last executing test programs: 19m34.937691052s ago: executing program 3 (id=4): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) ioctl$auto(0xffffffffffffffff, 0xc0104d08, 0xffffffffffffffff) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r1, &(0x7f00000000c0)={0x0, 0x7}, 0x3) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 19m34.794406755s ago: executing program 3 (id=7): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x580, 0x400, 0x2}]}) 19m34.394345549s ago: executing program 3 (id=10): openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/dynamic_events\x00', 0x542, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/suspend_stats/failed_suspend_noirq\x00', 0x8a100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000040)=""/38, 0x26) socket$nl_generic(0x10, 0x3, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7, 0x1, 0xd, 0x3, 0xfffffffffffffffe]}, 0x0) write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="1100000007000000000000000000000001", 0x11) 19m33.447531758s ago: executing program 3 (id=20): close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_CREATE_VM(r0, 0x4140aecd, 0x0) 19m33.090735707s ago: executing program 3 (id=21): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 19m32.887834736s ago: executing program 3 (id=24): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x40000001, 0x400, 0x9}]}) 19m17.789421673s ago: executing program 32 (id=24): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x40000001, 0x400, 0x9}]}) 8.279044799s ago: executing program 1 (id=5500): mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000)) readv$auto(0x3, &(0x7f00000002c0)={0x0, 0x8}, 0x8) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x6) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x7, 0x8) ioctl$auto_TIOCGPTPEER(0xffffffffffffffff, 0x5441, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x4, 0x0, 0x81, 0x0, 0x10000) sendmsg$auto_TASKSTATS_CMD_GET(0xffffffffffffffff, 0x0, 0x9010) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) read$auto(0xffffffffffffffff, 0x0, 0x1f40) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) futex_waitv$auto(0x0, 0x1, 0x0, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ptyue\x00', 0x1800, 0x0) 7.842495249s ago: executing program 1 (id=5512): clock_settime$auto(0x0, &(0x7f0000000000)={0x100000000, 0x3b9ac9ff}) adjtimex$auto(&(0x7f0000000040)={0xf, 0x0, 0x8, 0x100000001, 0x7f, 0x0, 0x2, 0x0, 0xa, 0x0, 0x10001, {0x7}, 0x7fffffffffffffff, 0x3a9b, 0x5, 0x1, 0x0, 0x6, 0x0, 0x1, 0xd, 0x5, 0x1015c8}) r0 = socket(0x15, 0x5, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup.cpu/tasks\x00', 0x63102, 0x0) sendfile$auto(r1, r1, 0x0, 0x1) r2 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) read$auto(r2, 0x0, 0x2) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) setsockopt$auto(r0, 0x114, 0x8, 0x0, 0x3) fremovexattr$auto(r0, &(0x7f0000000140)='ovs_flow\x00') mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0004, 0x19) mmap$auto(0x0, 0x40009, 0x2, 0x9b72, 0x2, 0x28000) madvise$auto(0x0, 0x200007, 0x8) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socketpair$auto(0x4, 0x8d8, 0x0, &(0x7f0000000240)=0x101) bpf$auto_BPF_ENABLE_STATS(0x20, &(0x7f0000000280)=@token_create={0x68ab5f69, r4}, 0x2) sendmsg$auto_OVS_FLOW_CMD_GET(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYBLOB="010029bd7000fbdbdf25030000000400080014"], 0x2c}, 0x1, 0x0, 0x0, 0x40010}, 0x4000800) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/wireless\x00', 0x400, 0x0) clock_gettime$auto(0x2, &(0x7f0000000200)={0xff, 0x8}) 7.094692294s ago: executing program 0 (id=5506): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x787b, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x1) write$auto_proc_projid_map_operations_base(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x18, 0xc000c, 0x2fe) sendfile$auto(0x1, r0, 0x0, 0x56d) r1 = open_tree_attr$auto(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000080)={0xffffffffffffffff, 0x0, 0x8, @inferred=r0}, 0x0) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_RTC_UIE_ON(r3, 0x7003, 0x0) ioctl$auto_RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000040)={0x1f, 0x7, 0x0, 0x5, 0x2, 0xda, 0xcb, 0x6c35, 0x3}) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000000), r2) unshare$auto(0x8) dup2$auto(0x0, 0x3) ioctl$auto(0xffffffffffffffff, 0xdaa, r1) rseq$auto(0x0, 0x8000, 0x0, 0x6) mincore$auto(0x1000, 0x4000203, 0x0) 6.552720788s ago: executing program 2 (id=5507): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x1, 0x100) r2 = eventfd2$auto(0x6af3, 0x800) r3 = socket(0x1e, 0x1, 0x0) bpf$auto_BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000280)=@link_update={r3, @new_map_fd=r0, 0x3, @old_prog_fd=r1}, 0x1) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x2901, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r5 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r5, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) openat$dir(0xffffffffffffff9c, &(0x7f00000004c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)\x00', 0x40140, 0x12d) rename$auto(&(0x7f00000003c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)', &(0x7f0000000000)=':-.\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) bpf$auto(0x0, &(0x7f0000000580)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) openat$dir(0xffffffffffffff9c, &(0x7f0000000640)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)\x00', 0x14000, 0x4) 6.551826346s ago: executing program 1 (id=5516): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = io_uring_setup$auto(0x1, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mq_notify$auto(0x4, &(0x7f0000000040)={@sival_ptr=0x0, @inferred, 0x1, @_tid}) sendmsg$auto_NL802154_CMD_DEL_INTERFACE(r0, &(0x7f0000000340)={&(0x7f0000000040), 0xc, 0x0}, 0x8080) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x1, 0x9) clock_gettime$auto(0x3, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r2 = open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) socket(0xa, 0x1, 0x84) write$auto_cachefiles_daemon_fops_internal(r2, 0x0, 0x0) mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_TDLS_CHANNEL_SWITCH(0xffffffffffffffff, 0x0, 0x4000) vmsplice$auto(0x1, &(0x7f0000000000)={0x0, 0x5}, 0x6, 0x8) fallocate$auto(r2, 0x0, 0x7, 0x4cbd5d) rename$auto(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)='./file1\x00') lchown$auto(&(0x7f0000000080)='./file0\x00', 0xee01, 0xee00) 6.530553113s ago: executing program 4 (id=5508): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_DQEVENT(r0, 0xc0506107, &(0x7f0000000280)={0x4, 0x80003, 0xa, @state_change={0x200, 0x9, 0x3}}) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20400, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0x1, 0x572f14dc, 0x80000000, 0x80000000, 0x0, 0x7, 0x6d3c, 0x7, 0x2, 0x1]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x3, 0xd, 0x1, 0x948b, 0x4, 0x15f4da0a, 0x41000000003, 0x9, 0x62, 0x8000001b, 0x7, 0x6d3e, 0x9, 0x2, 0x200]}, 0x0) socket(0x27, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2000a, 0x73, 0x40000000000eb1, r2, 0x5) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) io_uring_setup$auto(0x6, 0x0) r4 = socket(0x2, 0x5, 0x0) socket(0x2, 0x80002, 0x73) setsockopt$auto(0x3, 0x10000000084, 0x81, 0x0, 0x8) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r4, &(0x7f0000000080)={{&(0x7f0000000040), 0x1c, &(0x7f00000000c0)={0x0, 0x1a004}, 0x7, 0x0, 0x0, 0xb}, 0xfff}, 0x5, 0x8) 6.402349905s ago: executing program 0 (id=5509): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x18, 0x10, 0x808, 0x7fb, &(0x7f0000000340)="2e87ae255faea9bca16821e73660a43c98f81f056a20818dde63d3c3436ada5521c127417b70c848d2f0b41c9954b52c56fd29b722f89cb8e96cfabaead96bc484c33f7fb2b8e8aeaeeb962fd2017e70de4a4892c560daf3d83461a5c527c6ca6471a2d3bb0714224c0002a6ed62432b4a635d9cb072fba6cc4049f67aced3906e0af971d833a8a1d53e32a133a5b4c89ec915deff549042f4d94e13d7855e68b736ec90d98b3cc7629a"}) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0) ftruncate$auto(0x3, 0x700) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)="5cedd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x407, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3b, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, 0x0, 0x100000a3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) unshare$auto(0xc) 5.235086671s ago: executing program 4 (id=5510): r0 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bluetooth/hci7/power\x00', 0x40000, 0x0) ioctl$auto_BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000100)={{0x5, 0x9, 0x4, 0x1ff, 0x8, 0x5, 0xd, 0x3, 0x3, 0x401}, "582253359245a1822acfc7c8d8634c2ac9c53b1c9a222dbd45347969018bf796bb11f9ffa1a30815594d251492c8be439e52e3b64ab70173810111a12d635952cdec431cb46d2b0faead35b89fe32ff328b8e633e1ffbc126b782fb28aee6228f2ca2502bae85d23a2e25349da816cf37393d03c63ddf2a203d9268c0bcce391ac75c3676a569f143bbc4263b4f02d79b2f34cbfa5495d9403b69ab644495da61ad9933df96385d697c2852e7d57066732324324ab8fb228c9a438d0d42427dfaf89dbba86cd4e3f9f91d63ff923ca76c982647c24cae61bfead4c68525514f4100571b10b47057b4fa68a2589da89c2027197af936773987686bbafe378e4929c5f7d80edbaa134ca0ab9d46888679f4d60c4dfbffc41465ae4f48508409d314c3ccdf8c054c2d39110d36573aab563627466b022976f84e624a651f249cf9dc67be2edbd3a447edb7f915e12cd0d6d7d8b0fd2acaa7981034fd596eb41a390d3d1267f3250d09d9c56524cfff07a267b6894044d1ebc05f46300f769d832a4d99ad9e72f5377781b1d833913e454d0b1df280a46444e17db7838811fd7d37ff299fafee8c47bf9f860bbea254c0f3b1419c9fb63271d90b196521b78e2e2299fa2664a2dcafe30a37125200588ecf31e8ef3c81e9f0631cf7ff292ed1564ec79691f033aa9307bc352347561cc184b6c67de467518fa5149cd62baf01c20b29f21ec3a0973080d3528fd558d20fd31779d6c87f6fbc3fd047f328f720b7a902be30c5908c9ee0af9e13cc1c1ce86c70f55fbc144024f0a22cb51c368e52f97d9d2cd91c7f9e9dea37006e9e3a6913052ff4c1b64ab787d4f4ca6046133666690d0c1a1184e2da350cb18aef9386c6c550fedc0a25f0e16d215c054d7f7863538746835a755331652197893c0281cd0f6bc51239f31c6f87a2dbfb09c6c3622bdf5fcdc777254fcc51031d7644fcbfc38d9cddbfea5d7e671281346d888740206391c84e3c04ac07305e02d9ce4d656bd6fdec928206d010ac9fe31ece81a9969e2f55d1ebdb342ed11e2a6821b8e17dfc629c54c973d34315e0978bfbe73322400a4d8a9fbee9214cffcdf11f78452e4e24698cabb9cd2b16ef8d17ab400adba5257f254443a638fdabe2cb33d8244138f603024efe4ecb746498e17d6c296cd810706094a7e9fb0adf1db9df2a83209708160f93a925f655f1fea61c8382e90cf7f3ad605df428808200f8cc9d3b4c654b0819e59958788455020ee966ab9a92307ad1564339f26a57a33ff8c5ae8aa9e258bcd17da193af86b6add8fc5e34cd9aa0e5de3afa2770c8bd17daadab4aecdc8a887f1f3574c9aa71d1907df9fcd5e58ff2ccf42733dc474123652aeef6a9a3e69a2a0c63f2374fd4906cf88b0f196570e1c9f99881f8d03111540b9cc7892ec3ca26cd58eba2692027e569b81b0d9c41289c7913694ed482fc4cefa884bedfb08ffc68ba02967eb74c1f42123f54b2d7363c8ec3f43d78efe5a67a81e3bae1b76925a7509e2826dac411729fcae32929ada546aa83febbbaa5b2f212ffdacc87d1f049cc86c1267e2f8bda54854f5ab8bd30248c88762b5ac0a5ff9afcbfc5776359903e4c2bb98931b0759fe98d3aeb84a8c638e68c40612ef755e790fa4e54cb0646e556b7868e3182e2433bb7730ec85b6f57d8941e24e106ec017e298f40ebad661ffee1e10ed05e4106a846f6ee0f7b49544226548a055867435aeba1efb5f3ae51588fd194b0abd88e664d3d0e6bfd5b618599b07bd7222a07f6d42baf63fe39813b6de3ea07e4c6277c2746f63aff7699a9fecfef6514953d35a7eb4c3b761ae035ea73420b739d000c16771dfc84a86fea509948758984bde93d3155594d0caf60941087ae774001100310c3933459d631ac428efc8d02e08c2d7f8df3217889b0648637b68ce61452fa28471780d96b19768f279d97c108a2b9a8e754670d5f93680332f610a0cb40222efabba6ffd93be80e74bd19d4b6c8df804d3a72f781bd4b2521de8b10c2cfb17abee972e041f035c5405d5c1612da43cd82a2717165adda92b4417489c50e762d3cb139a19e9080f2d9db6d898d7bf34f10d3a8c3c1d8a73863737bf3f1d58b668345f92d90cba033018d864a63285895e9efd99eff111c406e54d3705ec58175117d9ef86102041b0bb4a580010458a1df655a34eb635460917fe31e82031b37ee092fad4ebc8d2ba6b7366293b9a00d1137f8f8aaa73a2539a57e1483c75ebe132f52d59e9840d531ebba14179a3ed6eafa609d4578aadc7a6466352dfe287e981a6c44e1c894e77284a6356ad332baa843804adbf1882dcb46efaa005d5580ef23d33b018d0c47f8e96092948621d9881063079e0152c2d2962fb99f99f2093de2712d7b8068f5dad4d0ae10ad8c394caf234f670326b3e4cc37b09b5234fc8ab2c6fdf9ebc925635a310f8684c3ed80865177edba4a0a249a410d631aa6eed3c999e1aa5e2908675ad96394fc13d031999cde8448522e64947fc9861aab676e355f2177832f31316530d4fe8854c250bee3bee742e302eb5a05ac38580b46b14abeae8711c7ee75f9e736697db50aedd1b780f5de8e11dc428fc4d8e0e6be690e936a7e3467a60c6bdf760b67e2fe220168d410fc8c2add16a1e1903ed12501da610a3744488a418f09936ac5d964aa1e354c7acc4bd6f2f611a631815a50a73cfbe0353c9ad0a354cb9d934d9eaaea2c2082aba5ad93f6603971a29796f57ccc7a39494a43d1cf5fa91045cd198ffc6f6b0adde006a0bc57cae4f11ac5c350dd889e58ed824e418c9d4053450b1c50f1c0169161ef0c1b740b0c5fa8a3bea937762aa3d5c8cec74e7ef7d642aae41946b12b9ee5734ae6e27b9c235