last executing test programs: 2m27.910959627s ago: executing program 2 (id=3628): close_range$auto(0x0, 0xfffffffffffff000, 0x400002) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x52, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x4008af03, 0x0) io_uring_setup$auto(0x166, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8842, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop9/range\x00', 0x12000, 0x0) read$auto(r2, 0x0, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r3, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400000000000400, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r3, 0x0) symlink$auto(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') rename$auto(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00') writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x84100, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="050000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0x1f, "abe6de3d6468fe8000"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs1\x00', 0x108002, 0x0) read$auto(0x3, 0x0, 0x80) r4 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) syz_clone3(&(0x7f00000003c0)={0x383201180, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r4}}, 0x58) 2m26.84446024s ago: executing program 2 (id=3623): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_ENABLE(r0, &(0x7f0000003a80)={0x0, 0xff9e, &(0x7f0000003a40)={&(0x7f00000000c0)={0x18, r1, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x1}, 0x24040004) 2m26.770678584s ago: executing program 2 (id=3624): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0x2, 0x0, &(0x7f0000000140)=0x6) clock_nanosleep$auto(0x2, 0x200, &(0x7f0000000480)={0x8, 0x7}, 0x0) timer_settime$auto(0x0, 0x6, &(0x7f0000000000)={{0x100000001, 0x3ff}, {0x5a, 0x2}}, 0x0) timer_delete$auto(0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000440), 0x800) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSTI2(0xffffffffffffffff, 0x5412, &(0x7f0000000340)="03b9") openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0x0, 0x0) io_uring_setup$auto(0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty21\x00', 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x121b42, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x46, 0x2b, 0x1000000000065f, 0x80000000, 0x40000007, 0x3, 0x20000002, 0x9, 0x1, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x2, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2m25.733577797s ago: executing program 2 (id=3635): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/mtd/mtd0/erasesize\x00', 0x8000, 0x0) socket(0x2, 0x80802, 0x0) poll$auto(&(0x7f0000000d40)={0x3, 0x1, 0xa}, 0x5, 0x400) shutdown$auto(0x200000003, 0x2) read$auto(r0, 0x0, 0x4cb) 2m25.228893997s ago: executing program 2 (id=3644): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0x2, 0x0, &(0x7f0000000140)=0x6) clock_nanosleep$auto(0x2, 0x200, &(0x7f0000000480)={0x8, 0x7}, 0x0) timer_settime$auto(0x0, 0x6, &(0x7f0000000000)={{0x100000001, 0x3ff}, {0x5a, 0x2}}, 0x0) timer_delete$auto(0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000440), 0x800) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSTI2(0xffffffffffffffff, 0x5412, &(0x7f0000000340)="03b9") openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0x0, 0x0) io_uring_setup$auto(0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty21\x00', 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x121b42, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x46, 0x2b, 0x1000000000065f, 0x80000000, 0x40000007, 0x3, 0x20000002, 0x9, 0x1, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x2, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 2m24.283045839s ago: executing program 2 (id=3638): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e00052d9d6231040dccb8b9688a7e3e15e559d2d9"], 0x1ac}, 0x1, 0x0, 0x0, 0x20012}, 0x40) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x10001, &(0x7f00000002c0)={&(0x7f0000000340), 0xfff}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) mmap$auto(0x0, 0x40000000004, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) init_module$auto(0x0, 0xfffff, 0x0) 2m9.141725211s ago: executing program 32 (id=3638): r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="5e00052d9d6231040dccb8b9688a7e3e15e559d2d9"], 0x1ac}, 0x1, 0x0, 0x0, 0x20012}, 0x40) recvmmsg$auto(r0, &(0x7f0000000180)={{0x0, 0x10001, &(0x7f00000002c0)={&(0x7f0000000340), 0xfff}, 0x4, 0x0, 0x8, 0x7}, 0x7}, 0x5, 0x66a6, 0x0) mmap$auto(0x0, 0x40000000004, 0x4000000000df, 0x40eb2, 0x4, 0x300000000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) init_module$auto(0x0, 0xfffff, 0x0) 4.733901532s ago: executing program 0 (id=4105): close_range$auto(0x0, 0xfffffffffffff000, 0x400002) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x52, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x4008af03, 0x0) io_uring_setup$auto(0x166, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8842, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop9/range\x00', 0x12000, 0x0) read$auto(r2, 0x0, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r3, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400000000000400, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r3, 0x0) symlink$auto(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') rename$auto(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00') writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x84100, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="050000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0x1f, "abe6de3d6468fe8000"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs1\x00', 0x108002, 0x0) read$auto(0x3, 0x0, 0x80) r4 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) syz_clone3(&(0x7f00000003c0)={0x383201180, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r4}}, 0x58) 4.362206823s ago: executing program 1 (id=4106): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = fanotify_init$auto(0x5, 0x2000000000002) r1 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x0, 0x5, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x2, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4ea2, @remote}, 0x6a) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa001, 0x0) openat$auto_ima_ascii_measurements_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000300), 0x80, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001540), 0xffffffffffffffff) sendmsg$auto_TIPC_NL_KEY_SET(r3, &(0x7f0000001fc0)={0x0, 0x0, &(0x7f0000001f80)={&(0x7f0000000200)=ANY=[@ANYBLOB="9a4d2338eef29fdf4bb98c141ee21cdf2b47fadf9a7d5797bc52eb1e07030fdfc76db91ed832a91fd91fd15fe49616e14c4cf9df26df4fd15497fdea4fc2da9b4235504c044f62e29100edbc177c7dd11c3e6e67904ac2e300bec3237634fcb0947f221a7e1348124af9defc91abb13853b79891827e6ba74b344a584c595975a933a3d64cc6cd9dca4b", @ANYRES16=r4, @ANYBLOB="010028bd7000fedbdf251700000004000680"], 0x18}, 0x1, 0x0, 0x0, 0x80}, 0xe040) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x1900, 0x0) r5 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0) pread64$auto(r5, 0x0, 0x3ef, 0x8009) r6 = ioctl$auto_dma_heap_fops_dma_heap(r0, 0x6, &(0x7f0000000000)="3440ee9fc9b5bee38ab6") r7 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), r0) sendmsg$auto_NL802154_CMD_GET_SEC_DEVKEY(r6, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r7, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@NL802154_ATTR_SEC_FRAME_COUNTER={0x8, 0x2c, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40) pipe$auto(0x0) tee$auto(0x2000000000000, r1, 0x405, 0xd) 4.179523492s ago: executing program 4 (id=4108): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/capabilities/ff\x00', 0x300, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r0 = socket(0x1e, 0x3, 0x83a) getsockopt$auto(r0, 0x29, 0xce, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x23, 0x4, 0xffffffff) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(0x4, &(0x7f0000000200)={{0x0, 0x4, &(0x7f0000000140)={0x0, 0x4da}, 0x4, 0x0, 0x8, 0x800}, 0x1000}, 0xffffffff, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x2, 0x1d2c, 0x3, 0x4, 0x15f4da0e, 0x6, 0x9, 0x100000000000000c, 0x8, 0x4, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x400, 0x7fff, 0x0, 0x10000, 0x100000000000007) 4.111785759s ago: executing program 3 (id=4109): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/fs/ext4/sda1/mb_groups\x00', 0x109180, 0x0) pread64$auto(r1, 0x0, 0x682c3390, 0xcff) r2 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r2, 0x301, 0x70bd29, 0x25dfdc02}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x44010) 3.921916265s ago: executing program 3 (id=4110): r0 = socket(0xa, 0x1, 0x84) (async, rerun: 32) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 32) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 32) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) (rerun: 32) write$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f0000000180), 0x0) read$auto_snd_seq_f_ops_seq_clientmgr(r2, &(0x7f0000000240)=""/178, 0xb2) epoll_pwait2$auto(0xffffffffffffffff, 0x0, 0x282, 0x0, &(0x7f00000001c0), 0x8) (async, rerun: 64) syz_clone3(&(0x7f0000000100)={0x2100000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) (async, rerun: 64) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000000)=0x200000000) readv$auto(0x3, &(0x7f0000000040)={0x0, 0x36a}, 0x3) bpf$auto(0xfffff011, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x8000, 0xf9c, 0x466, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x1000004, 0x6}, 0xa3) r4 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000ac0), 0xffffffffffffffff) sendmsg$auto_TCP_METRICS_CMD_GET(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000040)={0x1c, r4, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@TCP_METRICS_ATTR_ADDR_IPV4={0x8, 0x1, @loopback}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004055}, 0x0) (async) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000180)='/dev/cuse\x00', 0x22080, 0x0) (async) sendmsg$auto_TCP_METRICS_CMD_GET(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f00000001c0)={0x60, r4, 0x10, 0x70bd2d, 0x25dfdbff, {}, [@TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @mcast2}, @TCP_METRICS_ATTR_SADDR_IPV4={0x8, 0xb, @empty}, @TCP_METRICS_ATTR_SADDR_IPV4={0x8, 0xb, @rand_addr=0x64010102}, @TCP_METRICS_ATTR_SADDR_IPV6={0x14, 0xc, @remote}, @TCP_METRICS_ATTR_ADDR_IPV6={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}, 0x60}}, 0x8000) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) (async) r5 = socket(0x2, 0x5, 0x0) getsockopt$auto(r5, 0x84, 0xf, 0x0, 0x0) socket(0x2c, 0x3, 0x0) (async) mmap$auto(0x0, 0x4, 0x10000000000, 0x11, 0x3, 0x100000000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) set_mempolicy$auto(0x6005, &(0x7f0000000040)=0x5, 0x4) (async) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) r6 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r6, 0x0, 0x80) recvmmsg$auto(r0, 0x0, 0x4, 0x6586, 0x0) 3.684155488s ago: executing program 0 (id=4111): r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xa3, 0xeb1, r0, 0x8000) socketpair$auto(0x1, 0x3, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0xfffd, 0x8000, 0x0) fsopen$auto(0x0, 0x1) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004040}, 0xc800) r1 = socket(0xa, 0x5, 0x84) sendto$auto(r1, 0x0, 0x401, 0x7f, &(0x7f0000000000)=@generic={0xa, "e2e18340cba8fe803f00"}, 0x1c) 3.521124001s ago: executing program 1 (id=4112): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_RSS_GET(r0, &(0x7f0000000100)={0x0, 0x700, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r1, 0x301, 0x70bd29, 0x25dfdc02}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x44010) 3.519616373s ago: executing program 4 (id=4113): close_range$auto(0xffffffffffffffff, 0x8, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) sendmmsg$auto(r0, &(0x7f0000000080)={{&(0x7f0000000040), 0x1c, &(0x7f00000000c0)={0x0, 0x1a004}, 0x7, 0x0, 0x0, 0xb}, 0xfff}, 0x5, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x19, 0x0, 0x8) 3.217375921s ago: executing program 4 (id=4114): mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) r0 = openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/tracing/per_cpu/cpu0/trace_pipe_raw\x00', 0x82000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f00000011c0)='/dev/snd/pcmC1D1c\x00', 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_PARAMS_OLD2(r1, 0xc1004111, 0x0) pread64$auto(r0, 0x0, 0x7fb, 0x400) socket(0x1e, 0x1, 0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000000), 0x121900, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000200)='/dev/snd/midiC2D1\x00', 0x8a041, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/audio\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xa, 0x8e6, 0x400000000000948d, 0x3, 0x15f4da0a, 0x6, 0x3, 0x5f, 0x5, 0x3, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0xb, 0xd, 0x1, 0x3, 0xffffffffffffffff, 0x4, 0x3, 0x3, 0x1fd, 0x8000001f, 0x8, 0x6d3e, 0x9, 0x4, 0x6]}, 0x0) mmap$auto(0x0, 0x4, 0xe, 0x40000000000313e, 0x4008df3, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) futex$auto(0x0, 0xfffffff9, 0x7, 0x0, 0x0, 0x5) inotify_init1$auto(0x403) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x20009, 0x2000000df, 0xeb1, 0x401, 0x8000) connect$auto(0x3, 0x0, 0x54) sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0x34000}, 0x1, 0x0, 0x8001, 0x9}, 0x7}, 0x3, 0x3f3) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000) r3 = creat$auto(&(0x7f00000001c0)='./file0\x00', 0x105) pwritev2$auto(r3, &(0x7f00000000c0)={0x0, 0x1000008}, 0x100, 0x2, 0x9, 0x7) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) ioctl$auto_SNDCTL_TMR_CONTINUE(r4, 0x5404, 0x0) 3.17059288s ago: executing program 1 (id=4115): getsid$auto(0xffffffffffffffff) mmap$auto(0x0, 0x3, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) rt_sigaction$auto(0x1, &(0x7f00000001c0)={&(0x7f0000000080)=0x0, 0x7fffffffffffffff, 0x0, {0x5}}, 0x0, 0x8) rt_sigaction$auto(0x5, &(0x7f0000000140)={&(0x7f0000000040)=0x0, 0x9, 0x0, {0x81}}, 0x0, 0x8) bind$auto(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x9, "cc00000008f0ffffff000100"}, 0x6b) r0 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) read$auto_l2cap_debugfs_fops_(r0, &(0x7f0000000240)=""/170, 0xaa) r1 = gettid() r2 = getpid() rt_tgsigqueueinfo$auto(r2, r1, 0x1, 0x0) rt_sigsuspend$auto(0x0, 0x8) 3.077352508s ago: executing program 3 (id=4116): socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000001f00), 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb2, 0x403, 0x8000) r0 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r1, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000005c0)=ANY=[@ANYBLOB="88120000", @ANYRES16=0x0, @ANYBLOB="010025bd700002dcdf2503000000050009000500000004000600040006003d1202805000a500c667d9d0cca65d36490648637f04abd8489cc9506022c8fdacd8c22e41b7d2fa985dddd4b2a5bc76074abe9f0f7649f33e5d77a8ea4c3b443b183ae146e3f9ca235415abb72b1863c0166ebb22114580bbb94c93b312191f84de52174ef5b9d6d59c8cc74f0058dded57a7a541a3008eb7fd96705f9056abb12127a7a862b213720a9138cc5e515206c2c67d96a85f4ed00755cfe9337a385153519e144b6a1b58dac5d963d89bb2577d048c71bc80aac3c8f21168defd407d32a5321443eeff8e5942c2f43bc93e0a8cb1dd317a9e8b1666edf829be42389b40da3cdd62d74927de8a89201eddd9a799cacaf4d1f69a7427eed9b3e7fc5555965125c44ee35d835ee3e1c3db437900c59e9531f473c9a25420a693b5a0a4230bdd74b2a3d9958215efa47728727a4b736b4f44b20800", @ANYRES32=0x0, @ANYBLOB="04000e800400ca80a460d59f0efc3ec0a8f45a2dffef8a5cfae44d01fa055aa6d8cb6e80e241c7fdafa1507648930aa38ac11fc5dce5a5c212e08e90cd03dd2ba51fa1ba6de7d7923f6c5b1bb5df15bdbe08efb50a2a7cd8ca3a9f84a1fd14b82a54bd53d97adf75dc06592e771ff690f6cc86f47e322ccc2016ba8dc6a56d1779b8456135662ed3460767ac2c65f0f4acf3fb9e5f9b658e7d5e66d07b94cb5036ea9bd52f9bbf86f6fc799652339b54b5e3bf124439837d19096822f67cfce1269b3472d31d7e8dcb810dc6fc448e72910a4d44421f2909fba66402ddd7a6745511b5055ec23a9fe98772e61f8e66f7ecc87bd1bb336c666f02438ce4ec91522be8a9554ee7341badefdd75d4445131d0b5a711938f34b780512f24e6690aa76ea00980c2295936a008bcccd73d802abd50e99696e7e31c89c79ce4a9b8d52c3a1eb6ab7f2588f794695d921d3ebf5dd669e893ccd6c5d4d3bd9f014dca2303bc4d623178ff664517d4c65161d377b34341bbaa4b033922ad7847346a5581ceda1dab107e9f5109a5c8af8457ba7764b1eee0343be94d2b299b9eb8d1f0b4d4523051df7f2277a9087e230565ac893f19d83fbc7cc351602a1a08570b05d674ea37f9afb6bc62f5f7657dd3713a2ea6b58c32f8e7c57ca13a66f8f80e7e1fb0736a1d2342f7ccbbc86eecb0c8e5aa110b7f6808281b68d6f7b6ddf9a9b11507ff2b121cf75b79c32ad582b73e07721d1054c88776640acbdc38a7e7ea0df4159c1b2da3e686e024f16acb46b3eb03563e59c509542f67d4c5ff1b388eab4a8dec42786af1e3376181c3943981430de83802a44edf42f68a7d619960404f80bd08508b18382dab65e3cffc5fa942245102abd7be2c5d4c68401d2f6d2a2c42f8968509b95aec53af6a4082eabf2c7447aabfc36dc1da8163e934587d8835e61c8453a94e1b127b8d9784b75498e7ae73dc42e65b0afbfb41e3a802c5027a65b494d62b19365c382d66844880760196cd40712c78e2e288820cb2f34379df51a85ffbee675e1598c2a9a113255efe73cca36f087cbfa885491a2f3e68449436e0fca75598a4e8a15fd3704d302c4405cbeabe3d57567ad993cc92f879343be898b945c69ba5f5f1d64deaffa32c79808620e95f6fc31090dbca556da91d595f5867f45f23cc8fce505b38e63bc6f4a236556713339d5d4aa664c44f7826129538d0e157f336135ea4795bd66da491815172af611ea76ce42cb713f4e2c8b4ea92f10c2c99e78693ed70fce906aaab57ff48801c9fa03d09dc7706252ca29458af66616a42934ad215cc47c776bb4793bc856ce67524e1e74f4b3686051ebbeb6ac03e735e5a70411316aaf96499792da9f54f81761c707ee6a5adb8b3d5f8d070ebec81ab1733ec2e4abb364bfef0430396402f2950ab40c25e475ae51613d2c5fdf44e879f36528dc83d34a314ced34fb83b64d25bf548cc79dbc8583503b8ef03e36ef313b870d1f84a666ab362e29d25eb3dad6021972c3c45e30d224b29f3f03e0ca26790cb594ab705368fc76a6bd8d0fc883e3566c50739318feddcfca26268830b8f1621747ce77c8e809930a68d9969ce5741df3bdc2142c17b99a71d6da05348a58890d5978259a7cecc0a28ecb61681c84e5a59ed8c3478b2f4384342c1ea0d83d79f8aa00c40a66fb07d90b10ab049848ad54f7765a707c63c059b0d11841ea3d046cb1f47962f48420ced1697fda0bca7d9813045172391db71c42eff09db637020e927289877df4a3f7a2fae5a43859896d662a339bf80e50cc7563f8e4a3ccc39d846169bf2ccc486af07e35059829a783535ca03371e7a826825e4549a2e9422af50c25b3e5accd0f9602f5b50d69c3a7c83eb8ddf49050b429913539bc3f9e440cd506b410c9518cd62f9bacb4aecd9e588881f4acac5a867132e68a070e094393654695ed4f3a7e7619fbfd98668a9ee077460b0ca6832eaeb53340ec449172c25dcc56e3afb20c706cc0f175835635b2b052c77012e25721c4bdae210979eb691d3c8fb6d552b8eaa56f4876bce7e034ef08567b905e94e7209fee65de32e4faa4ed34c99478d784b6f302c8b87fdfdde132a5fe333d5fefa4231e4264f944a7d1a4cc1cee8dbba444b9ea9196d4c97f04d543b0c37f9a5dc9af0ee8e57ae631d291af40714a192343db5b32c241b840fcc1cb9aeb72e46ed7b42abcac4ad8edf2e2f9db14c2377b8a75b700bac7bc85d097530362b3cbce5e2da7384c2ca8538ba368cd08d09a182c83ca34704bb428828358155de5b15c2b1805a029c7aa123bd2c34189e1561a27700c495b9ad0e14fead9f618ce2abcbcf93d392f63aa2386dde1312ac0657d6280195305c75547208e9e7ba64ee1105136e76a7248ead12313bbc3f6c9afd4219d31917775da5efc363b5d76af78ef62e61849e8d43fbeaca7e0500e9ab76e7dcd855273c1e0b70ed0f4ee54064fa189eb7d5b41b5d948037bbf92bee5bc1b511c3fa3381a881d6b293feb6072b1e7c2e592281b8f7eda430f4c4eb89c8abb08ce3757863a726c8c531e0300cafafa3b85c588372ef3bcca6fc65fcbba544deea1cfe52a345ded4f752c07923105177c183bfe02b95a3f1f580547b76a56c6a3f26600c1b992d287179b771dc5560e11013787080dd0259231b0145db8e63f8130b03f47ad2af6c27f44aae9b063a45f6122e58b868fdd0703d086b328643db27206a6fcd73bd8dc64d28191eee9f6a29c3c48f149d43a4dd4af67cd232510ac0dfb963800a1736317c0582e7d3ad2babba44faacb094fa592237a87f51582eb608e7ed487b4a6f4a7a486e33d397ca1ceb9c9f3f6943e7355c4a4905086bc727b6100b18778999adafbc275060780c8ff3d491d2373a559fae0054e296d67471b6c5f100bc46dd2998adc9d5d73bb4ae734159a6b252749c11ca27be84fb1ed3e5e7e08170cd4ef705e098d1b99f870fcf434de7edc3f921b820a854de549d156b9c2c2dc385f045318d8c741b82065b2db4b7bb7eb657436680cb136e899e96c43f9c8b05edcf76ddc9b874227bde3abed5c7a209b2de9bc4a697d113bee2a0671ddad481c60646a07333a8ee6c26b59aa52d3a52ac78c4521db522bf7068a7cd0bc94b57256bd95f9fd5d7e8f5038b1ae156dd222ed5636695a4974875252c6f4ffea7bbc592a7f983c48b2a1d28c2899ade27eab4b84e5e8df5748aaabfcbb11bf81493db4bd11c17ae38160e7f369e5d349ac689bbd469ee29c14ea392e0a90b4bef7827feb854866a4b708c04d6f5555234fba6115b2e9997754bbf178c049b7d77b2223f83ebf60a8cb99c9ad6a999033e15f0050af031cef4926eb14b0902c4f668c4768c206f28d3725a83f638ec55241a67b6e50a1c16541fcc0eead0a6175ee1477c8823978d7bc21241faee47b18cc7d193cbdbd9855eb90066fb3810790d80dea9315c3dc9a7238a80655f4849707772bb879b1ce9d91458ac4c16a7c0c6677b1ef17bc4fa0a83a1817b1f3d8ba64db14986dba57a633ae0080e8e0f5c298d8f56caad1430abd28e6c375ac80867a58b35cfb064b64acf0544492cf86752e5787a067678abe314f4d38390402f955737b995c798eae18a20cf5eef02de3fb2fcbb38daebd6fc6f7a4e4c25a3b8fc83728020effd05bca49f420cbde29dcd7f6bf18ca49dcc6b0c15db0229a3dae6ba9a579cce34fb13f881c450e6b4b27ac8af9eb4c718812e6d9ffea41f9bd4fc31be63248d7451bea9e7cb39bb29ed116af7904e93d3f2ee8fd37a822b2a4dc9b055e38d534b561176e0e527e2cfc9225915c998ab73ab3efe400f363e86f866d079ff62520492a7fbc0a0eb028c760cf667b8ec142790055b1bb4d901ce623e7dbfbe847247d76993213745babcc990931c27275094199cdf191bc6e356b166dc6c2b1a7044e54369b42fd455359c892dabd2d643e30da4b6f5bbdfee5932baff5d3dcd242c9a6b547c9ca08e598c87bbc31119349c70d2d68dabea4046e0006d876021cd7f831f7295a6bd9c234a73c1161a79a4b48930d9cd61cca69c0a888138ba501a99125615cbe18c1d22b86dc2066b74b37c6d122177b763ad1b4f7804838408a3f0d9d0d1ff7fa7b06b8b4d232f76b8aaf8c0c24baebdc18e0d5ee9b87c53bfe82a483daea7607f1da9a1ffecf0d9ce845ed70fae10b78fc0e60dde135f20b9c979683dadaf8c1938027c602a47061fd27ad705017fb7d8d857b09173ac4dc2092b7cafd16a068580182d4385f948e11cffc2997cd51b268d6c49906227e70200d5f2d39d461454d75c643144869d87583aec09cdea198f1c9ea613fbe9336df22dbd21fd6242d186ae209a351d4eb9911f361e0dd6f8bcdd1a00d938044aecbeaf00abb3df9b3af99c6f6d90c3520d36fe2a55addecc0086a58aeffff6e6cade5afe58351d168dc40eeeef01fc3e31c8c67d264be94f71cd4db810a57b9c330d9d5ef732f0d6a7658b5a0175bfbb5ff479ec494a1f4ca44b68670ebfa35066b5b0b465618eba7ba32cdbde54a908f85cb496545389a98a23f78f5c99438da7038071cf9173609d447260d58eb114e7d14ba8d5dcac54abb50dffad1f8e6c9393233981eccdb87202c5681b8904fbe095fb1a0c834cec31afcde2de9969879c2c7211397a62fcfef5568fa2a62bbf9376ac14f014ad7c53dacfc334ab43e8f08bebe1e8c96dd51b1b93ab9c7bb4d547948232193db13c43a0e8ec9d5af4a2c1006888ca3f441bb378a6aa94f6602b9b80d84cdfc4cfa57f91ab034bdabbdec3521c429409dcb22236222eb79bd1cd29aeebffb54df1fd04e7f7c8ee4c3ec9635d6331d2a3e789ddcb59d573d3b694d1d07d703584deda17ed458cc889d5e189de77985edef0dde8c896db2924d91df41a3ee08e32c25a6117adb55d160ff922926e0aac203416c7acdb65526305b840247192934748d60db993eb645812b9b7d7ab1b79d45c530417415a22dd9546178b54e6842faa8e478061af2197ddc4e30bde39c8b3e4cb09da50cccece72370bfa0482c04931f1bde40235a201c6e5890cdee9c29fa0c6b4565730ee7cb163ba6a63f1e3678046ad73cc241f49c876df73113204834337bc5ccd2b7297a2d6bec1c30204a05b6ba91fc1370dbbde622c7072abe925d9237ddcf5dc47d1784337fd3f25107e236bcfc1dc352aa0cf3ebf576c0dfd1890c283b30892fe0b9bf75b8294813ea89ca367f7cc330e781ea25380d02923142019d4b45db31c8cdce3188809cc453dabf1648e5286da1f0aa4fb4f199616ac48501f70069db6595540c1e80f9556956fa5e31565ec0bcdff39c5de8268c5831ef03c98149561241472ad30c3f5659921019f6d7f4f1ac62dfcfcc740b94813ea2531745c3f03caa0d52097a1328d515c6eee016aad65125c1a3b8b6cd41333a9cf353045d8c35315adb7d5b4b3c66ef34c7cc255054f7ce845f6dea3e5ddb020f34973dce7ae2345a80cdb8d1db6507075e6893fabc5db1e3e0330d3fc7d669d596000ae64dd397b71d9d88562c096a12dfe4c9f2a888bba68cf23de27ef7e533f87636c78b1de7617d34289854aaf54d3626b9fa6ecf2ae5cf8c40a5ec083c44f1c0da260296ea4b9222bcdb0eef3baa0ab7fb7a98ed86a9f3634ca9dd622efcd2786bc0a22acec3453e74fcee407a94d381638f4e9f423b89d251ae2393d1e4d713dead8c0c162d009434eb8eda45e35dd8225dc1e36069e5024c922d355770ac93549a874f4e322163aa8ceeb0a6d4c3cdf29b95513c4c2678fa24e53c167241bca67bc106bca9c3eac1eff1c5b0ab789c81ba931d60dcd8463f02e8822c2f863bd1d77e3e5c30000", @ANYRES32=0x0, @ANYBLOB="734a876aa29b0877d493e5227c137e1a990b8b782049218d349441c21f23170613015579f29ee902f9c2388c408b595db629b83e27d874bf6d7ae93f84828698fe30ba5d42734269e07bcceb6b7a47b83245f96d4790d73596a2b559ad7c85278728d8e1a55e9d0a3f312fb9463dc5b1d85846e7289b5988b761fb263925105db3684eaf210ce936eb0e61f2f853357b9b995bd909fc9f8e85a672bbc21d8e04c2dffd97b55818bc913196bf863ecaf0929215468edb307eb24a9dffb78b03d6a58927ff490700000008000a00070000000c00028008001000e600000008000a00c066ffff0500090001000000"], 