last executing test programs: 19m49.402480009s ago: executing program 2 (id=4057): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) io_uring_setup$auto(0x86, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x200, 0x1) open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) fanotify_init$auto(0x5, 0x2000000000002) socket(0x26, 0x80805, 0x0) bind$auto(0x3, 0x0, 0x6a) 19m49.338817936s ago: executing program 2 (id=4050): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto_MADV_GUARD_INSTALL(0x0, 0x2021000, 0x66) mremap$auto(0x1ff000, 0xff, 0x843, 0x3, 0xfffff000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) mremap$auto(0xfffff000, 0x4, 0x4, 0x7, 0x1ff000) r0 = openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f00000017c0)='/sys/kernel/debug/lru_gen\x00', 0x1, 0x0) writev$auto(r0, &(0x7f0000000100)={0x0, 0x407114}, 0x8) 19m48.979195784s ago: executing program 2 (id=4054): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) bind$auto(0x3, 0x0, 0x2) 19m48.876923759s ago: executing program 2 (id=4058): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 19m48.711042512s ago: executing program 2 (id=4060): mmap$auto(0x0, 0x400006, 0xdf, 0x809b72, 0x2, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptyy2\x00', 0x100, 0x0) io_uring_setup$auto(0x7e1b, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101e81, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0xa0102, 0x0) ioctl$auto(0x3, 0x5420, 0x38) read$auto(r0, 0x0, 0x73) ioctl$auto(0x3, 0x402c542c, 0x38) 19m48.266902115s ago: executing program 2 (id=4066): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x4) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) pwrite64$auto(0xc8, 0x0, 0x4e, 0x1) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_fd=0x2, 0x80}, 0x96) 19m47.967955211s ago: executing program 32 (id=4066): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/oom_adj\x00', 0x300, 0x0) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x4) read$auto(r0, 0x0, 0x1f40) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/fail-nth\x00', 0x8002, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) pwrite64$auto(0xc8, 0x0, 0x4e, 0x1) bpf$auto(0x0, &(0x7f0000000100)=@bpf_attr_5={@target_fd=0x5, 0x7f, 0x9c, 0x7b2, 0x1, @relative_fd=0x2, 0x80}, 0x96) 17m50.029243305s ago: executing program 1 (id=4953): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) unshare$auto(0x40000080) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x8000000000000000, 0x15) connect$auto(0xffffffffffffffff, 0x0, 0x32) mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) exit$auto(0x6) msgsnd$auto(0x9, 0x0, 0xfffffffffffffffd, 0x4) 17m48.964250717s ago: executing program 1 (id=4963): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$auto(0x3, 0xc040aed4, r0) 17m48.753446044s ago: executing program 1 (id=4965): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event0\x00', 0x3498c2, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4140aecd, &(0x7f0000000080)={0x43}) 17m48.453092824s ago: executing program 1 (id=4969): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r0 = socket(0xa, 0x3, 0x87) close_range$auto(0x2, 0xa, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x3, 0x1, 0x21, 0x0, 0x9) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000040), r2) mq_notify$auto(r1, &(0x7f00000000c0)={@sival_ptr=0x0, @inferred=r0, 0x2, @_sigev_thread={0x0, 0x0}}) close_range$auto(0x2, 0xa, 0x0) 17m47.959749903s ago: executing program 1 (id=4975): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x106) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0xffffffd6) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) tkill$auto(0x1, 0x7) 17m46.371616731s ago: executing program 1 (id=4989): r0 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x90\xc0\xba\xc0u\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u&\x81I6\v\xcc\x00\x00\x00\x00\x00\x00\x00\x00', 0x3, 0xfffc, 0x0) mmap$auto(0xfffffffff8, 0xa, 0x8, 0x7427c1bb, 0xffffffffffffffff, 0xfff) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x2) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0xc, 0x2008, 0x9, 0x0) mq_timedreceive$auto(r0, 0x0, 0x4dc9, 0x0, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffffff, 0x0, 0x0) 17m45.645404599s ago: executing program 33 (id=4989): r0 = mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x90\xc0\xba\xc0u\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u&\x81I6\v\xcc\x00\x00\x00\x00\x00\x00\x00\x00', 0x3, 0xfffc, 0x0) mmap$auto(0xfffffffff8, 0xa, 0x8, 0x7427c1bb, 0xffffffffffffffff, 0xfff) setsockopt$auto(0x3, 0x10000000084, 0x76, 0x0, 0x2) unshare$auto(0x40000080) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x23, 0xc, 0x2008, 0x9, 0x0) mq_timedreceive$auto(r0, 0x0, 0x4dc9, 0x0, 0x0) read$auto_drm_debugfs_entry_fops_drm_debugfs(0xffffffffffffffff, 0x0, 0x0) 15m46.576622806s ago: executing program 0 (id=5768): mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) r0 = openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r1 = getpid() process_vm_readv$auto(r1, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={&(0x7f0000000140), 0x40000000001243}, 0xa, 0x0) ioctl$auto(r0, 0x400454ca, 0x38) io_uring_setup$auto(0xa, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x400, 0x0) 15m45.671905978s ago: executing program 0 (id=5774): mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) getcwd$auto(0x0, 0xffffffffffffffff) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x5, 0x0) inotify_init1$auto(0x3000000000000) inotify_add_watch$auto(0x4, 0x0, 0x4000e6e) open(0x0, 0x41a001, 0x409) 15m45.318989056s ago: executing program 0 (id=5775): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = socket(0x11, 0x80003, 0x300) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) getsockopt$auto_SO_PROTOCOL(r1, 0x9, 0x26, 0x0, 0x0) recvmsg$auto(r0, 0x0, 0xfffffff7) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) 15m44.416155785s ago: executing program 0 (id=5777): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_ifindex=r2, r1, 0x8, 0x1, r0, @relative_id=0x13, 0xe600}, 0xf) r3 = open(0x0, 0x261c2, 0x84) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, r3, 0x0, 0x3}, 0xc) 15m43.574223866s ago: executing program 0 (id=5779): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x11, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x2df, 0x500, 0x81, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x7fffffffffffffff}}) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) open(&(0x7f0000000040)='./file0\x00', 0x8643, 0x15e) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) rename$auto(&(0x7f0000000480)='./file0\x00', 0x0) 15m43.218139604s ago: executing program 0 (id=5783): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0xa, 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r0, 0x0, 0xa3d9) 15m27.911858203s ago: executing program 34 (id=5783): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0xa, 0x2, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x42, 0x0) write$auto(r0, 0x0, 0xa3d9) 2m3.373417611s ago: executing program 5 (id=8586): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) fcntl$auto(0x3, 0x4, 0xa553) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) syslog$auto(0x1, 0x0, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = socket(0x2b, 0x1, 0x0) mmap$auto(0x8, 0xe983, 0xdf, 0x100000000000016, 0xffffffffffffffff, 0x7ffd) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/video33\x00', 0x80382, 0x0) ioctl$auto(r1, 0xc0045627, r0) socket(0x10, 0x2, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000001640), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r3, &(0x7f0000001f00)={0x0, 0x0, &(0x7f0000001ec0)={&(0x7f0000001800)={0xa0, r2, 0x1, 0x70bd2d, 0x25dfdbff, {}, [@NL80211_ATTR_IE={0x8c, 0x2a, "3684a660bdccd1367bc48d95c45654a7d4ef122b5aaf580986f36c8305d02a0134617098711133f1352d29a8989d6853d2b62e6876842b9141c1f1baed01823c40a15b3a9b06aaa8c7fe2bcb43f0e02ab341b1480fd251e4695746cad00d4417d34c9d41ed33d62e634ac67f4a04ac804817cea529436086a5355b67030a24cc223223926569c0ee"}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000) 2m2.568617234s ago: executing program 3 (id=8588): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) userfaultfd$auto(0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket(0xa, 0x3, 0x73) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socket(0x2, 0x801, 0x106) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x3a) io_uring_setup$auto(0x68, 0x0) r0 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x80000000, 0xc, 0xb, 0x5}, 0x7) 2m2.208354064s ago: executing program 3 (id=8590): futex_waitv$auto(&(0x7f0000000000)={0xf, 0x5d94, 0x4, 0x4}, 0x77, 0x0, 0x0, 0x62bd) open(&(0x7f0000000000)='./file0\x00', 