last executing test programs: 1m19.91044153s ago: executing program 3 (id=3024): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r2, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000140)={0x14, r1, 0x1, 0x70bd25, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002180)=ANY=[@ANYBLOB="e0020000", @ANYRES16=r4, @ANYBLOB="01002ebd5100fbcbdf250100000004000180c802018004000680bd020480fc921cf096b39f43034e2db36a74c0ade1e6a4dafab35aa84881d05d1662bd8a8f48943ea4276b7e1465958d17dd9c9706336d0f4a94c7de9fa79cb659b67f43fa331b6f98fa8ad43a943eac1b528ba83992018ecb03ba5dba6660c32c87b1dc86b69a7f6e747504f11d7688a74c47a4ba4802228004003b0040028b8008002600", @ANYRES32=r3, @ANYBLOB="08006e00ac1414aa2c02bc8028029880220242804b8ef4dea62052d4391e1b7fcd2429f7195770e4ca6f21844850ff750ce04caf301dc66838e61817fb1f807d53f524a2ac569f0f1c754ec84650d22b883479398e9d766ecc3fa8de0f83e8f703cb19a0826ec7c4949c87bab590c6305dc6f742accc66d7f2c47d87ec1d7fde707f710037006af15d7fa2ec9194354a1069b7c806492e043fa1fdad718d351a10ddade114048ff1302faa59a651c349c5ec3cede0e3949d48b97b2bd1d493852ed30d3a7c2cead7511ef0c8d71cb13b68fb7475ceac2b9816379110f6b4d10d69aea84f032ee4c179ba7929c5d06329cbdf05000000040034804d001f800400f18004006c800d7112532deb3ef76f18436c6041ed69a31df55778585e94b7244ba30fca32a34652fd3f440a97d881a3e6c962f72b82c506b0f9531ca4e8321faaa8982bbdfd85000000e5007d800800e400", @ANYRES32=0x0, @ANYBLOB="0400af80cee0bd49dab2a617b70e1a2e040e6ba448f301800a8999cec0bec67eb0617ad3f9a0977d09fa35f0e26b923a2713f1104ff7a5b18a2629bbee5de69b17f06e13870462f79e9deb527b97fd65fc8b156b0f525dfca9340f14dc75ef0881c14f5b87a6c615ee754d72289dcac3c322002b00", @ANYRES32=0x0, @ANYBLOB="6000f68004004880f6c5cccd25852c755b4331229a68ba8457bb2c5bc855fc277901cc018a78610faf86906cfd8f50da20a3cfe74a23710a32b0bd28cfddfe8fbcc03a4f9178ec9a0400de8004004380040078800c00a700feffffffffffffff0000000000000000"], 0x2e0}, 0x1, 0x0, 0x0, 0x40}, 0x4) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000480)={{&(0x7f00000001c0)="8d10a50b60e1380b545f89c54bab4fbfb3e0feda7edd7e46ae550aa997ff56be56fea27cb83751daf5f24ad06844d84862e0d8ddb179f76038831d67eaac8ab77003e5fc4eaf9d788521bd99b2729d94e367eabcdce535dd22dee07e455f0d28213b56b89d026239a1a68f51487800b3643829c256b36302e01c43618a797b05025b5feebfc59d59d2d916fd4248245863a0fd01593abab17301a9c36f0ec8bcbd4d8e6757f5b19d5092696e8e3e7ae1179791a4d12d4b6e213364b1f45cbae151889a10e446fe3ddc6e35545780a45518a4", 0x3, &(0x7f00000003c0)={&(0x7f00000002c0)="a05773e17fc3f097c1dda9674cdda8495227c3f6143b1c9dae28868eb2521113ee53fe55139a6cafe81097998f467936029d7cc2a59bd8df4aac7fbffdb54dfbc4dabe4693db529a457b072d24a74a8cc4064a179611df8dbc3eb7d0d68f653f5c970fe5e8039b309bf88b2d95319ac03fe3fed98f97feb30230ed7bc44c009694c3a27e9526df2fdf2b2d30adf6f4e00f90211708f37043fdc4153b871250e305e2c21184eaa67cb94b2d8e79f89ec13959f9918ffa08e8a519c2ad073327cf5ae99cbd9397b8187ea2e9c37e5535d88c6ce6ca1e247930b3585aa92c14", 0x100}, 0x1, &(0x7f0000000400)="2491e2f933b13df8b9767a34918374d206e5f3c766ee0baae721e41d7b28fc255fc9387e8c68e335e84ca7720ac49cdfdff203042b32ffe2ddf3fee62aa25966f135af5acda0f5ee35af2663f7f69d40ea81d8bce8fc80c0add9", 0x1, 0x1}, 0x401}, 0x5, 0x4) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f00000004c0)="7862057aca15a7d507bb3f9e31f18515da2d75a11f6404b9e8f06f1c382bb5fc424070f9b9272d66e1d88971d04a7f1d4e0415eb683a6fffe5ca170d28dac7e4de1a57") mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r5 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) ioctl$auto(r5, 0x4018620d, 0x9) 1m19.288451981s ago: executing program 3 (id=3029): mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x20000008000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x100, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x1ac}}, 0x4004) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$auto_VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000100)=0x8) socket(0x11, 0x3, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) vmsplice$auto(0x1, &(0x7f0000000000)={0x0, 0x5}, 0x6, 0x8) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000180)='/dev/binderfs/binder1\x00', 0x200, 0x0) ioctl$auto_BINDER_GET_FROZEN_INFO(r1, 0xc00c620f, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x4a}) socket(0x5, 0x2, 0xee6) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) 1m18.472942832s ago: executing program 3 (id=3033): mmap$auto(0x80000000000000, 0x800002020009, 0x3, 0xeb0, 0xfffffffffffffffa, 0x8001) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2b, 0x1, 0x1) getsockopt$auto(r0, 0x11e, 0x1, 0xfffffffffffffffe, 0x0) getsockopt$auto(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f00000000c0)=0x28000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c0000001400c72da808bf9779d790fb28"], 0x2c}, 0x1, 0x0, 0x0, 0x4000014}, 0x400c000) openat$auto_hpet_fops_hpet(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) unshare$auto(0x40000080) r1 = socket(0xa, 0x5, 0x0) mmap$auto(0x4, 0xa020009, 0x3, 0xeb1, r1, 0x7ffe) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/pcm0p/sub1/xrun_injection\x00', 0x701000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x5, 0x0) io_uring_setup$auto(0x4bf15e08, &(0x7f0000000000)={0x405, 0x8, 0x10001, 0x6fb3, 0x8a, 0xfffffff8, 0xffffffffffffffff, [0x7783, 0x9, 0x7c], {0x913, 0x7, 0x3036, 0xe, 0xd, 0x5, 0x6, 0xfffffff9, 0x2000000f08a2b6}, {0x4000, 0xfc, 0xd, 0x0, 0x0, 0xb89, 0xd5, 0x837, 0x8}}) sendmsg$auto_OVS_FLOW_CMD_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x14}, 0x1, 0x0, 0x0, 0x40010}, 0x800) bpf$auto(0x12, &(0x7f0000000040)=@enable_stats={0x1}, 0x26) write$auto(r2, &(0x7f0000000640)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\xff\x7f\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc:\xfa\x01\xd1\xa3\xb5\xc2B\xa5\xac:woR^a\xb9}\xe7\xbd\xe1\xf77.\xa3\xd8\xc2T\x95\x13\x91\xb6p\xf3\xb2w\xe6\xd7\x94DW\x97\x90a\xe6c\xfb\x88x\xd5L\xa9\xe4\x82\x04\xb1\x8b\r\xcaP\\\x1aVP\xc9\xa4`\xfd\v\x94\f\xc1\x0fQ\xc9\xdcL\x03\x9c\xbfk\xa6\xb1\xb0\xa1\xeeJ\xd8\xef\xc8t\x9d\x1e=J\x91W\xc6AuJ\xb9Q\xed\xd1\a\x05\x9d\x85\xb7b#r\xcd\xaf\xb7\x9f\xf7\xd2\xae\x0f\x98\xa9&\xb6~\xd4\xbd\xbbr\xb9\xc3\xacH!\xc1\x90K2\x05K@\xee\xac\xe8\xc7\t\xab\xbf\xa3\xedb\xd7\xb5\xd7\x83&\x95\xb2?\x0e\x85\xaaIGu\xd6$\xeb\xb6\xdd\a\x121\a\xac\x1bx#\x87\xa9\x10\x9b\xf8YD\x04ZL\xca\x99]\x8f[\x90[\xa8\xbf\x98\xa6\xe50(zC\xe84*w\x13\x96\xd5\xd0\x877\x12\xbc\xa1\xd0h@|\xf9\xfa\x9b\x17\x94\xb9\xe7\xf3\x15\x05\x91\xe8\x98p\x7f:\xd7s\xd9wo\x82\xda\xec\x91\xb7\xd9;H\x8a\b\x00\x00\x00\x00\x00\x00\x00\x8aZ\x94\x14$X7\xaeW6=^I\x9fQ\r5c\x81\xca]\x97m\x89o\x8f\xd8}P>I\xd0\xb3\x88C\xd7', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) poll$auto(&(0x7f0000000180)={0xffffffffffffffff, 0xfff7, 0x9816}, 0x7f, 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) write$auto_cpu_latency_qos_fops_qos(0xffffffffffffffff, &(0x7f00000000c0)="4d46f158ba101c8c2d9356700b866489eff04b4760b3539b045b1af49ea855e368af3d1e6e1f4357d9e208a8ed480f4eff72480ed222ec48dbb1c4c6d0fd8e8a7b798aa8066160cb78be83de9b691f6907f58b4f87e18d4d420de6c18f156d749715ddbf8127891d08247d8c919da0fbb26ace2399e1c632f1e2b0c8ffe8ce7dc7b80b98438f066bd662d0d89bd610fc61883c13fe44afc3e67b91241c5cf586c524a2687925", 0xa6) r3 = socket(0xa, 0x1, 0x84) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) setsockopt$auto(r3, 0x0, 0x60, 0x0, 0x6f7250c4) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) shmctl$auto_SHM_INFO(0x7, 0xe, &(0x7f0000000380)={{0x2, 0xee01, 0xee01, 0x3ff, 0xffffffff, 0x1, 0x2}, 0x8e8, 0x9, 0x9, 0x7, @raw=0x6, @raw=0x8c7, 0xfff7, 0x0, &(0x7f0000000200)="2aa7db8b55346c6e74570047e3327ca639cd4f5fc3dfd4f63ad0f629bd6ca67e5a0e1c767e93cda8a75981dc543ade8b8cf39f3d1d05451fb038a6e4bcde6046c6a995ff43371bafcbcd3fa79e77655aae46f2d05219448595d51bc7c49d84fd622c", &(0x7f0000000280)="51b320ecfad17252d7f617f7b3d51f8d8117e636e574dfbca2ac7b74f44618900018d33f352d8867670b0fa1bc9afd5d808c5d4f2e19403fa7b29a7027be506312d3aca393093fa7adf9aa7adc7a79fe2172edf45ce3016d21bb20ed981be81b50b0c8cab4dde769edb538cdfc7b34f401c203143999ab5ce158e43d9938c521a32270365da59f81f3cba98d59673b78b625fc939c9741cfff9979196fb6b6e0a3fb0e2e5c1c04a2956b5f58fd41549d828cc5a5c88aafe1f97ad94bccea4bccb14f50e30b8158e4f34f4c7cc78cb1b2041569d5d16660dccffab2832fd9c2009599ae67bf"}) shmctl$auto_SHM_INFO(0x9a, 0xe, &(0x7f00000004c0)={{0x2f93, 0xee00, 0xee01, 0xfffffffb, 0x0, 0x0, 0x4}, 0x6, 0x3, 0xff, 0x8, @inferred=0xffffffffffffffff, @inferred, 0x3, 0x0, &(0x7f0000000400)="a22f86633e9c37a57abac7b98faa256a3261f126b7a42c3de2c4fc2799d2b66e1e1340dfaca1d458c17843af4d599932008cb33fb4119fc90160f958bc82ce74ab775f1bf7a77adc378b975f51e538c327690bffd306a856e00f0942a5931862e274d1749efdff9c7544af6c40dd2587066f58ef1bb405b42a3560", &(0x7f0000000480)="14bd9a25a3c8041066b8d965d2b366917c583a37a7"}) 1m15.523515968s ago: executing program 3 (id=3036): close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x1d, 0xa, 0x7fff) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) io_uring_register$auto_IORING_UNREGISTER_IOWQ_AFF(0xffffffffffffffff, 0x12, 0x0, 0x1) openat$auto_ftrace_subsystem_filter_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/tracing/events/vmalloc/filter\x00', 0x1, 0x0) syz_genetlink_get_family_id$auto_batadv(0x0, r0) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x22a02, 0x0) write$auto(r1, 0x0, 0x1000000007e) setsockopt$auto_SO_ERROR(r1, 0x7ff, 0x4, 0x0, 0x7f) mremap$auto(0x200001000000, 0x4, 0x4, 0x3, 0x100000000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffa, 0x8000000008011, r2, 0x8000) mremap$auto(0x7fffffffffffffff, 0xf, 0xffffffffffffffff, 0x3ff, 0x828f) madvise$auto(0x0, 0x400053, 0x9) madvise$auto(0x0, 0xfffeffffffff0001, 0x2) futex$auto(&(0x7f00000000c0)=0x1, 0x8c, 0x1, 0x0, 0x0, 0x1) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket(0x11, 0xa, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/snd/controlC0\x00', 0x880, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x1, 0x0) 1m14.034213177s ago: executing program 3 (id=3040): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), 0xffffffffffffffff) r1 = io_uring_setup$auto(0x1e, &(0x7f0000000180)={0x7f, 0x5e, 0x9, 0x80000000, 0x3, 0x5, r0, [0x0, 0x0, 0x4], {0x8, 0x0, 0x3, 0xfffffffa, 0x7f, 0x7, 0x1, 0x8, 0x2e703dff}, {0x9, 0x7f, 0x60000000, 0x7ff, 0x40, 0x8, 0x3, 0x9, 0x8}}) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x101000, 0x0) ioctl$auto_MEMGETOOBSEL(r3, 0x80c84d0a, 0x0) write$auto(r2, &(0x7f0000000340)='/Eedio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xed\xf8\xe1\xbc\x1d\x91D\xe7R\x12\xc4\xcd\xc6\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\x81\x00U\x14w\xb4\x14\x1d\x0f\xab\"4\x8a\xbbY2@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xcd\xee,\xe2\xbe\x1bBAIA\x9fv\xedP\x84\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\x00\x00\x00\x00\x00\x00\x00\x00V\xd7\xee\x8b?}r\n\xb3\'R\xda\xb2v\x94\xad\xe6\x1fu\xc4\xe7+\x93\xedT\xbd\xb8p\xb3\x16\xa2\a\xd7\xfcQF\x81\xb3\xd7\b\x87\x8c\xde\xa7\b\xce<\xf8i\xcd\x812\f>\xdcHj\xc2\xfc\xa7\xbe\x11\xc8\xd6\\T\xa76S\xef\x13\xfb9\x96\xc1\x0f\xaf\xa2\x84\xe1k\xf5En\xc7\xf6\xb1-\xc1\xb8\x8bH\x01\xa5X/\x98\xc6W\xa8\xb6S\xf34]\'\x0e\x85\xc3\xef\xdf\xf4\x889\x8be\x1f&\x88\xe6\xdd\x7f\x8c\x10\xdb>>U3\x84\xe5i\x98#\xc6q\xac\xe1\xc4\xb4\xb9\xafC\x1f}{-\xbf\xa1Y\xb9\xe4\xf2`m|RQ`\x14\xdb\xad\x14\xecvc\xe8i\xd2\xb2\xed\xad\x00\x00\x00\x00\x00\x00', 0x100000a3dd) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x281, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x8100, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/rpc/auth.unix.ip/channel\x00', 0x3ce500, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.3/enable\x00', 0x20f01, 0x0) write$auto(r4, &(0x7f0000000040)='0\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x9, 0x15f4da07, 0x6, 0x10001, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/jbd2/sda1-8/info\x00', 0x8000, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000240), r1) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x111) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/clockevents/clockevent1/uevent\x00', 0x206143, 0x0) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 1m12.773546011s ago: executing program 3 (id=3042): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x11, 0x80003, 0x300) r1 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r1, &(0x7f0000000100)="632d1bfe595046ab5c40bd6163307acb6d16baef6176e669a216aae1824ccafdd80500ffffffffdfff1a0e00fffffffe0000000000000000", 0x38) mmap$auto(0xc, 0x400008, 0xdf, 0xff00000000000010, 0x2, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) recvmmsg$auto(r2, 0x0, 0x9, 0x10, 0x0) sendmsg$auto_MACSEC_CMD_DEL_RXSC(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYRES16, @ANYBLOB="010527bd7000fbdbdf250200000008000100", @ANYRES32=0x0, @ANYBLOB="1800"], 0x34}, 0x1, 0x0, 0x0, 0x4028811}, 0x4080) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="21f227bd7000fedb040000000000739a526fc59255401d775a0fa73c725251d900f5abbe10e366b03c73d5ae60e1b5e5a2376bf6fa01ce200037b7bed9f28a2f9c9d0a4628c5f8cbb15f430bdc4c1e9dc53c277531f28903a7b7d0583ee37e34077a5e9b1f3f29814e5a3cd441b6b72c572c87a0449929dd84bd1bf0"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd.', 0xd, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r5 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x3a, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x2, 0x6, 0x4, 0xb2, 0x9, 0x0, 0xfffd, 0x80, 0xea29, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x2, 0x0, 0x0, [0x1, 0x6, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x0, 0x5, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x9, 0x8000000000000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffff, 0x0, 0x80000000, 0x0, 0x800, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x4, 0x0, 0x1, 0x0, 0x5, 0xfffffffffffffffe]}, 0x202, 0x2000000d) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r6) sendmsg$auto_NFSD_CMD_LISTENER_SET(r6, &(0x7f00000050c0)={0x0, 0x5c1e, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r7, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) sendmsg$auto_NFSD_CMD_LISTENER_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="010027bd7000fbdbff25060000000c7102d2d637082e80d3906005bbddad69ba8fd0730993dcf2b7864cfa91b3eb094ea6c9f0315e91b81c123c46ac7da576969d2fddedc337e2a9ee02dd778622bcdc7905be99673946f667f7e1bd7a84c9ab9bba09bc14fc011cbe81ed63429bd558207bfb4982cd36b829447bcb4be42516bdbc76baf0708c48161fdf78b2691e3c7810605c76af0fc81b217a6c7581ae26702004abb2d56f61daba4f71d48cac545e15fd33b94acd9a406951ec5801cbc931fc04890bfc5eb9ebb4ef00137371c8184b027cdfeec19242a63dd6704224514a9d18ab2a8dd7e2632746452b6ff125"], 0x14}, 0x1, 0x0, 0x0, 0xeda47ee5ad433e65}, 0x20000000) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) setsockopt$auto(r0, 0x107, 0x8, 0x0, 0x6) 57.38911006s ago: executing program 32 (id=3042): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x11, 0x80003, 0x300) r1 = openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x2, 0x0) write$auto_snd_seq_f_ops_seq_clientmgr(r1, &(0x7f0000000100)="632d1bfe595046ab5c40bd6163307acb6d16baef6176e669a216aae1824ccafdd80500ffffffffdfff1a0e00fffffffe0000000000000000", 0x38) mmap$auto(0xc, 0x400008, 0xdf, 0xff00000000000010, 0x2, 0x8000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) recvmmsg$auto(r2, 0x0, 0x9, 0x10, 0x0) sendmsg$auto_MACSEC_CMD_DEL_RXSC(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000080)=ANY=[@ANYRES16=0x0, @ANYRES16, @ANYBLOB="010527bd7000fbdbdf250200000008000100", @ANYRES32=0x0, @ANYBLOB="1800"], 0x34}, 0x1, 0x0, 0x0, 0x4028811}, 0x4080) sendmsg$auto_L2TP_CMD_TUNNEL_DELETE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="14000000", @ANYRES16=0x0, @ANYBLOB="21f227bd7000fedb040000000000739a526fc59255401d775a0fa73c725251d900f5abbe10e366b03c73d5ae60e1b5e5a2376bf6fa01ce200037b7bed9f28a2f9c9d0a4628c5f8cbb15f430bdc4c1e9dc53c277531f28903a7b7d0583ee37e34077a5e9b1f3f29814e5a3cd441b6b72c572c87a0449929dd84bd1bf0"], 0x14}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) r3 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="1e"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mount$auto(0x0, &(0x7f00000000c0)='}[,&*}\x00', &(0x7f0000000140)='nfsd.', 0xd, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x100, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) r5 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x3a, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x2, 0x6, 0x4, 0xb2, 0x9, 0x0, 0xfffd, 0x80, 0xea29, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x2, 0x0, 0x0, [0x1, 0x6, 0x4, 0x0, 0x0, 0x0, 0xffffffff, 0xfffffffffffffffe, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x0, 0x5, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x9, 0x8000000000000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffff, 0x0, 0x80000000, 0x0, 0x800, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x4, 0x0, 0x1, 0x0, 0x5, 0xfffffffffffffffe]}, 0x202, 0x2000000d) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000002a40), r6) sendmsg$auto_NFSD_CMD_LISTENER_SET(r6, &(0x7f00000050c0)={0x0, 0x5c1e, &(0x7f0000005080)={&(0x7f0000002a80)={0x14, r7, 0x1, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20008050) sendmsg$auto_NFSD_CMD_LISTENER_SET(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="14000000", @ANYRES16=r7, @ANYBLOB="010027bd7000fbdbff25060000000c7102d2d637082e80d3906005bbddad69ba8fd0730993dcf2b7864cfa91b3eb094ea6c9f0315e91b81c123c46ac7da576969d2fddedc337e2a9ee02dd778622bcdc7905be99673946f667f7e1bd7a84c9ab9bba09bc14fc011cbe81ed63429bd558207bfb4982cd36b829447bcb4be42516bdbc76baf0708c48161fdf78b2691e3c7810605c76af0fc81b217a6c7581ae26702004abb2d56f61daba4f71d48cac545e15fd33b94acd9a406951ec5801cbc931fc04890bfc5eb9ebb4ef00137371c8184b027cdfeec19242a63dd6704224514a9d18ab2a8dd7e2632746452b6ff125"], 0x14}, 0x1, 0x0, 0x0, 0xeda47ee5ad433e65}, 0x20000000) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) setsockopt$auto(r0, 0x107, 0x8, 0x0, 0x6) 7.947747572s ago: executing program 0 (id=3243): mmap$auto(0x0, 0xe985, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_11={0x1, 0x6, 0x6, 0x7, 0x1bb080, 0x97, 0xff, r0}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x7, &(0x7f0000000180)={@siginfo_0_0={0x0, 0x9c2a, 0xffffffff, @_sigsys={0x0, 0x5d35, 0x6}}}) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x8040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) sendmsg$auto_NL80211_CMD_NEW_STATION(r2, 0x0, 0x1) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sda1\x00', 0x2000, 0x0) socket(0x2, 0x5, 0x4000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, 0x0, 0x6a) r4 = io_uring_setup$auto(0x1, 0x0) write$auto_fops_init_pkru_pkeys(r4, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0x3, r3, 0x0, 0x100400000000006) r5 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x34, r5, 0x1, 0x70bd2b, 0x25dddbfd, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0xe00}, @OVS_VPORT_ATTR_NAME={0x8, 0x3, '})[\x00'}, @OVS_VPORT_ATTR_UPCALL_PID={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x44040}, 0xc0) 7.593578995s ago: executing program 1 (id=3244): mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x20000008000) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/audit\x00', 0x100, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB], 0x1ac}}, 0x4004) r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0) ioctl$auto_VHOST_GET_FEATURES(r0, 0x8008af00, &(0x7f0000000100)=0x8) socket(0x11, 0x3, 0x9) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xc, 0x800008000) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000180)='/dev/binderfs/binder1\x00', 0x200, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x7, 0x4a}) socket(0x5, 0x2, 0xee6) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) mmap$auto(0x0, 0x3fffff, 0x7, 0x11, 0xdd, 0x0) io_uring_setup$auto(0x2, &(0x7f0000000080)={0x80000003, 0x9, 0x4002, 0x6, 0x4, 0x8, 0xffffffffffffffff, [], {0x9, 0x6, 0xf, 0x29f, 0x100, 0x7f, 0x101, 0x4000006, 0x2000}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x104, 0x8, 0x100000000}}) 5.503902814s ago: executing program 4 (id=3245): io_submit$auto(0x5, 0x7, &(0x7f0000000040)=&(0x7f0000000000)={0xffffffffffff0001, 0x8, 0x6, 0x8, 0x5, 0xffffffffffffffff, 0xe0, 0x1, 0x200, 0x0, 0x5}) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001140), 0xffffffffffffffff) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b8148120, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x80000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setpriority$auto_PRIO_USER(0x2, 0x0, 0x81) shmctl$auto_SHM_INFO(0x3, 0xe, &(0x7f0000000780)={{0x4, 0x0, 0xffffffffffffffff, 0x7e7, 0x0, 0x8, 0x4}, 0xffff5049, 0x81, 0x200, 0x81, @inferred, @raw=0x5, 0x6, 0x0, &(0x7f0000000680), &(0x7f0000000700)="702cd3d6f4c7d12ece89d98d5bb588d457c6d3becbf886ea2af0f2245775ae0a5e5272fd8dbaf28b475e82dc4c9507811297cfcbcb9af20224c9b1703826cc64002fb13e71aa2ef2287e1cb0b98207032bfa8a9fe87a7ac9dbabfdddbbe058903a7d0d00242bed00db4081a1cc258f"}) shmctl$auto_SHM_STAT_ANY(0x7, 0xf, &(0x7f0000000940)={{0x0, 0x0, r3, 0x3cc0b025, 0x8, 0x7f, 0x4}, 0x4d, 0x6, 0x5, 0xb1e2, @raw, @raw=0x4, 0x5, 0x0, &(0x7f0000000800)="b44ccefec0ae3d7ecfffaf638d451d3aa7fdcd3f59dfe8031542aadb800a861d0cb9869fe6b956e87f6c96f05239bab1fe5ba0e5d1af574290b79aa04bde4ca78d660b3faec5da3b1bc191ce720176577762351875ebb6fe918361da3e87de19b7653d2e5fd4c9e63f3bdd83edcc5690ac6a1d4c186d6b4366f2dc0265cfac5450c4da851603c57927d0d16684380abb0bfca8c6ab920db85673ea3460ad2059053c2ed59627dacbc190abac48ded6bbf3336d91ead92a3462824e2d46cfc6ebe3542f07e58c1e7d3e3536716c782db32f6d7a7db55f54a1f1743ee3b5ab2aba6760aee142723169249e19476fe601b19b6ee47590", &(0x7f0000000900)="6cc3cb0a2ece5c0042b265e0b3bd259d"}) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB="6102004c", @ANYRES16=0x0, @ANYBLOB="00082abd7000fddbdf2516000000050029000100000008000100040000001a0002002f6465762f62696e64657266732f62696e6465723000000005001a00870000008b0118808c00ed80cb527603e78437f26b37e5e44c4bcf9d22bc7a38508fce9785e8b4f82c323c45ff3a4154f873498bd54e7b0944e6106bf7ef7afe9fac6529a18e7fcbbbedb7fa861b2c8cf823b4e195ee4d82974a27260520f7029ebbc3fab3e3ca4f52257e66ea35117fd84f4628b44d9fa90800d8000080000008001500", @ANYRES32=r4, @ANYBLOB="0c00530007000000000000003f93a58731e23f7fd904729a5434e198f6813b18a59be7648f43a16f99672a0d86082411f4a57d836b3d9897265b88b475f1aa3983646641330ed84d26554851c7b7a016ebfd9fbfb3e929341c2fc489e153e111783759760a5761d4eb0a1f52b596a98875876222ede9af7f04e0043dd1cf744789f571e8b54d1106ecf8c3e879d81af6ab8899c11661f81d0427ce667bb5861112858aba259062c25e9536ed8d547dd160998e8b0085cda9011c9bacd6c780c70ed336c13f5f01a7ae01e1d4ecef906440860a959587befac294bf92a129d381c25a478c2adf9e6afd24cd7c952d2466e70254cf3f771b42df1d6e57d1cc4df6837679f7803db700"], 0x1d4}, 0x1, 0x0, 0x0, 0x2008004}, 0x6514) ioctl$auto_TIOCSTI2(0xffffffffffffffff, 0x5412, &(0x7f0000000100)="63ecea062df1229f3d3ec21f1f5f8307e6aa7b6b0b45017f77b0a8d80914633e00b0b5f6f86df743e76943b956a85aeb3b72168c1a19581a31fff13fa27e1bcda6b3b6cbbf937b5716b9c3a7edda0e20639669408cf31eb0fbe39ae2") sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000ac0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x65e0400}, 