0x1288}, 0x1, 0x0, 0x0, 0x200400f0}, 0x800) syz_genetlink_get_family_id$auto_macsec(0x0, r0) sendfile$auto(r0, r0, &(0x7f0000000340)=0x7, 0xffffffffffffffff) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4db0a, 0x3, 0x3, 0x62, 0x80000000, 0x9, 0x1, 0x9, 0x1, 0xfffffffffffffffc]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/pcm\x00', 0x88002, 0x0) pread64$auto(r3, 0x0, 0x594c, 0x9fffffffd) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001080), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_WIPHY(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1d000000", @ANYRES16=r5, @ANYBLOB="810b27bd7000ffdbdf250100000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000084}, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000100)='/dev/tty51\x00', 0xfe500, 0x0) mmap$auto(0xffffffff, 0x400005, 0x3, 0x11, 0x2, 0xfffffffffffffffe) fsconfig$auto(0xffffffffffffffff, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0xf5, 0x5, 0x3ff, 0x0) r7 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyp6\x00', 0xa0102, 0x0) ioctl$auto_TIOCSETD2(r7, 0x5423, 0x0) ioctl$auto_TIOCVHANGUP2(r6, 0x5437, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2.153008113s ago: executing program 0 (id=4117): r0 = socket(0x25, 0x1, 0x0) sendto$auto(r0, 0x0, 0x0, 0x0, 0x0, 0x3) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'bond_slave_0\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000280)={'veth0_to_bridge\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)=ANY=[@ANYBLOB='x\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012dbd700010dbdf2501000000250002809db50a3aafac7df4fb043112c0bce1d7a608006400", @ANYRES32=0x0, @ANYBLOB='\b\x00\v\x00', @ANYRES32=0x0, @ANYBLOB="0000003000018008000400010000001400020074756e6c300000000000000000000000080003000700000008000100", @ANYRES32=r2, @ANYBLOB="040003000400030004000300"], 0x78}, 0x1, 0x0, 0x0, 0x80}, 0x80) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0xff, 0xffffffffffffffff, 0x0) shutdown$auto(0xffffffffffffffff, 0x2) socket(0xa, 0x1, 0x100) r3 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) pread64$auto(r3, 0x0, 0x7ff, 0x400) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) munmap$auto(0x200000008000, 0xffffffff) r5 = openat$auto_udmabuf_fops_udmabuf(0xffffffffffffff9c, &(0x7f0000004040), 0x2000, 0x0) ioctl$auto_UDMABUF_CREATE_LIST(r5, 0x40087543, &(0x7f00000040c0)={0x1, 0x400}) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/firmware/acpi/interrupts/ff_pmtimer\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f0000000000)=""/45, 0x2d) creat$auto(&(0x7f0000000080)='./file0\x00', 0x8c) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x8000001f, 0x7, 0x6d3e, 0xc, 0x2, 0x6]}, 0x0) mmap$auto(0x1000000000, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) ioctl$auto(0x3, 0x2287, 0xffffffffffffffff) socket(0x1d, 0x80805, 0x0) mmap$auto(0x0, 0x5, 0x4, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto_proc_mem_operations_base(0xffffffffffffffff, &(0x7f0000001680)="a7", 0x80000) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x3) prctl$auto(0x43, 0x0, 0x0, 0x0, 0x0) 1.999555715s ago: executing program 1 (id=4118): mq_open$auto(0x0, 0xdd1, 0x8, 0x0) mq_notify$auto(0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) adjtimex$auto(&(0x7f00000005c0)={0xf332b6e, 0x0, 0xcea4, 0xfffffffffffffffd, 0xd4, 0x1, 0x0, 0x0, 0x1, 0x368e, 0x2, {0x100000000, 0x10000}, 0x5, 0x6, 0xfffffffffffffffd, 0x1007bfe, 0x0, 0x9, 0x81, 0xdfffffffffff628c, 0x2, 0xdeb1, 0x808}) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0xa3db) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) ioctl$auto(r1, 0x401870cb, r1) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000010c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022abd7010fbdbdf2502000000080003000000000008000100050000008b314df6f17b43acf502894c6668df1f792d535928a4b3821042b4614ed2ea9365318479b629bb58b6bf54852121f027003b95e8069727b995493559f95c79f7627190b5c31cb6e3beae4e32a92a9f2c0e5c886850cee602c842a785ecf49bfadd56e5d7c94496ccc01ad5745bb123e7cdfd41c6017691deee60c4a806c8de7e7cebea336e87"], 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0xc0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="10002cbd7000fddbdf251c"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a0027"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x381800, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7ffff000) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, 0x0, 0x800) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) symlink$auto(&(0x7f00000000c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) readlinkat$auto(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='\\\x00', 0x80) ioctl$auto_MTDFILEMODE(0xffffffffffffffff, 0x4d13, 0x0) r2 = eventfd$auto(0x80) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/block/ram8/queue/iostats\x00', 0xa001, 0x0) read$auto(r2, 0x0, 0xcc9c) listmount$auto(&(0x7f0000000100)={0x1f, @raw, 0x80000002, 0xfffffffffffffff7, 0x2}, 0x0, 0xf4240, 0x1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000400)='/sys/kernel/mm/transparent_hugepage/khugepaged/scan_sleep_millisecs\x00', 0xa0582, 0x0) 1.76042172s ago: executing program 3 (id=4119): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) timer_create$auto(0x2, 0x0, &(0x7f0000000140)=0x6) timer_settime$auto(0x0, 0x6, &(0x7f0000000000)={{0x100000001, 0x3ff}, {0x5a, 0x2}}, 0x0) timer_delete$auto(0x0) r0 = socket(0x18, 0x5, 0x2) bind$auto(r0, &(0x7f0000000440), 0x800) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto_TIOCSTI2(0xffffffffffffffff, 0x5412, &(0x7f0000000340)) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/vkms/graphics/fb0/state\x00', 0x0, 0x0) io_uring_setup$auto(0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty21\x00', 0x0, 0x0) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp1\x00', 0x121b42, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x401bf, 0x46, 0x2b, 0x1000000000065f, 0x80000000, 0x40000007, 0x3, 0x20000002, 0x9, 0x1, 0x6, 0x4, 0xb4, 0x9, 0x6, 0x2, 0x80, 0x4, 0x0, 0x7, 0x2000, 0x203, 0x0, 0x84}, 0x1fe, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) 1.589035155s ago: executing program 1 (id=4120): r0 = socket(0x10, 0x2, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x9) close_range$auto(0xffffffffffffffff, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdc, 0xeb1, 0xffffffffffffffff, 0x8000) pwritev$auto(r0, &(0x7f0000000140)={&(0x7f0000000080)="99d053649de56b5c7d62a77ff09818be6a9456b6cb564f26c8e0678ed00272f4360b928e67419cca44f3957e192a6050f157fbd8c3b9c9853e3675453467b15e59597930", 0x4}, 0x80000000, 0xa470, 0x800004) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/mm/hugepages/hugepages-2048kB/resv_hugepages\x00', 0x70280, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/65, 0x41) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) read$auto_tun_fops_tun(0xffffffffffffffff, 0x0, 0x0) madvise$auto(0x4bb0, 0x7, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x2000, 0x0) ioctl$auto(r2, 0x4b4e, r2) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/net/afs/rootcell\x00', 0x1cb842, 0x0) write$auto(r3, &(0x7f0000000300)='*o\xd3\xa49\xaf\xa9\xe4\xe17\x12\xb3Z\x17I\x82\xdc\xbeiw\xc1\xd1\x8d\x9b\r\x9aR\xe7\x9f\xd8\xab\x16`f\nT\xaa\xfap \xe6\xdaV\xdeD\x8dR5\xd2\xe58\n\xff\x19+\xeb\xb3+\xf6\xc6\a\x00\x00\x00\xf1A\xa5\x95\x1fk\x1f\xff\x99gP\x9e\x88\x97]\x93\xf4\xdd<\xe7p\x0e\xd4C\xdc\x84\v\xafz\xfd\x81\xa3\xb2\xbb\xa4\xd9\xf2P\xa8\xe9\x8f\x13\xa7\x98\x85\xf8\v\aB\xfc\xfa\x14E\xb8y\x884<\xa7\xffyb\x8a\b\xbb\x1b\x13W\xe3\xf7\xd8\x83\xc9\xd7\x8c', 0x6) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1e, 0x1, 0x0, 0x0) r4 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto_TIOCSETD2(r4, 0x5423, 0x0) ioctl$auto_TCFLSH2(r4, 0x540b, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) memfd_create$auto(&(0x7f0000000040)='A^^\x02\x00\xef\x97\x8aY\x00\x00\xd2\x8c\xb05\x03\\\xb2\xbf247{\xde\t8\f\x00\x00\v\x00\x82\xcc\"K\xe1IIT\x00'/54, 0x5) mmap$auto(0x0, 0x9, 0xff7, 0x8000000008011, 0x4, 0x0) mmap$auto(0x0, 0x9, 0xff7, 0x8000000008012, 0x1000000004, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r6 = socket(0x10, 0x2, 0x0) setuid$auto(0xe) ioctl$auto(r6, 0x8946, 0x24) 1.289285308s ago: executing program 3 (id=4121): madvise$auto_MADV_NORMAL(0x2, 0x7, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x10, &(0x7f0000000000)={0x0, 0x1fff8}, 0x8, 0x0, 0x2, 0x4b}, 0xfff}, 0x5, 0x311) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x29, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) ioperm$auto(0x7, 0x800, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) mmap$auto(0x0, 0x5, 0x8000000000000000, 0x9b71, r0, 0x800008000) r1 = socket(0xa, 0x3, 0x3a) getsockopt$auto(r1, 0x2b, 0xd2, 0x0, 0x0) socket(0x8, 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x400001, 0x0) prctl$auto(0x733f, 0x6, 0x0, 0x100, 0xd) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) write$auto(r1, &(0x7f0000000180)='/Eev\x1e\xf2\xc3S\x04\xd3YZU/audig1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x00\x00\x01\x00\xd7lD\x97\x04}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc\xf304\x8e\xc4$)FW\xea\xbf\x7f1\x17i\xc1\x1a\x98}\x84:\x7f\x17\r\xe9y\xe6\xabHu\x18E\xe2\xa7\xce\x8ef\x9f\x0f\x05\xec\x02\xe7\xce\x1d\"\xb3\xcc\xe0,c\x9b\x99\xd5\x034\xf4\xfch!vo\x97\x86~5\xc7\xa1', 0x100000a3d9) select$auto(0x7, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x200c, 0x20009, 0x0, 0x14, 0xffffffffffffffff, 0xffffffffffff84db) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x105, 0x10008, 0x2917) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x50b41, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/bus/usb/drivers/net1080/new_id\x00', 0x20240, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) write$auto(0x3, 0x0, 0xfdef) r2 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r2, &(0x7f00000002c0)=""/190, 0xfffffe39) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) madvise$auto(0x0, 0x2003f0, 0x18) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 927.35965ms ago: executing program 0 (id=4122): msync$auto(0x1ffff000, 0x1800000ff00e4ff, 0x400000004) 539.515405ms ago: executing program 4 (id=4123): close_range$auto(0xffffffffffffffff, 0x8, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, 0x0, 0x20000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x2, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) sendmmsg$auto(r0, &(0x7f0000000080)={{&(0x7f0000000040), 0x1c, &(0x7f00000000c0)={0x0, 0x1a004}, 0x7, 0x0, 0x0, 0xb}, 0xfff}, 0x5, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x19, 0x0, 0x8) 510.143461ms ago: executing program 0 (id=4124): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) r0 = open(&(0x7f0000000000)='./bus\x00', 0x1652c2, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r0, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x12ba7e, 0x45) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0) fcntl$auto(0x3, 0x4, 0xa553) fanotify_mark$auto(0x0, 0x451, 0xa, r1, 0x0) 402.126468ms ago: executing program 1 (id=4125): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_REQ_SET_REG(r0, &(0x7f000000a5c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r1, 0x1, 0x70bd2e, 0x25dfdbfd, {}, [@NL80211_ATTR_USER_REG_HINT_TYPE={0x8, 0x9a, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x24008080) unshare$auto(0x20000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x109001, 0x0) ioctl$auto_IOCTL_VMCI_DATAGRAM_SEND(0xffffffffffffffff, 0x7ab, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0x10, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000003b40)={'xfrm0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r6, &(0x7f0000004380)={0x0, 0x0, &(0x7f0000004340)={&(0x7f0000004300)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\v'], 0x14}, 0x1, 0x0, 0x0, 0x8010}, 0x810) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000300), r6) read$auto(r6, &(0x7f0000000040)='nl80211\x00', 0xbe62) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='h\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000226bd7000fedbdf2503000000080003000002000006000700", @ANYRES32=0x0, @ANYBLOB="0a00050000000000000000000a00010000000000000000000a000500000000000000000008000200", @ANYRES32], 0x68}, 0x1, 0x0, 0x0, 0x40080}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYRES16=r5], 0x1ac}}, 0x40001) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)="3163f6e70ee74f7995770d81e82548ebb25e695a50d1415dc21108f15b00b96c9c5d348b3ee07eeba291d59057a789cd0b67456b804d43be5785bdc009c5932269cbdf3620d8a5203c5333bd5276515bcb17", 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x4}, 0x7, 0x4008) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) io_setup$auto(0x7ffe, 0x0) io_setup$auto(0x7ffe, &(0x7f0000000000)) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptyq5\x00', 0xa40, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x1000000000007fff, 0xeb1, 0xfffffffffffffffa, 0x8000) mlockall$auto(0x7) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) mprotect$auto(0x0, 0x806121, 0x6) socket(0x18, 0x3, 0x5) fcntl$auto(0x3, 0x4, 0xa553) 267.119203ms ago: executing program 4 (id=4126): ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, 0x0, 0x0, 0x0) landlock_add_rule$auto_LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000080)="b180d496466d9410f92abe262926a6048402a1e0be9bfc24115f5900d5dcb39eb9899708b9be2cf79548755fc8d3fd857e65195cfb4696e28ab778664493fdc3aa87dc78df99d4d590529e77e77a542b11c5a99775161750658df6f55948996b41332892903594446bc44b59fec0cec06f8dd0707cfc7051de34cc", 0x3) r1 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r1, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r2, 0x4004af61, 0x0) 244.571115ms ago: executing program 0 (id=4127): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0xfb97313a78755c29, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x0, 0x31) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/lru_gen_full\x00', 0xc0200, 0x0) r1 = socket(0x1e, 0x6, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffG\x00\x00\x00\x00\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\x95tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x9a3.O\xab\"4\x8a\xbbY8@Z5i\xa4m\xffb\x17\xbb_\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce\x7fU\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x2100000a3d9) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f00000002c0)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4008000}, 0x8010) mmap$auto(0x0, 0x2020009, 0x8000000007, 0x11, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x7) r2 = signalfd4$auto(0xffffffff, 0x0, 0x8, 0x0) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r3, 0x0, 0xfff) msync$auto(0x7f, 0x6, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/virtual/block/loop15/queue/discard_granularity\x00', 0x8000, 0x0) clock_nanosleep$auto(0x8001, 0x9, &(0x7f0000000240)={0xf5f, 0x7f}, &(0x7f0000000040)={0x9, 0xfffffffffffffffe}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r4 = socket(0x10, 0x2, 0x4) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/default/drop_gratuitous_arp\x00', 0x141241, 0x0) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x8000000000000000, 0x3, 0x4, 0x5, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x3d, 0xe, 0x3, 0x101, 0x100000000000ff, 0x1000000002, 0x80080001]}, 0x0, 0x0) write$auto(r4, &(0x7f0000000000)='-\x00', 0x2fb) sendmsg$auto_NL80211_CMD_SET_BSS(r2, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000300)={&(0x7f0000000540)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="14012abd7000ffdbdf251900000004003401060012010600000008006b005afbffff0400ae00040af46c4c00a400070000003100baf24346dfb225489d0109440700564b7d8a5db7db69d177c8cc677a702ee5806a35c5455fad8750a68c54b0884433289fa1dced5006e3f04e516b0000004d3cf0208aba65b10d322659350fb044"], 0x6c}, 0x1, 0x0, 0x0, 0x4c}, 0x20000000) unshare$auto(0x10000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket$nl_generic(0x10, 0x3, 0x10) 228.213455ms ago: executing program 3 (id=4128): close_range$auto(0x0, 0xfffffffffffff000, 0x400002) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) socket(0xa, 0x2, 0x3a) r0 = io_uring_setup$auto(0x52, 0x0) mmap$auto(0x0, 0x20007, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x4008af03, 0x0) io_uring_setup$auto(0x166, 0x0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8842, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/loop9/range\x00', 0x12000, 0x0) read$auto(r2, 0x0, 0x20) r3 = socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(r3, 0xfffffffffffff000, 0x2) landlock_create_ruleset$auto(&(0x7f0000000000)={0x6, 0x400000000000400, 0x9}, 0x9, 0x0) landlock_restrict_self$auto(r3, 0x0) symlink$auto(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') rename$auto(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='./file0/../file0\x00') writev$auto(r1, &(0x7f0000000200)={0x0, 0x3}, 0x3) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/trace_options\x00', 0x84100, 0x0) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="050000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a51761"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0x1f, "abe6de3d6468fe8000"}, 0x55) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xffff}, 0x1, 0x0, 0x0, 0x9}, 0x100007}, 0x3, 0x0) openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs1\x00', 0x108002, 0x0) read$auto(0x3, 0x0, 0x80) r4 = open(&(0x7f00000000c0)='./cgroup\x00', 0x0, 0xb5d1af1605322df2) syz_clone3(&(0x7f00000003c0)={0x383201180, 0x0, 0x0, 0x0, {0x1a}, 0x0, 0x0, 0x0, 0x0, 0x0, {r4}}, 0x58) 0s ago: executing program 4 (id=4129): socket(0x11, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={0x0, 0x10}, 0x2, &(0x7f0000000140), 0x8, 0x1}, 0x5}, 0x2, 0x101) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/003/001\x00', 0x1, 0x0) ioctl$auto_USBDEVFS_BULK32(r0, 0xc0105502, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20b42, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, 0x0) ioctl$auto_BLKFLSBUF(0xffffffffffffffff, 0x1261, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x801, 0x106) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket(0x2, 0x1, 0x84) sysfs$auto(0x2, 0x100000000000037, 