0xa240, 0x15e) r0 = socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffff7, 0x8000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x6) socket(0xa, 0x801, 0x106) socket$nl_generic(0x10, 0x3, 0x10) eventfd$auto(0x3) eventfd$auto(0x0) socket(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r1, @new_prog_fd=0x4, 0x4, @old_map_fd=r0}, 0xa3) 2m2.112603873s ago: executing program 3 (id=8591): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0x10004010) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) setsockopt$auto_SO_RCVLOWAT(0xffffffffffffffff, 0x8, 0x12, 0x0, 0x8) write$auto(0xffffffffffffffff, 0x0, 0xdec8) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xf15a}, 0x6, 0x8, 0x5) write$auto(0x3, 0x0, 0x5c8) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) lseek$auto(0x3, 0x2, 0x4) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x2280, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000200)='/sys/devices/platform/dummy_hcd.0/usb1/1-0:1.0/bInterfaceNumber\x00', 0xa140, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0x7f}, 0x6, 0x40005, 0x2005) 2m1.92473421s ago: executing program 5 (id=8593): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x801, 0x84) listen$auto(r0, 0x3) getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x17d) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/shm\x00', 0x101100, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) fstat$auto(r1, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) statx$auto(r2, 0x0, 0x1003, 0x4005, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 2m1.711322403s ago: executing program 5 (id=8594): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/udp_port\x00', 0x202, 0x0) sendfile$auto(r0, r0, 0x0, 0x7fffe000) r1 = prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) sendfile$auto(r1, r1, &(0x7f0000000340)=0x7, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000040)={[0x1ff, 0x7, 0xd, 0x8fd6, 0x948b, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000001, 0x9, 0x1, 0x9, 0x1, 0xfffffffffffffffe]}, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) syz_genetlink_get_family_id$auto_ovs_flow(0x0, 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) fdatasync$auto(r2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/flags\x00', 0x143262, 0x0) write$auto(r5, &(0x7f00000000c0)='1\x00\xc7k\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00j(=\xd1<\xf9\x96\x10>\xb9\x05\xbe\xc8v\x81-ILplM\x98\x88J\xfd\x17\xc8K\xdd\x89;T@d\xa3_\xfcb8\x7fA\x11\xba\xefL\xe1L\x8aE}\xa7\x05\b\xd7\xe2\xae\xfek\xbbw\x8c\x88\x1emW-\xf5\x94\xdak\x81\xe4\x1e\x1dS\xf2~>\xb1\xc6\xd1\xee\xc8\x19e\xc1w\xf05%\xd76]\x0f\v\x01\xa4(\xec\xd3\xca\a\x15&nv\xc1}\xfcD', 0x81) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/zram0/idle\x00', 0xa001, 0x0) write$auto(r6, &(0x7f0000000000)='72\xa1\x84\xbd0\x00f\x19\x1c\xc7k\x00\x00\x00\x00', 0x7) write$auto(r6, &(0x7f0000000180)='1\x00\xc7k\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00j(=\xd1<\xf9\x96\x10>\xb9\x05\xbe\xc8v\x81-ILplM\x98\x88J\xfd\x17\xc8K\xdd\x89;T@d\xa3_\xfcb8\x7fA\x11\xba\xefL\xe1L\x8aE}\xa7\x05\b\xd7\xe2\xae\xfek\xbbw\x8c\x88\x1emW-\xf5\x94\xdak\x81\xe4\x1e\x1dS\xf2~>\xb1\xc6\xd1\xee\xc8\x19e\xc1w\xf05%\xd76]\x0f\v\x01\xa4(\xec\xd3\xca\a\x15&nv\xc1}\xfcD', 0x1) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r4, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000400)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbfc}, 0x14}, 0x1, 0x68, 0x0, 0x4000000}, 0x0) r7 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r7, &(0x7f0000000000)="c80d1b5d399b58", 0x7) 2m0.604396423s ago: executing program 3 (id=8596): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vbi17\x00', 0x1a9001, 0x0) epoll_create$auto(0x4) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r2 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$auto(r2, 0x80046f45, 0x38) openat$auto_dev_fops_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0) getsockopt$auto_SO_TIMESTAMPING_OLD(0xffffffffffffffff, 0x0, 0x25, &(0x7f0000000200)='/proc/sys/net/ipv6/route/flush\x00', &(0x7f0000000240)=0x2) mmap$auto(0x8, 0x2, 0xdf, 0xeb1, r0, 0x8000) openat$auto_qrtr_tun_ops_tun(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) sendmsg$auto_CGROUPSTATS_CMD_GET(0xffffffffffffffff, 0x0, 0x24004094) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sys/net/ipv6/route/flush\x00', 0x80401, 0x0) bpf$auto_BPF_MAP_FREEZE(0x16, 0x0, 0x1) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x800000000000007, 0xd3e, 0x1, 0x800000948b, 0x3, 0x95f4da0a, 0xffffffffffffffff, 0x3, 0x7, 0x80000001, 0x7, 0x6d3f, 0x9, 0x8, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x5, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000001ff, 0x4, 0xf, 0x1, 0x80000000003, 0x3, 0x15f4da0a, 0x3, 0x3, 0x62, 0x80000023, 0x7, 0x6d42, 0xd, 0xd, 0x1]}, 0x0) 2m0.346008643s ago: executing program 5 (id=8598): mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0x2, 0x8000) mlock$auto(0xfff, 0xde7f) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x1ff, 0x20000000) semget$auto(0x3, 0x13c, 0x1ff) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) openat$auto_event_trigger_fops_trace(0xffffffffffffff9c, 0x0, 0x40000, 0x0) semtimedop$auto(0x0, &(0x7f00000000c0)={0xa, 0x81, 0x70}, 0x1f4, 0x0) semtimedop$auto(0x0, &(0x7f0000000000)={0x7, 0x8000, 0x36ec}, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0x29, 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB="5de1"], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x1, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) ioctl$auto(r0, 0x89a3, 0x24) mlockall$auto(0x800000000000005) nanosleep$auto(&(0x7f0000000040)={0x4, 0xb436}, &(0x7f0000000080)={0x32, 0xc64}) 1m58.955430623s ago: executing program 3 (id=8600): mmap$auto(0x7ffffffd, 0x40000c, 0x11, 0x9b72, 0x2, 0x8000) r0 = socket(0x1d, 0x1, 0x7fff) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, 0x0, 0x8000) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) socket(0x18, 0x5, 0x1) syz_genetlink_get_family_id$auto_smbd_genl(&(0x7f0000000240), r0) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) statx$auto(0x2, 0x0, 0x1000, 0x8, 0x0) ioctl$auto(r3, 0x40104d04, 0x7) 1m58.123856329s ago: executing program 5 (id=8602): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x801, 0x84) listen$auto(r0, 0x3) getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x17d) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/shm\x00', 0x101100, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sda\x00', 0x8001, 0x0) fstat$auto(r1, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) statx$auto(r2, 0x0, 0x1003, 0x4005, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 1m57.936279284s ago: executing program 5 (id=8604): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) shmctl$auto_IPC_RMID(0x8b54, 0x0, &(0x7f00000001c0)={{0x9, 0xffffffffffffffff, 0x0, 0x4, 0x2, 0xffffffff, 0xd}, 0x1, 0x5, 0xae, 0x0, @inferred, @inferred=0xffffffffffffffff, 0x90, 0x0, &(0x7f0000000040)="6bbfadec212b5e52a500a6e05d190a8d48f7eb8fd6bde814adb409ce", &(0x7f0000000180)="863810553f3f50f484ede3fc865644e4022002"}) stat$auto(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x3, 0x1, 0xcb87, 0xd, 0xee01, 0xee00, 0x0, 0xffff, 0x1, 0x1, 0x9, 0x3, 0x5, 0x51, 0x3, 0x80000000, 0x1400000000000000}) shmctl$auto_IPC_RMID(0x7, 0x0, &(0x7f0000000480)={{0x9, r1, r2, 0x1000, 0x9, 0xe54c, 0x3}, 0x3, 0x9, 0x6, 0xfe, @raw, @raw=0x2, 0x0, 0x0, &(0x7f0000000340)="2f7463cafa", &(0x7f0000000380)="a36cf964145dd6dd3eee96dc47b1e3bb86f55c697244920b8013fccef966e7a3cf50a08a6409672c9a8edef915df0377ac153f6e71dfcc9fa1c938ada798b3c6e4d6978c53eae969d33d2844f974db58679b86852c3e9a8b732c05254ce9b1b19138946bd963b9c3be8447e6adfda7e3737a9f4c7050f91a7a563573c0bc3e347dcc081c77ea7aee196cadc0e5e4c0d03fdb0828079f14ffc25af3c9c77643f721985f2ef137593ecca5fe91d91513dfd9cac7385c6a60222abd4c4cbaa7de5228"}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) sysfs$auto(0x2, 0x2, 0x0) setfsuid$auto(0xee01) keyctl$auto(0x7, 0x0, 0x0, 0x0, 0x5) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 1m57.933782961s ago: executing program 3 (id=8605): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0xa) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) 1m42.866740617s ago: executing program 35 (id=8604): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) socket(0xa, 0x5, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) shmctl$auto_IPC_RMID(0x8b54, 0x0, &(0x7f00000001c0)={{0x9, 0xffffffffffffffff, 0x0, 0x4, 0x2, 0xffffffff, 0xd}, 0x1, 0x5, 0xae, 0x0, @inferred, @inferred=0xffffffffffffffff, 0x90, 0x0, &(0x7f0000000040)="6bbfadec212b5e52a500a6e05d190a8d48f7eb8fd6bde814adb409ce", &(0x7f0000000180)="863810553f3f50f484ede3fc865644e4022002"}) stat$auto(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x3, 