0xc, &(0x7f0000000a80)={&(0x7f0000001180)=ANY=[@ANYBLOB="c4030000", @ANYRES16=0x0, @ANYBLOB="02002cbd7000fddbdf2501000000080005000400000011022b80350de5f3953fae7e5090f3f78292c1b1e30c82c03553b1ed8e647d9b0ad2cd1195dbd16cbaeae5ec56be3fe6b45fc7a443bdf917e628f3d09c385e083bf976cdaf8eabc2a6a79cca9c9d874cd5bf010280af863b68554eac90701b0dfc02ba3fe61b8d5d122b87d255081c1f5af60800a200", @ANYRES32=0x0, @ANYBLOB="b9c9983bb512f67e1938cbcad0f23740a1d616c136ac382d870d7d1ce5bbea14ce05fd535c0134447fc7776439f8dddce0807a43e9d30800ac00", @ANYRES32=0x0, @ANYBLOB="11dbb90d3cfdff3167e4d08a064ecf81b8791ee1b2e22b1a12a6f9a1b8b40d5a0324046c8bc5be3750affc3676850c784885fb645591da75d8cdd78700cdddebbc8124e60d8847f54499f09ec29ca477913bb2f9e76739a67c8e855c77d749b4899b04d5cfaed45ef287b97bc23395218af3d0b1c9c604e22627c372a0407240a24e323acd0a6bf239309a524f2f57b6b034399095e771651f13f1d71d97454a27daad16a4e9ff63ce6443c08813ec73550e43ce899b03671413ab786572e1891cbf7b0de922d8b6fd74225c58cfd281afd906736b93874d5303a1e07cc03d41a8288dc8135fc8b9235beb5f3f2c46ad862e052f7e62e28f4a275a33c85c3d0fa41ddc0c0b3ab5afd7189566184c05d78122c2e32c3939cb36b3ea8da3e03e395a7555b5314220fdeae7fdbf1462105562bbf04ac025eed5582910cc9b3c0d26d240feb3c61729710d0052006e6c38303231353400000000000000000d0002006e6c38303231353400000000050012001000000074011e8008005600", @ANYRES32=0x0, @ANYBLOB="0400750034007a801400fc00fe88000000000000000000bd5274fb5817276f227f7dc7dc9ad7b900eca20000000000000000006fa5542347d0886ec77fa12d33301bc9f14df37acef3b5f2252445c17fda2a0839edd02381c8f1b987c58e87cad2ffcc8bf8d6373250c99545c46936494eea2d2895dee1212167c72544996168ea2406abbb7365ef78031f5c38eaa9ba22848b16ae954cbdf94136310d1b407814ebf24b97429ee7a8790a8d", @ANYRES32=0x0, @ANYBLOB="04001b8008000900", @ANYRES32=r1, @ANYBLOB="2d01298008008800010000000c00228008001900040000007b551f8cce14cf2cd385874fd43e65361d93cc42a4bae3675d4982d11272d72cff3f1e78c832f1164498cfe3349455936c713965eeaef6fee66efbb1da53a95cf80ef153e5779c3e0dc1a0669d0b3ecadc5eb635a4cd6d29e3ebc13c9bfdb342fd0ba82ed30a79f4acc86f6fa2d3cff99d1aa35494d3a2cecdd1dfd3ad71230a526320b56daef43da93c9194c8d276ad663c870c3459964479b0050018000000000008001a00", @ANYRES32=0x0, @ANYBLOB="ae8370af279fe94f498dd0b31b410d993a2fa3a8566d0d1130ac2da5021715b2d90fb2d866ba78f6ce44f0ae424570254b84099c37ccd142a48584b474ed348cea9760c285bd8494e2e6c7dc6a8bd9b72b7290fd434cf4b22dc42308009000", @ANYRES32, @ANYBLOB='\b\x00E\x00', @ANYRES32=r2, @ANYBLOB="0000000500120007000000"], 0x3c4}, 0x1, 0x0, 0x0, 0x404c004}, 0x4008000) sysfs$auto(0x2, 0x4, 0x0) r5 = fsopen$auto(0x0, 0x1) fsconfig$auto(r5, 0x8, 0x0, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) 5.248759099s ago: executing program 0 (id=3247): mmap$auto(0x0, 0xe985, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_11={0x1, 0x6, 0x6, 0x7, 0x1bb080, 0x97, 0xff, r0}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x7, &(0x7f0000000180)={@siginfo_0_0={0x0, 0x9c2a, 0xffffffff, @_sigsys={0x0, 0x5d35, 0x6}}}) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x8040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) sendmsg$auto_NL80211_CMD_NEW_STATION(r2, 0x0, 0x1) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sda1\x00', 0x2000, 0x0) socket(0x2, 0x5, 0x4000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, 0x0, 0x6a) r4 = io_uring_setup$auto(0x1, 0x0) write$auto_fops_init_pkru_pkeys(r4, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0x3, r3, 0x0, 0x100400000000006) r5 = syz_genetlink_get_family_id$auto_ovs_vport(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x34, r5, 0x1, 0x70bd2b, 0x25dddbfd, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0xe00}, @OVS_VPORT_ATTR_NAME={0x8, 0x3, '})[\x00'}, @OVS_VPORT_ATTR_UPCALL_PID={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x44040}, 0xc0) 5.196371873s ago: executing program 4 (id=3248): syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000140), 0xffffffffffffffff) openat$auto_force_suspend_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/bluetooth/hci1/force_suspend\x00', 0x121401, 0x0) socket$nl_generic(0x10, 0x3, 0x10) write$auto_sg_fops_sg(0xffffffffffffffff, &(0x7f00000000c0)="4a0200000000040000000000000000000700924d1b3c5d2e00000000fdd2adc245a4fe3a61af156016d2e122228118b035ab6f7e46cbe922896e7e796fec3370fd6cf2d037cbf213d48b743bd7800890341900000000000000091261d01d3d1b573ab7aefb0d9f016860e3912060ee2dab170edcad212b7a4106b158ca8cdf4d76900d9772636f0cb3bd2913e2a6812a2f6921473340f867940a38087139a608d706fdb5279c716cff318b648b9680ddbe99631a96a20967d03d18c13e4efe1552d1cbd0f5503b4f552dc33a162651f3b15ad44907b2b2a2662b4e6640dc380afd675a95f58de3f019280d5a99b66cb919131e5752c53688908ff57e6e7753192537707b8d3d9508cd2ffab40b20f9367f40cd6c9211423264499f39b48d", 0x11e) fcntl$auto(0xffffffffffffffff, 0x400, 0x0) r0 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r2, &(0x7f0000000280)={0x0, 0x80000002}, 0x46, 0x2, 0x0, 0x7fffffff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x82600, 0x0) write$auto(0xca, 0x0, 0x0) syz_genetlink_get_family_id$auto_ovs_flow(&(0x7f0000000180), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_FLOW_CMD_GET(r3, 0x0, 0x800) getdents$auto(0xffffffffffffffff, 0x0, 0x400018) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000240), r3) sendmsg$auto_ETHTOOL_MSG_FEC_SET(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x54, r4, 0x100, 0x70bd2c, 0x25dfdbfd, {}, [@ETHTOOL_A_FEC_AUTO={0x5, 0x3, 0x1}, @ETHTOOL_A_FEC_HEADER={0x28, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_FEC_AUTO={0x5, 0x3, 0x9}, @ETHTOOL_A_FEC_AUTO={0x5, 0x3, 0x2}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), r5) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000440)={0x20, r6, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r7}, @NL80211_ATTR_SCAN_SSIDS={0x4}]}, 0x20}}, 0x4000000) sendmsg$auto_NL80211_CMD_SET_WIPHY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="01002dbd7000fddbdf250800030008000300", @ANYRES32], 0x24}, 0x1, 0x0, 0x0, 0x5c5fd097d751f33e}, 0x80) 4.957790968s ago: executing program 1 (id=3250): madvise$auto_MADV_UNMERGEABLE(0x0, 0x3, 0xd) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0xc0180, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS2\x00', 0x101000, 0x0) ioctl$auto_TIOCMSET2(r1, 0x5418, &(0x7f0000001300)="1ca676b78451bf6fd64c6727343ac8721fd518a7a66f1cd9dccdbe7fdedb7cea87c1f849417d5bf0a31ca3a0924515e121864eb41ec8d7e26e7146916dd15eb63a9d5a5a27504aec7de6f8df2bad8e26a8077bb3bd425f6c03146095e68623603c137e1bd9bac333044b242740d3a6b1db8a39781e9b4a6048e17725c21b947dc084cb0a0ffc4e7389d41cb339dc50") mmap$auto(0x0, 0x8020009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x68b82, 0x0) ioctl$auto_KVM_GET_MSR_FEATURE_INDEX_LIST(r2, 0xc004ae0a, &(0x7f0000001480)={0x3, [0x5c20f0b6, 0x5, 0x1, 0x6, 0x69f7]}) r3 = ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'ip6gre0\x00'}) r5 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f00000000c0), r3) sendmsg$auto_NL802154_CMD_NEW_INTERFACE(r4, &(0x7f0000001440)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001400)={&(0x7f0000000100)=ANY=[@ANYBLOB="f4100000", @ANYRES16=r5, @ANYBLOB="04002bbd7000fedbdf2507000000d6101e80ef005c80ee5aff52490a31f3fe44bf4ba78f9c7a66976c53decf52f013d2e3cd78ffa5845941606504006f808983204549a9a45aa521cc2dab2b8a8b815a5283e51662b65e8fc3a38be5a96d884fb2b70356d8e48872e9f030f18c7c0cdce8fb22b336f83249e8ace7914e65b0a5b15d8cfeb2f1b017401880e46b53b16df0cf586bc44a5660ea947fb914b61b8acdec0c5185064a09f9bf4e195f9976c03f8760be70fdd1cbba011f4840dc12d929d70f556bcc019f696503d1aafac01e8687714155a145c07c8562ee7a2a67164c2992c87548efaea1028f7a347b9007d2286aa433f1f2384ce8716a2dbda164b100a032d50f03a22f0b975f4798d80bce3fa84eb3e684b9ee7e160a325b6a4adb9ccf38f37b53692df66de24ead37176789bcb3990ef491bd2a0a58cbd6b8573dfa8d8361e4e586e5f38fafa49fc6c54f463b01aac7cd9e52be9afb9c5738a6a39d87f3f874ed255617f5214bcf87a821c94c149cfdcc05784b7790a717aeb1960c2bbe36a15de59f1e4a7a09a679ab116011ed419a6c868a4819dd371fbb9f42ba6a1bef8e133294ed7a9ff5bae43900ea0e6470848c23f401eb45d54811df4af807ec0eb32644a701a607b32a2e828a55735ef57f0b22892caec2e060c9aaa9528dd0ba9f62a590ffec4bbe92e7a4c244380ab6fa2ea2ede469f1b7749a39e5cc2287aa8ff561d7fdae440588bbb8abdf44747e04fceead45fa8b4daeabe15e140ec8f60d3de88f3bcf6a0421a7a0109bb622624c9da3a9da28ab34058d122e1cfd93c4ade2e000368b21f978d8a90935b53ab013e007db20d550ded0269822ccf09bc8cbef9a9cf7f14a2d246e5e0b597934e647125fa16b769ac9f298f63e2c6ba1e63edc4f3bcd8b8376906d4553216e233e8fc4b34bd350332c3f986d25f808e59a9cc34d8271fdd17e0ea7d53781bae39f32a24b92c9c172d4fe946110082fd1eae768887f0a1193e0b3d3a0018bf54db30393b2dc2033a2958cdedaeb5fd3f61d7d1a4b251401093c215074b419c11bccd9570f17edeecb3e588c3398a42dbb6d2a4ea3daee8840543b04146364bd681e39e7521a11096b5c6a8b8d63a69f63fb05763e444e8abb07d211995b887c25141fa0055ed82a7e0b06b021d48c2cbef58bb742d69bcd60f71d76f840ecbe6244dafd0b6e9d262b54ce87db4b39404c99f8abb812a9607d9e91b6aa51104a06a6fb2759fa7793c08221a0c2c73950e71735f5497609f4324d62008c88fc5676f9b21594a679c71806d87452cb3915fdd3e32e8b789a1a8c35d606650b77b6a2e037f4fbf3250f85c5768294fb8e99b005eb0129f4b4920e8771fc61678954a76192fe163916173d5117553086a1aa3fc8bda90c5ded80448fd7274b6075a7edd4549dd6eb68ce6b252bb064a648063bbac1933c4917d7fd2faedd18578da519014273608224e6902c63ee2b590a66636fd26316d5a5667dca51ea97b0ecd24d25db663fe9eda0188cc272743eec886870d3b187aa201cc4bc253fbad8cfbacfabdaf4a8f94b360746c43ffea3cfe1203a418842133a8f2bb30f8733ba90adbe5096e758fe0d35ad2c497215be5fd94114e3e3b694c9e298e229c1b05e7d5cb333b5d99e249eb42938da742fa9868f1b24db9315cb319ac191df827e878073c511b3ea0aac4deaf85c5b6f2832fc137e6dd0d190f2e5703daa34d58eee74c380f7174aa3946b4e5c001f673b8dd22a3be63ee13ae3c5998ecdbe5ca951f4c4e9ce8c70f4e0ae21ad8427444c43685b428997a11f47e8394d7acc01e7e5602ba66d5d0d26050b8aacfcc410ee21865e900069cbf26a94b7c6430004f0b64e58196602843f360847fc09a82cd5f783e3f0cb3f278c53eaf7dd3adc36268d00075542c8e3c97599ec5a1c4859d85f058a27f9fa7dcf96828b8b424bd8a363603800592194a3541da6ec963e9dead95af3a9c4c6d52ba788c93d803ee3ce9d3a85ed61b4e9418fbf47ee9e924b953c8a3b513eebf7af3af1ffac46afd2b51b68e9d4f521e702b2f15dee9019bacdb7c8cd0dbdbc6cfcb30ccb898a1306c0397d02b9799529cc0886a6f25e4af69dc73e5cdab5ec61c0ad899e9cbe00acf037e44923edfbd387b3abdea066421128e266f298ccfd18e88ffb3b56848a8d50c4f90b3c797e939544576effc4fc61fc757e1131916f8702db9819111df8257777752ec022ff7f050882d109dd99308a91608d20d6100fe22cb74dd7d430f48d4b9f71b744681512f422561d09ea41dd6e933bc217d6042ce04c971c09fa61b065051e8b6a6c5a00f37d12b8ee307631adc9c3a7d3bc376948bb9a703e81d64dd7aca819842b06bf1948a15500f2b222ba26a3f5c1123c9462ac830314de4d2364f659e72c3393f1fb70f8457185ad7684fd8823157e64fb3c421d10fe174c755e65861ea3a4156a0ae9b9f7d3fd29c52013be179d5c4cbd95eb1f881c20fb541b24f18f908e8b855f62b3d67733305676c7ff6dff80119eb94d6c6f7fe9c099a9552c044bb607c4357af398b2f3b3c04cd878780c4b0e867ab4941933998b4f7039fe0848db121c6e2af41a318533b34aa2b114ff033963caa2109fc83a42827f564a5cac4705f0914e64d1fe197d38f5a6e1fb4fe6875dfb2e6fd0ea0ad2273e9a3aa91f25fd0a376af993e019e88237c3951ff4365fc594ab4456b8f3202d7f05e22aaa58fb6d7290b7a3196a57cdd1ba9c7358acb859a91125db3237193f22c27be6bea4dcb12e4e06a04c6db6ac29ef1e53e2aa022a7387fb3a90492811d6bcfde145aa21b818e32fb44f9b0225d0510e4be579d0bcf3d3263935b6cbc7ffa5001fcc869edb7ddcd9bd1a68b537df5775307a873ec5775e0ef9854ae84bbe5f9bf58fe682c490163cfd883ab778627662eac0b7b3bbd000037eacb8b4ed3d4f92f10e3517170d20a7f3632937538dcc13b4f5a99cc0a50cc6b31bdd756b9893c59e0fd28bed0ea84277e1da6224e972ee1659c52f94ebcca5e95c8c69413101e25a79e37bccb56a2d34cd4b0648a64fcbcb19a627d8a2517c168b069060f76584b71f743c684865b422efe97db28e0c26b93aba3a2825c0678cd40ef7a26c4272e0dc6ebfad7c002e2ec5731488d35e8493bdc3d0bcfec56a109aad1e1cb1487b89c03daaf6a7863fea6b067bd6da9964d19d7c146a74b2546d3626e8d9d2786b9377eb38ea049429262ce8d986eda39bc232081a018700e0ed9c688c1a2e393fa2640e793a3670a37f7f33c06d494683b173f4e1bf06ad273a14d4af15dde995068ed622bea58af8d67bd57dd500fc662f4e5af3ac032ca8c4135f7e52777f5ca343802ffb2259e33de74b34eb339701c51f2070453b7b18c160a2740b7a15763acd6189650fdf6457dd104cb51aa979efa68769f580498360cd589a7781a55714a72bc29602976bad9bbfb9db03a97a83bb59d7060a59047d5c326cfc09d868d30040aacb768a9166a55146ed494e3dc1c663ccbadbecd11938979a52230d07a3b8bacd0827f7584b29832f55e0476770c01f033fa1ecdcf8dd8b33fadcbdc40f2998ea86fa2b566dd78df3b9946eebc33f2f45e2fb2a6f5b5d4527fb48698a59660eba49508ea02c5b5315b50a4d8c214c6738edc131aa33c9a844962a4627c85c94adf9a3366277d517fa8067eb347a7f5f921591cbc42e8c479c7d7b011b32b6ed357089dceac32cc8975eaaedb0d72b8246a65930526987cf96f24bcf8c90aba2e4005c7778a0fb171ad681ddff36f2811d5a66125d111092fd8a05ac9b8824bd9f7616283ce78a05ac2844945a4dbe44ec68a2c94b868b102b526ec94889554746e5af4cd0e657be56556ff8eec29830d596981b73edf20e9278ee2ca9b6a542308124097b6d7fdadf41a1efd92049e092705aa40ee451bae427bb64ff87e4fc884ba5560ecce15a3ec1070276ffc963c00f4661b72a7bcf3060fc064fc832fedcc1e22a5835cf71cefb5accfc471c37cbb80eba9e3ada796fc7fd85d64d5ef75de073011b163a447e1f308e18c54570ff21acf7a3989dbef1cdf8d27fab66b74a97a9baf2f01666cd892116c34e3bd1eebd706aca862cb9e3c697e98f14e6a4bd7c16fdb0d19c473ddf39ce8100858c62ebae83b18d75ab2df8bf17e38e0d143fc2e55fe8d8e68e67fe866bdceae2186aa2a3bfec4f46095823a8a1389dceee3f0ec1850632d2bffc5ee9708e67aac68c8161c70e3188cbc9d16be532bb242196e475fc7351fe3fc4ad22681b4f3e0e38b0cba769eef7ffb660e6f903814c0b769507c651a9a40b96e7d035e7bae0bc0293a4aad36aff4d57489970d6773f742f3799d8c85d7bc1bc79ae39c7162bffb9b8adb34391cd6ac4f108626fb501ea40f3b06706c8be09cf4f0e65f5966c6236ffcc50f9f8a26e3f5bdcf49e415d2ff6f94d03647b259078853be496bedbac9945c1191650363e6215f3ac702a5df51a3e4b119625da426eee13240bdc7b1e917eaec1317a79e1de67266197dd953286052211fa87a4702b", @ANYRES32, @ANYBLOB], 0x10f4}, 0x1, 0x0, 0x0, 0x4c811}, 0x20004000) openat$auto_tracing_readme_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/README\x00', 0x8000, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) socket(0x18, 0x80002, 0xfffefff8) socket(0x29, 0x800, 0x2) statx$auto(0xffffff9c, 0x0, 0x1000, 0x0, 0x0) ioctl$auto(0x1, 0x890b, 0x8) r6 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000001200)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x6b1a6ca43fb96c64, 0x0) writev$auto(r6, &(0x7f00000002c0)={0x0, 0x5}, 0x3) r7 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$auto_KVM_GET_MSRS(r7, 0x4008ae89, &(0x7f00000000c0)={0xdd, 0x0, [{0x40000070, 0x400, 0xfffffffffffffffc}]}) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x2, 0x1, 0x0) socket(0x1e, 0x1, 0x0) memfd_create$auto(&(0x7f0000000000)='\xc4--:\xdd:,./-${\x00', 0x4) 4.757162584s ago: executing program 4 (id=3251): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), 0xffffffffffffffff) r1 = io_uring_setup$auto(0x1e, &(0x7f0000000180)={0x7f, 0x5e, 0x9, 0x80000000, 0x3, 0x5, r0, [0x0, 0x0, 0x4], {0x8, 0x0, 0x3, 0xfffffffa, 0x7f, 0x7, 0x1, 0x8, 0x2e703dff}, {0x9, 0x7f, 0x60000000, 0x7ff, 0x40, 0x8, 0x3, 0x9, 0x8}}) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x101000, 0x0) ioctl$auto_MEMGETOOBSEL(r3, 0x80c84d0a, 0x0) write$auto(r2, &(0x7f0000000340)='/Eedio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xed\xf8\xe1\xbc\x1d\x91D\xe7R\x12\xc4\xcd\xc6\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\x81\x00U\x14w\xb4\x14\x1d\x0f\xab\"4\x8a\xbbY2@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xcd\xee,\xe2\xbe\x1bBAIA\x9fv\xedP\x84\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\x00\x00\x00\x00\x00\x00\x00\x00V\xd7\xee\x8b?}r\n\xb3\'R\xda\xb2v\x94\xad\xe6\x1fu\xc4\xe7+\x93\xedT\xbd\xb8p\xb3\x16\xa2\a\xd7\xfcQF\x81\xb3\xd7\b\x87\x8c\xde\xa7\b\xce<\xf8i\xcd\x812\f>\xdcHj\xc2\xfc\xa7\xbe\x11\xc8\xd6\\T\xa76S\xef\x13\xfb9\x96\xc1\x0f\xaf\xa2\x84\xe1k\xf5En\xc7\xf6\xb1-\xc1\xb8\x8bH\x01\xa5X/\x98\xc6W\xa8\xb6S\xf34]\'\x0e\x85\xc3\xef\xdf\xf4\x889\x8be\x1f&\x88\xe6\xdd\x7f\x8c\x10\xdb>>U3\x84\xe5i\x98#\xc6q\xac\xe1\xc4\xb4\xb9\xafC\x1f}{-\xbf\xa1Y\xb9\xe4\xf2`m|RQ`\x14\xdb\xad\x14\xecvc\xe8i\xd2\xb2\xed\xad\x00\x00\x00\x00\x00\x00', 0x100000a3dd) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x281, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/rpc/auth.unix.ip/channel\x00', 0x3ce500, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.3/enable\x00', 0x20f01, 0x0) write$auto(r4, &(0x7f0000000040)='0\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x9, 0x15f4da07, 0x6, 0x10001, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/jbd2/sda1-8/info\x00', 0x8000, 0x0) syz_genetlink_get_family_id$auto_ethtool(0x0, r1) open(&(0x7f0000000800)='./file0\x00', 0x62240, 0x111) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/clockevents/clockevent1/uevent\x00', 0x206143, 0x0) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 4.57338835s ago: executing program 1 (id=3252): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffff004, 0x2) socket(0xa, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x10, 0x2, 0x9) socket$nl_generic(0x10, 0x3, 0x10) r1 = ioctl$auto_SW_SYNC_IOC_INC(0xffffffffffffffff, 0x40045701, &(0x7f0000000000)=0x79252a8e) read$auto_uhid_fops_uhid(r1, &(0x7f0000000280)=""/241, 0xf1) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) r3 = getpid() process_vm_readv$auto(r3, &(0x7f0000000000)={0x0, 0xfff}, 0x800000001, &(0x7f0000000280)={&(0x7f0000000140)="ac42d463f1971417fb682e4df2bad2d03f1a585658c73b01dfdaa89cb523fc81cd49d02e36fccaa80c996a8121bd2344228256a3f3da16682b257ca0dadcdad65a81d271671b42a20eb49c525b2eee9d5e0e305b92efaed8615f8bfb7e9da9a310b71f97fec6fb6beaab1f2dbd9fdf36edf7656e18d1158267f64504c84440831a60611b7e39a8f6bcde8566f25294bd", 0x1ffffffff}, 0x6, 0x0) r4 = waitid$auto_P_PGID(0x2, 0xffffffffffffffff, &(0x7f0000000380)={@siginfo_0_0={0x4, 0x3, 0x408000, @_rt={0x0, 0xee00, @sival_int=0xb}}}, 0x4, &(0x7f0000000400)={{0xfffffffffffffc01, 0x401}, {0xffffffffffff6e47}, 0x8000000000000001, 0x7, 0x9dd, 0x8000, 0x1, 0x6, 0x5, 0x9d80000000000000, 0xc5, 0x5, 0x4dc7, 0x6, 0x3, 0x7f}) kcmp$auto(r3, r4, 0x8000, r0, r2) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex, r2, 0x8, 0x7f, 0xffffffffffffffff, @relative_fd, 0x4}, 0xf) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) setrlimit$auto(0xb, 0x0) r5 = getpid() r6 = gettid() rt_tgsigqueueinfo$auto(r5, r6, 0x21, 0x0) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffffffffffffffff, 0x0, 0x1}, 0x4) r7 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(r7, 0xffffffffffffffff, 0x0) 4.165161916s ago: executing program 2 (id=3253): mmap$auto(0x0, 0xe985, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_11={0x1, 0x6, 0x6, 0x7, 0x1bb080, 0x97, 0xff, r0}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x7, &(0x7f0000000180)={@siginfo_0_0={0x0, 0x9c2a, 0xffffffff, @_sigsys={0x0, 0x5d35, 0x6}}}) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x8040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) sendmsg$auto_NL80211_CMD_NEW_STATION(r2, 0x0, 0x1) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sda1\x00', 0x2000, 0x0) socket(0x2, 0x5, 0x4000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, 0x0, 0x6a) r4 = io_uring_setup$auto(0x1, 0x0) write$auto_fops_init_pkru_pkeys(r4, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, 0x0, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0x3, r3, 0x0, 0x100400000000006) r5 = syz_genetlink_get_family_id$auto_ovs_vport(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x34, r5, 0x1, 0x70bd2b, 0x25dddbfd, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0xe00}, @OVS_VPORT_ATTR_NAME={0x8, 0x3, '})[\x00'}, @OVS_VPORT_ATTR_UPCALL_PID={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x44040}, 0xc0) 3.557560128s ago: executing program 0 (id=3254): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSTI2(r0, 0x545c, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x800000a, 0x1, 0x44f, 0x7, 0x5, 0x1007181, 0x8a0d, 0x12, 0x7, 0x7ff, 0x89, 0x26, 0x4, 0x200000000001, 0x8, 0xfffffffffffffffa, 0x8, 0x0, 0x30, 0x0, 0x864, 0xe, 0x22000, 0x80, 0x4, 0x84, 0x30, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffffffffffd, 0x22, 0x8c9d, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x8000000000000]}, 0x9, 0xd) pread64$auto(0xffffffffffffffff, 0x0, 0x200000000004, 0xfc) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x163340, 0x2a) socket(0x2a, 0x2, 0x1) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) sysfs$auto(0x2, 0x11, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xa142, 0x0) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/cec10\x00', 0x101901, 0x0) ioctl$auto_CEC_ADAP_S_LOG_ADDRS(r3, 0xc05c6104, &(0x7f0000000100)={'\x00', 0x0, 0x6, 0x2, 0x9b3, 0x9, "0200000002000000997e763f222ce1", '\x00', "0001410c", "fc2f2fc8", ["08004de97d1f0000700060c1", "70d9a9a3af9f39d000000001", "ef5ac4927ad89c5c00"]}) ioctl$auto_CEC_TRANSMIT(r3, 0xc0386105, &(0x7f0000000000)={0x2a, 0x3, 0x7, 0x8, 0x1000, 0x7fffffff, "9b2152084142725dff0d933475a77466", 0x6, 0x5, 0x8, 0x5, 0x2, 0x4, 0x2}) r4 = openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, &(0x7f0000000200), 0x640181, 0x0) write$auto(r4, &(0x7f0000000040)='#[-#\x00', 0x5) madvise$auto(0x0, 0xffffffffffff0005, 0x17) close_range$auto(0x2, 0x8, 0x0) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000180), 0x1541, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x1, 0x3) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/oom_adj\x00', 0x305100, 0x0) 2.984131628s ago: executing program 1 (id=3255): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) syz_genetlink_get_family_id$auto_ovs_ct_limit(&(0x7f0000000840), 0xffffffffffffffff) r1 = io_uring_setup$auto(0x1e, 0x0) sendmsg$auto_OVS_CT_LIMIT_CMD_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)=ANY=[@ANYRESHEX, @ANYBLOB=' .\x00', @ANYBLOB="010086dcf9d60dcc5cf1010012ea0300018007", @ANYRES16=r0], 0x2e20}, 0x1, 0x0, 0x0, 0x2000c040}, 0x4) unshare$auto(0x40000080) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtd0\x00', 0x101000, 0x0) ioctl$auto_MEMGETOOBSEL(r3, 0x80c84d0a, 0x0) write$auto(r2, &(0x7f0000000340)='/Eedio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xed\xf8\xe1\xbc\x1d\x91D\xe7R\x12\xc4\xcd\xc6\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\x81\x00U\x14w\xb4\x14\x1d\x0f\xab\"4\x8a\xbbY2@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xcd\xee,\xe2\xbe\x1bBAIA\x9fv\xedP\x84\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\x00\x00\x00\x00\x00\x00\x00\x00V\xd7\xee\x8b?