0x0) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r3, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) mmap$auto(0x1fd, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r4 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r4, 0x11e, 0x1, 0xfffffffffffffffe, 0x0) copy_file_range$auto(0xffffffffffffffff, 0x0, r2, 0x0, 0x3, 0x7ff) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) unshare$auto(0x2) ioctl$auto_TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f0000000140)={0x10, 0x0}) recvmmsg$auto(0xffffffffffffffff, &(0x7f0000000340)={{&(0x7f0000000200), 0x10, 0x0, 0x7, 0x0, 0x8000000000000001, 0x3ff}, 0x9}, 0x81, 0xbdf9, 0x0) kernel console output (not intermixed with test programs): arsing attributes in process `syz.3.2619'. [ 714.455735][T16375] mac80211_hwsim hwsim112 wlan1: entered allmulticast mode [ 714.902173][T16378] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 714.908457][T16378] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 714.915127][T16378] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 714.950530][T16378] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 714.956648][T16378] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 715.034158][T16378] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 715.205103][T16397] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2622'. [ 715.292788][T16397] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2622'. [ 715.608159][T16407] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input7 [ 716.503992][T16424] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2630'. [ 716.535011][T16424] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2630'. [ 716.649668][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 716.968109][ T51] Bluetooth: hci0: command 0x0419 tx timeout [ 716.974290][T13554] Bluetooth: hci4: command 0x0c1a tx timeout [ 717.033362][T16434] net_ratelimit: 1 callbacks suppressed [ 717.033391][T16434] netlink: zone id is out of range [ 717.048172][ T51] Bluetooth: hci3: command 0x041b tx timeout [ 717.296387][T16434] netlink: zone id is out of range [ 717.363395][T16434] netlink: zone id is out of range [ 717.409839][T16434] netlink: zone id is out of range [ 717.414986][T16434] netlink: zone id is out of range [ 717.465062][T16434] netlink: zone id is out of range [ 717.522445][T16434] netlink: zone id is out of range [ 717.573038][T16434] netlink: zone id is out of range [ 717.619685][T16434] netlink: zone id is out of range [ 717.639121][T16452] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 719.037430][T13554] Bluetooth: hci4: command 0x0c1a tx timeout [ 719.043977][ T51] Bluetooth: hci0: command 0x0419 tx timeout [ 719.628427][T16494] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2645'. [ 719.644693][T16497] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2646'. [ 719.696594][T16497] mac80211_hwsim hwsim115 wlan1: entered allmulticast mode [ 719.797523][T16502] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2647'. [ 719.905691][T16502] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2647'. [ 720.477374][T16497] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 720.484191][T16497] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 720.506553][T16497] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 720.534265][T16497] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 721.991910][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 722.539797][T13554] Bluetooth: hci0: command 0x0419 tx timeout [ 722.545834][ T5885] Bluetooth: hci4: command 0x0c1a tx timeout [ 722.553160][ T51] Bluetooth: hci3: command 0x041b tx timeout [ 723.249474][T16552] net_ratelimit: 521 callbacks suppressed [ 723.249493][T16552] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 723.338609][T16552] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 724.061622][T16566] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2662'. [ 724.088781][T16569] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2663'. [ 725.120953][T16575] FAULT_INJECTION: forcing a failure. [ 725.120953][T16575] name fail_futex, interval 1, probability 0, space 0, times 0 [ 725.134171][T16575] CPU: 0 UID: 0 PID: 16575 Comm: syz.3.2663 Not tainted syzkaller #0 PREEMPT(full) [ 725.134217][T16575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 725.134238][T16575] Call Trace: [ 725.134250][T16575] [ 725.134263][T16575] dump_stack_lvl+0x16c/0x1f0 [ 725.134326][T16575] should_fail_ex+0x512/0x640 [ 725.134386][T16575] get_futex_key+0x1d0/0x1560 [ 725.134433][T16575] ? __pfx_get_futex_key+0x10/0x10 [ 725.134476][T16575] ? __pfx___schedule+0x10/0x10 [ 725.134529][T16575] futex_wait_setup+0x9d/0x550 [ 725.134593][T16575] __futex_wait+0x194/0x2f0 [ 725.134645][T16575] ? __pfx___futex_wait+0x10/0x10 [ 725.134703][T16575] ? __pfx_futex_wake_mark+0x10/0x10 [ 725.134761][T16575] ? futex_private_hash_put+0x176/0x300 [ 725.134807][T16575] ? futex_private_hash_put+0x18a/0x300 [ 725.134851][T16575] futex_wait+0xe8/0x380 [ 725.134901][T16575] ? __pfx_futex_wait+0x10/0x10 [ 725.134964][T16575] ? ksys_write+0x190/0x250 [ 725.135011][T16575] do_futex+0x229/0x350 [ 725.135072][T16575] ? __pfx_do_futex+0x10/0x10 [ 725.135128][T16575] __x64_sys_futex+0x1e0/0x4c0 [ 725.135175][T16575] ? fput+0x9b/0xd0 [ 725.135223][T16575] ? __pfx___x64_sys_futex+0x10/0x10 [ 725.135268][T16575] ? xfd_validate_state+0x61/0x180 [ 725.135327][T16575] ? __pfx_ksys_write+0x10/0x10 [ 725.135383][T16575] do_syscall_64+0xcd/0x490 [ 725.135439][T16575] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 725.135474][T16575] RIP: 0033:0x7f6d58b8ebe9 [ 725.135499][T16575] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 725.135533][T16575] RSP: 002b:00007f6d59a7d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 725.135565][T16575] RAX: ffffffffffffffda RBX: 00007f6d58dc6098 RCX: 00007f6d58b8ebe9 [ 725.135588][T16575] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f6d58dc6098 [ 725.135609][T16575] RBP: 00007f6d58dc6090 R08: 0000000000000000 R09: 0000000000000000 [ 725.135630][T16575] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 725.135650][T16575] R13: 00007f6d58dc6128 R14: 00007ffdd919a730 R15: 00007ffdd919a818 [ 725.135694][T16575] [ 726.281790][T16597] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 726.377746][T16604] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2672'. [ 726.416182][T16604] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2672'. [ 730.567892][T16668] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2686'. [ 730.598162][T16668] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2686'. [ 731.697727][T16697] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 732.934106][T16715] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2697'. [ 735.178849][T16756] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 737.939488][T16793] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 738.491371][T16807] netlink: 'syz.3.2719': attribute type 1 has an invalid length. [ 741.655703][T16832] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2726'. [ 741.686019][T16832] mac80211_hwsim hwsim96 wlan1: entered allmulticast mode [ 741.922356][T16835] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2725'. [ 742.169050][T16845] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2727'. [ 742.195428][T16845] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2727'. [ 742.956962][T16835] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 743.032672][T16835] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 743.062964][T16835] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 743.112803][T16835] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 743.334410][T16853] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2731'. [ 744.015828][T16856] Invalid ELF header magic: != ELF [ 744.192814][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 745.062356][ T51] Bluetooth: hci0: command 0x0419 tx timeout [ 745.062629][ T5885] Bluetooth: hci4: command 0x0c1a tx timeout [ 745.141514][ T5885] Bluetooth: hci3: command 0x041b tx timeout [ 748.659605][T16947] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2757'. [ 749.385614][T16957] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2758'. [ 749.402491][T16943] Invalid ELF header magic: != ELF [ 749.477657][T16949] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 749.493949][T16949] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 749.548936][T16949] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 749.555080][T16949] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 750.371964][T16965] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 750.871802][ T5885] Bluetooth: hci2: command 0x0406 tx timeout [ 751.320234][T16996] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2765'. [ 751.508818][ T5885] Bluetooth: hci4: command 0x0c1a tx timeout [ 751.598090][ T5885] Bluetooth: hci3: command 0x041b tx timeout [ 751.599154][ T51] Bluetooth: hci0: command 0x0419 tx timeout [ 751.913786][ T5885] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 751.924293][ T5885] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 751.932608][ T5885] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 751.941476][ T5885] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 751.955578][ T5885] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 752.480538][T17018] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2771'. [ 752.863763][T17006] chnl_net:caif_netlink_parms(): no params data found [ 752.951279][T12727] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.331305][T17018] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 753.370776][T17018] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 753.377182][T17018] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 753.383506][T17018] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 753.390328][T17018] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 753.402264][T17018] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 753.703453][T12727] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 753.986805][T12727] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 754.787861][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 754.809355][T12727] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 754.908642][T17006] bridge0: port 1(bridge_slave_0) entered blocking state [ 754.943379][T17006] bridge0: port 1(bridge_slave_0) entered disabled state [ 754.953467][T17006] bridge_slave_0: entered allmulticast mode [ 754.968000][T17006] bridge_slave_0: entered promiscuous mode [ 754.981139][T17006] bridge0: port 2(bridge_slave_1) entered blocking state [ 754.989540][T17006] bridge0: port 2(bridge_slave_1) entered disabled state [ 754.998704][T17006] bridge_slave_1: entered allmulticast mode [ 755.007242][T17006] bridge_slave_1: entered promiscuous mode [ 755.235115][T17045] ieee80211 phy120: Failed to add default virtual iface [ 755.256329][T17006] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 755.300867][T17006] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 755.408374][ T51] Bluetooth: hci1: command 0x041b tx timeout [ 755.415202][ T5885] Bluetooth: hci3: command 0x041b tx timeout [ 755.421239][T13554] Bluetooth: hci0: command 0x0419 tx timeout [ 755.587491][T17006] team0: Port device team_slave_0 added [ 755.658793][T17006] team0: Port device team_slave_1 added [ 755.817321][T12727] bridge_slave_1: left allmulticast mode [ 755.825592][T12727] bridge_slave_1: left promiscuous mode [ 755.836509][T12727] bridge0: port 2(bridge_slave_1) entered disabled state [ 755.872610][T12727] bridge_slave_0: left allmulticast mode [ 755.881571][T12727] bridge_slave_0: left promiscuous mode [ 755.888046][T12727] bridge0: port 1(bridge_slave_0) entered disabled state [ 756.226585][T17058] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2782'. [ 756.798318][T12727] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 756.824473][T12727] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 756.842905][T12727] bond0 (unregistering): Released all slaves [ 756.881339][T17006] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 756.888340][T17006] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 756.998107][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 757.017626][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 757.107822][T17006] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 757.230923][T17006] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 757.237922][T17006] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 757.288403][T17063] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 757.294575][T17063] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 757.315403][T17006] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 757.328283][T17063] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 757.354231][T12727] ovs_: left promiscuous mode [ 757.368108][T17063] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 757.689975][T12727] tipc: Left network mode [ 757.850287][T17006] hsr_slave_0: entered promiscuous mode [ 757.870027][T17006] hsr_slave_1: entered promiscuous mode [ 757.929661][T17006] debugfs: 'hsr0' already exists in 'hsr' [ 757.974836][T17006] Cannot create hsr debugfs directory [ 759.312502][T13554] Bluetooth: hci0: command 0x0419 tx timeout [ 759.318853][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 759.397638][T13554] Bluetooth: hci1: command 0x041b tx timeout [ 759.404225][T13554] Bluetooth: hci3: command 0x041b tx timeout [ 760.386357][T17128] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2796'. [ 761.412965][T17006] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 761.457057][T13554] Bluetooth: hci1: command 0x041b tx timeout [ 761.471151][T17006] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 761.541747][T17006] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 761.608308][T17142] random: crng reseeded on system resumption [ 761.627157][T17006] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 763.033223][T17006] 8021q: adding VLAN 0 to HW filter on device bond0 [ 763.473481][T17006] 8021q: adding VLAN 0 to HW filter on device team0 [ 763.526156][T13554] Bluetooth: hci1: command 0x041b tx timeout [ 763.841245][T12735] bridge0: port 1(bridge_slave_0) entered blocking state [ 763.848507][T12735] bridge0: port 1(bridge_slave_0) entered forwarding state [ 764.028316][T12735] bridge0: port 2(bridge_slave_1) entered blocking state [ 764.035521][T12735] bridge0: port 2(bridge_slave_1) entered forwarding state [ 764.167357][T17191] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2805'. [ 764.180240][T17191] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2805'. [ 764.429211][T17186] snd_aloop snd_aloop.0: control 7:257:7:ª¸è:0 is already present [ 765.595538][T13554] Bluetooth: hci1: command 0x041b tx timeout [ 765.974510][T12727] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 765.985354][T12727] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 765.995093][T12727] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 766.002616][T12727] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 766.038828][T12727] veth1_macvtap: left promiscuous mode [ 766.044815][T12727] veth0_macvtap: left promiscuous mode [ 766.053180][T12727] veth1_vlan: left promiscuous mode [ 766.058668][T12727] veth0_vlan: left promiscuous mode [ 766.947043][T12727] team0 (unregistering): Port device team_slave_1 removed [ 767.026450][T12727] team0 (unregistering): Port device team_slave_0 removed [ 767.664741][T13554] Bluetooth: hci1: command 0x041b tx timeout [ 768.089265][T17006] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 769.030199][T17006] veth0_vlan: entered promiscuous mode [ 769.239775][T17006] veth1_vlan: entered promiscuous mode [ 769.421181][T17006] veth0_macvtap: entered promiscuous mode [ 769.431237][T17006] veth1_macvtap: entered promiscuous mode [ 769.472666][T17006] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 769.660877][T17006] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 769.797955][T12735] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.839613][T12735] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.870155][T12735] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 769.879519][T12735] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 770.024117][T17248] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2816'. [ 770.047887][T17248] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2816'. [ 770.094867][T12727] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 770.135271][T12727] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 770.281835][T17243] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 770.535969][T12735] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 770.573703][T12735] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 771.065273][T17254] FAULT_INJECTION: forcing a failure. [ 771.065273][T17254] name failslab, interval 1, probability 0, space 0, times 0 [ 771.207213][T17254] CPU: 1 UID: 0 PID: 17254 Comm: syz.0.2763 Not tainted syzkaller #0 PREEMPT(full) [ 771.207259][T17254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 771.207280][T17254] Call Trace: [ 771.207291][T17254] [ 771.207303][T17254] dump_stack_lvl+0x16c/0x1f0 [ 771.207362][T17254] should_fail_ex+0x512/0x640 [ 771.207415][T17254] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 771.207460][T17254] should_failslab+0xc2/0x120 [ 771.207506][T17254] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 771.207549][T17254] ? ptlock_alloc+0x1f/0x70 [ 771.207588][T17254] ptlock_alloc+0x1f/0x70 [ 771.207622][T17254] pte_alloc_one+0x82/0x3a0 [ 771.207659][T17254] __pte_alloc+0x6d/0x3c0 [ 771.207706][T17254] ? __pfx___pte_alloc+0x10/0x10 [ 771.207757][T17254] ? do_raw_spin_lock+0x12c/0x2b0 [ 771.207814][T17254] do_pte_missing+0x285a/0x3ba0 [ 771.207851][T17254] ? do_raw_spin_unlock+0x172/0x230 [ 771.207905][T17254] ? _raw_spin_unlock+0x28/0x50 [ 771.207948][T17254] ? __pmd_alloc+0x3fb/0x930 [ 771.208003][T17254] __handle_mm_fault+0x152a/0x2a50 [ 771.208070][T17254] ? __pfx___handle_mm_fault+0x10/0x10 [ 771.208141][T17254] handle_mm_fault+0x589/0xd10 [ 771.208184][T17254] __get_user_pages+0x551/0x34a0 [ 771.208251][T17254] ? __pfx___get_user_pages+0x10/0x10 [ 771.208313][T17254] populate_vma_page_range+0x267/0x3f0 [ 771.208370][T17254] ? __pfx_populate_vma_page_range+0x10/0x10 [ 771.208422][T17254] ? __pfx_find_vma_intersection+0x10/0x10 [ 771.208473][T17254] ? do_mmap+0x69c/0x1210 [ 771.208523][T17254] __mm_populate+0x1d8/0x380 [ 771.208578][T17254] ? __pfx___mm_populate+0x10/0x10 [ 771.208635][T17254] ? up_write+0x1b2/0x520 [ 771.208687][T17254] vm_mmap_pgoff+0x37f/0x470 [ 771.208740][T17254] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 771.208796][T17254] ? __x64_sys_futex+0x1e0/0x4c0 [ 771.208838][T17254] ? __x64_sys_futex+0x1e9/0x4c0 [ 771.208885][T17254] ksys_mmap_pgoff+0x7d/0x5c0 [ 771.208931][T17254] ? xfd_validate_state+0x61/0x180 [ 771.208978][T17254] ? __pfx___x64_sys_pread64+0x10/0x10 [ 771.209025][T17254] __x64_sys_mmap+0x125/0x190 [ 771.209089][T17254] do_syscall_64+0xcd/0x490 [ 771.209145][T17254] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 771.209179][T17254] RIP: 0033:0x7f5f3e38ebe9 [ 771.209204][T17254] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 771.209237][T17254] RSP: 002b:00007f5f3f173038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 771.209267][T17254] RAX: ffffffffffffffda RBX: 00007f5f3e5c5fa0 RCX: 00007f5f3e38ebe9 [ 771.209289][T17254] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 771.209309][T17254] RBP: 00007f5f3e411e19 R08: 0000000000000002 R09: 0000000000008000 [ 771.209329][T17254] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 771.209349][T17254] R13: 00007f5f3e5c6038 R14: 00007f5f3e5c5fa0 R15: 00007ffde5eff1e8 [ 771.209392][T17254] [ 773.454071][T17291] random: crng reseeded on system resumption [ 774.247764][T17299] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2826'. [ 774.387811][T17299] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2826'. [ 775.406716][T17313] netlink: 'syz.0.2830': attribute type 1 has an invalid length. [ 775.428177][T17313] netlink: 33 bytes leftover after parsing attributes in process `syz.0.2830'. [ 775.653100][T17333] FAULT_INJECTION: forcing a failure. [ 775.653100][T17333] name failslab, interval 1, probability 0, space 0, times 0 [ 775.682167][T17333] CPU: 0 UID: 0 PID: 17333 Comm: syz.1.2835 Not tainted syzkaller #0 PREEMPT(full) [ 775.682210][T17333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 775.682229][T17333] Call Trace: [ 775.682240][T17333] [ 775.682251][T17333] dump_stack_lvl+0x16c/0x1f0 [ 775.682306][T17333] should_fail_ex+0x512/0x640 [ 775.682357][T17333] ? fs_reclaim_acquire+0xae/0x150 [ 775.682409][T17333] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 775.682457][T17333] should_failslab+0xc2/0x120 [ 775.682501][T17333] __kmalloc_noprof+0xd2/0x510 [ 775.682552][T17333] tomoyo_realpath_from_path+0xc2/0x6e0 [ 775.682613][T17333] ? tomoyo_profile+0x47/0x60 [ 775.682646][T17333] tomoyo_path_number_perm+0x245/0x580 [ 775.682685][T17333] ? tomoyo_path_number_perm+0x237/0x580 [ 775.682730][T17333] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 