0x1, 0xcb87, 0xd, 0xee01, 0xee00, 0x0, 0xffff, 0x1, 0x1, 0x9, 0x3, 0x5, 0x51, 0x3, 0x80000000, 0x1400000000000000}) shmctl$auto_IPC_RMID(0x7, 0x0, &(0x7f0000000480)={{0x9, r1, r2, 0x1000, 0x9, 0xe54c, 0x3}, 0x3, 0x9, 0x6, 0xfe, @raw, @raw=0x2, 0x0, 0x0, &(0x7f0000000340)="2f7463cafa", &(0x7f0000000380)="a36cf964145dd6dd3eee96dc47b1e3bb86f55c697244920b8013fccef966e7a3cf50a08a6409672c9a8edef915df0377ac153f6e71dfcc9fa1c938ada798b3c6e4d6978c53eae969d33d2844f974db58679b86852c3e9a8b732c05254ce9b1b19138946bd963b9c3be8447e6adfda7e3737a9f4c7050f91a7a563573c0bc3e347dcc081c77ea7aee196cadc0e5e4c0d03fdb0828079f14ffc25af3c9c77643f721985f2ef137593ecca5fe91d91513dfd9cac7385c6a60222abd4c4cbaa7de5228"}) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) ioctl$auto(0xffffffffffffffff, 0x540a, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) sysfs$auto(0x2, 0x2, 0x0) setfsuid$auto(0xee01) keyctl$auto(0x7, 0x0, 0x0, 0x0, 0x5) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x2, 0x1, 0x84) shutdown$auto(0x200000003, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) 1m42.75236514s ago: executing program 36 (id=8605): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) writev$auto(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x40}, 0xa) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) 1m18.252584547s ago: executing program 7 (id=8705): mmap$auto(0x1000, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="2ea56e29612ddc6c333ab48c54df9e", @ANYRES16, @ANYBLOB="01002abd7000fedbdf250b000000"], 0x14}, 0x1, 0x2000000, 0x0, 0x40200c0}, 0x20040880) migrate_pages$auto(0x0, 0x4, 0x0, 0x0) r0 = getpid() r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x0, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x2003f0, 0x11) personality$auto(0xfffffffc) statx$auto(r1, 0x0, 0x9, 0x2, 0x0) socket(0x2, 0x1, 0x0) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0xa, 0x0) 1m16.728395134s ago: executing program 7 (id=8708): socket(0x2, 0x1, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) socket(0x2, 0x2, 0x88) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) write$auto(0x3, 0x0, 0xfdf3) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xfdf3}, 0x100000007) mmap$auto(0x0, 0x400008, 0x7, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/fail-nth\x00', 0x78aa83, 0x0) writev$auto(r0, &(0x7f0000000200)={0x0, 0x7}, 0x3) preadv$auto(r0, &(0x7f0000000140)={&(0x7f0000000300)="8a76cbc919c7f7b498aafb757929e3fe7f0c6c498014ebfbfc4ffff72bfc210335d5597bd1712bf172fba5e33acd3c92eb89395437f75032c5732d7584a7499f4d11dedeba1e89c004f2ac3ba1882318c5659d884c2643811313199697127113e385e3326c60dcda6689ff6ba9c74d41a47bf0e1da86c9d2e811b59568afb74416e5de10d3b16e253ce027914bd8aa05f3b7a9971ded8e1128edd34004460c3402b644dc805dd9ead1164cd1de7b59c4829b5c6f7c9378bd5d898d19598cb9e4531ba8e6", 0x3}, 0x7, 0xa5, 0xffffffffffff0000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x7ffe) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x1) fstat$auto(r1, 0x0) r2 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x4610, 0x0) 1m15.492058578s ago: executing program 7 (id=8712): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x1, 0x84) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0xa4e00, 0x0) r1 = open(0x0, 0x14927f, 0x0) prctl$auto_PR_SCHED_CORE_SHARE_FROM(0x8, 0x3, 0x0, 0x0, 0x2) socket(0x23, 0xa, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D1\x00', 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) sendmsg$auto_MACSEC_CMD_DEL_RXSA(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x844}, 0x20004010) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1021, 0x0, 0xd) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) openat$auto_stats_seq_fops_netdebug(0xffffffffffffff9c, &(0x7f0000000180), 0x2001, 0x0) sendfile$auto(r4, r3, 0x0, 0x1000202) sendmsg$auto_MAC802154_HWSIM_CMD_NEW_EDGE(r0, &(0x7f0000000300)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x81) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) ioctl$auto_BCH_IOCTL_READ_SUPER(r1, 0x4020bc0c, &(0x7f0000000040)={0x6, 0x0, 0xf, 0x8000000000000001, 0x37}) 1m14.004738859s ago: executing program 7 (id=8718): madvise$auto(0x0, 0x2000040080000004, 0xe) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/snd/midiC2D1\x00', 0x581402, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_PAUSE2(r1, 0x40044145, &(0x7f0000000080)=0x3) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x200007, 0x1d) syslog$auto(0x3, 0x0, 0x1013) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x11, 0x80003, 0x300) socket(0x29, 0x5, 0x0) open(&(0x7f0000000040)='./cgroup\x00', 0x80, 0xb5d1af1605322de0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x0, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) 1m12.031976934s ago: executing program 7 (id=8724): socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x9, 0x21eb, 0x7ff, 0x6, 0xa, 0x1000009, 0x5f, 0x0, 0x3}, 0x6f3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x0) socket(0x1d, 0x2, 0x7) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x84) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x106) r0 = socket(0x10, 0x2, 0xf) close_range$auto(0x0, 0xffffeffe, 0x2) pipe$auto(0x0) socket(0xa, 0x3, 0xff) pipe$auto(0x0) bpf$auto(0x0, &(0x7f0000000080)=@bpf_attr_4={0x1e, r0, 0xffffffff}, 0xd) bpf$auto(0x2, &(0x7f0000000080)=@bpf_attr_3={0x5, 0x0, 0x702955be, 0x40000, 0x4, 0x5, 0x80, 0xe4, 0xfffff800, "0566c8ee7c78a925488276d7697a12bd", 0x0, 0x5, 0xffffffffffffffff, 0x7, 0x9, 0x4, 0x7, 0x10001, 0x0, 0x8001, @attach_prog_fd=r0, 0x7e, 0x4, 0x1, 0x5, 0x3}, 0x5) 1m11.531878964s ago: executing program 7 (id=8726): semctl$auto_GETZCNT(0x5, 0x0, 0xf, 0x5) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101202, 0x0) write$auto(r3, 0x0, 0x3f00) ptrace$auto(0x10, r2, 0x4, 0x7ff) ptrace$auto(0x5, r2, 0x7, 0x4f) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) bind$auto(r1, &(0x7f0000000140)=@can, 0xffff) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) ptrace$auto(0xf106, 0x0, 0x8, 0x0) unshare$auto(0x1) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) 56.355340037s ago: executing program 37 (id=8726): semctl$auto_GETZCNT(0x5, 0x0, 0xf, 0x5) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) mmap$auto(0x0, 0x5, 0x4000000000e2, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r3 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x101202, 0x0) write$auto(r3, 0x0, 0x3f00) ptrace$auto(0x10, r2, 0x4, 0x7ff) ptrace$auto(0x5, r2, 0x7, 0x4f) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) bind$auto(r1, &(0x7f0000000140)=@can, 0xffff) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) ptrace$auto(0xf106, 0x0, 0x8, 0x0) unshare$auto(0x1) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000e3d9) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) 31.422965189s ago: executing program 6 (id=8836): socket(0x2, 0x3, 0xa) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000680)='/dev/v4l-subdev5\x00', 0x20281, 0x0) setitimer$auto_ITIMER_VIRTUAL(0x1, &(0x7f0000000080)={{0x7, 0x3076000000000000}, {0x10, 0x401}}, 0x0) r1 = prctl$auto_PR_TIMER_CREATE_RESTORE_IDS_GET(0x1ff, 0x2, 0xffffffffffffffff, 0x8, 0xffffffffffffffff) read$auto_check_wx_fops_(r1, &(0x7f00000001c0)=""/136, 0x88) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) ioctl$auto_KVM_GET_MSRS(r2, 0x4040aea0, &(0x7f0000000080)={0x2}) ioctl$auto(r0, 0x541b, 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0xffffff7fffff0005, 0x8) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x200007, 0x8) 27.512602091s ago: executing program 6 (id=8834): mmap$auto(0x0, 0x3, 0x40000000009f, 0x10000000040eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ptyu1\x00', 0x201, 0x0) write$auto(0x3, 0x0, 0xfdef) ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) r1 = socket(0x28, 0x0, 0x300) syz_clone(0x2280cd00, 0x0, 0xffffffffffffffd8, 0x0, 0x0, 0x0) ioctl$auto_SNDRV_PCM_IOCTL_HW_FREE2(0xffffffffffffffff, 0x4112, 0x0) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/net_prio.ifpriomap\x00', 0x10b142, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/resend_igmp\x00', 0x1e2142, 0x0) sendfile$auto(r3, r3, 0x0, 0x7fff) read$auto(r1, &(0x7f0000000000)='#!