666d2c9a479dedeba1da28bc0aa9293d9e82e09dfa6b4cf4225e382a5ff05e374a581839a60724f7845ccde58e393282b971c1a5a0e80772e4a2b61f1edd90be4d44840d6ff584ca6018faf629ce2fd2176d09e32ad828b9a84c60adfec3e4b8cdd047bc0f9c9e6251797ef8296a2f5e8e0b08a5c1f4c6d8bb4d9fa349d9ba675fdb77dc9cb7408f7e7e28e3958b56fe19e6b98a02596976f51d47611695f54e20ba1da3d01cf1aec7aef8fb084410be16e71efed59bfb1e416be462594c70e6e3bb1aa68a44cc362d78925529d35c833c57e16d128649fe11b5d853126adada8d5ea30342cc1a3ada9d7e58c169f9271823bdf1c3f142c06989b54f6f80e91d85bd8d69a743cabf7db4e2fb7808c39af8fb371fcf3d0d1f56e027ec37145e4c8d662e0d0dda0909867894dc3b5858aa7623607d5124e2c99827a571f5656adcf1a6ad5a44ba8de9036a1863b6582c52fc505d1ddb583a0aed476141f2c230d9898e505ed642515badbb63b3bb4dab6905f3dc35f7fe10cc92802f1e53edefb012f91fb490a966e257a2ac3d16af7095b80eb89354ac1528709c4350e0e2196569ff77a2c0aa3caff155e30559764b747d02db3331122bba71757f62192148fed06705c50e79103fa6e584d5fc8ff8cd7d2d5cfdfb51f091f49da8f46f8cec712847cbb02c16d912ab1bea250ceb9eb3c53b01660b6c8675141a0481f0dc93729770ef84955885e7fd857fafe073ddbbb5848483195422cb29887a5eaac81a70f72e0910a8b4cce6433bf8f0c03c49aefe52754a0f77f027f94830d48c0053e3e660b6d8dffb623e55849b8c6173ca948b323b196dfda8e51eb1d93f1c788d93c029eba5bac843dbe415046cea1bffcf5c692c4bc9223673b9e5e6c2a41985f6c11d2d823c1bf594296065bd57856fa921d39fc09c971c4b850dc2cb1ba76ebdda3c1b2888d97675406a926c1f0fb531d272e3a17ae964e4fc5103e1c83d2f1945c5beeacfcf747d34ef6da9cd4880d609d90dc6bad552cb8d4688ceaeb6f758a9f509f9b43be16f101c803e7fc68a0558e1d1cd09968dce30f37d01ba023abe6de2ded182fd1a4e230c150cc6009aaa5ab66ec5209076c653e2e8d9fb5159c076cf2b0ec8e68b4f44bcdea332064b56c8d89c1b96f2b3dd9b1c8e0a5b9b17d60da256b7172ab1cbc578a1f13e85286b06a4527ac922bbcbc80bd30a0d4b904f52199ce25d38bd269a01ac5248e013868ef749bae3c8e79abb0b023c8049688d358b773925d32cbdeb4dc1211afcc4fb19229a7ea71fe58ebbcfd15b23c2626150cf2ee37b29811fb69d70782348fa6b0e3759f781c2e363bda2ac852f50e93ebf23d1b9e4cc4411a05f05be2f74a6340c21fab5e8e09c07fd630dc196bdf992cf288d9e7020b8a96e39849f7d1e4caf6662885ea5c963510c536d6021992cf405cf84927846457e2413f8d6780677b8c148160fe4aeb88bc3a36e2e2e0efe6a125f7b7c3e30d01dacd8b7e468f41ed7edd3cc2660b9777fececb04d301e78749e9389c8326f045ef986429bf6fa4edd110e0861249e9fc5e5c9fa91cdd1f8bfdbf628e7d24e09b95148bbb47eeb0645d4d69cb5377f03e7af1560571b62510bb49707f26fafae2bd5b4fcc378c9f867e0abd687b016fb26061c214d226de0ab5ccffb7a7a095e3b12575b33ceed56ee948ce99ce1240fa0d08fdd8df1b0dbba95f9dc14bfc49ec779c10e97a02e1f45a8eb6f9bdb1a3ffdf68722a9d7b46a685239a337d1de75c5676221654606671b666fe92a368c6b3db630049f46ecdc26eb818a10371b3fa4bc9fc08d70d6caff67e871ff7bdc2b42d027f5c114a71fbc7d7f33e6df592bec7b314c3c77aee407442026355190fc5d6334a6669b604cc8ccf7cc81624128879c6d2a3014bb24d0556f61935ebf3e34527688fd9d31b9bbc0f0e08b5f3eecc3d1fbd6c091687b527649bc487849155d9c3a21b605d8ab7d15ffe5659bc3ce48a38db8925d67b919e451b39ee4228c4a4864bf575e909f06093663edb162e1c09ea80d60d34ad9e74fae4ac59c36d52746e662697e5e3ca907306f46d49f4aa9a17de2256e05376ab2deb4c0dca75f59d37cfd8ee109bc55d12025956e08d82b4ab7a93da69caf848bedb84b57b66c319439be4427a967b7ea95526454b7ac21db27a927e84158ea5e45780bd21a7ffd476924efdd59158a2238a155cbbfedcca1d6e52435bbdc2cdd78351cc67b60284f89f2e2f97040b430d2be975609396a96e7d42484e70fb22a5455724bc69335db09ce4cc940af29a0d901d9daa43e62484b4d000315e97a04d600c53a17caaf66402a04ce90d28eb2f1c6fa794966c135541e8aaa24af9950e226461e1343bb3554dbe9b1d6db57ac6d1ae50de88085d18affb551ac6db0141297878c5128c78a9839db31cc0ab5dd77951c13a6f0276f019ae05485a41080a4e5a7c5d886fabe01d4fd88bf10ec01bad0236f8bd3340ed03f7658d9709c00a7a7d6ab6a2edf476c05cbaa87470b5486673254b5f17f88f06d8c317e97fb44d431348863587cb1b8b59ad8c4fbede43b5a38d070e2f9bf5501c51efd9fbe7592d47c700bbde453c380bdd9a0232f6581b006fa3c41c88b70ee39e9618ba72319fcf424c247f09b9b871b10600efb34b5658c8d8b6b50d49b963e22943f171111d87db605e70f8a3e0c61a823d167f937bcdf1e650345e1b37da2b2b39817aed927188b76a6c9"}) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mkdir$auto(&(0x7f0000000040)='./cgroup\x00', 0x8001) r1 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r1, 0x7, 0x6}, 0x4, 0x100000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fchdir$auto(r2) mount$auto(0x0, 0x0, 0x0, 0xdef, 0x0) syz_genetlink_get_family_id$auto_netdev(0x0, r1) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(r3, 0x104000000000010e, 0xb, 0x0, 0x400) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_DEBUG_GET(r3, 0x0, 0x24004840) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) clone$auto(0x5, 0x1, 0x0, 0x0, 0x1) sendmsg$auto_ETHTOOL_MSG_WOL_SET(r1, 0x0, 0x4801) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x9, 0x2, 0xb, 0x0) getcwd$auto(0x0, 0xffffffffffffffff) unlinkat$auto(0xffffffffffffffff, 0x0, 0x200) 5.234398063s ago: executing program 1 (id=5520): r0 = socket(0x2, 0x1, 0x106) setsockopt$auto(r0, 0x6, 0xd, &(0x7f00000000c0)='\x83p\x00h\x85M\xdf\xdc\x83\x8a\xa7\xe4z\x06\x00\x01\a\x00\x1e\x00\x00', 0xb) r1 = openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0xc0000, 0x0) mmap$auto(0x0, 0x10000, 0x4000000000db, 0xeb1, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty60\x00', 0x42880, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/graphics/fbcon/rotate\x00', 0x10b842, 0x0) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/tcp_tw_reuse\x00', 0x80400, 0x0) read$auto(r2, 0x0, 0x1ff) write$auto(0x3, 0x0, 0x7) read$auto_tap_fops_tap(r1, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/bus/pci/drivers/pata_sch/new_id\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r4 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r4, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/010/001\x00', 0x20000, 0x0) r5 = semctl$auto_GETPID(0x90000000, 0x6, 0xb, 0x400) r6 = socket(0xa, 0x2, 0x0) setsockopt$auto(r6, 0x29, 0xb, 0x0, 0xca6) r7 = clone$auto(0x7, 0x2, &(0x7f0000000040)=0x5d78ea7a, &(0x7f0000000080)=0x400, 0x4552) setpgid$auto(r5, r7) bind$auto(r3, &(0x7f0000000100)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x62) 5.233821165s ago: executing program 2 (id=5511): mmap$auto(0x2b, 0x2000a, 0xe2, 0x13, 0xffffffffffffffff, 0xffffffffffffffff) syz_clone(0x40100100, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) socket(0x2a, 0x801, 0x4405) r0 = io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x10000000084, 0x18, 0x0, 0x8) openat$auto_nst_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000000), 0x101080, 0x0) lseek$auto(0x3, 0x7fffffffffffffff, 0x1) sysfs$auto(0x2, 0x26, 0x0) fsopen$auto(0x0, 0x1) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000340)="0040e89a57f9752def5516f43100", 0xe) recvmmsg$auto(0xffffffffffffffff, 0x0, 0xfffd, 0x5508, 0x0) init_module$auto(0x0, 0xfffff, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, 0x0, 0x404840, 0x0) madvise$auto(0x0, 0xffffffffffff000d, 0x80000001) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/cx231xx/parameters/radio_nr\x00', 0x202540, 0x0) madvise$auto(0x80000000, 0x8000000000000005, 0x15) madvise$auto(0x0, 0x2000000080000001, 0x3) capset$auto(0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x3, 0x13, 0xfffffffffffffffa, 0x40) fallocate$auto(r0, 0xfffffffd, 0x58f, 0x100000004) 4.974560825s ago: executing program 0 (id=5513): ioctl$auto(0xffffffffffffffff, 0xc0045401, 0xffffffffffffffff) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x400, 0x0) ioctl$auto(0x3, 0x541b, 0x38) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/audit\x00', 0x200, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D3\x00', 0x1, 0x0) prctl$auto(0x3e, 0x5, 0x0, 0x4, 0xffffffffffffffff) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x0, 0x1000000004, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) ioctl$auto(r2, 0x545c, 0xffffffffffffffff) ioctl$auto_TIOCMSET2(r2, 0x5418, &(0x7f0000000200)="ea8e") ioctl$auto_SNDRV_TIMER_IOCTL_PAUSE(0xffffffffffffffff, 0x54a3, 0x0) close_range$auto(r1, r1, 0x2) syz_clone3(&(0x7f0000000100)={0x80a08680, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/all_slaves_active\x00', 0xb02, 0x0) sendfile$auto(r3, r3, 0x0, 0x3) add_key$auto(&(0x7f0000000040)='/sys/kernel/security/integrity/ima/binary_runtime_measurements_sha1\x00', &(0x7f00000000c0)='\x00\x80_\x93gX\x90\x8cA;O0\x03\xcab\xa6\x8bU/t\xc5', &(0x7f0000000100)="6e91ffffee06c60775a57c153cb4c6d333417379f2ab78069208e5c611d57232c0d830a404f4f8fcefd2d79160ffb14fc91453561a2b3b621bd4053ad3e13a35bd664743711d5572cee17a86bf0fa90c22e21db4ecd9a9a64cf13f2430b6df6be19ec25158bbfb861e084c89a083596c5cb103bf9caad2b905c1d6a846d05166ff4cc78c1589ccc8d742d33bfab326a3653444a8959624d48634d5bda234297678e387ea013942a1de597f73174b69bc6832a25144b4e288ecfa380150bffd883ddd1225994002de1d066781e0a7501e71fedc8cded59775d1e7804488e1f5d6dd27bf", 0xfffffffffffffff7, 0xfffffff7) 4.734974483s ago: executing program 1 (id=5514): socket(0x2d, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x109001, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) fanotify_init$auto(0x200, 0x2010000000000) openat$auto_proc_pid_set_timerslack_ns_operations_base(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/time\x00') socket(0x2, 0xa, 0x106) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) io_uring_setup$auto(0x85, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0xa) socket(0x25, 0x1, 0x3) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmsg$auto_WG_CMD_GET_DEVICE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x400c810}, 0x200448c0) r1 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x10b040, 0x0) bpf$auto(0xfffff011, &(0x7f0000000000)=@test={r1, 0x4, 0xf9c, 0x468, 0x9, 0x3, 0x4, 0x2, 0x4, 0x200, 0x1fd, 0xb6, 0x4, 0x6, 0x3}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) 4.499740012s ago: executing program 0 (id=5515): r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(r0, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) shmctl$auto(0xa0000000, 0x6, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) execve$auto(0x0, 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/zram0/mem_limit\x00', 0x183841, 0x0) pwrite64$auto(r1, &(0x7f0000000280)='Mdev/loop-control\x00', 0x80000000, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x5, 0x14, 0x944, 0x1ffe0, 0x3, 0x6, 0x7, 0x9, 0x400005, 0x4000fff, 0x8000007, 0x8001, 0x2, 0x5, 0x3, 0x40, 0x7, 0x21, 0x309, 0x6, 0x0, 0x0, 0x200000, 0x0, 0x0, 0xffffffff, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10]}, 0x1fe, 0x81) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r2 = socket(0x10, 0x2, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_BLKTRACESETUP32(r3, 0xc0401273, 0x0) sendmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x1f00, &(0x7f0000000100)={0x0, 0xfdef}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r4 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x109002, 0x0) sendfile$auto(r4, r4, 0x0, 0x10000800000003) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 4.376897614s ago: executing program 2 (id=5517): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x7, 0x1ff, 0x7, 0x42, 0xfff, 0x1ffdf, 0x7, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x80, 0x100000000, 0x0, 0x7, 0x2100, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'vlan1\x00', 0x0}) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r2}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}, @NETDEV_A_DMABUF_QUEUES={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020005, 0x2, 0x110, r0, 0x7fff) r4 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x93c, 0x1ffdc, 0x7, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r5 = socket(0x2b, 0x1, 0x1) ioctl$auto(r5, 0x8901, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) 4.332854637s ago: executing program 4 (id=5518): r0 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dri/card0\x00', 0x20100, 0x0) ioctl$auto(r0, 0x64c5, r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000002c00)='/dev/cec18\x00', 0x900, 0x0) ioctl$auto_CEC_DQEVENT(r1, 0xc0506107, &(0x7f0000000280)={0x4, 0x80003, 0xa, @state_change={0x200, 0x9, 0x3}}) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80502, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, &(0x7f0000000180)="adfde4867180163e6cbef783718e40a50bc2f7e69b8fcc92bde08fc48cf64e8a54d2486a00bc52a6dee1bf860ec85c352ddf0e25b52152fec6e95de340692229418d661df4854346c11ef0f3464e7ecec51b42fe75356fe54aead9ddc7a34d352672eb46ae90194d4777c466561c8bcb982a00593e28e90361f5ba9dc7790909c9e30defba391ddffc7ecb9103471508369c8ec4bdbf2817748a6bf1fc520bfa20b857715ff1a928") openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC1\x00', 0x20402, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x0, 0x9, 0xeb1, 0xffffffffffffffff, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socketpair$auto(0x4, 0x2, 0x10, &(0x7f0000000040)=0x7) r4 = socket(0xa, 0x80000, 0x4) ioctl$auto(r2, 