: 0033:0x7f161c79c799 [ 501.023734][T12721] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 501.023756][T12721] RSP: 002b:00007f161d63d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 501.023780][T12721] RAX: ffffffffffffffda RBX: 00007f161ca16360 RCX: 00007f161c79c799 [ 501.023797][T12721] RDX: 0000000000000000 RSI: 0000000000001002 RDI: 0000000000000000 [ 501.023813][T12721] RBP: 00007f161c832bd9 R08: 0000000000000000 R09: 0000000000000002 [ 501.023829][T12721] R10: 0000200000001140 R11: 0000000000000246 R12: 0000000000000000 [ 501.023846][T12721] R13: 00007f161ca163f8 R14: 00007f161ca16360 R15: 00007ffef19c1f98 [ 501.023882][T12721] [ 501.611269][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.618989][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 502.045495][T12733] [U] /Eev/audio1 [ 502.049181][T12733] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 502.058163][T12733] [U] WwK E6?(I,k8D [ 502.063392][T12733] [U] [ 502.066113][T12733] [U] [ 502.068841][T12733] [U] W- [ 502.208481][T12733] [U] [ 502.211232][T12733] [U] [ 502.213950][T12733] [U] [ 502.216664][T12733] [U] [ 502.416365][T12733] [U] [ 502.419130][T12733] [U] [ 502.421850][T12733] [U] etdevsim0 [ 502.425351][T12733] [U] [ 502.459662][T12733] [U] [ 505.524898][T12779] netlink: 'syz.2.1437': attribute type 11 has an invalid length. [ 505.582528][T12779] netlink: 'syz.2.1437': attribute type 11 has an invalid length. [ 505.654028][T12779] netlink: 'syz.2.1437': attribute type 11 has an invalid length. [ 505.701409][T12779] netlink: 'syz.2.1437': attribute type 11 has an invalid length. [ 509.516720][T12838] netlink: 'syz.2.1450': attribute type 11 has an invalid length. [ 509.657535][T12838] netlink: 'syz.2.1450': attribute type 11 has an invalid length. [ 509.665538][T12838] netlink: 'syz.2.1450': attribute type 11 has an invalid length. [ 509.674008][T12838] netlink: 'syz.2.1450': attribute type 11 has an invalid length. [ 510.889436][T12852] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 510.907039][T12853] openvswitch: netlink: Tunnel attr 0 has unexpected len 0 expected 8 [ 512.939171][T12879] netlink: 'syz.2.1459': attribute type 2 has an invalid length. [ 513.351014][T12862] NFSD: Failed to start, no listeners configured. [ 513.878250][T12885] FAULT_INJECTION: forcing a failure. [ 513.878250][T12885] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 513.983934][T12885] CPU: 1 UID: 0 PID: 12885 Comm: syz.2.1461 Tainted: G U L syzkaller #0 PREEMPT(full) [ 513.983986][T12885] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 513.983998][T12885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 513.984015][T12885] Call Trace: [ 513.984024][T12885] [ 513.984035][T12885] dump_stack_lvl+0x100/0x190 [ 513.984085][T12885] should_fail_ex.cold+0x5/0xa [ 513.984112][T12885] ? prepare_alloc_pages+0x16d/0x5f0 [ 513.984150][T12885] should_fail_alloc_page+0xeb/0x140 [ 513.984182][T12885] prepare_alloc_pages+0x1f0/0x5f0 [ 513.984220][T12885] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 513.984282][T12885] ? stack_trace_save+0x8e/0xc0 [ 513.984310][T12885] ? __pfx_stack_trace_save+0x10/0x10 [ 513.984339][T12885] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 513.984382][T12885] ? stack_depot_save_flags+0x27/0x9d0 [ 513.984413][T12885] ? lock_acquire+0x1cf/0x380 [ 513.984453][T12885] ? kasan_save_stack+0x3f/0x50 [ 513.984496][T12885] ? kasan_save_stack+0x30/0x50 [ 513.984537][T12885] ? kasan_save_track+0x14/0x30 [ 513.984578][T12885] ? __kasan_kmalloc+0xaa/0xb0 [ 513.984632][T12885] ? do_file_open+0x20e/0x430 [ 513.984661][T12885] ? do_sys_openat2+0x10d/0x1e0 [ 513.984693][T12885] ? __x64_sys_openat+0x12d/0x210 [ 513.984728][T12885] ? do_syscall_64+0x106/0xf80 [ 513.984761][T12885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.984798][T12885] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 513.984847][T12885] ? policy_nodemask+0xed/0x4f0 [ 513.984880][T12885] alloc_pages_mpol+0x1fb/0x550 [ 513.984912][T12885] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 513.984953][T12885] alloc_pages_noprof+0x131/0x390 [ 513.984986][T12885] get_zeroed_page_noprof+0x18/0xb0 [ 513.985017][T12885] mon_alloc_buff+0xce/0x1b0 [ 513.985155][T12885] ? kasan_save_track+0x14/0x30 [ 513.985204][T12885] mon_bin_open+0x207/0x470 [ 513.985249][T12885] ? __pfx_mon_bin_open+0x10/0x10 [ 513.985293][T12885] chrdev_open+0x234/0x6a0 [ 513.985324][T12885] ? __pfx_chrdev_open+0x10/0x10 [ 513.985354][T12885] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 513.985392][T12885] do_dentry_open+0x6d8/0x1660 [ 513.985426][T12885] ? __pfx_chrdev_open+0x10/0x10 [ 513.985465][T12885] vfs_open+0x82/0x3f0 [ 513.985504][T12885] path_openat+0x208c/0x31a0 [ 513.985546][T12885] ? __pfx_path_openat+0x10/0x10 [ 513.985590][T12885] do_file_open+0x20e/0x430 [ 513.985631][T12885] ? __pfx_do_file_open+0x10/0x10 [ 513.985689][T12885] ? alloc_fd+0x476/0x790 [ 513.985721][T12885] ? do_getname+0x191/0x390 [ 513.985759][T12885] do_sys_openat2+0x10d/0x1e0 [ 513.985797][T12885] ? __pfx_do_sys_openat2+0x10/0x10 [ 513.985838][T12885] ? __fget_files+0x21f/0x3d0 [ 513.985874][T12885] __x64_sys_openat+0x12d/0x210 [ 513.985913][T12885] ? __pfx___x64_sys_openat+0x10/0x10 [ 513.985970][T12885] do_syscall_64+0x106/0xf80 [ 513.986004][T12885] ? clear_bhb_loop+0x40/0x90 [ 513.986040][T12885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 513.986071][T12885] RIP: 0033:0x7f033c79c799 [ 513.986095][T12885] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 513.986122][T12885] RSP: 002b:00007f033d6dc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 513.986149][T12885] RAX: ffffffffffffffda RBX: 00007f033ca16090 RCX: 00007f033c79c799 [ 513.986169][T12885] RDX: 0000000000002040 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 513.986187][T12885] RBP: 00007f033c832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 513.986204][T12885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 513.986221][T12885] R13: 00007f033ca16128 R14: 00007f033ca16090 R15: 00007fffd72688e8 [ 513.986261][T12885] [ 515.780097][T12901] netlink: 'syz.0.1463': attribute type 11 has an invalid length. [ 515.814219][T12901] netlink: 'syz.0.1463': attribute type 11 has an invalid length. [ 515.842634][T12901] netlink: 'syz.0.1463': attribute type 11 has an invalid length. [ 516.132367][T12901] netlink: 'syz.0.1463': attribute type 11 has an invalid length. [ 516.928793][T12929] ICMPv6: process `syz.0.1470' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 516.996706][T12929] FAULT_INJECTION: forcing a failure. [ 516.996706][T12929] name failslab, interval 1, probability 0, space 0, times 0 [ 517.015997][T12929] CPU: 0 UID: 0 PID: 12929 Comm: syz.0.1470 Tainted: G U L syzkaller #0 PREEMPT(full) [ 517.016047][T12929] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 517.016058][T12929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 517.016074][T12929] Call Trace: [ 517.016084][T12929] [ 517.016094][T12929] dump_stack_lvl+0x100/0x190 [ 517.016144][T12929] should_fail_ex.cold+0x5/0xa [ 517.016178][T12929] should_failslab+0xc2/0x120 [ 517.016207][T12929] __kmalloc_cache_noprof+0x7a/0x6f0 [ 517.016244][T12929] ? rfkill_fop_open+0x1b6/0x750 [ 517.016391][T12929] ? mark_held_locks+0x40/0x70 [ 517.016434][T12929] rfkill_fop_open+0x1b6/0x750 [ 517.016484][T12929] ? __pfx_rfkill_fop_open+0x10/0x10 [ 517.016529][T12929] misc_open+0x26d/0x450 [ 517.016589][T12929] ? __pfx_misc_open+0x10/0x10 [ 517.016616][T12929] chrdev_open+0x234/0x6a0 [ 517.016645][T12929] ? __pfx_apparmor_file_open+0x10/0x10 [ 517.016685][T12929] ? __pfx_chrdev_open+0x10/0x10 [ 517.016716][T12929] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 517.016755][T12929] do_dentry_open+0x6d8/0x1660 [ 517.016781][T12929] ? __pfx_chrdev_open+0x10/0x10 [ 517.016819][T12929] vfs_open+0x82/0x3f0 [ 517.016857][T12929] path_openat+0x208c/0x31a0 [ 517.016896][T12929] ? __pfx_path_openat+0x10/0x10 [ 517.016941][T12929] do_file_open+0x20e/0x430 [ 517.016973][T12929] ? __pfx_do_file_open+0x10/0x10 [ 517.017028][T12929] ? alloc_fd+0x476/0x790 [ 517.017059][T12929] ? do_getname+0x191/0x390 [ 517.017095][T12929] do_sys_openat2+0x10d/0x1e0 [ 517.017130][T12929] ? __pfx_do_sys_openat2+0x10/0x10 [ 517.017169][T12929] ? __fget_files+0x21f/0x3d0 [ 517.017204][T12929] __x64_sys_openat+0x12d/0x210 [ 517.017240][T12929] ? __pfx___x64_sys_openat+0x10/0x10 [ 517.017292][T12929] do_syscall_64+0x106/0xf80 [ 517.017326][T12929] ? clear_bhb_loop+0x40/0x90 [ 517.017378][T12929] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.017408][T12929] RIP: 0033:0x7f430299c799 [ 517.017433][T12929] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 517.017461][T12929] RSP: 002b:00007f43038e3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 517.017489][T12929] RAX: ffffffffffffffda RBX: 00007f4302c15fa0 RCX: 00007f430299c799 [ 517.017507][T12929] RDX: 0000000000000000 RSI: 0000200000000200 RDI: ffffffffffffff9c [ 517.017526][T12929] RBP: 00007f4302a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 517.017543][T12929] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 517.017560][T12929] R13: 00007f4302c16038 R14: 00007f4302c15fa0 R15: 00007fffdf453338 [ 517.017599][T12929] [ 517.303097][T12931] usb usb3: usbfs: interface 0 claimed by hub while 'syz.2.1471' sets config #-1 [ 517.315805][ T5835] Bluetooth: hci0: Malformed Event: 0x02 [ 518.202698][T12945] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1475'. [ 518.938988][T12963] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1478'. [ 519.526852][T12975] vhci_hcd vhci_hcd.2: SetHubDepth req not supported for USB 2.0 roothub [ 521.117611][T13000] FAULT_INJECTION: forcing a failure. [ 521.117611][T13000] name failslab, interval 1, probability 0, space 0, times 0 [ 521.166826][T13000] CPU: 1 UID: 0 PID: 13000 Comm: syz.4.1488 Tainted: G U L syzkaller #0 PREEMPT(full) [ 521.166876][T13000] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 521.166887][T13000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 521.166904][T13000] Call Trace: [ 521.166914][T13000] [ 521.166924][T13000] dump_stack_lvl+0x100/0x190 [ 521.166975][T13000] should_fail_ex.cold+0x5/0xa [ 521.167009][T13000] ? __vb2_queue_alloc+0x23e/0x1160 [ 521.167146][T13000] should_failslab+0xc2/0x120 [ 521.167175][T13000] __kmalloc_noprof+0xe0/0x850 [ 521.167216][T13000] ? bitmap_find_next_zero_area_off+0xb4/0xd0 [ 521.167291][T13000] __vb2_queue_alloc+0x23e/0x1160 [ 521.167353][T13000] vb2_core_reqbufs+0x899/0xf30 [ 521.167403][T13000] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 521.167473][T13000] __vb2_init_fileio+0x32d/0x1000 [ 521.167512][T13000] ? lockdep_hardirqs_on+0x78/0x100 [ 521.167545][T13000] ? __pollwait+0x276/0x470 [ 521.167587][T13000] vb2_core_poll+0x611/0x740 [ 521.167632][T13000] vb2_poll+0x4b/0xe0 [ 521.167668][T13000] vb2_fop_poll+0x10e/0x350 [ 521.167707][T13000] ? __pfx_vb2_fop_poll+0x10/0x10 [ 521.167745][T13000] v4l2_poll+0x15f/0x220 [ 521.167827][T13000] ? __pfx_v4l2_poll+0x10/0x10 [ 521.167866][T13000] do_sys_poll+0x6e5/0xeb0 [ 521.167920][T13000] ? __pfx_do_sys_poll+0x10/0x10 [ 521.167993][T13000] ? __futex_wait+0x256/0x300 [ 521.168038][T13000] ? __pfx___pollwait+0x10/0x10 [ 521.168080][T13000] ? __pfx_pollwake+0x10/0x10 [ 521.168174][T13000] ? ktime_get_ts64+0x2d2/0x3f0 [ 521.168206][T13000] ? read_tsc+0x9/0x20 [ 521.168235][T13000] ? ktime_get_ts64+0x256/0x3f0 [ 521.168268][T13000] ? poll_select_set_timeout+0xcc/0x160 [ 521.168311][T13000] ? __x64_sys_futex+0x358/0x4d0 [ 521.168350][T13000] __x64_sys_poll+0x1b3/0x420 [ 521.168377][T13000] ? __pfx___x64_sys_poll+0x10/0x10 [ 521.168425][T13000] do_syscall_64+0x106/0xf80 [ 521.168458][T13000] ? clear_bhb_loop+0x40/0x90 [ 521.168494][T13000] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.168524][T13000] RIP: 0033:0x7f161c79c799 [ 521.168548][T13000] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 521.168575][T13000] RSP: 002b:00007f161d6c1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000007 [ 521.168602][T13000] RAX: ffffffffffffffda RBX: 00007f161ca15fa0 RCX: 00007f161c79c799 [ 521.168621][T13000] RDX: 0000000000000008 RSI: 0000000000000003 RDI: 0000200000000480 [ 521.168637][T13000] RBP: 00007f161c832bd9 R08: 0000000000000000 R09: 0000000000000000 [ 521.168654][T13000] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 521.168669][T13000] R13: 00007f161ca16038 R14: 00007f161ca15fa0 R15: 00007ffef19c1f98 [ 521.168704][T13000] [ 522.999823][T13043] bridge0: port 3(team0) entered blocking state [ 523.026909][T13043] bridge0: port 3(team0) entered disabled state [ 523.036961][T13043] team0: entered allmulticast mode [ 523.042120][T13043] team_slave_0: entered allmulticast mode [ 523.095099][T13043] team_slave_1: entered allmulticast mode [ 523.184457][T13043] team0: entered promiscuous mode [ 523.189539][T13043] team_slave_0: entered promiscuous mode [ 523.256964][T13043] team_slave_1: entered promiscuous mode [ 523.264766][T13043] bridge0: port 3(team0) entered blocking state [ 523.271385][T13043] bridge0: port 3(team0) entered forwarding state [ 524.110791][T13050] [U] /Eev/audio1 [ 524.114478][T13050] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 524.123458][T13050] [U] WwK E6?(I,k8D [ 524.128682][T13050] [U] [ 524.131490][T13050] [U] [ 524.134202][T13050] [U] W- [ 524.157217][T13050] [U] [ 524.159971][T13050] [U] [ 524.162705][T13050] [U] [ 524.165424][T13050] [U] [ 524.170014][T13050] [U] [ 524.172756][T13050] [U] [ 524.175471][T13050] [U] etdevsim0 [ 524.178956][T13050] [U] [ 524.183051][T13050] [U] [ 524.185781][T13050] [U] [ 524.188501][T13050] [U] [ 524.191218][T13050] [U] [ 524.201134][T13050] [U] [ 524.203875][T13050] [U] [ 524.206581][T13050] [U] [ 524.209284][T13050] [U] [ 524.261641][T13050] [U] [ 525.310314][T13079] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 525.471429][T13086] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 525.657486][T13092] futex_wake_op: syz.0.1502 tries to shift op by -2048; fix this program [ 525.701348][T13092] futex_wake_op: syz.0.1502 tries to shift op by -2048; fix this program [ 525.727341][T13092] 0x000000000001-0x000000020000 : "" [ 525.747426][T13092] ftl_cs: FTL header corrupt! [ 527.028129][T13119] [U] /Eev/audio1 [ 527.031816][T13119] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 527.040853][T13119] [U] WwK E6?