$$\\@((},@,.,;/@(\'{-@%%(:^\x00', 0x1) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/fail-nth\x00', 0x101400, 0x0) sendfile$auto(r2, r2, 0x0, 0x5) mmap$auto(0x6c, 0x800, 0x1, 0x13, r1, 0xe) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$auto_NBD_CMD_STATUS(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)={0x1c, r5, 0x1, 0x70bd2b, 0x25dfdbfe, {}, [@NBD_ATTR_INDEX={0x8, 0x1, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x40) fcntl$auto_F_GETPIPE_SZ(r2, 0x408, 0x80000000) socket$nl_generic(0x10, 0x3, 0x10) 25.524254432s ago: executing program 6 (id=8844): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x801, 0x84) listen$auto(r0, 0x3) getsockopt$auto(r0, 0x84, 0x6d, 0x0, &(0x7f0000000280)=0x17d) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sysvipc/shm\x00', 0x101100, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x8001, 0x0) fstat$auto(r1, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) statx$auto(r2, 0x0, 0x1003, 0x4005, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 25.007891764s ago: executing program 6 (id=8845): r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/v4l-subdev3\x00', 0x169000, 0x0) ioctl$auto(r0, 0xc040564a, r0) mmap$auto(0x0, 0x400008, 0x1000dd, 0x9b72, r0, 0x8000) r1 = socket(0x2, 0x1, 0x0) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800006}, 0x9, 0x20000000) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2b, 0x1, 0x1) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x4) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x802, 0x1) openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x80301, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) setsockopt$auto(0x3, 0x0, 0xf, 0x0, 0xb) bind$auto(0x3, &(0x7f0000000000)=@in={0x2, 0x0, @rand_addr=0x2000000}, 0x68) acct$auto(&(0x7f0000000040)='/sys/kernel/tracing/dynamic_events\x00') 23.104545488s ago: executing program 6 (id=8851): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/006/001\x00', 0xa901, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) preadv2$auto(r1, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) bind$auto(0xffffffffffffffff, 0x0, 0x80) ioctl$auto(0x3, 0x80045439, 0x10000000000402) 21.470934902s ago: executing program 6 (id=8855): socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x400008, 0x4, 0xa910, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, 0x0) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x0, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x8) write$auto(r1, 0x0, 0x100000a3d9) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video43\x00', 0x129900, 0x0) socket(0x2, 0x1, 0x106) ppoll$auto(&(0x7f0000000200)={r2, 0x6, 0x6}, 0x8, 0x0, 0x0, 0x8) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video43\x00', 0x129900, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) msgrcv$auto(0x9, 0x0, 0xfffffffffffffffd, 0x6, 0x80008) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x8a141, 0x0) 18.230239674s ago: executing program 8 (id=8863): mmap$auto(0x1000, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) migrate_pages$auto(0x0, 0x4, 0x0, 0x0) r0 = getpid() r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x2003f0, 0x11) personality$auto(0xfffffffc) statx$auto(r1, 0x0, 0x9, 0x2, 0x0) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0xa, 0x0) 17.168350065s ago: executing program 8 (id=8866): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mincore$auto(0x1000, 0x8001, 0x0) mmap$auto(0x0, 0x2020009, 0x7, 0xeb2, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) unshare$auto(0x40000080) r0 = openat$auto_nsim_psample_enable_fops_psample(0xffffffffffffff9c, 0x0, 0x101882, 0x0) write$auto_nsim_psample_enable_fops_psample(r0, 0x0, 0x0) r1 = pidfd_open$auto(0x1, 0x0) setns(r1, 0x60020000) mount$auto(0x0, 0x0, &(0x7f0000000180)='nfqd\x00', 0x8, 0x0) pivot_root$auto(0x0, &(0x7f0000000340)='.\x00z\x86E\xb8\xf1\xcbx\xf6cu<\x0e\xd8\xa5\xcd~\xaf\x80\xd3\xf4\xe5\x02\xf9q p\xe2\x8b\xc0\xedf\xba\x16*\x8ar\xa0\'$A\xe5\xc5\x89\xcb\xd5\xac\x98,\xd4Pycv\xdd\xa1\x84\xfb\xe9\r\x82\x15P*IM\xf7.\xf3v\x85Q\xbc:\xef\xd5\x1a\x9e\xbck\x1d\x114^\x1b\x02\xa1\xb0(\xa2\xdb\xbc\x1a\t\x94\x14\xbb\xc8\xfa\x18I\xff\x7f\xab\xf0\x8f\xd3Gr\xfb5\xf1,\x11\x052u&\xde\x9aF\n\xf0\x06\xfc\x1b\x17\x82%\x14\xb3\x19\x13\f\xbe_\xfdi\x17\xfcv\x82*\xbf<\xfa5\xfd\x8b\x1d\x99\a`\xde\xf4\x8a,\tP) \xf4\xdc\r\x17x\xc6\x18Y\xeaaUY\xeb\xd2\x81\xbare\x00\x8e\xfdA\x93\xb9\xac\xf1\x0eq\x85\xd9\x90\x8a%K\x95\x8fm\v\x98y\x9bc-\xa7;\x117\x19)\x04\xb4\nJ\x0e\x1b\x97e\xee\xdb\xc3\xca\xfe\xa7y\x12\xff\xce') syz_genetlink_get_family_id$auto_nlctrl(0x0, 0xffffffffffffffff) r2 = mq_open$auto(&(0x7f0000000600)='/dev/snd/midiC2D0\x00', 0x7, 0xfffc, 0x0) pread64$auto(r2, &(0x7f0000000680)='\x00', 0x7, 0x37b) setresuid$auto(0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) mmap$auto(0xfffffffffffffffd, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) read$auto_mISDN_fops_timerdev(r1, 0x0, 0x0) 14.71157842s ago: executing program 8 (id=8870): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/006/001\x00', 0xa901, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) preadv2$auto(r1, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) bind$auto(0xffffffffffffffff, 0x0, 0x80) socket(0xf, 0xa, 0x5) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto(0x3, 0x80045439, 0x10000000000402) ioperm$auto(0x7, 0x75, 0x4) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/0000:00:02.0/Virtual-2/force\x00', 0x210080, 0x0) 12.843623152s ago: executing program 8 (id=8875): mmap$auto(0x1000, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) migrate_pages$auto(0x0, 0x4, 0x0, 0x0) r0 = getpid() r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x2003f0, 0x11) personality$auto(0xfffffffc) statx$auto(r1, 0x0, 0x9, 0x2, 0x0) socket(0x2, 0x1, 0x0) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0xa, 0x0) 12.116618506s ago: executing program 8 (id=8876): mmap$auto(0x0, 0x400006, 0xdf, 0x9b72, 0x0, 0x100000000008000) sysfs$auto(0x2, 0x3f, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0) read$auto(0x3, 0x0, 0xfffffdef) write$auto(0x3, 0x0, 0xfdef) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socket(0x2, 0x2, 0x88) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) setresuid$auto(0x0, 0x7, 0x8080) setfsuid$auto(0x0) openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x101000, 0x0) openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) close_range$auto(0x2, 0xa, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) 10.101761093s ago: executing program 8 (id=8883): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) getcwd$auto(0x0, 0xffffffffffffffff) renameat$auto(0x6, 0x0, 0x5, 0x0) madvise$auto(0x0, 0x200006, 0x9) syslog$auto(0x3, 0x0, 0x5) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) close_range$auto(0x2, 0x8, 0x0) readv$auto(0x3, 0x0, 0x100000007) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40050) close_range$auto(0x2, 0x8, 0x0) openat$auto_vrr_range_fops_(0xffffffffffffff9c, &(0x7f0000000f80)='/sys/kernel/debug/dri/vkms/Writeback-1/vrr_range\x00', 0xa8441, 0x0) unshare$auto(0x40000080) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) write$auto(r0, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) pwritev$auto(0x3, 0x0, 0x5, 0x3, 0x9) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x109100, 0x0) mmap$auto(0x7, 0x2000d, 0x4000000200df, 0xeb1, 0x404, 0x8000) 7.691157877s ago: executing program 4 (id=8891): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) sendmsg$auto_ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc854}, 0x0) unshare$auto(0x40000080) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/lru_gen\x00', 0xc0000, 0x0) socket(0x1e, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x8000000001, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) socket(0x18, 0x4, 0x0) ioctl$auto_RTC_WKALM_SET(r2, 0x4028700f, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) madvise$auto(0x0, 0xffffffffffff0009, 0x13) r3 = openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000005280), 0x40400, 0x0) ioctl$auto_posix_clock_file_operations_posix_clock(r3, 0x43403d05, 0x0) 6.558988672s ago: executing program 4 (id=8893): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) r0 = openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x410003, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000000640)="fa9a61b8a675f25dff1a01f4b20029651c2fcbfb41470a8dfd847475e9af3f36079f581806bde616320a0f56e67cb2a153234dd406b750d47b41140069a4c90948ed33f2158e5f3ff6bb1a3d9c23d9c683df2d270071b8c45acb56662e1ef9e1c159e9537ac633946d82066fb46f60b44cee8506d3465073293d377609ee6bfaee9d6025cb44aa5ce3c1122c57b840d0d79754008c8cb74d037c62439755584288f10ee26cec420721eaf161e3646d27e98aaf97b623eb82143b0d14a8aa60a940d3606a7606e02eceeed3471b32686bfa93531845880d52604b05f06f19842d9c77a769290927cce02a73dfce1618422cd44512815c4985468c39e2a9e6318114cd6a40edb1b3568c43465d05774186ab3f3a8ce90f22e608ed49faa592c3d1fa94855b4ab5c1d8a57a7a539853e0f690cb192e183b483d856a692d8b82a28e9c7700101eb80100000000000000930bdc0e12e0d8fa4f9d3c2d5582b296826f5e7b36361c09234e5255087782f044bc120e77412a61701e87c6b2519880827935edcbbeed99a8ece1b2fa3d21f76b9b42c004f0634f1b9e13b0548d1dafc56a14734bd86fb47d3722f4dba2fb61b000ee3ce337e056bcda07a0f2f71573ec1401ee03e2b6010fe11fbbaebdb18123b7e0481645357b0b39d55e5f562085e6b39d77e4307c36d377090d0c85bb4e938ecec7e82115ddb8e4d61d7cba6c405b8884b54ecdd79ebdc406073221c88ab0df1191bfcb2e42a1646c5166ab759610a01211ecb2c05dee7941f4a19c4e1172c615eb64f9618a9ba2c189025c3a036bfeb1727baadae613c06f7a4aa9b15e325dd316e6d6014d946b8bc06e1daa16938f7fd4942a97d6b12365e6af938a8d155aeef69471826e2b8e19e677f2ce16267bd5b7f8822459c569497d69ff0d0ab37ef1cb02f0f9b3b9abf471ae09e3424d91a8b15298005648aae56037b700000000000000", 