0x8e06, r4) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x6, 0x1, 0x948b, 0x3, 0x1, 0x572f14dc, 0x80000000, 0x80000000, 0x0, 0x7, 0x6d3c, 0x7, 0x2, 0x1]}, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x3, 0xd, 0x1, 0x948b, 0x0, 0x15f4da0a, 0x41000000003, 0x9, 0x62, 0x8000001b, 0x7, 0x6d3e, 0x9, 0x2, 0x200]}, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) capset$auto(0x0, &(0x7f0000000000)={0xb213, 0x101, 0x6}) socket(0x27, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.960556353s ago: executing program 2 (id=5519): bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0xfff, 0x5, 0x10, 0x0) ioprio_set$auto(0x3, 0x0, 0x4b34) socket(0x15, 0x5, 0x0) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) mmap$auto(0x8000000000, 0xc3a, 0xe2, 0x9b72, 0x7, 0x1000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x5, 0x2) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) prctl$auto(0x43, 0x17, 0x0, 0x0, 0x0) flock$auto(0x6, 0x1) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x59, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x1c9002, 0x0) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x8001, 0x2) shmget$auto(0xa, 0x10563, 0x568d1af2) 2.109941691s ago: executing program 4 (id=5521): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x1, 0x100) r2 = eventfd2$auto(0x6af3, 0x800) r3 = socket(0x1e, 0x1, 0x0) bpf$auto_BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000280)=@link_update={r3, @new_map_fd=r0, 0x3, @old_prog_fd=r1}, 0x1) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) pipe2$auto(&(0x7f0000000040)=r2, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/024/001\x00', 0x2901, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000200)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x3, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x7440, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r4, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x100000001f9, 0x8, 0xd, 0x1, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x7, 0x62, 0x8000001f, 0x7, 0x6d3e, 0x10008000009, 0x2, 0x6]}, 0x0) r5 = openat$auto_debug_help_fops_orangefs_debugfs(0xffffffffffffff9c, &(0x7f00000032c0), 0x1000, 0x0) preadv$auto(r5, &(0x7f0000003340)={&(0x7f0000003300), 0x40}, 0x9, 0x5, 0x100000001) ioperm$auto(0x7, 0x6, 0x1) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000000), 0x500, 0x0) unshare$auto(0x40000080) openat$dir(0xffffffffffffff9c, &(0x7f00000004c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)\x00', 0x40140, 0x12d) rename$auto(&(0x7f00000003c0)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)', &(0x7f0000000000)=':-.\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/system/clocksource/clocksource0/current_clocksource\x00', 0x8502, 0x0) bpf$auto(0x0, &(0x7f0000000580)=@task_fd_query={0x7, 0x4, 0x200, 0x1001, 0x0, 0xf, 0xffffffffffffffff, 0x1400000, 0x5}, 0x6f4) openat$dir(0xffffffffffffff9c, &(0x7f0000000640)='v#\xd5\xaf>=\x14\xe6%\xf7\x8a\x8d\x9a\xae\x1a\xd6\xa8\xb8\x1d\xf5(\xb0\x1f\xbd\xcbV\n\"\xe3V\xfeP\xceN\xb2\xc32\xaf\xcc\x80\xfa\xf0\xd4\xd9|\xfe\x03y\xd16\x17\x99R\xca\xe5\xf4\xb4T\xfcv\xfc\xe6\x9cv\a\x00\xc2a\x16\xd1\x8a\x80\x90\x87\xa5s\x10\xed\x93\xd4\x15=\xc0\x1f\x0e\xb0\x18v}\x03!\xf0I\xe3}\x90\x9b\x92[\xfe2<7\xd3\x81\x9a~\xcd\r\x19\x9e\x10(5\xfd\x8b\x82\xd4\xc85\xc3\x93t\t\xd0\x9d\xca^n\xf3\xcb>\x1bO\xcej\xe0\xef\xf2\xd7\xc2}\x18\xd9`AO\x95<\x9aH\vu\xae\xd4\xea\x12\xb8\xd1\n\x01\x83r\x85\xbf*\x18\xa7 S:R\x14\x89Z3\x94\x8bP)\x00', 0x14000, 0x4) 2.108998545s ago: executing program 0 (id=5529): r0 = openat$auto_drm_edid_fops_drm_debugfs(0xffffffffffffff9c, 0x0, 0x2082, 0x0) write$auto_drm_edid_fops_drm_debugfs(r0, &(0x7f0000000580)="b7a53caf1b305860206af11a0ec35e7e5c46caffe279de8e9945d6e37dfaf9", 0x1f) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000003040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) bpf$auto(0x2c34, &(0x7f00000000c0)=@raw_tracepoint={0x4, r1, 0x0, 0x7c}, 0x7f) prctl$auto(0x801, 0x1, 0x0, 0x3, 0xfffffffffffffffb) syz_genetlink_get_family_id$auto_netdev(0x0, 0xffffffffffffffff) socket(0x22, 0x2, 0x2) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) mmap$auto(0x0, 0x400008, 0x7, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x5, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x6, 0x0, 0x0, 0x0) read$auto(r2, 0x0, 0xe8) writev$auto(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x7}, 0x3) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0xa, 0x1) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/netstat\x00', 0x1, 0x0) unshare$auto(0x40000080) 2.108405192s ago: executing program 1 (id=5522): r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x752502, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x309502, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r2 = io_uring_setup$auto(0x4, 0x0) close_range$auto(0x2, r2, 0x0) arch_prctl$auto_ARCH_MAP_VDSO_32(0x2002, 0x3) mmap$auto(0x0, 0x7000000000, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x0, 0x0) shutdown$auto(0x200000003, 0x2) read$auto_proc_iter_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) r3 = ioctl$auto_XFS_IOC_OPEN_BY_HANDLE(r2, 0xc038586b, &(0x7f0000000200)={r1, &(0x7f0000000040)="be1378eb", 0x9, &(0x7f0000000080)="ab7e96136cf4b117f316ed6c0a2f0fa4e0b5f6ed893b713880bad3fae169efd0", 0x8, &(0x7f0000000180)="dd1f12de7dbb1f59002cc76a2518", &(0x7f00000001c0)=0x1}) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) sendmsg$auto_NL80211_CMD_TDLS_OPER(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x4000}, 0x4004001) socket(0x2, 0x80002, 0x73) openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) ioctl$auto(0x3, 0x5412, r0) 2.108304342s ago: executing program 2 (id=5523): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) socket(0x1d, 0x80003, 0x6c4) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x1000000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffffff, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0xd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_configfs_file_operations_configfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0x189002, 0x0) write$auto_configfs_file_operations_configfs_internal(r1, 0x0, 0x0) read$auto(r1, &(0x7f0000000000)='/sys/kernel/config/target/core/alua/lu_gps/default_lu_gp/lu_gp_id\x00', 0xe1500000000) getsockopt$auto(r0, 0x200000000001, 0x19, 0x0, 0x0) mq_open$auto(&(0x7f0000000000)='nlctrl\x00', 0x80, 0x8001, &(0x7f0000000040)={0x4, 0x1, 0x4c3, 0x28}) setsockopt$auto_SO_OOBINLINE(0xffffffffffffffff, 0x3, 0xa, 0x0, 0x2) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0x29, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 1.023199542s ago: executing program 2 (id=5524): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x802, 0x0) ioctl$auto_USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000240)={0x23, 0x3, 0x18, 0x10, 0x808, 0x7fb, &(0x7f0000000340)="2e87ae255faea9bca16821e73660a43c98f81f056a20818dde63d3c3436ada5521c127417b70c848d2f0b41c9954b52c56fd29b722f89cb8e96cfabaead96bc484c33f7fb2b8e8aeaeeb962fd2017e70de4a4892c560daf3d83461a5c527c6ca6471a2d3bb0714224c0002a6ed62432b4a635d9cb072fba6cc4049f67aced3906e0af971d833a8a1d53e32a133a5b4c89ec915deff549042f4d94e13d7855e68b736ec90d98b3cc7629a"}) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/thread-self/net/rpc/nfs4.nametoid/channel\x00', 0x8f3b7a51b8162d21, 0x0) mq_open$auto(&(0x7f0000000000)='.\xf1e4\xdf\x16\x95kxE\xd9x\x15\xb0\xf6V\x93\xb4E\x06\xc5}l', 0x400056a, 0x9, 0x0) ftruncate$auto(0x3, 0x700) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000040)="5cedd9d1027e0dc0023af10e9bfa1babfa3a3753ca9aee370a", 0x19) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/pts/ptmx\x00', 0x20540, 0x0) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x407, 0xd3e, 0x1, 0x948b, 0x3, 0x95f4da0a, 0x10001, 0x3, 0x62, 0x80000001, 0x7, 0x6d3b, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) write$auto(r2, 0x0, 0x100000a3d9) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) unshare$auto(0x40000080) unshare$auto(0xc) 1.022606932s ago: executing program 0 (id=5533): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000080)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccW\x1c\x94t\x98\xc6\xd7\x9dh\xdf\x91\xd9\x1ew\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5,\xcc\xfa`\xfa\x90\xf0C\xdc\xbebBW\x8a\x95\xf4\x14\xc7\x90V\xe7a\xfb*\xcc6\xba\x9ef\x19R\xff\xd2\xd8\x98\xa8\x17\xcb\x84\xe8\xfb\x00`\xc2\xce~U\xca\\\xc1\xb7\xf1\n\xb9\xbfk\x1e\xdb\xed\x81{\x1f\x18j\x16\rk\x0eO\xe3\xa78&Z\x9e\xbf\x84\xd6\x1f\xe8\x88\x1f\xbc\x1eT\xa6{9hb\xbc\x1a\\\xb3\x846&\x1a\xbb\x9c:e\x9c\x18\x11\xf0\x8eQ\xd8\x8a3^?\x13\x00\xcbx\xb2\x18e\x95$\x9d\x804', 0x100000a3d9) r1 = openat$auto_iommufd_fops_main(0xffffffffffffff9c, &(0x7f0000000400), 0x8000, 0x0) ioctl$auto(r1, 0x3b84, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400108, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x1000000000000004, 0x9, 0x91, 0xffffffffffffffff, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) prctl$auto(0x801, 0x1, 0x0, 0x3, 0xfffffffffffffffb) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x9, &(0x7f0000000100)={0x694f, 0x4, 0x2, 0x80, 0xbf, 0x1, r2, [0x81, 0x1, 0x1], {0xffffffff, 0xb627, 0x1, 0x8, 0x0, 0x1, 0x1, 0xfffffff7, 0xa}, {0x8, 0x9f33, 0xb27, 0x3, 0x9, 0x9, 0xabd, 0x3, 0x9}}) 496.088569ms ago: executing program 4 (id=5525): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) eventfd$auto(0x1) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000100)='\x01\x00\xa8a\xe0a\x1cJ4\x00\xaaN\xc8\xf9\x12\xeb\x00\xab`{U\x04\x12\xb0\x96\x82\x1f\x16\x11_\x97\x0e\x06\xa7Y}`@\x1b\x00\x00\x00\x00\x00\x00\x00\x00\xd22z\x14z\xbf\xf94\x92mP\x87[\xa4p\x93\xd4\xe3\xe8Vhpy\xf6\xce\xbb\x8c\xb2\xc9>\xd9Y\x8d\xbe\x90\xbcu*\xc8\xdc\x0e]\x01\xd1\x9e\x0f\x05_\xfc\xb8\xeb\xd9\xb7\xa4\a\xae\xa5I\f7\x17\x91L}m\xea\r+\xecy\xe1\xe0D\x824\xfc[+\x0f\xe0\x11\xe8\x83\xc4\"\xcc&z\x8c@pC\xb2\xf6k\x14~iA?\x90Pnj\x82\xea\xf0\xfa\xe8\xe1\x81Q6\x11\xe4T\xd5\xf0\xb1\xc65tr\x8b\x83^\xa17uX 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 729.770786][T17436] RSP: 002b:00007fa45d513038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 729.770816][T17436] RAX: ffffffffffffffda RBX: 00007fa45c9b5fa0 RCX: 00007fa45c78e9a9 [ 729.770834][T17436] RDX: 0000000000000009 RSI: 0000000000000006 RDI: 0000000000000000 [ 729.770850][T17436] RBP: 00007fa45c810d69 R08: 0000000000000000 R09: 0000000000000006 [ 729.770866][T17436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 729.770882][T17436] R13: 0000000000000000 R14: 00007fa45c9b5fa0 R15: 00007ffdbae107e8 [ 729.770917][T17436] [ 730.523772][T17452] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3487'.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 [ 792.999870][T18526] [U] [ 793.002800][T18526] [U] [ 793.005527][T18526] [U] [ 793.008258][T18526] [U] [ 793.038333][T18526] [U] [ 793.041087][T18526] [U] [ 793.043780][T18526] [U] [ 793.046479][T18526] [U] [ 793.063982][T18526] [U] [ 793.066748][T18526] [U] [ 793.069475][T18526] [U] [ 793.072206][T18526] [U] [ 793.077683][T18526] [U] [ 793.080434][T18526] [U] [ 793.083227][T18526] [U] [ 793.085986][T18526] [U] [ 793.089005][T18526] [U] [ 793.091737][T18526] [U] [ 793.094474][T18526] [U] [ 793.097212][T18526] [U] [ 793.100209][T18526] [U] [ 793.102945][T18526] [U] [ 793.105667][T18526] [U] [ 793.108476][T18526] [U] [ 793.111448][T18526] [U] [ 793.114189][T18526] [U] [ 793.116908][T18526] [U] [ 793.119622][T18526] [U] [ 793.122648][T18526] [U] [ 793.125383][T18526] [U] [ 793.128104][T18526] [U] [ 793.130827][T18526] [U] [ 793.133995][T18526] [U] [ 793.136732][T18526] [U] [ 793.139542][T18526] [U] [ 793.142265][T18526] [U] [ 793.145230][T18526] [U] [ 793.147920][T18526] [U] [ 793.150597][T18526] [U] [ 793.153280][T18526] [U] [ 793.173578][T18526] [U] [ 793.176341][T18526] [U] [ 793.179068][T18526] [U] [ 793.181794][T18526] [U] [ 793.200762][T18526] [U] [ 793.203527][T18526] [U] [ 793.206275][T18526] [U] [ 793.209006][T18526] [U] [ 793.232725][T18526] [U] [ 793.235494][T18526] [U] [ 793.238229][T18526] [U] [ 793.240967][T18526] [U] [ 793.260404][T18526] [U] [ 793.263180][T18526] [U] [ 793.265924][T18526] [U] [ 793.268606][T18526] [U] syzkaller syzkaller login: [ 793.302778][T18526] [U] [ 793.305522][T18526] [U] [ 793.308208][T18526] [U] [ 793.310892][T18526] [U] [ 793.323995][T18526] [U] [ 793.326717][T18526] [U] [ 793.329416][T18526] [U] [ 793.332146][T18526] [U] [ 793.361091][T18526] [U] [ 793.363859][T18526] [U] [ 793.366589][T18526] [U] [ 793.369315][T18526] [U] [ 793.404661][T18526] [U] [ 793.407431][T18526] [U] [ 793.410157][T18526] [U] [ 793.412970][T18526] [U] [ 793.424014][T18526] [U] [ 793.426773][T18526] [U] [ 793.429497][T18526] [U] [ 793.432298][T18526] [U] [ 793.467937][T18526] [U] [ 