775.682775][T17333] ? find_held_lock+0x2b/0x80 [ 775.682844][T17333] ? find_held_lock+0x2b/0x80 [ 775.682875][T17333] ? hook_file_ioctl_common+0x145/0x410 [ 775.682929][T17333] ? __fget_files+0x20e/0x3c0 [ 775.682971][T17333] security_file_ioctl+0x9b/0x240 [ 775.683016][T17333] __x64_sys_ioctl+0xb7/0x210 [ 775.683071][T17333] do_syscall_64+0xcd/0x490 [ 775.683134][T17333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 775.683167][T17333] RIP: 0033:0x7f707018ebe9 [ 775.683192][T17333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 775.683224][T17333] RSP: 002b:00007f7071070038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 775.683253][T17333] RAX: ffffffffffffffda RBX: 00007f70703c5fa0 RCX: 00007f707018ebe9 [ 775.683275][T17333] RDX: 0000000000000000 RSI: 00000000800454d2 RDI: 0000000000000003 [ 775.683294][T17333] RBP: 00007f7071070090 R08: 0000000000000000 R09: 0000000000000000 [ 775.683315][T17333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 775.683333][T17333] R13: 00007f70703c6038 R14: 00007f70703c5fa0 R15: 00007fffbb9d7088 [ 775.683376][T17333] [ 776.001310][T17333] ERROR: Out of memory at tomoyo_realpath_from_path. [ 776.062827][T17337] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2836'. [ 776.401664][T17346] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2839'. [ 776.556016][T17346] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2839'. [ 777.541506][T17372] netlink: 'syz.3.2845': attribute type 1 has an invalid length. [ 777.559605][T17372] netlink: 33 bytes leftover after parsing attributes in process `syz.3.2845'. [ 778.446451][T17395] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2851'. [ 778.521300][T17399] random: crng reseeded on system resumption [ 779.413687][T17401] FAULT_INJECTION: forcing a failure. [ 779.413687][T17401] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 779.428093][T17401] CPU: 0 UID: 0 PID: 17401 Comm: syz.0.2851 Not tainted syzkaller #0 PREEMPT(full) [ 779.428138][T17401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 779.428159][T17401] Call Trace: [ 779.428170][T17401] [ 779.428182][T17401] dump_stack_lvl+0x16c/0x1f0 [ 779.428245][T17401] should_fail_ex+0x512/0x640 [ 779.428306][T17401] _copy_from_user+0x2e/0xd0 [ 779.428345][T17401] __sys_bpf+0x21d/0x4de0 [ 779.428402][T17401] ? __pfx___sys_bpf+0x10/0x10 [ 779.428453][T17401] ? ksys_write+0x190/0x250 [ 779.428500][T17401] ? do_futex+0x122/0x350 [ 779.428543][T17401] ? __pfx_do_futex+0x10/0x10 [ 779.428602][T17401] ? fput+0x9b/0xd0 [ 779.428650][T17401] ? xfd_validate_state+0x61/0x180 [ 779.428698][T17401] ? __pfx_ksys_write+0x10/0x10 [ 779.428744][T17401] __x64_sys_bpf+0x78/0xc0 [ 779.428795][T17401] ? lockdep_hardirqs_on+0x7c/0x110 [ 779.428844][T17401] do_syscall_64+0xcd/0x490 [ 779.428899][T17401] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 779.428932][T17401] RIP: 0033:0x7f5f3e38ebe9 [ 779.428958][T17401] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 779.428991][T17401] RSP: 002b:00007f5f3f152038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 779.429022][T17401] RAX: ffffffffffffffda RBX: 00007f5f3e5c6090 RCX: 00007f5f3e38ebe9 [ 779.429043][T17401] RDX: 00000000000006f4 RSI: 0000000000000000 RDI: 0000000000000000 [ 779.429063][T17401] RBP: 00007f5f3e411e19 R08: 0000000000000000 R09: 0000000000000000 [ 779.429083][T17401] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 779.429103][T17401] R13: 00007f5f3e5c6128 R14: 00007f5f3e5c6090 R15: 00007ffde5eff1e8 [ 779.429145][T17401] [ 779.789504][T17418] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2859'. [ 780.237691][T17435] netlink: 'syz.0.2863': attribute type 1 has an invalid length. [ 780.255419][T17435] nbd: error processing sock list [ 780.584568][T17421] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 780.591095][T17421] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 780.597440][T17421] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 780.610715][T17421] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 781.077103][T17450] netlink: 334 bytes leftover after parsing attributes in process `syz.1.2865'. [ 781.217126][T17450] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2865'. [ 781.604073][T17459] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2869'. [ 781.991095][T13554] Bluetooth: hci4: command 0x0c1a tx timeout [ 782.626914][T13554] Bluetooth: hci1: command 0x041b tx timeout [ 782.633113][ T51] Bluetooth: hci3: command 0x041b tx timeout [ 782.639264][ T5885] Bluetooth: hci0: command 0x0419 tx timeout [ 782.666165][T17467] FAULT_INJECTION: forcing a failure. [ 782.666165][T17467] name failslab, interval 1, probability 0, space 0, times 0 [ 782.682772][T17467] CPU: 0 UID: 0 PID: 17467 Comm: syz.1.2869 Not tainted syzkaller #0 PREEMPT(full) [ 782.682817][T17467] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 782.682837][T17467] Call Trace: [ 782.682849][T17467] [ 782.682861][T17467] dump_stack_lvl+0x16c/0x1f0 [ 782.682920][T17467] should_fail_ex+0x512/0x640 [ 782.682975][T17467] ? fs_reclaim_acquire+0xae/0x150 [ 782.683031][T17467] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 782.683083][T17467] should_failslab+0xc2/0x120 [ 782.683129][T17467] __kmalloc_noprof+0xd2/0x510 [ 782.683180][T17467] tomoyo_realpath_from_path+0xc2/0x6e0 [ 782.683237][T17467] ? tomoyo_profile+0x47/0x60 [ 782.683274][T17467] tomoyo_path_number_perm+0x245/0x580 [ 782.683316][T17467] ? tomoyo_path_number_perm+0x237/0x580 [ 782.683365][T17467] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 782.683407][T17467] ? futex_wake+0x1ad/0x530 [ 782.683499][T17467] ? find_held_lock+0x2b/0x80 [ 782.683533][T17467] ? hook_file_ioctl_common+0x145/0x410 [ 782.683590][T17467] ? __fget_files+0x20e/0x3c0 [ 782.683635][T17467] security_file_ioctl+0x9b/0x240 [ 782.683691][T17467] __x64_sys_ioctl+0xb7/0x210 [ 782.683750][T17467] do_syscall_64+0xcd/0x490 [ 782.683808][T17467] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 782.683844][T17467] RIP: 0033:0x7f707018ebe9 [ 782.683870][T17467] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 782.683905][T17467] RSP: 002b:00007f707102e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 782.683936][T17467] RAX: ffffffffffffffda RBX: 00007f70703c6180 RCX: 00007f707018ebe9 [ 782.683959][T17467] RDX: 0000000000000073 RSI: 00000000400454d0 RDI: 00000000000000c8 [ 782.683978][T17467] RBP: 00007f7070211e19 R08: 0000000000000000 R09: 0000000000000000 [ 782.683998][T17467] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 782.684018][T17467] R13: 00007f70703c6218 R14: 00007f70703c6180 R15: 00007fffbb9d7088 [ 782.684061][T17467] [ 782.684085][T17467] ERROR: Out of memory at tomoyo_realpath_from_path. [ 783.553471][T17493] random: crng reseeded on system resumption [ 783.968403][T17508] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2882'. [ 784.530088][T17498] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 784.536727][T17498] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 784.552639][T17498] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 784.570194][T17498] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 785.196800][T17538] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2890'. [ 785.463712][T17538] netlink: 56 bytes leftover after parsing attributes in process `syz.2.2890'. [ 785.809970][T13554] Bluetooth: hci4: command 0x0c1a tx timeout [ 786.069175][T17549] random: crng reseeded on system resumption [ 786.606755][T13554] Bluetooth: hci1: command 0x041b tx timeout [ 786.606996][ T5885] Bluetooth: hci3: command 0x041b tx timeout [ 786.612854][T13554] Bluetooth: hci0: command 0x0419 tx timeout [ 786.754750][T17563] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2895'. [ 788.398651][T17596] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2901'. [ 788.446469][T17596] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2901'. [ 789.446465][T17614] netlink: 'syz.3.2905': attribute type 1 has an invalid length. [ 789.454513][T17614] nbd: error processing sock list [ 789.678734][T17620] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2907'. [ 789.712176][T17620] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 789.776840][T17620] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 790.532206][T17639] random: crng reseeded on system resumption [ 790.722547][T17642] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2913'. [ 791.223816][T17653] random: crng reseeded on system resumption [ 792.165467][T17672] netlink: 56 bytes leftover after parsing attributes in process `syz.3.2921'. [ 793.374755][T17692] FAULT_INJECTION: forcing a failure. [ 793.374755][T17692] name failslab, interval 1, probability 0, space 0, times 0 [ 793.404303][T17692] CPU: 1 UID: 0 PID: 17692 Comm: syz.0.2927 Not tainted syzkaller #0 PREEMPT(full) [ 793.404336][T17692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 793.404351][T17692] Call Trace: [ 793.404359][T17692] [ 793.404367][T17692] dump_stack_lvl+0x16c/0x1f0 [ 793.404409][T17692] should_fail_ex+0x512/0x640 [ 793.404447][T17692] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 793.404476][T17692] should_failslab+0xc2/0x120 [ 793.404508][T17692] __kmalloc_cache_noprof+0x6a/0x3e0 [ 793.404556][T17692] ? sctp_auth_shkey_create+0x9e/0x210 [ 793.404602][T17692] sctp_auth_shkey_create+0x9e/0x210 [ 793.404639][T17692] sctp_endpoint_new+0x562/0xcd0 [ 793.404680][T17692] sctp_init_sock+0xe2d/0x1330 [ 793.404713][T17692] ? __pfx_sctp_init_sock+0x10/0x10 [ 793.404745][T17692] inet_create+0x936/0x1040 [ 793.404775][T17692] ? inet_create+0x93/0x1040 [ 793.404815][T17692] __sock_create+0x335/0x8d0 [ 793.404859][T17692] __sys_socket+0x14d/0x260 [ 793.404888][T17692] ? __pfx___sys_socket+0x10/0x10 [ 793.404917][T17692] ? xfd_validate_state+0x61/0x180 [ 793.404953][T17692] ? __pfx_do_writev+0x10/0x10 [ 793.404985][T17692] __x64_sys_socket+0x72/0xb0 [ 793.405012][T17692] ? lockdep_hardirqs_on+0x7c/0x110 [ 793.405047][T17692] do_syscall_64+0xcd/0x490 [ 793.405086][T17692] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 793.405110][T17692] RIP: 0033:0x7f5f3e38ebe9 [ 793.405128][T17692] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 793.405152][T17692] RSP: 002b:00007f5f3f131038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 793.405175][T17692] RAX: ffffffffffffffda RBX: 00007f5f3e5c6180 RCX: 00007f5f3e38ebe9 [ 793.405192][T17692] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000002 [ 793.405206][T17692] RBP: 00007f5f3e411e19 R08: 0000000000000000 R09: 0000000000000000 [ 793.405221][T17692] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 793.405235][T17692] R13: 00007f5f3e5c6218 R14: 00007f5f3e5c6180 R15: 00007ffde5eff1e8 [ 793.405265][T17692] [ 793.614844][ C1] vkms_vblank_simulate: vblank timer overrun [ 793.915849][T17704] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2930'. [ 795.499354][T17747] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2938'. [ 795.643231][T17748] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 796.504561][T17761] netlink: 'syz.0.2940': attribute type 16 has an invalid length. [ 796.512442][T17761] netlink: 'syz.0.2940': attribute type 17 has an invalid length. [ 796.535670][T17767] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2942'. [ 796.563013][T17761] netlink: 'syz.0.2940': attribute type 19 has an invalid length. [ 796.583369][T17761] netlink: 'syz.0.2940': attribute type 27 has an invalid length. [ 796.601851][T17761] netlink: 'syz.0.2940': attribute type 28 has an invalid length. [ 796.622563][T17761] netlink: 'syz.0.2940': attribute type 29 has an invalid length. [ 796.642558][T17761] netlink: 'syz.0.2940': attribute type 30 has an invalid length. [ 796.646615][T17773] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2943'. [ 796.693392][T17761] netlink: 'syz.0.2940': attribute type 31 has an invalid length. [ 796.696983][T17763] mkiss: ax0: crc mode is auto. [ 796.701419][T17761] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2940'. [ 800.077868][T17851] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2961'. [ 800.108808][T17851] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 800.183358][T17853] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2962'. [ 800.412306][T17851] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 800.653537][T17853] mac80211_hwsim hwsim122 wlan1: entered allmulticast mode [ 804.217631][T17922] netlink: 56 bytes leftover after parsing attributes in process `syz.1.2978'. [ 806.186679][T17957] blktrace: Concurrent blktraces are not allowed on ram7 [ 807.059966][T17969] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2992'. [ 807.260732][T17973] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2994'. [ 808.882002][T17987] busy [ 809.028243][T17995] random: crng reseeded on system resumption [ 809.783298][T18029] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3005'. [ 809.822294][T18025] __vm_enough_memory: pid: 18025, comm: syz.2.3004, bytes: 4398046511104 not enough memory for the allocation [ 809.972476][T18036] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3007'. [ 811.756514][T18061] mkiss: ax0: crc mode is auto. [ 814.201279][T18137] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 814.223941][T18137] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 814.874613][T18149] FAULT_INJECTION: forcing a failure. [ 814.874613][T18149] name failslab, interval 1, probability 0, space 0, times 0 [ 814.923572][T18149] CPU: 0 UID: 0 PID: 18149 Comm: syz.1.3026 Not tainted syzkaller #0 PREEMPT(full) [ 814.923630][T18149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 814.923650][T18149] Call Trace: [ 814.923670][T18149] [ 814.923682][T18149] dump_stack_lvl+0x16c/0x1f0 [ 814.923740][T18149] should_fail_ex+0x512/0x640 [ 814.923792][T18149] ? __kmalloc_node_track_caller_noprof+0xc3/0x510 [ 814.923843][T18149] should_failslab+0xc2/0x120 [ 814.923899][T18149] __kmalloc_node_track_caller_noprof+0xd6/0x510 [ 814.923955][T18149] ? cache_create_net+0x2b/0x220 [ 814.924019][T18149] ? __pfx_nfsd_net_init+0x10/0x10 [ 814.924058][T18149] kmemdup_noprof+0x29/0x60 [ 814.924100][T18149] cache_create_net+0x2b/0x220 [ 814.924145][T18149] ? __pfx_nfsd_net_init+0x10/0x10 [ 814.924183][T18149] nfsd_export_init+0x62/0x250 [ 814.924220][T18149] ? __pfx_nfsd_net_init+0x10/0x10 [ 814.924256][T18149] nfsd_net_init+0x33/0x3d0 [ 814.924294][T18149] ? __pfx_nfsd_net_init+0x10/0x10 [ 814.924330][T18149] ops_init+0x1df/0x5f0 [ 814.924389][T18149] setup_net+0x10f/0x380 [ 814.924415][T18149] ? lockdep_init_map_type+0x5c/0x280 [ 814.924463][T18149] ? __pfx_setup_net+0x10/0x10 [ 814.924495][T18149] ? debug_mutex_init+0x37/0x70 [ 814.924532][T18149] copy_net_ns+0x2a6/0x5f0 [ 814.924576][T18149] create_new_namespaces+0x3ea/0xa90 [ 814.924624][T18149] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 814.924674][T18149] ksys_unshare+0x45b/0xa40 [ 814.924722][T18149] ? __pfx_ksys_unshare+0x10/0x10 [ 814.924767][T18149] ? xfd_validate_state+0x61/0x180 [ 814.924816][T18149] __x64_sys_unshare+0x31/0x40 [ 814.924847][T18149] do_syscall_64+0xcd/0x490 [ 814.924886][T18149] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 814.924909][T18149] RIP: 0033:0x7f707018ebe9 [ 814.924926][T18149] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 814.924949][T18149] RSP: 002b:00007f7071070038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 814.924971][T18149] RAX: ffffffffffffffda RBX: 00007f70703c5fa0 RCX: 00007f707018ebe9 [ 814.924986][T18149] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 814.925000][T18149] RBP: 00007f7070211e19 R08: 0000000000000000 R09: 0000000000000000 [ 814.925014][T18149] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 814.925027][T18149] R13: 00007f70703c6038 R14: 00007f70703c5fa0 R15: 00007fffbb9d7088 [ 814.925056][T18149] [ 815.786124][T18164] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3029'. [ 816.834539][T18186] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3034'. [ 816.930145][T18179] could not allocate digest TFM handle [ 817.630902][T18196] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3036'. [ 817.663540][T18196] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3036'. [ 817.746565][T18188] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3041'. [ 818.057525][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 818.063992][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 818.179796][T18203] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3038'. [ 818.384269][T18182] kexec: Could not allocate control_code_buffer [ 818.777633][T18217] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3043'. [ 818.970955][T18223] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3045'. [ 819.163217][T18229] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3046'. [ 819.198519][T18229] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3046'. [ 819.470445][T18235] vhci_hcd: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 821.708562][T18283] __nla_validate_parse: 1 callbacks suppressed [ 821.708588][T18283] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3057'. [ 821.813130][T18286] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3057'. [ 821.857367][T18280] ICMPv6: process `syz.1.3055' is using deprecated sysctl (syscall) net.ipv6.neigh.ipvlan1.retrans_time - use net.ipv6.neigh.ipvlan1.retrans_time_ms instead [ 822.121591][T18298] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 823.400994][T18326] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3067'. [ 824.149856][T18344] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3069'. [ 824.189830][T18344] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3069'. [ 824.449749][T18336] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3070'. [ 824.548943][T18336] bridge_slave_1: left allmulticast mode [ 824.558276][T18336] bridge_slave_1: left promiscuous mode [ 824.566526][T18336] bridge0: port 2(bridge_slave_1) entered disabled state [ 824.584120][T18336] bridge_slave_0: left allmulticast mode [ 824.592240][T18336] bridge_slave_0: left promiscuous mode [ 824.602568][T18336] bridge0: port 1(bridge_slave_0) entered disabled state [ 825.695304][T18367] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3077'. [ 825.855247][T18372] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 826.458213][T18381] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3081'. [ 826.517806][T18381] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3081'. [ 826.722602][T18390] random: crng reseeded on system resumption [ 827.025976][T18385] nfs: Unknown parameter 'À' [ 827.477677][T18400] netlink: get zone limit has 8 unknown bytes [ 827.506144][T18400] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 828.096994][T18409] busy [ 828.344078][T18428] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3094'. [ 828.405271][T18428] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3094'. [ 828.730804][T18433] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3096'. [ 828.809683][T18433] veth0_macvtap: left promiscuous mode [ 830.763272][T18470] busy [ 834.038650][T18541] random: crng reseeded on system resumption [ 834.638354][T18555] netlink: 334 bytes leftover after parsing attributes in process `syz.0.3126'. [ 834.694094][T18555] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3126'. [ 835.358603][T18566] busy [ 835.683050][T18577] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3133'. [ 835.715322][T18577] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3133'. [ 835.944960][T18575] zswap: compressor not available [ 836.242436][T18602] random: crng reseeded on system resumption [ 837.001225][T18618] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3140'. [ 837.893044][T18636] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 838.187232][T18643] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3149'. [ 838.345453][T18649] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3152'. [ 839.133563][T18668] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3156'. [ 840.264226][T18684] busy [ 841.015377][T18712] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3169'. [ 841.993329][T18718] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 842.020433][T18718] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 842.040802][T18718] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 842.056887][T18718] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 842.214796][T18733] busy [ 843.060714][T18756] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3183'. [ 843.190637][T18758] random: crng reseeded on system resumption [ 843.350723][ T5885] Bluetooth: hci4: command 0x0c1a tx timeout [ 844.067187][ T5885] Bluetooth: hci1: command 0x041b tx timeout [ 844.073341][ T5885] Bluetooth: hci3: command 0x041b tx timeout [ 844.079500][ T5885] Bluetooth: hci0: command 0x0419 tx timeout [ 845.849188][T18826] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3198'. [ 845.871136][T18826] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 845.963004][T18826] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 845.991373][T18836] blktrace: Concurrent blktraces are not allowed on ram7 [ 847.676527][T18880] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3209'. [ 847.723033][T18880] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3209'. [ 