(I,k8D [ 527.046107][T13119] [U] [ 527.048831][T13119] [U] [ 527.051567][T13119] [U] W- [ 527.179483][T13119] [U] [ 527.182237][T13119] [U] [ 527.184973][T13119] [U] [ 527.187696][T13119] [U] [ 527.253968][T13119] [U] [ 527.256727][T13119] [U] [ 527.259449][T13119] [U] etdevsim0 [ 527.262954][T13119] [U] [ 527.327035][T13119] [U] [ 527.767901][T13142] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1521'. [ 528.485819][T13161] bridge0: port 3(bond0) entered blocking state [ 528.492462][T13161] bridge0: port 3(bond0) entered disabled state [ 528.527975][T13161] bond0: entered allmulticast mode [ 528.533196][T13161] bond_slave_0: entered allmulticast mode [ 528.570977][T13161] bond_slave_1: entered allmulticast mode [ 528.581415][T13161] bond0: entered promiscuous mode [ 528.587384][T13161] bond_slave_0: entered promiscuous mode [ 528.607729][T13161] bond_slave_1: entered promiscuous mode [ 528.615094][T13161] bridge0: port 3(bond0) entered blocking state [ 528.621491][T13161] bridge0: port 3(bond0) entered forwarding state [ 528.908047][T13174] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1531'. [ 528.935730][T13175] netlink: 'syz.0.1529': attribute type 11 has an invalid length. [ 528.944014][T13175] netlink: 'syz.0.1529': attribute type 11 has an invalid length. [ 528.995239][T13175] netlink: 'syz.0.1529': attribute type 11 has an invalid length. [ 529.141704][T13175] netlink: 'syz.0.1529': attribute type 11 has an invalid length. [ 529.919709][T13188] zero sized request [ 529.939718][T13188] zero sized request [ 530.086529][T13193] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 530.164048][T13193] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 530.225142][T13193] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 531.096869][T13230] netlink: 116 bytes leftover after parsing attributes in process `syz.2.1540'. [ 531.787806][T13238] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1538'. [ 532.105360][ T5835] Bluetooth: hci0: command 0x0c1a tx timeout [ 532.184018][ T5835] Bluetooth: hci1: command 0x0c1a tx timeout [ 532.268353][ T5835] Bluetooth: hci4: command 0x0c1a tx timeout [ 533.386109][T13337] netlink: 'syz.3.1543': attribute type 11 has an invalid length. [ 533.805736][T13337] netlink: 'syz.3.1543': attribute type 11 has an invalid length. [ 534.603814][T13337] netlink: 'syz.3.1543': attribute type 11 has an invalid length. [ 534.613476][T13337] netlink: 'syz.3.1543': attribute type 11 has an invalid length. [ 537.167055][T13351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1546'. [ 538.621031][T13354] [U] /Eev/audio1 [ 538.624741][T13354] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 538.634685][T13354] [U] WwK E6?(I,k8D [ 538.642457][T13354] [U] [ 538.645920][T13354] [U] [ 538.649804][T13354] [U] W- [ 539.084383][T13354] [U] [ 539.658021][T13368] zswap: compressor not available [ 542.025085][T13401] netlink: 246 bytes leftover after parsing attributes in process `syz.4.1556'. [ 544.274139][T13425] netlink: 'syz.2.1562': attribute type 11 has an invalid length. [ 544.295217][T13425] netlink: 'syz.2.1562': attribute type 11 has an invalid length. [ 544.305586][T13425] netlink: 'syz.2.1562': attribute type 11 has an invalid length. [ 544.374561][T13425] netlink: 'syz.2.1562': attribute type 11 has an invalid length. [ 544.567786][T13428] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1563'. [ 546.805204][T13446] [U] /Eev/audio1 [ 546.808895][T13446] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 546.817884][T13446] [U] WwK E6?(I,k8D [ 546.823106][T13446] [U] [ 546.825830][T13446] [U] [ 546.828561][T13446] [U] W- [ 547.060938][T13446] [U] [ 547.554254][T13459] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1571'. [ 547.605270][T13461] [U] ^\ [ 547.694598][T13466] random: crng reseeded on system resumption [ 548.294171][T13469] netlink: 'syz.2.1574': attribute type 11 has an invalid length. [ 548.302041][T13469] netlink: 'syz.2.1574': attribute type 11 has an invalid length. [ 548.323452][T13469] netlink: 'syz.2.1574': attribute type 11 has an invalid length. [ 548.342474][T13469] netlink: 'syz.2.1574': attribute type 11 has an invalid length. [ 550.036126][T13492] bond0: invalid ARP target specified [ 550.249151][T13499] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1582'. [ 550.602600][T13503] [U] /Eev/audio1 [ 550.606323][T13503] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 550.615314][T13503] [U] WwK E6?(I,k8D [ 550.620545][T13503] [U] [ 550.623283][T13503] [U] [ 550.626013][T13503] [U] W- [ 550.651363][T13503] [U] [ 550.654193][T13503] [U] [ 550.657063][T13503] [U] [ 550.660000][T13503] [U] [ 550.679586][T13503] [U] [ 550.682585][T13503] [U] [ 550.685319][T13503] [U] etdevsim0 [ 550.688828][T13503] [U] [ 550.698066][T13503] [U] [ 550.700785][T13503] [U] [ 550.704098][T13503] [U] [ 550.706790][T13503] [U] [ 550.795597][T13503] [U] [ 551.913823][T13524] netlink: 'syz.2.1587': attribute type 11 has an invalid length. [ 551.921687][T13524] netlink: 'syz.2.1587': attribute type 11 has an invalid length. [ 552.189470][T13524] netlink: 'syz.2.1587': attribute type 11 has an invalid length. [ 552.523147][T13524] netlink: 'syz.2.1587': attribute type 11 has an invalid length. [ 554.837185][T13546] bond0: invalid ARP target specified [ 555.144257][T13552] netlink: 146 bytes leftover after parsing attributes in process `syz.4.1593'. [ 555.371827][T13550] [U] /Eev/audio1 [ 555.375519][T13550] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 555.384508][T13550] [U] WwK E6?(I,k8D [ 555.389738][T13550] [U] [ 555.392459][T13550] [U] [ 555.395182][T13550] [U] W- [ 555.483894][T13550] [U] [ 555.486675][T13550] [U] [ 555.489399][T13550] [U] [ 555.492111][T13550] [U] [ 555.507677][T13550] [U] [ 555.510433][T13550] [U] [ 555.513159][T13550] [U] etdevsim0 [ 555.516665][T13550] [U] [ 555.662805][T13550] [U] [ 557.363466][T13582] netlink: 342 bytes leftover after parsing attributes in process `syz.4.1599'. [ 557.569459][T13585] netlink: 246 bytes leftover after parsing attributes in process `syz.0.1601'. [ 558.887810][T13599] zswap: compressor not available [ 558.936037][T13595] [U] /Eev/audio1 [ 558.939725][T13595] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 558.948719][T13595] [U] WwK E6?(I,k8D [ 558.953949][T13595] [U] [ 558.956679][T13595] [U] [ 558.959401][T13595] [U] W- [ 558.994719][T13595] [U] [ 558.997454][T13595] [U] [ 559.000132][T13595] [U] [ 559.002809][T13595] [U] [ 559.035658][T13595] [U] [ 559.038417][T13595] [U] [ 559.041137][T13595] [U] etdevsim0 [ 559.044647][T13595] [U] [ 559.195953][T13595] [U] [ 559.455256][T13619] [U] /Eev/audio1 [ 559.458949][T13619] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 559.467943][T13619] [U] WwK E6?