}r\n\xb3\'R\xda\xb2v\x94\xad\xe6\x1fu\xc4\xe7+\x93\xedT\xbd\xb8p\xb3\x16\xa2\a\xd7\xfcQF\x81\xb3\xd7\b\x87\x8c\xde\xa7\b\xce<\xf8i\xcd\x812\f>\xdcHj\xc2\xfc\xa7\xbe\x11\xc8\xd6\\T\xa76S\xef\x13\xfb9\x96\xc1\x0f\xaf\xa2\x84\xe1k\xf5En\xc7\xf6\xb1-\xc1\xb8\x8bH\x01\xa5X/\x98\xc6W\xa8\xb6S\xf34]\'\x0e\x85\xc3\xef\xdf\xf4\x889\x8be\x1f&\x88\xe6\xdd\x7f\x8c\x10\xdb>>U3\x84\xe5i\x98#\xc6q\xac\xe1\xc4\xb4\xb9\xafC\x1f}{-\xbf\xa1Y\xb9\xe4\xf2`m|RQ`\x14\xdb\xad\x14\xecvc\xe8i\xd2\xb2\xed\xad\x00\x00\x00\x00\x00\x00', 0x100000a3dd) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x281, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/profile\x00', 0x48802, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000280)='/proc/thread-self/net/rpc/auth.unix.ip/channel\x00', 0x3ce500, 0x0) socket(0x1d, 0x3, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/pci0000:00/0000:00:01.3/enable\x00', 0x20f01, 0x0) write$auto(r4, &(0x7f0000000040)='0\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x0, 0x1, 0x2, 0x9, 0x15f4da07, 0x6, 0x10001, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/fs/jbd2/sda1-8/info\x00', 0x8000, 0x0) syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000240), r1) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/clockevents/clockevent1/uevent\x00', 0x206143, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 2.864930444s ago: executing program 4 (id=3256): r0 = fcntl$auto_F_GETOWN(0xffffffffffffffff, 0x9, 0x8001) prctl$auto(0x1000000003b, 0xffffffffffffffff, r0, 0x5, 0x7) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/input/event0\x00', 0x68000, 0x0) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000001100)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x8000400) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) 2.854982393s ago: executing program 2 (id=3257): r0 = fcntl$auto_F_GETOWN(0xffffffffffffffff, 0x9, 0x8001) prctl$auto(0x1000000003b, 0xffffffffffffffff, r0, 0x5, 0x7) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x7, 0x28000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000200)='/dev/input/event0\x00', 0x68000, 0x0) io_uring_setup$auto(0x7, 0x0) readv$auto(0x3, &(0x7f0000001100)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x8000400) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) 2.088927893s ago: executing program 2 (id=3258): mmap$auto(0x0, 0xe985, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x4000894}, 0x800) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_11={0x1, 0x6, 0x6, 0x7, 0x1bb080, 0x97, 0xff, r0}, 0x6f3) sendmsg$auto_ETHTOOL_MSG_EEE_SET(0xffffffffffffffff, &(0x7f0000001700)={0x0, 0x0, &(0x7f00000016c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="d4000000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fbdbdf2518000000200001800247eea41fac000014000200766574683100000000000000000000000800070063fbffff0500060001000000840002803d00488013b37090badc49d6dc93876646d25a4d297d01cd3b7da38d12889cc50d505f353dc42d0a3c0a14c7b46428910708003600", @ANYRES32=0x0, @ANYBLOB="0400b3800000003d003b800400a4800c009a00008000000000000004008680c16ab1b1b39dcaa14b6af7dcc011b43cf706e562811c62b28a702b72e0a87126700294f2350000000c000180080003"], 0xd4}, 0x1, 0x0, 0x0, 0x20000010}, 0x20008000) rt_tgsigqueueinfo$auto(0x3, 0x96, 0x7, &(0x7f0000000180)={@siginfo_0_0={0x0, 0x9c2a, 0xffffffff, @_sigsys={0x0, 0x5d35, 0x6}}}) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x6f) sendmsg$auto_ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000002cc0)={0x0, 0x0, &(0x7f0000002c80)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYBLOB="010027bd"], 0x2c}, 0x1, 0x0, 0x0, 0x4801}, 0x8040) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="12"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) syz_genetlink_get_family_id$auto_nl80211(0x0, r2) sendmsg$auto_NL80211_CMD_NEW_STATION(r2, 0x0, 0x1) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sda1\x00', 0x2000, 0x0) socket(0x2, 0x5, 0x4000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) bind$auto(0x3, 0x0, 0x6a) r4 = io_uring_setup$auto(0x1, 0x0) write$auto_fops_init_pkru_pkeys(r4, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) bpf$auto(0x0, &(0x7f0000000780)=@link_update={0xa, @new_map_fd=0x5, 0x4007, @old_prog_fd=0x13b}, 0xa3) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0x3, r3, 0x0, 0x100400000000006) r5 = syz_genetlink_get_family_id$auto_ovs_vport(0x0, 0xffffffffffffffff) sendmsg$auto_OVS_VPORT_CMD_NEW(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x34, r5, 0x1, 0x70bd2b, 0x25dddbfd, {}, [@OVS_VPORT_ATTR_UPCALL_STATS={0x4}, @OVS_VPORT_ATTR_TYPE={0x8, 0x2, 0xe00}, @OVS_VPORT_ATTR_NAME={0x8, 0x3, '})[\x00'}, @OVS_VPORT_ATTR_UPCALL_PID={0x4}, @OVS_VPORT_ATTR_PORT_NO={0x8, 0x1, 0xf}]}, 0x34}, 0x1, 0x0, 0x0, 0x44040}, 0xc0) 2.023855282s ago: executing program 4 (id=3259): io_submit$auto(0x5, 0x7, &(0x7f0000000040)=&(0x7f0000000000)={0xffffffffffff0001, 0x8, 0x6, 0x8, 0x5, 0xffffffffffffffff, 0xe0, 0x1, 0x200, 0x0, 0x5}) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001140), 0xffffffffffffffff) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b8148120, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = io_uring_setup$auto(0x5b, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000240)='/dev/binderfs/binder0\x00', 0x80000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) setpriority$auto_PRIO_USER(0x2, 0x0, 0x81) shmctl$auto_SHM_INFO(0x3, 0xe, &(0x7f0000000780)={{0x4, 0x0, 0xffffffffffffffff, 0x7e7, 0x0, 0x8, 0x4}, 0xffff5049, 0x81, 0x200, 0x81, @inferred, @raw=0x5, 0x6, 0x0, &(0x7f0000000680), &(0x7f0000000700)="702cd3d6f4c7d12ece89d98d5bb588d457c6d3becbf886ea2af0f2245775ae0a5e5272fd8dbaf28b475e82dc4c9507811297cfcbcb9af20224c9b1703826cc64002fb13e71aa2ef2287e1cb0b98207032bfa8a9fe87a7ac9dbabfdddbbe058903a7d0d00242bed00db4081a1cc258f"}) shmctl$auto_SHM_STAT_ANY(0x7, 0xf, &(0x7f0000000940)={{0x0, 0x0, r4, 0x3cc0b025, 0x8, 0x7f, 0x4}, 0x4d, 0x6, 0x5, 0xb1e2, @raw, @raw=0x4, 0x5, 0x0, &(0x7f0000000800)="b44ccefec0ae3d7ecfffaf638d451d3aa7fdcd3f59dfe8031542aadb800a861d0cb9869fe6b956e87f6c96f05239bab1fe5ba0e5d1af574290b79aa04bde4ca78d660b3faec5da3b1bc191ce720176577762351875ebb6fe918361da3e87de19b7653d2e5fd4c9e63f3bdd83edcc5690ac6a1d4c186d6b4366f2dc0265cfac5450c4da851603c57927d0d16684380abb0bfca8c6ab920db85673ea3460ad2059053c2ed59627dacbc190abac48ded6bbf3336d91ead92a3462824e2d46cfc6ebe3542f07e58c1e7d3e3536716c782db32f6d7a7db55f54a1f1743ee3b5ab2aba6760aee142723169249e19476fe601b19b6ee47590", &(0x7f0000000900)="6cc3cb0a2ece5c0042b265e0b3bd259d"}) sendmsg$auto_NL802154_CMD_GET_SEC_KEY(r1, &(0x7f00000004c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB="6102004c", @ANYRES16=0x0, @ANYBLOB="00082abd7000fddbdf2516000000050029000100000008000100040000001a0002002f6465762f62696e64657266732f62696e6465723000000005001a00870000008b0118808c00ed80cb527603e78437f26b37e5e44c4bcf9d22bc7a38508fce9785e8b4f82c323c45ff3a4154f873498bd54e7b0944e6106bf7ef7afe9fac6529a18e7fcbbbedb7fa861b2c8cf823b4e195ee4d82974a27260520f7029ebbc3fab3e3ca4f52257e66ea35117fd84f4628b44d9fa90800d8000080000008001500", @ANYRES32=r5, @ANYBLOB="0c00530007000000000000003f93a58731e23f7fd904729a5434e198f6813b18a59be7648f43a16f99672a0d86082411f4a57d836b3d9897265b88b475f1aa3983646641330ed84d26554851c7b7a016ebfd9fbfb3e929341c2fc489e153e111783759760a5761d4eb0a1f52b596a98875876222ede9af7f04e0043dd1cf744789f571e8b54d1106ecf8c3e879d81af6ab8899c11661f81d0427ce667bb5861112858aba259062c25e9536ed8d547dd160998e8b0085cda9011c9bacd6c780c70ed336c13f5f01a7ae01e1d4ecef906440860a959587befac294bf92a129d381c25a478c2adf9e6afd24cd7c952d2466e70254cf3f771b42df1d6e57d1cc4df6837679f7803db700"], 0x1d4}, 0x1, 0x0, 0x0, 0x2008004}, 0x6514) ioctl$auto_TIOCSTI2(r1, 0x5412, &(0x7f0000000100)="63ecea062df1229f3d3ec21f1f5f8307e6aa7b6b0b45017f77b0a8d80914633e00b0b5f6f86df743e76943b956a85aeb3b72168c1a19581a31fff13fa27e1bcda6b3b6cbbf937b5716b9c3a7edda0e20639669408cf31eb0fbe39ae2") sendmsg$auto_NL802154_CMD_GET_WPAN_PHY(r0, &(0x7f0000000ac0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x65e0400}, 0xc, &(0x7f0000000a80)={&(0x7f0000001180)=ANY=[@ANYBLOB="c4030000", @ANYRES16=0x0, @ANYBLOB="02002cbd7000fddbdf2501000000080005000400000011022b80350de5f3953fae7e5090f3f78292c1b1e30c82c03553b1ed8e647d9b0ad2cd1195dbd16cbaeae5ec56be3fe6b45fc7a443bdf917e628f3d09c385e083bf976cdaf8eabc2a6a79cca9c9d874cd5bf010280af863b68554eac90701b0dfc02ba3fe61b8d5d122b87d255081c1f5af60800a200", @ANYRES32=0x0, @ANYBLOB="b9c9983bb512f67e1938cbcad0f23740a1d616c136ac382d870d7d1ce5bbea14ce05fd535c0134447fc7776439f8dddce0807a43e9d30800ac00", @ANYRES32=0x0, @ANYBLOB="11dbb90d3cfdff3167e4d08a064ecf81b8791ee1b2e22b1a12a6f9a1b8b40d5a0324046c8bc5be3750affc3676850c784885fb645591da75d8cdd78700cdddebbc8124e60d8847f54499f09ec29ca477913bb2f9e76739a67c8e855c77d749b4899b04d5cfaed45ef287b97bc23395218af3d0b1c9c604e22627c372a0407240a24e323acd0a6bf239309a524f2f57b6b034399095e771651f13f1d71d97454a27daad16a4e9ff63ce6443c08813ec73550e43ce899b03671413ab786572e1891cbf7b0de922d8b6fd74225c58cfd281afd906736b93874d5303a1e07cc03d41a8288dc8135fc8b9235beb5f3f2c46ad862e052f7e62e28f4a275a33c85c3d0fa41ddc0c0b3ab5afd7189566184c05d78122c2e32c3939cb36b3ea8da3e03e395a7555b5314220fdeae7fdbf1462105562bbf04ac025eed5582910cc9b3c0d26d240feb3c61729710d0052006e6c38303231353400000000000000000d0002006e6c38303231353400000000050012001000000074011e8008005600", @ANYRES32=0x0, @ANYBLOB="0400750034007a801400fc00fe88000000000000000000bd5274fb5817276f227f7dc7dc9ad7b900eca20000000000000000006fa5542347d0886ec77fa12d33301bc9f14df37acef3b5f2252445c17fda2a0839edd02381c8f1b987c58e87cad2ffcc8bf8d6373250c99545c46936494eea2d2895dee1212167c72544996168ea2406abbb7365ef78031f5c38eaa9ba22848b16ae954cbdf94136310d1b407814ebf24b97429ee7a8790a8d", @ANYRES32=0x0, @ANYBLOB="04001b8008000900", @ANYRES32=r2, @ANYBLOB="2d01298008008800010000000c00228008001900040000007b551f8cce14cf2cd385874fd43e65361d93cc42a4bae3675d4982d11272d72cff3f1e78c832f1164498cfe3349455936c713965eeaef6fee66efbb1da53a95cf80ef153e5779c3e0dc1a0669d0b3ecadc5eb635a4cd6d29e3ebc13c9bfdb342fd0ba82ed30a79f4acc86f6fa2d3cff99d1aa35494d3a2cecdd1dfd3ad71230a526320b56daef43da93c9194c8d276ad663c870c3459964479b0050018000000000008001a00", @ANYRES32=0x0, @ANYBLOB="ae8370af279fe94f498dd0b31b410d993a2fa3a8566d0d1130ac2da5021715b2d90fb2d866ba78f6ce44f0ae424570254b84099c37ccd142a48584b474ed348cea9760c285bd8494e2e6c7dc6a8bd9b72b7290fd434cf4b22dc42308009000", @ANYRES32, @ANYBLOB='\b\x00E\x00', @ANYRES32=r3, @ANYBLOB="0000000500120007000000"], 0x3c4}, 0x1, 0x0, 0x0, 0x404c004}, 0x4008000) sysfs$auto(0x2, 0x4, 0x0) r6 = fsopen$auto(0x0, 0x1) fsconfig$auto(r6, 0x8, 0x0, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) 1.711298067s ago: executing program 4 (id=3260): mprotect$auto(0x0, 0x806121, 0x8) madvise$auto(0x0, 0xffffffffffff0001, 0x15) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000200)='/dev/bus/usb/010/001\x00', 0x80d00, 0x0) mmap$auto(0x0, 0x400008, 0x5f, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nbd0\x00', 0x24000, 0x0) mq_unlink$auto(0x0) ioctl$auto(r1, 0xab04, 0xffffffffffffffff) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_ecryptfs_miscdev_fops_miscdev(0xffffffffffffff9c, &(0x7f000000e680), 0x68182, 0x0) writev$auto(r3, 0x0, 0xb) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) ioctl$auto_FS_IOC_UNRESVSP64(r2, 0x4030582b, 0x7) bind$auto(r3, 0x0, 0xc) msgctl$auto_MSG_STAT_ANY(0x8001, 0xd, &(0x7f0000000400)={{0xf, 0xee01, 0x0, 0xf615, 0x9, 0x6, 0x5}, &(0x7f0000000180), &(0x7f00000001c0)=0xca, 0xeda, 0x101, 0x4, 0x1, 0x5, 0x8, 0x6, 0xfff8}) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000240), r2) shmctl$auto(0xf6, 0x5, &(0x7f0000000500)={{0x9, 0x0, 0xffffffffffffffff, 0x1, 0x80, 0x7, 0x2}, 0x1, 0xc875, 0x6360000, 0x3afb, @raw=0x7, @raw=0x4, 0x0, 0x0, &(0x7f0000000480)="22b7242abf416c544b9ca5a737cb9f1fe2059c36ba8c933d", &(0x7f00000004c0)="39653ec63a20a215be3923874134cd01cf2039452f94425dc29b6fa69f3cee74e3c6155d"}) keyctl$auto_KEY_REQKEY_DEFL_NO_CHANGE(0x4, 0xffffffffffffffff, r4, r5, 0x4) fallocate$auto(r3, 0x10001, 0xffffffffffffff7f, 0x23) shmctl$auto_SHM_STAT_ANY(0x1, 0xf, 0x0) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x40005, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) select$auto(0x9, 0x0, 0x0, &(0x7f0000000040)={[0xc, 0x5, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x9, 0x80000001, 0x7, 0x1, 0x9, 0x1, 0x1]}, 0x0) 1.627718312s ago: executing program 0 (id=3261): mmap$auto(0x0, 0xd, 0x1, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x2, 0x0) prlimit64$auto(0x0, 0x7, 0x0, &(0x7f0000000080)={0x3ff}) connect$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @empty}, 0x4d) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0xc}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) close_range$auto(0x2, 0x8, 0x0) setsockopt$auto(r0, 0xefffeff3, 0x3, 0x0, 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) read$auto_uprobe_events_ops_trace_uprobe(r2, 0x0, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x05\x00\x04\x00!\x00\xb6', 0x7f) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x4a42, 0x0) 1.523305372s ago: executing program 1 (id=3262): mmap$auto(0x0, 0xd, 0x1, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x2, 0x2, 0x0) prlimit64$auto(0x0, 0x7, 0x0, &(0x7f0000000080)={0x3ff}) connect$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @empty}, 0x4d) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0xc}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) close_range$auto(0x2, 0x8, 0x0) setsockopt$auto(r0, 0xefffeff3, 0x3, 0x0, 0x7) close_range$auto(0x0, 0xfffffffffffff000, 0x2) r2 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) read$auto_uprobe_events_ops_trace_uprobe(r2, 0x0, 0x0) write$auto(0xca, &(0x7f0000000000)='\x04>\x01\x05\x00\x04\x00!\x00\xb6', 0x7f) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x4a42, 0x0) 1.355098185s ago: executing program 2 (id=3263): mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) socket(0x29, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bdi/250:0/read_ahead_kb\x00', 0x5e30523b26a2a748, 0x0) r1 = openat$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(0xffffffffffffff9c, &(0x7f0000000000), 0x20280, 0x0) read$auto_drm_crtc_crc_data_fops_drm_debugfs_crc(r1, &(0x7f0000000080)=""/4096, 0x1000) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty19\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b62, r0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xc00caee0, r0) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sda\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r4, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) unshare$auto(0x0) unshare$auto(0x6) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) r6 = socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0xffffffffffffffff, 0x28000) setsockopt$auto(r6, 0x29, 0x30, 0x0, 0x56b) bpf$auto_BPF_TOKEN_CREATE(0x24, &(0x7f0000000500)=@link_detach, 0x1) openat$auto_o2hb_debug_fops_heartbeat(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/kernel/debug/o2hb/failed_regions\x00', 0x200, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_EVIOCGMASK(r5, 0x80104592, 0x0) 1.135320231s ago: executing program 2 (id=3264): r0 = syz_clone(0x64e132d598a819df, 0x0, 0x0, 0x0, 0x0, 0x0) pwrite64$auto(0xc8, 0x0, 0x3, 0x3a) mmap$auto(0x1ff, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8003) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x8000400) sysfs$auto(0x2, 0xd, 0x0) r1 = fsopen$auto(0x0, 0x1) fsconfig$auto(r1, 0x8, 0x0, 0x0, 0x0) r2 = fsopen$auto(0x0, 0x1) fsconfig$auto(r2, 0x8, 0x0, 0x0, 0x0) mmap$auto(0x7fff, 0x400001, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x4000007e) lstat$auto(0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) shmctl$auto_IPC_SET(0x0, 0x1, &(0x7f0000000300)={{0x7, 0xee00, 0x0, 0x6, 0x8, 0x5, 0x8}, 0x5, 0x0, 0x2, 0x96f2, @raw=0xc, @inferred=r0, 0xa, 0x0, &(0x7f0000000080)="5c1de1471b5202978d", &(0x7f0000000240)="c3a009a7cbed0c9b7c6c6b64651690c2b159ea8ab495f2db68e9fdb2703294cdde222918e1de2efbd6e40241d816d6a9f9ffedb5e6fb78cbf65e8d32c6bd31ed28f1e23b0aaac3ce1a67993ae7199bab7e4c4311d343a230569e32dae6157636596792cdc1c151b6049f3b6d3dbdd44d27b259c6588f86b76251f5051de86a050d22a3bb157cbe568b4e94e1389a9051a580488b2c8a8cfb035971b0409c330e45b4173e3f3c97450d3d5de1b5364942bdf4"}) r5 = setfsgid$auto(0xee01) fchown$auto(r1, r4, r5) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r3) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/system/cpu/smt/control\x00', 0x2ab42, 0x0) inotify_init1$auto(0x80000001) write$auto_kernfs_file_fops_kernfs_internal(r7, &(0x7f0000000040)='1', 0x1) sendmsg$auto_NL80211_CMD_VENDOR(r3, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="050727567000fbdbdf256700000005002a014000ff0765e62ecb4771db88b32ff0afd393b6f788fba299284df6b4bfa8b4e5b31013bf3380a9ca26913a7726ba730fda008d06777fe5095e111979f721e8d6a9153464c384d9be7ed8969b4e536cee3ebfd0d004945f07000000109ac05d62ab75c0b07e283983b53071f68d3f998d900dfb7363f7c0e973b989"], 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x80) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x4000, 0x0) mremap$auto(0x0, 0x4, 0x4, 0x7, 0x100000000) madvise$auto(0x0, 0x200007, 0x19) r8 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000140)='/dev/binderfs/binder0\x00', 0x20100, 0x0) ioctl$auto_BINDER_WRITE_READ(r8, 0xc0306201, &(0x7f0000000000)="fc06c1f730b9d2867a8ba29f242cf38f59f712fcd917fee796") mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) ioctl$auto(0xffffffffffffffff, 0x4bfa, 0x9) 541.67575ms ago: executing program 0 (id=3265): openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000240), 0x840, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x3e) 518.451273ms ago: executing program 1 (id=3266): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) io_uring_setup$auto(0x5, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0x80000, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x4) close_range$auto(0x2, 0x8, 0x0) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) write$auto(0x3, 0x0, 0xfffffdef) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) r2 = ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) mkdir$auto(&(0x7f0000000140)='./file0\x00', 0xfffd) r3 = open(&(0x7f0000000080)='./file0/file0\x00', 0x361000, 0x20) mkdir$auto(&(0x7f00000000c0)='./file1\x00', 0x9) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nullb0/queue/scheduler\x00', 0xca002, 0x0) sendfile$auto(r4, r4, 0x0, 0x7ffff000) prctl$auto_PR_SET_VMA(0x53564d41, 0x2, 0xfff, 0x7, 0x2000000) read$auto_kmsg_fops_printk(r3, &(0x7f0000000180)=""/190, 0xbe) lsm_list_modules$auto(0x0, 0x0, 0x0) rename$auto(&(0x7f0000000480)='./file1\x00', &(0x7f0000000040)='./file0/file0\x00') r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/system/machinecheck/machinecheck0/print_all\x00', 0x6c8440, 0x0) sendfile$auto(r5, r5, 0x0, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) madvise$auto(0x0, 0x2000040080000004, 0xe) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r6, 0x5459, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc4c85513, 0x0) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28002) ioctl$auto_VHOST_SET_FEATURES2(r2, 0x4008af00, &(0x7f0000000240)=0x5) r7 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r7, 0xc004743e, 0x0) 6.092301ms ago: executing program 0 (id=3267): openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dri/card2\x00', 0x10f800, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/cpu/smt/control\x00', 0xab42, 0x0) readv$auto(0x3, &(0x7f0000003080)={&(0x7f0000000200), 0x2}, 0x6) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'vlan1\x00'}) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000080)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ram12\x00', 0x2c65c0, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x400, 0x0) semctl$auto(0x7, 0x2, 0x13, 0x1) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/neigh/team0/retrans_time_ms\x00', 0x200400, 0x0) memfd_create$auto(&(0x7f0000000100)='nfsd\x00', 0x2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) io_uring_setup$auto(0x386, &(0x7f0000000000)={0x5, 0x1, 0x4c, 0x0, 0x1, 0x8, 0xffffffffffffffff, [0xfffffffa, 0x8, 0xa], {0x8, 0x8, 0x3fc000, 0x4, 0x751, 0x3, 0x3b, 0xec5, 0xffff}, {0xd5, 0x80000000, 0x1bee, 0x5d, 0x400, 0x9, 0x7, 0x8000, 0x7f}}) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x0, 0x0) r3 = fsopen$auto(0x0, 0x1) fsconfig$auto(r3, 0x8, 0x0, 0x0, 0x0) r4 = fsopen$auto(0x0, 0x1) fsconfig$auto(r4, 0x6, 0x0, 0x0, 0x0) write$auto_console_fops_tty_io(r2, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1f, 0x5, 0x3) 0s ago: executing program 2 (id=3268): mmap$auto(0xfffffffffffffffe, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0x400, 0x0) read$auto_stats_fops_(r0, &(0x7f0000000140)=""/147, 0x93) mmap$auto(0x0, 0x7, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000001040)='/dev/dsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000001080)) mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) memfd_create$auto(0x0, 0xd) ftruncate$auto(0x0, 0x8800000) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio1\x00', 0x7651f41f8d1518d1, 0x0) bind$auto(0x3, 0x0, 0x6a) read$auto(0x3, 0x0, 0x8080) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/fail-nth\x00', 0x22a02, 0x0) ioperm$auto(0xffffffffffbfffff, 0x10100000c, 0x3) sendmmsg$auto(0xffffffffffffffff, 0x0, 0x2, 0x51c) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) getpid() sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, 0x0, 0x8040) mmap$auto(0x0, 0x3, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r2 = fsopen$auto(0x0, 0x1) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x2, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) ioctl$auto_SNAPSHOT_CREATE_IMAGE(r2, 0x40043311, &(0x7f0000000200)=0x53) mmap$auto(0x0, 0x2a, 0xdf, 0x9b72, 0x1000, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) epoll_create$auto(0x3e) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) kernel console output (not intermixed with test programs): e_state+0x129/0x190 [ 840.578597][T21581] ? ksys_write+0x1ac/0x250 [ 840.578617][T21581] __x64_sys_mmap+0x125/0x190 [ 840.578636][T21581] do_syscall_64+0x10b/0xf80 [ 840.578654][T21581] ? clear_bhb_loop+0x40/0x90 [ 840.578673][T21581] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.578689][T21581] RIP: 0033:0x7f267219cdd9 [ 840.578703][T21581] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 840.578717][T21581] RSP: 002b:00007f2673025028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 840.578733][T21581] RAX: ffffffffffffffda RBX: 00007f2672415fa0 RCX: 00007f267219cdd9 [ 840.578743][T21581] RDX: 0000000000000003 RSI: 0000000000000006 RDI: 0000000000000000 [ 840.578752][T21581] RBP: 00007f2672232d69 R08: 0000000000000007 R09: 0000000000008000 [ 840.578762][T21581] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 840.578771][T21581] R13: 00007f2672416038 R14: 00007f2672415fa0 R15: 00007fff6a713c18 [ 840.578802][T21581] [ 841.205262][T21629] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 841.214386][T21629] pci 0000:00:01.3: PCI INT A: no GSI [ 841.721192][ T5624] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 841.741595][ T5624] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 841.760429][ T5624] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 841.774219][ T5624] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 841.783433][ T5624] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 842.733065][T21658] ubi0: attaching mtd0 [ 842.979593][T21658] ubi0: scanning is finished [ 843.870948][ T5624] Bluetooth: hci4: command tx timeout [ 845.152144][T21658] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 845.174764][ T9963] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.210765][T21658] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 845.218178][T21658] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 845.238591][T21658] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 845.264932][T21658] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 845.306439][T21658] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 845.365297][T21658] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 3732225790 [ 845.444401][T21658] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 845.513511][T21668] ubi0: detaching mtd0 [ 845.517644][T21691] ubi0: background thread "ubi_bgt0d" started, PID 21691 [ 845.557424][T21668] ubi0: mtd0 is detached [ 845.670114][ T9963] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.925710][ T9963] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 845.951506][ T5624] Bluetooth: hci4: command tx timeout [ 846.128451][ T9963] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 848.029073][ T5624] Bluetooth: hci4: command tx timeout [ 848.602880][ T5624] Bluetooth: hci1: unexpected subevent 0x18 length: 123 > 19 [ 848.611130][ T5624] Bluetooth: hci1: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 849.996383][ T9963] bridge_slave_1: left allmulticast mode [ 850.024671][ T9963] bridge_slave_1: left promiscuous mode [ 850.109487][ T5624] Bluetooth: hci4: command tx timeout [ 850.122796][ T9963] bridge0: port 2(bridge_slave_1) entered disabled state [ 850.400336][ T9963] bridge_slave_0: left allmulticast mode [ 850.493116][ T9963] bridge_slave_0: left promiscuous mode [ 850.651499][ T9963] bridge0: port 1(bridge_slave_0) entered disabled state [ 852.320332][ T9963] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 852.356546][ T9963] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 852.395319][ T9963] bond0 (unregistering): Released all slaves [ 852.544389][ T5287] 8021q: adding VLAN 0 to HW filter on device eth1 [ 853.671848][T21661] bridge0: port 1(bridge_slave_0) entered blocking state [ 853.726493][T21661] bridge0: port 1(bridge_slave_0) entered disabled state [ 853.787176][T21661] bridge_slave_0: entered allmulticast mode [ 853.847323][T21661] bridge_slave_0: entered promiscuous mode [ 853.919239][T21661] bridge0: port 2(bridge_slave_1) entered blocking state [ 853.968545][T21661] bridge0: port 2(bridge_slave_1) entered disabled state [ 854.020265][T21661] bridge_slave_1: entered allmulticast mode [ 854.063659][T21661] bridge_slave_1: entered promiscuous mode [ 854.461437][T22044] futex_wake_op: syz.1.2335 tries to shift op by -2048; fix this program [ 854.543904][T22044] futex_wake_op: syz.1.2335 tries to shift op by -2048; fix this program [ 854.562012][T21975] kexec: Could not allocate control_code_buffer [ 854.594656][T22053] 0x000000000001-0x000000020000 : "" [ 854.600599][T21661] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 854.659494][T21661] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 854.670869][T22053] ftl_cs: FTL header corrupt! [ 854.930735][ T5287] 8021q: adding VLAN 0 to HW filter on device eth2 [ 855.156517][T21661] team0: Port device team_slave_0 added [ 855.191951][T21661] team0: Port device team_slave_1 added [ 855.366905][T22120] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2337'. [ 855.535611][T21661] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 