847.990446][T18894] usb usb3: usbfs: process 18894 (syz.3.3213) did not claim interface 0 before use [ 848.220472][T18894] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 848.431975][T18904] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3214'. [ 849.025620][T18916] busy [ 849.208133][T18921] nbd: must specify at least one socket [ 849.269344][T18923] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3221'. [ 849.286255][T18923] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3221'. [ 849.393732][T18927] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3223'. [ 849.741122][T18932] random: crng reseeded on system resumption [ 850.411734][T18948] __vm_enough_memory: pid: 18948, comm: syz.0.3227, bytes: 4398046511104 not enough memory for the allocation [ 850.836766][T18956] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3230'. [ 850.886059][T18959] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3229'. [ 850.889035][T18950] mkiss: ax0: crc mode is auto. [ 851.019532][T18960] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 853.492413][T19010] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3242'. [ 853.505726][T19010] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3242'. [ 853.544584][T18992] ima: policy update failed [ 853.563845][ T30] audit: type=1802 audit(4294967306.418:32): pid=18992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.3238" res=0 errno=0 [ 853.892257][T19017] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3246'. [ 853.928155][T19017] geneve1: entered promiscuous mode [ 853.933469][T19017] geneve1: entered allmulticast mode [ 853.951089][T19019] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3244'. [ 853.962020][T19019] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 854.004744][T19019] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 855.311679][T19041] busy [ 855.407143][T19056] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3255'. [ 855.420676][T19041] mkiss: ax0: crc mode is auto. [ 856.514852][T19082] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3262'. [ 858.124148][T19118] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3272'. [ 858.279094][T19124] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3272'. [ 859.091976][T19136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3276'. [ 859.320622][T19140] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3278'. [ 859.417366][T19142] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 859.566829][T19144] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3279'. [ 860.353348][T19152] Invalid ELF header magic: != ELF [ 861.301997][T19173] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3288'. [ 864.104340][T19233] random: crng reseeded on system resumption [ 865.541896][T19253] busy [ 865.590662][T19244] HfR: entered promiscuous mode [ 866.694159][T19284] random: crng reseeded on system resumption [ 867.969758][T19305] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3322'. [ 867.999007][T19305] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3322'. [ 868.069106][T19304] FAULT_INJECTION: forcing a failure. [ 868.069106][T19304] name failslab, interval 1, probability 0, space 0, times 0 [ 868.082450][T19304] CPU: 1 UID: 0 PID: 19304 Comm: syz.1.3324 Not tainted syzkaller #0 PREEMPT(full) [ 868.082492][T19304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 868.082513][T19304] Call Trace: [ 868.082524][T19304] [ 868.082537][T19304] dump_stack_lvl+0x16c/0x1f0 [ 868.082593][T19304] should_fail_ex+0x512/0x640 [ 868.082645][T19304] ? __kmalloc_cache_noprof+0x57/0x3e0 [ 868.082686][T19304] should_failslab+0xc2/0x120 [ 868.082732][T19304] __kmalloc_cache_noprof+0x6a/0x3e0 [ 868.082769][T19304] ? vhost_worker_create+0xf7/0x310 [ 868.082827][T19304] vhost_worker_create+0xf7/0x310 [ 868.082875][T19304] ? rcu_is_watching+0x12/0xc0 [ 868.082911][T19304] ? __pfx_vhost_worker_create+0x10/0x10 [ 868.082960][T19304] ? __kmalloc_noprof+0x242/0x510 [ 868.083010][T19304] vhost_dev_set_owner+0x742/0xa50 [ 868.083064][T19304] vhost_dev_ioctl+0x2eb/0xe20 [ 868.083101][T19304] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 868.083159][T19304] ? __pfx_vhost_dev_ioctl+0x10/0x10 [ 868.083226][T19304] vhost_vsock_dev_ioctl+0x3a5/0xb30 [ 868.083261][T19304] ? hook_file_ioctl_common+0x145/0x410 [ 868.083310][T19304] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 868.083365][T19304] ? __fget_files+0x20e/0x3c0 [ 868.083422][T19304] ? __pfx_vhost_vsock_dev_ioctl+0x10/0x10 [ 868.083458][T19304] __x64_sys_ioctl+0x18e/0x210 [ 868.083510][T19304] do_syscall_64+0xcd/0x490 [ 868.083561][T19304] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 868.083593][T19304] RIP: 0033:0x7f707018ebe9 [ 868.083616][T19304] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 868.083647][T19304] RSP: 002b:00007f7071070038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 868.083675][T19304] RAX: ffffffffffffffda RBX: 00007f70703c5fa0 RCX: 00007f707018ebe9 [ 868.083694][T19304] RDX: 0000000000000000 RSI: 000000000000af01 RDI: 0000000000000006 [ 868.083713][T19304] RBP: 00007f7070211e19 R08: 0000000000000000 R09: 0000000000000000 [ 868.083731][T19304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 868.083750][T19304] R13: 00007f70703c6038 R14: 00007f70703c5fa0 R15: 00007fffbb9d7088 [ 868.083790][T19304] [ 868.886224][T19319] random: crng reseeded on system resumption [ 869.079205][T19308] mkiss: ax0: crc mode is auto. [ 869.395451][T19325] zswap: compressor not available [ 871.818871][T19374] mkiss: ax0: crc mode is auto. [ 871.822505][T19384] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3343'. [ 873.436807][T19409] Format for linking two devices is "netnsfd_a:ifidx_a netnsfd_b:ifidx_b" (int uint int uint). [ 873.510046][ T30] audit: type=1800 audit(4294967326.472:33): pid=19409 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3348" name="members" dev="configfs" ino=74555 res=0 errno=0 [ 873.888536][T19240] ima: policy update failed [ 873.902885][ T30] audit: type=1802 audit(4294967326.874:34): pid=19240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.0.3304" res=0 errno=0 [ 875.221292][T19448] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3355'. [ 875.255814][T19449] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3356'. [ 875.337441][T19451] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3355'. [ 876.545798][T19478] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3361'. [ 877.155450][T19475] serio: Serial port pty6 [ 877.710886][T19494] syz.1.3363(19494): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 878.200965][T19511] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3368'. [ 878.369521][T19515] Invalid ELF header magic: != ELF [ 879.180516][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 879.187013][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 879.471006][T19533] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3371'. [ 879.515757][T19533] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3371'. [ 880.223529][T19534] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 880.230152][T19534] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 880.236374][T19534] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 880.247870][T19534] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 880.337992][T19540] random: crng reseeded on system resumption [ 880.958836][T19567] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3379'. [ 881.196678][T19572] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3380'. [ 881.711304][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 881.741460][T19563] random: crng reseeded on system resumption [ 882.088780][T19586] blktrace: Concurrent blktraces are not allowed on ram7 [ 882.268490][ T51] Bluetooth: hci1: command 0x041b tx timeout [ 882.274720][ T51] Bluetooth: hci3: command 0x041b tx timeout [ 882.280970][ T5885] Bluetooth: hci0: command 0x0419 tx timeout [ 882.651728][T19610] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3389'. [ 883.552743][T19630] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 883.910645][T19648] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3402'. [ 884.682140][T19661] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3403'. [ 885.027857][T19664] random: crng reseeded on system resumption [ 886.066341][T19691] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3411'. [ 886.100827][T19687] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3410'. [ 886.616866][T19709] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3416'. [ 887.069390][T19717] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3421'. [ 887.307095][T19728] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3422'. [ 887.547993][T19730] FAULT_INJECTION: forcing a failure. [ 887.547993][T19730] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 887.619388][T19730] CPU: 0 UID: 0 PID: 19730 Comm: syz.1.3421 Not tainted syzkaller #0 PREEMPT(full) [ 887.619433][T19730] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 887.619454][T19730] Call Trace: [ 887.619465][T19730] [ 887.619477][T19730] dump_stack_lvl+0x16c/0x1f0 [ 887.619533][T19730] should_fail_ex+0x512/0x640 [ 887.619592][T19730] should_fail_alloc_page+0xe7/0x130 [ 887.619640][T19730] prepare_alloc_pages+0x3c2/0x610 [ 887.619698][T19730] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 887.619754][T19730] ? __lock_acquire+0x62e/0x1ce0 [ 887.619804][T19730] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 887.619846][T19730] ? css_rstat_updated+0x1c2/0x510 [ 887.619897][T19730] ? filemap_get_entry+0x1a7/0x3b0 [ 887.619946][T19730] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 887.619999][T19730] ? policy_nodemask+0xea/0x4e0 [ 887.620047][T19730] alloc_pages_mpol+0x1fb/0x550 [ 887.620093][T19730] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 887.620136][T19730] ? _raw_spin_unlock+0x28/0x50 [ 887.620177][T19730] ? swap_entry_swapped+0x122/0x190 [ 887.620221][T19730] ? __pfx_swap_entry_swapped+0x10/0x10 [ 887.620269][T19730] folio_alloc_mpol_noprof+0x36/0x2f0 [ 887.620331][T19730] __read_swap_cache_async+0x3b6/0x5a0 [ 887.620371][T19730] ? __pfx___read_swap_cache_async+0x10/0x10 [ 887.620417][T19730] ? swp_swap_info+0x10/0x130 [ 887.620460][T19730] ? __pfx_swp_swap_info+0x10/0x10 [ 887.620508][T19730] ? is_bpf_text_address+0x8a/0x1a0 [ 887.620555][T19730] swap_cluster_readahead+0x3eb/0x710 [ 887.620600][T19730] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 887.620662][T19730] ? get_vma_policy+0x242/0x3c0 [ 887.620712][T19730] swapin_readahead+0x13a/0xd60 [ 887.620759][T19730] ? __pfx_swapin_readahead+0x10/0x10 [ 887.620791][T19730] ? __filemap_get_folio+0x32b/0xc30 [ 887.620844][T19730] ? swap_cache_get_folio+0x1df/0x450 [ 887.620880][T19730] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 887.620911][T19730] ? __pfx_get_swap_device+0x10/0x10 [ 887.620953][T19730] ? do_swap_page+0x12e/0x6600 [ 887.621007][T19730] do_swap_page+0x5c7/0x6600 [ 887.621058][T19730] ? __lock_acquire+0x62e/0x1ce0 [ 887.621114][T19730] ? __pfx_do_swap_page+0x10/0x10 [ 887.621166][T19730] ? __pfx_default_wake_function+0x10/0x10 [ 887.621208][T19730] ? rcu_is_watching+0x12/0xc0 [ 887.621240][T19730] ? ___pte_offset_map+0x2ad/0x4f0 [ 887.621293][T19730] __handle_mm_fault+0x1719/0x2a50 [ 887.621342][T19730] ? mt_find+0x3ef/0xa30 [ 887.621376][T19730] ? __pfx___handle_mm_fault+0x10/0x10 [ 887.621407][T19730] ? __pfx_mt_find+0x10/0x10 [ 887.621461][T19730] ? find_vma+0xbf/0x140 [ 887.621504][T19730] ? __pfx_find_vma+0x10/0x10 [ 887.621551][T19730] handle_mm_fault+0x589/0xd10 [ 887.621589][T19730] ? trace_raw_output_exceptions+0x131/0x150 [ 887.621645][T19730] do_user_addr_fault+0x7a6/0x1370 [ 887.621703][T19730] ? rcu_is_watching+0x12/0xc0 [ 887.621742][T19730] exc_page_fault+0x5c/0xb0 [ 887.621791][T19730] asm_exc_page_fault+0x26/0x30 [ 887.621822][T19730] RIP: 0010:check_zeroed_user+0x90/0x1c0 [ 887.621859][T19730] Code: 00 00 00 e8 02 29 da fc 48 89 de 4c 89 ef e8 a7 23 da fc 4d 85 ff 0f 85 a5 00 00 00 e8 e9 28 da fc 0f 01 cb 0f ae e8 45 31 e4 <49> 8b 45 00 31 ff 44 89 e6 48 89 c3 e8 0f 24 da fc 45 85 e4 75 79 [ 887.621894][T19730] RSP: 0018:ffffc9000c3f7c00 EFLAGS: 00050246 [ 887.621919][T19730] RAX: 000000000000000a RBX: 00000000000006f4 RCX: ffffc9000db51000 [ 887.621938][T19730] RDX: 0000000000080000 RSI: ffffffff84e0e207 RDI: 0000000000000006 [ 887.621958][T19730] RBP: 0000000000000000 R08: 0000000000000006 R09: 0000000000000098 [ 887.621976][T19730] R10: 00000000000006f4 R11: 0000000000000000 R12: 0000000000000000 [ 887.622001][T19730] R13: 0000000000000098 R14: 000000000000065c R15: 0000000000000000 [ 887.622035][T19730] ? check_zeroed_user+0x87/0x1c0 [ 887.622081][T19730] bpf_check_uarg_tail_zero+0x16e/0x1b0 [ 887.622126][T19730] ? __pfx_bpf_check_uarg_tail_zero+0x10/0x10 [ 887.622169][T19730] ? futex_private_hash_put+0x18a/0x300 [ 887.622239][T19730] __sys_bpf+0x140/0x4de0 [ 887.622296][T19730] ? __pfx___sys_bpf+0x10/0x10 [ 887.622358][T19730] ? ksys_write+0x190/0x250 [ 887.622407][T19730] ? do_futex+0x122/0x350 [ 887.622452][T19730] ? __pfx_do_futex+0x10/0x10 [ 887.622512][T19730] ? fput+0x9b/0xd0 [ 887.622561][T19730] ? xfd_validate_state+0x61/0x180 [ 887.622610][T19730] ? __pfx_ksys_write+0x10/0x10 [ 887.622658][T19730] __x64_sys_bpf+0x78/0xc0 [ 887.622712][T19730] ? lockdep_hardirqs_on+0x7c/0x110 [ 887.622763][T19730] do_syscall_64+0xcd/0x490 [ 887.622818][T19730] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 887.622853][T19730] RIP: 0033:0x7f707018ebe9 [ 887.622880][T19730] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 887.622913][T19730] RSP: 002b:00007f707102e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 887.622945][T19730] RAX: ffffffffffffffda RBX: 00007f70703c6180 RCX: 00007f707018ebe9 [ 887.622968][T19730] RDX: 00000000000006f4 RSI: 0000000000000000 RDI: 0000000000000000 [ 887.622988][T19730] RBP: 00007f7070211e19 R08: 0000000000000000 R09: 0000000000000000 [ 887.623008][T19730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 887.623028][T19730] R13: 00007f70703c6218 R14: 00007f70703c6180 R15: 00007fffbb9d7088 [ 887.623072][T19730] [ 888.289543][T19598] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 888.331823][T19728] hsr_slave_0 (unregistering): left promiscuous mode [ 889.268194][T19752] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3427'. [ 889.446055][T19755] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3426'. [ 889.481858][T19755] nbd: must specify at least one socket [ 889.760629][T19747] ima: policy update failed [ 889.775609][ T30] audit: type=1802 audit(4294967342.817:35): pid=19747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.3426" res=0 errno=0 [ 890.112851][T19768] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3430'. [ 890.306539][T19598] Bluetooth: hci0: command 0x0419 tx timeout [ 890.471153][T19773] netlink: 'syz.0.3432': attribute type 11 has an invalid length. [ 890.731016][T19781] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3434'. [ 891.582098][T19796] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3438'. [ 891.827088][T19805] __vm_enough_memory: pid: 19805, comm: syz.0.3441, bytes: 4398046511104 not enough memory for the allocation [ 891.856538][T19806] program syz.3.3442 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 892.290156][T19817] Invalid ELF header magic: != ELF [ 892.615990][T19822] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3445'. [ 892.723835][T19827] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3446'. [ 892.988671][T19828] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 893.530510][T19834] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3448'. [ 893.672711][T19834] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 894.599308][T19850] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3452'. [ 895.823124][T19868] mkiss: ax0: crc mode is auto. [ 895.921186][T19880] 0x000200000001-0xa29656a63616329 : "" [ 895.927794][T19880] mtd: partition "" is out of reach -- disabled [ 895.948332][T19880] ftl_cs: FTL header not found. [ 896.490122][T19892] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3459'. [ 896.883570][T19896] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 896.891247][T19896] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 896.901835][T19896] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 896.951748][T19896] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 897.075442][T19896] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 898.518556][T19923] mkiss: ax0: crc mode is auto. [ 898.901906][T19598] Bluetooth: hci4: command 0x0c1a tx timeout [ 898.912734][T19598] Bluetooth: hci0: command 0x0419 tx timeout [ 898.981741][T19598] Bluetooth: hci3: command 0x041b tx timeout [ 899.090387][T19940] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3472'. [ 899.150937][T19598] Bluetooth: hci1: command 0x041b tx timeout [ 900.094958][T19958] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3477'. [ 900.424916][T19957] mkiss: ax0: crc mode is auto. [ 900.971206][T19598] Bluetooth: hci0: command 0x0419 tx timeout [ 901.553471][T19991] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3486'. [ 901.622095][T19993] random: crng reseeded on system resumption [ 902.734339][T20008] mkiss: ax0: crc mode is auto. [ 902.800061][T20016] random: crng reseeded on system resumption [ 902.807827][T20015] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3494'. [ 902.819205][T20015] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3494'. [ 903.281605][T20027] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3499'. [ 904.061403][T20048] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3502'. [ 905.824116][T20067] netlink: 5 bytes leftover after parsing attributes in process `syz.2.3507'. [ 905.856841][T20063] busy [ 906.788744][T20096] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3514'. [ 907.507077][T20123] random: crng reseeded on system resumption [ 908.375110][T20145] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3525'. [ 909.198183][T20148] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 909.204623][T20148] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 909.211184][T20148] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 909.221348][T20148] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 909.523653][T20163] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 909.540192][ T30] audit: type=1800 audit(4294967362.689:36): pid=20163 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3530" name="discovery_nqn" dev="configfs" ino=79535 res=0 errno=0 [ 909.601648][T20166] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3529'. [ 910.601026][T19598] Bluetooth: hci4: command 0x0c1a tx timeout [ 910.874922][T20196] serio: Serial port pty6 [ 911.239843][T13554] Bluetooth: hci3: command 0x041b tx timeout [ 911.239856][ T5885] Bluetooth: hci0: command 0x0419 tx timeout [ 911.252242][T19598] Bluetooth: hci1: command 0x041b tx timeout [ 911.439381][T20217] netlink: 146 bytes leftover after parsing attributes in process `syz.3.3539'. [ 911.585362][T20219] random: crng reseeded on system resumption [ 912.183563][T20240] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3544'. [ 913.180371][T20267] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3547'. [ 913.233053][T20267] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3547'. [ 915.646447][T20313] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3555'. [ 915.811277][T20314] FAULT_INJECTION: forcing a failure. [ 915.811277][T20314] name failslab, interval 1, probability 0, space 0, times 0 [ 915.817149][T20317] netlink: 342 bytes leftover after parsing attributes in process `syz.2.3557'. [ 915.834014][T20314] CPU: 0 UID: 0 PID: 20314 Comm: syz.1.3556 Not tainted syzkaller #0 PREEMPT(full) [ 915.834055][T20314] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 915.834074][T20314] Call Trace: [ 915.834085][T20314] [ 915.834096][T20314] dump_stack_lvl+0x16c/0x1f0 [ 915.834148][T20314] should_fail_ex+0x512/0x640 [ 915.834197][T20314] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 915.834238][T20314] should_failslab+0xc2/0x120 [ 915.834279][T20314] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 915.834335][T20314] ? vma_merge_new_range+0x3ae/0xa50 [ 915.834369][T20314] ? vm_area_alloc+0x1f/0x160 [ 915.834408][T20314] vm_area_alloc+0x1f/0x160 [ 915.834441][T20314] __mmap_region+0xf90/0x27b0 [ 915.834482][T20314] ? lock_acquire+0x179/0x350 [ 915.834525][T20314] ? __pfx___mmap_region+0x10/0x10 [ 915.834575][T20314] ? lockdep_hardirqs_on+0x7c/0x110 [ 915.834623][T20314] ? finish_task_switch.isra.0+0x221/0xc10 [ 915.834657][T20314] ? rcu_is_watching+0x12/0xc0 [ 915.834689][T20314] ? trace_sched_exit_tp+0xd1/0x120 [ 915.834741][T20314] ? __schedule+0x11a3/0x5de0 [ 915.834861][T20314] ? trace_cap_capable+0x18d/0x200 [ 915.834912][T20314] mmap_region+0x1ab/0x3f0 [ 915.834951][T20314] ? __get_unmapped_area+0x267/0x440 [ 915.835005][T20314] do_mmap+0xa3e/0x1210 [ 915.835074][T20314] ? __pfx_do_mmap+0x10/0x10 [ 915.835120][T20314] ? __pfx_down_write_killable+0x10/0x10 [ 915.835159][T20314] vm_mmap_pgoff+0x29e/0x470 [ 915.835211][T20314] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 