last executing test programs: 14m13.583954976s ago: executing program 0 (id=13095): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x5) sysfs$auto(0x2, 0x27, 0x6) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vbi15\x00', 0x40040, 0x0) ioctl$auto(r1, 0xc0445624, r1) fcntl$auto_F_OFD_SETLK(r0, 0x25, 0x7) 14m13.367511702s ago: executing program 0 (id=13097): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_register$auto_IORING_UNREGISTER_PERSONALITY(0xffffffffffffffff, 0xa, 0x0, 0x0) semctl$auto(0x2, 0x5, 0x13, 0x9) mknod$auto(&(0x7f0000001040)=':,\x00', 0xca, 0xfffffffa) r0 = openat$auto_rng_chrdev_ops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) read$auto_rng_chrdev_ops_core(r0, &(0x7f0000000040)=""/4096, 0xfffffe82) madvise$auto(0x0, 0xffffffffffff0001, 0x15) munmap$auto(0x1, 0x4) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, &(0x7f00000010c0)=&(0x7f0000001080)='\x8c\x82\xa5') 14m11.858546003s ago: executing program 0 (id=13105): write$auto(0xffffffffffffffff, 0x0, 0x599) lstat$auto(0x0, &(0x7f00000003c0)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0xac, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0xefffffffffffffff, 0x6, 0x6, 0x200000100103}) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20104120}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000001}, 0x20000051) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000040)={{0x0, 0x5, 0x0, 0x5, 0x0, 0x200002, 0x13}, 0x6}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x8943, 0x24) 14m11.5389881s ago: executing program 0 (id=13111): r0 = socket(0x21, 0x2, 0x2) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x8001) chdir$auto(&(0x7f0000000000)='}[,&*}\x00') getcwd$auto(0x0, 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x8f80, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0x40a0ae49, r0) 14m10.748578332s ago: executing program 0 (id=13114): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0xa, 0x0) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 14m10.555621202s ago: executing program 0 (id=13116): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x4b564d07, 0x400, 0x718c1257}]}) 13m55.3301978s ago: executing program 32 (id=13116): close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000080)={0x2, 0x0, [{0x4b564d07, 0x400, 0x718c1257}]}) 17.766205478s ago: executing program 1 (id=17845): fcntl$auto(0xffffffffffffffff, 0x3ff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'batadv0\x00'}) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, 0x0, 0x77bed28568c43d3b, 0x70bd2a, 0x25dfdbfc}, 0x14}}, 0x80) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r1, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendto$auto(0x3, 0x0, 0x3, 0x101, 0x0, 0x1c) write$auto(0x3, 0x0, 0xfdf3) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) getsockopt$auto(0xffffffffffffffff, 0x11, 0x3, 0xfffffffffffffffc, 0x0) 17.577338296s ago: executing program 1 (id=17846): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/03.0\x00', 0x181000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 17.055460364s ago: executing program 1 (id=17849): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @local}, 0x54) sendmmsg$auto(r0, 0x0, 0x9a6, 0xe000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) connect$auto(0x3, &(0x7f0000000080)=@xdp={0x2c, 0x4, 0x0, 0xc}, 0x54) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) r2 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_TREAD64(r2, 0x400454a4, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) pread64$auto(r1, &(0x7f0000000200)='/proc/self/net/ip6_tables_targets\x00', 0x34b, 0x10000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 16.077009853s ago: executing program 1 (id=17855): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x10, 0x2, 0x14) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) socket(0xa, 0x5, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000040)=ANY=[@ANYRES16, @ANYBLOB="010027bd7000ffdbdf25100000000c00018008000100", @ANYRES32, @ANYBLOB="080006"], 0x28}, 0x1, 0x0, 0x0, 0x90}, 0x0) r1 = socket(0x10, 0x2, 0x14) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000003000)={0x0, 0x0, &(0x7f0000002fc0)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000000a14af"], 0x14}, 0x1, 0x0, 0x0, 0x80c3}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYRES8=r1], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4c084}, 0x51) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x2}, 0x3, 0x0) 15.707676109s ago: executing program 1 (id=17857): r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x2542, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r1, &(0x7f0000000040)='e:\ru', 0x4) recvmmsg$auto(r0, &(0x7f0000000280)={{&(0x7f0000000000)="354ce727522fdc08", 0x8001, &(0x7f0000000140)={&(0x7f0000000080)="4678382f7c38d91ff324b1df3239ad21c90ec009d0ee24b53e2065fd8aac1073be8536c3d5d6601e34df9e38f1e5bd3d67d8a93abe24b94d1cc8e68e0fe45a1198237da6c1e81b5f06d76cc2040b4f08b496382c2d6ad515457b0dc80644e1421c29a35f1254bdcd967b718daf8977d2c1ddcd8e769ec0b856587aa7418b0f118483bf5a1fcb48aa659dc1467094f07fbfca117b5c5b603547684fcf9eae47fe5dacf3d69cb5165ec8bd70dbe6b92e19fbe410", 0x2}, 0x10000, &(0x7f0000000180)="52a452f176c54e9344e46699f47bb83f83b2254290ba692e93f7554a05e575522e78dafd8c481f646b3a77370dd59f2aeba692935f1aef81d9681e03d044118cefad9c189039653d47412bcefa55998c69d8dd6e505becb50ec3151ba8a80ce566998b6f5e7abb1cbc0b019897cf046aa021f726fe87a608a018fa910b2d46da63a5c4a67dc6a6bc3de12e6956c45bf281dbef065dd2837afe8c77e16b58e1b135bbb59c9b74bffda83b8f673b098aed97c37fbb9332adda4840cee4d4e93455dc238dc9521024e785bdb772efaf2960eb603fc3972326efab66408fa090e53acead2a7706742e967c9ff55e88e591edd5aa8caa3c93b40e34c7cf", 0x3}, 0x8}, 0x2, 0x400, &(0x7f00000002c0)={0x4, 0x2}) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x488080, 0x0) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video1\x00', 0x8a240, 0x0) getpid() openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x4f4, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x800, 0x3, 0x20000, 0xc, 0x400000000003, 0x4, 0x0, 0xfffffffffffffffe, 0x6, 0x0, 0xffffffffffffff81, 0x1]}, 0x0) 15.453648593s ago: executing program 1 (id=17858): r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x60020000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) sendfile$auto(r1, r1, 0x0, 0x7fffe000) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) socket(0x2a, 0x2, 0x0) connect$auto(0xffffffffffffffff, 0x0, 0x55) syz_clone3(&(0x7f0000000300)={0x153326100, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0xa7) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket(0xa, 0x1, 0x84) bind$auto(r2, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) r3 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x6a) listen$auto(0x3, 0x81) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) close_range$auto(0x2, 0xa, 0x0) 5.695911111s ago: executing program 4 (id=17905): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, 0x0, 0xc0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x20401, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x5, 0xfffff05e, 0x0, 0x0, 0x80000001) r1 = gettid() kill$auto(r1, 0x11) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/bdi/43:288/max_ratio_fine\x00', 0x10b142, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC1\x00', 0x0, 0x0) sendfile$auto(r2, r3, 0x0, 0x1000200) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x8600, 0x0) 4.759620593s ago: executing program 4 (id=17912): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_smc_gen_netlink(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev6\x00', 0x103281, 0x0) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000140), 0x8040, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) unshare$auto(0x8000400) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/controlC2\x00', 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) open(0x0, 0x261c2, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 4.599036266s ago: executing program 4 (id=17914): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, 0x0, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/03.0\x00', 0x181000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 4.470172214s ago: executing program 2 (id=17915): r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r2) sendmsg$auto_NL802154_CMD_SET_PAN_ID(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000011c0)=ANY=[], 0x1058}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) statx$auto(0xffffff9c, 0x0, 0x1000, 0xbb, 0x0) r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000240)='ns/time_for_children\x00') r5 = ioctl$NS_GET_PARENT(r4, 0xb702, 0x0) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r2, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x28, r3, 0x805, 0x70bd2d, 0x25dfdbfb, {}, [@NL80211_ATTR_NETNS_FD={0x8, 0xdb, r5}, @NL80211_ATTR_OBSS_COLOR_BITMAP={0xc, 0x12e, 0x1000}]}, 0x28}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) sendmsg$auto_NL80211_CMD_GET_WIPHY(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000140)=ANY=[@ANYBLOB="18000000", @ANYRES16=r3, @ANYBLOB="810b25bd7080fbdbdf25010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x20000000}, 0xc004) sendmsg$auto_NL80211_CMD_GET_SCAN(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x18, r3, 0x10, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_BSS_BASIC_RATES={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x48014}, 0x8000) r6 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/038/001\x00', 0x40001, 0x0) ioctl$auto_USBDEVFS_CONTROL(r6, 0xc0185500, &(0x7f0000000000)={0x23, 0x3, 0x4, 0x5, 0x0, 0x2, 0x0}) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x200, 0x4) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) eventfd$auto(0x3) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ttyS0\x00', 0x121000, 0x0) ioctl$auto_SNDCTL_TMR_STOP(r0, 0x5403, &(0x7f0000000000)) 3.884043985s ago: executing program 4 (id=17916): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x10000007, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) read$auto_vhci_fops_hci_vhci(r2, 0x0, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) unshare$auto(0x0) socket(0x2b, 0x1, 0x0) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) 3.556252071s ago: executing program 2 (id=17920): fcntl$auto(0xffffffffffffffff, 0x3ff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'batadv0\x00'}) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, 0x0, 0x77bed28568c43d3b, 0x70bd2a, 0x25dfdbfc}, 0x14}}, 0x80) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) r0 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r0, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendto$auto(0x3, 0x0, 0x3, 0x101, 0x0, 0x1c) write$auto(0x3, 0x0, 0xfdf3) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x11, 0x3, 0xfffffffffffffffc, 0x0) 2.362385222s ago: executing program 3 (id=17923): write$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffffff, &(0x7f0000000140)="d1807307", 0x4) r0 = openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000006c0), 0x0, 0x0) ioctl$auto_dma_heap_fops_dma_heap(r0, 0xffffffffffdffe00, &(0x7f0000000140)) madvise$auto(0x0, 0xffffffffffff0001, 0x15) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) getrlimit$auto(0x3, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ram1\x00', 0x6281, 0x0) ioctl$auto_BLKZEROOUT(r1, 0x127f, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r2, 0xc0045002, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xe6e43, 0x0) write$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000000)="b2", 0x1) pwrite64$auto(0xc8, &(0x7f0000000080)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x88\v\xae\xa9i8W\xe5\x00W\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/232, 0xe80, 0x3) 2.361768212s ago: executing program 2 (id=17931): fcntl$auto(0xffffffffffffffff, 0x3ff, 0x0) syz_open_procfs$namespace(0x0, &(0x7f0000000040)) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0x0) r0 = socket(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000940)={'batadv0\x00'}) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x14, 0x0, 0x77bed28568c43d3b, 0x70bd2a, 0x25dfdbfc}, 0x14}}, 0x80) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) r1 = socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) statx$auto(r1, 0x0, 0x401006, 0x4015, 0x0) setsockopt$auto(0x3, 0x1, 0x41, 0x0, 0x88) sendto$auto(0x3, 0x0, 0x3, 0x101, 0x0, 0x1c) syz_genetlink_get_family_id$auto_nl802154(0x0, r0) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x400008, 0x200, 0x9b72, 0x2, 0x8000) getsockopt$auto(0xffffffffffffffff, 0x11, 0x3, 0xfffffffffffffffc, 0x0) 1.858267201s ago: executing program 3 (id=17924): r0 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) r1 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x2542, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r1, &(0x7f0000000040)='e:\ru', 0x4) recvmmsg$auto(r0, &(0x7f0000000280)={{&(0x7f0000000000)="354ce727522fdc08", 0x8001, &(0x7f0000000140)={&(0x7f0000000080)="4678382f7c38d91ff324b1df3239ad21c90ec009d0ee24b53e2065fd8aac1073be8536c3d5d6601e34df9e38f1e5bd3d67d8a93abe24b94d1cc8e68e0fe45a1198237da6c1e81b5f06d76cc2040b4f08b496382c2d6ad515457b0dc80644e1421c29a35f1254bdcd967b718daf8977d2c1ddcd8e769ec0b856587aa7418b0f118483bf5a1fcb48aa659dc1467094f07fbfca117b5c5b603547684fcf9eae47fe5dacf3d69cb5165ec8bd70dbe6b92e19fbe410", 0x2}, 0x10000, &(0x7f0000000180)="52a452f176c54e9344e46699f47bb83f83b2254290ba692e93f7554a05e575522e78dafd8c481f646b3a77370dd59f2aeba692935f1aef81d9681e03d044118cefad9c189039653d47412bcefa55998c69d8dd6e505becb50ec3151ba8a80ce566998b6f5e7abb1cbc0b019897cf046aa021f726fe87a608a018fa910b2d46da63a5c4a67dc6a6bc3de12e6956c45bf281dbef065dd2837afe8c77e16b58e1b135bbb59c9b74bffda83b8f673b098aed97c37fbb9332adda4840cee4d4e93455dc238dc9521024e785bdb772efaf2960eb603fc3972326efab66408fa090e53acead2a7706742e967c9ff55e88e591edd5aa8caa3c93b40e34c7cf", 0x3}, 0x8}, 0x2, 0x400, &(0x7f00000002c0)={0x4, 0x2}) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x8000) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000240)='/dev/video1\x00', 0x8a240, 0x0) getpid() openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xd, 0x1, 0x948b, 0xffffffffffffffff, 0x15f4da07, 0x6, 0x10, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x4f4, 0x8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x1, 0xbc3, 0x800, 0x3, 0x20000, 0xc, 0x400000000003, 0x4, 0x0, 0xfffffffffffffffe, 0x6, 0x0, 0xffffffffffffff81, 0x1]}, 0x0) 1.448424827s ago: executing program 2 (id=17925): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x2c, 0x3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x101202, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) prctl$auto(0x41, 0x7, 0x0, 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x10, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4048) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/net/xfrm_stat\x00', 0x5612c1, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x5}, 0xa) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x7, 0x28000) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) socketpair$auto(0x200001e, 0x8, 0x80000000, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x3, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x7, 0xd, 0x1, 0x948d, 0x5, 0x7, 0x3, 0x8003, 0x65, 0x8000001f, 0x1000, 0x100000000006d3e, 0x9, 0x1, 0x8]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.086492243s ago: executing program 2 (id=17926): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x181000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) 917.301649ms ago: executing program 3 (id=17927): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) mlock$auto(0x112, 0x80006) mlockall$auto(0x800000000000005) madvise$auto(0x0, 0x200007, 0x19) r0 = socket(0x2, 0x801, 0x100) listen$auto(r0, 0x200005) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/thread-self/mem\x00', 0x40001, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) bpf$auto(0x400, &(0x7f0000000280)=@link_create={@map_fd=0xffffffffffffffff, @target_fd=r0, 0x8, 0x8, @kprobe_multi={0x10cd, 0x2, 0x3, 0x5, 0x3}}, 0x6f4) init_module$auto(0x0, 0xffff9, 0x0) madvise$auto(0x0, 0x2000000080000001, 0x3) close_range$auto(0x2, 0x8, 0x2) close_range$auto(r1, r3, 0x3) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/vhci_hcd.12/usb33/33-0:1.0/usb33-port3/power/runtime_status\x00', 0x351200, 0x0) sendmsg$auto_NL80211_CMD_DEL_PMK(r2, &(0x7f0000000940)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40004}, 0xc, &(0x7f0000000240)={&(0x7f0000000980)=ANY=[@ANYBLOB="98000000", @ANYRES16, @ANYBLOB="100426bd7000fedbdf257c0000004f002280fc020ef97d5a0f306061c43e41c4579b2a519d6398699cfd9c6e85f4997c2678df8a208ae65b12888c5dc6bc864dfe3c1e394d0400a7000800e1000a0101", @ANYRES32=r0, @ANYBLOB="0400d700001a004e0176bf3469890194db588952aa8343b6d44579184f04c4000004004e011000b000d0708d9055775c12c8"], 0x98}, 0x1, 0x0, 0x0, 0x40000}, 0x4c804) madvise$auto(0x0, 0x2003ec, 0x14) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/037/001\x00', 0x802, 0x0) mprotect$auto(0x0, 0xe6a, 0x6) 725.99441ms ago: executing program 3 (id=17928): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x7, 0x0) r0 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322ddc) open_by_handle_at$auto(r0, &(0x7f0000001280)={0x4, 0x2, "02000000"}, 0x6) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) socketpair$auto(0x3, 0xd, 0x8dc2, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0182, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xc048aeca, 0x0) 640.68327ms ago: executing program 3 (id=17929): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D3\x00', 0x200a41, 0x0) bpf$auto(0x8000000, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/mem\x00', 0x40, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000002c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1d\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"P\x8a\xbbY8@Z5`\xa2\x9aSVd\x1d\xac\xe8\x90e\x9d\x03tm\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7.