855.577156][T21661] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 855.688408][T21661] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 855.731827][T21661] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 855.758418][T21661] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 855.823389][T21661] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 855.995243][T22111] kexec: Could not allocate control_code_buffer [ 856.324220][T21661] hsr_slave_0: entered promiscuous mode [ 856.355758][T21661] hsr_slave_1: entered promiscuous mode [ 856.662598][T22221] futex_wake_op: syz.0.2338 tries to shift op by -2048; fix this program [ 856.935132][T22290] ACPI: \_SB_.LNKS: No IRQ available. Try pci=noacpi or acpi=off [ 856.985441][T22290] pci 0000:00:01.3: PCI INT A: no GSI [ 857.262093][T22337] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 857.262093][T22337] program syz.1.2341 not setting count and/or reply_len properly [ 857.447426][ T5287] 8021q: adding VLAN 0 to HW filter on device eth3 [ 857.503513][T22337] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2341'. [ 858.736672][T22444] futex_wake_op: syz.3.2346 tries to shift op by -2048; fix this program [ 858.793507][T22444] futex_wake_op: syz.3.2346 tries to shift op by -2048; fix this program [ 858.849454][T22459] 0x000000000001-0x000000020000 : "" [ 858.962390][T22459] ftl_cs: FTL header corrupt! [ 860.014896][T22506] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2348'. [ 860.289774][T21661] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 860.332966][T21661] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 860.372831][T21661] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 860.454599][T21661] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 860.525276][T21661] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 860.606769][T21661] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 860.716411][T21661] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 860.767928][T21661] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 860.990891][ T9963] hsr_slave_0: left promiscuous mode [ 861.015334][ T9963] hsr_slave_1: left promiscuous mode [ 861.038629][ T9963] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 861.063032][ T9963] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 861.125808][ T9963] veth1_macvtap: left promiscuous mode [ 861.148647][ T9963] veth0_macvtap: left promiscuous mode [ 861.174284][ T9963] veth1_vlan: left promiscuous mode [ 861.194892][ T9963] veth0_vlan: left promiscuous mode [ 861.650419][ T9963] team0 (unregistering): Port device team_slave_1 removed [ 861.695963][ T9963] team0 (unregistering): Port device team_slave_0 removed [ 862.658532][T22706] futex_wake_op: syz.0.2358 tries to shift op by -2048; fix this program [ 862.714898][T22706] futex_wake_op: syz.0.2358 tries to shift op by -2048; fix this program [ 862.761778][T22706] 0x000000000001-0x000000020000 : "" [ 862.804814][T22706] ftl_cs: FTL header corrupt! [ 863.280789][T21661] 8021q: adding VLAN 0 to HW filter on device bond0 [ 863.755035][T21661] 8021q: adding VLAN 0 to HW filter on device team0 [ 863.833813][ T48] bridge0: port 1(bridge_slave_0) entered blocking state [ 863.840986][ T48] bridge0: port 1(bridge_slave_0) entered forwarding state [ 863.924138][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 863.931277][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 865.043664][T22803] futex_wake_op: syz.3.2360 tries to shift op by -2048; fix this program [ 865.269007][T22847] futex_wake_op: syz.1.2363 tries to shift op by -2048; fix this program [ 865.420069][T22847] futex_wake_op: syz.1.2363 tries to shift op by -2048; fix this program [ 865.434232][T22871] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 865.434232][T22871] program syz.3.2364 not setting count and/or reply_len properly [ 865.797875][T22897] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2364'. [ 866.049573][T21661] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 869.990451][T21661] veth0_vlan: entered promiscuous mode [ 870.111117][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.117461][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 870.234788][T21661] veth1_vlan: entered promiscuous mode [ 871.031724][T21661] veth0_macvtap: entered promiscuous mode [ 871.097950][T21661] veth1_macvtap: entered promiscuous mode [ 871.209463][T21661] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 871.267991][T21661] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 871.326806][ T9963] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 871.369483][ T9963] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 871.456577][ T9963] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 871.510589][ T9963] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 872.095059][ T9963] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 872.145585][ T9963] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 872.182795][T23009] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2372'. [ 872.701734][ T5624] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 872.717500][ T5624] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 872.797942][ T1176] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 872.895758][ T1176] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 878.607746][T23170] futex_wake_op: syz.1.2381 tries to shift op by -2048; fix this program [ 878.683626][T23170] futex_wake_op: syz.1.2381 tries to shift op by -2048; fix this program [ 878.722902][T23188] 0x000000000001-0x000000020000 : "" [ 878.848249][T23188] ftl_cs: FTL header corrupt! [ 878.894888][T23170] program syz.1.2381 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 878.921400][T23242] FAULT_INJECTION: forcing a failure. [ 878.921400][T23242] name failslab, interval 1, probability 0, space 0, times 0 [ 878.993545][T23242] CPU: 0 UID: 0 PID: 23242 Comm: syz.0.2384 Not tainted syzkaller #0 PREEMPT(full) [ 878.993567][T23242] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 878.993577][T23242] Call Trace: [ 878.993583][T23242] [ 878.993589][T23242] dump_stack_lvl+0x100/0x190 [ 878.993610][T23242] should_fail_ex.cold+0x5/0xa [ 878.993629][T23242] ? vmalloc_info_show+0x74/0xcd0 [ 878.993642][T23242] should_failslab+0xc2/0x120 [ 878.993660][T23242] __kmalloc_noprof+0xe0/0x850 [ 878.993683][T23242] ? rcu_is_watching+0x12/0xc0 [ 878.993704][T23242] vmalloc_info_show+0x74/0xcd0 [ 878.993717][T23242] ? __kvmalloc_node_noprof+0x37b/0xa00 [ 878.993737][T23242] seq_read_iter+0x32f/0x1270 [ 878.993761][T23242] proc_reg_read_iter+0x220/0x310 [ 878.993778][T23242] ? __pfx_proc_reg_read_iter+0x10/0x10 [ 878.993796][T23242] vfs_read+0x825/0xb30 [ 878.993815][T23242] ? __pfx_vfs_read+0x10/0x10 [ 878.993843][T23242] ksys_read+0x12a/0x250 [ 878.993859][T23242] ? __pfx_ksys_read+0x10/0x10 [ 878.993876][T23242] ? rcu_is_watching+0x12/0xc0 [ 878.993896][T23242] do_syscall_64+0x10b/0xf80 [ 878.993915][T23242] ? clear_bhb_loop+0x40/0x90 [ 878.993934][T23242] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 878.993949][T23242] RIP: 0033:0x7f7a8eb9cdd9 [ 878.993962][T23242] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 878.993976][T23242] RSP: 002b:00007f7a8fa4b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 878.993993][T23242] RAX: ffffffffffffffda RBX: 00007f7a8ee15fa0 RCX: 00007f7a8eb9cdd9 [ 878.994003][T23242] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 878.994011][T23242] RBP: 00007f7a8fa4b090 R08: 0000000000000000 R09: 0000000000000000 [ 878.994020][T23242] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 878.994029][T23242] R13: 00007f7a8ee16038 R14: 00007f7a8ee15fa0 R15: 00007ffcacdc0e18 [ 878.994048][T23242] [ 879.661465][T23259] ovs_: entered promiscuous mode [ 880.134647][T23217] futex_wake_op: syz.2.2383 tries to shift op by -2048; fix this program [ 880.238566][T23217] futex_wake_op: syz.2.2383 tries to shift op by -2048; fix this program [ 880.325010][T23231] 0x000000000001-0x000000020000 : "" [ 880.506367][T23231] ftl_cs: FTL header corrupt! [ 882.834516][T23320] kexec: Could not allocate control_code_buffer [ 883.297701][T23355] kexec: Could not allocate control_code_buffer [ 883.337182][T23395] [U] ^\ [ 883.589828][T23332] futex_wake_op: syz.0.2394 tries to shift op by -2048; fix this program [ 884.457747][T23406] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2398'. [ 884.565269][T23459] [U] ^\ [ 888.333548][T23615] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 888.622830][T23623] FAULT_INJECTION: forcing a failure. [ 888.622830][T23623] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 888.705604][T23623] CPU: 0 UID: 0 PID: 23623 Comm: syz.2.2410 Not tainted syzkaller #0 PREEMPT(full) [ 888.705627][T23623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 888.705636][T23623] Call Trace: [ 888.705642][T23623] [ 888.705648][T23623] dump_stack_lvl+0x100/0x190 [ 888.705670][T23623] should_fail_ex.cold+0x5/0xa [ 888.705689][T23623] _copy_from_iter+0x1f4/0x1690 [ 888.705708][T23623] ? __pfx__copy_from_iter+0x10/0x10 [ 888.705721][T23623] ? rcu_is_watching+0x12/0xc0 [ 888.705740][T23623] ? trace_kmalloc+0xe3/0x110 [ 888.705756][T23623] ? __kasan_kmalloc+0xaa/0xb0 [ 888.705771][T23623] ? __kmalloc_noprof+0x320/0x850 [ 888.705798][T23623] kernfs_fop_write_iter+0x186/0x5f0 [ 888.705822][T23623] vfs_write+0x6ac/0x1070 [ 888.705840][T23623] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 888.705863][T23623] ? __pfx_vfs_write+0x10/0x10 [ 888.705891][T23623] ksys_write+0x12a/0x250 [ 888.705907][T23623] ? __pfx_ksys_write+0x10/0x10 [ 888.705925][T23623] ? rcu_is_watching+0x12/0xc0 [ 888.705945][T23623] do_syscall_64+0x10b/0xf80 [ 888.705965][T23623] ? clear_bhb_loop+0x40/0x90 [ 888.705983][T23623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.705998][T23623] RIP: 0033:0x7f067b99cdd9 [ 888.706011][T23623] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 888.706024][T23623] RSP: 002b:00007f067c809028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 888.706039][T23623] RAX: ffffffffffffffda RBX: 00007f067bc15fa0 RCX: 00007f067b99cdd9 [ 888.706048][T23623] RDX: 0000000000000a5e RSI: 0000200000000100 RDI: 0000000000000003 [ 888.706057][T23623] RBP: 00007f067c809090 R08: 0000000000000000 R09: 0000000000000000 [ 888.706066][T23623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 888.706075][T23623] R13: 00007f067bc16038 R14: 00007f067bc15fa0 R15: 00007ffec584dea8 [ 888.706094][T23623] [ 889.663660][T23675] [U] ^\ [ 891.495820][T23718] device-mapper: ioctl: Unable to rename non-existent device,  to „ [ 892.407317][T23771] Console: switching to colour frame buffer device 128x48 [ 893.179674][ T5624] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 893.750689][T23807] FAULT_INJECTION: forcing a failure. [ 893.750689][T23807] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 894.025736][T23807] CPU: 0 UID: 0 PID: 23807 Comm: syz.3.2428 Not tainted syzkaller #0 PREEMPT(full) [ 894.025768][T23807] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 894.025782][T23807] Call Trace: [ 894.025792][T23807] [ 894.025802][T23807] dump_stack_lvl+0x100/0x190 [ 894.025838][T23807] should_fail_ex.cold+0x5/0xa [ 894.025868][T23807] ? prepare_alloc_pages+0x16d/0x5f0 [ 894.025895][T23807] should_fail_alloc_page+0xeb/0x140 [ 894.025914][T23807] prepare_alloc_pages+0x1f0/0x5f0 [ 894.025935][T23807] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 894.025961][T23807] ? __lock_acquire+0x4a5/0x2630 [ 894.025977][T23807] ? __pfx___schedule+0x10/0x10 [ 894.025999][T23807] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 894.026022][T23807] ? __lock_acquire+0x4a5/0x2630 [ 894.026037][T23807] ? mark_held_locks+0x40/0x70 [ 894.026050][T23807] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 894.026067][T23807] ? lockdep_hardirqs_on+0x78/0x100 [ 894.026091][T23807] ? vma_is_special_huge+0x23f/0x2d0 [ 894.026108][T23807] ? __pfx_vma_is_special_huge+0x10/0x10 [ 894.026124][T23807] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 894.026147][T23807] ? policy_nodemask+0xed/0x4f0 [ 894.026166][T23807] alloc_pages_mpol+0x1fb/0x540 [ 894.026184][T23807] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 894.026202][T23807] ? __pfx___thp_vma_allowable_orders+0x10/0x10 [ 894.026225][T23807] alloc_pages_noprof+0x1a/0x160 [ 894.026244][T23807] __pmd_alloc+0x3b/0x950 [ 894.026265][T23807] __handle_mm_fault+0xa9c/0x2a00 [ 894.026290][T23807] ? mt_find+0x45e/0x8e0 [ 894.026311][T23807] ? __pfx___handle_mm_fault+0x10/0x10 [ 894.026331][T23807] ? __pfx_mt_find+0x10/0x10 [ 894.026360][T23807] ? find_vma+0xbf/0x140 [ 894.026375][T23807] ? __pfx_find_vma+0x10/0x10 [ 894.026393][T23807] handle_mm_fault+0x36d/0xa20 [ 894.026418][T23807] do_user_addr_fault+0x74c/0x12f0 [ 894.026439][T23807] ? trace_page_fault_kernel+0x7a/0x200 [ 894.026458][T23807] exc_page_fault+0x6f/0xd0 [ 894.026477][T23807] asm_exc_page_fault+0x26/0x30 [ 894.026492][T23807] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 894.026516][T23807] Code: 9b 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 894.026531][T23807] RSP: 0018:ffffc900043e7e68 EFLAGS: 00050206 [ 894.026543][T23807] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000001000 [ 894.026552][T23807] RDX: 0000000000000001 RSI: ffff8880a11d4000 RDI: 0000000000000000 [ 894.026561][T23807] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed101423a9ff [ 894.026572][T23807] R10: ffff8880a11d4fff R11: 0000000000000000 R12: ffff8880a11d4000 [ 894.026581][T23807] R13: 0000000000001000 R14: 00007ffffffff000 R15: 0000000000000000 [ 894.026600][T23807] _copy_to_user+0xa4/0xd0 [ 894.026627][T23807] __do_sys_mincore+0x294/0x610 [ 894.026652][T23807] do_syscall_64+0x10b/0xf80 [ 894.026670][T23807] ? clear_bhb_loop+0x40/0x90 [ 894.026688][T23807] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 894.026703][T23807] RIP: 0033:0x7f267219cdd9 [ 894.026715][T23807] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 894.026729][T23807] RSP: 002b:00007f2673025028 EFLAGS: 00000246 ORIG_RAX: 000000000000001b [ 894.026741][T23807] RAX: ffffffffffffffda RBX: 00007f2672415fa0 RCX: 00007f267219cdd9 [ 894.026751][T23807] RDX: 0000000000000000 RSI: 0000000004000000 RDI: 0000000000001000 [ 894.026759][T23807] RBP: 00007f2673025090 R08: 0000000000000000 R09: 0000000000000000 [ 894.026768][T23807] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 894.026777][T23807] R13: 00007f2672416038 R14: 00007f2672415fa0 R15: 00007fff6a713c18 [ 894.026796][T23807] [ 895.333815][ T5624] Bluetooth: hci1: command 0x0406 tx timeout [ 899.663319][T23969] net_ratelimit: 47 callbacks suppressed [ 899.663336][T23969] netlink: zone id is out of range [ 899.705997][T23953] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 899.718645][T23969] netlink: zone id is out of range [ 899.735998][T23969] netlink: zone id is out of range [ 899.757573][T23969] netlink: zone id is out of range [ 899.819461][T23969] netlink: zone id is out of range [ 899.888532][T23969] netlink: zone id is out of range [ 899.936743][T23969] netlink: zone id is out of range [ 899.964959][T23969] netlink: zone id is out of range [ 899.995425][T23969] netlink: zone id is out of range [ 900.035910][T23969] netlink: zone id is out of range [ 900.618119][T23966] kexec: Could not allocate control_code_buffer [ 901.511796][T24032] [U] ^\ [ 901.770923][T14740] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 901.786737][T14740] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 901.794895][T14740] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 901.804333][T14740] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 901.813921][T14740] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 902.765192][ T9963] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 902.821255][T24071] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 902.821255][T24071] program syz.3.2458 not setting count and/or reply_len properly [ 903.148086][T24088] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2458'. [ 903.268502][ T9963] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.457659][ T9963] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.505678][T24041] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2455'. [ 903.680641][ T9963] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 903.869019][ T5624] Bluetooth: hci2: command tx timeout [ 905.948791][ T5624] Bluetooth: hci2: command tx timeout [ 906.807717][ T9963] bridge_slave_1: left allmulticast mode [ 906.835613][ T9963] bridge_slave_1: left promiscuous mode [ 906.865148][ T9963] bridge0: port 2(bridge_slave_1) entered disabled state [ 906.918633][ T9963] bridge_slave_0: left allmulticast mode [ 906.952853][ T9963] bridge_slave_0: left promiscuous mode [ 906.975792][ T9963] bridge0: port 1(bridge_slave_0) entered disabled state [ 907.167000][ T5624] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 907.496753][ T9963] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 907.549873][ T9963] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 907.584923][ T9963] bond0 (unregistering): Released all slaves [ 908.029479][ T5624] Bluetooth: hci2: command tx timeout [ 908.104663][ T5287] 8021q: adding VLAN 0 to HW filter on device eth1 [ 908.486366][T24330] FAULT_INJECTION: forcing a failure. [ 908.486366][T24330] name failslab, interval 1, probability 0, space 0, times 0 [ 908.568375][T24330] CPU: 0 UID: 0 PID: 24330 Comm: syz.3.2468 Not tainted syzkaller #0 PREEMPT(full) [ 908.568397][T24330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 908.568406][T24330] Call Trace: [ 908.568412][T24330] [ 908.568418][T24330] dump_stack_lvl+0x100/0x190 [ 908.568439][T24330] should_fail_ex.cold+0x5/0xa [ 908.568459][T24330] should_failslab+0xc2/0x120 [ 908.568476][T24330] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 908.568501][T24330] ? __alloc_skb+0x140/0x710 [ 908.568519][T24330] __alloc_skb+0x140/0x710 [ 908.568531][T24330] ? __alloc_skb+0x5b7/0x710 [ 908.568559][T24330] ? __pfx___alloc_skb+0x10/0x10 [ 908.568575][T24330] ? __mutex_lock+0x26d/0x1b10 [ 908.568598][T24330] netlink_dump+0x194/0xd00 [ 908.568619][T24330] ? __pfx_netlink_dump+0x10/0x10 [ 908.568639][T24330] ? __netlink_lookup+0x65c/0x900 [ 908.568668][T24330] __netlink_dump_start+0x6d6/0x990 [ 908.568688][T24330] ? __pfx_rtnl_bridge_getlink+0x10/0x10 [ 908.568705][T24330] rtnetlink_rcv_msg+0xb3e/0xe90 [ 908.568721][T24330] ? __pfx_rtnl_bridge_getlink+0x10/0x10 [ 908.568738][T24330] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 908.568755][T24330] ? __pfx_rtnl_dumpit+0x10/0x10 [ 908.568775][T24330] ? __pfx_rtnl_bridge_getlink+0x10/0x10 [ 908.568794][T24330] ? ref_tracker_free+0x37e/0x6c0 [ 908.568814][T24330] netlink_rcv_skb+0x159/0x420 [ 908.568834][T24330] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 908.568852][T24330] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 908.568877][T24330] ? netlink_deliver_tap+0x1ae/0xcc0 [ 908.568900][T24330] netlink_unicast+0x585/0x850 [ 908.568922][T24330] ? __pfx_netlink_unicast+0x10/0x10 [ 908.568946][T24330] netlink_sendmsg+0x8b0/0xda0 [ 908.568969][T24330] ? __pfx_netlink_sendmsg+0x10/0x10 [ 908.568987][T24330] ? __import_iovec+0x1d2/0x640 [ 908.569003][T24330] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 908.569028][T24330] ____sys_sendmsg+0x9e1/0xb70 [ 908.569047][T24330] ? __pfx_netlink_sendmsg+0x10/0x10 [ 908.569068][T24330] ? __pfx_____sys_sendmsg+0x10/0x10 [ 908.569096][T24330] ___sys_sendmsg+0x190/0x1e0 [ 908.569117][T24330] ? __pfx____sys_sendmsg+0x10/0x10 [ 908.569160][T24330] __sys_sendmsg+0x170/0x220 [ 908.569176][T24330] ? __pfx___sys_sendmsg+0x10/0x10 [ 908.569200][T24330] ? rcu_is_watching+0x12/0xc0 [ 908.569220][T24330] do_syscall_64+0x10b/0xf80 [ 908.569239][T24330] ? clear_bhb_loop+0x40/0x90 [ 908.569257][T24330] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 908.569272][T24330] RIP: 0033:0x7f267219cdd9 [ 908.569286][T24330] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 908.569299][T24330] RSP: 002b:00007f2673025028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 908.569314][T24330] RAX: ffffffffffffffda RBX: 00007f2672415fa0 RCX: 00007f267219cdd9 [ 908.569324][T24330] RDX: 0000000000040000 RSI: 0000200000000240 RDI: 0000000000000003 [ 908.569333][T24330] RBP: 00007f2673025090 R08: 0000000000000000 R09: 0000000000000000 [ 908.569342][T24330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 908.569350][T24330] R13: 00007f2672416038 R14: 00007f2672415fa0 R15: 00007fff6a713c18 [ 908.569369][T24330] [ 908.987465][ T48] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 909.250763][ T5624] Bluetooth: hci4: command tx timeout [ 909.336759][T24046] bridge0: port 1(bridge_slave_0) entered blocking state [ 909.377331][T24046] bridge0: port 1(bridge_slave_0) entered disabled state [ 909.406920][T24046] bridge_slave_0: entered allmulticast mode [ 909.428207][T24046] bridge_slave_0: entered promiscuous mode [ 909.468457][T24046] bridge0: port 2(bridge_slave_1) entered blocking state [ 909.523681][T24046] bridge0: port 2(bridge_slave_1) entered disabled state [ 909.563559][T24046] bridge_slave_1: entered allmulticast mode [ 909.598968][T24046] bridge_slave_1: entered promiscuous mode [ 909.663257][ T5287] 8021q: adding VLAN 0 to HW filter on device eth2 [ 909.808085][T24046] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 909.871634][T24046] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 910.027201][T24046] team0: Port device team_slave_0 added [ 910.064820][T24046] team0: Port device team_slave_1 added [ 910.108840][ T5624] Bluetooth: hci2: command tx timeout [ 910.334637][T24046] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 910.378839][T24046] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 910.487637][T24489] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 910.487637][T24489] program syz.2.2475 not setting count and/or reply_len properly [ 910.532433][T24046] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 910.593633][T24046] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 910.636899][T24046] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 910.757410][T24494] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2475'. [ 910.800208][T24046] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 911.381265][T24046] hsr_slave_0: entered promiscuous mode [ 911.418208][T24046] hsr_slave_1: entered promiscuous mode [ 911.455828][T24046] debugfs: 'hsr0' already exists in 'hsr' [ 911.485532][T24046] Cannot create hsr debugfs directory [ 911.578117][ T5287] 8021q: adding VLAN 0 to HW filter on device eth3 [ 915.604768][T24848] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 915.604768][T24848] program syz.2.2489 not setting count and/or reply_len properly [ 915.750326][ T9963] hsr_slave_0: left promiscuous mode [ 915.783521][ T9963] hsr_slave_1: left promiscuous mode [ 915.820386][ T9963] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 915.867730][ T9963] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 915.897592][T24861] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2489'. [ 915.927689][ T9963] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 915.966346][ T9963] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 916.032178][ T9963] veth1_macvtap: left promiscuous mode [ 916.059839][ T9963] veth0_macvtap: left promiscuous mode [ 916.078207][ T9963] veth1_vlan: left promiscuous mode [ 916.109296][ T9963] veth0_vlan: left promiscuous mode [ 916.723932][ T9963] team0 (unregistering): Port device team_slave_1 removed [ 916.788219][ T9963] team0 (unregistering): Port device team_slave_0 removed [ 917.354449][T24046] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 917.419467][T24046] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 917.457296][T24046] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 917.513398][T24046] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 917.563508][T24046] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 917.660900][T24046] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 