0x2b3) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/nfs/parameters/nfs_idmap_cache_timeout\x00', 0xc2902, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/controlC1\x00', 0xa02, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f00000001c0)={{@inferred=0x0, 0x7, 0x109, 0x7, "aab8e80600080043529f895cf5e8ec8f46cbb766439daa41e1aa00000000001200000000070a00", @raw=0x2}, 0x6, 0x8, 0x6, @raw=0xd7, @enumerated={0x46, 0xffff, "3a451db75512bd3527fc812ba5063f658f3a83495f2f7e8b4b84d579e75c002e35796b745e9f1f32cbfbdc296577c42c2257f3cdba1288075707bcc50e018166", 0x10000000009e, 0x9}, "a4699d30a05edbe0d28473c399a7dc920b153e9b1675451d7de94b4123f970bedd3460c667373fcc59b584d81592f6ab606c276852295e00af49e6de6e768034"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_REMOVE(r2, 0xc0405519, &(0x7f00000000c0)={@inferred=r3, 0x7, 0xd, 0xa4, "e3eabf11dce36a2eac9cb4682c339b3ce615a9b97386d4462bc6553245da56e4978f37368e849db4a6e0aa4e", @raw=0xa2cfa1c}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/pagemap\x00', 0x201, 0x0) ioctl$auto_PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x3, 0x7fffbfffefff, 0xfffffffffffffffe, 0x0, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0xffffffffffffffff}) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) r5 = openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, &(0x7f0000000180), 0x28400, 0x0) readv$auto(r5, &(0x7f0000000040)={&(0x7f0000000000), 0xfff}, 0x6) unshare$auto(0x40000080) r6 = clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x5) getsid$auto(r6) 6.354926733s ago: executing program 38 (id=8855): socket(0xa, 0x3, 0x3b) mmap$auto(0x0, 0x400008, 0x4, 0xa910, 0xffffffffffffffff, 0x8000) io_uring_setup$auto(0x6, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0xa0681, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_LOCK(r0, 0x40405514, 0x0) set_mempolicy$auto(0x6, &(0x7f0000000080)=0x3, 0x21) unshare$auto(0x40000080) openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x0, 0x0) msgctl$auto_IPC_RMID(0x4, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) writev$auto(0xffffffffffffffff, 0x0, 0x8) write$auto(r1, 0x0, 0x100000a3d9) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video43\x00', 0x129900, 0x0) socket(0x2, 0x1, 0x106) ppoll$auto(&(0x7f0000000200)={r2, 0x6, 0x6}, 0x8, 0x0, 0x0, 0x8) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video43\x00', 0x129900, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) msgrcv$auto(0x9, 0x0, 0xfffffffffffffffd, 0x6, 0x80008) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x8a141, 0x0) 4.65764362s ago: executing program 4 (id=8902): mmap$auto(0x0, 0xa00006, 0x400002, 0x40eb1, 0x602, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x13e, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0xfffffdef) open(&(0x7f0000000040)='./file0\x00', 0x169443, 0x114) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) read$auto(r1, &(0x7f0000000000)='\x00', 0x91e2) socket(0x2, 0x1, 0x3) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D0p\x00', 0x3fce04add3ecb750, 0x0) socket(0x10, 0x2, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000400)='/dev/binderfs/binder0\x00', 0x0, 0x0) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x1f, 0xe, 0x4) socket(0x10, 0x2, 0xc) write$auto(r2, 0x0, 0xfdef) socket$nl_generic(0x10, 0x3, 0x10) prctl$auto(0x3, 0x1, 0x0, 0x1, 0x0) 3.704236889s ago: executing program 4 (id=8903): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) r0 = openat$auto_sw_sync_debugfs_fops_sync_debug(0xffffffffffffff9c, &(0x7f0000000000), 0xc0040, 0x0) ioctl$auto_SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1, "36a2662b59209f6bd4aafa4ed15fdb9c791daf044ae6ff089930def80ce28999"}) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x2, 0x1d2c, 0x3, 0x4, 0x15f4da0e, 0x6, 0x9, 0x100000000000000c, 0x8, 0x4, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0x2c, 0x1, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) bind$auto(0x3, 0x0, 0x6a) mmap$auto(0x3, 0xfffffffffffffff7, 0x5, 0x13, 0xffffffffffffffff, 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, 0x0, 0x28800, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, 0x0, 0x1fb, 0x81) 3.209692987s ago: executing program 9 (id=8905): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000008140)='/sys/kernel/debug/tracing/per_cpu/cpu1/buffer_size_kb\x00', 0x80100, 0x0) read$auto_tracing_entries_fops_trace(r1, 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001d80)='/sys/devices/virtual/sound/ctl-led/speaker/card0/attach\x00', 0x1, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)='1', 0x1) mmap$auto(0x6a, 0x4000b, 0x7, 0x9b72, 0x7, 0x28000) inotify_init1$auto(0x800) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000001080)='/sys/devices/system/clockevents/clockevent0/current_device\x00', 0x80500, 0x0) mmap$auto(0x0, 0x2000d, 0x4000000000df, 0xeb1, 0x800000404, 0x8000) r3 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) socketpair$auto(0x1001, 0x3, 0x7fff, 0x0) remap_file_pages$auto(0x6a2a, 0x101, 0x953b, 0xb6c, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) read$auto_proc_pid_maps_operations_internal(r3, &(0x7f00000020c0)=""/4093, 0xffd) open(0x0, 0x22240, 0x55) openat$auto_trace_fops_debugfs(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$auto(0x3, 0x80286f4e, 0xffffffffffffffff) r4 = openat$auto_proc_pid_numa_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/thread-self/numa_maps\x00', 0x20000, 0x0) read$auto_proc_sessionid_operations_base(r4, &(0x7f00000000c0)=""/4073, 0xfe9) openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f0000000080), 0x10100, 0x0) 2.686440067s ago: executing program 9 (id=8906): mmap$auto(0x1000, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000140), 0x2002, 0x0) sendmsg$auto_TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=ANY=[@ANYBLOB="2ea56e29612ddc6c333ab48c54df9e", @ANYRES16, @ANYBLOB="01002abd7000fedbdf250b000000"], 0x14}, 0x1, 0x2000000, 0x0, 0x40200c0}, 0x20040880) migrate_pages$auto(0x0, 0x4, 0x0, 0x0) r0 = getpid() r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/015/001\x00', 0xa901, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) madvise$auto(0x0, 0x2003f0, 0x11) personality$auto(0xfffffffc) statx$auto(r1, 0x0, 0x9, 0x2, 0x0) socket(0x2, 0x1, 0x0) process_vm_readv$auto(r0, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0xa, 0x0) 2.427318855s ago: executing program 9 (id=8907): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(r0, 0x0, 0x6, 0x700, 0x0) close_range$auto(0x0, 0x5, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r2 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x541c, r2) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x8, 0x8, 0x1, 0x2, 0x4, 0x15f4da12, 0x3, 0xd08, 0x8, 0x8, 0x4, 0x6d3f, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0xa, 0x0) read$auto_trace_fops_debugfs(r0, 0x0, 0x0) timerfd_create$auto_CLOCK_BOOTTIME(0x7, 0x0) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x47, 0x4a}) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5aa, &(0x7f0000000100)={&(0x7f0000000180)="e9", 0x36}, 0x5, 0x0, 0x0, 0x1001}, 0x5}, 0x2, 0x140) 2.10082834s ago: executing program 9 (id=8908): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/006/001\x00', 0xa901, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) preadv2$auto(r1, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) bind$auto(0xffffffffffffffff, 0x0, 0x80) socket(0xf, 0xa, 0x5) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto(0x3, 0x80045439, 0x10000000000402) ioperm$auto(0x7, 0x75, 0x4) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/0000:00:02.0/Virtual-2/force\x00', 0x210080, 0x0) 1.435321453s ago: executing program 4 (id=8909): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x3, 0x9) capset$auto(0x0, &(0x7f0000000000)={0x1, 0x6, 0x48}) sendmmsg$auto(r0, &(0x7f0000000640)={{&(0x7f0000000000), 0x5ae, &(0x7f0000000100)={0x0, 0x13}, 0x5, 0x0, 0x5, 0x1}, 0x1}, 0x1a000, 0x100) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x40080}, 0x40) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x181881, 0x0) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sg0\x00', 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) pread64$auto(r1, &(0x7f0000000140)='[/]&].%[[[\\&.