793.470705][T18526] [U] [ 793.473433][T18526] [U] [ 793.476167][T18526] [U] [ 793.530501][T18526] [U] [ 793.533237][T18526] [U] [ 793.535922][T18526] [U] [ 793.538597][T18526] [U] [ 793.593119][T18526] [U] [ 793.595899][T18526] [U] [ 793.598583][T18526] [U] [ 793.601263][T18526] [U] [ 793.678804][T18526] [U] [ 793.681576][T18526] [U] [ 793.684299][T18526] [U] [ 793.687018][T18526] [U] [ 793.691085][T18526] [U] [ 793.693826][T18526] [U] [ 793.696552][T18526] [U] [ 793.699277][T18526] [U] [ 793.702790][T18526] [U] [ 796.073946][T18578] FAULT_INJECTION: forcing a failure. [ 796.073946][T18578] name fail_futex, interval 1, probability 0, space 0, times 0 [ 796.175591][T18578] CPU: 1 UID: 0 PID: 18578 Comm: syz.2.3748 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 796.175635][T18578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 796.175651][T18578] Call Trace: [ 796.175661][T18578] [ 796.175672][T18578] dump_stack_lvl+0x16c/0x1f0 [ 796.175707][T18578] should_fail_ex+0x512/0x640 [ 796.175742][T18578] get_futex_key+0x1d0/0x1540 [ 796.175779][T18578] ? __pfx_get_futex_key+0x10/0x10 [ 796.175824][T18578] futex_wake+0xe7/0x4e0 [ 796.175864][T18578] ? __pfx_futex_wake+0x10/0x10 [ 796.175904][T18578] ? kmem_cache_free+0x2d1/0x4d0 [ 796.175929][T18578] ? fd_install+0x225/0x750 [ 796.175964][T18578] ? putname+0x154/0x1a0 [ 796.176009][T18578] do_futex+0x1e3/0x350 [ 796.176041][T18578] ? __pfx_do_futex+0x10/0x10 [ 796.176087][T18578] __x64_sys_futex+0x1e0/0x4c0 [ 796.176121][T18578] ? __x64_sys_openat+0x174/0x210 [ 796.176155][T18578] ? __pfx___x64_sys_futex+0x10/0x10 [ 796.176202][T18578] do_syscall_64+0xcd/0x490 [ 796.176232][T18578] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.176259][T18578] RIP: 0033:0x7fa45c78e9a9 [ 796.176281][T18578] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.176306][T18578] RSP: 002b:00007fa45d5130e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 796.176331][T18578] RAX: ffffffffffffffda RBX: 00007fa45c9b5fa8 RCX: 00007fa45c78e9a9 [ 796.176350][T18578] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fa45c9b5fac [ 796.176367][T18578] RBP: 00007fa45c9b5fa0 R08: 00007fa45d514000 R09: 0000000000000000 [ 796.176382][T18578] R10: 0000000000000009 R11: 0000000000000246 R12: 00007fa45c9b5fac [ 796.176397][T18578] R13: 0000000000000000 R14: 00007ffdbae10700 R15: 00007ffdbae107e8 [ 796.176429][T18578] [ 796.659173][T18588] warn_alloc: 1 callbacks suppressed [ 796.659186][T18588] syz.2.3750: vmalloc error: size 4096, failed to allocate pages, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 796.702576][T18588] CPU: 1 UID: 0 PID: 18588 Comm: syz.2.3750 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 796.702614][T18588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 796.702631][T18588] Call Trace: [ 796.702641][T18588] [ 796.702652][T18588] dump_stack_lvl+0x16c/0x1f0 [ 796.702685][T18588] warn_alloc+0x248/0x3a0 [ 796.702716][T18588] ? __pfx_warn_alloc+0x10/0x10 [ 796.702745][T18588] ? alloc_pages_mpol+0x25a/0x550 [ 796.702779][T18588] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 796.702825][T18588] __vmalloc_node_range_noprof+0x11d4/0x14b0 [ 796.702876][T18588] ? kernel_clone+0xfc/0x960 [ 796.702917][T18588] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 796.702975][T18588] ? kernel_clone+0xfc/0x960 [ 796.703006][T18588] __vmalloc_node_noprof+0xad/0xf0 [ 796.703043][T18588] ? kernel_clone+0xfc/0x960 [ 796.703078][T18588] copy_process+0x2c70/0x7650 [ 796.703109][T18588] ? __pfx___futex_wait+0x10/0x10 [ 796.703158][T18588] ? __pfx_copy_process+0x10/0x10 [ 796.703190][T18588] ? kfree+0x24f/0x4d0 [ 796.703230][T18588] ? __futex_hash.constprop.0+0x1e9/0x440 [ 796.703266][T18588] kernel_clone+0xfc/0x960 [ 796.703297][T18588] ? __pfx_kernel_clone+0x10/0x10 [ 796.703353][T18588] __do_sys_clone+0xce/0x120 [ 796.703385][T18588] ? __pfx___do_sys_clone+0x10/0x10 [ 796.703428][T18588] ? xfd_validate_state+0x61/0x180 [ 796.703456][T18588] ? __pfx_do_writev+0x10/0x10 [ 796.703498][T18588] do_syscall_64+0xcd/0x490 [ 796.703524][T18588] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 796.703548][T18588] RIP: 0033:0x7fa45c78e9a9 [ 796.703569][T18588] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 796.703592][T18588] RSP: 002b:00007fa45a5f5fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 796.703615][T18588] RAX: ffffffffffffffda RBX: 00007fa45c9b6080 RCX: 00007fa45c78e9a9 [ 796.703631][T18588] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000100000 [ 796.703645][T18588] RBP: 00007fa45c810d69 R08: 0000000000000000 R09: 0000000000000000 [ 796.703659][T18588] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000 [ 796.703673][T18588] R13: 0000000000000000 R14: 00007fa45c9b6080 R15: 00007ffdbae107e8 [ 796.703703][T18588] [ 796.703738][T18588] Mem-Info: [ 796.964465][T18588] active_anon:15816 inactive_anon:51334 isolated_anon:0 [ 796.964465][T18588] active_file:21399 inactive_file:38423 isolated_file:0 [ 796.964465][T18588] unevictable:768 dirty:791 writeback:0 [ 796.964465][T18588] slab_reclaimable:11331 slab_unreclaimable:96004 [ 796.964465][T18588] mapped:34054 shmem:51011 pagetables:1487 [ 796.964465][T18588] sec_pagetables:0 bounce:0 [ 796.964465][T18588] kernel_misc_reclaimable:0 [ 796.964465][T18588] free:1248808 free_pcp:18426 free_cma:0 [ 797.044625][T18588] Node 0 active_anon:63264kB inactive_anon:208636kB active_file:85596kB inactive_file:153556kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:129116kB dirty:3160kB writeback:0kB shmem:202608kB shmem_thp:4096kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:11248kB pagetables:5916kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 797.109320][T18588] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:132kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 797.226735][T18588] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 797.428800][T18588] lowmem_reserve[]: 0 2480 2482 2482 2482 [ 797.445023][T18588] Node 0 DMA32 free:1066544kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44232kB inactive_anon:200100kB active_file:89640kB inactive_file:148184kB unevictable:1536kB writepending:3160kB present:3129332kB managed:2540444kB mlocked:0kB bounce:0kB free_pcp:91352kB local_pcp:36724kB free_cma:0kB [ 797.509822][T18588] lowmem_reserve[]: 0 0 1 1 1 [ 797.514666][T18588] Node 0 Normal free:4kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:1256kB inactive_file:72kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:12kB free_cma:0kB [ 797.549783][T18588] lowmem_reserve[]: 0 0 0 0 0 [ 797.641217][T18588] Node 1 Normal free:3910576kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:10560kB local_pcp:7468kB free_cma:0kB [ 797.750511][T18588] lowmem_reserve[]: 0 0 0 0 0 [ 797.755374][T18588] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 797.881449][T18588] Node 0 DMA32: 250*4kB (UM) 912*8kB (UM) 639*16kB (UME) 197*32kB (UE) 219*64kB (UM) 339*128kB (UME) 317*256kB (UM) 175*512kB (UM) 58*1024kB (UME) 8*2048kB (UME) 180*4096kB (UM) = 1066040kB [ 797.987257][T18588] Node 0 Normal: 1*4kB (M) 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 4kB [ 798.057946][T18588] Node 1 Normal: 63*4kB (UE) 52*8kB (UE) 32*16kB (UME) 225*32kB (UE) 101*64kB (UE) 35*128kB (UE) 10*256kB (U) 7*512kB (UE) 2*1024kB (ME) 2*2048kB (UE) 947*4096kB (M) = 3910524kB [ 798.092743][T18588] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 798.181503][T18588] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 798.192646][T18588] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 798.214658][T18588] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 798.229105][T18588] 103912 total pagecache pages [ 798.233962][T18588] 1 pages in swap cache [ 798.238927][T18588] Free swap = 120264kB [ 798.243246][T18588] Total swap = 124996kB [ 798.247600][T18588] 2097051 pages RAM [ 798.251552][T18588] 0 pages HighMem/MovableOnly [ 798.256443][T18588] 429962 pages reserved [ 798.261071][T18588] 0 pages cma reserved [ 799.676462][T18617] kexec: Could not allocate control_code_buffer [ 801.236287][T18654] FAULT_INJECTION: forcing a failure. [ 801.236287][T18654] name failslab, interval 1, probability 0, space 0, times 0 [ 801.259297][T18654] CPU: 0 UID: 0 PID: 18654 Comm: syz.2.3765 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 801.259335][T18654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 801.259352][T18654] Call Trace: [ 801.259362][T18654] [ 801.259372][T18654] dump_stack_lvl+0x16c/0x1f0 [ 801.259404][T18654] should_fail_ex+0x512/0x640 [ 801.259432][T18654] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 801.259465][T18654] should_failslab+0xc2/0x120 [ 801.259496][T18654] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 801.259523][T18654] ? __pfx___might_resched+0x10/0x10 [ 801.259551][T18654] ? __anon_vma_prepare+0xae/0x5e0 [ 801.259584][T18654] __anon_vma_prepare+0xae/0x5e0 [ 801.259608][T18654] ? __pfx___pte_alloc+0x10/0x10 [ 801.259650][T18654] __vmf_anon_prepare+0x11c/0x240 [ 801.259687][T18654] __handle_mm_fault+0x27f6/0x5490 [ 801.259737][T18654] ? __pfx___handle_mm_fault+0x10/0x10 [ 801.259808][T18654] handle_mm_fault+0x589/0xd10 [ 801.259854][T18654] __get_user_pages+0x589/0x3b80 [ 801.259899][T18654] ? __pfx_mt_find+0x10/0x10 [ 801.259929][T18654] ? __pfx___get_user_pages+0x10/0x10 [ 801.259977][T18654] populate_vma_page_range+0x278/0x3a0 [ 801.260015][T18654] ? __pfx_populate_vma_page_range+0x10/0x10 [ 801.260051][T18654] ? __pfx_find_vma_intersection+0x10/0x10 [ 801.260088][T18654] ? do_mmap+0x69c/0x1210 [ 801.260125][T18654] __mm_populate+0x1d8/0x380 [ 801.260162][T18654] ? __pfx___mm_populate+0x10/0x10 [ 801.260198][T18654] ? up_write+0x1b2/0x520 [ 801.260239][T18654] vm_mmap_pgoff+0x362/0x450 [ 801.260277][T18654] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 801.260317][T18654] ? __x64_sys_futex+0x1e0/0x4c0 [ 801.260348][T18654] ? __x64_sys_futex+0x1e9/0x4c0 [ 801.260383][T18654] ksys_mmap_pgoff+0x7d/0x5c0 [ 801.260415][T18654] ? xfd_validate_state+0x61/0x180 [ 801.260448][T18654] ? __pfx_do_writev+0x10/0x10 [ 801.260490][T18654] __x64_sys_mmap+0x125/0x190 [ 801.260530][T18654] do_syscall_64+0xcd/0x490 [ 801.260560][T18654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 801.260588][T18654] RIP: 0033:0x7fa45c78e9a9 [ 801.260610][T18654] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 801.260654][T18654] RSP: 002b:00007fa45d513038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 801.260680][T18654] RAX: ffffffffffffffda RBX: 00007fa45c9b5fa0 RCX: 00007fa45c78e9a9 [ 801.260699][T18654] RDX: 00000000000000df RSI: 0000000000400008 RDI: 0000000000000000 [ 801.260716][T18654] RBP: 00007fa45c810d69 R08: 0000000000000002 R09: 0000000000008000 [ 801.260732][T18654] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 801.260749][T18654] R13: 0000000000000000 R14: 00007fa45c9b5fa0 R15: 00007ffdbae107e8 [ 801.260786][T18654] [ 802.931677][T18672] random: crng reseeded on system resumption [ 803.143933][T18677] Unrecognized hibernate image header format! [ 803.173931][T18677] PM: hibernation: Image mismatch: architecture specific data [ 805.977932][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 805.984421][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 807.195487][T18728] ERROR: Out of memory at tomoyo_memory_ok. [ 809.026960][T18757] Falling back ldisc for pty66. [ 812.565069][T18821] ERROR: Out of memory at tomoyo_memory_ok. [ 812.727185][T18825] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3813'. [ 813.403636][T18842] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3818'. [ 813.417019][T18842] netlink: 354 bytes leftover after parsing attributes in process `syz.1.3818'. [ 814.936072][T18862] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3830'. [ 814.966602][T18864] random: crng reseeded on system resumption [ 815.255662][T18864] Unrecognized hibernate image header format! [ 815.261907][T18864] PM: hibernation: Image mismatch: architecture specific data [ 816.037578][T18870] netlink: 206 bytes leftover after parsing attributes in process `syz.0.3832'. [ 816.193593][T18877] ptrace attach of "./syz-executor exec"[5849] was attempted by ""[18877] [ 818.580992][T18914] binder: 18911:18914 ioctl 5380 2000000000c0 returned -22 [ 818.645293][T18914] sd 0:0:1:0: PR command failed: 1026 [ 818.659233][T18914] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 818.796393][T18914] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 820.623322][T18927] ALSA: mixer_oss: invalid OSS volume '' [ 821.432793][T18943] kvm_intel: kvm [18940]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0x1d9) = 0x1 [ 821.793511][T18955] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3847'. [ 