918.530203][T24046] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 918.726781][T24046] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 919.512568][T25010] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2498'. [ 919.777367][T24046] 8021q: adding VLAN 0 to HW filter on device bond0 [ 919.873615][T24046] 8021q: adding VLAN 0 to HW filter on device team0 [ 919.948281][ T1176] bridge0: port 1(bridge_slave_0) entered blocking state [ 919.955426][ T1176] bridge0: port 1(bridge_slave_0) entered forwarding state [ 920.063368][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 920.070554][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 920.479392][T24046] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 920.847458][T25042] net_ratelimit: 47 callbacks suppressed [ 920.847474][T25042] netlink: zone id is out of range [ 920.935017][T25042] netlink: zone id is out of range [ 920.998529][T25042] netlink: zone id is out of range [ 921.058452][T25042] netlink: zone id is out of range [ 921.076213][T25027] kexec: Could not allocate control_code_buffer [ 921.123954][T25042] netlink: zone id is out of range [ 921.186864][T25042] netlink: zone id is out of range [ 921.264682][T25042] netlink: zone id is out of range [ 921.339073][T25042] netlink: zone id is out of range [ 921.464891][T25042] netlink: zone id is out of range [ 921.848039][T25042] netlink: zone id is out of range [ 922.862387][T24046] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 923.056785][T25133] FAULT_INJECTION: forcing a failure. [ 923.056785][T25133] name failslab, interval 1, probability 0, space 0, times 0 [ 923.204978][T24046] veth0_vlan: entered promiscuous mode [ 923.212628][T25140] FAULT_INJECTION: forcing a failure. [ 923.212628][T25140] name failslab, interval 1, probability 0, space 0, times 0 [ 923.225968][T25133] CPU: 0 UID: 0 PID: 25133 Comm: syz.3.2504 Not tainted syzkaller #0 PREEMPT(full) [ 923.225990][T25133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 923.226001][T25133] Call Trace: [ 923.226006][T25133] [ 923.226013][T25133] dump_stack_lvl+0x100/0x190 [ 923.226037][T25133] should_fail_ex.cold+0x5/0xa [ 923.226063][T25133] should_failslab+0xc2/0x120 [ 923.226081][T25133] __kmalloc_cache_noprof+0x7a/0x6f0 [ 923.226102][T25133] ? __request_module+0x2c3/0x6c0 [ 923.226118][T25133] ? lockdep_hardirqs_on+0x78/0x100 [ 923.226150][T25133] __request_module+0x2c3/0x6c0 [ 923.226168][T25133] ? __pfx___request_module+0x10/0x10 [ 923.226184][T25133] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 923.226209][T25133] ? lockdep_init_map_type+0x5c/0x250 [ 923.226229][T25133] ? inode_init_always_gfp+0xce1/0x1000 [ 923.226255][T25133] __sock_create+0x5c4/0x860 [ 923.226279][T25133] __sys_socket+0x14d/0x260 [ 923.226299][T25133] ? __pfx___sys_socket+0x10/0x10 [ 923.226325][T25133] __x64_sys_socket+0x72/0xb0 [ 923.226345][T25133] ? lockdep_hardirqs_on+0x78/0x100 [ 923.226363][T25133] do_syscall_64+0x10b/0xf80 [ 923.226381][T25133] ? clear_bhb_loop+0x40/0x90 [ 923.226400][T25133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.226415][T25133] RIP: 0033:0x7f267219cdd9 [ 923.226429][T25133] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 923.226443][T25133] RSP: 002b:00007f2673025028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 923.226459][T25133] RAX: ffffffffffffffda RBX: 00007f2672415fa0 RCX: 00007f267219cdd9 [ 923.226469][T25133] RDX: 0000000000000001 RSI: 0000000000000003 RDI: 0000000000000025 [ 923.226478][T25133] RBP: 00007f2672232d69 R08: 0000000000000000 R09: 0000000000000000 [ 923.226487][T25133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 923.226496][T25133] R13: 00007f2672416038 R14: 00007f2672415fa0 R15: 00007fff6a713c18 [ 923.226516][T25133] [ 923.640673][T25140] CPU: 0 UID: 0 PID: 25140 Comm: syz.1.2505 Not tainted syzkaller #0 PREEMPT(full) [ 923.640696][T25140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 923.640705][T25140] Call Trace: [ 923.640711][T25140] [ 923.640717][T25140] dump_stack_lvl+0x100/0x190 [ 923.640738][T25140] should_fail_ex.cold+0x5/0xa [ 923.640757][T25140] should_failslab+0xc2/0x120 [ 923.640775][T25140] __kmalloc_cache_noprof+0x7a/0x6f0 [ 923.640796][T25140] ? alloc_fs_context+0x57/0xf40 [ 923.640821][T25140] alloc_fs_context+0x57/0xf40 [ 923.640845][T25140] path_mount+0xdbd/0x23d0 [ 923.640869][T25140] ? __pfx_path_mount+0x10/0x10 [ 923.640887][T25140] ? lockdep_hardirqs_on+0x78/0x100 [ 923.640908][T25140] ? putname+0xb1/0x110 [ 923.640926][T25140] ? kmem_cache_free+0x127/0x6c0 [ 923.640952][T25140] ? __x64_sys_mount+0x293/0x310 [ 923.640975][T25140] __x64_sys_mount+0x293/0x310 [ 923.640996][T25140] ? __pfx___x64_sys_mount+0x10/0x10 [ 923.641015][T25140] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 923.641039][T25140] ? syscall_user_dispatch+0x76/0x130 [ 923.641058][T25140] do_syscall_64+0x10b/0xf80 [ 923.641095][T25140] ? clear_bhb_loop+0x40/0x90 [ 923.641114][T25140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 923.641129][T25140] RIP: 0033:0x7f3357d9cdd9 [ 923.641142][T25140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 923.641155][T25140] RSP: 002b:00007f3358b9b028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 923.641170][T25140] RAX: ffffffffffffffda RBX: 00007f3358015fa0 RCX: 00007f3357d9cdd9 [ 923.641180][T25140] RDX: 0000200000000140 RSI: 00002000000000c0 RDI: 0000000000000000 [ 923.641189][T25140] RBP: 00007f3358b9b090 R08: 0000000000000000 R09: 0000000000000000 [ 923.641198][T25140] R10: 000000000000000f R11: 0000000000000246 R12: 0000000000000001 [ 923.641206][T25140] R13: 00007f3358016038 R14: 00007f3358015fa0 R15: 00007ffe9f2bbd78 [ 923.641225][T25140] [ 923.910398][T24046] veth1_vlan: entered promiscuous mode [ 923.928440][T24046] veth0_macvtap: entered promiscuous mode [ 923.937097][T24046] veth1_macvtap: entered promiscuous mode [ 923.951975][T24046] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 923.961729][T24046] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 923.998622][T25146] sg_write: data in/out 808464396/28904 bytes for SCSI command 0x0-- guessing data in; [ 923.998622][T25146] program syz.1.2507 not setting count and/or reply_len properly [ 926.927984][T12279] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 926.945322][T12279] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 927.138213][T12279] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 927.201123][T12279] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 927.252556][T12279] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 927.310892][T12279] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 927.431084][ T9963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 927.480248][ T9963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 927.625990][T25184] FAULT_INJECTION: forcing a failure. [ 927.625990][T25184] name failslab, interval 1, probability 0, space 0, times 0 [ 927.706496][T25184] CPU: 0 UID: 0 PID: 25184 Comm: syz.1.2509 Not tainted syzkaller #0 PREEMPT(full) [ 927.706520][T25184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 927.706531][T25184] Call Trace: [ 927.706537][T25184] [ 927.706544][T25184] dump_stack_lvl+0x100/0x190 [ 927.706566][T25184] should_fail_ex.cold+0x5/0xa [ 927.706587][T25184] should_failslab+0xc2/0x120 [ 927.706605][T25184] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 927.706629][T25184] ? __proc_create+0x2cb/0x8c0 [ 927.706651][T25184] __proc_create+0x2cb/0x8c0 [ 927.706670][T25184] ? __pfx___proc_create+0x10/0x10 [ 927.706688][T25184] ? __lock_acquire+0x4a5/0x2630 [ 927.706703][T25184] ? proc_register+0x559/0x8a0 [ 927.706732][T25184] proc_create_reg+0x75/0x170 [ 927.706754][T25184] proc_create_data+0x86/0x110 [ 927.706775][T25184] ? __pfx_proc_create_data+0x10/0x10 [ 927.706794][T25184] ? net_generic+0xea/0x2a0 [ 927.706818][T25184] gss_svc_init_net+0x233/0x640 [ 927.706836][T25184] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 927.706859][T25184] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 927.706879][T25184] ops_init+0x1e2/0x5f0 [ 927.706899][T25184] setup_net+0x118/0x3a0 [ 927.706916][T25184] ? __pfx_setup_net+0x10/0x10 [ 927.706932][T25184] ? mutex_init_lockdep+0xf1/0x120 [ 927.706951][T25184] copy_net_ns+0x46f/0x7c0 [ 927.706971][T25184] create_new_namespaces+0x3ea/0xac0 [ 927.706996][T25184] unshare_nsproxy_namespaces+0xf2/0x220 [ 927.707017][T25184] ksys_unshare+0x438/0xab0 [ 927.707041][T25184] ? __pfx_ksys_unshare+0x10/0x10 [ 927.707061][T25184] ? xfd_validate_state+0x129/0x190 [ 927.707084][T25184] __x64_sys_unshare+0x31/0x40 [ 927.707108][T25184] do_syscall_64+0x10b/0xf80 [ 927.707127][T25184] ? clear_bhb_loop+0x40/0x90 [ 927.707146][T25184] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 927.707163][T25184] RIP: 0033:0x7f3357d9cdd9 [ 927.707177][T25184] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 927.707191][T25184] RSP: 002b:00007f3358b9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 927.707207][T25184] RAX: ffffffffffffffda RBX: 00007f3358015fa0 RCX: 00007f3357d9cdd9 [ 927.707217][T25184] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 927.707226][T25184] RBP: 00007f3357e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 927.707236][T25184] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 927.707245][T25184] R13: 00007f3358016038 R14: 00007f3358015fa0 R15: 00007ffe9f2bbd78 [ 927.707265][T25184] [ 927.981175][T25189] sd 0:0:1:0: PR command failed: 1026 [ 927.986866][T25189] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 927.993870][T25189] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 931.550428][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.577157][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 932.408114][T25290] kexec: Could not allocate control_code_buffer [ 934.411752][T25394] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2527'. [ 934.823954][T25420] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 934.823954][T25420] program syz.3.2528 not setting count and/or reply_len properly [ 935.364259][T25427] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2528'. [ 935.644371][T25387] kexec: Could not allocate control_code_buffer [ 936.577458][T25449] [U] ^\ [ 938.696494][T25497] FAULT_INJECTION: forcing a failure. [ 938.696494][T25497] name fail_futex, interval 1, probability 0, space 0, times 0 [ 938.997935][T25497] CPU: 0 UID: 0 PID: 25497 Comm: syz.2.2539 Not tainted syzkaller #0 PREEMPT(full) [ 938.997959][T25497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 938.997970][T25497] Call Trace: [ 938.997976][T25497] [ 938.997983][T25497] dump_stack_lvl+0x100/0x190 [ 938.998007][T25497] should_fail_ex.cold+0x5/0xa [ 938.998027][T25497] get_futex_key+0xf78/0x1510 [ 938.998045][T25497] ? __pfx_get_futex_key+0x10/0x10 [ 938.998061][T25497] ? get_futex_key+0x4e8/0x1510 [ 938.998080][T25497] futex_wait_setup+0x83/0x510 [ 938.998104][T25497] futex_wait_requeue_pi+0x240/0x890 [ 938.998125][T25497] ? __pfx_futex_wait_requeue_pi+0x10/0x10 [ 938.998144][T25497] ? preempt_schedule_thunk+0x16/0x30 [ 938.998170][T25497] ? preempt_schedule_thunk+0x16/0x30 [ 938.998199][T25497] ? __pfx_try_to_wake_up+0x10/0x10 [ 938.998223][T25497] ? futex_private_hash_put+0x107/0x1c0 [ 938.998250][T25497] ? __pfx_futex_wake_mark+0x10/0x10 [ 938.998275][T25497] ? __fget_files+0x21f/0x3d0 [ 938.998295][T25497] do_futex+0x24f/0x350 [ 938.998312][T25497] ? __pfx_do_futex+0x10/0x10 [ 938.998333][T25497] __x64_sys_futex+0x34f/0x4d0 [ 938.998351][T25497] ? __pfx___x64_sys_futex+0x10/0x10 [ 938.998367][T25497] ? ksys_write+0x1ac/0x250 [ 938.998386][T25497] ? rcu_is_watching+0x12/0xc0 [ 938.998406][T25497] do_syscall_64+0x10b/0xf80 [ 938.998425][T25497] ? clear_bhb_loop+0x40/0x90 [ 938.998444][T25497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 938.998461][T25497] RIP: 0033:0x7f067b99cdd9 [ 938.998474][T25497] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 938.998490][T25497] RSP: 002b:00007f067c809028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 938.998506][T25497] RAX: ffffffffffffffda RBX: 00007f067bc15fa0 RCX: 00007f067b99cdd9 [ 938.998516][T25497] RDX: 000000000000fff2 RSI: 000000000000000b RDI: 0000200000000080 [ 938.998525][T25497] RBP: 00007f067ba32d69 R08: 0000000000000000 R09: 00000000fffffffa [ 938.998535][T25497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 938.998544][T25497] R13: 00007f067bc16038 R14: 00007f067bc15fa0 R15: 00007ffec584dea8 [ 938.998563][T25497] [ 941.832604][T25547] random: crng reseeded on system resumption [ 942.944756][T25538] kexec: Could not allocate control_code_buffer [ 944.506370][T25611] FAULT_INJECTION: forcing a failure. [ 944.506370][T25611] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 944.576249][T25611] CPU: 0 UID: 0 PID: 25611 Comm: syz.0.2550 Not tainted syzkaller #0 PREEMPT(full) [ 944.576270][T25611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 944.576280][T25611] Call Trace: [ 944.576285][T25611] [ 944.576291][T25611] dump_stack_lvl+0x100/0x190 [ 944.576312][T25611] should_fail_ex.cold+0x5/0xa [ 944.576333][T25611] _copy_to_user+0x32/0xd0 [ 944.576359][T25611] simple_read_from_buffer+0xcb/0x170 [ 944.576378][T25611] proc_fail_nth_read+0x1af/0x230 [ 944.576403][T25611] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 944.576427][T25611] ? rw_verify_area+0xce/0x6d0 [ 944.576441][T25611] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 944.576464][T25611] vfs_read+0x1e4/0xb30 [ 944.576483][T25611] ? __pfx_vfs_read+0x10/0x10 [ 944.576498][T25611] ? __fget_files+0x215/0x3d0 [ 944.576519][T25611] ? __fget_files+0x21f/0x3d0 [ 944.576541][T25611] ksys_read+0x12a/0x250 [ 944.576560][T25611] ? __pfx_ksys_read+0x10/0x10 [ 944.576578][T25611] ? rcu_is_watching+0x12/0xc0 [ 944.576598][T25611] do_syscall_64+0x10b/0xf80 [ 944.576618][T25611] ? clear_bhb_loop+0x40/0x90 [ 944.576636][T25611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.576651][T25611] RIP: 0033:0x7fe356f5d60e [ 944.576663][T25611] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 944.576676][T25611] RSP: 002b:00007fe357e37fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 944.576690][T25611] RAX: ffffffffffffffda RBX: 00007fe357e386c0 RCX: 00007fe356f5d60e [ 944.576700][T25611] RDX: 000000000000000f RSI: 00007fe357e380a0 RDI: 0000000000000006 [ 944.576709][T25611] RBP: 00007fe357e38090 R08: 0000000000000000 R09: 0000000000000000 [ 944.576718][T25611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 944.576726][T25611] R13: 00007fe357216038 R14: 00007fe357215fa0 R15: 00007fff5fbe4ac8 [ 944.576745][T25611] [ 945.278367][T25626] FAULT_INJECTION: forcing a failure. [ 945.278367][T25626] name fail_futex, interval 1, probability 0, space 0, times 0 [ 945.334572][T25626] CPU: 0 UID: 0 PID: 25626 Comm: syz.1.2554 Not tainted syzkaller #0 PREEMPT(full) [ 945.334595][T25626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 945.334605][T25626] Call Trace: [ 945.334611][T25626] [ 945.334617][T25626] dump_stack_lvl+0x100/0x190 [ 945.334639][T25626] should_fail_ex.cold+0x5/0xa [ 945.334659][T25626] get_futex_key+0x1d2/0x1510 [ 945.334677][T25626] ? __pfx_get_futex_key+0x10/0x10 [ 945.334698][T25626] futex_wake+0xea/0x530 [ 945.334719][T25626] ? __do_sys_mremap+0x97f/0x1850 [ 945.334747][T25626] ? __pfx_futex_wake+0x10/0x10 [ 945.334770][T25626] ? __pfx___do_sys_mremap+0x10/0x10 [ 945.334796][T25626] do_futex+0x32b/0x350 [ 945.334813][T25626] ? __pfx_do_futex+0x10/0x10 [ 945.334835][T25626] __x64_sys_futex+0x34f/0x4d0 [ 945.334854][T25626] ? __pfx___x64_sys_futex+0x10/0x10 [ 945.334874][T25626] ? rcu_is_watching+0x12/0xc0 [ 945.334894][T25626] do_syscall_64+0x10b/0xf80 [ 945.334914][T25626] ? clear_bhb_loop+0x40/0x90 [ 945.334932][T25626] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.334947][T25626] RIP: 0033:0x7f3357d9cdd9 [ 945.334961][T25626] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 945.334975][T25626] RSP: 002b:00007f3358b9b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 945.334990][T25626] RAX: ffffffffffffffda RBX: 00007f3358015fa8 RCX: 00007f3357d9cdd9 [ 945.335000][T25626] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3358015fac [ 945.335009][T25626] RBP: 00007f3358015fa0 R08: 0000000000000001 R09: 0000000000000000 [ 945.335018][T25626] R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.335027][T25626] R13: 00007f3358016038 R14: 00007ffe9f2bbc90 R15: 00007ffe9f2bbd78 [ 945.335047][T25626] [ 945.622163][T25631] nvme_fcloop: unknown parameter or missing value '7="­ÿù;¤°&Lë=j³"Yq'R"' [ 945.817890][T25631] FAULT_INJECTION: forcing a failure. [ 945.817890][T25631] name failslab, interval 1, probability 0, space 0, times 0 [ 945.895437][T25631] CPU: 0 UID: 0 PID: 25631 Comm: syz.2.2555 Not tainted syzkaller #0 PREEMPT(full) [ 945.895461][T25631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 945.895471][T25631] Call Trace: [ 945.895477][T25631] [ 945.895484][T25631] dump_stack_lvl+0x100/0x190 [ 945.895506][T25631] should_fail_ex.cold+0x5/0xa [ 945.895527][T25631] should_failslab+0xc2/0x120 [ 945.895545][T25631] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 945.895568][T25631] ? __mpol_dup+0x74/0x390 [ 945.895591][T25631] __mpol_dup+0x74/0x390 [ 945.895610][T25631] ? __pfx___mpol_dup+0x10/0x10 [ 945.895633][T25631] mbind_range+0x2ad/0x550 [ 945.895655][T25631] do_mbind+0x7dc/0xfd0 [ 945.895679][T25631] ? __pfx_do_mbind+0x10/0x10 [ 945.895699][T25631] ? ksys_write+0x190/0x250 [ 945.895725][T25631] ? __pfx_get_nodes+0x10/0x10 [ 945.895745][T25631] kernel_mbind+0x1b7/0x200 [ 945.895766][T25631] ? __pfx_kernel_mbind+0x10/0x10 [ 945.895788][T25631] ? rcu_is_watching+0x12/0xc0 [ 945.895808][T25631] do_syscall_64+0x10b/0xf80 [ 945.895827][T25631] ? clear_bhb_loop+0x40/0x90 [ 945.895845][T25631] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 945.895860][T25631] RIP: 0033:0x7f067b99cdd9 [ 945.895874][T25631] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 945.895889][T25631] RSP: 002b:00007f067c7e8028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 945.895904][T25631] RAX: ffffffffffffffda RBX: 00007f067bc16090 RCX: 00007f067b99cdd9 [ 945.895914][T25631] RDX: 0000000000000004 RSI: 00000000002091d2 RDI: 0000000000000000 [ 945.895923][T25631] RBP: 00007f067ba32d69 R08: 0000002000000006 R09: 0000000000000002 [ 945.895933][T25631] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 945.895942][T25631] R13: 00007f067bc16128 R14: 00007f067bc16090 R15: 00007ffec584dea8 [ 945.895962][T25631] [ 946.242410][T25662] [U] ^\ [ 947.052790][T25624] [U] ^\ [ 947.254456][T25682] FAULT_INJECTION: forcing a failure. [ 947.254456][T25682] name failslab, interval 1, probability 0, space 0, times 0 [ 947.357182][T25682] CPU: 0 UID: 0 PID: 25682 Comm: syz.1.2561 Not tainted syzkaller #0 PREEMPT(full) [ 947.357205][T25682] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 947.357215][T25682] Call Trace: [ 947.357221][T25682] [ 947.357227][T25682] dump_stack_lvl+0x100/0x190 [ 947.357250][T25682] should_fail_ex.cold+0x5/0xa [ 947.357271][T25682] should_failslab+0xc2/0x120 [ 947.357290][T25682] __kvmalloc_node_noprof+0xfa/0xa00 [ 947.357305][T25682] ? alloc_netdev_mqs+0xcef/0x1560 [ 947.357323][T25682] ? lockdep_init_map_type+0x5c/0x250 [ 947.357342][T25682] alloc_netdev_mqs+0xcef/0x1560 [ 947.357364][T25682] ppp_ioctl+0x954/0x27c0 [ 947.357388][T25682] ? find_held_lock+0x2b/0x80 [ 947.357407][T25682] ? __pfx_ppp_ioctl+0x10/0x10 [ 947.357432][T25682] ? __fget_files+0x21f/0x3d0 [ 947.357453][T25682] ? __pfx_ppp_ioctl+0x10/0x10 [ 947.357475][T25682] __x64_sys_ioctl+0x18e/0x210 [ 947.357491][T25682] do_syscall_64+0x10b/0xf80 [ 947.357510][T25682] ? clear_bhb_loop+0x40/0x90 [ 947.357528][T25682] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 947.357544][T25682] RIP: 0033:0x7f3357d9cdd9 [ 947.357558][T25682] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 947.357573][T25682] RSP: 002b:00007f3358b9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 947.357588][T25682] RAX: ffffffffffffffda RBX: 00007f3358015fa0 RCX: 00007f3357d9cdd9 [ 947.357598][T25682] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 000000000000000e [ 947.357607][T25682] RBP: 00007f3357e32d69 R08: 0000000000000000 R09: 0000000000000000 [ 947.357616][T25682] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 947.357625][T25682] R13: 00007f3358016038 R14: 00007f3358015fa0 R15: 00007ffe9f2bbd78 [ 947.357645][T25682] [ 949.055475][T25772] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2564'. [ 949.406376][T25801] __vm_enough_memory: pid: 25801, comm: syz.1.2567, bytes: 4398046457856 not enough memory for the allocation [ 949.444357][T25778] net_ratelimit: 47 callbacks suppressed [ 949.444373][T25778] netlink: zone id is out of range [ 949.471880][T25778] netlink: zone id is out of range [ 949.493938][T25778] netlink: zone id is out of range [ 949.520966][T25778] netlink: zone id is out of range [ 949.571575][T25778] netlink: zone id is out of range [ 949.616432][T25778] netlink: zone id is out of range [ 949.663716][T25778] netlink: zone id is out of range [ 949.709458][T25778] netlink: zone id is out of range [ 949.764166][T25778] netlink: zone id is out of range [ 949.809972][T25778] netlink: zone id is out of range [ 951.521770][T25871] [U] ^\ [ 951.926152][T25886] FAULT_INJECTION: forcing a failure. [ 951.926152][T25886] name fail_futex, interval 1, probability 0, space 0, times 0 [ 951.995685][T25886] CPU: 0 UID: 0 PID: 25886 Comm: syz.2.2581 Not tainted syzkaller #0 PREEMPT(full) [ 951.995708][T25886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 951.995718][T25886] Call Trace: [ 951.995724][T25886] [ 951.995730][T25886] dump_stack_lvl+0x100/0x190 [ 951.995753][T25886] should_fail_ex.cold+0x5/0xa [ 951.995774][T25886] get_futex_key+0x1d2/0x1510 [ 951.995792][T25886] ? __pfx_get_futex_key+0x10/0x10 [ 951.995813][T25886] futex_wake+0xea/0x530 [ 951.995833][T25886] ? __do_sys_mremap+0x97f/0x1850 [ 951.995858][T25886] ? __pfx_futex_wake+0x10/0x10 [ 951.995882][T25886] ? __pfx___do_sys_mremap+0x10/0x10 [ 951.995908][T25886] do_futex+0x32b/0x350 [ 951.995925][T25886] ? __pfx_do_futex+0x10/0x10 [ 951.995945][T25886] __x64_sys_futex+0x34f/0x4d0 [ 951.995964][T25886] ? __pfx___x64_sys_futex+0x10/0x10 [ 951.995983][T25886] ? rcu_is_watching+0x12/0xc0 [ 951.996004][T25886] do_syscall_64+0x10b/0xf80 [ 951.996022][T25886] ? clear_bhb_loop+0x40/0x90 [ 951.996041][T25886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 951.996056][T25886] RIP: 0033:0x7f067b99cdd9 [ 951.996070][T25886] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 951.996085][T25886] RSP: 002b:00007f067c8090e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 951.996100][T25886] RAX: ffffffffffffffda RBX: 00007f067bc15fa8 RCX: 00007f067b99cdd9 [ 951.996111][T25886] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f067bc15fac [ 951.996120][T25886] RBP: 00007f067bc15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 951.996129][T25886] R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000 [ 951.996138][T25886] R13: 00007f067bc16038 R14: 00007ffec584ddc0 R15: 00007ffec584dea8 [ 951.996157][T25886] [ 955.310263][T25969] sg_write: data in/out 7954760/65493 bytes for SCSI command 0x0-- guessing data in; [ 955.310263][T25969] program syz.3.2589 not setting count and/or reply_len properly [ 955.822481][T26000] [U] ^\ [ 958.836215][T26078] FAULT_INJECTION: forcing a failure. [ 958.836215][T26078] name failslab, interval 1, probability 0, space 0, times 0 [ 959.446537][T26078] CPU: 0 UID: 0 PID: 26078 Comm: syz.0.2598 Not tainted syzkaller #0 PREEMPT(full) [ 959.446563][T26078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 959.446572][T26078] Call Trace: [ 959.446578][T26078] [ 959.446584][T26078] dump_stack_lvl+0x100/0x190 [ 959.446605][T26078] should_fail_ex.cold+0x5/0xa [ 959.446626][T26078] ? constrain_params_by_rules+0x175/0xcc0 [ 959.446650][T26078] should_failslab+0xc2/0x120 [ 959.446667][T26078] __kmalloc_noprof+0xe0/0x850 [ 959.446690][T26078] ? unwind_get_return_address+0x59/0xa0 [ 959.446714][T26078] constrain_params_by_rules+0x175/0xcc0 [ 959.446741][T26078] ? stack_trace_save+0x8e/0xc0 [ 