\xbe\x01\x98\xd7l\x00\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa\xf0\xd9\xc0K\x8b\xa3c\x00'/160, 0xa9) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054) write$auto(0xffffffffffffffff, 0x0, 0x81) write$auto(0xffffffffffffffff, 0x0, 0x98c7) ppoll$auto(0x0, 0x5, &(0x7f00000002c0)={0x1, 0x8000000000000001}, 0x0, 0x8) mmap$auto(0x0, 0x2000d, 0x4, 0xeb1, 0xffffffffffffffff, 0x6000000000) shmctl$auto_SHM_LOCK(0x2, 0xb, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4c2080, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x400008000) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r0, 0x8000) ioctl$auto_BLKRRPART(r0, 0x125f, 0x2a) madvise$auto(0x0, 0x400053, 0x9) 500.844062ms ago: executing program 4 (id=17930): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x7, 0x0) r0 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322ddc) open_by_handle_at$auto(r0, &(0x7f0000001280)={0x0, 0x2}, 0x6) openat$auto_loop_ctl_fops_loop(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) socketpair$auto(0x3, 0xd, 0x8dc2, 0x0) close_range$auto(0x2, 0x8000, 0x0) socket(0x2, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0182, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) ioctl$auto_KVM_CREATE_VM(r1, 0xc048aeca, 0x0) 343.260671ms ago: executing program 33 (id=17858): r0 = pidfd_open$auto(0x1, 0x0) setns(r0, 0x60020000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x202, 0x0) sendfile$auto(r1, r1, 0x0, 0x7fffe000) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2000000000000021, 0x2, 0x10000000000002) socket(0x2a, 0x2, 0x0) connect$auto(0xffffffffffffffff, 0x0, 0x55) syz_clone3(&(0x7f0000000300)={0x153326100, 0x0, 0x0, 0x0, {0x23}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0xa7) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket(0xa, 0x1, 0x84) bind$auto(r2, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) r3 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3d}}, 0x6a) listen$auto(0x3, 0x81) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) close_range$auto(0x2, 0xa, 0x0) 338.420977ms ago: executing program 3 (id=17933): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) setpriority$auto_PRIO_PROCESS(0x0, 0xffffffffffffffff, 0x4) r1 = timerfd_create$auto(0x9, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(r0, 0x1, 0x820, 0x7fff) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r2, 0x402, 0x8000007fffffdf) fcntl$auto(r2, 0x403, 0x400000fffffffd) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000180)="fc5ea5f1401a03cd7d362456adda0cf384c0e2d7bd3d31e409957ab6bd240c4af9373f9691253b947acf08619bf87d27ebc9b1fff0ce71c342980e157ce4c431437e29b11e2c41b25e95a0d677941ec8136ec921976149c1d14b") mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x4, 0x4, 0xd85, 0x80000000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000200)='/dev/dri/renderD128\x00', 0x20400, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 166.17649ms ago: executing program 2 (id=17934): r0 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) seccomp$auto(0x1, 0x3f, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r1 = socket$nl_generic(0x10, 0x3, 0x10) poll$auto(&(0x7f0000003640)={r1, 0x7, 0x6}, 0x7, 0x3) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000003900), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'team_slave_0\x00', 0x0}) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000600)='/sys/kernel/mm/lru_gen/enabled\x00', 0x2062, 0x0) write$auto(r5, &(0x7f00000000c0)='Y\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k\xe21\xdeD\x82\xed\xdbJ\xda^\xceY\xa4\xbe\x06\x7fKE\xa2\xa5\v\"e\xe4\xb9\xe2\t\a_\xe5\xd0\xfd\xbb\xdb\xba{4\xba\x85\x85\x18\xbbQ\x85\xfeG<\xdd\xb1XS\xc3\xaa\xce\xf9\x87\xc1\x18\xb48\x7f\xec\x94\\5\x98\x1fl\x9d\xe0m\'\xc2v9\xce\x14d3\xbc45.\xd9\xf4M\xe3\xf9\x1bY\x9c\xbei|\xd0\xa7Q\x03?\x97(b\xb9\x8bK$\x96%\x9aBUw\xd9\f\xd8h\x96u\xae\x9a\xc6z\x82\x85)\xe5\xe8\xf4@\xc3\xc7\xfe\xd7\xa0\n0\xbc\x82\xea', 0x52) sendmsg$auto_NETDEV_CMD_QUEUE_GET(r2, &(0x7f00000039c0)={0x0, 0x0, &(0x7f0000003980)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000881a5cb1171772f5a27d41ddee4994308bdea47694fc48babeda22dadb4b032d08b7de4f2fd0c854e918f1bce5c6d169698fa5e052af59a4d2778eb34c48c28a8a50bd4e22290851200e0a4b4fabb9036f6aa0152691d7029a0907dea79d120d201b76caadbeb100f649e511d7b074c93579dc4042fa1ef59190eebd268599d2b5bd26051b090c9d3ba00815c09ac4bdb5ffcd768cc1868be48219144736c3f5b0e98ee3e096b7", @ANYRES16=r3, @ANYBLOB="01032ebd7000fddbdf250a00000008000200", @ANYRES32=r4, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0xc4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'veth1\x00'}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) futex$auto(&(0x7f0000000080)=0x2948, 0x0, 0x2948, &(0x7f00000000c0)={0x225c17d03}, 0x0, 0x5) futex$auto(0x0, 0x5, 0x4, 0x0, &(0x7f0000000080)=0x9, 0x4000000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'vlan1\x00'}) sendmsg$auto_NETDEV_CMD_DEV_GET(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x24, r3, 0x4, 0x70bd2a, 0x25dfdbfc, {}, [@NETDEV_A_DEV_IFINDEX={0x8}, @NETDEV_A_DEV_IFINDEX={0x8, 0x1, r6}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000008}, 0xc0000) write$auto_console_fops_tty_io(0xffffffffffffffff, &(0x7f0000001000)="5142651f911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb12dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbba8c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b3983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee6d6088b541a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5d3974e682bbd555ac19625bf6e0607d8803391ec9c2dc41fc4e8bceae4f53507137324dd02914a067d52a577b812ddac4a34765c26a98839b3edb6290abff0c75991d6f8c1bd7540f38a7f25fec2f3539f894c938e1f3cf0ff1e6994d6a6ecc457a482f045ba712a85e8e31afd49c8e3480dc1c36d56ab2eceac6e5a847455d8ef4e3d45cd463c421bd1bce2ca57dd88f0e7ab3446cdfa8cb3914c240936f1738af7009e9131b240b59af55d7e38307b91fc8f00410cfdcfacaa341607a801afa63640091eb00b860700ea882878a8d9838f5597b970366be7d167ddebfe3c9253b5dbf7f30a67ee4d87dccb3c723c20200aa5fc036caf12811b19ce49c81ce328d7b24587353ecb99bafd327e33303cf447b36800d1bed8ee10df527d55c0d5f7506fb11cb1338074113579e665c6f3cffde5a8ee7fa7bf3f8157986cf7c1c5dbdedaacbe3946b3d8809dec7387f006c062b93b6b481a806e5544ddeea7218fcc15c25a88164bfd0735e6290167cb2dbf4b4a317ba00b1fc27d203a6cff71ef8fe97a97d8e07af2ce1d0a0a2aa9ede7dd0572325075c83c2ecf866aa01654eff55ebe4e489e72152e6a3090e2348732704eb02997ffd23a63faabfbbbd1", 0x9cb) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x9}, 0x3, 0x0) 0s ago: executing program 4 (id=17935): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) close_range$auto(0x0, 0xfffffffffffff000, 0x2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/bus/pci/00/03.0\x00', 0x181000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0xfffffffd, 0x5, 0xffffffff, 0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) kernel console output (not intermixed with test programs): 02165][T14268] netlink: 186 bytes leftover after parsing attributes in process `syz.1.15495'. [ 1574.649413][T14270] zswap: compressor not available [ 1574.862543][T14272] zswap: compressor cover enable write trace failed, mode=0 not available [ 1575.096056][T14272] zswap: compressor (errno 9) not available [ 1575.389978][T14293] vivid-007: ================= START STATUS ================= [ 1575.417272][T14293] vivid-007: Generate PTS: true [ 1575.427757][T14293] vivid-007: Generate SCR: true [ 1575.440317][T14293] tpg source WxH: 320x240 (Y'CbCr) [ 1575.469724][T14293] tpg field: 1 [ 1575.474043][T14293] tpg crop: (0,0)/320x240 [ 1575.478431][T14293] tpg compose: (0,0)/320x240 [ 1575.499504][T14293] tpg colorspace: 8 [ 1575.512263][T14293] tpg transfer function: 0/0 [ 1575.537356][T14293] tpg Y'CbCr encoding: 0/0 [ 1575.562938][T14293] tpg quantization: 0/0 [ 1575.580198][T14293] tpg RGB range: 0/2 [ 1575.622250][T14293] vivid-007: ================== END STATUS ================== [ 1575.632420][T14301] FAULT_INJECTION: forcing a failure. [ 1575.632420][T14301] name failslab, interval 1, probability 0, space 0, times 0 [ 1575.692521][T14301] CPU: 0 UID: 0 PID: 14301 Comm: syz.3.15502 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1575.692555][T14301] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1575.692561][T14301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1575.692571][T14301] Call Trace: [ 1575.692578][T14301] [ 1575.692584][T14301] dump_stack_lvl+0x100/0x190 [ 1575.692611][T14301] should_fail_ex.cold+0x5/0xa [ 1575.692629][T14301] ? tomoyo_init_log+0x1224/0x20c0 [ 1575.692652][T14301] should_failslab+0xc2/0x120 [ 1575.692675][T14301] __kmalloc_noprof+0xe0/0x850 [ 1575.692699][T14301] tomoyo_init_log+0x1224/0x20c0 [ 1575.692727][T14301] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1575.692754][T14301] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1575.692782][T14301] tomoyo_write_log2+0x2ed/0xbc0 [ 1575.692800][T14301] tomoyo_supervisor+0x15e/0x1340 [ 1575.692822][T14301] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1575.692848][T14301] ? kasan_quarantine_put+0x104/0x240 [ 1575.692870][T14301] ? tomoyo_check_path_acl+0x141/0x210 [ 1575.692892][T14301] ? tomoyo_check_acl+0x1f7/0x410 [ 1575.692913][T14301] tomoyo_path_permission+0x270/0x3b0 [ 1575.692935][T14301] tomoyo_check_open_permission+0x34d/0x3c0 [ 1575.692957][T14301] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1575.692997][T14301] ? do_raw_spin_lock+0x128/0x260 [ 1575.693018][T14301] ? path_get+0x61/0x80 [ 1575.693034][T14301] tomoyo_file_open+0x6b/0x90 [ 1575.693052][T14301] security_file_open+0xb5/0x1e0 [ 1575.693074][T14301] do_dentry_open+0x5aa/0x1660 [ 1575.693097][T14301] ? security_inode_permission+0xbf/0x250 [ 1575.693121][T14301] vfs_open+0x82/0x3f0 [ 1575.693139][T14301] path_openat+0x208c/0x31a0 [ 1575.693168][T14301] ? __pfx_path_openat+0x10/0x10 [ 1575.693196][T14301] do_file_open+0x20e/0x430 [ 1575.693220][T14301] ? __pfx_do_file_open+0x10/0x10 [ 1575.693255][T14301] ? alloc_fd+0x476/0x790 [ 1575.693278][T14301] ? do_getname+0x191/0x390 [ 1575.693296][T14301] do_sys_openat2+0x10d/0x1e0 [ 1575.693313][T14301] ? __pfx_do_sys_openat2+0x10/0x10 [ 1575.693337][T14301] __x64_sys_openat+0x12d/0x210 [ 1575.693355][T14301] ? __pfx___x64_sys_openat+0x10/0x10 [ 1575.693380][T14301] do_syscall_64+0x106/0xf80 [ 1575.693396][T14301] ? clear_bhb_loop+0x40/0x90 [ 1575.693414][T14301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1575.693430][T14301] RIP: 0033:0x7f604839c629 [ 1575.693444][T14301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1575.693458][T14301] RSP: 002b:00007f604931d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1575.693474][T14301] RAX: ffffffffffffffda RBX: 00007f6048615fa0 RCX: 00007f604839c629 [ 1575.693484][T14301] RDX: 0000000000040001 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1575.693493][T14301] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1575.693502][T14301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1575.693512][T14301] R13: 00007f6048616038 R14: 00007f6048615fa0 R15: 00007ffe5b6d7858 [ 1575.693538][T14301] [ 1576.520125][T14318] netlink: 25 bytes leftover after parsing attributes in process `syz.3.15508'. [ 1577.470259][T14336] FAULT_INJECTION: forcing a failure. [ 1577.470259][T14336] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1577.594799][T14336] CPU: 0 UID: 0 PID: 14336 Comm: syz.3.15513 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1577.594828][T14336] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1577.594835][T14336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1577.594844][T14336] Call Trace: [ 1577.594850][T14336] [ 1577.594857][T14336] dump_stack_lvl+0x100/0x190 [ 1577.594883][T14336] should_fail_ex.cold+0x5/0xa [ 1577.594902][T14336] get_futex_key+0x1d2/0x1620 [ 1577.594923][T14336] ? __pfx_get_futex_key+0x10/0x10 [ 1577.594947][T14336] futex_wake+0xea/0x530 [ 1577.594969][T14336] ? __pfx_futex_wake+0x10/0x10 [ 1577.594991][T14336] ? putname+0xb1/0x110 [ 1577.595004][T14336] ? kmem_cache_free+0x124/0x6a0 [ 1577.595026][T14336] do_futex+0x32b/0x350 [ 1577.595044][T14336] ? __pfx_do_futex+0x10/0x10 [ 1577.595060][T14336] ? __pfx_do_sys_openat2+0x10/0x10 [ 1577.595079][T14336] ? __fget_files+0x21f/0x3d0 [ 1577.595102][T14336] __x64_sys_futex+0x34f/0x4d0 [ 1577.595121][T14336] ? __x64_sys_openat+0x12d/0x210 [ 1577.595138][T14336] ? __pfx___x64_sys_futex+0x10/0x10 [ 1577.595163][T14336] do_syscall_64+0x106/0xf80 [ 1577.595179][T14336] ? clear_bhb_loop+0x40/0x90 [ 1577.595196][T14336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1577.595212][T14336] RIP: 0033:0x7f604839c629 [ 1577.595225][T14336] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1577.595240][T14336] RSP: 002b:00007f60492db0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1577.595256][T14336] RAX: ffffffffffffffda RBX: 00007f6048616188 RCX: 00007f604839c629 [ 1577.595266][T14336] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f604861618c [ 1577.595275][T14336] RBP: 00007f6048616180 R08: 0000000000000000 R09: 0000000000000000 [ 1577.595287][T14336] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 1577.595296][T14336] R13: 00007f6048616218 R14: 00007ffe5b6d7770 R15: 00007ffe5b6d7858 [ 1577.595315][T14336] [ 1577.598697][ T29] audit: type=1326 audit(4295053626.952:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14332 comm="syz.3.15513" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f604839c629 code=0x0 [ 1578.239496][ T5827] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1578.247851][ T5827] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1579.351799][T14375] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1579.579706][T14379] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15527'. [ 1579.624117][T14379] netlink: 25 bytes leftover after parsing attributes in process `syz.2.15527'. [ 1580.190121][ T760] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1580.197899][ T760] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1580.883896][ T29] audit: type=1107 audit(4295053630.232:69): pid=14404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1580.970485][ T29] audit: type=1107 audit(4295053630.232:70): pid=14404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1581.453341][T14425] netlink: 25 bytes leftover after parsing attributes in process `syz.1.15542'. [ 1581.797796][T14438] netlink: 'syz.1.15545': attribute type 10 has an invalid length. [ 1581.829269][T14438] netlink: 230 bytes leftover after parsing attributes in process `syz.1.15545'. [ 1581.879323][T14440] netlink: 252 bytes leftover after parsing attributes in process `syz.2.15546'. [ 1581.913691][T14440] netlink: 252 bytes leftover after parsing attributes in process `syz.2.15546'. [ 1582.430037][T14460] netlink: 246 bytes leftover after parsing attributes in process `syz.3.15551'. [ 1582.555493][ T29] audit: type=1107 audit(4295053631.912:71): pid=14458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1582.610777][ T29] audit: type=1107 audit(4295053631.932:72): pid=14458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 1583.609593][T14484] netlink: 62 bytes leftover after parsing attributes in process `syz.2.15554'. [ 1584.878210][T14513] vivid-007: ================= START STATUS ================= [ 1584.923140][T14513] vivid-007: Enable Output Cropping: true grabbed [ 1584.929580][T14513] vivid-007: Enable Output Composing: true grabbed [ 1584.999677][T14516] netlink: 338 bytes leftover after parsing attributes in process `syz.2.15566'. [ 1585.030256][T14513] vivid-007: Enable Output Scaler: true grabbed [ 1585.055469][T14513] vivid-007: Tx RGB Quantization Range: Automatic grabbed [ 1585.076472][T14513] vivid-007: Transmit Mode: HDMI grabbed [ 1585.097424][T14513] vivid-007: Hotplug Present: 0x00000000 [ 1585.109548][T14513] vivid-007: RxSense Present: 0x00000000 [ 1585.121844][T14513] vivid-007: EDID Present: 0x00000000 [ 1585.133296][T14513] vivid-007: ================== END STATUS ================== [ 1586.011905][ T29] audit: type=1326 audit(4294967328.300:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14545 comm="syz.1.15576" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f251679c629 code=0x0 [ 1587.229241][T14557] zswap: compressor not available [ 1587.591743][T14571] netlink: 'syz.2.15582': attribute type 19 has an invalid length. [ 1587.654047][T14571] netlink: 226 bytes leftover after parsing attributes in process `syz.2.15582'. [ 1588.414713][T14587] netlink: 'syz.2.15586': attribute type 4 has an invalid length. [ 1588.514755][T14587] netlink: 'syz.2.15586': attribute type 32 has an invalid length. [ 1588.633386][T14587] netlink: 46 bytes leftover after parsing attributes in process `syz.2.15586'. [ 1588.859384][T14593] futex_wake_op: syz.4.15588 tries to shift op by -2048; fix this program [ 1589.948428][T14616] netlink: 12 bytes leftover after parsing attributes in process `syz.3.15595'. [ 1590.018227][T14616] HfR: entered promiscuous mode [ 1590.707860][T14635] netlink: 330 bytes leftover after parsing attributes in process `syz.4.15602'. [ 1591.930733][T14651] netlink: 186 bytes leftover after parsing attributes in process `syz.3.15608'. [ 1591.975464][T14651] netlink: 186 bytes leftover after parsing attributes in process `syz.3.15608'. [ 1594.766418][T14714] netlink: 13 bytes leftover after parsing attributes in process `syz.3.15628'. [ 1594.904361][ T29] audit: type=1326 audit(4294967337.170:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14713 comm="syz.2.15629" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0c7179c629 code=0x0 [ 1595.190292][T14719] ERROR: Out of memory at tomoyo_memory_ok. [ 1597.342455][T14761] ERROR: Out of memory at tomoyo_memory_ok. [ 1598.498839][T14776] netlink: 28 bytes leftover after parsing attributes in process `syz.2.15647'. [ 1598.603607][T14776] hsr0: left allmulticast mode [ 1598.671171][T14776] hsr_slave_0: left allmulticast mode [ 1598.703980][T14776] hsr_slave_1: left allmulticast mode [ 1598.771167][T14776] hsr0: left promiscuous mode [ 1598.814331][T14776] bridge0: port 3(hsr0) entered disabled state [ 1598.897122][T14776] bridge_slave_0: left allmulticast mode [ 1598.922651][T14776] bridge_slave_0: left promiscuous mode [ 1598.994291][T14776] bridge0: port 1(bridge_slave_0) entered disabled state [ 1603.341136][T14852] netlink: 252 bytes leftover after parsing attributes in process `syz.4.15671'. [ 1603.371222][ T29] audit: type=1326 audit(4294967345.650:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14851 comm="syz.1.15670" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f251679c629 code=0x0 [ 1603.405598][T14852] netlink: 252 bytes leftover after parsing attributes in process `syz.4.15671'. [ 1604.136929][T14868] netlink: 306 bytes leftover after parsing attributes in process `syz.4.15676'. [ 1605.356363][T14885] netlink: 8 bytes leftover after parsing attributes in process `syz.2.15682'. [ 1605.628280][T14891] netlink: 25 bytes leftover after parsing attributes in process `syz.4.15683'. [ 1606.689676][T14911] netlink: 4 bytes leftover after parsing attributes in process `syz.3.15690'. [ 1606.740618][T14911] netlink: 13 bytes leftover after parsing attributes in process `syz.3.15690'. [ 1606.971856][T14916] netlink: 28 bytes leftover after parsing attributes in process `syz.3.15691'. [ 1607.088366][T14917] netlink: 62 bytes leftover after parsing attributes in process `syz.4.15692'. [ 1607.794242][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.800561][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1610.291564][T14967] random: crng reseeded on system resumption [ 1610.592066][ T5827] Bluetooth: hci3: unexpected subevent 0x01 length: 3 < 18 [ 1610.943448][T14979] ERROR: Out of memory at tomoyo_memory_ok. [ 1615.701155][T15064] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input33 [ 1616.506997][ T5827] Bluetooth: hci4: Malformed Event: 0x02 [ 1616.904582][T15084] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15740'. [ 1616.949875][T15085] netlink: 'syz.1.15739': attribute type 5 has an invalid length. [ 1616.957994][T15084] netlink: 'syz.4.15740': attribute type 1 has an invalid length. [ 1616.981101][T15081] FAULT_INJECTION: forcing a failure. [ 1616.981101][T15081] name failslab, interval 1, probability 0, space 0, times 0 [ 1616.999344][T15084] netlink: 13 bytes leftover after parsing attributes in process `syz.4.15740'. [ 1617.020928][T15085] netlink: 'syz.1.15739': attribute type 1 has an invalid length. [ 1617.028726][T15085] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15739'. [ 1617.098693][T15081] CPU: 0 UID: 0 PID: 15081 Comm: syz.3.15738 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1617.098723][T15081] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1617.098729][T15081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1617.098739][T15081] Call Trace: [ 1617.098745][T15081] [ 1617.098751][T15081] dump_stack_lvl+0x100/0x190 [ 1617.098778][T15081] should_fail_ex.cold+0x5/0xa [ 1617.098797][T15081] should_failslab+0xc2/0x120 [ 1617.098821][T15081] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1617.098843][T15081] ? __alloc_workqueue+0x711/0x1880 [ 1617.098859][T15081] ? lockdep_init_map_type+0x5c/0x250 [ 1617.098881][T15081] __alloc_workqueue+0x711/0x1880 [ 1617.098900][T15081] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1617.098919][T15081] alloc_workqueue_noprof+0xd2/0x200 [ 1617.098936][T15081] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1617.098958][T15081] ? __pfx___debug_object_init+0x10/0x10 [ 1617.098982][T15081] nci_register_device+0x394/0xb80 [ 1617.099005][T15081] ? __pfx_nci_register_device+0x10/0x10 [ 1617.099030][T15081] ? lockdep_init_map_type+0x5c/0x250 [ 1617.099053][T15081] virtual_ncidev_open+0x141/0x220 [ 1617.099069][T15081] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1617.099083][T15081] misc_open+0x26d/0x450 [ 1617.099105][T15081] ? __pfx_misc_open+0x10/0x10 [ 1617.099125][T15081] chrdev_open+0x234/0x6a0 [ 1617.099147][T15081] ? __pfx_apparmor_file_open+0x10/0x10 [ 1617.099166][T15081] ? __pfx_chrdev_open+0x10/0x10 [ 1617.099189][T15081] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1617.099215][T15081] do_dentry_open+0x6d8/0x1660 [ 1617.099236][T15081] ? __pfx_chrdev_open+0x10/0x10 [ 1617.099263][T15081] vfs_open+0x82/0x3f0 [ 1617.099281][T15081] path_openat+0x208c/0x31a0 [ 1617.099309][T15081] ? __pfx_path_openat+0x10/0x10 [ 1617.099338][T15081] do_file_open+0x20e/0x430 [ 1617.099361][T15081] ? __pfx_do_file_open+0x10/0x10 [ 1617.099406][T15081] ? alloc_fd+0x476/0x790 [ 1617.099431][T15081] ? do_getname+0x191/0x390 [ 1617.099449][T15081] do_sys_openat2+0x10d/0x1e0 [ 1617.099467][T15081] ? __pfx_do_sys_openat2+0x10/0x10 [ 1617.099492][T15081] __x64_sys_openat+0x12d/0x210 [ 1617.099511][T15081] ? __pfx___x64_sys_openat+0x10/0x10 [ 1617.099535][T15081] do_syscall_64+0x106/0xf80 [ 1617.099551][T15081] ? clear_bhb_loop+0x40/0x90 [ 1617.099570][T15081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.099585][T15081] RIP: 0033:0x7f604839c629 [ 1617.099609][T15081] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1617.099625][T15081] RSP: 002b:00007f604931d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1617.099644][T15081] RAX: ffffffffffffffda RBX: 00007f6048615fa0 RCX: 00007f604839c629 [ 1617.099654][T15081] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1617.099665][T15081] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1617.099674][T15081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1617.099684][T15081] R13: 00007f6048616038 R14: 00007f6048615fa0 R15: 00007ffe5b6d7858 [ 1617.099705][T15081] [ 1617.741307][T15088] netlink: 'syz.1.15739': attribute type 5 has an invalid length. [ 1617.801282][T15088] netlink: 'syz.1.15739': attribute type 1 has an invalid length. [ 1617.841217][T15088] netlink: 12 bytes leftover after parsing attributes in process `syz.1.15739'. [ 1618.114187][T15096] netlink: 186 bytes leftover after parsing attributes in process `syz.3.15743'. [ 1618.649350][T15112] netlink: 330 bytes leftover after parsing attributes in process `syz.3.15750'. [ 1619.006203][T15117] sp0: Synchronizing with TNC [ 1619.338969][T15126] FAULT_INJECTION: forcing a failure. [ 1619.338969][T15126] name failslab, interval 1, probability 0, space 0, times 0 [ 1619.436578][T15126] CPU: 0 UID: 0 PID: 15126 Comm: syz.3.15754 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1619.436605][T15126] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1619.436612][T15126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1619.436621][T15126] Call Trace: [ 1619.436627][T15126] [ 1619.436633][T15126] dump_stack_lvl+0x100/0x190 [ 1619.436660][T15126] should_fail_ex.cold+0x5/0xa [ 1619.436678][T15126] should_failslab+0xc2/0x120 [ 1619.436703][T15126] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1619.436721][T15126] ? tomoyo_init_log+0x1a0/0x20c0 [ 1619.436748][T15126] tomoyo_init_log+0x1a0/0x20c0 [ 1619.436771][T15126] ? __pfx_format_decode+0x10/0x10 [ 1619.436793][T15126] ? number+0x983/0xc90 [ 1619.436812][T15126] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1619.436840][T15126] ? __pfx_tomoyo_init_log+0x10/0x10 [ 1619.436869][T15126] tomoyo_write_log2+0x2ed/0xbc0 [ 1619.436887][T15126] tomoyo_supervisor+0x15e/0x1340 [ 1619.436909][T15126] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1619.436929][T15126] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1619.436951][T15126] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1619.436965][T15126] ? kfree+0x1f6/0x6b0 [ 1619.436983][T15126] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 1619.437010][T15126] tomoyo_path_number_perm+0x445/0x580 [ 1619.437032][T15126] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1619.437052][T15126] ? futex_wait+0x125/0x380 [ 1619.437091][T15126] ? find_held_lock+0x2b/0x80 [ 1619.437112][T15126] ? __fget_files+0x215/0x3d0 [ 1619.437132][T15126] ? hook_file_ioctl_common+0x146/0x410 [ 1619.437157][T15126] ? __fget_files+0x21f/0x3d0 [ 1619.437180][T15126] security_file_ioctl+0xd3/0x230 [ 1619.437203][T15126] __x64_sys_ioctl+0xb7/0x210 [ 1619.437223][T15126] do_syscall_64+0x106/0xf80 [ 1619.437239][T15126] ? clear_bhb_loop+0x40/0x90 [ 1619.437257][T15126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1619.437273][T15126] RIP: 0033:0x7f604839c629 [ 1619.437286][T15126] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1619.437309][T15126] RSP: 002b:00007f60492fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1619.437326][T15126] RAX: ffffffffffffffda RBX: 00007f6048616090 RCX: 00007f604839c629 [ 1619.437336][T15126] RDX: 0000000000000000 RSI: 0000000000001261 RDI: 0000000000000004 [ 1619.437346][T15126] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1619.437355][T15126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1619.437365][T15126] R13: 00007f6048616128 R14: 00007f6048616090 R15: 00007ffe5b6d7858 [ 1619.437385][T15126] [ 1619.864403][T15132] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15756'. [ 1619.875248][T15132] netlink: 25 bytes leftover after parsing attributes in process `syz.2.15756'. [ 1619.925766][T15134] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15757'. [ 1619.936100][T15134] netlink: 13 bytes leftover after parsing attributes in process `syz.2.15757'. [ 1621.671295][T15164] netlink: 'syz.3.15767': attribute type 1 has an invalid length. [ 1624.401760][T15216] __nla_validate_parse: 2 callbacks suppressed [ 1624.401776][T15216] netlink: 28 bytes leftover after parsing attributes in process `syz.2.15784'. [ 1625.245929][ T5142] Bluetooth: hci0: command 0x0406 tx timeout [ 1626.080450][T15250] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15803'. [ 1626.103350][T15250] netlink: 25 bytes leftover after parsing attributes in process `syz.4.15803'. [ 1626.638499][T15266] random: crng reseeded on system resumption [ 1627.151006][ T760] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1627.618887][T15284] ERROR: Out of memory at tomoyo_memory_ok. [ 1627.888097][ T760] Bluetooth: hci4: unexpected subevent 0x03 length: 253 > 9 [ 1627.924926][T15294] netlink: 'syz.1.15807': attribute type 16 has an invalid length. [ 1627.957762][T15294] netlink: 226 bytes leftover after parsing attributes in process `syz.1.15807'. [ 1627.989899][T15294] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15807'. [ 1628.514799][T15307] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1628.616203][T15314] netlink: 'syz.2.15813': attribute type 21 has an invalid length. [ 1628.655405][T15314] netlink: 334 bytes leftover after parsing attributes in process `syz.2.15813'. [ 1629.259285][T15326] netlink: 'syz.2.15819': attribute type 5 has an invalid length. [ 1629.290412][T15326] netlink: 'syz.2.15819': attribute type 1 has an invalid length. [ 1629.328500][T15333] netlink: 'syz.2.15819': attribute type 5 has an invalid length. [ 1629.360953][T15326] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15819'. [ 1629.394827][T15333] netlink: 'syz.2.15819': attribute type 1 has an invalid length. [ 1629.433819][T15333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.15819'. [ 1630.832814][ T760] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1630.996871][T15367] netlink: 28 bytes leftover after parsing attributes in process `syz.2.15828'. [ 1631.835696][T15382] random: crng reseeded on system resumption [ 1632.387998][T15396] netlink: 28 bytes leftover after parsing attributes in process `syz.4.15837'. [ 1632.995365][T15406] ERROR: Out of memory at tomoyo_memory_ok. [ 1633.576261][T15420] netlink: 'syz.2.15845': attribute type 27 has an invalid length. [ 1633.614602][T15420] netlink: 'syz.2.15845': attribute type 28 has an invalid length. [ 1633.656656][T15420] netlink: 'syz.2.15845': attribute type 29 has an invalid length. [ 1633.691108][T15420] netlink: 'syz.2.15845': attribute type 30 has an invalid length. [ 1633.723407][T15420] netlink: 'syz.2.15845': attribute type 31 has an invalid length. [ 1633.757071][T15420] netlink: 'syz.2.15845': attribute type 32 has an invalid length. [ 1633.793761][T15420] netlink: 'syz.2.15845': attribute type 33 has an invalid length. [ 1633.833847][T15420] netlink: 'syz.2.15845': attribute type 35 has an invalid length. [ 1633.872391][T15420] netlink: 'syz.2.15845': attribute type 37 has an invalid length. [ 1633.915129][T15420] netlink: 'syz.2.15845': attribute type 39 has an invalid length. [ 1633.947500][T15420] netlink: 14 bytes leftover after parsing attributes in process `syz.2.15845'. [ 1634.517093][T15430] netlink: 4 bytes leftover after parsing attributes in process `syz.4.15857'. [ 1634.550041][T15433] random: crng reseeded on system resumption [ 1634.567873][T15430] netlink: 13 bytes leftover after parsing attributes in process `syz.4.15857'. [ 1634.919440][T15439] netlink: 354 bytes leftover after parsing attributes in process `syz.4.15860'. [ 1635.583244][T15455] FAULT_INJECTION: forcing a failure. [ 1635.583244][T15455] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1635.725090][T15455] CPU: 0 UID: 0 PID: 15455 Comm: syz.4.15854 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1635.725121][T15455] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1635.725128][T15455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1635.725139][T15455] Call Trace: [ 1635.725145][T15455] [ 1635.725152][T15455] dump_stack_lvl+0x100/0x190 [ 1635.725179][T15455] should_fail_ex.cold+0x5/0xa [ 1635.725197][T15455] get_futex_key+0x1d2/0x1620 [ 1635.725218][T15455] ? __pfx_get_futex_key+0x10/0x10 [ 1635.725242][T15455] futex_wake+0xea/0x530 [ 1635.725265][T15455] ? __pfx_futex_wake+0x10/0x10 [ 1635.725292][T15455] ? putname+0xb1/0x110 [ 1635.725305][T15455] ? kmem_cache_free+0x124/0x6a0 [ 1635.725327][T15455] do_futex+0x32b/0x350 [ 1635.725346][T15455] ? __pfx_do_futex+0x10/0x10 [ 1635.725363][T15455] ? __pfx_do_sys_openat2+0x10/0x10 [ 1635.725382][T15455] ? __fget_files+0x21f/0x3d0 [ 1635.725405][T15455] __x64_sys_futex+0x34f/0x4d0 [ 1635.725424][T15455] ? __x64_sys_openat+0x12d/0x210 [ 1635.725441][T15455] ? __pfx___x64_sys_futex+0x10/0x10 [ 1635.725467][T15455] do_syscall_64+0x106/0xf80 [ 1635.725483][T15455] ? clear_bhb_loop+0x40/0x90 [ 1635.725501][T15455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1635.725516][T15455] RIP: 0033:0x7f1e5099c629 [ 1635.725530][T15455] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1635.725546][T15455] RSP: 002b:00007f1e5186c0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1635.725561][T15455] RAX: ffffffffffffffda RBX: 00007f1e50c16188 RCX: 00007f1e5099c629 [ 1635.725571][T15455] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f1e50c1618c [ 1635.725580][T15455] RBP: 00007f1e50c16180 R08: 0000000000000000 R09: 0000000000000000 [ 1635.725589][T15455] R10: 0000000000000006 R11: 0000000000000246 R12: 0000000000000000 [ 1635.725598][T15455] R13: 00007f1e50c16218 R14: 00007fff65201200 R15: 00007fff652012e8 [ 1635.725618][T15455] [ 1636.705829][T15460] netlink: 338 bytes leftover after parsing attributes in process `syz.3.15858'. [ 1636.775728][T15462] netlink: 342 bytes leftover after parsing attributes in process `syz.3.15858'. [ 1636.878659][ T29] audit: type=1326 audit(4294967379.160:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15450 comm="syz.4.15854" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1e5099c629 code=0x0 [ 1636.907971][T15461] netlink: 338 bytes leftover after parsing attributes in process `syz.3.15858'. [ 1637.561156][T15479] FAULT_INJECTION: forcing a failure. [ 1637.561156][T15479] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1637.605998][T15479] CPU: 0 UID: 0 PID: 15479 Comm: syz.3.15865 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1637.606027][T15479] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1637.606033][T15479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1637.606044][T15479] Call Trace: [ 1637.606049][T15479] [ 1637.606055][T15479] dump_stack_lvl+0x100/0x190 [ 1637.606082][T15479] should_fail_ex.cold+0x5/0xa [ 1637.606097][T15479] ? prepare_alloc_pages+0x16d/0x5f0 [ 1637.606114][T15479] should_fail_alloc_page+0xeb/0x140 [ 1637.606139][T15479] prepare_alloc_pages+0x1f0/0x5f0 [ 1637.606154][T15479] ? rcu_is_watching+0x12/0xc0 [ 1637.606177][T15479] __alloc_frozen_pages_noprof+0x19a/0x2ba0 [ 1637.606198][T15479] ? __alloc_frozen_pages_noprof+0x2b1/0x2ba0 [ 1637.606218][T15479] ? __pfx_css_rstat_updated+0x10/0x10 [ 1637.606241][T15479] ? find_held_lock+0x2b/0x80 [ 1637.606263][T15479] ? rcu_read_unlock+0x17/0x60 [ 1637.606277][T15479] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1637.606296][T15479] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1637.606315][T15479] ? page_counter_charge+0x1d2/0x240 [ 1637.606333][T15479] ? rcu_is_watching+0x12/0xc0 [ 1637.606354][T15479] ? trace_mm_page_alloc+0x17a/0x1d0 [ 1637.606385][T15479] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1637.606409][T15479] ? policy_nodemask+0xed/0x4f0 [ 1637.606433][T15479] alloc_pages_mpol+0x1fb/0x550 [ 1637.606457][T15479] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1637.606479][T15479] ? do_raw_spin_lock+0x128/0x260 [ 1637.606498][T15479] ? find_held_lock+0x2b/0x80 [ 1637.606523][T15479] ? __pud_alloc+0x575/0x760 [ 1637.606540][T15479] alloc_pages_noprof+0x131/0x390 [ 1637.606564][T15479] __pmd_alloc+0x3b/0x9c0 [ 1637.606578][T15479] ? __pud_alloc+0x57a/0x760 [ 1637.606595][T15479] walk_to_pmd+0x3a3/0x4c0 [ 1637.606612][T15479] get_locked_pte+0x25/0xc0 [ 1637.606630][T15479] map_ldt_struct+0x3c1/0xa70 [ 1637.606658][T15479] ? __pfx_map_ldt_struct+0x10/0x10 [ 1637.606680][T15479] ? alloc_pages_noprof+0x233/0x390 [ 1637.606706][T15479] write_ldt+0x6d3/0xd40 [ 1637.606731][T15479] ? __pfx_write_ldt+0x10/0x10 [ 1637.606755][T15479] ? xfd_validate_state+0x129/0x190 [ 1637.606780][T15479] __x64_sys_modify_ldt+0xb1/0x170 [ 1637.606796][T15479] do_syscall_64+0x106/0xf80 [ 1637.606812][T15479] ? clear_bhb_loop+0x40/0x90 [ 1637.606832][T15479] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1637.606848][T15479] RIP: 0033:0x7f604839c629 [ 1637.606861][T15479] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1637.606884][T15479] RSP: 002b:00007f604931d028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 1637.606900][T15479] RAX: ffffffffffffffda RBX: 00007f6048615fa0 RCX: 00007f604839c629 [ 1637.606911][T15479] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 1637.606921][T15479] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1637.606930][T15479] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1637.606939][T15479] R13: 00007f6048616038 R14: 00007f6048615fa0 R15: 00007ffe5b6d7858 [ 1637.606960][T15479] [ 1638.020431][ T29] audit: type=1800 audit(4294967380.250:77): pid=15479 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.15865" name="trace_marker" dev="tracefs" ino=1539 res=0 errno=0 [ 1639.101962][T15507] netlink: 13 bytes leftover after parsing attributes in process `syz.4.15874'. [ 1641.131575][T15550] netlink: 354 bytes leftover after parsing attributes in process `syz.3.15884'. [ 1641.192223][T15557] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15886'. [ 1641.242493][T15557] netlink: 25 bytes leftover after parsing attributes in process `syz.2.15886'. [ 1642.222717][T15582] netlink: 25 bytes leftover after parsing attributes in process `syz.1.15898'. [ 1642.436388][ T29] audit: type=1326 audit(4294967384.720:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15584 comm="syz.1.15899" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f251679c629 code=0x0 [ 1643.209940][T15605] netlink: 226 bytes leftover after parsing attributes in process `syz.3.15903'. [ 1649.594370][T15714] netlink: 44 bytes leftover after parsing attributes in process `syz.2.15935'. [ 1649.655847][T15716] netlink: 44 bytes leftover after parsing attributes in process `syz.2.15935'. [ 1649.722149][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880707df400: rx timeout, send abort [ 1650.230331][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880707df400: abort rx timeout. Force session deactivation [ 1650.593218][ T760] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1650.914508][T15743] netlink: 28 bytes leftover after parsing attributes in process `syz.1.15943'. [ 1651.307220][ T760] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 1651.835739][T15758] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15948'. [ 1651.903226][T15758] netlink: 25 bytes leftover after parsing attributes in process `syz.2.15948'. [ 1652.158452][T15764] netlink: 4 bytes leftover after parsing attributes in process `syz.2.15950'. [ 1652.219437][T15766] netlink: 25 bytes leftover after parsing attributes in process `syz.2.15950'. [ 1655.669239][T15823] queue_state_write: unsupported operation '' [ 1655.688048][T15826] netlink: 25 bytes leftover after parsing attributes in process `syz.2.15968'. [ 1655.707892][T15823] queue_state_write: use 'run', 'start' or 'kick' [ 1656.479050][T15845] netlink: 330 bytes leftover after parsing attributes in process `syz.3.15974'. [ 1656.498558][T15845] : renamed from bond_slave_0 (while UP) [ 1656.517528][T15845] netlink: 330 bytes leftover after parsing attributes in process `syz.3.15974'. [ 1656.790287][ T760] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 1657.114446][T15860] kvm: kvm [15859]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000085) [ 1658.931550][T15883] netlink: 252 bytes leftover after parsing attributes in process `syz.2.15988'. [ 1658.956559][T15883] netlink: 252 bytes leftover after parsing attributes in process `syz.2.15988'. [ 1659.357715][T15890] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 1659.382712][T15890] File: /dev/nullb0 PID: 15890 Comm: syz.1.15983 [ 1660.228934][T15915] FAULT_INJECTION: forcing a failure. [ 1660.228934][T15915] name failslab, interval 1, probability 0, space 0, times 0 [ 1660.302511][T15915] CPU: 0 UID: 0 PID: 15915 Comm: syz.4.16000 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1660.302540][T15915] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1660.302546][T15915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1660.302557][T15915] Call Trace: [ 1660.302563][T15915] [ 1660.302569][T15915] dump_stack_lvl+0x100/0x190 [ 1660.302597][T15915] should_fail_ex.cold+0x5/0xa [ 1660.302615][T15915] should_failslab+0xc2/0x120 [ 1660.302639][T15915] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1660.302659][T15915] ? can_rx_register+0x582/0x6f0 [ 1660.302678][T15915] can_rx_register+0x582/0x6f0 [ 1660.302691][T15915] ? __pfx_raw_rcv+0x10/0x10 [ 1660.302709][T15915] ? __pfx_can_rx_register+0x10/0x10 [ 1660.302731][T15915] raw_enable_filters+0xe0/0x210 [ 1660.302753][T15915] raw_enable_allfilters+0x8b/0x2b0 [ 