915.835265][T20314] ? __x64_sys_futex+0x1e0/0x4c0 [ 915.835303][T20314] ? __x64_sys_futex+0x1e9/0x4c0 [ 915.835349][T20314] ksys_mmap_pgoff+0x7d/0x5c0 [ 915.835390][T20314] ? xfd_validate_state+0x61/0x180 [ 915.835435][T20314] ? __pfx_ksys_write+0x10/0x10 [ 915.835476][T20314] __x64_sys_mmap+0x125/0x190 [ 915.835529][T20314] do_syscall_64+0xcd/0x490 [ 915.835580][T20314] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 915.835608][T20314] RIP: 0033:0x7f707018ebe9 [ 915.835633][T20314] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 915.835663][T20314] RSP: 002b:00007f707104f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 915.835692][T20314] RAX: ffffffffffffffda RBX: 00007f70703c6090 RCX: 00007f707018ebe9 [ 915.835712][T20314] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 915.835727][T20314] RBP: 00007f7070211e19 R08: fffffffffffffffa R09: 0000000000008000 [ 915.835743][T20314] R10: 00000000000000f8 R11: 0000000000000246 R12: 0000000000000000 [ 915.835758][T20314] R13: 00007f70703c6128 R14: 00007f70703c6090 R15: 00007fffbb9d7088 [ 915.835790][T20314] [ 916.144889][T20317] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3557'. [ 918.369158][T20346] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 919.094125][T20351] HfR: entered promiscuous mode [ 919.250039][T20352] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3563'. [ 919.416412][T20371] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3572'. [ 919.870389][T12727] HfR: left promiscuous mode [ 920.132236][T20381] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3575'. [ 920.467781][T20392] random: crng reseeded on system resumption [ 921.278518][T20406] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3582'. [ 921.367070][T20406] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3582'. [ 921.826545][T20415] program syz.3.3584 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 922.907962][T20419] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 922.914757][T20419] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 922.921775][T20419] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 922.935042][T20419] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 922.967436][T20427] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_rx_wq": -EINTR [ 923.611885][T20454] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3589'. [ 924.130770][T13554] Bluetooth: hci4: command 0x0c1a tx timeout [ 924.641412][T20475] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3594'. [ 924.688226][T20475] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3594'. [ 924.934978][T13554] Bluetooth: hci0: command 0x0419 tx timeout [ 925.045350][T13554] Bluetooth: hci1: command 0x041b tx timeout [ 925.051510][T19598] Bluetooth: hci3: command 0x041b tx timeout [ 925.255090][T20486] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3596'. [ 926.675135][T20520] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3603'. [ 926.890103][T20507] HfR: entered promiscuous mode [ 926.974215][T20528] netlink: 334 bytes leftover after parsing attributes in process `syz.3.3605'. [ 927.005176][T20528] netlink: 56 bytes leftover after parsing attributes in process `syz.3.3605'. [ 927.092485][T20516] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3602'. [ 927.274894][T20516] HfR: left promiscuous mode [ 927.556472][T20541] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3615'. [ 928.209234][T20555] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3617'. [ 928.248748][T20554] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3609'. [ 929.758713][T20583] HfR: entered promiscuous mode [ 929.910388][T20584] __nla_validate_parse: 1 callbacks suppressed [ 929.910406][T20584] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3618'. [ 930.246964][T20596] ima: policy update failed [ 930.269757][ T30] audit: type=1802 audit(1033.760:37): pid=20596 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.3620" res=0 errno=0 [ 930.556107][ T68] HfR: left promiscuous mode [ 930.565274][T20603] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3630'. [ 930.680903][T20608] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 930.747933][T20609] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3622'. [ 931.388833][T20619] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3624'. [ 931.440907][T20621] __vm_enough_memory: pid: 20621, comm: syz.1.3626, bytes: 4398046511104 not enough memory for the allocation [ 931.933858][T20636] random: crng reseeded on system resumption [ 932.926780][T20656] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3644'. [ 933.602486][T20665] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3637'. [ 933.866236][T20668] FAULT_INJECTION: forcing a failure. [ 933.866236][T20668] name failslab, interval 1, probability 0, space 0, times 0 [ 933.879375][T20668] CPU: 0 UID: 0 PID: 20668 Comm: syz.1.3637 Not tainted syzkaller #0 PREEMPT(full) [ 933.879420][T20668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 933.879436][T20668] Call Trace: [ 933.879445][T20668] [ 933.879455][T20668] dump_stack_lvl+0x16c/0x1f0 [ 933.879521][T20668] should_fail_ex+0x512/0x640 [ 933.879565][T20668] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 933.879612][T20668] should_failslab+0xc2/0x120 [ 933.879650][T20668] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 933.879685][T20668] ? getname_flags.part.0+0x4c/0x550 [ 933.879745][T20668] getname_flags.part.0+0x4c/0x550 [ 933.879797][T20668] getname_flags+0x93/0xf0 [ 933.879832][T20668] do_sys_openat2+0xb8/0x1d0 [ 933.879884][T20668] ? __pfx_do_sys_openat2+0x10/0x10 [ 933.879943][T20668] __x64_sys_openat+0x174/0x210 [ 933.879995][T20668] ? __pfx___x64_sys_openat+0x10/0x10 [ 933.880053][T20668] do_syscall_64+0xcd/0x490 [ 933.880112][T20668] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 933.880140][T20668] RIP: 0033:0x7f707018ebe9 [ 933.880162][T20668] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 933.880190][T20668] RSP: 002b:00007f707104f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 933.880217][T20668] RAX: ffffffffffffffda RBX: 00007f70703c6090 RCX: 00007f707018ebe9 [ 933.880235][T20668] RDX: 0000000000040802 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 933.880253][T20668] RBP: 00007f7070211e19 R08: 0000000000000000 R09: 0000000000000000 [ 933.880269][T20668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 933.880289][T20668] R13: 00007f70703c6128 R14: 00007f70703c6090 R15: 00007fffbb9d7088 [ 933.880326][T20668] [ 934.168002][T20673] random: crng reseeded on system resumption [ 935.229184][T20688] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3643'. [ 936.019693][T20689] FAULT_INJECTION: forcing a failure. [ 936.019693][T20689] name fail_futex, interval 1, probability 0, space 0, times 0 [ 936.071297][T20689] CPU: 0 UID: 0 PID: 20689 Comm: syz.1.3643 Not tainted syzkaller #0 PREEMPT(full) [ 936.071344][T20689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 936.071365][T20689] Call Trace: [ 936.071375][T20689] [ 936.071387][T20689] dump_stack_lvl+0x16c/0x1f0 [ 936.071439][T20689] should_fail_ex+0x512/0x640 [ 936.071497][T20689] get_futex_key+0x1d0/0x1560 [ 936.071543][T20689] ? __pfx_get_futex_key+0x10/0x10 [ 936.071581][T20689] ? __pfx___up_read+0x10/0x10 [ 936.071636][T20689] ? do_user_addr_fault+0x829/0x1370 [ 936.071690][T20689] futex_wait_setup+0x9d/0x550 [ 936.071747][T20689] __futex_wait+0x194/0x2f0 [ 936.071798][T20689] ? __pfx___futex_wait+0x10/0x10 [ 936.071857][T20689] ? __pfx_futex_wake_mark+0x10/0x10 [ 936.071915][T20689] ? futex_private_hash_put+0x176/0x300 [ 936.071960][T20689] ? futex_private_hash_put+0x18a/0x300 [ 936.072004][T20689] futex_wait+0xe8/0x380 [ 936.072052][T20689] ? __pfx_futex_wait+0x10/0x10 [ 936.072114][T20689] ? ksys_write+0x190/0x250 [ 936.072165][T20689] do_futex+0x229/0x350 [ 936.072204][T20689] ? __pfx_do_futex+0x10/0x10 [ 936.072258][T20689] __x64_sys_futex+0x1e0/0x4c0 [ 936.072305][T20689] ? fput+0x9b/0xd0 [ 936.072350][T20689] ? __pfx___x64_sys_futex+0x10/0x10 [ 936.072393][T20689] ? xfd_validate_state+0x61/0x180 [ 936.072442][T20689] ? __pfx_ksys_write+0x10/0x10 [ 936.072492][T20689] do_syscall_64+0xcd/0x490 [ 936.072548][T20689] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 936.072582][T20689] RIP: 0033:0x7f707018ebe9 [ 936.072616][T20689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 936.072646][T20689] RSP: 002b:00007f707104f0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 936.072676][T20689] RAX: ffffffffffffffda RBX: 00007f70703c6098 RCX: 00007f707018ebe9 [ 936.072695][T20689] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f70703c6098 [ 936.072713][T20689] RBP: 00007f70703c6090 R08: 0000000000000000 R09: 0000000000000000 [ 936.072731][T20689] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 936.072749][T20689] R13: 00007f70703c6128 R14: 00007fffbb9d6fa0 R15: 00007fffbb9d7088 [ 936.072786][T20689] [ 936.687428][T20705] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3649'. [ 936.745165][T20709] random: crng reseeded on system resumption [ 940.183855][T20740] random: crng reseeded on system resumption [ 940.292507][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 940.298880][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 941.310655][T20764] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3658'. [ 941.358583][T20765] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3660'. [ 943.543892][T20783] vhci_hcd: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 945.084744][T20795] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3665'. [ 945.104845][T20795] bridge_slave_1: left allmulticast mode [ 945.136126][T20795] bridge_slave_1: left promiscuous mode [ 945.175821][T20795] bridge0: port 2(bridge_slave_1) entered disabled state [ 945.252842][T20795] bridge_slave_0: left allmulticast mode [ 945.258569][T20795] bridge_slave_0: left promiscuous mode [ 945.512824][T20795] bridge0: port 1(bridge_slave_0) entered disabled state [ 947.231882][T20818] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3670'. [ 947.815192][T20824] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3671'. [ 948.535368][T20835] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3673'. [ 949.060191][T20841] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 949.735691][T13554] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 949.745700][T13554] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 949.784812][T13554] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 949.797927][T13554] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 949.805914][T13554] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 950.438245][T20847] vhci_hcd: USB_PORT_FEAT_SUSPEND req not supported for USB 3.0 roothub [ 950.956530][T20848] chnl_net:caif_netlink_parms(): no params data found [ 951.381371][T20857] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3680'. [ 951.454352][T20857] bridge_slave_1: left allmulticast mode [ 951.468609][T20857] bridge_slave_1: left promiscuous mode [ 951.474507][T20857] bridge0: port 2(bridge_slave_1) entered disabled state [ 951.739357][T20857] bridge_slave_0: left allmulticast mode [ 951.745069][T20857] bridge_slave_0: left promiscuous mode [ 951.817403][T20857] bridge0: port 1(bridge_slave_0) entered disabled state [ 951.916511][T13554] Bluetooth: hci2: command tx timeout [ 952.185553][T20865] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3681'. [ 952.620629][T20872] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3682'. [ 952.877330][T20848] bridge0: port 1(bridge_slave_0) entered blocking state [ 952.892542][T20848] bridge0: port 1(bridge_slave_0) entered disabled state [ 952.912620][T20848] bridge_slave_0: entered allmulticast mode [ 952.947660][T20848] bridge_slave_0: entered promiscuous mode [ 953.050837][T20848] bridge0: port 2(bridge_slave_1) entered blocking state [ 953.059385][T20848] bridge0: port 2(bridge_slave_1) entered disabled state [ 953.066815][T20848] bridge_slave_1: entered allmulticast mode [ 953.075897][T20848] bridge_slave_1: entered promiscuous mode [ 953.267050][T20848] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 953.332864][T20848] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 953.546800][T20848] team0: Port device team_slave_0 added [ 953.574070][T20848] team0: Port device team_slave_1 added [ 953.722944][T20848] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 953.736156][T20848] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 953.765240][T20878] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3690'. [ 953.806366][T20848] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 953.840669][T20848] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 953.862381][T20848] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 953.975470][T13554] Bluetooth: hci2: command tx timeout [ 954.009534][T20848] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 954.260828][T20848] hsr_slave_0: entered promiscuous mode [ 954.261405][T20883] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3684'. [ 954.285339][T20848] hsr_slave_1: entered promiscuous mode [ 954.304108][T20848] debugfs: 'hsr0' already exists in 'hsr' [ 954.309892][T20848] Cannot create hsr debugfs directory [ 955.009087][T20848] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 955.048160][T20848] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 955.066429][T20888] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3693'. [ 955.266110][T20848] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 955.277653][T20889] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 955.325469][T20848] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 955.598751][T20848] 8021q: adding VLAN 0 to HW filter on device bond0 [ 955.761334][T20848] 8021q: adding VLAN 0 to HW filter on device team0 [ 955.769324][T20901] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3686'. [ 955.830596][T12734] bridge0: port 1(bridge_slave_0) entered blocking state [ 955.837855][T12734] bridge0: port 1(bridge_slave_0) entered forwarding state [ 955.923885][ T3479] bridge0: port 2(bridge_slave_1) entered blocking state [ 955.931162][ T3479] bridge0: port 2(bridge_slave_1) entered forwarding state [ 956.046827][T13554] Bluetooth: hci2: command tx timeout [ 956.497603][T20848] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 956.905991][T20848] veth0_vlan: entered promiscuous mode [ 956.939408][T20848] veth1_vlan: entered promiscuous mode [ 956.994793][T20848] veth0_macvtap: entered promiscuous mode [ 957.007452][T20848] veth1_macvtap: entered promiscuous mode [ 957.044377][T20848] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 957.066216][T20848] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 957.087272][ T68] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.114264][ T68] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.133335][ T68] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.144700][ T68] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 957.238585][T18014] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 957.246452][T18014] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 957.293199][T12181] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 957.303081][T12181] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 957.524610][T20921] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3698'. [ 957.590048][T20925] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3697'. [ 957.737846][T20925] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 958.124010][T13554] Bluetooth: hci2: command tx timeout [ 958.736917][T20937] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 959.121658][T20942] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3694'. [ 959.146852][T20943] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3692'. [ 959.355465][T20943] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 961.476446][T20981] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3708'. [ 961.608839][T20981] veth0_macvtap: left promiscuous mode [ 962.307804][T20974] mkiss: ax0: crc mode is auto. [ 962.660587][T20997] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3711'. [ 962.710430][T20997] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 962.895815][T20997] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 963.747338][T21022] can: request_module (can-proto-4) failed. [ 963.886192][T21032] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3719'. [ 965.032747][T21043] random: crng reseeded on system resumption [ 965.378957][T21048] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3725'. [ 965.479448][T21033] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 965.760810][T21052] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3726'. [ 967.811125][T21092] random: crng reseeded on system resumption [ 967.853715][T21093] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3735'. [ 968.112764][T21098] FAULT_INJECTION: forcing a failure. [ 968.112764][T21098] name failslab, interval 1, probability 0, space 0, times 0 [ 968.200980][T21098] CPU: 1 UID: 0 PID: 21098 Comm: syz.1.3737 Not tainted syzkaller #0 PREEMPT(full) [ 968.201020][T21098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 968.201038][T21098] Call Trace: [ 968.201048][T21098] [ 968.201059][T21098] dump_stack_lvl+0x16c/0x1f0 [ 968.201110][T21098] should_fail_ex+0x512/0x640 [ 968.201157][T21098] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 968.201197][T21098] should_failslab+0xc2/0x120 [ 968.201237][T21098] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 968.201274][T21098] ? fcntl_setlease+0x429/0x5a0 [ 968.201300][T21098] ? fcntl_setlease+0xc6/0x5a0 [ 968.201338][T21098] fcntl_setlease+0xc6/0x5a0 [ 968.201375][T21098] ? __pfx_fcntl_setlease+0x10/0x10 [ 968.201423][T21098] do_fcntl+0x751/0x15a0 [ 968.201470][T21098] ? __pfx_do_fcntl+0x10/0x10 [ 968.201544][T21098] ? tomoyo_file_fcntl+0x6c/0xc0 [ 968.201581][T21098] __x64_sys_fcntl+0x163/0x200 [ 968.201634][T21098] do_syscall_64+0xcd/0x490 [ 968.201687][T21098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 968.201719][T21098] RIP: 0033:0x7f707018ebe9 [ 968.201742][T21098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 968.201773][T21098] RSP: 002b:00007f707102e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 968.201802][T21098] RAX: ffffffffffffffda RBX: 00007f70703c6180 RCX: 00007f707018ebe9 [ 968.201822][T21098] RDX: 0000000000000001 RSI: 0000000000000400 RDI: 0000000000000005 [ 968.201841][T21098] RBP: 00007f7070211e19 R08: 0000000000000000 R09: 0000000000000000 [ 968.201860][T21098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 968.201879][T21098] R13: 00007f70703c6218 R14: 00007f70703c6180 R15: 00007fffbb9d7088 [ 968.201919][T21098] [ 968.803725][T21104] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3738'. [ 969.042192][T21115] random: crng reseeded on system resumption [ 969.175910][T21118] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3742'. [ 969.196821][T21118] netlink: 13 bytes leftover after parsing attributes in process `syz.4.3742'. [ 970.063587][T21133] random: crng reseeded on system resumption [ 970.553811][T21152] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3750'. [ 970.603919][T21154] serio: Serial port pty6 [ 970.659594][T21143] mkiss: ax0: crc mode is auto. [ 971.333144][T21159] busy [ 971.416751][T21162] mkiss: ax0: crc mode is auto. [ 971.528145][T21157] FAULT_INJECTION: forcing a failure. [ 971.528145][T21157] name failslab, interval 1, probability 0, space 0, times 0 [ 971.569847][T21157] CPU: 0 UID: 0 PID: 21157 Comm: syz.1.3751 Not tainted syzkaller #0 PREEMPT(full) [ 971.569889][T21157] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 971.569908][T21157] Call Trace: [ 971.569919][T21157] [ 971.569931][T21157] dump_stack_lvl+0x16c/0x1f0 [ 971.569982][T21157] should_fail_ex+0x512/0x640 [ 971.570041][T21157] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 971.570084][T21157] ? __pfx_hugetlb_vm_op_close+0x10/0x10 [ 971.570129][T21157] should_failslab+0xc2/0x120 [ 971.570172][T21157] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 971.570211][T21157] ? vma_merge_new_range+0x3ae/0xa50 [ 971.570246][T21157] ? vm_area_alloc+0x1f/0x160 [ 971.570283][T21157] ? __pfx_hugetlb_vm_op_close+0x10/0x10 [ 971.570330][T21157] vm_area_alloc+0x1f/0x160 [ 971.570364][T21157] __mmap_region+0xf90/0x27b0 [ 971.570404][T21157] ? trace_contention_end+0xdd/0x130 [ 971.570452][T21157] ? __pfx___mmap_region+0x10/0x10 [ 971.570490][T21157] ? process_measurement+0xf92/0x23e0 [ 971.570533][T21157] ? __mutex_unlock_slowpath+0x161/0x7b0 [ 971.570585][T21157] ? __pfx___might_resched+0x10/0x10 [ 971.570617][T21157] ? bpf_ksym_find+0x124/0x1c0 [ 971.570649][T21157] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 971.570706][T21157] ? rcu_is_watching+0x12/0xc0 [ 971.570740][T21157] ? kfree+0x24f/0x4d0 [ 971.570841][T21157] ? trace_cap_capable+0x18d/0x200 [ 971.570891][T21157] mmap_region+0x1ab/0x3f0 [ 971.570930][T21157] ? __get_unmapped_area+0x267/0x440 [ 971.570981][T21157] do_mmap+0xa3e/0x1210 [ 971.571040][T21157] ? __pfx_do_mmap+0x10/0x10 [ 971.571087][T21157] ? __pfx_down_write_killable+0x10/0x10 [ 971.571129][T21157] vm_mmap_pgoff+0x29e/0x470 [ 