959.446764][T26078] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 959.446797][T26078] ? __kasan_kmalloc+0xaa/0xb0 [ 959.446810][T26078] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 959.446832][T26078] ? snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 959.446852][T26078] ? snd_pcm_oss_read+0x3d4/0x730 [ 959.446879][T26078] ? snd_interval_refine+0x2d0/0x580 [ 959.446898][T26078] snd_pcm_hw_refine+0x7e7/0xad0 [ 959.446924][T26078] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 959.446956][T26078] ? snd_interval_refine+0x2d0/0x580 [ 959.446974][T26078] snd_pcm_oss_change_params_locked+0xdb3/0x39f0 [ 959.447004][T26078] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 959.447040][T26078] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 959.447063][T26078] snd_pcm_oss_read+0x3d4/0x730 [ 959.447087][T26078] ? __pfx_snd_pcm_oss_read+0x10/0x10 [ 959.447110][T26078] vfs_read+0x1e4/0xb30 [ 959.447129][T26078] ? __pfx_vfs_read+0x10/0x10 [ 959.447143][T26078] ? find_held_lock+0x2b/0x80 [ 959.447162][T26078] ? __fget_files+0x215/0x3d0 [ 959.447178][T26078] ? __fget_files+0x215/0x3d0 [ 959.447198][T26078] ? __fget_files+0x21f/0x3d0 [ 959.447220][T26078] ksys_read+0x12a/0x250 [ 959.447235][T26078] ? __pfx_ksys_read+0x10/0x10 [ 959.447253][T26078] ? rcu_is_watching+0x12/0xc0 [ 959.447273][T26078] do_syscall_64+0x10b/0xf80 [ 959.447292][T26078] ? clear_bhb_loop+0x40/0x90 [ 959.447310][T26078] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 959.447325][T26078] RIP: 0033:0x7fe356f9cdd9 [ 959.447338][T26078] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 959.447352][T26078] RSP: 002b:00007fe357df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 959.447366][T26078] RAX: ffffffffffffffda RBX: 00007fe357216180 RCX: 00007fe356f9cdd9 [ 959.447376][T26078] RDX: 0000000000008080 RSI: 0000000000000000 RDI: 0000000000000003 [ 959.447384][T26078] RBP: 00007fe357df6090 R08: 0000000000000000 R09: 0000000000000000 [ 959.447393][T26078] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 959.447402][T26078] R13: 00007fe357216218 R14: 00007fe357216180 R15: 00007fff5fbe4ac8 [ 959.447421][T26078] [ 959.953166][T26067] kexec: Could not allocate control_code_buffer [ 963.786684][T26168] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 964.508813][ T5624] Bluetooth: hci4: command 0x0406 tx timeout [ 965.869321][ T5624] Bluetooth: hci2: command tx timeout [ 967.063355][T26338] FAULT_INJECTION: forcing a failure. [ 967.063355][T26338] name failslab, interval 1, probability 0, space 0, times 0 [ 967.180376][T26338] CPU: 0 UID: 0 PID: 26338 Comm: syz.2.2610 Not tainted syzkaller #0 PREEMPT(full) [ 967.180399][T26338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 967.180409][T26338] Call Trace: [ 967.180415][T26338] [ 967.180421][T26338] dump_stack_lvl+0x100/0x190 [ 967.180443][T26338] should_fail_ex.cold+0x5/0xa [ 967.180462][T26338] ? tomoyo_realpath_from_path+0xb6/0x690 [ 967.180480][T26338] should_failslab+0xc2/0x120 [ 967.180498][T26338] __kmalloc_noprof+0xe0/0x850 [ 967.180521][T26338] ? kfree+0x1dd/0x6c0 [ 967.180544][T26338] tomoyo_realpath_from_path+0xb6/0x690 [ 967.180566][T26338] tomoyo_path_number_perm+0x23c/0x580 [ 967.180581][T26338] ? tomoyo_path_number_perm+0x22e/0x580 [ 967.180596][T26338] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 967.180629][T26338] ? find_held_lock+0x2b/0x80 [ 967.180648][T26338] ? __fget_files+0x215/0x3d0 [ 967.180664][T26338] ? hook_file_ioctl_common+0x149/0x410 [ 967.180678][T26338] ? __fget_files+0x215/0x3d0 [ 967.180698][T26338] ? __fget_files+0x21f/0x3d0 [ 967.180717][T26338] security_file_ioctl+0xd3/0x230 [ 967.180733][T26338] __x64_sys_ioctl+0xb7/0x210 [ 967.180749][T26338] do_syscall_64+0x10b/0xf80 [ 967.180768][T26338] ? clear_bhb_loop+0x40/0x90 [ 967.180789][T26338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 967.180805][T26338] RIP: 0033:0x7f067b99cdd9 [ 967.180818][T26338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 967.180832][T26338] RSP: 002b:00007f067c7c7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 967.180846][T26338] RAX: ffffffffffffffda RBX: 00007f067bc16180 RCX: 00007f067b99cdd9 [ 967.180856][T26338] RDX: 0000000000000000 RSI: 000000000000541c RDI: 0000000000000007 [ 967.180864][T26338] RBP: 00007f067c7c7090 R08: 0000000000000000 R09: 0000000000000000 [ 967.180873][T26338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 967.180882][T26338] R13: 00007f067bc16218 R14: 00007f067bc16180 R15: 00007ffec584dea8 [ 967.180900][T26338] [ 967.180926][T26338] ERROR: Out of memory at tomoyo_realpath_from_path. [ 968.575681][T26332] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 968.629314][T26332] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 968.659133][T26332] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 968.692413][T26332] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 968.779470][T26332] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 968.813850][T26332] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 968.866492][T26332] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 969.069121][ T5624] Bluetooth: hci3: command 0x0c1a tx timeout [ 969.469014][ T5624] Bluetooth: hci3: unexpected subevent 0x05 length: 123 > 12 [ 970.096135][T26385] Process accounting resumed [ 970.669639][ T5624] Bluetooth: hci4: command 0x0406 tx timeout [ 970.675713][T26168] Bluetooth: hci0: command 0x0c1a tx timeout [ 970.828978][ T5624] Bluetooth: hci2: command 0x0c1a tx timeout [ 971.548838][ T5624] Bluetooth: hci3: command 0x0c1a tx timeout [ 972.353397][T26410] kexec: Could not allocate control_code_buffer [ 972.525144][T26439] FAULT_INJECTION: forcing a failure. [ 972.525144][T26439] name failslab, interval 1, probability 0, space 0, times 0 [ 972.585567][T26439] CPU: 0 UID: 0 PID: 26439 Comm: syz.0.2630 Not tainted syzkaller #0 PREEMPT(full) [ 972.585596][T26439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 972.585605][T26439] Call Trace: [ 972.585611][T26439] [ 972.585617][T26439] dump_stack_lvl+0x100/0x190 [ 972.585639][T26439] should_fail_ex.cold+0x5/0xa [ 972.585659][T26439] should_failslab+0xc2/0x120 [ 972.585677][T26439] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 972.585700][T26439] ? vm_area_dup+0x27/0x8e0 [ 972.585724][T26439] vm_area_dup+0x27/0x8e0 [ 972.585746][T26439] __split_vma+0x18c/0xd90 [ 972.585768][T26439] ? __pfx_hugetlb_change_protection+0x10/0x10 [ 972.585791][T26439] ? __pfx___split_vma+0x10/0x10 [ 972.585822][T26439] vma_modify+0x12ad/0x25c0 [ 972.585848][T26439] ? change_protection+0x4e0/0x52a0 [ 972.585872][T26439] ? __pfx_vma_modify+0x10/0x10 [ 972.585905][T26439] vma_modify_flags+0x257/0x3d0 [ 972.585928][T26439] ? __pfx_vma_modify_flags+0x10/0x10 [ 972.585959][T26439] ? __pfx_ima_file_mprotect+0x10/0x10 [ 972.585981][T26439] ? aa_file_perm+0x7e4/0x14d0 [ 972.585999][T26439] ? aa_file_perm+0x7e4/0x14d0 [ 972.586019][T26439] mprotect_fixup+0x27a/0xe30 [ 972.586045][T26439] ? __pfx_mprotect_fixup+0x10/0x10 [ 972.586083][T26439] do_mprotect_pkey+0xa4b/0xef0 [ 972.586111][T26439] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 972.586139][T26439] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 972.586163][T26439] ? __fget_files+0x21f/0x3d0 [ 972.586187][T26439] ? __pfx_ksys_write+0x10/0x10 [ 972.586207][T26439] __x64_sys_mprotect+0x78/0xc0 [ 972.586228][T26439] ? lockdep_hardirqs_on+0x78/0x100 [ 972.586247][T26439] do_syscall_64+0x10b/0xf80 [ 972.586265][T26439] ? clear_bhb_loop+0x40/0x90 [ 972.586283][T26439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 972.586298][T26439] RIP: 0033:0x7fe356f9cdd9 [ 972.586311][T26439] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 972.586325][T26439] RSP: 002b:00007fe357e38028 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 972.586340][T26439] RAX: ffffffffffffffda RBX: 00007fe357215fa0 RCX: 00007fe356f9cdd9 [ 972.586349][T26439] RDX: 0000000000000006 RSI: 0000000000806121 RDI: 0000000000000000 [ 972.586358][T26439] RBP: 00007fe357e38090 R08: 0000000000000000 R09: 0000000000000000 [ 972.586367][T26439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 972.586375][T26439] R13: 00007fe357216038 R14: 00007fe357215fa0 R15: 00007fff5fbe4ac8 [ 972.586394][T26439] [ 972.893824][ T5624] Bluetooth: hci4: command 0x0406 tx timeout [ 972.921087][T26168] Bluetooth: hci2: command 0x0c1a tx timeout [ 973.189200][T26427] input: f¬ as /devices/virtual/input/input14 [ 974.992229][ T5624] Bluetooth: hci2: command 0x0c1a tx timeout [ 976.718055][T26482] kexec: Could not allocate control_code_buffer [ 982.441699][T26767] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 982.441699][T26767] program syz.3.2657 not setting count and/or reply_len properly [ 982.566954][T26767] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2657'. [ 987.756781][T26963] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 987.756781][T26963] program syz.1.2678 not setting count and/or reply_len properly [ 988.100981][T26963] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2678'. [ 989.494109][T27004] overlayfs: missing 'lowerdir' [ 989.850758][T27011] vivid-007: ================= START STATUS ================= [ 990.051128][T27011] vivid-007: Generate PTS: true [ 990.236349][T27011] vivid-007: Generate SCR: true [ 990.469404][T27016] FAULT_INJECTION: forcing a failure. [ 990.469404][T27016] name failslab, interval 1, probability 0, space 0, times 0 [ 990.835314][T27011] tpg source WxH: 320x240 (Y'CbCr) [ 990.955021][T27011] tpg field: 1 [ 991.013639][T27011] tpg crop: (0,0)/320x240 [ 991.132166][T27016] CPU: 0 UID: 0 PID: 27016 Comm: syz.3.2682 Not tainted syzkaller #0 PREEMPT(full) [ 991.132190][T27016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 991.132200][T27016] Call Trace: [ 991.132206][T27016] [ 991.132214][T27016] dump_stack_lvl+0x100/0x190 [ 991.132237][T27016] should_fail_ex.cold+0x5/0xa [ 991.132259][T27016] should_failslab+0xc2/0x120 [ 991.132277][T27016] __kmalloc_cache_noprof+0x7a/0x6f0 [ 991.132299][T27016] ? snd_seq_oss_writeq_new+0xb5/0x2b0 [ 991.132320][T27016] snd_seq_oss_writeq_new+0xb5/0x2b0 [ 991.132337][T27016] ? __pfx_snd_seq_oss_writeq_new+0x10/0x10 [ 991.132360][T27016] ? __raw_spin_lock_init+0x3a/0x110 [ 991.132382][T27016] snd_seq_oss_open+0x7bc/0xa10 [ 991.132406][T27016] odev_open+0x6f/0x90 [ 991.132423][T27016] ? __pfx_odev_open+0x10/0x10 [ 991.132440][T27016] soundcore_open+0x2e3/0x5a0 [ 991.132461][T27016] ? __pfx_soundcore_open+0x10/0x10 [ 991.132480][T27016] chrdev_open+0x234/0x6a0 [ 991.132499][T27016] ? __pfx_apparmor_file_open+0x10/0x10 [ 991.132522][T27016] ? __pfx_chrdev_open+0x10/0x10 [ 991.132541][T27016] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 991.132566][T27016] do_dentry_open+0x6d8/0x1660 [ 991.132585][T27016] ? __pfx_chrdev_open+0x10/0x10 [ 991.132608][T27016] vfs_open+0x82/0x3f0 [ 991.132632][T27016] path_openat+0x208c/0x31a0 [ 991.132657][T27016] ? __pfx_path_openat+0x10/0x10 [ 991.132682][T27016] do_file_open+0x20e/0x430 [ 991.132702][T27016] ? __pfx_do_file_open+0x10/0x10 [ 991.132734][T27016] ? alloc_fd+0x476/0x790 [ 991.132754][T27016] ? do_getname+0x191/0x390 [ 991.132777][T27016] do_sys_openat2+0x10d/0x1e0 [ 991.132799][T27016] ? __pfx_do_sys_openat2+0x10/0x10 [ 991.132840][T27016] __x64_sys_openat+0x12d/0x210 [ 991.132864][T27016] ? __pfx___x64_sys_openat+0x10/0x10 [ 991.132891][T27016] ? rcu_is_watching+0x12/0xc0 [ 991.132912][T27016] do_syscall_64+0x10b/0xf80 [ 991.132935][T27016] ? clear_bhb_loop+0x40/0x90 [ 991.132954][T27016] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 991.132970][T27016] RIP: 0033:0x7f267219cdd9 [ 991.132985][T27016] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 991.133001][T27016] RSP: 002b:00007f2672fe3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 991.133017][T27016] RAX: ffffffffffffffda RBX: 00007f2672416180 RCX: 00007f267219cdd9 [ 991.133027][T27016] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 991.133037][T27016] RBP: 00007f2672232d69 R08: 0000000000000000 R09: 0000000000000000 [ 991.133048][T27016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 991.133058][T27016] R13: 00007f2672416218 R14: 00007f2672416180 R15: 00007fff6a713c18 [ 991.133077][T27016] [ 991.469837][T27011] tpg compose: (0,0)/320x240 [ 991.474608][T27011] tpg colorspace: 8 [ 991.480452][T27011] tpg transfer function: 0/0 [ 991.485044][T27011] tpg Y'CbCr encoding: 0/0 [ 991.489500][T27011] tpg quantization: 0/0 [ 991.493704][T27011] tpg RGB range: 0/2 [ 991.497582][T27011] vivid-007: ================== END STATUS ================== [ 992.021671][T27064] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 992.994976][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.004596][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.053542][T27086] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.2691'. [ 994.227746][ T30] audit: type=1806 audit(4294967785.780:7): res=-14 [ 994.849627][T27171] FAULT_INJECTION: forcing a failure. [ 994.849627][T27171] name failslab, interval 1, probability 0, space 0, times 0 [ 994.931237][T27171] CPU: 0 UID: 0 PID: 27171 Comm: syz.0.2698 Not tainted syzkaller #0 PREEMPT(full) [ 994.931262][T27171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 994.931273][T27171] Call Trace: [ 994.931279][T27171] [ 994.931286][T27171] dump_stack_lvl+0x100/0x190 [ 994.931309][T27171] should_fail_ex.cold+0x5/0xa [ 994.931329][T27171] should_failslab+0xc2/0x120 [ 994.931348][T27171] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 994.931372][T27171] ? __d_alloc+0x34/0xa40 [ 994.931397][T27171] __d_alloc+0x34/0xa40 [ 994.931421][T27171] d_alloc_parallel+0x111/0x14e0 [ 994.931440][T27171] ? __lock_acquire+0x4a5/0x2630 [ 994.931458][T27171] ? __pfx_d_alloc_parallel+0x10/0x10 [ 994.931475][T27171] ? lockdep_init_map_type+0x5c/0x250 [ 994.931491][T27171] ? lockdep_init_map_type+0x5c/0x250 [ 994.931509][T27171] __lookup_slow+0x193/0x460 [ 994.931532][T27171] ? __pfx___lookup_slow+0x10/0x10 [ 994.931563][T27171] ? __d_lookup+0x266/0x4a0 [ 994.931582][T27171] lookup_slow+0x50/0x70 [ 994.931604][T27171] link_path_walk+0x1377/0x1cc0 [ 994.931631][T27171] path_openat+0x1be/0x31a0 [ 994.931648][T27171] ? kasan_save_stack+0x3f/0x50 [ 994.931662][T27171] ? kasan_save_stack+0x30/0x50 [ 994.931675][T27171] ? kasan_save_track+0x14/0x30 [ 994.931689][T27171] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 994.931718][T27171] ? __pfx_path_openat+0x10/0x10 [ 994.931749][T27171] do_file_open+0x20e/0x430 [ 994.931771][T27171] ? __pfx_do_file_open+0x10/0x10 [ 994.931804][T27171] ? alloc_fd+0x476/0x790 [ 994.931824][T27171] ? do_getname+0x191/0x390 [ 994.931848][T27171] do_sys_openat2+0x10d/0x1e0 [ 994.931872][T27171] ? __pfx_do_sys_openat2+0x10/0x10 [ 994.931901][T27171] __x64_sys_openat+0x12d/0x210 [ 994.931924][T27171] ? __pfx___x64_sys_openat+0x10/0x10 [ 994.931945][T27171] ? ksys_write+0x1ac/0x250 [ 994.931964][T27171] ? rcu_is_watching+0x12/0xc0 [ 994.931985][T27171] do_syscall_64+0x10b/0xf80 [ 994.932004][T27171] ? clear_bhb_loop+0x40/0x90 [ 994.932023][T27171] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 994.932039][T27171] RIP: 0033:0x7fe356f9cdd9 [ 994.932053][T27171] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 994.932068][T27171] RSP: 002b:00007fe357e38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 994.932083][T27171] RAX: ffffffffffffffda RBX: 00007fe357215fa0 RCX: 00007fe356f9cdd9 [ 994.932093][T27171] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 994.932103][T27171] RBP: 00007fe357032d69 R08: 0000000000000000 R09: 0000000000000000 [ 994.932113][T27171] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 994.932122][T27171] R13: 00007fe357216038 R14: 00007fe357215fa0 R15: 00007fff5fbe4ac8 [ 994.932142][T27171] [ 995.378588][T27170] can0: slcan on pty238. [ 996.002213][T27168] can0 (unregistered): slcan off pty238. [ 1000.392914][ T30] audit: type=1806 audit(4294967791.970:8): res=-14 [ 1001.657291][T27344] kexec: Could not allocate control_code_buffer [ 1002.382298][T27477] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2726'. [ 1002.475392][T27477] team0: Port device team_slave_1 removed [ 1003.011442][ T5624] Bluetooth: hci3: unexpected subevent 0x05 length: 123 > 12 [ 1003.034763][T27514] [U] ^\ [ 1004.312646][T27508] kexec: Could not allocate control_code_buffer [ 1005.068878][ T5624] Bluetooth: hci3: command 0x0c1a tx timeout [ 1005.089748][T27590] [U] ^\ [ 1005.479526][T27596] FAULT_INJECTION: forcing a failure. [ 1005.479526][T27596] name failslab, interval 1, probability 0, space 0, times 0 [ 1005.546164][T27596] CPU: 0 UID: 0 PID: 27596 Comm: syz.0.2746 Not tainted syzkaller #0 PREEMPT(full) [ 1005.546186][T27596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1005.546196][T27596] Call Trace: [ 1005.546202][T27596] [ 1005.546208][T27596] dump_stack_lvl+0x100/0x190 [ 1005.546230][T27596] should_fail_ex.cold+0x5/0xa [ 1005.546250][T27596] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1005.546268][T27596] should_failslab+0xc2/0x120 [ 1005.546286][T27596] __kmalloc_noprof+0xe0/0x850 [ 1005.546308][T27596] ? kfree+0x1dd/0x6c0 [ 1005.546331][T27596] tomoyo_realpath_from_path+0xb6/0x690 [ 1005.546353][T27596] tomoyo_path_number_perm+0x23c/0x580 [ 1005.546367][T27596] ? tomoyo_path_number_perm+0x22e/0x580 [ 1005.546383][T27596] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1005.546416][T27596] ? find_held_lock+0x2b/0x80 [ 1005.546435][T27596] ? __fget_files+0x215/0x3d0 [ 1005.546451][T27596] ? hook_file_ioctl_common+0x149/0x410 [ 1005.546472][T27596] ? __fget_files+0x215/0x3d0 [ 1005.546491][T27596] ? __fget_files+0x21f/0x3d0 [ 1005.546511][T27596] security_file_ioctl+0xd3/0x230 [ 1005.546526][T27596] __x64_sys_ioctl+0xb7/0x210 [ 1005.546542][T27596] do_syscall_64+0x10b/0xf80 [ 1005.546562][T27596] ? clear_bhb_loop+0x40/0x90 [ 1005.546580][T27596] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1005.546594][T27596] RIP: 0033:0x7fe356f9cdd9 [ 1005.546608][T27596] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1005.546622][T27596] RSP: 002b:00007fe357e38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1005.546636][T27596] RAX: ffffffffffffffda RBX: 00007fe357215fa0 RCX: 00007fe356f9cdd9 [ 1005.546646][T27596] RDX: 0000000000000000 RSI: 00000000c048aeca RDI: 0000000000000004 [ 1005.546655][T27596] RBP: 00007fe357e38090 R08: 0000000000000000 R09: 0000000000000000 [ 1005.546664][T27596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1005.546672][T27596] R13: 00007fe357216038 R14: 00007fe357215fa0 R15: 00007fff5fbe4ac8 [ 1005.546691][T27596] [ 1005.546698][T27596] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1007.340993][T27605] kexec: Could not allocate control_code_buffer [ 1007.621889][ T5624] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 1007.848616][T27681] FAULT_INJECTION: forcing a failure. [ 1007.848616][T27681] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1007.894389][T27681] CPU: 0 UID: 0 PID: 27681 Comm: syz.3.2753 Not tainted syzkaller #0 PREEMPT(full) [ 1007.894415][T27681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1007.894425][T27681] Call Trace: [ 1007.894432][T27681] [ 1007.894439][T27681] dump_stack_lvl+0x100/0x190 [ 1007.894461][T27681] should_fail_ex.cold+0x5/0xa [ 1007.894482][T27681] get_futex_key+0x1d2/0x1510 [ 1007.894500][T27681] ? __pfx_get_futex_key+0x10/0x10 [ 1007.894515][T27681] ? trace_pid_list_is_set+0x11a/0x390 [ 1007.894534][T27681] ? trace_pid_list_is_set+0x22c/0x390 [ 1007.894557][T27681] futex_wait_setup+0x83/0x510 [ 1007.894581][T27681] __futex_wait+0x19f/0x300 [ 1007.894602][T27681] ? __pfx___futex_wait+0x10/0x10 [ 1007.894620][T27681] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1007.894641][T27681] ? __pfx_futex_wake_mark+0x10/0x10 [ 1007.894664][T27681] ? find_held_lock+0x2b/0x80 [ 1007.894683][T27681] ? futex_wake+0x456/0x530 [ 1007.894705][T27681] futex_wait+0xe6/0x370 [ 1007.894725][T27681] ? __pfx_futex_wait+0x10/0x10 [ 1007.894753][T27681] ? __pfx___do_sys_mremap+0x10/0x10 [ 1007.894779][T27681] do_futex+0x1ef/0x350 [ 1007.894796][T27681] ? __pfx_do_futex+0x10/0x10 [ 1007.894817][T27681] __x64_sys_futex+0x34f/0x4d0 [ 1007.894835][T27681] ? __pfx___x64_sys_futex+0x10/0x10 [ 1007.894855][T27681] ? rcu_is_watching+0x12/0xc0 [ 1007.894875][T27681] do_syscall_64+0x10b/0xf80 [ 1007.894894][T27681] ? clear_bhb_loop+0x40/0x90 [ 1007.894912][T27681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1007.894927][T27681] RIP: 0033:0x7f267219cdd9 [ 1007.894941][T27681] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1007.894956][T27681] RSP: 002b:00007f26730250e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1007.894971][T27681] RAX: ffffffffffffffda RBX: 00007f2672415fa8 RCX: 00007f267219cdd9 [ 1007.894981][T27681] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2672415fa8 [ 1007.894990][T27681] RBP: 00007f2672415fa0 R08: 0000000000000000 R09: 0000000000000000 [ 1007.894999][T27681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1007.895009][T27681] R13: 00007f2672416038 R14: 00007fff6a713b30 R15: 00007fff6a713c18 [ 1007.895029][T27681] [ 1008.204762][T27684] [U] ^\ [ 1008.260508][T27688] binder: 27687:27688 ioctl c018620c 200000000300 returned -1 [ 1009.709346][ T5624] Bluetooth: hci4: command 0x0406 tx timeout [ 1009.781354][T27752] sg_write: data in/out 262108/258 bytes for SCSI command 0x61-- guessing data in; [ 1009.781354][T27752] program syz.1.2764 not setting count and/or reply_len properly [ 1009.934132][T27752] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2764'. [ 1012.772364][T27858] FAULT_INJECTION: forcing a failure. [ 1012.772364][T27858] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1012.846366][T27858] CPU: 0 UID: 0 PID: 27858 Comm: syz.0.2772 Not tainted syzkaller #0 PREEMPT(full) [ 1012.846409][T27858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1012.846425][T27858] Call Trace: [ 1012.846431][T27858] [ 1012.846437][T27858] dump_stack_lvl+0x100/0x190 [ 1012.846460][T27858] should_fail_ex.cold+0x5/0xa [ 1012.846480][T27858] get_futex_key+0x1d2/0x1510 [ 1012.846498][T27858] ? __pfx_get_futex_key+0x10/0x10 [ 1012.846520][T27858] futex_wake+0xea/0x530 [ 1012.846541][T27858] ? __do_sys_mremap+0x97f/0x1850 [ 1012.846566][T27858] ? __pfx_futex_wake+0x10/0x10 [ 1012.846591][T27858] ? __pfx___do_sys_mremap+0x10/0x10 [ 1012.846616][T27858] do_futex+0x32b/0x350 [ 1012.846632][T27858] ? __pfx_do_futex+0x10/0x10 [ 1012.846653][T27858] __x64_sys_futex+0x34f/0x4d0 [ 1012.846671][T27858] ? __pfx___x64_sys_futex+0x10/0x10 [ 1012.846691][T27858] ? rcu_is_watching+0x12/0xc0 [ 1012.846712][T27858] do_syscall_64+0x10b/0xf80 [ 1012.846731][T27858] ? clear_bhb_loop+0x40/0x90 [ 1012.846749][T27858] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1012.846765][T27858] RIP: 0033:0x7fe356f9cdd9 [ 1012.846778][T27858] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1012.846793][T27858] RSP: 002b:00007fe357e380e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1012.846809][T27858] RAX: ffffffffffffffda RBX: 00007fe357215fa8 RCX: 00007fe356f9cdd9 [ 1012.846820][T27858] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe357215fac [ 1012.846836][T27858] RBP: 00007fe357215fa0 R08: 0000000000000001 R09: 0000000000000000 [ 1012.846846][T27858] R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000 [ 1012.846856][T27858] R13: 00007fe357216038 R14: 00007fff5fbe49e0 R15: 00007fff5fbe4ac8 [ 1012.846876][T27858] [ 1015.088799][T27942] [U] ^\ [ 1016.681841][T27968] FAULT_INJECTION: forcing a failure. [ 1016.681841][T27968] name failslab, interval 1, probability 0, space 0, times 0 [ 1016.927593][T27968] CPU: 0 UID: 0 PID: 27968 Comm: syz.1.2785 Not tainted syzkaller #0 PREEMPT(full) [ 1016.927617][T27968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1016.927627][T27968] Call Trace: [ 1016.927633][T27968] [ 1016.927640][T27968] dump_stack_lvl+0x100/0x190 [ 1016.927663][T27968] should_fail_ex.cold+0x5/0xa [ 1016.927684][T27968] should_failslab+0xc2/0x120 [ 1016.927703][T27968] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1016.927726][T27968] ? __d_alloc+0x34/0xa40 [ 1016.927750][T27968] __d_alloc+0x34/0xa40 [ 1016.927771][T27968] d_alloc_pseudo+0x1c/0xc0 [ 1016.927786][T27968] alloc_file_pseudo+0xcf/0x230 [ 1016.927809][T27968] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1016.927836][T27968] __shmem_file_setup+0x205/0x460 [ 1016.927858][T27968] ? __pfx___shmem_file_setup+0x10/0x10 [ 1016.927880][T27968] ? vm_area_alloc+0x1f/0x160 [ 1016.927903][T27968] shmem_zero_setup+0x96/0x1b0 [ 1016.927920][T27968] __mmap_region+0x24e9/0x2da0 [ 1016.927947][T27968] ? __pfx___mmap_region+0x10/0x10 [ 1016.927985][T27968] ? do_raw_spin_lock+0x128/0x260 [ 1016.928014][T27968] ? do_raw_spin_lock+0x128/0x260 [ 1016.928031][T27968] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1016.928055][T27968] ? hrtimer_start_range_ns+0x860/0x1a50 [ 1016.928074][T27968] ? find_held_lock+0x2b/0x80 [ 1016.928093][T27968] ? finish_task_switch.isra.0+0x2c6/0x1010 [ 1016.928142][T27968] mmap_region+0x35d/0x620 [ 1016.928157][T27968] ? rcu_is_watching+0x12/0xc0 [ 1016.928174][T27968] ? __pfx_mmap_region+0x10/0x10 [ 1016.928191][T27968] ? cap_mmap_addr+0x4b/0x120 [ 1016.928211][T27968] ? bpf_lsm_mmap_addr+0x9/0x30 [ 1016.928226][T27968] ? security_mmap_addr+0x71/0x1e0 [ 1016.928243][T27968] ? __get_unmapped_area+0x255/0x3e0 [ 1016.928264][T27968] do_mmap+0xc63/0x12f0 [ 1016.928285][T27968] ? __pfx_do_mmap+0x10/0x10 [ 1016.928303][T27968] ? __pfx_down_write_killable+0x10/0x10 [ 1016.928328][T27968] vm_mmap_pgoff+0x29e/0x470 [ 1016.928350][T27968] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1016.928369][T27968] ? do_futex+0x192/0x350 [ 1016.928386][T27968] ? __pfx_do_futex+0x10/0x10 [ 1016.928407][T27968] ksys_mmap_pgoff+0xe4/0x610 [ 1016.928433][T27968] ? __x64_sys_futex+0x358/0x4d0 [ 1016.928450][T27968] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1016.928468][T27968] ? xfd_validate_state+0x129/0x190 [ 1016.928484][T27968] ? ksys_write+0x1ac/0x250 [ 1016.928504][T27968] __x64_sys_mmap+0x125/0x190 [ 1016.928523][T27968] do_syscall_64+0x10b/0xf80 [ 1016.928541][T27968] ? clear_bhb_loop+0x40/0x90 [ 1016.928559][T27968] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1016.928574][T27968] RIP: 0033:0x7f3357d9cdd9 [ 1016.928589][T27968] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1016.928603][T27968] RSP: 002b:00007f3358b9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1016.928619][T27968] RAX: ffffffffffffffda RBX: 00007f3358015fa0 RCX: 00007f3357d9cdd9 [ 1016.928632][T27968] RDX: 0000000000000003 RSI: 0000000000000006 RDI: 0000000000000000 [ 1016.928641][T27968] RBP: 00007f3357e32d69 R08: 0000000000000007 R09: 0000000000008000 [ 1016.928650][T27968] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1016.928659][T27968] R13: 00007f3358016038 R14: 00007f3358015fa0 R15: 00007ffe9f2bbd78 [ 1016.928679][T27968] [ 1017.588190][T28013] net_ratelimit: 104 callbacks suppressed [ 1017.588207][T28013] netlink: zone id is out of range [ 1017.599275][T28013] netlink: zone id is out of range [ 1017.604394][T28013] netlink: zone id is out of range [ 1017.609598][T28013] netlink: zone id is out of range [ 1017.614696][T28013] netlink: zone id is out of range [ 1017.627274][T28013] netlink: zone id is out of range [ 1017.636637][T28013] netlink: zone id is out of range [ 1017.670206][T28013] netlink: zone id is out of range [ 1017.697383][T28013] netlink: zone id is out of range [ 1017.727847][T28013] netlink: zone id is out of range [ 1018.789878][T28066] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2800'. [ 1020.705906][T28199] ubi0: attaching mtd0 [ 1020.743521][T28199] ubi0: scanning is finished [ 1021.066357][T28199] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1021.199931][T28199] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1021.310967][T28199] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1021.425258][T28199] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 1021.455147][T28219] kexec: Could not allocate control_code_buffer [ 1021.499185][T28199] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1021.554863][T28199] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1021.627358][T28199] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 3732225790 [ 1021.693845][T28199] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1021.752423][T28205] ubi0: detaching mtd0 [ 1021.756558][T28238] ubi0: background thread "ubi_bgt0d" started, PID 28238 [ 1021.798552][ T5624] Bluetooth: hci2: unexpected event 0x04 length: 64 > 10 [ 1021.798854][ T5624] Bluetooth: hci2: connection err: -111 [ 1021.817532][T28205] ubi0: mtd0 is detached [ 1023.911035][T28338] [U] ^\ [ 1024.358104][T28348] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2825'. [ 1024.423012][T28348] team0: Port device team_slave_0 removed [ 1024.550865][T28353] can: request_module (can-proto-0) failed. [ 1024.576159][ T5624] Bluetooth: hci4: unexpected event 0x04 length: 64 > 10 [ 1024.576217][ T5624] Bluetooth: hci4: connection err: -111 [ 1025.331250][ T5624] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 1027.301247][ T5624] Bluetooth: hci0: unexpected event 0x04 length: 64 > 10 [ 1027.301385][ T5624] Bluetooth: hci0: connection err: -111 [ 1027.390375][ T5624] Bluetooth: hci4: command 0x0406 tx timeout [ 1027.857695][T28543] sg_write: data in/out 262364/16 bytes for SCSI command 0x61-- guessing data in; [ 1027.857695][T28543] program syz.1.2841 not setting count and/or reply_len properly [ 1028.461705][T28567] FAULT_INJECTION: forcing a failure. [ 1028.461705][T28567] name failslab, interval 1, probability 0, space 0, times 0 [ 1029.039375][T28567] CPU: 0 UID: 0 PID: 28567 Comm: syz.1.2842 Not tainted syzkaller #0 PREEMPT(full) [ 1029.039396][T28567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1029.039405][T28567] Call Trace: [ 1029.039411][T28567] [ 1029.039417][T28567] dump_stack_lvl+0x100/0x190 [ 1029.039437][T28567] should_fail_ex.cold+0x5/0xa [ 1029.039457][T28567] should_failslab+0xc2/0x120 [ 1029.039474][T28567] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1029.039497][T28567] ? do_getname+0x35/0x390 [ 1029.039517][T28567] ? __pfx_map_id_range_down+0x10/0x10 [ 1029.039541][T28567] do_getname+0x35/0x390 [ 1029.039564][T28567] do_faccessat+0x115/0xc10 [ 1029.039583][T28567] ? __pfx_do_faccessat+0x10/0x10 [ 1029.039599][T28567] ? ksys_write+0x1ac/0x250 [ 1029.039615][T28567] ? __pfx_ksys_write+0x10/0x10 [ 1029.039631][T28567] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1029.039655][T28567] __x64_sys_faccessat+0x74/0xb0 [ 1029.039674][T28567] ? lockdep_hardirqs_on+0x78/0x100 [ 1029.039693][T28567] do_syscall_64+0x10b/0xf80 [ 1029.039711][T28567] ? clear_bhb_loop+0x40/0x90 [ 1029.039728][T28567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.039743][T28567] RIP: 0033:0x7f3357d9cdd9 [ 1029.039755][T28567] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1029.039769][T28567] RSP: 002b:00007f3358b9b028 EFLAGS: 00000246 ORIG_RAX: 000000000000010d [ 1029.039784][T28567] RAX: ffffffffffffffda RBX: 00007f3358015fa0 RCX: 00007f3357d9cdd9 [ 1029.039794][T28567] RDX: 0000000000000002 RSI: 0000200000000140 RDI: 0000000000000003 [ 1029.039802][T28567] RBP: 00007f3358b9b090 R08: 0000000000000000 R09: 0000000000000000 [ 1029.039811][T28567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1029.039819][T28567] R13: 00007f3358016038 R14: 00007f3358015fa0 R15: 00007ffe9f2bbd78 [ 1029.039838][T28567] [ 1029.663845][T28595] FAULT_INJECTION: forcing a failure. [ 1029.663845][T28595] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1029.723838][T28595] CPU: 0 UID: 0 PID: 28595 Comm: syz.1.2844 Not tainted syzkaller #0 PREEMPT(full) [ 1029.723861][T28595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1029.723872][T28595] Call Trace: [ 1029.723877][T28595] [ 1029.723884][T28595] dump_stack_lvl+0x100/0x190 [ 1029.723905][T28595] should_fail_ex.cold+0x5/0xa [ 1029.723925][T28595] get_futex_key+0x1d2/0x1510 [ 1029.723943][T28595] ? __pfx_get_futex_key+0x10/0x10 [ 1029.723964][T28595] futex_wake+0xea/0x530 [ 1029.723984][T28595] ? __do_sys_mremap+0x97f/0x1850 [ 1029.724009][T28595] ? __pfx_futex_wake+0x10/0x10 [ 1029.724033][T28595] ? __pfx___do_sys_mremap+0x10/0x10 [ 1029.724058][T28595] do_futex+0x32b/0x350 [ 1029.724075][T28595] ? __pfx_do_futex+0x10/0x10 [ 1029.724095][T28595] __x64_sys_futex+0x34f/0x4d0 [ 1029.724114][T28595] ? __pfx___x64_sys_futex+0x10/0x10 [ 1029.724133][T28595] ? rcu_is_watching+0x12/0xc0 [ 1029.724154][T28595] do_syscall_64+0x10b/0xf80 [ 1029.724173][T28595] ? clear_bhb_loop+0x40/0x90 [ 1029.724192][T28595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1029.724207][T28595] RIP: 0033:0x7f3357d9cdd9 [ 1029.724221][T28595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1029.724236][T28595] RSP: 002b:00007f3358b9b0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1029.724259][T28595] RAX: ffffffffffffffda RBX: 00007f3358015fa8 RCX: 00007f3357d9cdd9 [ 1029.724270][T28595] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f3358015fac [ 1029.724279][T28595] RBP: 00007f3358015fa0 R08: 0000000000000001 R09: 0000000000000000 [ 1029.724288][T28595] R10: 0000000100000000 R11: 0000000000000246 R12: 0000000000000000 [ 1029.724298][T28595] R13: 00007f3358016038 R14: 00007ffe9f2bbc90 R15: 00007ffe9f2bbd78 [ 1029.724318][T28595] [ 1030.614716][ T5624] Bluetooth: hci0: unexpected subevent 0x18 length: 123 > 19 [ 1030.622250][ T5624] Bluetooth: hci0: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 1033.023335][ T5624] Bluetooth: hci3: unexpected subevent 0x18 length: 123 > 19 [ 1033.030825][ T5624] Bluetooth: hci3: Unable to find connection for dst f9:56:cc:cc:70:a9 sid 0x00 [ 1034.832277][T28687] futex_wake_op: syz.1.2850 tries to shift op by -2048; fix this program [ 1034.909961][T28687] futex_wake_op: syz.1.2850 tries to shift op by -2048; fix this program [ 1035.014797][T28698] 0x000000000001-0x000000020000 : "" [ 1035.091333][T28672] futex_wake_op: syz.2.2848 tries to shift op by -2048; fix this program [ 1035.306704][T28698] ftl_cs: FTL header corrupt! [ 1035.486199][T28672] futex_wake_op: syz.2.2848 tries to shift op by -2048; fix this program [ 1038.213344][ T5624] Bluetooth: hci0: unexpected event 0x04 length: 64 > 10 [ 1038.213378][ T5624] Bluetooth: hci0: connection err: -111 [ 1038.757633][T28820] net_ratelimit: 47 callbacks suppressed [ 1038.757649][T28820] openvswitch: netlink: Duplicate or invalid key (type 0). [ 1039.818253][T28847] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2867'. [ 1040.247779][T28920] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2871'. [ 1040.441009][T28938] FAULT_INJECTION: forcing a failure. [ 1040.441009][T28938] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1040.486604][T28938] CPU: 0 UID: 0 PID: 28938 Comm: syz.0.2873 Not tainted syzkaller #0 PREEMPT(full) [ 1040.486626][T28938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1040.486636][T28938] Call Trace: [ 1040.486641][T28938] [ 1040.486647][T28938] dump_stack_lvl+0x100/0x190 [ 1040.486669][T28938] should_fail_ex.cold+0x5/0xa [ 1040.486689][T28938] _copy_to_user+0x32/0xd0 [ 1040.486715][T28938] simple_read_from_buffer+0xcb/0x170 [ 1040.486734][T28938] proc_fail_nth_read+0x1af/0x230 [ 1040.486759][T28938] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1040.486783][T28938] ? rw_verify_area+0xce/0x6d0 [ 1040.486797][T28938] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1040.486820][T28938] vfs_read+0x1e4/0xb30 [ 1040.486838][T28938] ? __pfx_vfs_read+0x10/0x10 [ 1040.486853][T28938] ? __fget_files+0x215/0x3d0 [ 1040.486874][T28938] ? __fget_files+0x21f/0x3d0 [ 1040.486896][T28938] ksys_read+0x12a/0x250 [ 1040.486911][T28938] ? __pfx_ksys_read+0x10/0x10 [ 1040.486929][T28938] ? rcu_is_watching+0x12/0xc0 [ 1040.486949][T28938] do_syscall_64+0x10b/0xf80 [ 1040.486968][T28938] ? clear_bhb_loop+0x40/0x90 [ 1040.486986][T28938] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1040.487001][T28938] RIP: 0033:0x7fe356f5d60e [ 1040.487014][T28938] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1040.487029][T28938] RSP: 002b:00007fe357e37fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1040.487043][T28938] RAX: ffffffffffffffda RBX: 00007fe357e386c0 RCX: 00007fe356f5d60e [ 1040.487053][T28938] RDX: 000000000000000f RSI: 00007fe357e380a0 RDI: 0000000000000004 [ 1040.487061][T28938] RBP: 00007fe357e38090 R08: 0000000000000000 R09: 0000000000000000 [ 1040.487070][T28938] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1040.487078][T28938] R13: 00007fe357216038 R14: 00007fe357215fa0 R15: 00007fff5fbe4ac8 [ 1040.487098][T28938] [ 1041.346586][ T5624] Bluetooth: hci4: unexpected event 0x04 length: 64 > 10 [ 1041.346619][ T5624] Bluetooth: hci4: connection err: -111 [ 1041.820636][T28973] futex_wake_op: syz.3.2878 tries to shift op by -2048; fix this program [ 1042.504996][T28967] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2879'. [ 1043.691623][T29086] nfs: Unknown parameter 'nl802154' [ 1044.414568][T29096] FAULT_INJECTION: forcing a failure. [ 1044.414568][T29096] name failslab, interval 1, probability 0, space 0, times 0 [ 1044.533013][T29096] CPU: 0 UID: 0 PID: 29096 Comm: syz.1.2894 Tainted: G L syzkaller #0 PREEMPT(full) [ 1044.533038][T29096] Tainted: [L]=SOFTLOCKUP [ 1044.533044][T29096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1044.533053][T29096] Call Trace: [ 1044.533059][T29096] [ 1044.533065][T29096] dump_stack_lvl+0x100/0x190 [ 1044.533085][T29096] should_fail_ex.cold+0x5/0xa [ 1044.533105][T29096] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 1044.533126][T29096] should_failslab+0xc2/0x120 [ 1044.533143][T29096] __kmalloc_noprof+0xe0/0x850 [ 1044.533170][T29096] kernfs_fop_write_iter+0x26a/0x5f0 [ 1044.533196][T29096] vfs_write+0x6ac/0x1070 [ 1044.533214][T29096] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1044.533237][T29096] ? __pfx_vfs_write+0x10/0x10 [ 1044.533265][T29096] ksys_write+0x12a/0x250 [ 1044.533282][T29096] ? __pfx_ksys_write+0x10/0x10 [ 1044.533298][T29096] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1044.533321][T29096] ? syscall_user_dispatch+0x76/0x130 [ 1044.533341][T29096] do_syscall_64+0x10b/0xf80 [ 1044.533360][T29096] ? clear_bhb_loop+0x40/0x90 [ 1044.533379][T29096] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1044.533394][T29096] RIP: 0033:0x7f3357d9cdd9 [ 1044.533407][T29096] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1044.533421][T29096] RSP: 002b:00007f3358b9b028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1044.533436][T29096] RAX: ffffffffffffffda RBX: 00007f3358015fa0 RCX: 00007f3357d9cdd9 [ 1044.533446][T29096] RDX: 000000000000fdec RSI: 0000000000000000 RDI: 0000000000000003 [ 1044.533454][T29096] RBP: 00007f3358b9b090 R08: 0000000000000000 R09: 0000000000000000 [ 1044.533463][T29096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1044.533471][T29096] R13: 00007f3358016038 R14: 00007f3358015fa0 R15: 00007ffe9f2bbd78 [ 1044.533490][T29096] [ 1046.477070][T29157] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2904'. [ 1047.421689][T29152] kexec: Could not allocate control_code_buffer [ 1049.479618][T29317] [U] ^\ [ 1050.076968][ T5624] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 1050.170378][T29323] [U] ^\ [ 1051.210238][T29324] kexec: Could not allocate control_code_buffer [ 1051.846352][T29377] netlink: 326 bytes leftover after parsing attributes in process `syz.0.2926'. [ 1052.110434][ T5624] Bluetooth: hci4: command 0x0406 tx timeout [ 1054.434151][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.444213][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.063188][T29464] kexec: Could not allocate control_code_buffer [ 1055.237097][T29477] FAULT_INJECTION: forcing a failure. [ 1055.237097][T29477] name failslab, interval 1, probability 0, space 0, times 0 [ 1055.429518][T29477] CPU: 0 UID: 0 PID: 29477 Comm: syz.0.2939 Tainted: G L syzkaller #0 PREEMPT(full) [ 1055.429544][T29477] Tainted: [L]=SOFTLOCKUP [ 1055.429550][T29477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1055.429559][T29477] Call Trace: [ 1055.429564][T29477] [ 1055.429570][T29477] dump_stack_lvl+0x100/0x190 [ 1055.429591][T29477] should_fail_ex.cold+0x5/0xa [ 1055.429611][T29477] should_failslab+0xc2/0x120 [ 1055.429628][T29477] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1055.429651][T29477] ? __pmd_alloc+0xbf/0x950 [ 1055.429673][T29477] __pmd_alloc+0xbf/0x950 [ 1055.429693][T29477] __handle_mm_fault+0xa9c/0x2a00 [ 1055.429718][T29477] ? mt_find+0x45e/0x8e0 [ 1055.429740][T29477] ? __pfx___handle_mm_fault+0x10/0x10 [ 1055.429760][T29477] ? __pfx_mt_find+0x10/0x10 [ 1055.429789][T29477] ? find_vma+0xbf/0x140 [ 1055.429804][T29477] ? __pfx_find_vma+0x10/0x10 [ 1055.429822][T29477] handle_mm_fault+0x36d/0xa20 [ 1055.429853][T29477] do_user_addr_fault+0x74c/0x12f0 [ 1055.429875][T29477] ? trace_page_fault_kernel+0x7a/0x200 [ 1055.429894][T29477] exc_page_fault+0x6f/0xd0 [ 1055.429913][T29477] asm_exc_page_fault+0x26/0x30 [ 1055.429928][T29477] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 1055.429952][T29477] Code: 9b 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 1055.429966][T29477] RSP: 0018:ffffc90004467e68 EFLAGS: 00050206 [ 1055.429978][T29477] RAX: 0000000000000001 RBX: 0000000000001000 RCX: 0000000000001000 [ 1055.429987][T29477] RDX: 0000000000000001 RSI: ffff888050106000 RDI: 0000000000000000 [ 1055.429995][T29477] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffed100a020dff [ 1055.430004][T29477] R10: ffff888050106fff R11: 0000000000000000 R12: ffff888050106000 [ 1055.430013][T29477] R13: 0000000000001000 R14: 00007ffffffff000 R15: 0000000000000000 [ 1055.430035][T29477] _copy_to_user+0xa4/0xd0 [ 1055.430061][T29477] __do_sys_mincore+0x294/0x610 [ 1055.430094][T29477] do_syscall_64+0x10b/0xf80 [ 1055.430112][T29477] ? clear_bhb_loop+0x40/0x90 [ 1055.430130][T29477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.430144][T29477] RIP: 0033:0x7fe356f9cdd9 [ 1055.430157][T29477] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1055.430170][T29477] RSP: 002b:00007fe357e38028 EFLAGS: 00000246 ORIG_RAX: 000000000000001b [ 1055.430182][T29477] RAX: ffffffffffffffda RBX: 00007fe357215fa0 RCX: 00007fe356f9cdd9 [ 1055.430191][T29477] RDX: 0000000000000000 RSI: 0000000004000000 RDI: 0000000000001000 [ 1055.430199][T29477] RBP: 00007fe357e38090 R08: 0000000000000000 R09: 0000000000000000 [ 1055.430208][T29477] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1055.430216][T29477] R13: 00007fe357216038 R14: 00007fe357215fa0 R15: 00007fff5fbe4ac8 [ 1055.430235][T29477] [ 1058.105839][T29590] FAULT_INJECTION: forcing a failure. [ 1058.105839][T29590] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1058.344025][T29590] CPU: 0 UID: 0 PID: 29590 Comm: syz.0.2948 Tainted: G L syzkaller #0 PREEMPT(full) [ 1058.344053][T29590] Tainted: [L]=SOFTLOCKUP [ 1058.344059][T29590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1058.344069][T29590] Call Trace: [ 1058.344075][T29590] [ 1058.344082][T29590] dump_stack_lvl+0x100/0x190 [ 1058.344104][T29590] should_fail_ex.cold+0x5/0xa [ 1058.344126][T29590] _copy_from_iter+0x1f4/0x1690 [ 1058.344144][T29590] ? __asan_memset+0x23/0x50 [ 1058.344170][T29590] ? __pfx__copy_from_iter+0x10/0x10 [ 1058.344184][T29590] ? __pfx___alloc_skb+0x10/0x10 [ 1058.344207][T29590] netlink_sendmsg+0x808/0xda0 [ 1058.344231][T29590] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1058.344254][T29590] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1058.344279][T29590] __sys_sendto+0x468/0x4b0 [ 1058.344301][T29590] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1058.344321][T29590] ? __pfx___sys_sendto+0x10/0x10 [ 1058.344349][T29590] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 1058.344367][T29590] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 1058.344396][T29590] __x64_sys_sendto+0xe0/0x1c0 [ 1058.344410][T29590] ? do_syscall_64+0x90/0xf80 [ 1058.344429][T29590] ? lockdep_hardirqs_on+0x78/0x100 [ 1058.344447][T29590] do_syscall_64+0x10b/0xf80 [ 1058.344465][T29590] ? clear_bhb_loop+0x40/0x90 [ 1058.344484][T29590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1058.344499][T29590] RIP: 0033:0x7fe356f5d60e [ 1058.344513][T29590] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1058.344528][T29590] RSP: 002b:00007fe357e15e88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 1058.344544][T29590] RAX: ffffffffffffffda RBX: 00007fe357e176c0 RCX: 00007fe356f5d60e [ 1058.344554][T29590] RDX: 0000000000000020 RSI: 00007fe357e16000 RDI: 0000000000000009 [ 1058.344563][T29590] RBP: 0000000000000000 R08: 00007fe357e15f04 R09: 000000000000000c [ 1058.344572][T29590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000009 [ 1058.344581][T29590] R13: 00007fe357e15f58 R14: 00007fe357e16000 R15: 0000000000000000 [ 1058.344607][T29590] [ 1059.598258][T29638] netlink: zone id is out of range [ 1059.614613][T29638] netlink: zone id is out of range [ 1059.633407][T29638] netlink: zone id is out of range [ 1059.659735][T29638] netlink: zone id is out of range [ 1059.687711][T29638] netlink: zone id is out of range [ 1059.721751][T29638] netlink: zone id is out of range [ 1059.758844][T29638] netlink: zone id is out of range [ 1059.791609][T29638] netlink: zone id is out of range [ 1059.830170][T29638] netlink: zone id is out of range [ 1059.860223][T29638] netlink: zone id is out of range [ 1061.383395][T29678] kexec: Could not allocate control_code_buffer [ 1062.157455][T29708] binder: 29707:29708 ioctl c00c620f 0 returned -22 [ 1062.348353][T29730] lo: entered allmulticast mode [ 1062.364218][T29730] lo: left allmulticast mode [ 1064.217136][T29805] vivid-003: ================= START STATUS ================= [ 1064.288945][T29805] vivid-003: Radio HW Seek Mode: Bounded [ 1064.416964][T29805] vivid-003: Radio Programmable HW Seek: false [ 1064.425145][T29791] kexec: Could not allocate control_code_buffer [ 1064.474904][T29805] vivid-003: RDS Rx I/O Mode: Block I/O [ 1064.530860][T29805] vivid-003: Generate RBDS Instead of RDS: false [ 1064.592155][T29805] vivid-003: RDS Reception: true [ 1064.630847][T29811] block nbd0: Unsupported socket: should be TCP or UNIX. [ 1064.639342][T29805] vivid-003: RDS Program Type: 0 inactive [ 1064.704212][T29805] vivid-003: RDS PS Name: inactive [ 1064.756063][T29805] vivid-003: RDS Radio Text: inactive [ 1064.804290][T29805] vivid-003: RDS Traffic Announcement: false inactive [ 1064.853338][ T5624] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1064.874086][T29805] vivid-003: RDS Traffic Program: false inactive [ 1064.932559][T29805] vivid-003: RDS Music: false inactive [ 1064.980391][T29805] vivid-003: ================== END STATUS ================== [ 1066.908697][ T5624] Bluetooth: hci2: command 0x0c1a tx timeout [ 1068.754756][T29865] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2986'. [ 1069.210952][ T5624] Bluetooth: hci2: Received unexpected HCI Event 0x00 [ 1071.765897][T29951] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1072.726381][T29951] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1073.170412][T29951] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1073.482512][T29951] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1073.635431][T30056] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3001'. [ 1073.773296][T29951] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1074.285564][T30084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3004'. [ 1074.431076][T30091] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3005'. [ 1076.097843][ T5624] Bluetooth: hci0: unexpected subevent 0x05 length: 123 > 12 [ 1078.111011][ T5624] Bluetooth: hci0: command 0x0c1a tx timeout [ 1079.310721][ T5624] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 1079.723818][T30270] kexec: Could not allocate control_code_buffer [ 1080.371393][ T5624] Bluetooth: hci0: unexpected subevent 0x05 length: 123 > 12 [ 1080.711592][T30339] binder: 30338:30339 ioctl c00c620f 0 returned -22 [ 1081.389005][ T5624] Bluetooth: hci4: command 0x0406 tx timeout [ 1082.428782][ T5624] Bluetooth: hci0: command 0x0c1a tx timeout [ 1083.786288][T30381] kexec: Could not allocate control_code_buffer [ 1084.384519][ T5624] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 1086.428687][ T5624] Bluetooth: hci4: command 0x0406 tx timeout [ 1087.368011][T30554] cifs: Unknown parameter '‰ƒ´ÕéŒ)¬ Up†µÌ¢{´¼V ]7ž62']ßΨÉú!