1660.302769][T15915] ? __local_bh_enable_ip+0x9e/0x120 [ 1660.302787][T15915] raw_bind+0x1bd/0xdf0 [ 1660.302803][T15915] ? apparmor_socket_bind+0x105/0x1e0 [ 1660.302825][T15915] __sys_bind+0x1a9/0x260 [ 1660.302849][T15915] ? __pfx___sys_bind+0x10/0x10 [ 1660.302883][T15915] __x64_sys_bind+0x72/0xb0 [ 1660.302903][T15915] ? lockdep_hardirqs_on+0x78/0x100 [ 1660.302920][T15915] do_syscall_64+0x106/0xf80 [ 1660.302937][T15915] ? clear_bhb_loop+0x40/0x90 [ 1660.302955][T15915] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1660.302970][T15915] RIP: 0033:0x7f1e5099c629 [ 1660.302984][T15915] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1660.302999][T15915] RSP: 002b:00007f1e518ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 1660.303014][T15915] RAX: ffffffffffffffda RBX: 00007f1e50c15fa0 RCX: 00007f1e5099c629 [ 1660.303025][T15915] RDX: 000000000000006a RSI: 0000200000000040 RDI: 0000000000000003 [ 1660.303034][T15915] RBP: 00007f1e50a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1660.303043][T15915] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1660.303052][T15915] R13: 00007f1e50c16038 R14: 00007f1e50c15fa0 R15: 00007fff652012e8 [ 1660.303073][T15915] [ 1661.443020][T15930] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input34 [ 1661.499148][ T5176] ERROR: Out of memory at tomoyo_memory_ok. [ 1661.871628][T15934] netlink: 306 bytes leftover after parsing attributes in process `syz.4.16014'. [ 1661.979535][T15937] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16007'. [ 1662.043274][T15937] netlink: 25 bytes leftover after parsing attributes in process `syz.1.16007'. [ 1662.632071][T15901] delete_channel: no stack [ 1663.498165][T15957] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16012'. [ 1663.810486][T15949] kexec: Could not allocate control_code_buffer [ 1664.404656][ T29] audit: type=1326 audit(4294967406.690:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15974 comm="syz.2.16018" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0c7179c629 code=0x0 [ 1665.591520][T15998] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 1665.717423][T15998] File: /dev/nullb0 PID: 15998 Comm: syz.1.16024 [ 1667.173722][T16028] netlink: 342 bytes leftover after parsing attributes in process `syz.3.16034'. [ 1669.235193][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.246224][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1670.418406][T16090] netlink: 330 bytes leftover after parsing attributes in process `syz.2.16052'. [ 1670.785621][T16097] validate_nla: 2 callbacks suppressed [ 1670.785636][T16097] netlink: 'syz.2.16054': attribute type 1 has an invalid length. [ 1673.219777][T16139] netlink: 25 bytes leftover after parsing attributes in process `syz.1.16076'. [ 1673.298457][T16142] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16068'. [ 1673.350947][T16142] netlink: 25 bytes leftover after parsing attributes in process `syz.3.16068'. [ 1673.462122][T16146] kvm: kvm [16144]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000085) [ 1673.545059][T16148] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16070'. [ 1673.586012][T16148] netlink: 354 bytes leftover after parsing attributes in process `syz.3.16070'. [ 1676.065644][T16199] openvswitch: : Dropping previously announced user features [ 1676.156666][T16201] netlink: 13 bytes leftover after parsing attributes in process `syz.1.16089'. [ 1676.461512][T16212] bond0: option slaves: interface -] does not exist! [ 1677.345572][T16232] netlink: 'syz.1.16099': attribute type 1 has an invalid length. [ 1677.391004][T16232] netlink: 306 bytes leftover after parsing attributes in process `syz.1.16099'. [ 1677.876409][T16251] FAULT_INJECTION: forcing a failure. [ 1677.876409][T16251] name failslab, interval 1, probability 0, space 0, times 0 [ 1677.904278][T16251] CPU: 0 UID: 0 PID: 16251 Comm: syz.3.16104 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1677.904306][T16251] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1677.904313][T16251] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1677.904323][T16251] Call Trace: [ 1677.904328][T16251] [ 1677.904335][T16251] dump_stack_lvl+0x100/0x190 [ 1677.904362][T16251] should_fail_ex.cold+0x5/0xa [ 1677.904381][T16251] should_failslab+0xc2/0x120 [ 1677.904404][T16251] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1677.904426][T16251] ? kstrdup_const+0x63/0x80 [ 1677.904445][T16251] ? __pfx_string+0x10/0x10 [ 1677.904471][T16251] kstrdup+0x51/0xe0 [ 1677.904491][T16251] kstrdup_const+0x63/0x80 [ 1677.904512][T16251] __kernfs_new_node+0x9b/0x960 [ 1677.904533][T16251] ? __pfx___kernfs_new_node+0x10/0x10 [ 1677.904556][T16251] ? find_held_lock+0x2b/0x80 [ 1677.904578][T16251] ? kernfs_root+0xee/0x2a0 [ 1677.904595][T16251] ? kernfs_root+0xee/0x2a0 [ 1677.904617][T16251] kernfs_new_node+0x11b/0x1a0 [ 1677.904641][T16251] __kernfs_create_file+0x53/0x350 [ 1677.904658][T16251] cgroup_addrm_files+0x4d8/0xb90 [ 1677.904689][T16251] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 1677.904718][T16251] ? idr_replace+0xfa/0x170 [ 1677.904733][T16251] ? __pfx_idr_replace+0x10/0x10 [ 1677.904751][T16251] css_populate_dir+0x161/0x590 [ 1677.904770][T16251] cgroup_apply_control_enable+0x40a/0xbd0 [ 1677.904804][T16251] cgroup_mkdir+0x57f/0x1330 [ 1677.904837][T16251] ? __pfx_cgroup_mkdir+0x10/0x10 [ 1677.904860][T16251] kernfs_iop_mkdir+0x111/0x190 [ 1677.904880][T16251] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 1677.904901][T16251] vfs_mkdir+0x361/0x850 [ 1677.904922][T16251] filename_mkdirat+0x48b/0x5e0 [ 1677.904938][T16251] ? __pfx_filename_mkdirat+0x10/0x10 [ 1677.904953][T16251] ? strncpy_from_user+0x19d/0x2d0 [ 1677.904977][T16251] ? do_getname+0x191/0x390 [ 1677.904995][T16251] __x64_sys_mkdir+0x6b/0x90 [ 1677.905010][T16251] do_syscall_64+0x106/0xf80 [ 1677.905026][T16251] ? clear_bhb_loop+0x40/0x90 [ 1677.905044][T16251] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1677.905060][T16251] RIP: 0033:0x7f604839c629 [ 1677.905074][T16251] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1677.905091][T16251] RSP: 002b:00007f60492fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1677.905107][T16251] RAX: ffffffffffffffda RBX: 00007f6048616090 RCX: 00007f604839c629 [ 1677.905118][T16251] RDX: 0000000000000000 RSI: 000000000000009f RDI: 0000200000000040 [ 1677.905128][T16251] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1677.905138][T16251] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1677.905148][T16251] R13: 00007f6048616128 R14: 00007f6048616090 R15: 00007ffe5b6d7858 [ 1677.905169][T16251] [ 1677.905250][T16251] cgroup: cgroup_addrm_files: failed to add bfq.group_wait_time, err=-12 [ 1678.807991][T16259] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input35 [ 1678.948410][T16262] ubi31: attaching mtd0 [ 1678.976538][T16262] ubi31: scanning is finished [ 1678.996609][T16262] ubi31 error: ubi_read_volume_table: the layout volume was not found [ 1679.157716][T16262] ubi31 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1680.708016][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1680.760264][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1680.826125][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1680.861238][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1680.905934][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1680.935876][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1680.966595][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1680.999345][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1681.026663][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1681.063889][T16292] netlink: 62 bytes leftover after parsing attributes in process `syz.2.16116'. [ 1681.624981][T16316] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input36 [ 1683.684060][T16366] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input37 [ 1684.877497][T16396] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input39 [ 1687.209568][T16440] netlink: 'syz.3.16163': attribute type 10 has an invalid length. [ 1687.251621][T16440] __nla_validate_parse: 9 callbacks suppressed [ 1687.251636][T16440] netlink: 330 bytes leftover after parsing attributes in process `syz.3.16163'. [ 1687.543033][T16455] program syz.3.16167 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1687.914347][T16468] netlink: 'syz.1.16169': attribute type 29 has an invalid length. [ 1687.950777][T16468] netlink: 'syz.1.16169': attribute type 30 has an invalid length. [ 1688.002053][T16468] netlink: 'syz.1.16169': attribute type 31 has an invalid length. [ 1688.043872][T16468] netlink: 'syz.1.16169': attribute type 32 has an invalid length. [ 1688.071889][T16475] netlink: 186 bytes leftover after parsing attributes in process `syz.3.16170'. [ 1688.099855][T16468] netlink: 'syz.1.16169': attribute type 33 has an invalid length. [ 1688.139013][T16468] netlink: 'syz.1.16169': attribute type 35 has an invalid length. [ 1688.200992][T16468] netlink: 'syz.1.16169': attribute type 37 has an invalid length. [ 1688.239226][T16468] netlink: 18 bytes leftover after parsing attributes in process `syz.1.16169'. [ 1688.731128][T16486] cougar: G6 mapped to space [ 1690.416020][T16518] netlink: 25 bytes leftover after parsing attributes in process `syz.4.16183'. [ 1693.110022][T16567] netlink: 16 bytes leftover after parsing attributes in process `syz.3.16197'. [ 1693.414277][T16577] netlink: 330 bytes leftover after parsing attributes in process `syz.2.16201'. [ 1694.027373][T16578] netlink: 'syz.1.16199': attribute type 1 has an invalid length. [ 1694.810105][T16593] netlink: 25 bytes leftover after parsing attributes in process `syz.4.16210'. [ 1695.440722][T16599] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1696.417092][T16622] netlink: 338 bytes leftover after parsing attributes in process `syz.3.16211'. [ 1696.462038][T16624] netlink: 338 bytes leftover after parsing attributes in process `syz.3.16211'. [ 1696.531911][T16624] netlink: 338 bytes leftover after parsing attributes in process `syz.3.16211'. [ 1696.589731][T16622] netlink: 306 bytes leftover after parsing attributes in process `syz.3.16211'. [ 1696.624076][T16624] netlink: 338 bytes leftover after parsing attributes in process `syz.3.16211'. [ 1696.667845][T16624] netlink: 338 bytes leftover after parsing attributes in process `syz.3.16211'. [ 1696.744545][T16626] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16212'. [ 1697.694375][T16643] FAULT_INJECTION: forcing a failure. [ 1697.694375][T16643] name failslab, interval 1, probability 0, space 0, times 0 [ 1697.739089][T16643] CPU: 0 UID: 0 PID: 16643 Comm: syz.3.16217 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1697.739117][T16643] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1697.739124][T16643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1697.739135][T16643] Call Trace: [ 1697.739141][T16643] [ 1697.739148][T16643] dump_stack_lvl+0x100/0x190 [ 1697.739176][T16643] should_fail_ex.cold+0x5/0xa [ 1697.739195][T16643] should_failslab+0xc2/0x120 [ 1697.739218][T16643] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1697.739236][T16643] ? snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 1697.739259][T16643] ? _snd_pcm_hw_param_min+0x1ea/0x670 [ 1697.739282][T16643] snd_pcm_oss_change_params_locked+0x81c/0x39f0 [ 1697.739381][T16643] ? __mutex_lock+0x26a/0x1b90 [ 1697.739414][T16643] ? trace_contention_end+0x140/0x180 [ 1697.739439][T16643] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1697.739463][T16643] ? __pfx___mutex_lock+0x10/0x10 [ 1697.739494][T16643] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 1697.739520][T16643] snd_pcm_oss_ioctl+0x1c08/0x3720 [ 1697.739542][T16643] ? __fget_files+0x215/0x3d0 [ 1697.739565][T16643] ? hook_file_ioctl_common+0x146/0x410 [ 1697.739587][T16643] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1697.739611][T16643] ? __fget_files+0x21f/0x3d0 [ 1697.739634][T16643] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1697.739660][T16643] __x64_sys_ioctl+0x18e/0x210 [ 1697.739681][T16643] do_syscall_64+0x106/0xf80 [ 1697.739698][T16643] ? clear_bhb_loop+0x40/0x90 [ 1697.739716][T16643] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1697.739733][T16643] RIP: 0033:0x7f604839c629 [ 1697.739748][T16643] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1697.739765][T16643] RSP: 002b:00007f604931d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1697.739782][T16643] RAX: ffffffffffffffda RBX: 00007f6048615fa0 RCX: 00007f604839c629 [ 1697.739793][T16643] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000006 [ 1697.739803][T16643] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1697.739812][T16643] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1697.739821][T16643] R13: 00007f6048616038 R14: 00007f6048615fa0 R15: 00007ffe5b6d7858 [ 1697.739842][T16643] [ 1699.304183][T16657] __nla_validate_parse: 5 callbacks suppressed [ 1699.304206][T16657] netlink: 12 bytes leftover after parsing attributes in process `syz.4.16221'. [ 1699.408333][T16659] netlink: 246 bytes leftover after parsing attributes in process `syz.2.16222'. [ 1700.282506][T16678] netlink: 25 bytes leftover after parsing attributes in process `syz.2.16236'. [ 1701.359109][T16701] netlink: 354 bytes leftover after parsing attributes in process `syz.2.16234'. [ 1701.906730][T16710] netlink: 16 bytes leftover after parsing attributes in process `syz.2.16238'. [ 1702.992138][T16724] netlink: 28 bytes leftover after parsing attributes in process `syz.3.16242'. [ 1704.670360][T16747] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 1704.767566][T16747] FAULT_INJECTION: forcing a failure. [ 1704.767566][T16747] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1704.796725][T16747] CPU: 0 UID: 0 PID: 16747 Comm: syz.3.16248 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1704.796775][T16747] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1704.796788][T16747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1704.796807][T16747] Call Trace: [ 1704.796819][T16747] [ 1704.796825][T16747] dump_stack_lvl+0x100/0x190 [ 1704.796852][T16747] should_fail_ex.cold+0x5/0xa [ 1704.796869][T16747] _copy_from_iter+0x1f4/0x1690 [ 1704.796903][T16747] ? __pfx__copy_from_iter+0x10/0x10 [ 1704.796928][T16747] ? __pfx___might_resched+0x10/0x10 [ 1704.796953][T16747] file_tty_write.isra.0+0x45b/0x890 [ 1704.796976][T16747] redirected_tty_write+0xd4/0x120 [ 1704.796992][T16747] vfs_write+0x6ac/0x1070 [ 1704.797014][T16747] ? __pfx_redirected_tty_write+0x10/0x10 [ 1704.797033][T16747] ? __pfx_vfs_write+0x10/0x10 [ 1704.797052][T16747] ? find_held_lock+0x2b/0x80 [ 1704.797089][T16747] ksys_write+0x12a/0x250 [ 1704.797109][T16747] ? __pfx_ksys_write+0x10/0x10 [ 1704.797135][T16747] do_syscall_64+0x106/0xf80 [ 1704.797152][T16747] ? clear_bhb_loop+0x40/0x90 [ 1704.797170][T16747] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1704.797186][T16747] RIP: 0033:0x7f604839c629 [ 1704.797199][T16747] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1704.797214][T16747] RSP: 002b:00007f604931d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1704.797229][T16747] RAX: ffffffffffffffda RBX: 00007f6048615fa0 RCX: 00007f604839c629 [ 1704.797240][T16747] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 1704.797249][T16747] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1704.797258][T16747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1704.797267][T16747] R13: 00007f6048616038 R14: 00007f6048615fa0 R15: 00007ffe5b6d7858 [ 1704.797287][T16747] [ 1705.276023][ T760] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1706.021577][T16766] random: crng reseeded on system resumption [ 1708.284236][T16804] netlink: 246 bytes leftover after parsing attributes in process `syz.4.16262'. [ 1709.045111][T16812] [U] ^\ [ 1709.184420][T16816] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16268'. [ 1709.221822][T16816] netlink: 'syz.4.16268': attribute type 1 has an invalid length. [ 1709.257038][T16816] netlink: 'syz.4.16268': attribute type 6 has an invalid length. [ 1710.057807][T16826] netlink: 186 bytes leftover after parsing attributes in process `syz.1.16271'. [ 1710.263732][T16831] netlink: 186 bytes leftover after parsing attributes in process `syz.1.16273'. [ 1710.831110][ T760] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1711.170533][T16848] netlink: 28 bytes leftover after parsing attributes in process `syz.3.16279'. [ 1711.358165][T16854] netlink: 4 bytes leftover after parsing attributes in process `syz.3.16281'. [ 1711.389948][T16854] netlink: 25 bytes leftover after parsing attributes in process `syz.3.16281'. [ 1715.871014][ T760] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1716.128306][ T760] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 1716.128331][ T760] Bluetooth: hci3: unexpected subevent 0x0d length: 725 > 260 [ 1716.144348][ T760] bt_err_ratelimited: 8 callbacks suppressed [ 1716.144361][ T760] Bluetooth: hci3: Unknown advertising packet type: 0x7f [ 1716.152748][ T760] Bluetooth: hci3: adv larger than maximum supported [ 1716.159803][ T760] Bluetooth: hci3: adv larger than maximum supported [ 1716.167608][ T760] Bluetooth: hci3: Malformed LE Event: 0x0d [ 1716.391559][T16912] FAULT_INJECTION: forcing a failure. [ 1716.391559][T16912] name failslab, interval 1, probability 0, space 0, times 0 [ 1716.469495][T16912] CPU: 0 UID: 0 PID: 16912 Comm: syz.4.16296 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1716.469524][T16912] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1716.469530][T16912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1716.469539][T16912] Call Trace: [ 1716.469545][T16912] [ 1716.469552][T16912] dump_stack_lvl+0x100/0x190 [ 1716.469579][T16912] should_fail_ex.cold+0x5/0xa [ 1716.469598][T16912] should_failslab+0xc2/0x120 [ 1716.469621][T16912] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1716.469643][T16912] ? __alloc_skb+0x140/0x710 [ 1716.469661][T16912] __alloc_skb+0x140/0x710 [ 1716.469674][T16912] ? __alloc_skb+0x5b7/0x710 [ 1716.469687][T16912] ? __pfx___alloc_skb+0x10/0x10 [ 1716.469704][T16912] ? sk_page_frag_refill+0x6c/0x340 [ 1716.469728][T16912] kcm_sendmsg+0x1482/0x2fe0 [ 1716.469755][T16912] ? __pfx_kcm_sendmsg+0x10/0x10 [ 1716.469772][T16912] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1716.469795][T16912] sock_sendmsg+0x3a1/0x430 [ 1716.469818][T16912] ? __pfx_sock_sendmsg+0x10/0x10 [ 1716.469858][T16912] splice_to_socket+0xb4c/0x11b0 [ 1716.469881][T16912] ? touch_atime+0xa5/0x7a0 [ 1716.469909][T16912] ? __pfx_splice_to_socket+0x10/0x10 [ 1716.469960][T16912] ? trace_kmalloc+0x101/0x130 [ 1716.469984][T16912] ? lockdep_init_map_type+0x5c/0x250 [ 1716.470004][T16912] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 1716.470026][T16912] ? __pfx_splice_to_socket+0x10/0x10 [ 1716.470049][T16912] direct_splice_actor+0x192/0x6c0 [ 1716.470073][T16912] splice_direct_to_actor+0x345/0xa30 [ 1716.470096][T16912] ? __pfx_direct_splice_actor+0x10/0x10 [ 1716.470121][T16912] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1716.470147][T16912] do_splice_direct+0x174/0x240 [ 1716.470169][T16912] ? __pfx_do_splice_direct+0x10/0x10 [ 1716.470189][T16912] ? common_file_perm+0x1ab/0x4f0 [ 1716.470210][T16912] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1716.470232][T16912] ? bpf_lsm_file_permission+0x9/0x10 [ 1716.470252][T16912] ? security_file_permission+0x76/0x210 [ 1716.470276][T16912] ? rw_verify_area+0xce/0x6d0 [ 1716.470296][T16912] do_sendfile+0xadc/0xe20 [ 1716.470320][T16912] ? __pfx_do_sendfile+0x10/0x10 [ 1716.470342][T16912] ? __x64_sys_futex+0x34f/0x4d0 [ 1716.470360][T16912] ? __x64_sys_futex+0x358/0x4d0 [ 1716.470380][T16912] __x64_sys_sendfile64+0x1d8/0x220 [ 1716.470395][T16912] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1716.470417][T16912] do_syscall_64+0x106/0xf80 [ 1716.470433][T16912] ? clear_bhb_loop+0x40/0x90 [ 1716.470451][T16912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1716.470466][T16912] RIP: 0033:0x7f1e5099c629 [ 1716.470480][T16912] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1716.470498][T16912] RSP: 002b:00007f1e518ae028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1716.470515][T16912] RAX: ffffffffffffffda RBX: 00007f1e50c15fa0 RCX: 00007f1e5099c629 [ 1716.470526][T16912] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 1716.470535][T16912] RBP: 00007f1e50a32b39 R08: 0000000000000000 R09: 0000000000000000 [ 1716.470545][T16912] R10: 000000007ffff011 R11: 0000000000000246 R12: 0000000000000000 [ 1716.470555][T16912] R13: 00007f1e50c16038 R14: 00007f1e50c15fa0 R15: 00007fff652012e8 [ 1716.470575][T16912] [ 1717.303912][T16931] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16302'. [ 1717.772231][T16952] netlink: 29 bytes leftover after parsing attributes in process `syz.2.16307'. [ 1717.870141][ T760] Bluetooth: hci3: unexpected event 0x02 length: 726 > 260 [ 1718.007064][T16958] netlink: 'syz.3.16309': attribute type 1 has an invalid length. [ 1718.037880][T16945] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1718.063158][T16945] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1718.090449][T16958] netlink: 9 bytes leftover after parsing attributes in process `syz.3.16309'. [ 1718.141724][T16945] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1718.153768][T16945] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1718.178846][T16945] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1718.221124][T16945] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1718.247890][T16945] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1718.331156][T16945] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1719.328696][T16983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.16314'. [ 1720.112373][ T5142] Bluetooth: hci1: command 0x0406 tx timeout [ 1720.193007][ T5142] Bluetooth: hci4: command 0x0c1a tx timeout [ 1720.199157][ T5827] Bluetooth: hci3: command 0x0406 tx timeout [ 1720.271014][ T5142] Bluetooth: hci0: command 0x0406 tx timeout [ 1720.593437][ T760] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1722.021668][T17035] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 1722.191578][ T760] Bluetooth: hci1: command 0x0406 tx timeout [ 1722.271754][ T760] Bluetooth: hci3: command 0x0406 tx timeout [ 1722.351262][ T760] Bluetooth: hci0: command 0x0406 tx timeout [ 1724.360695][T17077] netlink: 186 bytes leftover after parsing attributes in process `syz.3.16339'. [ 1724.435247][ T760] Bluetooth: hci0: command 0x0406 tx timeout [ 1728.121048][T17130] bonding: no command found in bonding_masters - use +ifname or -ifname [ 1728.167953][T17130] bonding: no command found in bonding_masters - use +ifname or -ifname [ 1728.761328][T17159] netlink: 20 bytes leftover after parsing attributes in process `syz.2.16360'. [ 1730.677928][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.687601][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1732.403985][T17235] netlink: 354 bytes leftover after parsing attributes in process `syz.2.16381'. [ 1733.368760][T17254] netlink: 12 bytes leftover after parsing attributes in process `syz.1.16386'. [ 1733.508215][T17254] i: entered promiscuous mode [ 1733.583328][T17249] HfR: entered promiscuous mode [ 1734.157131][T17267] netlink: 342 bytes leftover after parsing attributes in process `syz.1.16390'. [ 1734.795511][T17273] zswap: compressor not available [ 1734.838170][ T760] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 1734.838197][ T760] Bluetooth: hci1: unexpected subevent 0x03 length: 725 > 9 [ 1735.204973][T17285] netlink: 98 bytes leftover after parsing attributes in process `syz.1.16394'. [ 1735.281783][T17287] netlink: 50 bytes leftover after parsing attributes in process `syz.1.16394'. [ 1737.602945][T17305] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1737.673998][T17305] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1737.746686][T17305] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1737.850855][T17305] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1738.383128][T17332] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16405'. [ 1738.452490][T17333] netlink: 25 bytes leftover after parsing attributes in process `syz.4.16405'. [ 1739.071006][ T760] Bluetooth: hci1: command 0x0406 tx timeout [ 1739.710937][ T760] Bluetooth: hci3: command 0x0406 tx timeout [ 1739.795443][ T760] Bluetooth: hci4: command 0x0c1a tx timeout [ 1739.871221][ T760] Bluetooth: hci0: command 0x0406 tx timeout [ 1742.832113][ T760] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1744.634237][T17404] netlink: 350 bytes leftover after parsing attributes in process `syz.2.16420'. [ 1744.677267][T17405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16421'. [ 1748.063267][T17434] netlink: 330 bytes leftover after parsing attributes in process `syz.2.16431'. [ 1748.353659][ T760] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1749.005347][T17448] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1749.615595][T17462] netlink: 8 bytes leftover after parsing attributes in process `syz.2.16435'. [ 1749.972172][T17469] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16440'. [ 1751.347103][T17511] Format for adding new device is "id port_count num_queues" (uint uint unit). [ 1751.841898][T17520] netlink: 98 bytes leftover after parsing attributes in process `syz.2.16455'. [ 1751.876628][T17520] netlink: 50 bytes leftover after parsing attributes in process `syz.2.16455'. [ 1752.837227][T17544] netlink: 342 bytes leftover after parsing attributes in process `syz.3.16464'. [ 1753.075779][T17553] netlink: 98 bytes leftover after parsing attributes in process `syz.3.16468'. [ 1753.127488][T17553] netlink: 50 bytes leftover after parsing attributes in process `syz.3.16468'. [ 1753.528731][T17562] netlink: 326 bytes leftover after parsing attributes in process `syz.1.16471'. [ 1759.504234][T17683] netlink: 334 bytes leftover after parsing attributes in process `syz.1.16506'. [ 1762.314801][T17718] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16516'. [ 1762.381867][T17718] netlink: 'syz.1.16516': attribute type 1 has an invalid length. [ 1762.432655][T17718] netlink: 13 bytes leftover after parsing attributes in process `syz.1.16516'. [ 1762.471048][T17718] netlink: 'syz.1.16516': attribute type 1 has an invalid length. [ 1764.439030][T17759] FAULT_INJECTION: forcing a failure. [ 1764.439030][T17759] name failslab, interval 1, probability 0, space 0, times 0 [ 1764.486815][T17763] netlink: 504 bytes leftover after parsing attributes in process `syz.1.16528'. [ 1764.531759][T17763] netlink: 350 bytes leftover after parsing attributes in process `syz.1.16528'. [ 1764.546888][T17759] CPU: 0 UID: 0 PID: 17759 Comm: syz.3.16526 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1764.546915][T17759] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1764.546921][T17759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1764.546931][T17759] Call Trace: [ 1764.546937][T17759] [ 1764.546943][T17759] dump_stack_lvl+0x100/0x190 [ 1764.546970][T17759] should_fail_ex.cold+0x5/0xa [ 1764.546988][T17759] should_failslab+0xc2/0x120 [ 1764.547012][T17759] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1764.547032][T17759] ? ptlock_alloc+0x1f/0x70 [ 1764.547054][T17759] ? __pfx_filemap_map_pages+0x10/0x10 [ 1764.547073][T17759] ptlock_alloc+0x1f/0x70 [ 1764.547090][T17759] pte_alloc_one+0x84/0x3e0 [ 1764.547106][T17759] __do_fault+0x359/0x550 [ 1764.547129][T17759] ? __pfx_filemap_map_pages+0x10/0x10 [ 1764.547148][T17759] do_fault+0xaf9/0x1a00 [ 1764.547162][T17759] ? __pmd_alloc+0x6aa/0x9c0 [ 1764.547179][T17759] __handle_mm_fault+0x180f/0x2b60 [ 1764.547201][T17759] ? mt_find+0x45e/0x8e0 [ 1764.547220][T17759] ? __pfx___handle_mm_fault+0x10/0x10 [ 1764.547236][T17759] ? __pfx_mt_find+0x10/0x10 [ 1764.547264][T17759] ? find_vma+0xbf/0x140 [ 1764.547291][T17759] ? __pfx_find_vma+0x10/0x10 [ 1764.547314][T17759] handle_mm_fault+0x36d/0xa20 [ 1764.547337][T17759] do_user_addr_fault+0x74c/0x12f0 [ 1764.547365][T17759] exc_page_fault+0x6f/0xd0 [ 1764.547382][T17759] asm_exc_page_fault+0x26/0x30 [ 1764.547397][T17759] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 1764.547420][T17759] Code: 93 04 00 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 e9 8f 93 04 00 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 1764.547436][T17759] RSP: 0018:ffffc9000517fcd0 EFLAGS: 00050202 [ 1764.547449][T17759] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000078 [ 1764.547458][T17759] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc9000517fdb0 [ 1764.547467][T17759] RBP: 0000000000000078 R08: 0000000000000001 R09: fffff52000a2ffc4 [ 1764.547476][T17759] R10: ffffc9000517fe27 R11: 0000000000000000 R12: 0000000000000000 [ 1764.547485][T17759] R13: ffffc9000517fdb0 R14: 0000000000000000 R15: dffffc0000000000 [ 1764.547504][T17759] _copy_from_user+0x98/0xd0 [ 1764.547528][T17759] io_uring_setup+0xc0/0x160 [ 1764.547544][T17759] ? up_write+0x290/0x4f0 [ 1764.547564][T17759] ? __pfx_io_uring_setup+0x10/0x10 [ 1764.547581][T17759] ? do_futex+0x192/0x350 [ 1764.547599][T17759] ? __pfx_do_futex+0x10/0x10 [ 1764.547626][T17759] ? xfd_validate_state+0x129/0x190 [ 1764.547651][T17759] __x64_sys_io_uring_setup+0xc2/0x170 [ 1764.547667][T17759] do_syscall_64+0x106/0xf80 [ 1764.547683][T17759] ? clear_bhb_loop+0x40/0x90 [ 1764.547701][T17759] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1764.547716][T17759] RIP: 0033:0x7f604839c629 [ 1764.547728][T17759] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1764.547743][T17759] RSP: 002b:00007f604931d028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1764.547756][T17759] RAX: ffffffffffffffda RBX: 00007f6048615fa0 RCX: 00007f604839c629 [ 1764.547766][T17759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1764.547775][T17759] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1764.547783][T17759] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1764.547792][T17759] R13: 00007f6048616038 R14: 00007f6048615fa0 R15: 00007ffe5b6d7858 [ 1764.547812][T17759] [ 1766.111228][T17777] FAULT_INJECTION: forcing a failure. [ 1766.111228][T17777] name failslab, interval 1, probability 0, space 0, times 0 [ 1766.212123][T17777] CPU: 0 UID: 0 PID: 17777 Comm: syz.3.16532 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1766.212151][T17777] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1766.212158][T17777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1766.212174][T17777] Call Trace: [ 1766.212180][T17777] [ 1766.212187][T17777] dump_stack_lvl+0x100/0x190 [ 1766.212215][T17777] should_fail_ex.cold+0x5/0xa [ 1766.212233][T17777] should_failslab+0xc2/0x120 [ 1766.212258][T17777] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1766.212279][T17777] ? hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1766.212305][T17777] hugetlbfs_alloc_inode+0x8c/0x1d0 [ 1766.212326][T17777] ? __pfx_hugetlbfs_alloc_inode+0x10/0x10 [ 1766.212349][T17777] alloc_inode+0x68/0x250 [ 1766.212367][T17777] new_inode+0x22/0x1c0 [ 1766.212385][T17777] hugetlbfs_get_inode+0x313/0x750 [ 1766.212410][T17777] hugetlb_file_setup+0x15b/0x5b0 [ 1766.212426][T17777] ksys_mmap_pgoff+0x185/0x5b0 [ 1766.212452][T17777] __x64_sys_mmap+0x125/0x190 [ 1766.212475][T17777] do_syscall_64+0x106/0xf80 [ 1766.212490][T17777] ? clear_bhb_loop+0x40/0x90 [ 1766.212509][T17777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1766.212524][T17777] RIP: 0033:0x7f604839c629 [ 1766.212537][T17777] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1766.212552][T17777] RSP: 002b:00007f604931d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1766.212567][T17777] RAX: ffffffffffffffda RBX: 00007f6048615fa0 RCX: 00007f604839c629 [ 1766.212577][T17777] RDX: 0000000000009c0f RSI: 000000000000000c RDI: 0000000000000000 [ 1766.212586][T17777] RBP: 00007f6048432b39 R08: ffffffffffffffff R09: 0000300000000000 [ 1766.212596][T17777] R10: 0000000000044eb2 R11: 0000000000000246 R12: 0000000000000000 [ 1766.212605][T17777] R13: 00007f6048616038 R14: 00007f6048615fa0 R15: 00007ffe5b6d7858 [ 1766.212625][T17777] [ 1768.218768][T17813] netlink: 334 bytes leftover after parsing attributes in process `syz.1.16541'. [ 1768.985245][T17833] netlink: 28 bytes leftover after parsing attributes in process `syz.2.16556'. [ 1772.273715][T17898] netlink: 2468 bytes leftover after parsing attributes in process `syz.4.16565'. [ 1773.252086][T17918] serio: Serial port pty6 [ 1774.104241][T17929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16575'. [ 1774.144266][T17929] netlink: 354 bytes leftover after parsing attributes in process `syz.1.16575'. [ 1774.223424][T17924] netlink: 25 bytes leftover after parsing attributes in process `syz.3.16573'. [ 1774.990701][T17946] can: request_module (can-proto-5) failed. [ 1775.056323][T17948] netlink: 186 bytes leftover after parsing attributes in process `syz.3.16578'. [ 1780.031484][T18023] FAULT_INJECTION: forcing a failure. [ 1780.031484][T18023] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1780.239860][T18023] CPU: 0 UID: 0 PID: 18023 Comm: syz.3.16595 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1780.239889][T18023] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1780.239895][T18023] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1780.239904][T18023] Call Trace: [ 1780.239910][T18023] [ 1780.239917][T18023] dump_stack_lvl+0x100/0x190 [ 1780.239944][T18023] should_fail_ex.cold+0x5/0xa [ 1780.239963][T18023] get_futex_key+0x1d2/0x1620 [ 1780.239982][T18023] ? __pfx_get_futex_key+0x10/0x10 [ 1780.239999][T18023] ? find_held_lock+0x2b/0x80 [ 1780.240021][T18023] ? futex_wake+0x456/0x530 [ 1780.240046][T18023] futex_wake+0xea/0x530 [ 1780.240067][T18023] ? __pfx_futex_wait+0x10/0x10 [ 1780.240088][T18023] ? __pfx_futex_wake+0x10/0x10 [ 1780.240118][T18023] ? ksys_write+0x190/0x250 [ 1780.240139][T18023] ? ksys_write+0x190/0x250 [ 1780.240164][T18023] do_futex+0x32b/0x350 [ 1780.240183][T18023] ? __pfx_do_futex+0x10/0x10 [ 1780.240202][T18023] ? cap_task_prctl+0x104/0xa50 [ 1780.240228][T18023] ? __pfx_sched_core_share_pid+0x10/0x10 [ 1780.240247][T18023] __x64_sys_futex+0x34f/0x4d0 [ 1780.240268][T18023] ? __pfx___x64_sys_futex+0x10/0x10 [ 1780.240287][T18023] ? __pfx___do_sys_prctl+0x10/0x10 [ 1780.240314][T18023] do_syscall_64+0x106/0xf80 [ 1780.240330][T18023] ? clear_bhb_loop+0x40/0x90 [ 1780.240349][T18023] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1780.240364][T18023] RIP: 0033:0x7f604839c629 [ 1780.240378][T18023] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1780.240393][T18023] RSP: 002b:00007f60492fc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1780.240408][T18023] RAX: ffffffffffffffda RBX: 00007f6048616098 RCX: 00007f604839c629 [ 1780.240419][T18023] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f604861609c [ 1780.240428][T18023] RBP: 00007f6048616090 R08: 0000000000000000 R09: 0000000000000000 [ 1780.240437][T18023] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 1780.240446][T18023] R13: 00007f6048616128 R14: 00007ffe5b6d7770 R15: 00007ffe5b6d7858 [ 1780.240467][T18023] [ 1781.284577][T18044] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16600'. [ 1781.307609][T18044] netlink: 'syz.1.16600': attribute type 1 has an invalid length. [ 1781.333841][T18044] netlink: 13 bytes leftover after parsing attributes in process `syz.1.16600'. [ 1782.258824][T18053] openvswitch: HfR: Dropping previously announced user features [ 1783.043422][T18069] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1783.222000][T18078] netlink: 'syz.4.16611': attribute type 4 has an invalid length. [ 1783.291671][T18078] netlink: 'syz.4.16611': attribute type 5 has an invalid length. [ 1783.359443][T18078] netlink: 10 bytes leftover after parsing attributes in process `syz.4.16611'. [ 1784.041645][T18081] WARNING! power/level is deprecated; use power/control instead [ 1785.260011][T18114] netlink: 'syz.1.16622': attribute type 2 has an invalid length. [ 1785.317561][T18114] netlink: 'syz.1.16622': attribute type 3 has an invalid length. [ 1785.347895][T18114] netlink: 158 bytes leftover after parsing attributes in process `syz.1.16622'. [ 1785.385298][T18114] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16622'. [ 1785.712079][T18122] futex_wake_op: syz.1.16624 tries to shift op by -2048; fix this program [ 1785.746944][T18122] futex_wake_op: syz.1.16624 tries to shift op by -2048; fix this program [ 1786.678724][T18134] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16626'. [ 1786.711723][T18134] netlink: 'syz.1.16626': attribute type 1 has an invalid length. [ 1786.761051][T18134] netlink: 'syz.1.16626': attribute type 6 has an invalid length. [ 1788.354903][T18165] netlink: 4 bytes leftover after parsing attributes in process `syz.1.16634'. [ 1790.302487][T18193] serio: Serial port pty6 [ 1790.663157][T18206] netlink: 4 bytes leftover after parsing attributes in process `syz.2.16645'. [ 1791.253287][T18214] netlink: 25 bytes leftover after parsing attributes in process `syz.1.16648'. [ 1791.286880][T18216] netlink: 28 bytes leftover after parsing attributes in process `syz.3.16647'. [ 1791.901375][T18231] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.16654: No space for directory leaf checksum. Please run e2fsck -D. [ 1791.991912][T18231] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.16654: checksumming directory block 0 [ 1792.086854][T18239] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16657'. [ 1792.106512][T18231] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1792.130806][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1792.146493][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1792.164656][T18242] netlink: 354 bytes leftover after parsing attributes in process `syz.4.16657'. [ 1792.228215][T18231] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.16654: No space for directory leaf checksum. Please run e2fsck -D. [ 1792.409661][T18231] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.16654: checksumming directory block 0 [ 1792.532707][T18231] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1792.609459][T18231] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.16654: No space for directory leaf checksum. Please run e2fsck -D. [ 1792.714952][T18231] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.16654: checksumming directory block 0 [ 1792.754138][T18231] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1792.776706][T18231] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.3.16654: No space for directory leaf checksum. Please run e2fsck -D. [ 1792.813411][T18231] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.3.16654: checksumming directory block 0 [ 1792.839750][T18231] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1792.880900][T18231] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1792.937184][T18231] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1793.548749][T18268] netlink: 28 bytes leftover after parsing attributes in process `syz.1.16663'. [ 1794.353172][T18279] netlink: 62 bytes leftover after parsing attributes in