822.752421][T18971] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input33 [ 822.819270][T18971] program syz.4.3848 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 823.619797][T18989] netlink: 326 bytes leftover after parsing attributes in process `syz.2.3855'. [ 824.502547][T18996] ubi0: attaching mtd0 [ 824.514052][T18996] ubi0: scanning is finished [ 824.525929][T18996] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 825.109257][T18996] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 825.537436][T19023] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3863'. [ 827.364094][ T5853] Bluetooth: hci4: unexpected event 0x09 length: 4 > 3 [ 828.409843][T19030] kexec: Could not allocate control_code_buffer [ 828.855412][ T5853] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 828.865772][ T5853] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 828.877070][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u9:2 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 828.877106][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 828.877125][ T5853] Workqueue: hci4 hci_rx_work [ 828.877156][ T5853] Call Trace: [ 828.877165][ T5853] [ 828.877176][ T5853] dump_stack_lvl+0x16c/0x1f0 [ 828.877205][ T5853] sysfs_warn_dup+0x7f/0xa0 [ 828.877244][ T5853] sysfs_create_dir_ns+0x24b/0x2b0 [ 828.877282][ T5853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 828.877318][ T5853] ? find_held_lock+0x2b/0x80 [ 828.877351][ T5853] ? do_raw_spin_unlock+0x172/0x230 [ 828.877392][ T5853] kobject_add_internal+0x2c4/0x9b0 [ 828.877427][ T5853] kobject_add+0x16e/0x240 [ 828.877457][ T5853] ? __pfx_kobject_add+0x10/0x10 [ 828.877488][ T5853] ? do_raw_spin_unlock+0x172/0x230 [ 828.877528][ T5853] ? kobject_put+0xab/0x5a0 [ 828.877597][ T5853] device_add+0x288/0x1a70 [ 828.877635][ T5853] ? __pfx_dev_set_name+0x10/0x10 [ 828.877673][ T5853] ? __pfx_device_add+0x10/0x10 [ 828.877706][ T5853] ? mgmt_send_event_skb+0x2fb/0x460 [ 828.877745][ T5853] hci_conn_add_sysfs+0x17e/0x230 [ 828.877777][ T5853] le_conn_complete_evt+0x1075/0x1d70 [ 828.877827][ T5853] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 828.877865][ T5853] ? bt_warn+0xe4/0x120 [ 828.877900][ T5853] ? __pfx_bt_warn+0x10/0x10 [ 828.877946][ T5853] hci_le_conn_complete_evt+0x23c/0x370 [ 828.877996][ T5853] hci_le_meta_evt+0x357/0x5e0 [ 828.878029][ T5853] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 828.878077][ T5853] hci_event_packet+0x682/0x11c0 [ 828.878106][ T5853] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 828.878138][ T5853] ? __pfx_hci_event_packet+0x10/0x10 [ 828.878169][ T5853] ? kcov_remote_start+0x3c9/0x6d0 [ 828.878205][ T5853] ? lockdep_hardirqs_on+0x7c/0x110 [ 828.878242][ T5853] hci_rx_work+0x2c5/0x16b0 [ 828.878273][ T5853] ? rcu_is_watching+0x12/0xc0 [ 828.878307][ T5853] process_one_work+0x9cc/0x1b70 [ 828.878362][ T5853] ? __pfx_process_one_work+0x10/0x10 [ 828.878413][ T5853] ? assign_work+0x1a0/0x250 [ 828.878453][ T5853] worker_thread+0x6c8/0xf10 [ 828.878509][ T5853] ? __pfx_worker_thread+0x10/0x10 [ 828.878546][ T5853] kthread+0x3c5/0x780 [ 828.878593][ T5853] ? __pfx_kthread+0x10/0x10 [ 828.878633][ T5853] ? rcu_is_watching+0x12/0xc0 [ 828.878662][ T5853] ? __pfx_kthread+0x10/0x10 [ 828.878700][ T5853] ret_from_fork+0x5d4/0x6f0 [ 828.878733][ T5853] ? __pfx_kthread+0x10/0x10 [ 828.878770][ T5853] ret_from_fork_asm+0x1a/0x30 [ 828.878817][ T5853] [ 828.878877][ T5853] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 829.139451][ T5853] Bluetooth: hci4: failed to register connection device [ 832.279545][T19114] binder: BINDER_SET_CONTEXT_MGR already set [ 832.285972][T19114] binder: 19113:19114 ioctl 40046207 0 returned -16 [ 832.966864][T19110] kexec: Could not allocate control_code_buffer [ 834.680405][T19134] openvswitch: netlink: Tunnel attr 242 out of range max 16 [ 835.270979][T19150] Invalid ELF header magic: != ELF [ 836.924470][T19173] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3900'. [ 837.926603][ T30] audit: type=1804 audit(4294975263.915:32): pid=19192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3904" name="/newroot/988/file0" dev="tmpfs" ino=5162 res=1 errno=0 [ 842.043029][T19264] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input34 [ 842.086943][T19264] program syz.2.3920 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 843.565609][T19298] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 843.680994][T19295] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 847.198454][ T5853] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 847.214608][ T5853] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 847.224032][ T5853] CPU: 0 UID: 0 PID: 5853 Comm: kworker/u9:2 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 847.224064][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 847.224082][ T5853] Workqueue: hci3 hci_rx_work [ 847.224110][ T5853] Call Trace: [ 847.224120][ T5853] [ 847.224129][ T5853] dump_stack_lvl+0x16c/0x1f0 [ 847.224157][ T5853] sysfs_warn_dup+0x7f/0xa0 [ 847.224193][ T5853] sysfs_create_dir_ns+0x24b/0x2b0 [ 847.224227][ T5853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 847.224262][ T5853] ? find_held_lock+0x2b/0x80 [ 847.224297][ T5853] ? do_raw_spin_unlock+0x172/0x230 [ 847.224338][ T5853] kobject_add_internal+0x2c4/0x9b0 [ 847.224383][ T5853] kobject_add+0x16e/0x240 [ 847.224413][ T5853] ? __pfx_kobject_add+0x10/0x10 [ 847.224447][ T5853] ? do_raw_spin_unlock+0x172/0x230 [ 847.224489][ T5853] ? kobject_put+0xab/0x5a0 [ 847.224531][ T5853] device_add+0x288/0x1a70 [ 847.224565][ T5853] ? __pfx_dev_set_name+0x10/0x10 [ 847.224600][ T5853] ? __pfx_device_add+0x10/0x10 [ 847.224632][ T5853] ? mgmt_send_event_skb+0x2fb/0x460 [ 847.224668][ T5853] hci_conn_add_sysfs+0x17e/0x230 [ 847.224699][ T5853] le_conn_complete_evt+0x1075/0x1d70 [ 847.224747][ T5853] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 847.224787][ T5853] ? bt_warn+0xe4/0x120 [ 847.224823][ T5853] ? __pfx_bt_warn+0x10/0x10 [ 847.224868][ T5853] hci_le_conn_complete_evt+0x23c/0x370 [ 847.224917][ T5853] hci_le_meta_evt+0x357/0x5e0 [ 847.224945][ T5853] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 847.224990][ T5853] hci_event_packet+0x682/0x11c0 [ 847.225017][ T5853] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 847.225049][ T5853] ? __pfx_hci_event_packet+0x10/0x10 [ 847.225078][ T5853] ? kcov_remote_start+0x3c9/0x6d0 [ 847.225114][ T5853] ? lockdep_hardirqs_on+0x7c/0x110 [ 847.225148][ T5853] hci_rx_work+0x2c5/0x16b0 [ 847.225178][ T5853] ? rcu_is_watching+0x12/0xc0 [ 847.225211][ T5853] process_one_work+0x9cc/0x1b70 [ 847.225264][ T5853] ? __pfx_process_one_work+0x10/0x10 [ 847.225312][ T5853] ? assign_work+0x1a0/0x250 [ 847.225352][ T5853] worker_thread+0x6c8/0xf10 [ 847.225419][ T5853] ? __pfx_worker_thread+0x10/0x10 [ 847.225459][ T5853] kthread+0x3c5/0x780 [ 847.225496][ T5853] ? __pfx_kthread+0x10/0x10 [ 847.225534][ T5853] ? rcu_is_watching+0x12/0xc0 [ 847.225561][ T5853] ? __pfx_kthread+0x10/0x10 [ 847.225598][ T5853] ret_from_fork+0x5d4/0x6f0 [ 847.225630][ T5853] ? __pfx_kthread+0x10/0x10 [ 847.225666][ T5853] ret_from_fork_asm+0x1a/0x30 [ 847.225712][ T5853] [ 847.225745][ T5853] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 847.344267][T19340] netlink: 17 bytes leftover after parsing attributes in process `syz.4.3933'. [ 847.351192][ T5853] Bluetooth: hci3: failed to register connection device [ 847.361332][T19334] ima: policy update failed [ 847.546860][ T30] audit: type=1802 audit(4294975273.585:33): pid=19334 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.3933" res=0 errno=0 [ 847.932689][T19351] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3939'. [ 848.671384][T19377] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 850.336275][T19404] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3960'. [ 850.355423][T19404] hsr_slave_0: left promiscuous mode [ 850.364463][T19404] hsr_slave_1: left promiscuous mode [ 850.399900][T19406] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 850.549471][T19413] ecryptfs_miscdev_write: Minimum acceptable packet size is [14], but amount of data written is only [5]. Discarding response packet. [ 852.246218][T19431] mkiss: ax0: crc mode is auto. [ 856.360590][T19506] kexec: Could not allocate control_code_buffer [ 859.137312][T19582] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input35 [ 859.440337][T19574] Invalid ELF header magic: != ELF [ 860.001444][T19589] ima: policy update failed [ 860.103382][ T30] audit: type=1802 audit(4294975286.220:34): pid=19589 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.4005" res=0 errno=0 [ 860.248725][T19589] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4005'. [ 860.953069][T19582] ovs_ÿþ: entered promiscuous mode [ 861.757690][T19614] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4011'. [ 861.768568][T19615] netlink: 338 bytes leftover after parsing attributes in process `syz.1.4010'. [ 861.937942][ T5853] Bluetooth: hci3: Malformed Event: 0x02 [ 863.750856][T19643] mkiss: ax0: crc mode is auto. [ 865.214890][T19671] netlink: 326 bytes leftover after parsing attributes in process `syz.0.4024'. [ 865.509915][T19678] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 866.094016][T19687] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 867.107544][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 867.153338][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 868.803702][T19727] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4050'. [ 868.848532][T19727] hsr_slave_1: left promiscuous mode [ 869.047751][T19731] Invalid ELF header magic: != ELF [ 870.377952][ C1] vcan0: j1939_tp_rxtimer: 0xffff888057f90c00: rx timeout, send abort [ 870.387226][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888057f90c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 871.336785][T19763] netlink: 338 bytes leftover after parsing attributes in process `syz.4.4047'. [ 871.410377][T19763] macsec0: entered promiscuous mode [ 871.416907][T19763] macsec0: entered allmulticast mode [ 871.443925][T19763] veth1_macvtap: entered allmulticast mode [ 871.498393][T19759] could not allocate digest TFM handle [ 871.781714][T19761] kexec: Could not allocate control_code_buffer [ 874.467051][ T30] audit: type=1804 audit(4294975300.645:35): pid=19793 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4055" name="file0" dev="tmpfs" ino=5544 res=1 errno=0 [ 874.589113][T19808] __vm_enough_memory: pid: 19808, comm: syz.0.4057, bytes: 4398046511104 not enough memory for the allocation [ 877.116881][T19822] kexec: Could not allocate control_code_buffer [ 879.456042][T19874] Invalid ELF header magic: != ELF [ 879.810863][T19889] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 880.328618][T19898] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4082'. [ 880.538996][ T5853] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 880.550677][ T5853] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 880.688723][T19906] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input36 [ 880.969293][T19912] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4084'. [ 883.297829][ T30] audit: type=1804 audit(4294975309.531:36): pid=19948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.4093" name="/newroot/1021/file0" dev="tmpfs" ino=5332 res=1 errno=0 [ 883.344206][ T30] audit: type=1800 audit(4294975309.531:37): pid=19948 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.4093" name="file0" dev="tmpfs" ino=5332 res=0 errno=0 [ 883.894022][T19963] syz.0.4097 (19963): attempted to duplicate a private mapping with mremap. This is not supported. [ 884.429258][T19977] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4101'. [ 884.553280][T19982] netlink: 93 bytes leftover after parsing attributes in process `syz.0.4101'. [ 884.771838][T19984] netlink: 25520 bytes leftover after parsing attributes in process `syz.1.4100'. [ 884.781338][T19984] netlink: zone id is out of range [ 884.786623][T19984] netlink: zone id is out of range [ 884.791834][T19984] netlink: zone id is out of range [ 884.797143][T19984] netlink: zone id is out of range [ 884.802452][T19984] netlink: zone id is out of range [ 884.807701][T19984] netlink: zone id is out of range [ 884.812914][T19984] netlink: zone id is out of range [ 884.818163][T19984] netlink: zone id is out of range [ 884.823399][T19984] netlink: zone id is out of range [ 884.828868][T19984] netlink: zone id is out of range [ 886.925202][ T5853] Bluetooth: hci4: Malformed Event: 0x02 [ 889.405669][T20054] random: crng reseeded on system resumption [ 889.783391][T20058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4120'. [ 890.816923][T20046] kexec: Could not allocate control_code_buffer [ 891.576271][ T30] audit: type=1804 audit(4294975317.844:38): pid=20088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4125" name="/newroot/939/file0" dev="tmpfs" ino=4915 res=1 errno=0 [ 891.905513][T20110] __vm_enough_memory: pid: 20110, comm: syz.2.4129, bytes: 4398046511104 not enough memory for the allocation [ 892.853780][T20128] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input37 [ 893.702779][T20130] ovs_ÿþ: entered promiscuous mode [ 897.245046][T20179] ovs_ÿþ: entered promiscuous mode [ 897.365669][T20195] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4149'. [ 898.977688][T20236] ERROR: Out of memory at tomoyo_memory_ok. [ 899.633505][T20253] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4167'. [ 900.050403][T20263] Invalid ELF header magic: != ELF [ 901.812771][T20300] Invalid ELF header magic: != ELF [ 901.896554][T20299] __vm_enough_memory: pid: 20299, comm: syz.1.4176, bytes: 4398046511104 not enough memory for the allocation [ 902.060877][T20300] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4178'. [ 903.829731][T20338] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 904.059573][ T30] audit: type=1804 audit(4294967306.051:39): pid=20341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4188" name="file0" dev="tmpfs" ino=5728 res=1 errno=0 [ 904.162472][ T30] audit: type=1800 audit(4294967306.111:40): pid=20341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4188" name="file0" dev="tmpfs" ino=5728 res=0 errno=0 [ 904.617868][T20353] netlink: 25520 bytes leftover after parsing attributes in process `syz.4.4192'. [ 904.639987][T20353] net_ratelimit: 377 callbacks suppressed [ 904.640009][T20353] netlink: zone id is out of range [ 904.666525][T20353] netlink: zone id is out of range [ 904.695663][T20353] netlink: zone id is out of range [ 904.721546][T20353] netlink: zone id is out of range [ 904.726805][T20353] netlink: zone id is out of range [ 904.772121][T20353] netlink: zone id is out of range [ 904.777450][T20353] netlink: zone id is out of range [ 904.830297][T20353] netlink: zone id is out of range [ 904.835549][T20353] netlink: zone id is out of range [ 904.841394][T20353] netlink: zone id is out of range [ 905.998169][T20370] netlink: 'syz.2.4196': attribute type 1 has an invalid length. [ 907.158034][T20383] netlink: 'syz.2.4199': attribute type 1 has an invalid length. [ 907.237616][ T30] audit: type=1804 audit(4294967309.247:41): pid=20374 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4197" name="file0" dev="tmpfs" ino=5739 res=1 errno=0 [ 907.257851][ C1] vkms_vblank_simulate: vblank timer overrun [ 907.269496][T20383] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 907.905434][T20402] netlink: 25520 bytes leftover after parsing attributes in process `syz.0.4203'. [ 909.091523][T20412] ptrace attach of ""[20414] was attempted by "./syz-executor exec"[20412] [ 909.518750][ T5853] Bluetooth: hci3: unexpected subevent 0x03 length: 253 > 9 [ 913.440028][T20489] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 913.492083][T20489] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 914.516687][T20500] net_ratelimit: 764 callbacks suppressed [ 914.516710][T20500] openvswitch: netlink: IPv4 tunnel dst address is zero [ 914.731612][T20506] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4228'. [ 917.190162][T20550] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 920.688626][T20607] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4251'. [ 921.166043][ T30] audit: type=1804 audit(4294967323.240:42): pid=20620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.4252" name="/newroot/967/file0" dev="tmpfs" ino=5062 res=1 errno=0 [ 921.235737][ T30] audit: type=1800 audit(4294967323.240:43): pid=20620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4252" name="file0" dev="tmpfs" ino=5062 res=0 errno=0 [ 924.629273][T20667] ERROR: Out of memory at tomoyo_memory_ok. [ 924.703256][T20667] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4264'. [ 924.747184][T20667] openvswitch: HfR: Dropping previously announced user features [ 924.901983][T20678] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4268'. [ 925.956894][T20679] ovs_ÿþ: entered promiscuous mode [ 927.604519][T20720] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 928.223750][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 928.230238][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 928.996709][T20723] netlink: 'syz.2.4286': attribute type 10 has an invalid length. [ 929.022151][T20723] netlink: 230 bytes leftover after parsing attributes in process `syz.2.4286'. [ 930.968813][T20778] ptrace attach of "./syz-executor exec"[20781] was attempted by "./syz-executor exec"[20778] [ 931.888316][T20798] Unable to find swap-space signature [ 933.168606][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c073c00: rx timeout, send abort [ 933.177060][ C0] vcan0: j1939_tp_rxtimer: 0xffff888028fd6c00: rx timeout, send abort [ 933.185640][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c073c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 933.200118][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888028fd6c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 935.624059][T20859] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 936.147691][T20876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4311'. [ 936.157828][T20876] netlink: 'syz.2.4311': attribute type 1 has an invalid length. [ 936.165594][T20876] netlink: 'syz.2.4311': attribute type 6 has an invalid length. [ 936.424024][T20881] ERROR: Out of memory at tomoyo_memory_ok. [ 937.511662][T20900] random: crng reseeded on system resumption [ 938.314620][T20911] openvswitch: netlink: IPv4 tunnel dst address is zero [ 940.010279][T20933] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input38 [ 940.021467][ T5204] ERROR: Out of memory at tomoyo_memory_ok. [ 942.161090][T20960] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 942.236219][T20960] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 942.322626][T20960] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 942.363158][T20960] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 942.396137][T20960] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 942.452831][T20960] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 943.176698][T20973] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4336'. [ 943.510639][T20983] netlink: 'syz.4.4339': attribute type 15 has an invalid length. [ 943.518604][T20983] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4339'. [ 943.749072][T20989] netlink: 'syz.4.4339': attribute type 15 has an invalid length. [ 943.757050][T20989] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4339'. [ 943.906997][ T5853] Bluetooth: hci3: command 0x0406 tx timeout [ 944.374645][ T5853] Bluetooth: hci4: command 0x0c1a tx timeout [ 944.566448][ T30] audit: type=1804 audit(4294967346.771:44): pid=20998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.4338" name="file0" dev="tmpfs" ino=5930 res=1 errno=0 [ 944.593396][ T30] audit: type=1800 audit(4294967346.771:45): pid=20998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.4338" name="file0" dev="tmpfs" ino=5930 res=0 errno=0 [ 945.966319][ T5853] Bluetooth: hci3: command 0x0406 tx timeout [ 946.450209][ T5853] Bluetooth: hci4: command 0x0c1a tx timeout [ 948.035764][ T5853] Bluetooth: hci3: command 0x0406 tx timeout [ 948.513027][ T5853] Bluetooth: hci4: command 0x0c1a tx timeout [ 950.384291][T21079] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4358'. [ 950.486883][T21079] netlink: 354 bytes leftover after parsing attributes in process `syz.0.4358'. [ 951.596793][T21092] sd 0:0:1:0: PR command failed: 1026 [ 951.602331][T21092] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 951.619292][T21092] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 952.759995][T21109] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4364'. [ 952.997935][T21111] can0: slcan on pty233. [ 953.071071][T21110] can0 (unregistered): slcan off pty233. [ 953.186889][T21117] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4375'. [ 953.383236][ T30] audit: type=1804 audit(4294967355.637:46): pid=21127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.4366" name="file0" dev="tmpfs" ino=5974 res=1 errno=0 [ 953.448152][ T30] audit: type=1800 audit(4294967355.637:47): pid=21127 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4366" name="file0" dev="tmpfs" ino=5974 res=0 errno=0 [ 953.610814][T21136] sysfs_service_op_show: Client not running :-5: [ 955.636050][T21189] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4378'. [ 955.702277][T21189] netlink: 354 bytes leftover after parsing attributes in process `syz.1.4378'. [ 959.010438][T21245] FAULT_INJECTION: forcing a failure. [ 959.010438][T21245] name failslab, interval 1, probability 0, space 0, times 0 [ 959.048602][T21245] CPU: 0 UID: 0 PID: 21245 Comm: syz.2.4391 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 959.048639][T21245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 959.048654][T21245] Call Trace: [ 959.048663][T21245] [ 959.048673][T21245] dump_stack_lvl+0x16c/0x1f0 [ 959.048707][T21245] should_fail_ex+0x512/0x640 [ 959.048735][T21245] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 959.048768][T21245] should_failslab+0xc2/0x120 [ 959.048798][T21245] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 959.048826][T21245] ? mas_dup_build.constprop.0+0x5f3/0x1740 [ 959.048860][T21245] mas_dup_build.constprop.0+0x5f3/0x1740 [ 959.048903][T21245] __mt_dup+0xeb/0x1f0 [ 959.048928][T21245] ? __pfx___mt_dup+0x10/0x10 [ 959.048986][T21245] dup_mmap+0x373/0x21d0 [ 959.049034][T21245] ? __pfx_dup_mmap+0x10/0x10 [ 959.049093][T21245] copy_process+0x4081/0x7650 [ 959.049125][T21245] ? preempt_schedule_thunk+0x16/0x30 [ 959.049174][T21245] ? __pfx_copy_process+0x10/0x10 [ 959.049206][T21245] ? find_held_lock+0x2b/0x80 [ 959.049247][T21245] ? wake_up_q+0xb0/0x160 [ 959.049270][T21245] ? do_raw_spin_unlock+0x172/0x230 [ 959.049316][T21245] kernel_clone+0xfc/0x960 [ 959.049350][T21245] ? __pfx_futex_wake+0x10/0x10 [ 959.049386][T21245] ? __pfx_kernel_clone+0x10/0x10 [ 959.049416][T21245] ? __pfx_vfs_writev+0x10/0x10 [ 959.049476][T21245] __do_sys_clone+0xce/0x120 [ 959.049508][T21245] ? __pfx___do_sys_clone+0x10/0x10 [ 959.049559][T21245] ? xfd_validate_state+0x61/0x180 [ 959.049591][T21245] ? __pfx_do_writev+0x10/0x10 [ 959.049637][T21245] do_syscall_64+0xcd/0x490 [ 959.049667][T21245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 959.049693][T21245] RIP: 0033:0x7fa45c78e9a9 [ 959.049715][T21245] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 959.049741][T21245] RSP: 002b:00007fa45a5d4fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 959.049766][T21245] RAX: ffffffffffffffda RBX: 00007fa45c9b6160 RCX: 00007fa45c78e9a9 [ 959.049784][T21245] RDX: 0000200000000100 RSI: 0000000000000000 RDI: 0000000000002000 [ 959.049801][T21245] RBP: 00007fa45c810d69 R08: 0000000000000000 R09: 0000000000000000 [ 959.049819][T21245] R10: 00002000000001c0 R11: 0000000000000206 R12: 0000000000000000 [ 959.049835][T21245] R13: 0000000000000000 R14: 00007fa45c9b6160 R15: 00007ffdbae107e8 [ 959.049873][T21245] [ 959.500522][T21254] random: crng reseeded on system resumption                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     syzkaller syzkaller login: [ 1142.514806][T24321] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5109'. [ 1142.827998][T24327] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1142.914314][T24331] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1147.596245][T24381] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1148.129532][T24392] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5121'. [ 1148.625577][ T30] audit: type=1804 audit(4294967313.121:57): pid=24398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.5122" name="/newroot/1266/file0" dev="tmpfs" ino=6626 res=1 errno=0 [ 1148.660417][ T30] audit: type=1800 audit(4294967313.121:58): pid=24398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.5122" name="file0" dev="tmpfs" ino=6626 res=0 errno=0 [ 1149.285883][T24399] kexec: Could not allocate control_code_buffer [ 1153.611031][T24478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1153.629802][T24478] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1154.765082][T24494] ERROR: Out of memory at tomoyo_memory_ok. [ 1155.950396][T24527] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1157.615222][ T30] audit: type=1804 audit(4294967322.162:59): pid=24557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.5159" name="file0" dev="tmpfs" ino=7041 res=1 errno=0 [ 1157.668094][ T30] audit: type=1800 audit(4294967322.162:60): pid=24557 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.5159" name="file0" dev="tmpfs" ino=7041 res=0 errno=0 [ 1158.240304][T24578] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1162.890198][ T30] audit: type=1804 audit(4294967327.462:61): pid=24656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.5174" name="/newroot/1183/file0" dev="tmpfs" ino=6190 res=1 errno=0 [ 1162.956674][ T30] audit: type=1800 audit(4294967327.462:62): pid=24656 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5174" name="file0" dev="tmpfs" ino=6190 res=0 errno=0 [ 1164.431848][T24701] random: crng reseeded on system resumption [ 1164.491364][T24702] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 1166.531560][T24729] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5194'. [ 1166.984195][T23847] udevd[23847]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 1167.022893][T23847] udevd[23847]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 1167.049696][T24732] ERROR: Out of memory at tomoyo_memory_ok. [ 1167.408303][T24748] openvswitch: netlink: IPv4 tunnel dst address is zero [ 1167.477923][T24749] openvswitch: netlink: IP tunnel attribute has 4 unknown bytes. [ 1167.500922][T24750] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 1167.635664][T24723] kexec: Could not allocate control_code_buffer [ 1168.770654][T24767] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1168.852486][T24771] futex_wake_op: syz.1.5213 tries to shift op by -9; fix this program [ 1169.937055][T24792] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5206'. [ 1170.441494][T24798] udevd[24798]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 1170.456750][T24798] udevd[24798]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 1171.257639][T24809] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1172.368251][T24804] kexec: Could not allocate control_code_buffer [ 1172.464606][T24816] tipc: Started in network mode [ 1172.469905][T24816] tipc: Node identity ee00, cluster identity 4711 [ 1172.476362][T24816] tipc: Node number set to 60928 [ 1172.705826][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1172.712307][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1173.028513][T24824] ERROR: Out of memory at tomoyo_memory_ok. [ 1173.672535][T24845] random: crng reseeded on system resumption [ 1173.912752][ T30] audit: type=1804 audit(4294967338.545:63): pid=24849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.5226" name="file0" dev="tmpfs" ino=7242 res=1 errno=0 [ 1173.989068][ T30] audit: type=1800 audit(4294967338.545:64): pid=24849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5226" name="file0" dev="tmpfs" ino=7242 res=0 errno=0 [ 1175.629775][ T30] audit: type=1800 audit(4294967340.275:65): pid=24870 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5233" name="members" dev="configfs" ino=99054 res=0 errno=0 [ 1175.927420][T24884] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5224'. [ 1176.345948][T24798] udevd[24798]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 1176.426506][T24798] udevd[24798]: inotify_add_watch(7, /dev/nbd4128, 10) failed: No such file or directory [ 1177.389677][T24912] FAULT_INJECTION: forcing a failure. [ 1177.389677][T24912] name failslab, interval 1, probability 0, space 0, times 0 [ 1177.418306][T24912] CPU: 0 UID: 0 PID: 24912 Comm: syz.2.5242 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1177.418330][T24912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1177.418339][T24912] Call Trace: [ 1177.418345][T24912] [ 1177.418353][T24912] dump_stack_lvl+0x16c/0x1f0 [ 1177.418383][T24912] should_fail_ex+0x512/0x640 [ 1177.418399][T24912] ? kmem_cache_alloc_noprof+0x5a/0x3b0 [ 1177.418417][T24912] should_failslab+0xc2/0x120 [ 1177.418434][T24912] kmem_cache_alloc_noprof+0x6d/0x3b0 [ 1177.418447][T24912] ? __lock_acquire+0x622/0x1c90 [ 1177.418467][T24912] ? sk_prot_alloc+0x60/0x2a0 [ 1177.418488][T24912] sk_prot_alloc+0x60/0x2a0 [ 1177.418507][T24912] sk_alloc+0x36/0xc20 [ 1177.418522][T24912] __vsock_create.constprop.0+0x3c/0xbb0 [ 1177.418544][T24912] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1177.418567][T24912] vsock_create+0x139/0x500 [ 1177.418583][T24912] __sock_create+0x335/0x8d0 [ 1177.418607][T24912] __sys_socket+0x14d/0x260 [ 1177.418628][T24912] ? __pfx___sys_socket+0x10/0x10 [ 1177.418648][T24912] ? __task_pid_nr_ns+0x17c/0x500 [ 1177.418671][T24912] __x64_sys_socket+0x72/0xb0 [ 1177.418690][T24912] ? lockdep_hardirqs_on+0x7c/0x110 [ 1177.418704][T24912] do_syscall_64+0xcd/0x490 [ 1177.418721][T24912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1177.418736][T24912] RIP: 0033:0x7fa45c78e9a9 [ 1177.418752][T24912] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1177.418769][T24912] RSP: 002b:00007fa45d513038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1177.418784][T24912] RAX: ffffffffffffffda RBX: 00007fa45c9b5fa0 RCX: 00007fa45c78e9a9 [ 1177.418794][T24912] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000028 [ 1177.418803][T24912] RBP: 00007fa45c810d69 R08: 0000000000000000 R09: 0000000000000000 [ 1177.418812][T24912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1177.418821][T24912] R13: 0000000000000000 R14: 00007fa45c9b5fa0 R15: 00007ffdbae107e8 [ 1177.418840][T24912] [ 1179.313662][T24916] kexec: Could not allocate control_code_buffer [ 1185.835032][T25033] vhci_hcd: USB_PORT_FEAT_BH_PORT_RESET req not supported for USB 2.0 roothub [ 1188.254581][T25076] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1191.901157][T25135] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1197.964223][T25226] usb usb36: usbfs: process 25226 (syz.4.5299) did not claim interface 0 before use [ 1199.177339][T25254] vhci_hcd: invalid port number 16 [ 1199.184262][T25254] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 1200.066036][T25265] futex_wake_op: syz.0.5306 tries to shift op by -2048; fix this program [ 1200.340091][T25271] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1200.953999][T25269] ERROR: Out of memory at tomoyo_memory_ok. [ 1202.318829][ T5853] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1202.339716][ T5853] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 1202.354709][ T5853] CPU: 1 UID: 0 PID: 5853 Comm: kworker/u9:2 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1202.354748][ T5853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1202.354767][ T5853] Workqueue: hci3 hci_rx_work [ 1202.354798][ T5853] Call Trace: [ 1202.354808][ T5853] [ 1202.354820][ T5853] dump_stack_lvl+0x16c/0x1f0 [ 1202.354850][ T5853] sysfs_warn_dup+0x7f/0xa0 [ 1202.354890][ T5853] sysfs_create_dir_ns+0x24b/0x2b0 [ 1202.354930][ T5853] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1202.354975][ T5853] ? find_held_lock+0x2b/0x80 [ 1202.355010][ T5853] ? do_raw_spin_unlock+0x172/0x230 [ 1202.355054][ T5853] kobject_add_internal+0x2c4/0x9b0 [ 1202.355092][ T5853] kobject_add+0x16e/0x240 [ 1202.355122][ T5853] ? __pfx_kobject_add+0x10/0x10 [ 1202.355155][ T5853] ? do_raw_spin_unlock+0x172/0x230 [ 1202.355194][ T5853] ? kobject_put+0xab/0x5a0 [ 1202.355233][ T5853] device_add+0x288/0x1a70 [ 1202.355267][ T5853] ? __pfx_dev_set_name+0x10/0x10 [ 1202.355303][ T5853] ? __pfx_device_add+0x10/0x10 [ 1202.355337][ T5853] ? mgmt_send_event_skb+0x2fb/0x460 [ 1202.355375][ T5853] hci_conn_add_sysfs+0x17e/0x230 [ 1202.355405][ T5853] le_conn_complete_evt+0x1075/0x1d70 [ 1202.355452][ T5853] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1202.355489][ T5853] ? bt_warn+0xe4/0x120 [ 1202.355521][ T5853] ? __pfx_bt_warn+0x10/0x10 [ 1202.355564][ T5853] hci_le_conn_complete_evt+0x23c/0x370 [ 1202.355611][ T5853] hci_le_meta_evt+0x357/0x5e0 [ 1202.355636][ T5853] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1202.355676][ T5853] hci_event_packet+0x682/0x11c0 [ 1202.355699][ T5853] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1202.355729][ T5853] ? __pfx_hci_event_packet+0x10/0x10 [ 1202.355760][ T5853] ? kcov_remote_start+0x3c9/0x6d0 [ 1202.355790][ T5853] ? lockdep_hardirqs_on+0x7c/0x110 [ 1202.355821][ T5853] hci_rx_work+0x2c5/0x16b0 [ 1202.355850][ T5853] ? rcu_is_watching+0x12/0xc0 [ 1202.355884][ T5853] process_one_work+0x9cc/0x1b70 [ 1202.355931][ T5853] ? __pfx_process_one_work+0x10/0x10 [ 1202.355990][ T5853] ? assign_work+0x1a0/0x250 [ 1202.356028][ T5853] worker_thread+0x6c8/0xf10 [ 1202.356083][ T5853] ? __pfx_worker_thread+0x10/0x10 [ 1202.356121][ T5853] kthread+0x3c5/0x780 [ 1202.356159][ T5853] ? __pfx_kthread+0x10/0x10 [ 1202.356197][ T5853] ? rcu_is_watching+0x12/0xc0 [ 1202.356224][ T5853] ? __pfx_kthread+0x10/0x10 [ 1202.356262][ T5853] ret_from_fork+0x5d4/0x6f0 [ 1202.356296][ T5853] ? __pfx_kthread+0x10/0x10 [ 1202.356331][ T5853] ret_from_fork_asm+0x1a/0x30 [ 1202.356379][ T5853] [ 1202.356467][ T5853] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1202.616430][ T5853] Bluetooth: hci3: failed to register connection device [ 1202.632813][T25306] Process accounting resumed [ 1204.802794][T23648] Bluetooth: hci3: unexpected event 0x3e length: 508 > 260 [ 1204.802821][T23648] Bluetooth: hci3: unexpected subevent 0x02 length: 507 > 260 [ 1204.819318][T23648] Bluetooth: hci3: Dropping invalid advertising data [ 1204.826355][T23648] Bluetooth: hci3: Dropping invalid advertising data [ 1204.838328][T23648] Bluetooth: hci3: Dropping invalid advertising data [ 1204.845164][T23648] Bluetooth: hci3: Malformed LE Event: 0x02 [ 1213.230848][T25474] tipc: Started in network mode [ 1213.251236][T25474] tipc: Node identity ee00, cluster identity 4711 [ 1213.263301][T25474] tipc: Node number set to 60928 [ 1213.303291][T25477] Process accounting resumed [ 1213.495418][T25486] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5352'. [ 1216.637216][T23648] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1216.645243][T23648] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1217.447517][ T30] audit: type=1800 audit(4294967382.299:66): pid=25552 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.5372" name="ram7" dev="tmpfs" ino=7077 res=0 errno=0 [ 1220.668734][T25581] ERROR: Out of memory at tomoyo_memory_ok. [ 1224.435078][T25636] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5381'. [ 1229.819134][T25715] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1232.363380][T25755] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1233.346525][T25737] Process accounting paused [ 1233.829888][T25764] blktrace: Concurrent blktraces are not allowed on loop2 [ 1233.844621][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1233.854189][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1236.822167][T25823] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1236.986734][T25820] svc: failed to register nfsdv3 RPC service (errno 101). [ 1237.001898][T25820] svc: failed to register nfsaclv3 RPC service (errno 101). [ 1238.085180][T25855] can: request_module (can-proto-3) failed. [ 1238.331169][T25870] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5426'. [ 1238.347930][T25869] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5428'. [ 1238.396069][T25864] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5426'. [ 1238.658368][T25881] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5429'. [ 1240.136996][T25915] vhci_hcd: invalid port number 16 [ 1240.146577][T25915] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 1243.128489][T25967] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5446'. [ 1243.178402][T25973] netlink: 354 bytes leftover after parsing attributes in process `syz.1.5446'. [ 1243.435323][T25977] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5449'. [ 1243.455818][T25962] Process accounting paused [ 1243.499719][T25979] netlink: 93 bytes leftover after parsing attributes in process `syz.2.5449'. [ 1245.105348][T26002] Invalid ELF header magic: != ELF [ 1245.209707][T26002] netlink: 330 bytes leftover after parsing attributes in process `syz.2.5454'. [ 1245.606247][T26009] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1246.419939][T26022] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5459'. [ 1246.484624][T26025] can: request_module (can-proto-3) failed. [ 1249.641224][ T30] audit: type=1804 audit(4294967414.666:67): pid=26066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.5470" name="file0" dev="tmpfs" ino=7605 res=1 errno=0 [ 1250.646556][T26089] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5471'. [ 1250.655707][T26089] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1250.663094][T26089] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1250.806511][T26089] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1251.001666][T26089] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1251.201576][T26079] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5469'. [ 