#}}\x00', 0x9, 0x7f) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) r2 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x801, 0x0) poll$auto(&(0x7f0000000480)={r2, 0x8000, 0xff81}, 0x7, 0x54b) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) write$auto(0x3, 0x0, 0xfdef) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) execve$auto(&(0x7f0000000040)=':,\x00', 0x0, &(0x7f0000000200)=&(0x7f00000001c0)=':,\x00') 880.792725ms ago: executing program 9 (id=8911): r0 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x23, 0x0, 0x9) open(&(0x7f0000000800)='./file0\x00', 0x22240, 0x154) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x100) r1 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x0) shmctl$auto(0x0, 0xe, 0x0) socket(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) bpf$auto(0x0, 0x0, 0xa3) read$auto(0x3, 0x0, 0x80) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000000), r1) sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) 394.626169ms ago: executing program 4 (id=8912): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0x408, 0x7, 0x1ff, 0x7, 0x42, 0xfff, 0x1ffdf, 0x7, 0x200003, 0x2, 0xa121, 0x3, 0x6, 0x4, 0xb4, 0xa, 0x6, 0x10001, 0x80, 0x100000000, 0x0, 0x7, 0x2100, 0x200, 0x0, 0x84, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, 0x1fe, 0xd) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000080), r0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'vlan1\x00', 0x0}) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r1, 0x1, 0x70bd27, 0x25dfdbfe, {}, [@NETDEV_A_DMABUF_IFINDEX={0x8, 0x1, r2}, @NETDEV_A_DMABUF_FD={0x8, 0x3, r0}, @NETDEV_A_DMABUF_QUEUES={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000000}, 0x4) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2000, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, 0x0, 0x1fe, 0xd) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r3, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x2020005, 0x2, 0x110, r0, 0x7fff) r4 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0xb8, 0x100000000, 0x5, 0x1b, 0x93c, 0x1ffdc, 0x7, 0x2000000000000006, 0x2, 0x9, 0x5, 0x2, 0x8001, 0xae, 0x9, 0x922, 0x7, 0x5, 0x5, 0x3, 0xfffffffe, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000]}, 0x1fe, 0x81) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r5 = socket(0x2b, 0x1, 0x1) ioctl$auto(r5, 0x8901, 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r4, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xdc5e}, 0x800}, 0x7, 0x4008) 0s ago: executing program 9 (id=8913): r0 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_OWNER(r0, 0xaf01, 0x5) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/006/001\x00', 0xa901, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) preadv2$auto(r1, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0xffffffffffffffff, 0x4, 0x2e) ioctl$auto_BLKFLSBUF(r1, 0x1261, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) mmap$auto(0x1, 0x40009, 0xdf, 0x13, 0xffffffffffffffff, 0x10001) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) bind$auto(0xffffffffffffffff, 0x0, 0x80) socket(0xf, 0xa, 0x5) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/pts/ptmx\x00', 0x0, 0x0) ioctl$auto(0x3, 0x80045439, 0x10000000000402) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) kexec_load$auto(0xff, 0x2, &(0x7f0000000080)={@kbuf=0x0, 0x2, 0x8000, 0x3000}, 0x4) openat$auto_drm_connector_fops_drm_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/dri/0000:00:02.0/Virtual-2/force\x00', 0x210080, 0x0) kernel console output (not intermixed with test programs): ozen_pages_noprof+0x10/0x10 [ 1373.775815][T29422] ? rcu_read_unlock+0x17/0x60 [ 1373.775841][T29422] ? __alloc_frozen_pages_noprof+0x292/0x2470 [ 1373.775856][T29422] ? stack_trace_save+0x8e/0xc0 [ 1373.775873][T29422] ? __pfx_stack_trace_save+0x10/0x10 [ 1373.775888][T29422] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1373.775912][T29422] ? policy_nodemask+0xea/0x4e0 [ 1373.775933][T29422] alloc_pages_mpol+0x1fb/0x550 [ 1373.775953][T29422] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1373.775970][T29422] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1373.775991][T29422] alloc_pages_noprof+0x131/0x390 [ 1373.776010][T29422] __pud_alloc+0x3b/0x6b0 [ 1373.776031][T29422] walk_to_pmd+0x35a/0x4c0 [ 1373.776052][T29422] __get_locked_pte+0x25/0xc0 [ 1373.776072][T29422] map_ldt_struct+0x3b0/0xa60 [ 1373.776091][T29422] ? __pfx_map_ldt_struct+0x10/0x10 [ 1373.776106][T29422] ? alloc_pages_noprof+0x23c/0x390 [ 1373.776128][T29422] write_ldt+0x8fa/0xd20 [ 1373.776145][T29422] ? __pfx_write_ldt+0x10/0x10 [ 1373.776158][T29422] ? fput+0x9b/0xd0 [ 1373.776178][T29422] ? __pfx_ksys_write+0x10/0x10 [ 1373.776197][T29422] __x64_sys_modify_ldt+0xb1/0x170 [ 1373.776212][T29422] do_syscall_64+0xcd/0xfa0 [ 1373.776230][T29422] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1373.776245][T29422] RIP: 0033:0x7ff21e38efc9 [ 1373.776257][T29422] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1373.776271][T29422] RSP: 002b:00007ff21f192038 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 1373.776286][T29422] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1373.776296][T29422] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000001 [ 1373.776304][T29422] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1373.776313][T29422] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1373.776321][T29422] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1373.776341][T29422] [ 1374.862581][T29427] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1374.897081][T29427] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1374.933663][T29427] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1374.998232][T29432] ERROR: Out of memory at tomoyo_memory_ok. [ 1375.051523][T29436] random: crng reseeded on system resumption [ 1375.589120][T29436] Restarting kernel threads ... [ 1375.606443][T29436] Done restarting kernel threads. [ 1376.666076][T29455] i2c i2c-0: new_device: Extra parameters [ 1376.889550][T28699] Bluetooth: hci3: command 0x0c1a tx timeout [ 1377.045786][T28699] Bluetooth: hci0: command 0x0c1a tx timeout [ 1377.051835][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 1378.964821][T29478] netlink: 98 bytes leftover after parsing attributes in process `syz.3.8164'. [ 1379.012742][T29482] ERROR: Out of memory at tomoyo_memory_ok. [ 1379.044545][T29478] netlink: 2 bytes leftover after parsing attributes in process `syz.3.8164'. [ 1380.025014][T29491] input: jJΗΈ-Άš9γ%vψ“ϋ¨lΠQ  J86Φ‘ as /devices/virtual/input/input38 [ 1380.085476][T29495] netlink: 'syz.4.8165': attribute type 1 has an invalid length. [ 1380.104104][ T5182] ERROR: Out of memory at tomoyo_memory_ok. [ 1381.753287][T29498] Process accounting resumed [ 1384.053716][T29532] sp0: Synchronizing with TNC [ 1386.854598][T29549] sp0: Synchronizing with TNC [ 1386.886138][T29550] sp0: Found TNC [ 1387.077137][T29557] input: jJΗΈνΈό;9γ%vψ“ϋ¨lΠQ  J86Φ‘ as /devices/virtual/input/input39 [ 1387.468092][T29559] netlink: 5 bytes leftover after parsing attributes in process `syz.6.8185'. [ 1389.399013][T29590] sp0: Synchronizing with TNC [ 1389.784044][T29571] kexec: Could not allocate control_code_buffer [ 1390.184633][T29599] ERROR: Out of memory at tomoyo_memory_ok. [ 1390.296111][T29601] FAULT_INJECTION: forcing a failure. [ 1390.296111][T29601] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1390.429821][T29601] CPU: 0 UID: 0 PID: 29601 Comm: syz.6.8198 Tainted: G U syzkaller #0 PREEMPT(full) [ 1390.429848][T29601] Tainted: [U]=USER [ 1390.429854][T29601] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1390.429863][T29601] Call Trace: [ 1390.429869][T29601] [ 1390.429875][T29601] dump_stack_lvl+0x16c/0x1f0 [ 1390.429895][T29601] should_fail_ex+0x512/0x640 [ 1390.429921][T29601] should_fail_alloc_page+0xe7/0x130 [ 1390.429943][T29601] prepare_alloc_pages+0x3c2/0x610 [ 1390.429966][T29601] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 1390.429982][T29601] ? __pfx_page_vma_mapped_walk+0x10/0x10 [ 1390.430000][T29601] ? folio_remove_rmap_ptes+0x39e/0xee0 [ 1390.430026][T29601] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1390.430052][T29601] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1390.430077][T29601] ? policy_nodemask+0xea/0x4e0 [ 1390.430098][T29601] alloc_pages_mpol+0x1fb/0x550 [ 1390.430118][T29601] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1390.430141][T29601] folio_alloc_mpol_noprof+0x36/0x2f0 [ 1390.430164][T29601] alloc_migration_target_by_mpol+0x246/0x500 [ 1390.430188][T29601] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1390.430209][T29601] ? __pfx_folio_lock_anon_vma_read+0x10/0x10 [ 1390.430231][T29601] ? __pfx___might_resched+0x10/0x10 [ 