process `syz.3.16667'. [ 1795.633064][T18283] kexec: Could not allocate control_code_buffer [ 1796.396793][T18309] FAULT_INJECTION: forcing a failure. [ 1796.396793][T18309] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1796.471965][T18309] CPU: 0 UID: 0 PID: 18309 Comm: syz.3.16675 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1796.471996][T18309] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1796.472002][T18309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1796.472011][T18309] Call Trace: [ 1796.472018][T18309] [ 1796.472024][T18309] dump_stack_lvl+0x100/0x190 [ 1796.472051][T18309] should_fail_ex.cold+0x5/0xa [ 1796.472069][T18309] get_futex_key+0x1d2/0x1620 [ 1796.472089][T18309] ? __pfx_get_futex_key+0x10/0x10 [ 1796.472112][T18309] futex_wake+0xea/0x530 [ 1796.472135][T18309] ? __pfx_futex_wake+0x10/0x10 [ 1796.472156][T18309] ? __call_rcu_common.constprop.0+0x3f0/0x9b0 [ 1796.472182][T18309] do_futex+0x32b/0x350 [ 1796.472200][T18309] ? __pfx_do_futex+0x10/0x10 [ 1796.472218][T18309] ? __pfx___might_resched+0x10/0x10 [ 1796.472238][T18309] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 1796.472258][T18309] __x64_sys_futex+0x34f/0x4d0 [ 1796.472278][T18309] ? __pfx_task_work_run+0x10/0x10 [ 1796.472298][T18309] ? __pfx___x64_sys_futex+0x10/0x10 [ 1796.472318][T18309] ? exit_to_user_mode_loop+0xdd/0x4a0 [ 1796.472342][T18309] do_syscall_64+0x106/0xf80 [ 1796.472358][T18309] ? clear_bhb_loop+0x40/0x90 [ 1796.472376][T18309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1796.472392][T18309] RIP: 0033:0x7f604839c629 [ 1796.472406][T18309] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1796.472421][T18309] RSP: 002b:00007f60492fc0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1796.472436][T18309] RAX: ffffffffffffffda RBX: 00007f6048616098 RCX: 00007f604839c629 [ 1796.472447][T18309] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f604861609c [ 1796.472456][T18309] RBP: 00007f6048616090 R08: 0000000000000000 R09: 0000000000000000 [ 1796.472465][T18309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1796.472474][T18309] R13: 00007f6048616128 R14: 00007ffe5b6d7770 R15: 00007ffe5b6d7858 [ 1796.472493][T18309] [ 1797.989893][T18334] netlink: 5 bytes leftover after parsing attributes in process `syz.3.16681'. [ 1798.052823][T18334] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16681'. [ 1798.678900][T18351] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1798.851843][T18353] synth uevent: /module/orangefs: unknown uevent action string [ 1798.955622][T18358] netlink: 9 bytes leftover after parsing attributes in process `syz.2.16690'. [ 1799.974469][T18377] netlink: 186 bytes leftover after parsing attributes in process `syz.1.16694'. [ 1800.256637][T18390] netlink: 25 bytes leftover after parsing attributes in process `syz.3.16698'. [ 1802.172738][T18420] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16705'. [ 1802.261852][T18422] netlink: 354 bytes leftover after parsing attributes in process `syz.4.16705'. [ 1803.262825][T18423] delete_channel: no stack [ 1803.472044][T18445] netlink: 13 bytes leftover after parsing attributes in process `syz.2.16712'. [ 1806.480577][T18500] netlink: 28 bytes leftover after parsing attributes in process `syz.3.16725'. [ 1808.741651][T18528] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.4.16730: No space for directory leaf checksum. Please run e2fsck -D. [ 1809.011814][T18528] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.4.16730: checksumming directory block 0 [ 1809.230006][T18528] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 1809.448810][T18528] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.4.16730: No space for directory leaf checksum. Please run e2fsck -D. [ 1809.660906][T18528] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.4.16730: checksumming directory block 0 [ 1809.867374][T18528] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 1810.013141][T18528] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.4.16730: No space for directory leaf checksum. Please run e2fsck -D. [ 1810.191392][T18528] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.4.16730: checksumming directory block 0 [ 1810.291035][T18528] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 1810.445362][T18528] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.4.16730: No space for directory leaf checksum. Please run e2fsck -D. [ 1810.631885][T18528] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.4.16730: checksumming directory block 0 [ 1810.751108][T18528] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 1810.827684][T18528] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 1810.920878][T18528] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 1812.515108][T18566] netlink: 206 bytes leftover after parsing attributes in process `syz.1.16740'. [ 1815.053757][T18618] netlink: 'syz.4.16753': attribute type 3 has an invalid length. [ 1815.118274][T18618] netlink: 306 bytes leftover after parsing attributes in process `syz.4.16753'. [ 1818.671296][T18683] random: crng reseeded on system resumption [ 1821.010541][T18717] netlink: 354 bytes leftover after parsing attributes in process `syz.3.16779'. [ 1821.334763][T18692] kexec: Could not allocate control_code_buffer [ 1821.477996][T18727] Console: switching to colour VGA+ 80x25 [ 1824.623498][T18752] ERROR: Out of memory at tomoyo_memory_ok. [ 1825.183938][T18768] netlink: 50 bytes leftover after parsing attributes in process `syz.2.16793'. [ 1826.481207][T18789] netlink: 186 bytes leftover after parsing attributes in process `syz.2.16799'. [ 1826.704888][T18798] synth uevent: /module/orangefs: unknown uevent action string [ 1828.081247][T18823] FAULT_INJECTION: forcing a failure. [ 1828.081247][T18823] name failslab, interval 1, probability 0, space 0, times 0 [ 1828.207920][T18823] CPU: 0 UID: 0 PID: 18823 Comm: syz.3.16806 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1828.207968][T18823] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1828.207974][T18823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1828.207984][T18823] Call Trace: [ 1828.207990][T18823] [ 1828.207996][T18823] dump_stack_lvl+0x100/0x190 [ 1828.208024][T18823] should_fail_ex.cold+0x5/0xa [ 1828.208043][T18823] should_failslab+0xc2/0x120 [ 1828.208066][T18823] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1828.208085][T18823] ? trace_pid_list_alloc+0x2fe/0x480 [ 1828.208110][T18823] trace_pid_list_alloc+0x2fe/0x480 [ 1828.208134][T18823] trace_pid_write+0x110/0x460 [ 1828.208156][T18823] ? __pfx_trace_pid_write+0x10/0x10 [ 1828.208189][T18823] event_pid_write.isra.0+0x1e4/0x800 [ 1828.208213][T18823] ? __pfx_event_pid_write.isra.0+0x10/0x10 [ 1828.208246][T18823] vfs_write+0x2aa/0x1070 [ 1828.208268][T18823] ? __pfx_ftrace_event_npid_write+0x10/0x10 [ 1828.208293][T18823] ? __pfx_vfs_write+0x10/0x10 [ 1828.208313][T18823] ? __fget_files+0x215/0x3d0 [ 1828.208339][T18823] ? __fget_files+0x21f/0x3d0 [ 1828.208365][T18823] ksys_write+0x12a/0x250 [ 1828.208385][T18823] ? __pfx_ksys_write+0x10/0x10 [ 1828.208416][T18823] do_syscall_64+0x106/0xf80 [ 1828.208433][T18823] ? clear_bhb_loop+0x40/0x90 [ 1828.208453][T18823] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1828.208469][T18823] RIP: 0033:0x7f604839c629 [ 1828.208483][T18823] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1828.208497][T18823] RSP: 002b:00007f604931d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1828.208512][T18823] RAX: ffffffffffffffda RBX: 00007f6048615fa0 RCX: 00007f604839c629 [ 1828.208523][T18823] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1828.208531][T18823] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1828.208540][T18823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1828.208549][T18823] R13: 00007f6048616038 R14: 00007f6048615fa0 R15: 00007ffe5b6d7858 [ 1828.208571][T18823] [ 1833.082826][T18845] netlink: 186 bytes leftover after parsing attributes in process `syz.4.16811'. [ 1836.161177][T18901] random: crng reseeded on system resumption [ 1837.445711][T18916] HSR: entered promiscuous mode [ 1839.784188][T18959] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input46 [ 1839.957468][ T5176] ERROR: Out of memory at tomoyo_memory_ok. [ 1839.975529][T18963] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 1842.266307][T19003] netlink: 'syz.4.16852': attribute type 4 has an invalid length. [ 1842.350624][T19003] netlink: 314 bytes leftover after parsing attributes in process `syz.4.16852'. [ 1843.099656][T19022] netlink: 186 bytes leftover after parsing attributes in process `syz.4.16856'. [ 1845.345621][T19047] netlink: 50 bytes leftover after parsing attributes in process `syz.4.16871'. [ 1846.577491][T19078] netlink: 25 bytes leftover after parsing attributes in process `syz.2.16868'. [ 1848.488108][T19101] syz.3.16875(19101): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1850.710856][T19137] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1853.553739][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.560122][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1855.236404][T19206] netlink: 17 bytes leftover after parsing attributes in process `syz.1.16902'. [ 1856.167432][T19225] netlink: 25 bytes leftover after parsing attributes in process `syz.1.16908'. [ 1859.620122][T19259] Loading of unsigned module is rejected [ 1860.262438][T19278] Loading of unsigned module is rejected [ 1860.390888][T19277] delete_channel: no stack [ 1860.635584][T19284] HSR: entered promiscuous mode [ 1864.381965][T19339] random: crng reseeded on system resumption [ 1865.298027][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e543000: rx timeout, send abort [ 1865.684306][T19355] netlink: 206 bytes leftover after parsing attributes in process `syz.4.16942'. [ 1865.806333][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e543000: abort rx timeout. Force session deactivation [ 1869.179982][T19406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16957'. [ 1869.244316][T19406] netlink: 4 bytes leftover after parsing attributes in process `syz.4.16957'. [ 1869.306553][T19394] kexec: Could not allocate control_code_buffer [ 1874.592893][T19446] netlink: 25 bytes leftover after parsing attributes in process `syz.1.16972'. [ 1874.889107][T19459] netlink: 8 bytes leftover after parsing attributes in process `syz.3.16965'. [ 1876.573026][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805ddda400: rx timeout, send abort [ 1876.593198][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805ddda400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1877.545017][ C0] vcan0: j1939_tp_rxtimer: 0xffff888035806800: rx timeout, send abort [ 1877.553368][ C0] vcan0: j1939_tp_rxtimer: 0xffff888035805c00: rx timeout, send abort [ 1877.562072][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888035806800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1877.576716][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888035805c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1878.238355][T19507] FAULT_INJECTION: forcing a failure. [ 1878.238355][T19507] name failslab, interval 1, probability 0, space 0, times 0 [ 1878.329785][T19507] CPU: 0 UID: 0 PID: 19507 Comm: syz.3.16978 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1878.329814][T19507] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1878.329820][T19507] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1878.329830][T19507] Call Trace: [ 1878.329836][T19507] [ 1878.329842][T19507] dump_stack_lvl+0x100/0x190 [ 1878.329870][T19507] should_fail_ex.cold+0x5/0xa [ 1878.329889][T19507] should_failslab+0xc2/0x120 [ 1878.329912][T19507] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1878.329932][T19507] ? tomoyo_write_log2+0x333/0xbc0 [ 1878.329951][T19507] tomoyo_write_log2+0x333/0xbc0 [ 1878.329970][T19507] tomoyo_supervisor+0x15e/0x1340 [ 1878.329991][T19507] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1878.330011][T19507] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1878.330032][T19507] ? tomoyo_realpath_from_path+0x19c/0x690 [ 1878.330047][T19507] ? kfree+0x1f6/0x6b0 [ 1878.330065][T19507] ? tomoyo_check_path_number_acl+0x1e6/0x2f0 [ 1878.330092][T19507] tomoyo_path_number_perm+0x445/0x580 [ 1878.330114][T19507] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1878.330135][T19507] ? futex_wait+0x125/0x380 [ 1878.330173][T19507] ? find_held_lock+0x2b/0x80 [ 1878.330195][T19507] ? __fget_files+0x215/0x3d0 [ 1878.330215][T19507] ? hook_file_ioctl_common+0x146/0x410 [ 1878.330240][T19507] ? __fget_files+0x21f/0x3d0 [ 1878.330263][T19507] security_file_ioctl+0xd3/0x230 [ 1878.330285][T19507] __x64_sys_ioctl+0xb7/0x210 [ 1878.330306][T19507] do_syscall_64+0x106/0xf80 [ 1878.330322][T19507] ? clear_bhb_loop+0x40/0x90 [ 1878.330340][T19507] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1878.330355][T19507] RIP: 0033:0x7f604839c629 [ 1878.330369][T19507] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1878.330385][T19507] RSP: 002b:00007f60492fc028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1878.330401][T19507] RAX: ffffffffffffffda RBX: 00007f6048616090 RCX: 00007f604839c629 [ 1878.330412][T19507] RDX: 0000000000000000 RSI: 0000000000005452 RDI: 0000000000000006 [ 1878.330420][T19507] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1878.330430][T19507] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1878.330439][T19507] R13: 00007f6048616128 R14: 00007f6048616090 R15: 00007ffe5b6d7858 [ 1878.330460][T19507] [ 1879.143165][T19515] netlink: 9 bytes leftover after parsing attributes in process `syz.4.16980'. [ 1879.447750][T19507] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:1 is already present [ 1881.979055][ T760] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1883.778070][T19593] netlink: 'syz.3.17000': attribute type 2 has an invalid length. [ 1883.829721][T19593] netlink: 'syz.3.17000': attribute type 3 has an invalid length. [ 1883.862996][T19593] netlink: 'syz.3.17000': attribute type 2 has an invalid length. [ 1883.896054][T19593] netlink: 'syz.3.17000': attribute type 3 has an invalid length. [ 1883.941067][T19593] netlink: 30 bytes leftover after parsing attributes in process `syz.3.17000'. [ 1886.503136][T19628] netlink: 334 bytes leftover after parsing attributes in process `syz.2.17011'. [ 1889.773449][T19676] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:0 is already present [ 1891.344126][T19701] netlink: 334 bytes leftover after parsing attributes in process `syz.1.17028'. [ 1894.223590][T19732] netlink: 98 bytes leftover after parsing attributes in process `syz.1.17038'. [ 1894.271383][ T5142] Bluetooth: hci2: command 0xfc11 tx timeout [ 1894.279502][ T760] Bluetooth: hci2: Entering manufacturer mode failed (-110) [ 1903.288392][T19850] netlink: 28 bytes leftover after parsing attributes in process `syz.4.17071'. [ 1903.393835][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 1903.421196][T19850] bridge_slave_1 (unregistering): left allmulticast mode [ 1903.435558][T19850] bridge_slave_1 (unregistering): left promiscuous mode [ 1903.458893][T19850] bridge0: port 2(bridge_slave_1) entered disabled state [ 1904.177054][T19866] tipc: Started in network mode [ 1904.209699][T19866] tipc: Node identity ee00, cluster identity 4711 [ 1904.246897][T19866] tipc: Node number set to 60928 [ 1905.273976][T19900] netlink: 9 bytes leftover after parsing attributes in process `syz.3.17085'. [ 1907.244388][T19951] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17098'. [ 1907.315441][T19955] netlink: 354 bytes leftover after parsing attributes in process `syz.2.17098'. [ 1909.460424][T19973] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1909.493304][T19973] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1909.523166][T19973] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1909.606957][T19973] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1909.643543][T19973] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1910.735466][T19996] __vm_enough_memory: pid: 19996, comm: syz.4.17108, bytes: 8589938688 not enough memory for the allocation [ 1910.831780][ T760] Bluetooth: hci1: command 0x0406 tx timeout [ 1911.553252][ T760] Bluetooth: hci3: command 0x0406 tx timeout [ 1911.630889][ T760] Bluetooth: hci4: command 0x0c1a tx timeout [ 1911.723972][ T760] Bluetooth: hci0: command 0x0406 tx timeout [ 1911.861790][T20019] netlink: 306 bytes leftover after parsing attributes in process `syz.3.17113'. [ 1913.630865][ T5142] Bluetooth: hci3: command 0x0406 tx timeout [ 1914.584004][T20059] snd_virmidi snd_virmidi.0: control 61678:131081:3:y>o[k<:0 is already present [ 1914.830853][ T5142] Bluetooth: hci2: command 0x1003 tx timeout [ 1914.837505][ T760] Bluetooth: hci2: Opcode 0x1003 failed: -110 [ 1914.995030][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1915.010811][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1921.290231][T20199] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17158'. [ 1921.321751][T20190] usb usb3: usbfs: interface 0 claimed by hub while 'syz.4.17155' sets config #16 [ 1921.352465][ T29] audit: type=1800 audit(4294967316.270:80): pid=20203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.17161" name="dbroot" dev="configfs" ino=229668 res=0 errno=0 [ 1924.415281][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805e333400: rx timeout, send abort [ 1924.434829][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805e333400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 1925.499972][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880404f9800: rx timeout, send abort [ 1925.508326][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880404fa400: rx timeout, send abort [ 1925.516695][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880404f9800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1925.531033][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880404fa400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1925.716938][ T29] audit: type=1800 audit(4294967320.640:81): pid=20239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.17172" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 1927.665762][T20269] netlink: 17 bytes leftover after parsing attributes in process `syz.2.17178'. [ 1928.464810][T20284] netlink: 16 bytes leftover after parsing attributes in process `syz.3.17182'. [ 1928.558772][T20284] macsec0: entered promiscuous mode [ 1928.576673][T20284] macsec0: entered allmulticast mode [ 1928.624756][T20284] veth1_macvtap: entered allmulticast mode [ 1928.922452][T20294] netlink: 28 bytes leftover after parsing attributes in process `syz.3.17183'. [ 1928.972056][T20294] bridge0: port 2(bridge_slave_1) entered disabled state [ 1929.054062][T20294] bridge_slave_1 (unregistering): left allmulticast mode [ 1929.082424][T20294] bridge_slave_1 (unregistering): left promiscuous mode [ 1929.117331][T20294] bridge0: port 2(bridge_slave_1) entered disabled state [ 1932.514484][T20380] __vm_enough_memory: pid: 20380, comm: syz.1.17207, bytes: 8589938688 not enough memory for the allocation [ 1934.393915][T20423] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17219'. [ 1934.427830][T20423] netlink: 354 bytes leftover after parsing attributes in process `syz.2.17219'. [ 1934.786135][T20431] netlink: 28 bytes leftover after parsing attributes in process `syz.1.17220'. [ 1936.729378][T20474] netlink: 28 bytes leftover after parsing attributes in process `syz.4.17231'. [ 1937.334706][T20490] netlink: 'syz.2.17236': attribute type 2 has an invalid length. [ 1937.360882][T20490] netlink: 5 bytes leftover after parsing attributes in process `syz.2.17236'. [ 1939.609213][T20523] netlink: 8 bytes leftover after parsing attributes in process `syz.2.17243'. [ 1939.888530][T20517] Process accounting resumed [ 1940.731941][T20542] netlink: 25 bytes leftover after parsing attributes in process `syz.2.17251'. [ 1943.100118][T20573] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1943.121701][T20573] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1943.143147][T20573] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1943.163665][T20573] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1944.111966][ T760] Bluetooth: hci1: command 0x0406 tx timeout [ 1945.154688][ T760] Bluetooth: hci4: command 0x0c1a tx timeout [ 1945.160931][ T760] Bluetooth: hci3: command 0x0406 tx timeout [ 1945.233626][ T760] Bluetooth: hci0: command 0x0406 tx timeout [ 1945.511448][T20664] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17284'. [ 1945.547988][T20664] netlink: 'syz.2.17284': attribute type 2 has an invalid length. [ 1945.590829][T20664] netlink: 'syz.2.17284': attribute type 3 has an invalid length. [ 1945.614834][T20664] netlink: 20232 bytes leftover after parsing attributes in process `syz.2.17284'. [ 1956.185024][T20890] ptrace attach of "./syz-executor exec"[7232] was attempted by "pxՀRN c=sڌrgx-~kw#{*sÌg*pk('\x0cbMlԫ\x07A[e̐t$BGl*%H\x07#\x07ȕ8a}CaxeC\x1ba]\x5c nbvݮ%Ax!We<Dl\x0bj\x0ck{|Lj\x09[]Uw1gtLc3\x0aY{\x0d@dulkOn}PC$\x0ceDζ@R%6\x07 &0u\x0c/TБf8.