(I,k8D [ 559.473188][T13619] [U] [ 559.475916][T13619] [U] [ 559.478643][T13619] [U] W- [ 559.530867][T13619] [U] [ 559.533810][T13619] [U] [ 559.536543][T13619] [U] [ 559.539273][T13619] [U] [ 559.607103][T13619] [U] [ 559.609857][T13619] [U] [ 559.612571][T13619] [U] etdevsim0 [ 559.616082][T13619] [U] [ 559.670142][T13627] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1608'. [ 559.696465][T13619] [U] [ 561.196472][T13643] ubi3: attaching mtd1 [ 562.830294][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.836761][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.650034][T13679] netlink: 342 bytes leftover after parsing attributes in process `syz.3.1616'. [ 564.936397][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806281a400: rx timeout, send abort [ 565.220092][T13682] [U] /Eev/audio1 [ 565.223775][T13682] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 565.232737][T13682] [U] WwK E6?(I,k8D [ 565.237924][T13682] [U] [ 565.240597][T13682] [U] [ 565.243271][T13682] [U] W- [ 565.323221][T13682] [U] [ 565.325982][T13682] [U] [ 565.328709][T13682] [U] [ 565.331429][T13682] [U] [ 565.433987][T13682] [U] [ 565.436759][T13682] [U] [ 565.439484][T13682] [U] etdevsim0 [ 565.442979][T13682] [U] [ 565.446012][ C1] vcan0: j1939_tp_rxtimer: 0xffff88806281a400: abort rx timeout. Force session deactivation [ 565.751807][T13682] [U] [ 565.987055][T13692] ubi3: attaching mtd1 [ 567.052185][T13707] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1622'. [ 567.164396][T13706] ubi3: attaching mtd1 [ 567.780697][T13713] [U] /Eev/audio1 [ 567.784397][T13713] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 567.793378][T13713] [U] WwK E6?(I,k8D [ 567.798595][T13713] [U] [ 567.801315][T13713] [U] [ 567.804030][T13713] [U] W- [ 567.930223][T13713] [U] [ 567.932985][T13713] [U] [ 567.935725][T13713] [U] [ 567.938438][T13713] [U] [ 568.004783][T13713] [U] [ 568.007547][T13713] [U] [ 568.010285][T13713] [U] etdevsim0 [ 568.013797][T13713] [U] [ 568.041037][T13713] [U] [ 568.410919][T13719] bond0: invalid ARP target specified [ 569.885224][T13729] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1627'. [ 570.859903][T13745] netlink: 146 bytes leftover after parsing attributes in process `syz.4.1632'. [ 571.979693][T13762] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1635'. [ 572.055592][T13755] zswap: compressor not available [ 573.525814][T13778] bond0: invalid ARP target specified [ 573.720739][T13784] bond0: invalid ARP target specified [ 573.840961][T13786] netlink: 'syz.3.1641': attribute type 11 has an invalid length. [ 573.884922][T13786] netlink: 'syz.3.1641': attribute type 11 has an invalid length. [ 574.026985][T13786] netlink: 'syz.3.1641': attribute type 11 has an invalid length. [ 574.104893][T13786] netlink: 'syz.3.1641': attribute type 11 has an invalid length. [ 575.437718][T13806] netlink: 246 bytes leftover after parsing attributes in process `syz.2.1647'. [ 575.495394][T13805] netlink: 146 bytes leftover after parsing attributes in process `syz.0.1646'. [ 575.805652][T13809] netlink: zone id is out of range [ 575.948615][T13809] netlink: zone id is out of range [ 576.110782][T13809] netlink: zone id is out of range [ 576.120864][T13809] netlink: zone id is out of range [ 576.133102][T13809] netlink: zone id is out of range [ 576.203713][T13809] netlink: zone id is out of range [ 576.294815][T13809] netlink: zone id is out of range [ 576.383780][T13809] netlink: zone id is out of range [ 576.489036][T13809] netlink: zone id is out of range [ 576.535215][T13824] netlink: 146 bytes leftover after parsing attributes in process `syz.2.1651'. [ 576.552766][T13809] netlink: zone id is out of range [ 577.048625][T13832] bond0: invalid ARP target specified [ 577.982073][T13836] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1656'. [ 577.992692][T13836] netlink: 'syz.0.1656': attribute type 1 has an invalid length. [ 578.001971][T13836] netlink: 'syz.0.1656': attribute type 6 has an invalid length. [ 578.138781][T13839] FAULT_INJECTION: forcing a failure. [ 578.138781][T13839] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 578.245090][T13839] CPU: 1 UID: 0 PID: 13839 Comm: syz.3.1657 Tainted: G U L syzkaller #0 PREEMPT(full) [ 578.245137][T13839] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 578.245147][T13839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 578.245163][T13839] Call Trace: [ 578.245171][T13839] [ 578.245181][T13839] dump_stack_lvl+0x100/0x190 [ 578.245223][T13839] should_fail_ex.cold+0x5/0xa [ 578.245248][T13839] ? prepare_alloc_pages+0x16d/0x5f0 [ 578.245283][T13839] should_fail_alloc_page+0xeb/0x140 [ 578.245313][T13839] prepare_alloc_pages+0x1f0/0x5f0 [ 578.245349][T13839] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 578.245390][T13839] ? rcu_is_watching+0x12/0xc0 [ 578.245433][T13839] ? __lock_acquire+0x4a5/0x2630 [ 578.245474][T13839] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 578.245517][T13839] ? do_raw_spin_lock+0x128/0x260 [ 578.245555][T13839] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 578.245590][T13839] ? find_held_lock+0x2b/0x80 [ 578.245626][T13839] ? __lock_acquire+0x4a5/0x2630 [ 578.245658][T13839] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 578.245703][T13839] ? policy_nodemask+0xed/0x4f0 [ 578.245734][T13839] alloc_pages_mpol+0x1fb/0x550 [ 578.245772][T13839] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 578.245800][T13839] ? __folio_batch_add_and_move+0x5e5/0xc60 [ 578.245848][T13839] folio_alloc_mpol_noprof+0x36/0x340 [ 578.245881][T13839] shmem_alloc_folio+0x135/0x160 [ 578.245916][T13839] shmem_alloc_and_add_folio+0x371/0xd40 [ 578.245962][T13839] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 578.246003][T13839] ? shmem_allowable_huge_orders+0x2bd/0x400 [ 578.246050][T13839] shmem_get_folio_gfp+0x6ab/0x1900 [ 578.246098][T13839] ? __pfx_shmem_get_folio_gfp+0x10/0x10 [ 578.246139][T13839] ? filemap_map_pages+0xe69/0x2020 [ 578.246183][T13839] shmem_fault+0x1f9/0xa20 [ 578.246220][T13839] ? __lock_acquire+0x4a5/0x2630 [ 578.246252][T13839] ? __pfx_shmem_fault+0x10/0x10 [ 578.246297][T13839] ? __pfx_filemap_map_pages+0x10/0x10 [ 578.246346][T13839] __do_fault+0x10d/0x550 [ 578.246375][T13839] do_fault+0xaf9/0x1950 [ 578.246411][T13839] __handle_mm_fault+0x180f/0x2b60 [ 578.246455][T13839] ? __pfx___handle_mm_fault+0x10/0x10 [ 578.246492][T13839] ? pte_offset_map_lock+0x174/0x320 [ 578.246520][T13839] ? find_held_lock+0x2b/0x80 [ 578.246557][T13839] ? follow_page_pte+0x5b3/0x1400 [ 578.246595][T13839] handle_mm_fault+0x36d/0xa20 [ 578.246636][T13839] __get_user_pages+0xf9c/0x34d0 [ 578.246680][T13839] ? __pfx___get_user_pages+0x10/0x10 [ 578.246720][T13839] populate_vma_page_range+0x267/0x3f0 [ 578.246763][T13839] ? __pfx_populate_vma_page_range+0x10/0x10 [ 578.246792][T13839] ? __pfx_find_vma_intersection+0x10/0x10 [ 