971.571183][T21157] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 971.571239][T21157] ? __fget_files+0x20e/0x3c0 [ 971.571283][T21157] ksys_mmap_pgoff+0x32c/0x5c0 [ 971.571336][T21157] __x64_sys_mmap+0x125/0x190 [ 971.571393][T21157] do_syscall_64+0xcd/0x490 [ 971.571447][T21157] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 971.571480][T21157] RIP: 0033:0x7f707018ebe9 [ 971.571504][T21157] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 971.571535][T21157] RSP: 002b:00007f7071070038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 971.571565][T21157] RAX: ffffffffffffffda RBX: 00007f70703c5fa0 RCX: 00007f707018ebe9 [ 971.571586][T21157] RDX: 0000000000000ff7 RSI: 0000000000000009 RDI: 0000000000000000 [ 971.571605][T21157] RBP: 00007f7071070090 R08: 0000001000000004 R09: 0000000000000000 [ 971.571625][T21157] R10: 0008000000008012 R11: 0000000000000246 R12: 0000000000000001 [ 971.571645][T21157] R13: 00007f70703c6038 R14: 00007f70703c5fa0 R15: 00007fffbb9d7088 [ 971.571686][T21157] [ 971.920079][T21173] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3753'. [ 973.052350][T21196] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3761'. [ 973.214441][T21196] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3761'. [ 973.659167][T21206] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3762'. [ 974.395819][T21214] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3765'. [ 974.948403][T21225] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3766'. [ 974.994542][T21210] mkiss: ax0: crc mode is auto. [ 975.532139][T13554] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 976.648674][T21241] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 976.772960][T21245] busy [ 977.180783][T21256] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3773'. [ 977.462951][T21258] blktrace: Concurrent blktraces are not allowed on ram7 [ 977.533138][T13554] Bluetooth: hci2: command tx timeout [ 977.671663][ T30] audit: type=1800 audit(1081.407:38): pid=21266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3776" name="lu_gp_id" dev="configfs" ino=84591 res=0 errno=0 [ 977.786189][T21268] netlink: 334 bytes leftover after parsing attributes in process `syz.4.3777'. [ 977.910080][T21270] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3786'. [ 977.929018][T21268] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3777'. [ 979.091395][T21290] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3790'. [ 979.715112][T21302] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3783'. [ 979.772202][T21313] random: crng reseeded on system resumption [ 979.834295][T13554] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 981.724063][T21334] Invalid ELF header magic: != ELF [ 981.843543][T19598] Bluetooth: hci3: command 0x041b tx timeout [ 981.876027][T21332] FAULT_INJECTION: forcing a failure. [ 981.876027][T21332] name failslab, interval 1, probability 0, space 0, times 0 [ 981.898787][T21332] CPU: 0 UID: 0 PID: 21332 Comm: syz.4.3787 Not tainted syzkaller #0 PREEMPT(full) [ 981.898833][T21332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 981.898853][T21332] Call Trace: [ 981.898863][T21332] [ 981.898877][T21332] dump_stack_lvl+0x16c/0x1f0 [ 981.898933][T21332] should_fail_ex+0x512/0x640 [ 981.898985][T21332] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 981.899031][T21332] should_failslab+0xc2/0x120 [ 981.899090][T21332] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 981.899131][T21332] ? acpi_ut_create_generic_state+0x5c/0xb0 [ 981.899183][T21332] acpi_ut_create_generic_state+0x5c/0xb0 [ 981.899226][T21332] acpi_ps_push_scope+0x22/0x230 [ 981.899285][T21332] acpi_ps_parse_loop+0x9f3/0x1d00 [ 981.899346][T21332] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 981.899393][T21332] ? kmem_cache_alloc_noprof+0x21e/0x3b0 [ 981.899446][T21332] ? acpi_ut_create_thread_state+0x63/0x170 [ 981.899500][T21332] acpi_ps_parse_aml+0x3c1/0xcb0 [ 981.899556][T21332] acpi_ps_execute_method+0x55a/0xb30 [ 981.899612][T21332] ? acpi_ut_acquire_mutex+0x125/0x1d0 [ 981.899650][T21332] acpi_ns_evaluate+0x76c/0xca0 [ 981.899683][T21332] ? kasan_save_track+0x14/0x30 [ 981.899726][T21332] acpi_evaluate_object+0x1fa/0xa90 [ 981.899774][T21332] ? do_syscall_64+0xcd/0x490 [ 981.899822][T21332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 981.899858][T21332] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 981.899905][T21332] ? __mutex_trylock_common+0xe9/0x250 [ 981.899959][T21332] acpi_evaluate_integer+0xdd/0x200 [ 981.899999][T21332] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 981.900057][T21332] ? __pfx_status_show+0x10/0x10 [ 981.900100][T21332] status_show+0xa0/0x120 [ 981.900151][T21332] ? __pfx_status_show+0x10/0x10 [ 981.900207][T21332] dev_attr_show+0x53/0xe0 [ 981.900242][T21332] ? __pfx_dev_attr_show+0x10/0x10 [ 981.900280][T21332] sysfs_kf_seq_show+0x216/0x3e0 [ 981.900328][T21332] seq_read_iter+0x509/0x12c0 [ 981.900363][T21332] ? __mutex_trylock_common+0xe9/0x250 [ 981.900433][T21332] kernfs_fop_read_iter+0x40f/0x5a0 [ 981.900463][T21332] ? rw_verify_area+0xcf/0x6c0 [ 981.900501][T21332] vfs_read+0x8bc/0xcf0 [ 981.900545][T21332] ? __pfx___mutex_lock+0x10/0x10 [ 981.900597][T21332] ? __pfx_vfs_read+0x10/0x10 [ 981.900664][T21332] ksys_read+0x12a/0x250 [ 981.900701][T21332] ? __pfx_ksys_read+0x10/0x10 [ 981.900753][T21332] do_syscall_64+0xcd/0x490 [ 981.900807][T21332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 981.900840][T21332] RIP: 0033:0x7f4fec98ebe9 [ 981.900865][T21332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 981.900898][T21332] RSP: 002b:00007f4feabee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 981.900929][T21332] RAX: ffffffffffffffda RBX: 00007f4fecbc5fa0 RCX: 00007f4fec98ebe9 [ 981.900952][T21332] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000002 [ 981.900973][T21332] RBP: 00007f4feca11e19 R08: 0000000000000000 R09: 0000000000000000 [ 981.900993][T21332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 981.901012][T21332] R13: 00007f4fecbc6038 R14: 00007f4fecbc5fa0 R15: 00007fffe3b23fc8 [ 981.901057][T21332] [ 982.420947][T21332] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20250404/psparse-529) [ 983.172123][T21349] FAULT_INJECTION: forcing a failure. [ 983.172123][T21349] name failslab, interval 1, probability 0, space 0, times 0 [ 983.223410][T21349] CPU: 1 UID: 0 PID: 21349 Comm: syz.4.3789 Not tainted syzkaller #0 PREEMPT(full) [ 983.223456][T21349] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 983.223488][T21349] Call Trace: [ 983.223499][T21349] [ 983.223511][T21349] dump_stack_lvl+0x16c/0x1f0 [ 983.223566][T21349] should_fail_ex+0x512/0x640 [ 983.223617][T21349] ? fs_reclaim_acquire+0xae/0x150 [ 983.223667][T21349] ? tomoyo_encode2+0x100/0x3e0 [ 983.223714][T21349] should_failslab+0xc2/0x120 [ 983.223759][T21349] __kmalloc_noprof+0xd2/0x510 [ 983.223793][T21349] ? d_absolute_path+0x136/0x1a0 [ 983.223847][T21349] tomoyo_encode2+0x100/0x3e0 [ 983.223903][T21349] tomoyo_encode+0x29/0x50 [ 983.223948][T21349] tomoyo_realpath_from_path+0x18f/0x6e0 [ 983.224008][T21349] tomoyo_mkdev_perm+0x22b/0x570 [ 983.224046][T21349] ? tomoyo_mkdev_perm+0x217/0x570 [ 983.224088][T21349] ? __pfx_tomoyo_mkdev_perm+0x10/0x10 [ 983.224139][T21349] ? __lock_acquire+0xb97/0x1ce0 [ 983.224194][T21349] ? do_raw_spin_lock+0x12c/0x2b0 [ 983.224267][T21349] ? __pfx_current_check_access_path+0x10/0x10 [ 983.224342][T21349] ? simple_lookup+0x105/0x1d0 [ 983.224384][T21349] tomoyo_path_mknod+0x12a/0x190 [ 983.224418][T21349] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 983.224455][T21349] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 983.224516][T21349] security_path_mknod+0x161/0x310 [ 983.224565][T21349] do_mknodat+0x239/0x5d0 [ 983.224611][T21349] ? __pfx_do_mknodat+0x10/0x10 [ 983.224650][T21349] ? getname_flags.part.0+0x1c5/0x550 [ 983.224715][T21349] __x64_sys_mknod+0x87/0xb0 [ 983.224759][T21349] do_syscall_64+0xcd/0x490 [ 983.224818][T21349] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 983.224853][T21349] RIP: 0033:0x7f4fec98ebe9 [ 983.224890][T21349] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 983.224923][T21349] RSP: 002b:00007f4feabee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 983.224952][T21349] RAX: ffffffffffffffda RBX: 00007f4fecbc5fa0 RCX: 00007f4fec98ebe9 [ 983.224973][T21349] RDX: 0000000000000103 RSI: 00000000000020e9 RDI: 00002000000003c0 [ 983.224993][T21349] RBP: 00007f4feca11e19 R08: 0000000000000000 R09: 0000000000000000 [ 983.225012][T21349] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 983.225031][T21349] R13: 00007f4fecbc6038 R14: 00007f4fecbc5fa0 R15: 00007fffe3b23fc8 [ 983.225072][T21349] [ 983.225136][T21349] ERROR: Out of memory at tomoyo_realpath_from_path. [ 984.374330][T21364] random: crng reseeded on system resumption [ 984.717379][T21374] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3793'. [ 984.897036][T21374] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3793'. [ 984.936057][T21382] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3794'. [ 987.088378][T21429] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3800'. [ 987.185656][T21429] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3800'. [ 987.246044][T21431] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3802'. [ 987.841222][T21441] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3805'. [ 988.135733][T21444] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3806'. [ 988.207423][T21444] geneve1: entered promiscuous mode [ 988.237529][T21444] geneve1: entered allmulticast mode [ 988.378305][T21452] netlink: 334 bytes leftover after parsing attributes in process `syz.1.3807'. [ 988.391488][T21453] __vm_enough_memory: pid: 21453, comm: syz.3.3809, bytes: 4398046511104 not enough memory for the allocation [ 988.452822][T21452] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3807'. [ 989.527805][T21469] random: crng reseeded on system resumption [ 991.213354][T21487] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3815'. [ 991.453277][T21489] random: crng reseeded on system resumption [ 994.090025][T21518] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 994.103664][T21518] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 994.118643][T21518] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 994.133090][T21518] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 994.186301][T21518] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 994.227878][T21518] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 994.238534][T21518] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 994.295283][T21518] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 994.313591][T21518] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 994.476903][T21527] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3825'. [ 994.501564][T21528] blktrace: Concurrent blktraces are not allowed on ram7 [ 995.439924][T19598] Bluetooth: hci4: command 0x0c1a tx timeout [ 995.478244][T21539] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3828'. [ 996.157871][T19598] Bluetooth: hci3: command 0x041b tx timeout [ 996.163963][T19598] Bluetooth: hci0: command 0x0419 tx timeout [ 996.236068][T19598] Bluetooth: hci1: command 0x041b tx timeout [ 996.265520][T19598] Bluetooth: hci2: command 0x0c1a tx timeout [ 998.225830][T19598] Bluetooth: hci3: command 0x041b tx timeout [ 998.305003][T19598] Bluetooth: hci2: command 0x0c1a tx timeout [ 999.017441][T21579] ima: policy update failed [ 999.051237][ T30] audit: type=1802 audit(4294968398.897:39): pid=21579 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.1.3834" res=0 errno=0 [ 1000.105172][T21602] random: crng reseeded on system resumption [ 1000.374288][T19598] Bluetooth: hci2: command 0x0c1a tx timeout [ 1001.413726][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1001.432280][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1002.443461][T19598] Bluetooth: hci2: command 0x0c1a tx timeout [ 1002.667439][T21630] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3849'. [ 1003.830256][T21644] FAULT_INJECTION: forcing a failure. [ 1003.830256][T21644] name failslab, interval 1, probability 0, space 0, times 0 [ 1003.886002][T21644] CPU: 0 UID: 0 PID: 21644 Comm: syz.4.3854 Not tainted syzkaller #0 PREEMPT(full) [ 1003.886049][T21644] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1003.886069][T21644] Call Trace: [ 1003.886080][T21644] [ 1003.886094][T21644] dump_stack_lvl+0x16c/0x1f0 [ 1003.886151][T21644] should_fail_ex+0x512/0x640 [ 1003.886202][T21644] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1003.886248][T21644] should_failslab+0xc2/0x120 [ 1003.886290][T21644] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1003.886333][T21644] ? shmem_alloc_inode+0x25/0x50 [ 1003.886386][T21644] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 1003.886431][T21644] shmem_alloc_inode+0x25/0x50 [ 1003.886477][T21644] alloc_inode+0x64/0x240 [ 1003.886526][T21644] new_inode+0x22/0x1c0 [ 1003.886578][T21644] shmem_get_inode+0x19a/0xfb0 [ 1003.886638][T21644] shmem_mknod+0x1a8/0x450 [ 1003.886696][T21644] vfs_mknod+0x5da/0x8e0 [ 1003.886736][T21644] do_mknodat+0x30f/0x5d0 [ 1003.886778][T21644] ? __pfx_do_mknodat+0x10/0x10 [ 1003.886814][T21644] ? getname_flags.part.0+0x1c5/0x550 [ 1003.886883][T21644] __x64_sys_mknod+0x87/0xb0 [ 1003.886924][T21644] do_syscall_64+0xcd/0x490 [ 1003.886977][T21644] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1003.887008][T21644] RIP: 0033:0x7f4fec98ebe9 [ 1003.887032][T21644] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1003.887064][T21644] RSP: 002b:00007f4feabee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 1003.887096][T21644] RAX: ffffffffffffffda RBX: 00007f4fecbc5fa0 RCX: 00007f4fec98ebe9 [ 1003.887115][T21644] RDX: 0000000000000004 RSI: 0000000000001001 RDI: 0000200000000040 [ 1003.887134][T21644] RBP: 00007f4feca11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1003.887154][T21644] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1003.887174][T21644] R13: 00007f4fecbc6038 R14: 00007f4fecbc5fa0 R15: 00007fffe3b23fc8 [ 1003.887216][T21644] [ 1005.600706][T21637] kexec: Could not allocate control_code_buffer [ 1006.876277][T21682] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3861'. [ 1007.364968][T21694] __vm_enough_memory: pid: 21694, comm: syz.0.3863, bytes: 4398046511104 not enough memory for the allocation [ 1008.083908][T21701] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3865'. [ 1008.553700][T21702] FAULT_INJECTION: forcing a failure. [ 1008.553700][T21702] name failslab, interval 1, probability 0, space 0, times 0 [ 1008.581846][T21702] CPU: 0 UID: 0 PID: 21702 Comm: syz.4.3865 Not tainted syzkaller #0 PREEMPT(full) [ 1008.581890][T21702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1008.581910][T21702] Call Trace: [ 1008.581920][T21702] [ 1008.581931][T21702] dump_stack_lvl+0x16c/0x1f0 [ 1008.581987][T21702] should_fail_ex+0x512/0x640 [ 1008.582038][T21702] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1008.582083][T21702] should_failslab+0xc2/0x120 [ 1008.582127][T21702] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1008.582168][T21702] ? alloc_empty_file+0x55/0x1e0 [ 1008.582224][T21702] alloc_empty_file+0x55/0x1e0 [ 1008.582294][T21702] path_openat+0xda/0x2cb0 [ 1008.582331][T21702] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.582380][T21702] ? __pfx_path_openat+0x10/0x10 [ 1008.582440][T21702] do_filp_open+0x20b/0x470 [ 1008.582482][T21702] ? __pfx_do_filp_open+0x10/0x10 [ 1008.582551][T21702] ? alloc_fd+0x471/0x7d0 [ 1008.582598][T21702] do_sys_openat2+0x11b/0x1d0 [ 1008.582649][T21702] ? __pfx_do_sys_openat2+0x10/0x10 [ 1008.582716][T21702] __x64_sys_openat+0x174/0x210 [ 1008.582771][T21702] ? __pfx___x64_sys_openat+0x10/0x10 [ 1008.582840][T21702] do_syscall_64+0xcd/0x490 [ 1008.582894][T21702] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1008.582928][T21702] RIP: 0033:0x7f4fec98ebe9 [ 1008.582954][T21702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1008.582987][T21702] RSP: 002b:00007f4feabcd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1008.583019][T21702] RAX: ffffffffffffffda RBX: 00007f4fecbc6090 RCX: 00007f4fec98ebe9 [ 1008.583042][T21702] RDX: 0000000000040802 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1008.583062][T21702] RBP: 00007f4feca11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1008.583082][T21702] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1008.583102][T21702] R13: 00007f4fecbc6128 R14: 00007f4fecbc6090 R15: 00007fffe3b23fc8 [ 1008.583145][T21702] [ 1008.865080][T21707] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3867'. [ 1011.532074][T21711] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1011.658776][T21735] sd 0:0:1:0: PR command failed: 1026 [ 1011.664583][T21735] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1011.672337][T21735] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1012.750191][T21749] netlink: 354 bytes leftover after parsing attributes in process `syz.4.3876'. [ 1013.126899][T21752] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3885'. [ 1013.382598][T21754] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1013.501804][T21754] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1013.556351][T21754] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1013.595832][T21754] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1013.605630][T21754] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1015.038555][T21774] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3880'. [ 1015.197429][T21778] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3881'. [ 1015.431018][T19598] Bluetooth: hci4: command 0x0c1a tx timeout [ 1015.575255][T19598] Bluetooth: hci3: command 0x041b tx timeout [ 1015.575267][T13554] Bluetooth: hci0: command 0x0419 tx timeout [ 1015.617239][T21790] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3884'. [ 1015.637723][T21790] veth0_macvtap: left promiscuous mode [ 1015.654835][T19598] Bluetooth: hci2: command 0x0c1a tx timeout [ 1015.660906][T19598] Bluetooth: hci1: command 0x041b tx timeout [ 1015.884247][T21779] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1015.911525][T21779] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1015.958227][T21779] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1015.977749][T21779] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1016.000896][T21779] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1016.843107][T21811] serio: Serial port pty6 [ 1017.495160][T13554] Bluetooth: hci4: command 0x0c1a tx timeout [ 1017.972903][T13554] Bluetooth: hci3: command 0x041b tx timeout [ 1017.972923][T19598] Bluetooth: hci0: command 0x0419 tx timeout [ 1018.052268][T13554] Bluetooth: hci2: command 0x0c1a tx timeout [ 1018.052279][T19598] Bluetooth: hci1: command 0x041b tx timeout [ 1018.989822][T21842] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3896'. [ 1021.850397][T21894] random: crng reseeded on system resumption [ 1023.972873][T21934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3912'. [ 1024.225308][T21934] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1024.799223][T21916] ima: policy update failed [ 1024.817161][ T30] audit: type=1802 audit(4294968424.791:40): pid=21916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.3910" res=0 errno=0 [ 1026.827617][T21968] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1026.852232][T21968] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1028.094736][T21985] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3926'. [ 1028.917460][T21999] random: crng reseeded on system resumption [ 1030.010290][T22004] mkiss: ax0: crc mode is auto. [ 1030.628369][T22017] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3934'. [ 1030.854807][T21983] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1030.984671][T22024] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3935'. [ 1031.443349][T22018] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1031.450065][T22018] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1031.456391][T22018] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1031.482586][T22018] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1031.491373][T22018] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1032.556452][T22046] random: crng reseeded on system resumption [ 1032.845693][T13554] Bluetooth: hci4: command 0x0c1a tx timeout [ 1033.482435][T13554] Bluetooth: hci3: command 0x041b tx timeout [ 1033.488533][T19598] Bluetooth: hci0: command 0x0419 tx timeout [ 1033.571779][T13554] Bluetooth: hci2: command 0x0c1a tx timeout [ 1033.577900][T19598] Bluetooth: hci1: command 0x041b tx timeout [ 1034.169862][T22076] netlink: 330 bytes leftover after parsing attributes in process `syz.1.3945'. [ 1034.289893][T22076] veth0_macvtap: left promiscuous mode [ 1034.307986][T22079] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3946'. [ 1035.096281][T22094] blktrace: Concurrent blktraces are not allowed on ram7 [ 1035.466145][T22100] FAULT_INJECTION: forcing a failure. [ 1035.466145][T22100] name failslab, interval 1, probability 0, space 0, times 0 [ 1035.529870][T22100] CPU: 1 UID: 0 PID: 22100 