\x09*2ҿF!H\x5c̚v881J߮؊#t\x1b}όmK_|2lJ\x0c\x0dǑӊ! ws\x09^{~֔%!my&?}%C\x0c`Ӆi3\x0dA9ՈVdEoEvt3dnk_Nġ\x07x$E`ҿWW셶1T\x0d}ve;jQX IR\x09\x07+j1ϣ1cQ&5&Ζ:\x0auE(5!CAz.q]Vۣ>v%>Q]r4pa4E5Wp\x0bC[3spJ8mQio GgH8kbZ$ס-baeAé3FN\x0ch44}i$x\x0cQ#\x22&Tḩ [ 1956.996704][T20895] netlink: 28 bytes leftover after parsing attributes in process `syz.4.17343'. [ 1958.404508][T20920] netlink: 28 bytes leftover after parsing attributes in process `syz.2.17351'. [ 1958.650339][T20927] netlink: 25 bytes leftover after parsing attributes in process `syz.2.17354'. [ 1959.222241][T20939] netlink: 28 bytes leftover after parsing attributes in process `syz.1.17357'. [ 1959.565867][T20943] input: jJǸ-9%vJ86 as /devices/virtual/input/input48 [ 1964.496819][T21013] zswap: compressor not available [ 1965.284284][T21037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1965.337141][T21037] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1965.414730][T21037] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1965.464264][T21037] page_type: f5(slab) [ 1965.468262][T21037] raw: 00fff00000000040 ffff88813fe3c140 dead000000000100 dead000000000122 [ 1965.625265][T21037] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 1965.704849][T21037] head: 00fff00000000040 ffff88813fe3c140 dead000000000100 dead000000000122 [ 1965.754311][T21037] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 1965.821192][T21037] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1965.878844][T21037] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1965.945143][T21037] page dumped because: unmovable page [ 1966.007973][T21037] page_owner tracks the page as allocated [ 1966.027348][T21037] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5191, tgid 5191 (udevd), ts 681523540650, free_ts 680878998854 [ 1966.121412][T21037] post_alloc_hook+0x153/0x170 [ 1966.146212][T21037] get_page_from_freelist+0x111d/0x3140 [ 1966.170157][T21037] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1966.189393][T21044] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 1966.212977][T21037] new_slab+0xa6/0x6d0 [ 1966.223316][T21037] refill_objects+0x26b/0x400 [ 1966.245001][T21037] __pcs_replace_empty_main+0x19f/0x600 [ 1966.263909][T21037] __kmalloc_noprof+0x688/0x850 [ 1966.283833][T21037] tomoyo_realpath_from_path+0xb6/0x690 [ 1966.306135][T21037] tomoyo_path_perm+0x276/0x460 [ 1966.319957][T21037] security_inode_getattr+0x116/0x280 [ 1966.333991][T21044] File: /dev/nullb0 PID: 21044 Comm: syz.1.17392 [ 1966.342598][T21037] vfs_fstat+0x4b/0xe0 [ 1966.365102][T21037] __do_sys_newfstat+0x8b/0x110 [ 1966.382027][T21037] do_syscall_64+0x106/0xf80 [ 1966.398744][T21037] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1966.446092][T21037] page last free pid 25523 tgid 25523 stack trace: [ 1966.475283][T21037] __free_frozen_pages+0x7ca/0x10a0 [ 1966.497253][T21037] qlist_free_all+0x47/0xe0 [ 1966.523350][T21037] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1966.542177][T21037] __kasan_slab_alloc+0x69/0x90 [ 1966.568948][T21037] kmem_cache_alloc_noprof+0x241/0x6e0 [ 1966.591114][T21037] jbd2__journal_start+0x194/0x6a0 [ 1966.596277][T21037] __ext4_journal_start_sb+0x382/0x6a0 [ 1966.631916][T21037] ext4_dirty_inode+0xa1/0x130 [ 1966.637274][T21037] __mark_inode_dirty+0x1f3/0x1790 [ 1966.663206][T21037] file_update_time_flags+0x46b/0x500 [ 1966.668597][T21037] ext4_page_mkwrite+0x35b/0x1980 [ 1966.696720][T21037] do_page_mkwrite+0x17a/0x440 [ 1966.710988][T21037] do_fault+0x3d7/0x1a00 [ 1966.725277][T21037] __handle_mm_fault+0x180f/0x2b60 [ 1966.756586][T21037] handle_mm_fault+0x36d/0xa20 [ 1966.780917][T21037] do_user_addr_fault+0x5a3/0x12f0 [ 1966.798207][T21049] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.17392' sets config #16 [ 1967.565187][T21073] can0: slcan on ttyS2. [ 1967.731502][T21080] can0 (unregistered): slcan off ttyS2. [ 1968.176037][T21094] FAULT_INJECTION: forcing a failure. [ 1968.176037][T21094] name failslab, interval 1, probability 0, space 0, times 0 [ 1968.238324][T21094] CPU: 0 UID: 0 PID: 21094 Comm: syz.3.17395 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1968.238353][T21094] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1968.238359][T21094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1968.238369][T21094] Call Trace: [ 1968.238375][T21094] [ 1968.238381][T21094] dump_stack_lvl+0x100/0x190 [ 1968.238408][T21094] should_fail_ex.cold+0x5/0xa [ 1968.238427][T21094] should_failslab+0xc2/0x120 [ 1968.238450][T21094] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1968.238468][T21094] ? snd_timer_instance_new+0x47/0x2e0 [ 1968.238493][T21094] snd_timer_instance_new+0x47/0x2e0 [ 1968.238514][T21094] snd_seq_timer_open+0x1d4/0x600 [ 1968.238533][T21094] ? __pfx_snd_seq_timer_open+0x10/0x10 [ 1968.238556][T21094] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1968.238571][T21094] ? lockdep_hardirqs_on+0x78/0x100 [ 1968.238588][T21094] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1968.238605][T21094] queue_use+0xdc/0x1f0 [ 1968.238626][T21094] snd_seq_queue_alloc+0x2e5/0x590 [ 1968.238651][T21094] snd_seq_ioctl_create_queue+0xa9/0x370 [ 1968.238671][T21094] call_seq_client_ctl+0xa3/0x130 [ 1968.238691][T21094] snd_seq_kernel_client_ctl+0x77/0xd0 [ 1968.238710][T21094] alloc_seq_queue+0xdb/0x180 [ 1968.238729][T21094] ? __pfx_alloc_seq_queue+0x10/0x10 [ 1968.238758][T21094] ? mark_held_locks+0x40/0x70 [ 1968.238775][T21094] ? _raw_spin_unlock_irq+0x23/0x50 [ 1968.238790][T21094] ? lockdep_hardirqs_on+0x78/0x100 [ 1968.238808][T21094] snd_seq_oss_open+0x2b2/0xa10 [ 1968.238830][T21094] odev_open+0x79/0xc0 [ 1968.238847][T21094] ? __pfx_odev_open+0x10/0x10 [ 1968.238864][T21094] soundcore_open+0x2e3/0x5a0 [ 1968.238885][T21094] ? __pfx_soundcore_open+0x10/0x10 [ 1968.238903][T21094] chrdev_open+0x234/0x6a0 [ 1968.238942][T21094] ? __pfx_apparmor_file_open+0x10/0x10 [ 1968.238963][T21094] ? __pfx_chrdev_open+0x10/0x10 [ 1968.238987][T21094] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1968.239020][T21094] do_dentry_open+0x6d8/0x1660 [ 1968.239043][T21094] ? __pfx_chrdev_open+0x10/0x10 [ 1968.239070][T21094] vfs_open+0x82/0x3f0 [ 1968.239090][T21094] path_openat+0x208c/0x31a0 [ 1968.239120][T21094] ? __pfx_path_openat+0x10/0x10 [ 1968.239149][T21094] do_file_open+0x20e/0x430 [ 1968.239172][T21094] ? __pfx_do_file_open+0x10/0x10 [ 1968.239211][T21094] ? alloc_fd+0x476/0x790 [ 1968.239235][T21094] ? do_getname+0x191/0x390 [ 1968.239252][T21094] do_sys_openat2+0x10d/0x1e0 [ 1968.239270][T21094] ? __pfx_do_sys_openat2+0x10/0x10 [ 1968.239294][T21094] __x64_sys_openat+0x12d/0x210 [ 1968.239312][T21094] ? __pfx___x64_sys_openat+0x10/0x10 [ 1968.239336][T21094] do_syscall_64+0x106/0xf80 [ 1968.239352][T21094] ? clear_bhb_loop+0x40/0x90 [ 1968.239370][T21094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1968.239385][T21094] RIP: 0033:0x7f604839c629 [ 1968.239399][T21094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1968.239415][T21094] RSP: 002b:00007f604931d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1968.239431][T21094] RAX: ffffffffffffffda RBX: 00007f6048615fa0 RCX: 00007f604839c629 [ 1968.239442][T21094] RDX: 0000000000000801 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1968.239452][T21094] RBP: 00007f6048432b39 R08: 0000000000000000 R09: 0000000000000000 [ 1968.239462][T21094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1968.239472][T21094] R13: 00007f6048616038 R14: 00007f6048615fa0 R15: 00007ffe5b6d7858 [ 1968.239493][T21094] [ 1969.998778][T21105] Process accounting paused [ 1970.644827][ T760] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1972.375355][T21180] serio: Serial port pty6 [ 1973.161184][T21197] netlink: 'syz.3.17421': attribute type 2 has an invalid length. [ 1976.416205][T21270] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17442'. [ 1976.444307][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1976.450614][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1976.499736][T21270] netlink: 354 bytes leftover after parsing attributes in process `syz.2.17442'. [ 1976.744769][T21279] random: crng reseeded on system resumption [ 1977.144259][T21272] Process accounting resumed [ 1977.674725][T21301] ERROR: Out of memory at tomoyo_memory_ok. [ 1978.105598][T21312] Process accounting resumed [ 1978.588216][T21306] Process accounting resumed [ 1979.297130][T21323] Process accounting resumed [ 1980.143599][T21343] Process accounting resumed [ 1981.372548][T21374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 1981.423950][T21374] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1981.487473][T21374] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1981.557531][T21374] page_type: f5(slab) [ 1981.591779][T21374] raw: 00fff00000000040 ffff88813fe3c140 dead000000000100 dead000000000122 [ 1981.674723][T21374] raw: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 1981.736243][T21374] head: 00fff00000000040 ffff88813fe3c140 dead000000000100 dead000000000122 [ 1981.775547][T21374] head: 0000000000000000 0000000000040004 00000000f5000000 0000000000000000 [ 1981.826891][T21374] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 1981.871628][T21374] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1981.910805][T21374] page dumped because: unmovable page [ 1981.937305][T21374] page_owner tracks the page as allocated [ 1981.967137][T21374] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5191, tgid 5191 (udevd), ts 681523540650, free_ts 680878998854 [ 1982.101591][T21374] post_alloc_hook+0x153/0x170 [ 1982.129697][T21374] get_page_from_freelist+0x111d/0x3140 [ 1982.150772][T21374] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 1982.156693][T21374] new_slab+0xa6/0x6d0 [ 1982.181368][T21374] refill_objects+0x26b/0x400 [ 1982.196483][T21374] __pcs_replace_empty_main+0x19f/0x600 [ 1982.216537][T21374] __kmalloc_noprof+0x688/0x850 [ 1982.236757][T21374] tomoyo_realpath_from_path+0xb6/0x690 [ 1982.250801][T21374] tomoyo_path_perm+0x276/0x460 [ 1982.255681][T21374] security_inode_getattr+0x116/0x280 [ 1982.293502][T21374] vfs_fstat+0x4b/0xe0 [ 1982.297614][T21374] __do_sys_newfstat+0x8b/0x110 [ 1982.314903][T21374] do_syscall_64+0x106/0xf80 [ 1982.319518][T21374] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1982.358511][T21374] page last free pid 25523 tgid 25523 stack trace: [ 1982.386792][T21374] __free_frozen_pages+0x7ca/0x10a0 [ 1982.393907][T21374] qlist_free_all+0x47/0xe0 [ 1982.407557][T21374] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1982.413315][T21374] __kasan_slab_alloc+0x69/0x90 [ 1982.418268][T21374] kmem_cache_alloc_noprof+0x241/0x6e0 [ 1982.424429][T21374] jbd2__journal_start+0x194/0x6a0 [ 1982.429624][T21374] __ext4_journal_start_sb+0x382/0x6a0 [ 1982.435970][T21374] ext4_dirty_inode+0xa1/0x130 [ 1982.441031][T21374] __mark_inode_dirty+0x1f3/0x1790 [ 1982.446221][T21374] file_update_time_flags+0x46b/0x500 [ 1982.452232][T21374] ext4_page_mkwrite+0x35b/0x1980 [ 1982.457332][T21374] do_page_mkwrite+0x17a/0x440 [ 1982.462615][T21374] do_fault+0x3d7/0x1a00 [ 1982.466868][T21374] __handle_mm_fault+0x180f/0x2b60 [ 1982.472272][T21374] handle_mm_fault+0x36d/0xa20 [ 1982.477100][T21374] do_user_addr_fault+0x5a3/0x12f0 [ 1983.445487][T21388] Process accounting resumed [ 1983.484805][T21392] Process accounting resumed [ 1983.559753][T21406] netlink: 8 bytes leftover after parsing attributes in process `syz.4.17481'. [ 1986.369806][T21444] Process accounting resumed [ 1986.994279][T21455] zswap: compressor not available [ 1988.491414][T21487] Console: switching to colour frame buffer device 128x48 [ 1990.040765][T21521] serio: Serial port pty6 [ 1990.430082][T21529] can0: slcan on ttyS2. [ 1990.552251][T21528] can0 (unregistered): slcan off ttyS2. [ 1990.907795][T21518] Process accounting resumed [ 1991.016488][T21526] Process accounting resumed [ 1991.474545][ T5142] Bluetooth: hci1: ACL packet too small [ 1992.548615][T21563] Process accounting resumed [ 1992.849320][T21581] netlink: 4 bytes leftover after parsing attributes in process `syz.1.17529'. [ 1992.902414][T21581] netlink: 'syz.1.17529': attribute type 1 has an invalid length. [ 1992.954457][T21581] netlink: 51505 bytes leftover after parsing attributes in process `syz.1.17529'. [ 1993.208612][T21575] Process accounting resumed [ 1994.423831][T21615] input: jJǸ-9%vJ86 as /devices/virtual/input/input49 [ 1995.719491][T21624] Process accounting resumed [ 1995.893307][T21644] Console: switching to colour VGA+ 80x25 [ 1996.916879][T21653] Process accounting resumed [ 1998.015908][T21672] Process accounting resumed [ 1998.157242][T21675] Process accounting resumed [ 1999.673262][T21715] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17569'. [ 1999.730421][T21715] netlink: 25 bytes leftover after parsing attributes in process `syz.3.17569'. [ 2000.817514][T21730] Process accounting resumed [ 2001.609171][T21767] netlink: 28 bytes leftover after parsing attributes in process `syz.1.17584'. [ 2002.168637][T21768] Process accounting resumed [ 2002.721878][T21790] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17591'. [ 2002.763311][T21790] netlink: 'syz.3.17591': attribute type 1 has an invalid length. [ 2002.808396][T21790] netlink: 'syz.3.17591': attribute type 6 has an invalid length. [ 2003.048833][T21798] binder: 21797:21798 ioctl c018620c 0 returned -1 [ 2004.052689][T21806] Process accounting resumed [ 2004.245001][T21821] netlink: 28 bytes leftover after parsing attributes in process `syz.4.17603'. [ 2005.013528][T21828] Process accounting resumed [ 2007.008189][T21859] Process accounting resumed [ 2008.477886][T21877] Process accounting resumed [ 2008.933240][T21900] netlink: 342 bytes leftover after parsing attributes in process `syz.4.17623'. [ 2009.724595][T21906] Process accounting resumed [ 2009.801260][T21908] Process accounting resumed [ 2010.751109][T21918] Process accounting resumed [ 2011.627913][T21927] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2011.888367][ T6932] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2011.930494][ T6932] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2011.986530][ T6932] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2012.037050][ T6932] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2012.090403][ T6932] rtc rtc0: __rtc_set_alarm: err=-22 [ 2012.646189][T21944] Process accounting resumed [ 2014.030238][T21968] Process accounting resumed [ 2014.121178][T21967] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 2014.177514][T21967] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 2014.215905][T21967] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2014.248459][T21967] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2014.314546][T21967] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 2014.920509][T21989] Process accounting resumed [ 2015.230832][ T5142] Bluetooth: hci1: command 0x0406 tx timeout [ 2016.190754][ T5142] Bluetooth: hci3: command 0x0406 tx timeout [ 2016.271124][ T5142] Bluetooth: hci0: command 0x0406 tx timeout [ 2016.277154][ T760] Bluetooth: hci4: command 0x0c1a tx timeout [ 2017.054516][T22015] Process accounting resumed [ 2017.106042][T22018] Process accounting resumed [ 2017.305510][T22026] Console: switching to colour frame buffer device 128x48 [ 2018.350828][ T760] Bluetooth: hci0: command 0x0406 tx timeout [ 2019.813935][T22082] Process accounting resumed [ 2021.805103][T22117] Process accounting resumed [ 2022.189581][T22121] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 2022.375478][T22121] File: /dev/nullb0 PID: 22121 Comm: syz.3.17678 [ 2024.204497][T22154] Process accounting resumed [ 2024.552961][T22166] Process accounting resumed [ 2025.394775][T22176] Process accounting resumed [ 2029.513938][T22232] netlink: 326 bytes leftover after parsing attributes in process `syz.2.17710'. [ 2031.400073][T22274] ERROR: Out of memory at tomoyo_memory_ok. [ 2034.173902][T22294] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 2034.190448][T22294] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 2034.204669][T22294] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2034.218399][T22294] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2034.590644][T22320] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input50 [ 2035.194475][T22320] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input51 [ 2035.471592][ T760] Bluetooth: hci1: command 0x0406 tx timeout [ 2036.190864][ T760] Bluetooth: hci3: command 0x0406 tx timeout [ 2036.276049][ T760] Bluetooth: hci0: command 0x0406 tx timeout [ 2036.276093][ T760] Bluetooth: hci4: command 0x0c1a tx timeout [ 2036.316766][T22358] misc userio: Invalid payload size [ 2037.874021][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 2037.880435][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 2038.838606][T22423] snd_virmidi snd_virmidi.0: control 1:-5:4194312:1Յ:0 is already present [ 2039.466447][ T5142] Bluetooth: hci3: ACL packet too small [ 2039.532505][T22436] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 2039.652088][T22436] File: /dev/nullb0 PID: 22436 Comm: syz.3.17756 [ 2040.279595][T22450] Process accounting resumed [ 2041.075819][T22459] Process accounting resumed [ 2041.269553][T22475] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 2041.422921][T22474] misc userio: Invalid payload size [ 2041.497068][T22475] File: /dev/nullb0 PID: 22475 Comm: syz.1.17764 [ 2043.584599][T22501] Process accounting resumed [ 2045.103723][T22545] netlink: 4 bytes leftover after parsing attributes in process `syz.1.17785'. [ 2045.194924][T22553] netlink: 354 bytes leftover after parsing attributes in process `syz.1.17785'. [ 2046.609781][T22575] Process accounting resumed [ 2047.662301][T22579] Process accounting resumed [ 2048.100854][T22610] netlink: 4 bytes leftover after parsing attributes in process `syz.4.17806'. [ 2048.873965][T22629] __vm_enough_memory: pid: 22629, comm: syz.3.17812, bytes: 8589938688 not enough memory for the allocation [ 2049.158495][T22624] Process accounting resumed [ 2049.318564][T22635] netlink: 4 bytes leftover after parsing