578.246824][T13839] ? __pfx_apply_vma_lock_flags+0x10/0x10 [ 578.246868][T13839] __mm_populate+0x107/0x3a0 [ 578.246901][T13839] ? __pfx___mm_populate+0x10/0x10 [ 578.246935][T13839] ? up_write+0x290/0x4f0 [ 578.246975][T13839] do_mlock+0x3f0/0x7f0 [ 578.247016][T13839] ? __pfx_do_mlock+0x10/0x10 [ 578.247050][T13839] ? __x64_sys_futex+0x34f/0x4d0 [ 578.247084][T13839] ? __x64_sys_futex+0x358/0x4d0 [ 578.247121][T13839] ? xfd_validate_state+0x129/0x190 [ 578.247161][T13839] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 578.247203][T13839] __x64_sys_mlock+0x59/0x80 [ 578.247240][T13839] do_syscall_64+0x106/0xf80 [ 578.247271][T13839] ? clear_bhb_loop+0x40/0x90 [ 578.247304][T13839] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 578.247332][T13839] RIP: 0033:0x7f5a4599c799 [ 578.247356][T13839] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 578.247381][T13839] RSP: 002b:00007f5a468ce028 EFLAGS: 00000246 ORIG_RAX: 0000000000000095 [ 578.247407][T13839] RAX: ffffffffffffffda RBX: 00007f5a45c15fa0 RCX: 00007f5a4599c799 [ 578.247425][T13839] RDX: 0000000000000000 RSI: 0000000000080006 RDI: 0000000000000112 [ 578.247442][T13839] RBP: 00007f5a45a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 578.247459][T13839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 578.247475][T13839] R13: 00007f5a45c16038 R14: 00007f5a45c15fa0 R15: 00007fff2f0fb268 [ 578.247513][T13839] [ 578.702502][T13852] netlink: 246 bytes leftover after parsing attributes in process `syz.4.1660'. [ 579.508020][T13868] bond0: invalid ARP target specified [ 581.130706][T13902] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1672'. [ 581.165551][T13902] netlink: 'syz.4.1672': attribute type 1 has an invalid length. [ 581.173325][T13902] netlink: 'syz.4.1672': attribute type 6 has an invalid length. [ 581.593880][T13912] netlink: 'syz.2.1676': attribute type 11 has an invalid length. [ 581.695973][T13912] netlink: 'syz.2.1676': attribute type 11 has an invalid length. [ 581.908171][T13912] netlink: 'syz.2.1676': attribute type 11 has an invalid length. [ 581.974105][T13912] netlink: 'syz.2.1676': attribute type 11 has an invalid length. [ 582.329901][T13921] bond0: invalid ARP target specified [ 582.908733][T13931] [U] /Eev/audio1 [ 582.912422][T13931] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 582.921407][T13931] [U] WwK E6?(I,k8D [ 582.926632][T13931] [U] [ 582.929364][T13931] [U] [ 582.932089][T13931] [U] W- [ 582.942553][T13931] [U] [ 582.945304][T13931] [U] [ 582.948022][T13931] [U] [ 582.950745][T13931] [U] [ 582.954314][T13931] [U] [ 582.957054][T13931] [U] [ 582.959772][T13931] [U] etdevsim0 [ 582.963272][T13931] [U] [ 582.967554][T13931] [U] [ 582.970279][T13931] [U] [ 582.972984][T13931] [U] [ 582.975697][T13931] [U] [ 582.981037][T13931] [U] [ 582.983776][T13931] [U] [ 582.986492][T13931] [U] [ 582.989215][T13931] [U] [ 583.013877][T13931] [U] [ 583.016629][T13931] [U] [ 583.019353][T13931] [U] [ 583.022074][T13931] [U] [ 583.041002][T13935] bond0: invalid ARP target specified [ 583.065782][T13931] [U] [ 584.615229][T13962] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1686'. [ 584.664723][T13963] netlink: 'syz.4.1695': attribute type 11 has an invalid length. [ 584.672556][T13963] netlink: 'syz.4.1695': attribute type 11 has an invalid length. [ 584.705298][T13963] netlink: 'syz.4.1695': attribute type 11 has an invalid length. [ 584.724250][T13962] netlink: 'syz.3.1686': attribute type 1 has an invalid length. [ 584.732011][T13962] netlink: 'syz.3.1686': attribute type 6 has an invalid length. [ 584.950951][T13963] netlink: 'syz.4.1695': attribute type 11 has an invalid length. [ 586.115185][T13977] netlink: 'syz.0.1698': attribute type 11 has an invalid length. [ 586.123040][T13977] netlink: 'syz.0.1698': attribute type 11 has an invalid length. [ 587.559347][ T29] audit: type=1804 audit(4294967301.420:19): pid=13979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1688" name=2F6E6577726F6F742F3434312F22050820 dev="tmpfs" ino=2318 res=1 errno=0 [ 587.636606][ T29] audit: type=1800 audit(4294967301.450:20): pid=13979 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1688" name=22050820 dev="tmpfs" ino=2318 res=0 errno=0 [ 588.093517][T13991] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1691'. [ 588.274506][T13995] bond0: invalid ARP target specified [ 588.286603][T13992] [U] /Eev/audio1 [ 588.290275][T13992] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 588.299255][T13992] [U] WwK E6?(I,k8D [ 588.304483][T13992] [U] [ 588.307196][T13992] [U] [ 588.309903][T13992] [U] W- [ 588.371483][T13992] [U] [ 588.374232][T13992] [U] [ 588.376956][T13992] [U] [ 588.379685][T13992] [U] [ 588.404328][T13992] [U] [ 588.407077][T13992] [U] [ 588.409796][T13992] [U] etdevsim0 [ 588.413312][T13992] [U] [ 588.481367][T13992] [U] [ 588.484117][T13992] [U] [ 588.486842][T13992] [U] [ 588.489559][T13992] [U] [ 588.524992][T13992] [U] [ 588.527713][T13992] [U] [ 588.530391][T13992] [U] [ 588.533071][T13992] [U] [ 588.549685][T13992] [U] [ 588.552442][T13992] [U] [ 588.555168][T13992] [U] [ 588.557889][T13992] [U] [ 588.563446][T13992] [U] [ 588.566183][T13992] [U] [ 588.568906][T13992] [U] [ 588.571624][T13992] [U] [ 588.581346][T13992] [U] [ 588.584097][T13992] [U] [ 588.586822][T13992] [U] [ 588.589542][T13992] [U] [ 588.597589][T13992] [U] [ 588.600340][T13992] [U] [ 588.603058][T13992] [U] [ 588.605784][T13992] [U] [ 588.611626][T13992] [U] [ 588.614370][T13992] [U] [ 588.617094][T13992] [U] [ 588.619814][T13992] [U] [ 588.623900][T13992] [U] [ 588.626630][T13992] [U] [ 588.629346][T13992] [U] [ 588.632062][T13992] [U] [ 588.638329][T13992] [U] [ 588.641067][T13992] [U] [ 588.643790][T13992] [U] [ 588.646508][T13992] [U] [ 588.683339][T13992] [U] [ 588.686097][T13992] [U] [ 588.688810][T13992] [U] [ 588.691521][T13992] [U] [ 588.696726][T13992] [U] [ 588.903267][T14001] bond0: invalid ARP target specified [ 589.400870][T14012] [U] /Eev/audio1 [ 589.404560][T14012] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 589.413545][T14012] [U] WwK E6?(I,k8D [ 589.418776][T14012] [U] [ 589.421500][T14012] [U] [ 589.424226][T14012] [U] W- [ 589.462774][T14012] [U] [ 589.465537][T14012] [U] [ 589.468266][T14012] [U] [ 589.470993][T14012] [U] [ 589.573972][T14012] [U] [ 589.680434][T14021] ptrace attach of "./syz-executor exec"[5825] was attempted by "./syz-executor exec"[14021] [ 590.159650][T14027] nla_validate_range_unsigned: 2 callbacks suppressed [ 590.159676][T14027] netlink: 'syz.0.1703': attribute type 11 has an invalid length. [ 590.183818][T14027] netlink: 'syz.0.1703': attribute type 11 has an invalid length. [ 590.256629][T14027] netlink: 'syz.0.1703': attribute type 11 has an invalid length. [ 590.294542][T14027] netlink: 'syz.0.1703': attribute type 11 has an invalid length. [ 593.269880][T14053] bond0: invalid ARP target specified [ 593.666226][T14058] [U] /Eev/audio1 [ 593.669911][T14058] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 593.678888][T14058] [U] WwK E6?