1390.430247][T29601] ? folio_get_anon_vma+0xdd/0x760 [ 1390.430271][T29601] migrate_pages_batch+0x3bc/0x3bb0 [ 1390.430294][T29601] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1390.430323][T29601] ? __pfx_migrate_pages_batch+0x10/0x10 [ 1390.430348][T29601] ? __pfx_walk_pgd_range+0x10/0x10 [ 1390.430365][T29601] migrate_pages_sync+0x12d/0x8a0 [ 1390.430387][T29601] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1390.430413][T29601] ? queue_pages_test_walk+0x279/0x410 [ 1390.430433][T29601] ? __pfx_migrate_pages_sync+0x10/0x10 [ 1390.430455][T29601] ? walk_page_test+0x9b/0x180 [ 1390.430476][T29601] migrate_pages+0x1b5f/0x23a0 [ 1390.430499][T29601] ? __pfx_alloc_migration_target_by_mpol+0x10/0x10 [ 1390.430527][T29601] ? __pfx_migrate_pages+0x10/0x10 [ 1390.430548][T29601] ? mas_next_slot+0x12d3/0x1cb0 [ 1390.430566][T29601] ? find_held_lock+0x2b/0x80 [ 1390.430586][T29601] ? up_write+0x1b2/0x520 [ 1390.430608][T29601] do_mbind+0x6e2/0xf20 [ 1390.430635][T29601] ? __pfx_do_mbind+0x10/0x10 [ 1390.430668][T29601] ? __pfx_get_nodes+0x10/0x10 [ 1390.430690][T29601] kernel_mbind+0x1e3/0x1f0 [ 1390.430713][T29601] ? __pfx_kernel_mbind+0x10/0x10 [ 1390.430750][T29601] do_syscall_64+0xcd/0xfa0 [ 1390.430769][T29601] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1390.430784][T29601] RIP: 0033:0x7f923678efc9 [ 1390.430798][T29601] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1390.430812][T29601] RSP: 002b:00007f92375dd038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 1390.430827][T29601] RAX: ffffffffffffffda RBX: 00007f92369e6180 RCX: 00007f923678efc9 [ 1390.430838][T29601] RDX: 0000000100000000 RSI: 0000000100000004 RDI: 0000000000002000 [ 1390.430847][T29601] RBP: 00007f9236811f91 R08: 0000000000001000 R09: 0000000000000002 [ 1390.430857][T29601] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1390.430866][T29601] R13: 00007f92369e6218 R14: 00007f92369e6180 R15: 00007fffde27d548 [ 1390.430886][T29601] [ 1391.837715][T29612] random: crng reseeded on system resumption [ 1392.155601][T29618] netlink: 338 bytes leftover after parsing attributes in process `syz.6.8205'. [ 1392.244578][T29622] Loading of unsigned module is rejected [ 1392.264502][T29618] netlink: 338 bytes leftover after parsing attributes in process `syz.6.8205'. [ 1392.620677][T29622] netlink: 330 bytes leftover after parsing attributes in process `syz.5.8206'. [ 1393.005625][T29630] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8208'. [ 1393.774803][T29643] program syz.4.8214 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1395.634298][T29661] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8220'. [ 1395.771892][T29661] hsr_slave_1: left promiscuous mode [ 1396.213503][T29666] netlink: 17 bytes leftover after parsing attributes in process `syz.5.8221'. [ 1396.530355][T29671] netlink: 186 bytes leftover after parsing attributes in process `syz.6.8222'. [ 1396.630402][T29668] can: request_module (can-proto-5) failed. [ 1396.795640][T29673] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8223'. [ 1397.488834][T29683] bond0: invalid ARP target specified [ 1397.558418][T29683] ERROR: Out of memory at tomoyo_memory_ok. [ 1399.112320][T29699] zswap: compressor not available [ 1400.768202][T29719] netlink: 16 bytes leftover after parsing attributes in process `syz.4.8234'. [ 1400.880277][T29722] netlink: 93 bytes leftover after parsing attributes in process `syz.4.8234'. [ 1401.406249][T29727] ERROR: Out of memory at tomoyo_memory_ok. [ 1405.611822][T29759] Falling back ldisc for pty66. [ 1405.736635][T29761] netlink: 25 bytes leftover after parsing attributes in process `syz.6.8242'. [ 1407.347595][T29782] netlink: 9 bytes leftover after parsing attributes in process `syz.3.8247'. [ 1408.761294][T29795] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input40 [ 1409.250370][ T5182] ERROR: Out of memory at tomoyo_memory_ok. [ 1412.668151][T29825] ERROR: Out of memory at tomoyo_memory_ok. [ 1412.704242][T29814] Process accounting paused [ 1412.878800][T27338] Process accounting resumed [ 1414.650947][T29849] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8265'. [ 1414.803777][T29845] FAULT_INJECTION: forcing a failure. [ 1414.803777][T29845] name failslab, interval 1, probability 393216, space 0, times 0 [ 1414.948587][T29845] CPU: 0 UID: 0 PID: 29845 Comm: syz.4.8264 Tainted: G U syzkaller #0 PREEMPT(full) [ 1414.948614][T29845] Tainted: [U]=USER [ 1414.948620][T29845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1414.948629][T29845] Call Trace: [ 1414.948634][T29845] [ 1414.948641][T29845] dump_stack_lvl+0x16c/0x1f0 [ 1414.948663][T29845] should_fail_ex+0x512/0x640 [ 1414.948685][T29845] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1414.948702][T29845] should_failslab+0xc2/0x120 [ 1414.948722][T29845] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1414.948737][T29845] ? ptlock_alloc+0x1f/0x70 [ 1414.948765][T29845] ? ptlock_alloc+0x1f/0x70 [ 1414.948784][T29845] ptlock_alloc+0x1f/0x70 [ 1414.948805][T29845] pte_alloc_one+0x84/0x350 [ 1414.948823][T29845] __pte_alloc+0x6d/0x380 [ 1414.948840][T29845] ? __pfx___pte_alloc+0x10/0x10 [ 1414.948857][T29845] ? _raw_spin_unlock+0x28/0x50 [ 1414.948870][T29845] ? __pmd_alloc+0x64f/0x8b0 [ 1414.948890][T29845] copy_page_range+0x44a1/0x6930 [ 1414.948935][T29845] ? __pfx_copy_page_range+0x10/0x10 [ 1414.948959][T29845] ? mas_store+0x860/0x1030 [ 1414.948975][T29845] ? __pfx___might_resched+0x10/0x10 [ 1414.948991][T29845] ? find_held_lock+0x2b/0x80 [ 1414.949007][T29845] ? __pfx_mas_store+0x10/0x10 [ 1414.949023][T29845] ? __vma_enter_locked+0x163/0x3f0 [ 1414.949054][T29845] dup_mmap+0xe80/0x2280 [ 1414.949081][T29845] ? __pfx_dup_mmap+0x10/0x10 [ 1414.949120][T29845] copy_process+0x3f0c/0x76a0 [ 1414.949139][T29845] ? __pfx___futex_wait+0x10/0x10 [ 1414.949170][T29845] ? __pfx_copy_process+0x10/0x10 [ 1414.949187][T29845] ? futex_private_hash_put+0x176/0x300 [ 1414.949209][T29845] ? futex_private_hash_put+0x18a/0x300 [ 1414.949231][T29845] kernel_clone+0xfc/0x930 [ 1414.949250][T29845] ? __pfx_kernel_clone+0x10/0x10 [ 1414.949279][T29845] __do_sys_clone+0xce/0x120 [ 1414.949296][T29845] ? __pfx___do_sys_clone+0x10/0x10 [ 1414.949314][T29845] ? ksys_unshare+0x687/0xa40 [ 1414.949340][T29845] ? xfd_validate_state+0x61/0x180 [ 1414.949367][T29845] do_syscall_64+0xcd/0xfa0 [ 1414.949384][T29845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1414.949399][T29845] RIP: 0033:0x7ff21e38efc9 [ 1414.949412][T29845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1414.949426][T29845] RSP: 002b:00007ff21f191fe8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1414.949440][T29845] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1414.949450][T29845] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000002360411 [ 1414.949458][T29845] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1414.949467][T29845] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1414.949476][T29845] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1414.949496][T29845] [ 1416.526018][T29857] FAULT_INJECTION: forcing a failure. [ 1416.526018][T29857] name failslab, interval 1, probability 393216, space 0, times 0 [ 1416.709385][T29857] CPU: 0 UID: 0 PID: 29857 Comm: syz.6.8267 Tainted: G U syzkaller #0 PREEMPT(full) [ 1416.709412][T29857] Tainted: [U]=USER [ 1416.709418][T29857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1416.709427][T29857] Call Trace: [ 1416.709433][T29857] [ 1416.709440][T29857] dump_stack_lvl+0x16c/0x1f0 [ 1416.709462][T29857] should_fail_ex+0x512/0x640 [ 1416.709485][T29857] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1416.709504][T29857] should_failslab+0xc2/0x120 [ 1416.709524][T29857] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1416.709539][T29857] ? __kernfs_new_node+0xd2/0x8e0 [ 1416.709561][T29857] ? __kernfs_new_node+0xd2/0x8e0 [ 1416.709578][T29857] __kernfs_new_node+0xd2/0x8e0 [ 1416.709597][T29857] ? kernfs_add_one+0x14e/0x840 [ 1416.709616][T29857] ? __pfx___kernfs_new_node+0x10/0x10 [ 1416.709639][T29857] ? find_held_lock+0x2b/0x80 [ 1416.709655][T29857] ? kernfs_root+0xee/0x2a0 [ 1416.709676][T29857] kernfs_new_node+0x13c/0x1e0 [ 1416.709700][T29857] kernfs_create_link+0xcc/0x240 [ 1416.709717][T29857] sysfs_do_create_link_sd+0x90/0x140 [ 1416.709736][T29857] sysfs_create_link+0x61/0xc0 [ 1416.709754][T29857] device_add+0x50a/0x1aa0 [ 1416.709778][T29857] ? __pfx_device_add+0x10/0x10 [ 1416.709803][T29857] ? kfree_const+0x55/0x60 [ 1416.709820][T29857] device_create_groups_vargs+0x1f8/0x270 [ 1416.709845][T29857] device_create+0xed/0x130 [ 1416.709878][T29857] ? __pfx_device_create+0x10/0x10 [ 1416.709902][T29857] ? do_init_timer+0xc9/0x110 [ 1416.709928][T29857] ? ieee80211_roc_setup+0x136/0x270 [ 