attributes in process `syz.1.17813'. [ 2049.466879][T22637] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17814'. [ 2049.906285][T22644] Process accounting resumed [ 2050.046963][T22651] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17820'. [ 2050.101049][T22651] netlink: 'syz.3.17820': attribute type 1 has an invalid length. [ 2050.133890][T22651] netlink: 342 bytes leftover after parsing attributes in process `syz.3.17820'. [ 2050.211209][T22655] netlink: 25 bytes leftover after parsing attributes in process `syz.2.17821'. [ 2050.388743][T22653] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 2050.557791][T22665] netlink: 'syz.2.17824': attribute type 1 has an invalid length. [ 2051.820439][T22695] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 2052.083797][T22683] Process accounting resumed [ 2052.978569][T22719] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 2054.053349][T22733] Process accounting resumed [ 2054.351860][T22735] Process accounting resumed [ 2055.272439][T22773] netlink: 'syz.2.17852': attribute type 11 has an invalid length. [ 2055.327279][T22773] netlink: 'syz.2.17852': attribute type 11 has an invalid length. [ 2055.348199][T22773] netlink: 'syz.2.17852': attribute type 11 has an invalid length. [ 2055.398481][T22773] netlink: 'syz.2.17852': attribute type 11 has an invalid length. [ 2055.689486][T22786] netlink: 4 bytes leftover after parsing attributes in process `syz.1.17855'. [ 2055.744815][T22786] netlink: 'syz.1.17855': attribute type 1 has an invalid length. [ 2055.802714][T22786] netlink: 'syz.1.17855': attribute type 6 has an invalid length. [ 2056.154409][T22794] Process accounting resumed [ 2056.518641][T22788] Process accounting resumed [ 2056.764154][T22809] snd_virmidi snd_virmidi.0: control 1:-5:4194312:1Յ:0 is already present [ 2056.779907][T22807] netlink: 4 bytes leftover after parsing attributes in process `syz.2.17860'. [ 2056.876200][T22805] serio: Serial port pty6 [ 2059.424165][T22853] Process accounting resumed [ 2059.978284][T22855] Process accounting resumed [ 2062.030045][T22894] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 2062.056684][T22894] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 2062.071556][T22894] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 2062.089735][T22894] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 2062.096634][T22911] Process accounting resumed [ 2063.011273][T22914] Process accounting resumed [ 2063.027093][T22931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.17894'. [ 2063.106566][T22931] netlink: 'syz.3.17894': attribute type 1 has an invalid length. [ 2063.143861][T22931] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.17894'. [ 2063.313829][T22537] Bluetooth: hci1: command 0x0406 tx timeout [ 2064.110955][T22537] Bluetooth: hci0: command 0x0406 tx timeout [ 2064.117169][T22537] Bluetooth: hci4: command 0x0c1a tx timeout [ 2064.124626][T22537] Bluetooth: hci3: command 0x0406 tx timeout [ 2066.510825][T22952] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 2067.231544][T23005] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.17915: No space for directory leaf checksum. Please run e2fsck -D. [ 2067.290794][T23005] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.17915: checksumming directory block 0 [ 2067.348254][T23005] faux_driver regulatory: loading /lib/firmware/updates/syzkaller/regulatory.db failed with error -74 [ 2067.392968][T23005] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.17915: No space for directory leaf checksum. Please run e2fsck -D. [ 2067.465935][T23005] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.17915: checksumming directory block 0 [ 2067.524565][T23005] faux_driver regulatory: loading /lib/firmware/updates/regulatory.db failed with error -74 [ 2067.570040][T23005] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.17915: No space for directory leaf checksum. Please run e2fsck -D. [ 2067.618389][T23005] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.17915: checksumming directory block 0 [ 2067.661068][T23005] faux_driver regulatory: loading /lib/firmware/syzkaller/regulatory.db failed with error -74 [ 2067.696645][T23005] EXT4-fs warning (device sda1): ext4_dirblock_csum_verify:375: inode #264: comm syz.2.17915: No space for directory leaf checksum. Please run e2fsck -D. [ 2067.730863][T23005] EXT4-fs error (device sda1): __ext4_find_entry:1624: inode #264: comm syz.2.17915: checksumming directory block 0 [ 2067.780925][T23005] faux_driver regulatory: loading /lib/firmware/regulatory.db failed with error -74 [ 2067.833778][T23005] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -74 [ 2067.858808][T23005] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db [ 2069.265911][T23033] Process accounting resumed [ 2070.716774][T23045] Process accounting resumed [ 2070.851269][T23058] Loading of unsigned module is rejected [ 2071.070970][T22952] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 2071.619933][T22524] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2071.649555][T22524] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2071.661519][T22524] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2071.670209][T22524] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2071.677879][T22524] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2072.587143][T23072] chnl_net:caif_netlink_parms(): no params data found [ 2072.909524][T23072] bridge0: port 1(bridge_slave_0) entered blocking state [ 2072.916849][T23072] bridge0: port 1(bridge_slave_0) entered disabled state [ 2072.925017][T23072] bridge_slave_0: entered allmulticast mode [ 2072.932910][T23072] bridge_slave_0: entered promiscuous mode [ 2072.945946][T23072] bridge0: port 2(bridge_slave_1) entered blocking state [ 2072.953410][T23072] bridge0: port 2(bridge_slave_1) entered disabled state [ 2072.960610][T23072] bridge_slave_1: entered allmulticast mode [ 2072.968377][T23072] bridge_slave_1: entered promiscuous mode [ 2073.035569][T23072] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2073.063118][T23072] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2073.187833][T23072] team0: Port device team_slave_0 added [ 2073.209977][T23072] team0: Port device team_slave_1 added [ 2073.312680][T23072] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2073.334243][T23072] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2073.405290][T23072] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2073.482910][T23072] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2073.507122][T23072] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 2073.606519][T23072] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2073.800893][T22524] Bluetooth: hci2: command tx timeout [ 2073.816171][T23072] hsr_slave_0: entered promiscuous mode [ 2073.842871][T23107] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 2073.855581][T23072] hsr_slave_1: entered promiscuous mode [ 2073.872355][T23072] debugfs: 'hsr0' already exists in 'hsr' [ 2073.901350][T23072] Cannot create hsr debugfs directory [ 2074.786117][T23120] Process accounting resumed [ 2074.910399][T23072] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 2074.931179][T23072] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 2074.954255][T23072] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 2074.972421][T23072] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 2075.121303][T23072] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2075.156326][T23072] 8021q: adding VLAN 0 to HW filter on device team0 [ 2075.179985][T22617] bridge0: port 1(bridge_slave_0) entered blocking state [ 2075.187136][T22617] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2075.230162][T22617] bridge0: port 2(bridge_slave_1) entered blocking state [ 2075.237328][T22617] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2075.562468][T23072] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2075.757426][T23072] veth0_vlan: entered promiscuous mode [ 2075.771577][T23072] veth1_vlan: entered promiscuous mode [ 2075.805073][T23072] veth0_macvtap: entered promiscuous mode [ 2075.814755][T23072] veth1_macvtap: entered promiscuous mode [ 2075.833132][T23072] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2075.846737][T23072] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2075.859766][T22548] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2075.871180][T22524] Bluetooth: hci2: command tx timeout [ 2075.886388][T22548] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2075.905718][T22548] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2075.923740][T22548] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2076.026691][T22529] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2076.047911][T22529] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2076.076550][T22617] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2076.087511][T22617] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2077.950936][T22524] Bluetooth: hci2: command tx timeout [ 2080.030840][T22524] Bluetooth: hci2: command tx timeout [ 2099.316416][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 2099.323215][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 2160.753760][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 2160.760035][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 2198.670842][T22952] Bluetooth: hci2: command 0x0406 tx timeout [ 2202.350814][ T30] INFO: task kworker/u8:0:12 blocked for more than 143 seconds. [ 2202.359993][ T30] Tainted: G U L syzkaller #0 [ 2202.368343][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2202.377710][ T30] task:kworker/u8:0 state:D stack:22792 pid:12 tgid:12 ppid:2 task_flags:0x4208160 flags:0x00080000 [ 2202.391723][ T30] Workqueue: netns cleanup_net [ 2202.396554][ T30] Call Trace: [ 2202.399859][ T30] [ 2202.403975][ T30] __schedule+0xfee/0x60e0 [ 2202.408437][ T30] ? __lock_acquire+0x4a5/0x2630 [ 2202.413680][ T30] ? __pfx___schedule+0x10/0x10 [ 2202.418568][ T30] ? find_held_lock+0x2b/0x80 [ 2202.423505][ T30] ? schedule+0x2bf/0x390 [ 2202.428615][ T30] schedule+0xdd/0x390 [ 2202.433953][ T30] schedule_timeout+0x1b2/0x280 [ 2202.438857][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 2202.444570][ T30] ? mark_held_locks+0x40/0x70 [ 2202.449386][ T30] __wait_for_common+0x2e7/0x4c0 [ 2202.454595][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 2202.460342][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 2202.466254][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 2202.472720][ T30] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 2202.478579][ T30] __flush_workqueue+0x3f7/0x1200 [ 2202.484000][ T30] ? __virt_addr_valid+0x32d/0x620 [ 2202.489178][ T30] ? find_held_lock+0x2b/0x80 [ 2202.494715][ T30] ? find_held_lock+0x2b/0x80 [ 2202.499438][ T30] ? __pfx___flush_workqueue+0x10/0x10 [ 2202.506374][ T30] ? queue_work_on+0x11b/0x1e0 [ 2202.512249][ T30] ? lockdep_hardirqs_on+0x78/0x100 [ 2202.517488][ T30] rxrpc_destroy_all_connections+0xf9/0x420 [ 2202.523644][ T30] ? __pfx_rxrpc_destroy_all_connections+0x10/0x10 [ 2202.531196][ T30] ? __pfx___try_to_del_timer_sync+0x10/0x10 [ 2202.537219][ T30] ? __timer_delete_sync+0x151/0x1c0 [ 2202.542794][ T30] rxrpc_exit_net+0x7b/0xc0 [ 2202.547344][ T30] ? __pfx_rxrpc_exit_net+0x10/0x10 [ 2202.552801][ T30] ops_undo_list+0x2ee/0xab0 [ 2202.557428][ T30] ? __pfx_ops_undo_list+0x10/0x10 [ 2202.563166][ T30] ? cleanup_net+0x332/0x920 [ 2202.567981][ T30] ? idr_destroy+0x62/0x2e0 [ 2202.572758][ T30] cleanup_net+0x499/0x920 [ 2202.577223][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 2202.583508][ T30] ? rcu_is_watching+0x12/0xc0 [ 2202.588316][ T30] process_one_work+0x9d7/0x1920 [ 2202.594511][ T30] ? __pfx_process_one_work+0x10/0x10 [ 2202.599931][ T30] ? __pfx_cleanup_net+0x10/0x10 [ 2202.605995][ T30] worker_thread+0x5da/0xe40 [ 2202.612202][ T30] ? kthread+0x13a/0x450 [ 2202.616493][ T30] ? __pfx_worker_thread+0x10/0x10 [ 2202.622696][ T30] kthread+0x370/0x450 [ 2202.626822][ T30] ? __pfx_kthread+0x10/0x10 [ 2202.632437][ T30] ret_from_fork+0x754/0xd80 [ 2202.637075][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 2202.647553][ T30] ? __switch_to+0x7b4/0x1120 [ 2202.652436][ T30] ? __pfx_kthread+0x10/0x10 [ 2202.657068][ T30] ret_from_fork_asm+0x1a/0x30 [ 2202.662201][ T30] [ 2202.665694][ T30] INFO: task syz.1.17858:22797 blocked for more than 143 seconds. [ 2202.677341][ T30] Tainted: G U L syzkaller #0 [ 2202.684062][ T30] Blocked by coredump. [ 2202.688670][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2202.699086][ T30] task:syz.1.17858 state:D stack:26288 pid:22797 tgid:22796 ppid:5820 task_flags:0x40054c flags:0x00080001 [ 2202.711920][ T30] Call Trace: [ 2202.715236][ T30] [ 2202.718197][ T30] __schedule+0xfee/0x60e0 [ 2202.723989][ T30] ? __lock_acquire+0x4a5/0x2630 [ 2202.728985][ T30] ? __pfx___schedule+0x10/0x10 [ 2202.735950][ T30] ? find_held_lock+0x2b/0x80 [ 2202.740929][ T30] ? schedule+0x2bf/0x390 [ 2202.745339][ T30] schedule+0xdd/0x390 [ 2202.749441][ T30] schedule_timeout+0x1b2/0x280 [ 2202.754796][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 2202.760227][ T30] ? mark_held_locks+0x40/0x70 [ 2202.765278][ T30] __wait_for_common+0x2e7/0x4c0 [ 2202.770926][ T30] ? __pfx_schedule_timeout+0x10/0x10 [ 2202.776366][ T30] ? __pfx___wait_for_common+0x10/0x10 [ 2202.782096][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 2202.787355][ T30] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 2202.793445][ T30] __flush_workqueue+0x3f7/0x1200 [ 2202.798508][ T30] ? __lock_acquire+0x4a5/0x2630 [ 2202.804820][ T30] ? __pfx___flush_workqueue+0x10/0x10 [ 2202.810332][ T30] ? find_held_lock+0x2b/0x80 [ 2202.815276][ T30] ? net_generic+0xea/0x2a0 [ 2202.819864][ T30] ? rxrpc_discard_prealloc+0x752/0x9c0 [ 2202.826379][ T30] ? rxrpc_release_calls_on_socket+0x384/0x4e0 [ 2202.834283][ T30] ? _raw_spin_unlock_irq+0x23/0x50 [ 2202.840245][ T30] rxrpc_release+0x2a7/0x6a0 [ 2202.845961][ T30] __sock_release+0xb3/0x260 [ 2202.856402][ T30] ? __pfx_sock_close+0x10/0x10 [ 2202.861514][ T30] sock_close+0x1c/0x30 [ 2202.865704][ T30] __fput+0x3ff/0xb40 [ 2202.870031][ T30] task_work_run+0x150/0x240 [ 2202.875157][ T30] ? __pfx_task_work_run+0x10/0x10 [ 2202.880330][ T30] do_exit+0x829/0x2aa0 [ 2202.884753][ T30] ? __pfx_do_exit+0x10/0x10 [ 2202.889377][ T30] ? do_raw_spin_lock+0x128/0x260 [ 2202.894662][ T30] ? find_held_lock+0x2b/0x80 [ 2202.899378][ T30] ? get_signal+0x7e0/0x21e0 [ 2202.904231][ T30] do_group_exit+0xd5/0x2a0 [ 2202.908780][ T30] get_signal+0x1ec7/0x21e0 [ 2202.914645][ T30] ? __pfx_get_signal+0x10/0x10 [ 2202.919533][ T30] ? do_futex+0x192/0x350 [ 2202.924174][ T30] arch_do_signal_or_restart+0x91/0x770 [ 2202.929760][ T30] ? __sys_connect+0xe4/0x170 [ 2202.935401][ T30] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 2202.943595][ T30] ? __pfx___x64_sys_futex+0x10/0x10 [ 2202.948932][ T30] exit_to_user_mode_loop+0x86/0x4a0 [ 2202.955416][ T30] do_syscall_64+0x668/0xf80 [ 2202.960086][ T30] ? clear_bhb_loop+0x40/0x90 [ 2202.965046][ T30] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2202.971450][ T30] RIP: 0033:0x7f251679c629 [ 2202.976110][ T30] RSP: 002b:00007f25177320e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2202.984834][ T30] RAX: fffffffffffffe00 RBX: 00007f2516a15fa8 RCX: 00007f251679c629 [ 2202.993850][ T30] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f2516a15fa8 [ 2203.002034][ T30] RBP: 00007f2516a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 2203.010041][ T30] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2203.018263][ T30] R13: 00007f2516a16038 R14: 00007ffee25a01b0 R15: 00007ffee25a0298 [ 2203.027769][ T30] [ 2203.031008][ T30] [ 2203.031008][ T30] Showing all locks held in the system: [ 2203.038757][ T30] 3 locks held by kworker/u8:0/12: [ 2203.045697][ T30] #0: ffff88801c6ae948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 2203.057327][ T30] #1: ffffc90000117d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 2203.068271][ T30] #2: ffffffff905f8e30 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 2203.079008][ T30] 1 lock held by khungtaskd/30: [ 2203.084048][ T30] #0: ffffffff8e7e9220 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 2203.094114][ T30] 2 locks held by getty/7036: [ 2203.098824][ T30] #0: ffff888037cdb0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 2203.108876][ T30] #1: ffffc900031602f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 2203.119176][ T30] 1 lock held by syz.1.17858/22797: [ 2203.124562][ T30] #0: ffff888048675e08 (&sb->s_type->i_mutex_key#14){+.+.}-{4:4}, at: __sock_release+0x86/0x260 [ 2203.136602][ T30] [ 2203.138966][ T30] ============================================= [ 2203.138966][ T30] [ 2203.148861][ T30] NMI backtrace for cpu 0 [ 2203.148879][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 2203.148901][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 2203.148906][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2203.148916][ T30] Call Trace: [ 2203.148922][ T30] [ 2203.148928][ T30] dump_stack_lvl+0x100/0x190 [ 2203.148952][ T30] nmi_cpu_backtrace.cold+0x12d/0x151 [ 2203.148975][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 2203.148994][ T30] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 2203.149016][ T30] sys_info+0x141/0x190 [ 2203.149033][ T30] watchdog+0xd25/0x1050 [ 2203.149052][ T30] ? __pfx_watchdog+0x10/0x10 [ 2203.149066][ T30] ? __kthread_parkme+0x18c/0x230 [ 2203.149083][ T30] ? kthread+0x13a/0x450 [ 2203.149100][ T30] ? __pfx_watchdog+0x10/0x10 [ 2203.149111][ T30] kthread+0x370/0x450 [ 2203.149127][ T30] ? __pfx_kthread+0x10/0x10 [ 2203.149145][ T30] ret_from_fork+0x754/0xd80 [ 2203.149165][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 2203.149185][ T30] ? __switch_to+0x7b4/0x1120 [ 2203.149199][ T30] ? __pfx_kthread+0x10/0x10 [ 2203.149217][ T30] ret_from_fork_asm+0x1a/0x30 [ 2203.149240][ T30] [ 2203.283214][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 2203.290085][ T30] CPU: 0 UID: 0 PID: 30 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 2203.300766][ T30] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 2203.305938][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2203.315974][ T30] Call Trace: [ 2203.319240][ T30] [ 2203.322155][ T30] dump_stack_lvl+0x100/0x190 [ 2203.326824][ T30] vpanic+0x552/0x970 [ 2203.330787][ T30] ? __pfx_vpanic+0x10/0x10 [ 2203.335271][ T30] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 2203.341413][ T30] panic+0xd1/0xe0 [ 2203.345114][ T30] ? __pfx_panic+0x10/0x10 [ 2203.349513][ T30] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 2203.355655][ T30] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 2203.361793][ T30] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 2203.367932][ T30] ? watchdog.cold+0x198/0x1ca [ 2203.372680][ T30] ? watchdog+0xd35/0x1050 [ 2203.377073][ T30] watchdog.cold+0x1a9/0x1ca [ 2203.381650][ T30] ? __pfx_watchdog+0x10/0x10 [ 2203.386307][ T30] ? __kthread_parkme+0x18c/0x230 [ 2203.391313][ T30] ? kthread+0x13a/0x450 [ 2203.395540][ T30] ? __pfx_watchdog+0x10/0x10 [ 2203.400191][ T30] kthread+0x370/0x450 [ 2203.404246][ T30] ? __pfx_kthread+0x10/0x10 [ 2203.408817][ T30] ret_from_fork+0x754/0xd80 [ 2203.413394][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 2203.418493][ T30] ? __switch_to+0x7b4/0x1120 [ 2203.423152][ T30] ? __pfx_kthread+0x10/0x10 [ 2203.427726][ T30] ret_from_fork_asm+0x1a/0x30 [ 2203.432479][ T30] [ 2203.435539][ T30] Kernel Offset: disabled [ 2203.439851][ T30] Rebooting in 86400 seconds..