(I,k8D [ 593.684634][T14058] [U] [ 593.687342][T14058] [U] [ 593.690039][T14058] [U] W- [ 593.709403][T14058] [U] [ 593.712164][T14058] [U] [ 593.714895][T14058] [U] [ 593.717621][T14058] [U] [ 593.722415][T14058] [U] [ 593.725145][T14058] [U] [ 593.727849][T14058] [U] etdevsim0 [ 593.731331][T14058] [U] [ 593.735172][T14058] [U] [ 593.737896][T14058] [U] [ 593.740623][T14058] [U] [ 593.743360][T14058] [U] [ 593.748198][T14058] [U] [ 593.750942][T14058] [U] [ 593.753652][T14058] [U] [ 593.756399][T14058] [U] [ 593.796355][T14058] [U] [ 593.799116][T14058] [U] [ 593.801835][T14058] [U] [ 593.804554][T14058] [U] [ 593.839106][T14058] [U] [ 594.309191][T14065] ptrace attach of "./syz-executor exec"[8903] was attempted by "./syz-executor exec"[14065] [ 594.376841][T14063] bond0: invalid ARP target specified [ 594.946707][T14076] [U] /Eev/audio1 [ 594.950395][T14076] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 594.959481][T14076] [U] WwK E6?(I,k8D [ 594.964708][T14076] [U] [ 594.967453][T14076] [U] [ 594.970174][T14076] [U] W- [ 594.976523][T14076] [U] [ 594.979303][T14076] [U] [ 594.982049][T14076] [U] [ 594.984771][T14076] [U] [ 594.988442][T14076] [U] [ 594.991625][T14076] [U] [ 594.994347][T14076] [U] etdevsim0 [ 594.997852][T14076] [U] [ 595.031806][T14076] [U] [ 595.034579][T14076] [U] [ 595.037312][T14076] [U] [ 595.040034][T14076] [U] [ 595.067580][T14076] [U] [ 595.070335][T14076] [U] [ 595.073057][T14076] [U] [ 595.075782][T14076] [U] [ 595.079598][T14076] [U] [ 595.082332][T14076] [U] [ 595.085054][T14076] [U] [ 595.087778][T14076] [U] [ 595.162742][T14076] [U] [ 595.381639][T14090] netlink: 246 bytes leftover after parsing attributes in process `syz.0.1717'. [ 595.970894][T14100] netlink: 246 bytes leftover after parsing attributes in process `syz.2.1718'. [ 596.059456][T14099] netlink: 'syz.3.1719': attribute type 11 has an invalid length. [ 596.166124][T14099] netlink: 'syz.3.1719': attribute type 11 has an invalid length. [ 596.174575][T14099] netlink: 'syz.3.1719': attribute type 11 has an invalid length. [ 596.182417][T14099] netlink: 'syz.3.1719': attribute type 11 has an invalid length. [ 597.224096][T14118] netlink: 'syz.0.1725': attribute type 11 has an invalid length. [ 597.377110][T14118] netlink: 'syz.0.1725': attribute type 11 has an invalid length. [ 597.395855][T14110] [U] /Eev/audio1 [ 597.400058][T14110] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 597.409039][T14110] [U] WwK E6?(I,k8D [ 597.414259][T14110] [U] [ 597.416973][T14110] [U] [ 597.419688][T14110] [U] W- [ 597.465355][T14110] [U] [ 597.468121][T14110] [U] [ 597.470844][T14110] [U] [ 597.473563][T14110] [U] [ 597.483788][T14118] netlink: 'syz.0.1725': attribute type 11 has an invalid length. [ 597.491644][T14118] netlink: 'syz.0.1725': attribute type 11 has an invalid length. [ 597.542241][T14110] [U] [ 597.544993][T14110] [U] [ 597.547720][T14110] [U] etdevsim0 [ 597.551231][T14110] [U] [ 597.654961][T14110] [U] [ 597.657694][T14110] [U] [ 597.660371][T14110] [U] [ 597.663041][T14110] [U] [ 597.750886][T14110] [U] [ 597.753641][T14110] [U] [ 597.756425][T14110] [U] [ 597.759099][T14110] [U] [ 597.793960][T14110] [U] [ 597.796716][T14110] [U] [ 597.799437][T14110] [U] [ 597.802144][T14110] [U] [ 598.021229][T14110] [U] [ 598.501601][T14128] bond0: invalid ARP target specified [ 599.687703][T14151] netlink: 'syz.0.1732': attribute type 11 has an invalid length. [ 599.744702][T14151] netlink: 'syz.0.1732': attribute type 11 has an invalid length. [ 600.215759][T14149] [U] /Eev/audio1 [ 600.219443][T14149] [U] F츱Z|GP)\nC:LubΧtUwUU3.O"4Y8@Z5`mb4* [ 600.228421][T14149] [U] WwK E6?(I,k8D [ 600.233633][T14149] [U] [ 600.236342][T14149] [U] [ 600.239051][T14149] [U] W- [ 600.407397][T14149] [U] [ 600.969684][T14178] netlink: 246 bytes leftover after parsing attributes in process `syz.0.1733'. [ 601.738755][T14192] bond0: invalid ARP target specified [ 603.467338][T14242] FAULT_INJECTION: forcing a failure. [ 603.467338][T14242] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 603.569955][T14239] Invalid ELF header magic: != ELF [ 603.602299][T14242] CPU: 0 UID: 0 PID: 14242 Comm: syz.2.1744 Tainted: G U L syzkaller #0 PREEMPT(full) [ 603.602346][T14242] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 603.602357][T14242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 603.602372][T14242] Call Trace: [ 603.602381][T14242] [ 603.602391][T14242] dump_stack_lvl+0x100/0x190 [ 603.602434][T14242] should_fail_ex.cold+0x5/0xa [ 603.602460][T14242] ? prepare_alloc_pages+0x16d/0x5f0 [ 603.602493][T14242] should_fail_alloc_page+0xeb/0x140 [ 603.602522][T14242] prepare_alloc_pages+0x1f0/0x5f0 [ 603.602557][T14242] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 603.602597][T14242] ? unwind_get_return_address+0x59/0xa0 [ 603.602626][T14242] ? arch_stack_walk+0xa6/0xf0 [ 603.602657][T14242] ? __lock_acquire+0x4a5/0x2630 [ 603.602694][T14242] ? _parse_integer_limit+0x17f/0x1d0 [ 603.602731][T14242] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 603.602776][T14242] ? find_held_lock+0x2b/0x80 [ 603.602801][T14242] ? aa_file_perm+0x7e4/0x14d0 [ 603.602832][T14242] ? aa_file_perm+0x7e4/0x14d0 [ 603.602868][T14242] ? aa_file_perm+0x7f3/0x14d0 [ 603.602902][T14242] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 603.602947][T14242] ? policy_nodemask+0xed/0x4f0 [ 603.602978][T14242] alloc_pages_mpol+0x1fb/0x550 [ 603.603008][T14242] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 603.603034][T14242] ? __pfx___might_resched+0x10/0x10 [ 603.603073][T14242] ? lock_acquire+0x1cf/0x380 [ 603.603111][T14242] alloc_pages_noprof+0x131/0x390 [ 603.603173][T14242] get_free_pages_noprof+0x10/0xb0 [ 603.603200][T14242] mem_rw+0x94/0x640 [ 603.603233][T14242] vfs_write+0x2aa/0x1070 [ 603.603275][T14242] ? __pfx_mem_write+0x10/0x10 [ 603.603306][T14242] ? __pfx_vfs_write+0x10/0x10 [ 603.603346][T14242] ? __fget_files+0x215/0x3d0 [ 603.603379][T14242] ? __fget_files+0x21f/0x3d0 [ 603.603415][T14242] ksys_write+0x12a/0x250 [ 603.603439][T14242] ? __pfx_ksys_write+0x10/0x10 [ 603.603473][T14242] do_syscall_64+0x106/0xf80 [ 603.603503][T14242] ? clear_bhb_loop+0x40/0x90 [ 603.603537][T14242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 603.603563][T14242] RIP: 0033:0x7f033c79c799 [ 603.603586][T14242] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 603.603610][T14242] RSP: 002b:00007f033d6fd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 603.603633][T14242] RAX: ffffffffffffffda RBX: 00007f033ca15fa0 RCX: 00007f033c79c799 [ 603.603651][T14242] RDX: 00000000fffffc96 RSI: 0000200000001680 RDI: 0000000000000003 [ 603.603667][T14242] RBP: 00007f033d6fd090 R08: 0000000000000000 R09: 0000000000000000 [ 603.603681][T14242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 603.603696][T14242] R13: 00007f033ca16038 R14: 00007f033ca15fa0 R15: 00007fffd72688e8 [ 603.603734][T14242] [ 604.357335][ T5835] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 