Comm: syz.1.3950 Not tainted syzkaller #0 PREEMPT(full) [ 1035.529909][T22100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1035.529924][T22100] Call Trace: [ 1035.529931][T22100] [ 1035.529941][T22100] dump_stack_lvl+0x16c/0x1f0 [ 1035.529981][T22100] should_fail_ex+0x512/0x640 [ 1035.530019][T22100] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1035.530058][T22100] should_failslab+0xc2/0x120 [ 1035.530090][T22100] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1035.530119][T22100] ? security_inode_alloc+0x3b/0x2b0 [ 1035.530145][T22100] ? sk_prot_alloc+0x60/0x2a0 [ 1035.530175][T22100] sk_prot_alloc+0x60/0x2a0 [ 1035.530202][T22100] sk_alloc+0x36/0xc20 [ 1035.530237][T22100] smc_create+0x114/0x2a0 [ 1035.530268][T22100] __sock_create+0x335/0x8d0 [ 1035.530301][T22100] __sys_socket+0x14d/0x260 [ 1035.530330][T22100] ? __pfx___sys_socket+0x10/0x10 [ 1035.530358][T22100] ? xfd_validate_state+0x61/0x180 [ 1035.530393][T22100] ? __pfx_ksys_write+0x10/0x10 [ 1035.530427][T22100] __x64_sys_socket+0x72/0xb0 [ 1035.530454][T22100] ? lockdep_hardirqs_on+0x7c/0x110 [ 1035.530489][T22100] do_syscall_64+0xcd/0x490 [ 1035.530528][T22100] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1035.530552][T22100] RIP: 0033:0x7f707018ebe9 [ 1035.530570][T22100] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1035.530593][T22100] RSP: 002b:00007f7071070038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1035.530616][T22100] RAX: ffffffffffffffda RBX: 00007f70703c5fa0 RCX: 00007f707018ebe9 [ 1035.530632][T22100] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000002b [ 1035.530645][T22100] RBP: 00007f7070211e19 R08: 0000000000000000 R09: 0000000000000000 [ 1035.530660][T22100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1035.530674][T22100] R13: 00007f70703c6038 R14: 00007f70703c5fa0 R15: 00007fffbb9d7088 [ 1035.530704][T22100] [ 1036.714726][T22111] bcachefs: bch2_ioctl_fsck_offline() ret EFAULT [ 1037.365010][T22130] sd 0:0:1:0: PR command failed: 1026 [ 1037.370479][T22130] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1037.474099][T22130] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1037.801165][T22136] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3956'. [ 1038.854495][T22125] usb usb24: check_ctrlrecip: process 22125 (syz.0.3954) requesting ep 01 but needs 81 [ 1038.881757][T22125] usb usb24: usbfs: process 22125 (syz.0.3954) did not claim interface 0 before use [ 1039.314609][ T30] audit: type=1800 audit(4294968439.376:41): pid=22153 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3958" name="members" dev="configfs" ino=88815 res=0 errno=0 [ 1039.378923][T22160] netlink: 330 bytes leftover after parsing attributes in process `syz.3.3961'. [ 1039.520735][T22165] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1039.608015][T22167] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3960'. [ 1040.490414][T22174] __vm_enough_memory: pid: 22174, comm: syz.0.3963, bytes: 4398046511104 not enough memory for the allocation [ 1041.019749][T22181] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3965'. [ 1041.099700][T22183] random: crng reseeded on system resumption [ 1041.434750][T22185] FAULT_INJECTION: forcing a failure. [ 1041.434750][T22185] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1041.454831][T22185] CPU: 1 UID: 0 PID: 22185 Comm: syz.1.3965 Not tainted syzkaller #0 PREEMPT(full) [ 1041.454874][T22185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1041.454895][T22185] Call Trace: [ 1041.454905][T22185] [ 1041.454917][T22185] dump_stack_lvl+0x16c/0x1f0 [ 1041.454977][T22185] should_fail_ex+0x512/0x640 [ 1041.455035][T22185] strncpy_from_user+0x3b/0x2e0 [ 1041.455089][T22185] getname_flags.part.0+0x8f/0x550 [ 1041.455147][T22185] getname_flags+0x93/0xf0 [ 1041.455183][T22185] do_sys_openat2+0xb8/0x1d0 [ 1041.455233][T22185] ? __pfx_do_sys_openat2+0x10/0x10 [ 1041.455296][T22185] __x64_sys_openat+0x174/0x210 [ 1041.455347][T22185] ? __pfx___x64_sys_openat+0x10/0x10 [ 1041.455424][T22185] do_syscall_64+0xcd/0x490 [ 1041.455479][T22185] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1041.455513][T22185] RIP: 0033:0x7f707018ebe9 [ 1041.455539][T22185] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1041.455572][T22185] RSP: 002b:00007f707104f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1041.455603][T22185] RAX: ffffffffffffffda RBX: 00007f70703c6090 RCX: 00007f707018ebe9 [ 1041.455625][T22185] RDX: 0000000000040802 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1041.455645][T22185] RBP: 00007f7070211e19 R08: 0000000000000000 R09: 0000000000000000 [ 1041.455664][T22185] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1041.455683][T22185] R13: 00007f70703c6128 R14: 00007f70703c6090 R15: 00007fffbb9d7088 [ 1041.455724][T22185] [ 1042.088674][T22188] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3967'. [ 1042.446334][T22202] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 1044.393159][T22222] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3977'. [ 1045.026893][T22233] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input11 [ 1045.502553][T22234] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 1045.546799][T22233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3978'. [ 1045.582430][T22239] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3979'. [ 1045.649661][T22239] netlink: 13 bytes leftover after parsing attributes in process `syz.4.3979'. [ 1046.468724][T22260] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3983'. [ 1048.457535][T22290] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3993'. [ 1048.541170][T22292] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1049.080987][T22299] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1049.104267][T22297] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1051.421307][T22332] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4001'. [ 1051.843215][T22342] sd 0:0:1:0: PR command failed: 1026 [ 1051.875220][T22342] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1052.003785][T22342] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1052.256699][T22343] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1052.387227][T22343] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1052.432028][T22348] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1052.719112][T22358] random: crng reseeded on system resumption [ 1053.395093][T22360] zswap: compressor not available [ 1054.734470][T22389] sd 0:0:1:0: PR command failed: 1026 [ 1054.740241][T22389] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1054.747527][T22389] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1056.083523][T22408] random: crng reseeded on system resumption [ 1056.490843][T22409] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 1057.324561][T22430] random: crng reseeded on system resumption [ 1057.515472][T22424] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1057.657298][T22428] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1058.399096][T22447] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4029'. [ 1058.399307][T22443] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1058.466158][T22439] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1058.926085][T22455] netlink: 'syz.0.4031': attribute type 1 has an invalid length. [ 1060.473324][T22483] sd 0:0:1:0: PR command failed: 1026 [ 1060.547546][T22483] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1060.745805][T22483] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1062.063525][T22510] random: crng reseeded on system resumption [ 1062.536447][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1062.543828][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1064.725284][T22569] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1065.618809][T22591] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4063'. [ 1065.980967][T22606] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4067'. [ 1066.402998][T22595] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1066.421237][T22595] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1066.458100][T22595] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1066.490943][T22595] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1066.520527][T22595] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1066.826019][T22631] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4073'. [ 1066.920136][T22624] sp0: Synchronizing with TNC [ 1067.260508][T22641] netlink: 330 bytes leftover after parsing attributes in process `syz.1.4074'. [ 1067.787971][T22638] Bluetooth: hci4: command 0x0c1a tx timeout [ 1067.948182][T22658] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1068.268194][T22673] netlink: 'syz.4.4081': attribute type 1 has an invalid length. [ 1068.391373][T22675] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4083'. [ 1068.422630][T22638] Bluetooth: hci0: command 0x0419 tx timeout [ 1068.510210][T22638] Bluetooth: hci1: command 0x041b tx timeout [ 1068.516315][T22638] Bluetooth: hci3: command 0x041b tx timeout [ 1068.579417][T22638] Bluetooth: hci2: command 0x0c1a tx timeout [ 1069.928603][T22704] random: crng reseeded on system resumption [ 1070.525511][T22724] sd 0:0:1:0: PR command failed: 1026 [ 1070.548992][T22724] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 1070.629461][T22729] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4096'. [ 1070.721557][T22724] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 1071.081618][T22735] random: crng reseeded on system resumption [ 1072.221477][T22742] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.4098'. [ 1076.035142][T22820] random: crng reseeded on system resumption [ 1076.133315][T22823] netlink: 342 bytes leftover after parsing attributes in process `syz.1.4118'. [ 1076.598173][T22824] can: request_module (can-proto-0) failed. [ 1078.314410][T22863] FAULT_INJECTION: forcing a failure. [ 1078.314410][T22863] name failslab, interval 1, probability 0, space 0, times 0 [ 1078.337424][T22863] CPU: 1 UID: 0 PID: 22863 Comm: syz.4.4129 Not tainted syzkaller #0 PREEMPT(full) [ 1078.337458][T22863] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1078.337472][T22863] Call Trace: [ 1078.337480][T22863] [ 1078.337489][T22863] dump_stack_lvl+0x16c/0x1f0 [ 1078.337536][T22863] should_fail_ex+0x512/0x640 [ 1078.337574][T22863] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1078.337606][T22863] should_failslab+0xc2/0x120 [ 1078.337639][T22863] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1078.337669][T22863] ? sock_alloc_inode+0x25/0x1c0 [ 1078.337709][T22863] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1078.337731][T22863] sock_alloc_inode+0x25/0x1c0 [ 1078.337754][T22863] alloc_inode+0x64/0x240 [ 1078.337790][T22863] sock_alloc+0x40/0x280 [ 1078.337812][T22863] __sock_create+0xc1/0x8d0 [ 1078.337839][T22863] ? lockdep_init_map_type+0x5c/0x280 [ 1078.337875][T22863] smc_create+0x15d/0x2a0 [ 1078.337905][T22863] __sock_create+0x335/0x8d0 [ 1078.337937][T22863] __sys_socket+0x14d/0x260 [ 1078.337964][T22863] ? __pfx___sys_socket+0x10/0x10 [ 1078.337992][T22863] ? xfd_validate_state+0x61/0x180 [ 1078.338026][T22863] ? __pfx_ksys_write+0x10/0x10 [ 1078.338058][T22863] __x64_sys_socket+0x72/0xb0 [ 1078.338085][T22863] ? lockdep_hardirqs_on+0x7c/0x110 [ 1078.338118][T22863] do_syscall_64+0xcd/0x490 [ 1078.338156][T22863] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1078.338179][T22863] RIP: 0033:0x7f4fec98ebe9 [ 1078.338197][T22863] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1078.338220][T22863] RSP: 002b:00007f4feabee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1078.338242][T22863] RAX: ffffffffffffffda RBX: 00007f4fecbc5fa0 RCX: 00007f4fec98ebe9 [ 1078.338257][T22863] RDX: 0000000000000001 RSI: 0000000000000001 RDI: 000000000000002b [ 1078.338270][T22863] RBP: 00007f4feca11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1078.338284][T22863] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1078.338297][T22863] R13: 00007f4fecbc6038 R14: 00007f4fecbc5fa0 R15: 00007fffe3b23fc8 [ 1078.338326][T22863] [ 1078.338337][T22863] socket: no more sockets [ 1078.448740][ T31] INFO: task syz.2.3638:20671 blocked for more than 143 seconds. [ 1078.574883][ T31] Not tainted syzkaller #0 [ 1078.580447][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1078.592490][ T31] task:syz.2.3638 state:D stack:28472 pid:20671 tgid:20669 ppid:13731 task_flags:0x400640 flags:0x00004004 [ 1078.611567][ T31] Call Trace: [ 1078.616121][ T31] [ 1078.622957][ T31] __schedule+0x1190/0x5de0 [ 1078.635401][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 1078.660927][ T31] ? __pfx___schedule+0x10/0x10 [ 1078.679888][ T31] ? find_held_lock+0x2b/0x80 [ 1078.714396][ T31] ? schedule+0x2d7/0x3a0 [ 1078.741366][ T31] schedule+0xe7/0x3a0 [ 1078.757213][ T31] schedule_timeout+0x257/0x290 [ 1078.774680][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1078.798613][ T31] ? rcu_is_watching+0x12/0xc0 [ 1078.813563][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1078.824570][ T31] __wait_for_common+0x2fc/0x4e0 [ 1078.835325][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1078.845366][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1078.857744][ T31] ? __pfx_try_to_wake_up+0x10/0x10 [ 1078.868687][ T31] ? rcu_is_watching+0x12/0xc0 [ 1078.878163][ T31] wait_for_completion_state+0x1c/0x40 [ 1078.904818][ T31] vfs_coredump+0x981/0x5670 [ 1078.917904][ T31] ? __pfx_vfs_coredump+0x10/0x10 [ 1078.928689][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 1078.940512][ T31] ? __lock_acquire+0x62e/0x1ce0 [ 1078.951257][ T31] ? lock_acquire+0x179/0x350 [ 1078.962006][ T31] ? lock_acquire+0x179/0x350 [ 1078.971521][ T31] ? find_held_lock+0x2b/0x80 [ 1078.981954][ T31] ? is_bpf_text_address+0x8a/0x1a0 [ 1078.995254][ T31] ? bpf_ksym_find+0x124/0x1c0 [ 1079.001250][ T31] ? __kernel_text_address+0xd/0x40 [ 1079.015132][ T31] ? unwind_get_return_address+0x59/0xa0 [ 1079.035863][ T31] ? arch_stack_walk+0xa6/0x100 [ 1079.045084][ T31] ? stack_trace_save+0x8e/0xc0 [ 1079.050035][ T31] ? __pfx_stack_trace_save+0x10/0x10 [ 1079.071841][ T31] ? stack_depot_save_flags+0x29/0x9c0 [ 1079.103038][ T31] ? __lock_acquire+0xb97/0x1ce0 [ 1079.119996][ T31] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1079.159881][ T31] ? proc_coredump_connector+0x2d1/0x4f0 [ 1079.174498][ T31] ? __pfx_proc_coredump_connector+0x10/0x10 [ 1079.180664][ T31] ? rcu_is_watching+0x12/0xc0 [ 1079.190030][ T31] get_signal+0x22e3/0x26d0 [ 1079.200537][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1079.211525][ T31] ? __pfx_get_signal+0x10/0x10 [ 1079.221592][ T31] ? force_sig_info_to_task+0x3a0/0x660 [ 1079.237340][ T31] arch_do_signal_or_restart+0x8f/0x790 [ 1079.249833][ T31] ? __pfx_force_exit_sig+0x10/0x10 [ 1079.265718][ T31] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1079.279204][ T31] ? syscall_user_dispatch+0x120/0x140 [ 1079.290227][ T31] exit_to_user_mode_loop+0x84/0x110 [ 1079.302735][ T31] do_syscall_64+0x3f6/0x490 [ 1079.313164][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1079.325971][ T31] RIP: 0033:0x7f6600b8ebe9 [ 1079.335041][ T31] RSP: 002b:00007f66019d40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1079.356709][ T31] RAX: ffffffffffffffda RBX: 00007f6600dc6098 RCX: 00007f6600b8ebe9 [ 1079.377698][ T31] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f6600dc609c [ 1079.394641][ T31] RBP: 00007f6600dc6090 R08: 00007f66019f6000 R09: 0000000000000000 [ 1079.412664][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1079.430862][ T31] R13: 00007f6600dc6128 R14: 00007ffd7c626b40 R15: 00007ffd7c626c28 [ 1079.449140][ T31] [ 1079.558654][ T31] [ 1079.558654][ T31] Showing all locks held in the system: [ 1079.570512][ T31] 1 lock held by khungtaskd/31: [ 1079.576690][ T31] #0: ffffffff8e5c10e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 1079.590003][ T31] 2 locks held by getty/5630: [ 1079.594847][ T31] #0: ffff8880318cf0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1079.605287][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 1079.615645][ T31] 4 locks held by kworker/u8:14/12734: [ 1079.623448][ T31] #0: ffff88801c6fe948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1079.634106][ T31] #1: ffffc90003c27d10 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1079.658556][ T31] #2: ffffffff90371f10 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x890 [ 1079.680673][ T31] #3: ffffffff8e5cc540 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6e0 [ 1079.713918][ T31] 1 lock held by syz.2.3638/20670: [ 1079.736545][ T31] 1 lock held by syz.1.4103/22772: [ 1079.752189][ T31] [ 1079.754558][ T31] ============================================= [ 1079.754558][ T31] [ 1079.791162][ T31] NMI backtrace for cpu 1 [ 1079.791181][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 1079.791208][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1079.791222][ T31] Call Trace: [ 1079.791229][ T31] [ 1079.791238][ T31] dump_stack_lvl+0x116/0x1f0 [ 1079.791278][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 1079.791306][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1079.791344][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1079.791375][ T31] watchdog+0xf0e/0x1260 [ 1079.791419][ T31] ? __pfx_watchdog+0x10/0x10 [ 1079.791452][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1079.791488][ T31] ? __kthread_parkme+0x19e/0x250 [ 1079.791533][ T31] ? __pfx_watchdog+0x10/0x10 [ 1079.791564][ T31] kthread+0x3c5/0x780 [ 1079.791597][ T31] ? __pfx_kthread+0x10/0x10 [ 1079.791631][ T31] ? rcu_is_watching+0x12/0xc0 [ 1079.791659][ T31] ? __pfx_kthread+0x10/0x10 [ 1079.791694][ T31] ret_from_fork+0x5d7/0x6f0 [ 1079.791728][ T31] ? __pfx_kthread+0x10/0x10 [ 1079.791761][ T31] ret_from_fork_asm+0x1a/0x30 [ 1079.791802][ T31] [ 1079.791810][ T31] Sending NMI from CPU 1 to CPUs 0: [ 1079.908130][ C0] NMI backtrace for cpu 0 [ 1079.908150][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 1079.908180][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1079.908195][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 1079.908238][ C0] Code: 8c 64 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 d1 18 00 fb f4 7c 09 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 1079.908262][ C0] RSP: 0018:ffffffff8e207e08 EFLAGS: 000002c6 [ 1079.908281][ C0] RAX: 0000000000832db7 RBX: 0000000000000000 RCX: ffffffff8b913bf9 [ 1079.908297][ C0] RDX: 0000000000000000 RSI: ffffffff8de4eb79 RDI: ffffffff8c163180 [ 1079.908313][ C0] RBP: fffffbfff1c52ef8 R08: 0000000000000001 R09: ffffed1017086655 [ 1079.908329][ C0] R10: ffff8880b84332ab R11: 0000000000000000 R12: 0000000000000000 [ 1079.908347][ C0] R13: ffffffff8e2977c0 R14: ffffffff90aba190 R15: 0000000000000000 [ 1079.908363][ C0] FS: 0000000000000000(0000) GS:ffff8881246bd000(0000) knlGS:0000000000000000 [ 1079.908388][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1079.908415][ C0] CR2: 00007fffe3b22ff8 CR3: 0000000074ddc000 CR4: 00000000003526f0 [ 1079.908432][ C0] Call Trace: [ 1079.908440][ C0] [ 1079.908448][ C0] default_idle+0x13/0x20 [ 1079.908471][ C0] default_idle_call+0x6d/0xb0 [ 1079.908495][ C0] do_idle+0x391/0x510 [ 1079.908521][ C0] ? __pfx_do_idle+0x10/0x10 [ 1079.908546][ C0] ? trace_sched_exit_tp+0x2f/0x120 [ 1079.908590][ C0] cpu_startup_entry+0x4f/0x60 [ 1079.908623][ C0] rest_init+0x16b/0x2b0 [ 1079.908648][ C0] ? acpi_subsystem_init+0x133/0x180 [ 1079.908678][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 1079.908714][ C0] start_kernel+0x3ee/0x4d0 [ 1079.908746][ C0] x86_64_start_reservations+0x18/0x30 [ 1079.908779][ C0] x86_64_start_kernel+0x130/0x190 [ 1079.908812][ C0] common_startup_64+0x13e/0x148 [ 1079.908849][ C0] [ 1080.142392][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1080.149290][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted syzkaller #0 PREEMPT(full) [ 1080.158419][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1080.168486][ T31] Call Trace: [ 1080.171779][ T31] [ 1080.174721][ T31] dump_stack_lvl+0x3d/0x1f0 [ 1080.179352][ T31] vpanic+0x6e8/0x7a0 [ 1080.183557][ T31] ? __pfx_vpanic+0x10/0x10 [ 1080.188114][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1080.194156][ T31] panic+0xca/0xd0 [ 1080.197918][ T31] ? __pfx_panic+0x10/0x10 [ 1080.202388][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1080.207799][ T31] ? nmi_trigger_cpumask_backtrace+0x1b1/0x300 [ 1080.213983][ T31] ? watchdog+0xd78/0x1260 [ 1080.218448][ T31] ? watchdog+0xd6b/0x1260 [ 1080.222894][ T31] watchdog+0xd89/0x1260 [ 1080.227178][ T31] ? __pfx_watchdog+0x10/0x10 [ 1080.231889][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1080.237129][ T31] ? __kthread_parkme+0x19e/0x250 [ 1080.242190][ T31] ? __pfx_watchdog+0x10/0x10 [ 1080.246907][ T31] kthread+0x3c5/0x780 [ 1080.251013][ T31] ? __pfx_kthread+0x10/0x10 [ 1080.255644][ T31] ? rcu_is_watching+0x12/0xc0 [ 1080.260435][ T31] ? __pfx_kthread+0x10/0x10 [ 1080.265068][ T31] ret_from_fork+0x5d7/0x6f0 [ 1080.269690][ T31] ? __pfx_kthread+0x10/0x10 [ 1080.274312][ T31] ret_from_fork_asm+0x1a/0x30 [ 1080.279111][ T31] [ 1080.282498][ T31] Kernel Offset: disabled [ 1080.286833][ T31] Rebooting in 86400 seconds..