²gÉÊ®Ë7ú9½ófM¸<*y¢sEéhîé”' [ 1087.542692][T30564] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3042'. [ 1087.627019][T30564] ipvlan0: entered promiscuous mode [ 1087.651651][T30564] ipvlan0: entered allmulticast mode [ 1087.669468][T30564] veth0_vlan: entered allmulticast mode [ 1087.859837][ T5624] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 1088.444348][T30562] kexec: Could not allocate control_code_buffer [ 1089.545624][T30601] binder: 30600:30601 ioctl c00c620f 0 returned -22 [ 1089.869297][ T5624] Bluetooth: hci4: command 0x0406 tx timeout [ 1089.915980][T30648] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3056'. [ 1091.003731][ T5624] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1092.340128][T30766] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3066'. [ 1093.068664][ T5624] Bluetooth: hci2: command 0x0c1a tx timeout [ 1094.411909][ T5624] Bluetooth: hci2: unexpected event 0x04 length: 64 > 10 [ 1094.411944][ T5624] Bluetooth: hci2: connection err: -111 [ 1095.347507][ T5624] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1097.388770][ T5624] Bluetooth: hci2: command 0x0c1a tx timeout [ 1099.632364][T30864] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3081'. [ 1099.953927][T30894] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3084'. [ 1099.972236][T30896] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3085'. [ 1102.866510][T30912] kexec: Could not allocate control_code_buffer [ 1102.891015][T26168] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1102.905767][T26168] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1102.914393][T26168] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1102.922137][T26168] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1102.935241][T26168] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1103.119643][T30950] futex_wake_op: syz.1.3093 tries to shift op by -2048; fix this program [ 1103.157516][T30950] futex_wake_op: syz.1.3093 tries to shift op by -2048; fix this program [ 1103.209409][T30977] 0x000000000001-0x000000020000 : "" [ 1103.284014][T30984] binder: 30981:30984 ioctl c00c620f 0 returned -22 [ 1103.305772][T30977] ftl_cs: FTL header corrupt! [ 1104.954281][T31065] block2mtd: illegal erase size [ 1104.988894][T26168] Bluetooth: hci1: command tx timeout [ 1107.068675][T26168] Bluetooth: hci1: command tx timeout [ 1107.935245][T30962] bridge0: port 1(bridge_slave_0) entered blocking state [ 1107.966652][T31234] binder: 31208:31234 ioctl c00c620f 0 returned -22 [ 1107.974026][T30962] bridge0: port 1(bridge_slave_0) entered disabled state [ 1107.996205][T30962] bridge_slave_0: entered allmulticast mode [ 1108.024778][T30962] bridge_slave_0: entered promiscuous mode [ 1108.072623][T30962] bridge0: port 2(bridge_slave_1) entered blocking state [ 1108.120547][T30962] bridge0: port 2(bridge_slave_1) entered disabled state [ 1108.154686][T30962] bridge_slave_1: entered allmulticast mode [ 1108.181453][T30962] bridge_slave_1: entered promiscuous mode [ 1108.663591][T30962] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1108.678434][T31264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3106'. [ 1109.148699][T26168] Bluetooth: hci1: command tx timeout [ 1109.157381][T30962] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1110.162298][T30962] team0: Port device team_slave_0 added [ 1110.185977][T30962] team0: Port device team_slave_1 added [ 1110.367881][T30962] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1110.391864][T30962] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1110.476386][T30962] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1110.521572][T30962] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1110.549120][T30962] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1110.631688][T30962] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1110.816264][T30962] hsr_slave_0: entered promiscuous mode [ 1110.848424][T30962] hsr_slave_1: entered promiscuous mode [ 1110.875514][T30962] debugfs: 'hsr0' already exists in 'hsr' [ 1110.902547][T30962] Cannot create hsr debugfs directory [ 1111.228727][T26168] Bluetooth: hci1: command tx timeout [ 1111.242065][T26168] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1111.785663][T30962] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1111.829030][T30962] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1111.864290][T30962] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1111.916609][T30962] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1111.950914][T30962] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1111.987392][T30962] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1112.013732][T30962] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1112.065198][T30962] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1112.087390][T31439] Process accounting resumed [ 1112.610853][T30962] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1112.721548][T30962] 8021q: adding VLAN 0 to HW filter on device team0 [ 1112.786752][ T1176] bridge0: port 1(bridge_slave_0) entered blocking state [ 1112.793881][ T1176] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1112.897504][ T1176] bridge0: port 2(bridge_slave_1) entered blocking state [ 1112.904664][ T1176] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1113.308941][T26168] Bluetooth: hci2: command 0x0c1a tx timeout [ 1113.320089][T31524] FAULT_INJECTION: forcing a failure. [ 1113.320089][T31524] name failslab, interval 1, probability 0, space 0, times 0 [ 1113.402601][T31524] CPU: 0 UID: 0 PID: 31524 Comm: syz.1.3127 Tainted: G L syzkaller #0 PREEMPT(full) [ 1113.402627][T31524] Tainted: [L]=SOFTLOCKUP [ 1113.402633][T31524] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1113.402641][T31524] Call Trace: [ 1113.402646][T31524] [ 1113.402653][T31524] dump_stack_lvl+0x100/0x190 [ 1113.402674][T31524] should_fail_ex.cold+0x5/0xa [ 1113.402693][T31524] should_failslab+0xc2/0x120 [ 1113.402711][T31524] __kvmalloc_node_noprof+0xfa/0xa00 [ 1113.402725][T31524] ? seq_read_iter+0x819/0x1270 [ 1113.402746][T31524] seq_read_iter+0x819/0x1270 [ 1113.402763][T31524] ? aa_file_perm+0x7f3/0x14d0 [ 1113.402787][T31524] seq_read+0x33b/0x4c0 [ 1113.402802][T31524] ? __pfx_seq_read+0x10/0x10 [ 1113.402822][T31524] ? lock_acquire+0x1b1/0x370 [ 1113.402842][T31524] ? __pfx_seq_read+0x10/0x10 [ 1113.402858][T31524] proc_reg_read+0x240/0x330 [ 1113.402876][T31524] ? __pfx_proc_reg_read+0x10/0x10 [ 1113.402894][T31524] vfs_read+0x1e4/0xb30 [ 1113.402913][T31524] ? __pfx_vfs_read+0x10/0x10 [ 1113.402928][T31524] ? __fget_files+0x215/0x3d0 [ 1113.402949][T31524] ? __fget_files+0x21f/0x3d0 [ 1113.402971][T31524] ksys_read+0x12a/0x250 [ 1113.402987][T31524] ? __pfx_ksys_read+0x10/0x10 [ 1113.403004][T31524] ? rcu_is_watching+0x12/0xc0 [ 1113.403025][T31524] do_syscall_64+0x10b/0xf80 [ 1113.403043][T31524] ? clear_bhb_loop+0x40/0x90 [ 1113.403062][T31524] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1113.403077][T31524] RIP: 0033:0x7f3357d9cdd9 [ 1113.403089][T31524] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1113.403103][T31524] RSP: 002b:00007f3358b7a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1113.403117][T31524] RAX: ffffffffffffffda RBX: 00007f3358016090 RCX: 00007f3357d9cdd9 [ 1113.403127][T31524] RDX: 0000000000000093 RSI: 00002000000000c0 RDI: 0000000000000005 [ 1113.403136][T31524] RBP: 00007f3358b7a090 R08: 0000000000000000 R09: 0000000000000000 [ 1113.403144][T31524] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1113.403153][T31524] R13: 00007f3358016128 R14: 00007f3358016090 R15: 00007ffe9f2bbd78 [ 1113.403172][T31524] [ 1115.214442][T30962] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1115.581491][T31635] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3137'. [ 1115.873126][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 1115.879569][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.514682][T30962] veth0_vlan: entered promiscuous mode [ 1117.705404][T30962] veth1_vlan: entered promiscuous mode [ 1117.827808][T31737] binder: 31736:31737 ioctl c00c620f 0 returned -22 [ 1118.034789][T30962] veth0_macvtap: entered promiscuous mode [ 1118.092124][T30962] veth1_macvtap: entered promiscuous mode [ 1118.282896][T30962] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1118.347879][T30962] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1118.577032][T12278] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.744279][T12278] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.794492][ T136] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1118.984084][ T136] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1119.252706][ T147] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1119.301656][ T147] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1119.620291][T12278] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1119.678701][T12278] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1120.236847][T31853] FAULT_INJECTION: forcing a failure. [ 1120.236847][T31853] name failslab, interval 1, probability 0, space 0, times 0 [ 1120.310341][T31853] CPU: 0 UID: 0 PID: 31853 Comm: syz.0.3151 Tainted: G L syzkaller #0 PREEMPT(full) [ 1120.310367][T31853] Tainted: [L]=SOFTLOCKUP [ 1120.310373][T31853] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1120.310382][T31853] Call Trace: [ 1120.310388][T31853] [ 1120.310394][T31853] dump_stack_lvl+0x100/0x190 [ 1120.310415][T31853] should_fail_ex.cold+0x5/0xa [ 1120.310435][T31853] should_failslab+0xc2/0x120 [ 1120.310453][T31853] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1120.310476][T31853] ? copy_net_ns+0xe8/0x7c0 [ 1120.310498][T31853] copy_net_ns+0xe8/0x7c0 [ 1120.310517][T31853] ? copy_cgroup_ns+0x71/0x970 [ 1120.310532][T31853] create_new_namespaces+0x3ea/0xac0 [ 1120.310556][T31853] unshare_nsproxy_namespaces+0xf2/0x220 [ 1120.310577][T31853] ksys_unshare+0x438/0xab0 [ 1120.310600][T31853] ? __pfx_ksys_unshare+0x10/0x10 [ 1120.310621][T31853] ? ksys_write+0x1ac/0x250 [ 1120.310643][T31853] __x64_sys_unshare+0x31/0x40 [ 1120.310664][T31853] do_syscall_64+0x10b/0xf80 [ 1120.310683][T31853] ? clear_bhb_loop+0x40/0x90 [ 1120.310701][T31853] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1120.310716][T31853] RIP: 0033:0x7fe356f9cdd9 [ 1120.310728][T31853] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1120.310742][T31853] RSP: 002b:00007fe357e38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1120.310757][T31853] RAX: ffffffffffffffda RBX: 00007fe357215fa0 RCX: 00007fe356f9cdd9 [ 1120.310767][T31853] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1120.310775][T31853] RBP: 00007fe357e38090 R08: 0000000000000000 R09: 0000000000000000 [ 1120.310784][T31853] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1120.310793][T31853] R13: 00007fe357216038 R14: 00007fe357215fa0 R15: 00007fff5fbe4ac8 [ 1120.310811][T31853] [ 1120.604168][T31858] futex_wake_op: syz.0.3151 tries to shift op by -2048; fix this program [ 1120.612862][T31858] futex_wake_op: syz.0.3151 tries to shift op by -2048; fix this program [ 1120.621642][T31858] 0x000000000001-0x000000020000 : "" [ 1120.692752][T31858] ftl_cs: FTL header corrupt! [ 1122.609615][T26168] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 1123.492611][T26168] Bluetooth: hci4: unexpected subevent 0x05 length: 123 > 12 [ 1123.610056][T31900] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1124.668804][T26168] Bluetooth: hci4: command 0x0406 tx timeout [ 1126.751169][T26168] Bluetooth: hci4: command 0x0406 tx timeout [ 1132.192044][T26168] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1132.498555][T32124] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3185'. [ 1133.837276][T32120] kexec: Could not allocate control_code_buffer [ 1134.268748][T26168] Bluetooth: hci2: command 0x0c1a tx timeout [ 1134.402508][T32226] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3189'. [ 1135.407774][T32243] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1137.529780][T26168] Bluetooth: hci1: unexpected subevent 0x05 length: 123 > 12 [ 1138.147004][T26168] Bluetooth: hci0: unexpected subevent 0x05 length: 123 > 12 [ 1139.053031][T32280] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1139.053292][T32280] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1139.060436][T32280] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1139.060573][T32280] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1139.060667][T32280] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1139.060707][T32280] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1139.108924][T32280] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1140.099226][T32443] FAULT_INJECTION: forcing a failure. [ 1140.099226][T32443] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1140.154243][T32443] CPU: 0 UID: 0 PID: 32443 Comm: syz.1.3213 Tainted: G L syzkaller #0 PREEMPT(full) [ 1140.154267][T32443] Tainted: [L]=SOFTLOCKUP [ 1140.154273][T32443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1140.154282][T32443] Call Trace: [ 1140.154288][T32443] [ 1140.154294][T32443] dump_stack_lvl+0x100/0x190 [ 1140.154315][T32443] should_fail_ex.cold+0x5/0xa [ 1140.154335][T32443] _copy_to_user+0x32/0xd0 [ 1140.154360][T32443] simple_read_from_buffer+0xcb/0x170 [ 1140.154379][T32443] proc_fail_nth_read+0x1af/0x230 [ 1140.154404][T32443] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1140.154428][T32443] ? rw_verify_area+0xce/0x6d0 [ 1140.154442][T32443] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1140.154465][T32443] vfs_read+0x1e4/0xb30 [ 1140.154481][T32443] ? preempt_schedule_thunk+0x16/0x30 [ 1140.154505][T32443] ? __pfx_vfs_read+0x10/0x10 [ 1140.154520][T32443] ? preempt_schedule_thunk+0x16/0x30 [ 1140.154546][T32443] ? _raw_spin_unlock_irqrestore+0x61/0x80 [ 1140.154567][T32443] ? __wake_up+0x3f/0x60 [ 1140.154589][T32443] ? do_signalfd4+0xff/0x480 [ 1140.154612][T32443] ksys_read+0x12a/0x250 [ 1140.154628][T32443] ? __pfx_ksys_read+0x10/0x10 [ 1140.154645][T32443] ? rcu_is_watching+0x12/0xc0 [ 1140.154665][T32443] do_syscall_64+0x10b/0xf80 [ 1140.154683][T32443] ? clear_bhb_loop+0x40/0x90 [ 1140.154701][T32443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1140.154716][T32443] RIP: 0033:0x7f3357d5d60e [ 1140.154729][T32443] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1140.154743][T32443] RSP: 002b:00007f3355ff5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1140.154757][T32443] RAX: ffffffffffffffda RBX: 00007f3355ff66c0 RCX: 00007f3357d5d60e [ 1140.154767][T32443] RDX: 000000000000000f RSI: 00007f3355ff60a0 RDI: 0000000000000005 [ 1140.154776][T32443] RBP: 00007f3355ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1140.154785][T32443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1140.154793][T32443] R13: 00007f3358016218 R14: 00007f3358016180 R15: 00007ffe9f2bbd78 [ 1140.154812][T32443] [ 1140.693198][T26168] Bluetooth: hci3: command 0x0c1a tx timeout [ 1141.069763][T26168] Bluetooth: hci2: command 0x0c1a tx timeout [ 1141.075857][ T5624] Bluetooth: hci1: command 0x0c1a tx timeout [ 1141.082332][T26168] Bluetooth: hci4: command 0x0406 tx timeout [ 1141.088451][ T5624] Bluetooth: hci0: command 0x0c1a tx timeout [ 1142.292871][T32433] Process accounting paused [ 1143.150058][T32514] Bluetooth: hci1: command 0x0c1a tx timeout [ 1144.377293][T32514] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1145.229363][T32514] Bluetooth: hci1: command 0x0c1a tx timeout [ 1145.826916][T32514] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1146.428866][T32514] Bluetooth: hci2: command 0x0c1a tx timeout [ 1148.509095][T32514] Bluetooth: hci2: command 0x0c1a tx timeout [ 1154.770509][ T366] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3248'. [ 1158.498727][T32514] Bluetooth: hci2: unexpected subevent 0x05 length: 123 > 12 [ 1158.547248][T32514] Bluetooth: hci0: unexpected subevent 0x05 length: 123 > 12 [ 1160.509042][T32514] Bluetooth: hci2: command 0x0c1a tx timeout [ 1160.588866][T32514] Bluetooth: hci0: command 0x0c1a tx timeout [ 1161.047986][ T535] ================================================================== [ 1161.048011][ T535] BUG: KASAN: vmalloc-out-of-bounds in sys_fillrect+0x174a/0x1910 [ 1161.048042][ T535] Write of size 8 at addr ffffc90004909000 by task syz.0.3267/535 [ 1161.048055][ T535] [ 1161.048066][ T535] CPU: 0 UID: 0 PID: 535 Comm: syz.0.3267 Tainted: G L syzkaller #0 PREEMPT(full) [ 1161.048089][ T535] Tainted: [L]=SOFTLOCKUP [ 1161.048095][ T535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1161.048105][ T535] Call Trace: [ 1161.048111][ T535] [ 1161.048118][ T535] dump_stack_lvl+0x100/0x190 [ 1161.048135][ T535] print_report+0x13d/0x4b0 [ 1161.048156][ T535] ? _raw_spin_lock_irqsave+0x52/0x60 [ 1161.048176][ T535] ? sys_fillrect+0x174a/0x1910 [ 1161.048195][ T535] kasan_report+0xdf/0x1d0 [ 1161.048214][ T535] ? sys_fillrect+0x174a/0x1910 [ 1161.048239][ T535] sys_fillrect+0x174a/0x1910 [ 1161.048265][ T535] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 1161.048285][ T535] bit_clear+0x17d/0x220 [ 1161.048303][ T535] ? __pfx_bit_clear+0x10/0x10 [ 1161.048320][ T535] ? fb_get_color_depth+0x120/0x250 [ 1161.048336][ T535] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1161.048359][ T535] __fbcon_clear+0x633/0x760 [ 1161.048375][ T535] ? __pfx_bit_clear+0x10/0x10 [ 1161.048393][ T535] fbcon_scroll+0x314/0x650 [ 1161.048409][ T535] con_scroll+0x464/0x690 [ 1161.048430][ T535] csi_ECMA.constprop.0+0xc57/0x3b60 [ 1161.048453][ T535] ? find_held_lock+0x2b/0x80 [ 1161.048472][ T535] ? __pfx_csi_ECMA.constprop.0+0x10/0x10 [ 1161.048496][ T535] do_con_write+0x3946/0x4a10 [ 1161.048517][ T535] ? trace_contention_end+0x122/0x170 [ 1161.048537][ T535] ? __pfx_do_con_write+0x10/0x10 [ 1161.048562][ T535] con_write+0x23/0xb0 [ 1161.048584][ T535] n_tty_write+0x431/0x11c0 [ 1161.048603][ T535] ? __pfx_n_tty_write+0x10/0x10 [ 1161.048617][ T535] ? trace_kmalloc+0xe3/0x110 [ 1161.048634][ T535] ? __pfx_woken_wake_function+0x10/0x10 [ 1161.048652][ T535] ? rcu_is_watching+0x12/0xc0 [ 1161.048669][ T535] ? file_tty_write.isra.0+0x694/0x890 [ 1161.048690][ T535] ? kfree+0x1dd/0x6c0 [ 1161.048710][ T535] ? __pfx_n_tty_write+0x10/0x10 [ 1161.048726][ T535] file_tty_write.isra.0+0x4d2/0x890 [ 1161.048749][ T535] redirected_tty_write+0xd4/0x120 [ 1161.048769][ T535] vfs_write+0x6ac/0x1070 [ 1161.048787][ T535] ? __pfx_redirected_tty_write+0x10/0x10 [ 1161.048809][ T535] ? __pfx_vfs_write+0x10/0x10 [ 1161.048824][ T535] ? find_held_lock+0x2b/0x80 [ 1161.048847][ T535] ksys_write+0x12a/0x250 [ 1161.048864][ T535] ? __pfx_ksys_write+0x10/0x10 [ 1161.048880][ T535] ? rcu_is_watching+0x12/0xc0 [ 1161.048898][ T535] do_syscall_64+0x10b/0xf80 [ 1161.048917][ T535] ? clear_bhb_loop+0x40/0x90 [ 1161.048934][ T535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1161.048949][ T535] RIP: 0033:0x7fe356f9cdd9 [ 1161.048962][ T535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1161.049024][ T535] RSP: 002b:00007fe357e38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1161.049040][ T535] RAX: ffffffffffffffda RBX: 00007fe357215fa0 RCX: 00007fe356f9cdd9 [ 1161.049052][ T535] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 1161.049061][ T535] RBP: 00007fe357032d69 R08: 0000000000000000 R09: 0000000000000000 [ 1161.049071][ T535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1161.049080][ T535] R13: 00007fe357216038 R14: 00007fe357215fa0 R15: 00007fff5fbe4ac8 [ 1161.049096][ T535] [ 1161.049101][ T535] [ 1161.049111][ T535] The buggy address belongs to a 0-page vmalloc region starting at 0xffffc90004609000 allocated at drm_gem_shmem_vmap_locked+0x553/0x860 [ 1161.049141][ T535] Memory state around the buggy address: [ 1161.049149][ T535] ffffc90004908f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1161.049161][ T535] ffffc90004908f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1161.049172][ T535] >ffffc90004909000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1161.049181][ T535] ^ [ 1161.049189][ T535] ffffc90004909080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1161.049199][ T535] ffffc90004909100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 1161.049207][ T535] ================================================================== [ 1161.083754][ T535] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1161.083773][ T535] CPU: 0 UID: 0 PID: 535 Comm: syz.0.3267 Tainted: G L syzkaller #0 PREEMPT(full) [ 1161.083796][ T535] Tainted: [L]=SOFTLOCKUP [ 1161.083802][ T535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1161.083816][ T535] Call Trace: [ 1161.083822][ T535] [ 1161.083829][ T535] dump_stack_lvl+0x100/0x190 [ 1161.083851][ T535] vpanic+0x552/0x970 [ 1161.083866][ T535] ? __pfx_vpanic+0x10/0x10 [ 1161.083883][ T535] ? sys_fillrect+0x174a/0x1910 [ 1161.083905][ T535] panic+0xd1/0xe0 [ 1161.083918][ T535] ? __pfx_panic+0x10/0x10 [ 1161.083933][ T535] ? sys_fillrect+0x174a/0x1910 [ 1161.083953][ T535] ? preempt_schedule_common+0x42/0xc0 [ 1161.083973][ T535] check_panic_on_warn.cold+0x19/0x34 [ 1161.083989][ T535] end_report.part.0+0x3a/0x90 [ 1161.084011][ T535] kasan_report.cold+0xe/0x18 [ 1161.084038][ T535] ? sys_fillrect+0x174a/0x1910 [ 1161.084061][ T535] sys_fillrect+0x174a/0x1910 [ 1161.084086][ T535] drm_fbdev_shmem_defio_fillrect+0x22/0x140 [ 1161.084104][ T535] bit_clear+0x17d/0x220 [ 1161.084122][ T535] ? __pfx_bit_clear+0x10/0x10 [ 1161.084139][ T535] ? fb_get_color_depth+0x120/0x250 [ 1161.084155][ T535] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1161.084179][ T535] __fbcon_clear+0x633/0x760 [ 1161.084195][ T535] ? __pfx_bit_clear+0x10/0x10 [ 1161.084213][ T535] fbcon_scroll+0x314/0x650 [ 1161.084230][ T535] con_scroll+0x464/0x690 [ 1161.084252][ T535] csi_ECMA.constprop.0+0xc57/0x3b60 [ 1161.084274][ T535] ? find_held_lock+0x2b/0x80 [ 1161.084293][ T535] ? __pfx_csi_ECMA.constprop.0+0x10/0x10 [ 1161.084317][ T535] do_con_write+0x3946/0x4a10 [ 1161.084339][ T535] ? trace_contention_end+0x122/0x170 [ 1161.084358][ T535] ? __pfx_do_con_write+0x10/0x10 [ 1161.084383][ T535] con_write+0x23/0xb0 [ 1161.084404][ T535] n_tty_write+0x431/0x11c0 [ 1161.084423][ T535] ? __pfx_n_tty_write+0x10/0x10 [ 1161.084438][ T535] ? trace_kmalloc+0xe3/0x110 [ 1161.084455][ T535] ? __pfx_woken_wake_function+0x10/0x10 [ 1161.084473][ T535] ? rcu_is_watching+0x12/0xc0 [ 1161.084491][ T535] ? file_tty_write.isra.0+0x694/0x890 [ 1161.084511][ T535] ? kfree+0x1dd/0x6c0 [ 1161.084531][ T535] ? __pfx_n_tty_write+0x10/0x10 [ 1161.084546][ T535] file_tty_write.isra.0+0x4d2/0x890 [ 1161.084570][ T535] redirected_tty_write+0xd4/0x120 [ 1161.084591][ T535] vfs_write+0x6ac/0x1070 [ 1161.084608][ T535] ? __pfx_redirected_tty_write+0x10/0x10 [ 1161.084630][ T535] ? __pfx_vfs_write+0x10/0x10 [ 1161.084645][ T535] ? find_held_lock+0x2b/0x80 [ 1161.084669][ T535] ksys_write+0x12a/0x250 [ 1161.084685][ T535] ? __pfx_ksys_write+0x10/0x10 [ 1161.084702][ T535] ? rcu_is_watching+0x12/0xc0 [ 1161.084720][ T535] do_syscall_64+0x10b/0xf80 [ 1161.084739][ T535] ? clear_bhb_loop+0x40/0x90 [ 1161.084755][ T535] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1161.084771][ T535] RIP: 0033:0x7fe356f9cdd9 [ 1161.084785][ T535] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1161.084800][ T535] RSP: 002b:00007fe357e38028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1161.084817][ T535] RAX: ffffffffffffffda RBX: 00007fe357215fa0 RCX: 00007fe356f9cdd9 [ 1161.084828][ T535] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 1161.084838][ T535] RBP: 00007fe357032d69 R08: 0000000000000000 R09: 0000000000000000 [ 1161.084848][ T535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1161.084858][ T535] R13: 00007fe357216038 R14: 00007fe357215fa0 R15: 00007fff5fbe4ac8 [ 1161.084874][ T535] [ 1161.084933][ T535] Kernel Offset: disabled