604.357376][ T5835] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 604.372939][ T5835] Bluetooth: hci0: Dropping invalid advertising data [ 604.380650][ T5835] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 604.380742][ T5835] Bluetooth: hci0: Dropping invalid advertising data [ 604.395275][ T5835] Bluetooth: hci0: Malformed LE Event: 0x02 [ 605.337798][T14268] netlink: 246 bytes leftover after parsing attributes in process `syz.3.1748'. [ 605.552152][T14270] bond0: invalid ARP target specified [ 605.850191][T14276] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1750'. [ 606.432106][T14287] nla_validate_range_unsigned: 2 callbacks suppressed [ 606.432133][T14287] netlink: 'syz.4.1759': attribute type 11 has an invalid length. [ 606.553859][T14287] netlink: 'syz.4.1759': attribute type 11 has an invalid length. [ 606.561722][T14287] netlink: 'syz.4.1759': attribute type 11 has an invalid length. [ 606.713841][T14287] netlink: 'syz.4.1759': attribute type 11 has an invalid length. [ 608.148543][T14326] netlink: 246 bytes leftover after parsing attributes in process `syz.2.1760'. [ 608.171888][T14321] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1758'. [ 608.259750][T14321] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1758'. [ 609.916071][T14351] netlink: 116 bytes leftover after parsing attributes in process `syz.0.1765'. [ 610.256224][T14360] FAULT_INJECTION: forcing a failure. [ 610.256224][T14360] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 610.275316][T14360] CPU: 0 UID: 0 PID: 14360 Comm: syz.4.1768 Tainted: G U L syzkaller #0 PREEMPT(full) [ 610.275362][T14360] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 610.275372][T14360] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 610.275386][T14360] Call Trace: [ 610.275394][T14360] [ 610.275405][T14360] dump_stack_lvl+0x100/0x190 [ 610.275448][T14360] should_fail_ex.cold+0x5/0xa [ 610.275480][T14360] _copy_to_user+0x32/0xd0 [ 610.275509][T14360] simple_read_from_buffer+0xcb/0x170 [ 610.275552][T14360] proc_fail_nth_read+0x1af/0x230 [ 610.275594][T14360] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 610.275625][T14360] ? rw_verify_area+0xce/0x6d0 [ 610.275662][T14360] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 610.275694][T14360] vfs_read+0x1e4/0xb30 [ 610.275738][T14360] ? __pfx_vfs_read+0x10/0x10 [ 610.275776][T14360] ? __fget_files+0x215/0x3d0 [ 610.275813][T14360] ? __fget_files+0x21f/0x3d0 [ 610.275848][T14360] ksys_read+0x12a/0x250 [ 610.275885][T14360] ? __pfx_ksys_read+0x10/0x10 [ 610.275934][T14360] do_syscall_64+0x106/0xf80 [ 610.275965][T14360] ? clear_bhb_loop+0x40/0x90 [ 610.275996][T14360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 610.276022][T14360] RIP: 0033:0x7f161c75cfce [ 610.276043][T14360] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 610.276069][T14360] RSP: 002b:00007f161d6c0fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 610.276094][T14360] RAX: ffffffffffffffda RBX: 00007f161d6c16c0 RCX: 00007f161c75cfce [ 610.276112][T14360] RDX: 000000000000000f RSI: 00007f161d6c10a0 RDI: 0000000000000004 [ 610.276128][T14360] RBP: 00007f161d6c1090 R08: 0000000000000000 R09: 0000000000000000 [ 610.276144][T14360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 610.276160][T14360] R13: 00007f161ca16038 R14: 00007f161ca15fa0 R15: 00007ffef19c1f98 [ 610.276195][T14360] [ 611.017994][T14378] netlink: 246 bytes leftover after parsing attributes in process `syz.3.1771'. [ 611.724926][T14393] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1775'. [ 611.773857][T14393] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1775'. [ 613.148051][T14404] Invalid ELF header magic: != ELF [ 616.270166][T14434] futex_wake_op: syz.3.1784 tries to shift op by -2048; fix this program [ 616.319830][T14434] futex_wake_op: syz.3.1784 tries to shift op by -2048; fix this program [ 616.352037][T14434] 0x000000000001-0x000000020000 : "" [ 616.427501][T14434] ftl_cs: FTL header corrupt! [ 617.572797][T14453] Invalid ELF header magic: != ELF [ 618.504027][T14472] netlink: 246 bytes leftover after parsing attributes in process `syz.3.1791'. [ 622.779592][T14523] netlink: 246 bytes leftover after parsing attributes in process `syz.3.1805'. [ 623.841282][T14534] netlink: 'syz.2.1809': attribute type 11 has an invalid length. [ 623.925475][T14534] netlink: 'syz.2.1809': attribute type 11 has an invalid length. [ 623.933340][T14534] netlink: 'syz.2.1809': attribute type 11 has an invalid length. [ 624.012920][T14534] netlink: 'syz.2.1809': attribute type 11 has an invalid length. [ 624.289152][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.302666][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 729.273545][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 729.280561][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P14543/1:b..l [ 729.289233][ C0] rcu: (detected by 0, t=10502 jiffies, g=72833, q=1914 ncpus=2) [ 729.297040][ C0] task:syz.3.1810 state:R running task stack:27848 pid:14543 tgid:14538 ppid:5831 task_flags:0x20400040 flags:0x00080000 [ 729.311726][ C0] Call Trace: [ 729.315004][ C0] [ 729.317923][ C0] __schedule+0xfee/0x6120 [ 729.322389][ C0] ? __lock_acquire+0x4a5/0x2630 [ 729.327350][ C0] ? __pfx___schedule+0x10/0x10 [ 729.332191][ C0] ? rcu_is_watching+0x12/0xc0 [ 729.336946][ C0] preempt_schedule_irq+0x50/0x90 [ 729.341958][ C0] irqentry_exit+0x17b/0x670 [ 729.346540][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 729.352539][ C0] RIP: 0010:lock_acquire+0x5e/0x380 [ 729.357764][ C0] Code: 05 7b d2 28 12 83 f8 07 0f 87 f0 00 00 00 48 0f a3 05 46 4f f5 0e 0f 82 c2 02 00 00 8b 35 0e 83 f5 0e 85 f6 0f 85 dd 00 00 00 <48> 8b 44 24 30 65 48 2b 05 1d d2 28 12 0f 85 02 03 00 00 48 83 c4 [ 729.377379][ C0] RSP: 0018:ffffc90009597308 EFLAGS: 00000206 [ 729.383448][ C0] RAX: 0000000000000046 RBX: 0000000000000000 RCX: 0000000000000000 [ 729.391405][ C0] RDX: 0000000000000000 RSI: ffffffff8de57649 RDI: ffffffff8c1af920 [ 729.399361][ C0] RBP: ffffffff8e7e7420 R08: 0000000086db7919 R09: 0000000000000007 [ 729.407315][ C0] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000002 [ 729.415268][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 729.423232][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 729.428419][ C0] ? unwind_next_frame+0x3be/0x1ea0 [ 729.433605][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 729.439743][ C0] unwind_next_frame+0xd1/0x1ea0 [ 729.444665][ C0] ? unwind_next_frame+0xbd/0x1ea0 [ 729.449761][ C0] ? __x64_sys_fdatasync+0x35/0x50 [ 729.454886][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 729.461040][ C0] arch_stack_walk+0x94/0xf0 [ 729.465644][ C0] ? __x64_sys_fdatasync+0x35/0x50 [ 729.470760][ C0] stack_trace_save+0x8e/0xc0 [ 729.475427][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 729.480786][ C0] ? blk_account_io_merge_bio.part.0+0x156/0x2e0 [ 729.487170][ C0] kasan_save_stack+0x30/0x50 [ 729.491850][ C0] ? kasan_save_stack+0x30/0x50 [ 729.496698][ C0] ? kasan_save_track+0x14/0x30 [ 729.501538][ C0] ? __kasan_slab_alloc+0x89/0x90 [ 729.506545][ C0] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 729.512167][ C0] ? mempool_alloc_noprof+0x1b7/0x310 [ 729.517523][ C0] ? bio_alloc_bioset+0x392/0x850 [ 729.522625][ C0] ? submit_bh_wbc+0x250/0x770 [ 729.527374][ C0] ? __block_write_full_folio+0x77f/0xee0 [ 729.533082][ C0] ? block_write_full_folio+0x3b5/0x4e0 [ 729.538621][ C0] ? blkdev_writepages+0xc7/0x150 [ 729.543636][ C0] ? do_writepages+0x278/0x600 [ 729.548385][ C0] ? filemap_writeback+0x22d/0x2e0 [ 729.553487][ C0] ? file_write_and_wait_range+0xcd/0x140 [ 729.559319][ C0] ? blkdev_fsync+0x6c/0xd0 [ 729.563813][ C0] ? do_fsync+0xbf/0x220 [ 729.568127][ C0] ? __x64_sys_fdatasync+0x35/0x50 [ 729.573767][ C0] kasan_save_track+0x14/0x30 [ 729.578450][ C0] __kasan_slab_alloc+0x89/0x90 [ 729.583282][ C0] kmem_cache_alloc_noprof+0x241/0x6e0 [ 729.588730][ C0] ? mempool_alloc_noprof+0x1b7/0x310 [ 729.594100][ C0] mempool_alloc_noprof+0x1b7/0x310 [ 729.599370][ C0] ? submit_bio_noacct_nocheck+0x470/0xc10 [ 729.605208][ C0] ? __pfx_mempool_alloc_noprof+0x10/0x10 [ 729.610921][ C0] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 729.617068][ C0] bio_alloc_bioset+0x392/0x850 [ 729.621973][ C0] ? __pfx_bio_alloc_bioset+0x10/0x10 [ 729.627781][ C0] ? submit_bio_noacct+0x651/0x2010 [ 729.633004][ C0] submit_bh_wbc+0x250/0x770 [ 729.637647][ C0] __block_write_full_folio+0x77f/0xee0 [ 729.643214][ C0] ? __pfx_blkdev_get_block+0x10/0x10 [ 729.648602][ C0] block_write_full_folio+0x3b5/0x4e0 [ 729.654140][ C0] ? __pfx_blkdev_get_block+0x10/0x10 [ 729.659523][ C0] blkdev_writepages+0xc7/0x150 [ 729.664468][ C0] ? __pfx_blkdev_writepages+0x10/0x10 [ 729.669948][ C0] ? do_writepages+0x4b5/0x600 [ 729.674704][ C0] ? do_writepages+0x4b5/0x600 [ 729.679459][ C0] ? __pfx_blkdev_writepages+0x10/0x10 [ 729.684911][ C0] do_writepages+0x278/0x600 [ 729.689580][ C0] ? __pfx_do_writepages+0x10/0x10 [ 729.694689][ C0] ? do_raw_spin_unlock+0x145/0x1e0 [ 729.699882][ C0] ? _raw_spin_unlock+0x28/0x50 [ 729.704736][ C0] filemap_writeback+0x22d/0x2e0 [ 729.709685][ C0] ? __pfx_filemap_writeback+0x10/0x10 [ 729.715150][ C0] ? __fget_files+0x215/0x3d0 [ 729.719899][ C0] ? __fget_files+0x215/0x3d0 [ 729.724563][ C0] file_write_and_wait_range+0xcd/0x140 [ 729.730099][ C0] blkdev_fsync+0x6c/0xd0 [ 729.734412][ C0] ? __pfx_blkdev_fsync+0x10/0x10 [ 729.739417][ C0] do_fsync+0xbf/0x220 [ 729.743487][ C0] __x64_sys_fdatasync+0x35/0x50 [ 729.748414][ C0] do_syscall_64+0x106/0xf80 [ 729.753036][ C0] ? clear_bhb_loop+0x40/0x90 [ 729.757702][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 729.763598][ C0] RIP: 0033:0x7f5a4599c799 [ 729.767995][ C0] RSP: 002b:00007f5a468ad028 EFLAGS: 00000246 ORIG_RAX: 000000000000004b [ 729.776394][ C0] RAX: ffffffffffffffda RBX: 00007f5a45c16090 RCX: 00007f5a4599c799 [ 729.784368][ C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 729.792318][ C0] RBP: 00007f5a45a32bd9 R08: 0000000000000000 R09: 0000000000000000 [ 729.800272][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 729.808224][ C0] R13: 00007f5a45c16128 R14: 00007f5a45c16090 R15: 00007fff2f0fb268 [ 729.816188][ C0] [ 729.819212][ C0] rcu: rcu_preempt kthread starved for 10184 jiffies! g72833 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 729.830384][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 729.840334][ C0] rcu: RCU grace-period kthread stack dump: [ 729.846199][ C0] task:rcu_preempt state:R running task stack:27832 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 729.859674][ C0] Call Trace: [ 729.862940][ C0] [ 729.865870][ C0] __schedule+0xfee/0x6120 [ 729.870275][ C0] ? __lock_acquire+0x4a5/0x2630 [ 729.875207][ C0] ? __pfx___schedule+0x10/0x10 [ 729.880045][ C0] ? find_held_lock+0x2b/0x80 [ 729.884702][ C0] ? schedule+0x2bf/0x390 [ 729.889015][ C0] schedule+0xdd/0x390 [ 729.893068][ C0] schedule_timeout+0x127/0x280 [ 729.897910][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 729.903274][ C0] ? __pfx_process_timeout+0x10/0x10 [ 729.908551][ C0] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 729.914340][ C0] ? prepare_to_swait_event+0xdf/0x4a0 [ 729.919790][ C0] rcu_gp_fqs_loop+0x1a9/0x900 [ 729.924543][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 729.929827][ C0] ? __pfx_rcu_gp_init+0x10/0x10 [ 729.934765][ C0] ? __pfx_rcu_gp_cleanup+0x10/0x10 [ 729.939955][ C0] ? rcu_is_watching+0x12/0xc0 [ 729.944714][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 729.950513][ C0] rcu_gp_kthread+0x179/0x230 [ 729.955179][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 729.960359][ C0] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 729.966154][ C0] ? __kthread_parkme+0x18c/0x230 [ 729.971168][ C0] ? kthread+0x13a/0x450 [ 729.975395][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 729.980580][ C0] kthread+0x370/0x450 [ 729.984639][ C0] ? __pfx_kthread+0x10/0x10 [ 729.989218][ C0] ret_from_fork+0x754/0xd80 [ 729.993795][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 729.998893][ C0] ? __switch_to+0x7b4/0x1120 [ 730.003562][ C0] ? __pfx_kthread+0x10/0x10 [ 730.008154][ C0] ret_from_fork_asm+0x1a/0x30 [ 730.012913][ C0] [ 730.015911][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 730.022217][ C0] Sending NMI from CPU 0 to CPUs 1: [ 730.027419][ C1] NMI backtrace for cpu 1 [ 730.027443][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G U L syzkaller #0 PREEMPT(full) [ 730.027480][ C1] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 730.027489][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 730.027504][ C1] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 730.027534][ C1] Code: d8 85 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a3 8f 1e 00 fb f4 fc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 730.027559][ C1] RSP: 0018:ffffc90000197df0 EFLAGS: 00000246 [ 730.027578][ C1] RAX: 000000000044b4e1 RBX: ffff88801e6a0000 RCX: ffffffff8b8cfc75 [ 730.027595][ C1] RDX: 0000000000000000 RSI: ffffffff8de7d6cc RDI: ffffffff8c1af920 [ 730.027612][ C1] RBP: 0000000000000001 R08: 0000000000000001 R09: ffffed10170a6795 [ 730.027628][ C1] R10: ffff8880b8533cab R11: 0000000000000000 R12: ffffed1003cd4000 [ 730.027644][ C1] R13: 0000000000000001 R14: ffffffff90d9ad10 R15: 0000000000000000 [ 730.027660][ C1] FS: 0000000000000000(0000) GS:ffff88812444d000(0000) knlGS:0000000000000000 [ 730.027683][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 730.027700][ C1] CR2: 0000200000600000 CR3: 000000007bb14000 CR4: 00000000003526f0 [ 730.027716][ C1] Call Trace: [ 730.027724][ C1] [ 730.027731][ C1] default_idle+0x9/0x10 [ 730.027763][ C1] default_idle_call+0x6c/0xb0 [ 730.027795][ C1] do_idle+0x35b/0x4b0 [ 730.027818][ C1] ? __pfx_do_idle+0x10/0x10 [ 730.027844][ C1] cpu_startup_entry+0x4f/0x60 [ 730.027866][ C1] start_secondary+0x21d/0x2d0 [ 730.027897][ C1] ? __pfx_start_secondary+0x10/0x10 [ 730.027932][ C1] common_startup_64+0x13e/0x148 [ 730.027965][ C1]