1251.459046][T26079] mac80211_hwsim hwsim5 wlan1: entered promiscuous mode [ 1251.603478][T26101] ERROR: Out of memory at tomoyo_memory_ok. [ 1255.342165][T26168] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5485'. [ 1257.286834][T26198] ERROR: Out of memory at tomoyo_memory_ok. [ 1257.969139][ T30] audit: type=1800 audit(4294967302.812:68): pid=26219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5496" name="lu_gp_id" dev="configfs" ino=104556 res=0 errno=0 [ 1258.852581][T26234] Process accounting resumed [ 1259.350821][ T5853] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1259.358470][ T5853] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1259.717992][T26253] FAULT_INJECTION: forcing a failure. [ 1259.717992][T26253] name failslab, interval 1, probability 0, space 0, times 0 [ 1259.765976][T26253] CPU: 0 UID: 0 PID: 26253 Comm: syz.2.5505 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1259.766013][T26253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1259.766029][T26253] Call Trace: [ 1259.766037][T26253] [ 1259.766049][T26253] dump_stack_lvl+0x16c/0x1f0 [ 1259.766079][T26253] should_fail_ex+0x512/0x640 [ 1259.766103][T26253] ? kmem_cache_alloc_lru_noprof+0x5f/0x3b0 [ 1259.766131][T26253] should_failslab+0xc2/0x120 [ 1259.766160][T26253] kmem_cache_alloc_lru_noprof+0x72/0x3b0 [ 1259.766184][T26253] ? __d_alloc+0x31/0xaa0 [ 1259.766218][T26253] __d_alloc+0x31/0xaa0 [ 1259.766245][T26253] d_alloc+0x4a/0x1e0 [ 1259.766271][T26253] d_alloc_parallel+0xe3/0x12e0 [ 1259.766314][T26253] ? find_held_lock+0x2b/0x80 [ 1259.766340][T26253] ? __pfx_d_alloc_parallel+0x10/0x10 [ 1259.766376][T26253] ? __d_lookup+0x266/0x4a0 [ 1259.766417][T26253] lookup_open.isra.0+0x665/0x1580 [ 1259.766461][T26253] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 1259.766528][T26253] ? mnt_get_write_access+0x20c/0x300 [ 1259.766566][T26253] path_openat+0x893/0x2cb0 [ 1259.766600][T26253] ? __pfx_path_openat+0x10/0x10 [ 1259.766628][T26253] ? __lock_acquire+0xb8a/0x1c90 [ 1259.766668][T26253] do_filp_open+0x20b/0x470 [ 1259.766696][T26253] ? __pfx_do_filp_open+0x10/0x10 [ 1259.766736][T26253] ? __pfx_kfree_link+0x10/0x10 [ 1259.766781][T26253] ? alloc_fd+0x471/0x7d0 [ 1259.766829][T26253] do_sys_openat2+0x11b/0x1d0 [ 1259.766864][T26253] ? __pfx_do_sys_openat2+0x10/0x10 [ 1259.766898][T26253] ? find_held_lock+0x2b/0x80 [ 1259.766936][T26253] __x64_sys_openat+0x174/0x210 [ 1259.766967][T26253] ? __pfx___x64_sys_openat+0x10/0x10 [ 1259.767013][T26253] do_syscall_64+0xcd/0x490 [ 1259.767043][T26253] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1259.767070][T26253] RIP: 0033:0x7fa45c78d310 [ 1259.767092][T26253] Code: 48 89 44 24 20 75 93 44 89 54 24 0c e8 49 94 02 00 44 8b 54 24 0c 89 da 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 38 44 89 c7 89 44 24 0c e8 9c 94 02 00 8b 44 [ 1259.767109][T26253] RSP: 002b:00007fa45d512f10 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 [ 1259.767124][T26253] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 00007fa45c78d310 [ 1259.767135][T26253] RDX: 0000000000000002 RSI: 00007fa45d512fa0 RDI: 00000000ffffff9c [ 1259.767144][T26253] RBP: 00007fa45d512fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1259.767154][T26253] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 1259.767162][T26253] R13: 0000000000000000 R14: 00007fa45c9b5fa0 R15: 00007ffdbae107e8 [ 1259.767182][T26253] [ 1260.762241][T26267] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1262.434558][T26306] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5515'. [ 1262.595120][T26310] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5517'. [ 1262.647767][T26308] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5517'. [ 1262.997727][T26312] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1263.841761][T26314] Process accounting resumed [ 1264.955033][ T30] audit: type=1800 audit(4294967302.953:69): pid=26340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.5523" name="lu_gp_id" dev="configfs" ino=103823 res=0 errno=0 [ 1265.960766][T26352] vhci_hcd: invalid port number 16 [ 1265.999634][T26352] vhci_hcd: USB_PORT_FEAT_U1/2_TIMEOUT req not supported for USB 2.0 roothub [ 1267.072535][T26367] [ 1267.074912][T26367] ====================================================== [ 1267.081940][T26367] WARNING: possible circular locking dependency detected [ 1267.088969][T26367] 6.16.0-syzkaller #0 Not tainted [ 1267.094008][T26367] ------------------------------------------------------ [ 1267.101030][T26367] syz.4.5526/26367 is trying to acquire lock: [ 1267.107096][T26367] ffffffff8e72a5a8 (pcpu_alloc_mutex){+.+.}-{4:4}, at: pcpu_alloc_noprof+0xb4c/0x1470 [ 1267.116704][T26367] [ 1267.116704][T26367] but task is already holding lock: [ 1267.124077][T26367] ffff888141fd9e00 (&q->q_usage_counter(io)#30){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1267.135356][T26367] [ 1267.135356][T26367] which lock already depends on the new lock. [ 1267.135356][T26367] [ 1267.145762][T26367] [ 1267.145762][T26367] the existing dependency chain (in reverse order) is: [ 1267.154776][T26367] [ 1267.154776][T26367] -> #2 (&q->q_usage_counter(io)#30){++++}-{0:0}: [ 1267.163399][T26367] blk_alloc_queue+0x619/0x760 [ 1267.168702][T26367] blk_mq_alloc_queue+0x175/0x290 [ 1267.174257][T26367] __blk_mq_alloc_disk+0x29/0x120 [ 1267.179818][T26367] loop_add+0x49e/0xb70 [ 1267.184505][T26367] loop_init+0x164/0x270 [ 1267.189285][T26367] do_one_initcall+0x120/0x6e0 [ 1267.194579][T26367] kernel_init_freeable+0x5c2/0x900 [ 1267.200315][T26367] kernel_init+0x1c/0x2b0 [ 1267.205178][T26367] ret_from_fork+0x5d4/0x6f0 [ 1267.210302][T26367] ret_from_fork_asm+0x1a/0x30 [ 1267.215597][T26367] [ 1267.215597][T26367] -> #1 (fs_reclaim){+.+.}-{0:0}: [ 1267.222823][T26367] fs_reclaim_acquire+0x102/0x150 [ 1267.228383][T26367] prepare_alloc_pages+0x162/0x610 [ 1267.234027][T26367] __alloc_frozen_pages_noprof+0x18b/0x23f0 [ 1267.240447][T26367] __alloc_pages_noprof+0xb/0x1b0 [ 1267.246082][T26367] pcpu_populate_chunk+0x110/0xb00 [ 1267.251728][T26367] pcpu_alloc_noprof+0x86a/0x1470 [ 1267.257274][T26367] xt_percpu_counter_alloc+0x13e/0x1b0 [ 1267.263267][T26367] find_check_entry.constprop.0+0xbc/0x9b0 [ 1267.269610][T26367] translate_table+0xc98/0x1720 [ 1267.275002][T26367] ipt_register_table+0x102/0x430 [ 1267.280567][T26367] iptable_security_table_init+0x40/0x60 [ 1267.286728][T26367] xt_find_table_lock+0x2e1/0x520 [ 1267.292291][T26367] xt_request_find_table_lock+0x28/0xf0 [ 1267.298371][T26367] get_info+0x190/0x610 [ 1267.303062][T26367] do_ipt_get_ctl+0x169/0xa10 [ 1267.308274][T26367] nf_getsockopt+0x79/0xe0 [ 1267.313219][T26367] ip_getsockopt+0x18c/0x1e0 [ 1267.318340][T26367] tcp_getsockopt+0x9e/0x100 [ 1267.323484][T26367] do_sock_getsockopt+0x34a/0x440 [ 1267.329048][T26367] __sys_getsockopt+0x123/0x1b0 [ 1267.334454][T26367] __x64_sys_getsockopt+0xbd/0x160 [ 1267.340092][T26367] do_syscall_64+0xcd/0x490 [ 1267.345122][T26367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1267.351542][T26367] [ 1267.351542][T26367] -> #0 (pcpu_alloc_mutex){+.+.}-{4:4}: [ 1267.359294][T26367] __lock_acquire+0x126f/0x1c90 [ 1267.364683][T26367] lock_acquire+0x179/0x350 [ 1267.369721][T26367] __mutex_lock+0x199/0xb90 [ 1267.374751][T26367] pcpu_alloc_noprof+0xb4c/0x1470 [ 1267.380300][T26367] blk_stat_alloc_callback+0xc8/0x280 [ 1267.386199][T26367] wbt_init+0xac/0x540 [ 1267.390796][T26367] queue_wb_lat_store+0x354/0x3d0 [ 1267.396347][T26367] queue_attr_store+0x276/0x320 [ 1267.401721][T26367] sysfs_kf_write+0xf2/0x150 [ 1267.406841][T26367] kernfs_fop_write_iter+0x354/0x510 [ 1267.412655][T26367] vfs_write+0x6c4/0x1150 [ 1267.417506][T26367] ksys_write+0x12a/0x250 [ 1267.422358][T26367] do_syscall_64+0xcd/0x490 [ 1267.427385][T26367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1267.433801][T26367] [ 1267.433801][T26367] other info that might help us debug this: [ 1267.433801][T26367] [ 1267.444024][T26367] Chain exists of: [ 1267.444024][T26367] pcpu_alloc_mutex --> fs_reclaim --> &q->q_usage_counter(io)#30 [ 1267.444024][T26367] [ 1267.457696][T26367] Possible unsafe locking scenario: [ 1267.457696][T26367] [ 1267.465139][T26367] CPU0 CPU1 [ 1267.470496][T26367] ---- ---- [ 1267.475856][T26367] lock(&q->q_usage_counter(io)#30); [ 1267.481241][T26367] lock(fs_reclaim); [ 1267.487770][T26367] lock(&q->q_usage_counter(io)#30); [ 1267.495671][T26367] lock(pcpu_alloc_mutex); [ 1267.500179][T26367] [ 1267.500179][T26367] *** DEADLOCK *** [ 1267.500179][T26367] [ 1267.508323][T26367] 6 locks held by syz.4.5526/26367: [ 1267.513526][T26367] #0: ffff888030cbd5f8 (&f->f_pos_lock){+.+.}-{4:4}, at: fdget_pos+0x2a2/0x370 [ 1267.522686][T26367] #1: ffff888036b8c428 (sb_writers#7){.+.+}-{0:0}, at: ksys_write+0x12a/0x250 [ 1267.531674][T26367] #2: ffff888033e96488 (&of->mutex){+.+.}-{4:4}, at: kernfs_fop_write_iter+0x28f/0x510 [ 1267.541446][T26367] #3: ffff888141f085a8 (kn->active#254){.+.+}-{0:0}, at: kernfs_fop_write_iter+0x2b2/0x510 [ 1267.551573][T26367] #4: ffff888141fd9e00 (&q->q_usage_counter(io)#30){++++}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1267.563273][T26367] #5: ffff888141fd9e38 (&q->q_usage_counter(queue)#24){+.+.}-{0:0}, at: blk_mq_freeze_queue_nomemsave+0x15/0x20 [ 1267.575230][T26367] [ 1267.575230][T26367] stack backtrace: [ 1267.581115][T26367] CPU: 0 UID: 0 PID: 26367 Comm: syz.4.5526 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 1267.581144][T26367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1267.581159][T26367] Call Trace: [ 1267.581168][T26367] [ 1267.581177][T26367] dump_stack_lvl+0x116/0x1f0 [ 1267.581202][T26367] print_circular_bug+0x275/0x350 [ 1267.581233][T26367] check_noncircular+0x14c/0x170 [ 1267.581266][T26367] __lock_acquire+0x126f/0x1c90 [ 1267.581301][T26367] lock_acquire+0x179/0x350 [ 1267.581329][T26367] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 1267.581352][T26367] ? __pfx___might_resched+0x10/0x10 [ 1267.581377][T26367] ? ksys_write+0x12a/0x250 [ 1267.581397][T26367] ? do_syscall_64+0xcd/0x490 [ 1267.581420][T26367] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1267.581445][T26367] __mutex_lock+0x199/0xb90 [ 1267.581468][T26367] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 1267.581490][T26367] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 1267.581512][T26367] ? __pfx___mutex_lock+0x10/0x10 [ 1267.581544][T26367] ? pcpu_alloc_noprof+0xb4c/0x1470 [ 1267.581564][T26367] pcpu_alloc_noprof+0xb4c/0x1470 [ 1267.581590][T26367] ? __pfx_wbt_data_dir+0x10/0x10 [ 1267.581612][T26367] ? __pfx_wb_timer_fn+0x10/0x10 [ 1267.581638][T26367] blk_stat_alloc_callback+0xc8/0x280 [ 1267.581665][T26367] ? kasan_save_track+0x14/0x30 [ 1267.581690][T26367] wbt_init+0xac/0x540 [ 1267.581718][T26367] queue_wb_lat_store+0x354/0x3d0 [ 1267.581744][T26367] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 1267.581770][T26367] ? __mutex_trylock_common+0xe9/0x250 [ 1267.581802][T26367] ? __pfx_queue_wb_lat_store+0x10/0x10 [ 1267.581827][T26367] queue_attr_store+0x276/0x320 [ 1267.581852][T26367] ? __pfx_queue_attr_store+0x10/0x10 [ 1267.581875][T26367] ? __lock_acquire+0x622/0x1c90 [ 1267.581911][T26367] ? find_held_lock+0x2b/0x80 [ 1267.581939][T26367] ? sysfs_file_kobj+0xe4/0x290 [ 1267.581971][T26367] ? __pfx_queue_attr_store+0x10/0x10 [ 1267.581995][T26367] sysfs_kf_write+0xf2/0x150 [ 1267.582027][T26367] kernfs_fop_write_iter+0x354/0x510 [ 1267.582054][T26367] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1267.582086][T26367] vfs_write+0x6c4/0x1150 [ 1267.582107][T26367] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1267.582136][T26367] ? __pfx___mutex_lock+0x10/0x10 [ 1267.582159][T26367] ? __pfx_vfs_write+0x10/0x10 [ 1267.582188][T26367] ksys_write+0x12a/0x250 [ 1267.582208][T26367] ? __pfx_ksys_write+0x10/0x10 [ 1267.582233][T26367] do_syscall_64+0xcd/0x490 [ 1267.582256][T26367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1267.582279][T26367] RIP: 0033:0x7f5fa638e9a9 [ 1267.582298][T26367] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1267.582321][T26367] RSP: 002b:00007f5fa713b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1267.582342][T26367] RAX: ffffffffffffffda RBX: 00007f5fa65b6080 RCX: 00007f5fa638e9a9 [ 1267.582358][T26367] RDX: 0000000000000081 RSI: 0000200000000040 RDI: 0000000000000004 [ 1267.582373][T26367] RBP: 00007f5fa6410d69 R08: 0000000000000000 R09: 0000000000000000 [ 1267.582388][T26367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1267.582402][T26367] R13: 0000000000000000 R14: 00007f5fa65b6080 R15: 00007ffc92c07d68 [ 1267.582424][T26367]