1416.709944][T29857] ? ieee80211_alloc_hw_nm+0x231/0x22b0 [ 1416.709966][T29857] mac80211_hwsim_new_radio+0x36a/0x50b0 [ 1416.709991][T29857] ? __asan_memset+0x23/0x50 [ 1416.710007][T29857] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1416.710028][T29857] hwsim_new_radio_nl+0xba2/0x1330 [ 1416.710045][T29857] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1416.710066][T29857] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1aa/0x290 [ 1416.710085][T29857] ? genl_family_rcv_msg_attrs_parse.constprop.0+0x1b4/0x290 [ 1416.710108][T29857] genl_family_rcv_msg_doit+0x209/0x2f0 [ 1416.710127][T29857] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1416.710151][T29857] ? bpf_lsm_capable+0x9/0x10 [ 1416.710169][T29857] ? security_capable+0x7e/0x260 [ 1416.710190][T29857] ? ns_capable+0xd7/0x110 [ 1416.710207][T29857] genl_rcv_msg+0x55c/0x800 [ 1416.710226][T29857] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1416.710244][T29857] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1416.710261][T29857] ? __lock_acquire+0x622/0x1c90 [ 1416.710284][T29857] netlink_rcv_skb+0x158/0x420 [ 1416.710299][T29857] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1416.710317][T29857] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1416.710341][T29857] ? netlink_deliver_tap+0x1ae/0xd30 [ 1416.710358][T29857] genl_rcv+0x28/0x40 [ 1416.710373][T29857] netlink_unicast+0x5aa/0x870 [ 1416.710390][T29857] ? __pfx_netlink_unicast+0x10/0x10 [ 1416.710413][T29857] netlink_sendmsg+0x8c8/0xdd0 [ 1416.710431][T29857] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1416.710448][T29857] ? aa_sock_msg_perm.constprop.0+0x100/0x1d0 [ 1416.710472][T29857] ____sys_sendmsg+0xa98/0xc70 [ 1416.710491][T29857] ? copy_msghdr_from_user+0x10a/0x160 [ 1416.710504][T29857] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1416.710526][T29857] ? __pfx_futex_wake_mark+0x10/0x10 [ 1416.710551][T29857] ___sys_sendmsg+0x134/0x1d0 [ 1416.710563][T29857] ? futex_private_hash_put+0x176/0x300 [ 1416.710582][T29857] ? __pfx____sys_sendmsg+0x10/0x10 [ 1416.710594][T29857] ? __lock_acquire+0x622/0x1c90 [ 1416.710636][T29857] __sys_sendmsg+0x16d/0x220 [ 1416.710650][T29857] ? __pfx___sys_sendmsg+0x10/0x10 [ 1416.710663][T29857] ? __x64_sys_futex+0x1e0/0x4c0 [ 1416.710694][T29857] do_syscall_64+0xcd/0xfa0 [ 1416.710712][T29857] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1416.710728][T29857] RIP: 0033:0x7f923678efc9 [ 1416.710742][T29857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1416.710756][T29857] RSP: 002b:00007f923761f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1416.710771][T29857] RAX: ffffffffffffffda RBX: 00007f92369e5fa0 RCX: 00007f923678efc9 [ 1416.710781][T29857] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 000000000000000c [ 1416.710790][T29857] RBP: 00007f9236811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1416.710799][T29857] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1416.710808][T29857] R13: 00007f92369e6038 R14: 00007f92369e5fa0 R15: 00007fffde27d548 [ 1416.710828][T29857] [ 1420.974955][T29874] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8270'. [ 1421.073859][T29874] netlink: 'syz.5.8270': attribute type 1 has an invalid length. [ 1421.146368][T29874] netlink: 'syz.5.8270': attribute type 6 has an invalid length. [ 1423.891297][T29899] ERROR: Out of memory at tomoyo_memory_ok. [ 1424.224365][T29904] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8275'. [ 1424.641695][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1424.648775][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1426.371024][T29918] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8280'. [ 1426.482712][T29924] netlink: 354 bytes leftover after parsing attributes in process `syz.6.8280'. [ 1426.532334][T29920] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1426.579822][T29920] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1426.726660][T29920] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1427.077005][T29931] serio: Serial port ttyS0 [ 1428.369258][T29893] kexec: Could not allocate control_code_buffer [ 1428.540547][T28699] Bluetooth: hci3: command 0x0c1a tx timeout [ 1428.621059][T28699] Bluetooth: hci4: command 0x0c1a tx timeout [ 1428.682027][T29945] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8288'. [ 1428.756797][T29945] bridge0: entered promiscuous mode [ 1428.762023][T29945] bridge0: entered allmulticast mode [ 1428.776635][T28699] Bluetooth: hci0: command 0x0c1a tx timeout [ 1428.956390][T29952] netlink: 334 bytes leftover after parsing attributes in process `syz.6.8289'. [ 1429.553557][T29951] FAULT_INJECTION: forcing a failure. [ 1429.553557][T29951] name failslab, interval 1, probability 393216, space 0, times 0 [ 1429.660100][T29951] CPU: 0 UID: 0 PID: 29951 Comm: syz.4.8290 Tainted: G U syzkaller #0 PREEMPT(full) [ 1429.660128][T29951] Tainted: [U]=USER [ 1429.660134][T29951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1429.660143][T29951] Call Trace: [ 1429.660149][T29951] [ 1429.660157][T29951] dump_stack_lvl+0x16c/0x1f0 [ 1429.660179][T29951] should_fail_ex+0x512/0x640 [ 1429.660202][T29951] ? fs_reclaim_acquire+0xae/0x150 [ 1429.660223][T29951] should_failslab+0xc2/0x120 [ 1429.660243][T29951] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1429.660260][T29951] ? __pfx_map_id_range_down+0x10/0x10 [ 1429.660281][T29951] ? security_inode_alloc+0x3b/0x2b0 [ 1429.660306][T29951] ? security_inode_alloc+0x3b/0x2b0 [ 1429.660326][T29951] security_inode_alloc+0x3b/0x2b0 [ 1429.660348][T29951] inode_init_always_gfp+0xce4/0x1030 [ 1429.660366][T29951] alloc_inode+0x86/0x240 [ 1429.660385][T29951] sock_alloc+0x40/0x280 [ 1429.660402][T29951] __sock_create+0xc1/0x8d0 [ 1429.660423][T29951] __sys_socket+0x14d/0x260 [ 1429.660442][T29951] ? __pfx___sys_socket+0x10/0x10 [ 1429.660461][T29951] ? do_user_addr_fault+0x843/0x1370 [ 1429.660479][T29951] __x64_sys_socket+0x72/0xb0 [ 1429.660497][T29951] ? lockdep_hardirqs_on+0x7c/0x110 [ 1429.660513][T29951] do_syscall_64+0xcd/0xfa0 [ 1429.660530][T29951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1429.660545][T29951] RIP: 0033:0x7ff21e390ee7 [ 1429.660558][T29951] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1429.660572][T29951] RSP: 002b:00007ff21f16ffa8 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 1429.660587][T29951] RAX: ffffffffffffffda RBX: 00007ff21e5e6090 RCX: 00007ff21e390ee7 [ 1429.660596][T29951] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 1429.660613][T29951] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 1429.660623][T29951] R10: 0000200000000140 R11: 0000000000000286 R12: 0000000000000000 [ 1429.660632][T29951] R13: 00007ff21e5e6128 R14: 00007ff21e5e6090 R15: 00007ffdfb7db798 [ 1429.660652][T29951] [ 1429.660680][T29951] socket: no more sockets [ 1434.303100][T29962] kexec: Could not allocate control_code_buffer [ 1435.211907][T29994] ERROR: Out of memory at tomoyo_memory_ok. [ 1435.239308][T29997] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8301'. [ 1436.044228][T30005] Loading of unsigned module is rejected [ 1436.702147][T30013] nbd: socks must be embedded in a SOCK_ITEM attr [ 1437.169082][T30019] netlink: 9 bytes leftover after parsing attributes in process `syz.4.8307'. [ 1437.501917][T30026] random: crng reseeded on system resumption [ 1438.805280][T30014] ptrace attach of "./syz-executor exec"[19158] was attempted by "θu›Ο‚·ύ˜c\x5c\x1boS%ΛA:BdCΝ-\x07»¦ύ…:^…(^lQ”…Δ\x07\x076¨#₯BœΓŽ™@¦ΰ„ΫήοyΆ„)K€Pσ¬;lZ>PΏπr!©ΐ3έu,λκΑμE‰\x1b,슴/!‰tZ‘“Z1\x07=XšM8)ο£\x0aDό\x0c%JSτ£ehcbk˜\x07'ρW›†”ͺΊ2Ύ‘4ΐŒε\x09eƒ»lμUoΨ†τ*ADW3©TyΥή0Oι9Φyf=ψ’‘ Ψ­Τz#(E'G°­&6›₯\x07Ωh%u­BβΤS]Έ\x22Α­ώAšΛNωr· ;pή€εS0Φ+ΈΕ-³y37%Τμ&<~μα˜κΧ'ΰ0-‚o\x22Λ\x07'ŸxW\x09£Φ3B%gŠ—έσynΖ=ό2ΛDŠ\x0aύη±\x0b]²μ%y­|ƒˆ.’Ω'=“&>Νb\x07‡x1{5Lͺω΄ _Œ°Q₯Nχ­\x1b5βތVλ΅Νξπ\x22\x0aλ΄GΈ]Έtoϊ'²πœοΎ΄#Ώ4VJ˜ο&€3P΄μβ’‰άQ΁ƒƒGάκ\x0aM€ΈT_ '„64ά+ͺkYUŸϊσ[}¨„ψ[5iNρώr\x09\x0c2Δ·0ŒωŠ­Π\x0b'υλQQϋY'icϊ›ν%‚“[NV63―ΡdZάm‘€ I’¦ρ-+ H5*Ξ’ψ”δi%ΆαΊλ6\x0cΫ:ύ^\x1b\x221Βμ§BO聀ΨuμRp8%JΜKjΨ‘/–rψκ‰4Šύε%]uΖΰν‰\x09'˜WuOMfΨ7έUΞ[ιIξŽXxλ­2˜HΣ0 ρzυόP\x0d%iΈ”O`υγ ΅ϋεQ°Dx!'—|φ{΄½zδ˜2ƒ\x0ak„Ο‡²’΅΅ϋ‚ιΩ5»#’Tw7₯νΐŸ\x22ϊΧ;ΈiΣΊZΕφk±ΊG—XφFs[L9£ε\x0bΩ Gξ2Αλas:Ζv ‰«W7ο6 β{%P)C› Πω…v—Ž»[!Ta\x5cω!&[pόTT;.wOzuηΘt 7ςY?΅ΗMΉyKλΔgA6ρCnrΠU<ΓRΤ‰φ›\x0aΖΝx³ViόΨ½ΊqD ή›†E—ˆSΈŸŽGNw [ 1439.645312][ T30] audit: type=1800 audit(4294967310.922:37): pid=30046 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.8313" name="features" dev="configfs" ino=268112 res=0 errno=0 [ 1440.197837][T30053] random: crng reseeded on system resumption [ 1440.792701][T30063] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8319'. [ 1441.481813][T30067] 0x000200000001-0xa29656a63616329 : "" [ 1441.487384][T30067] mtd: partition "" is out of reach -- disabled [ 1441.573293][T30067] ftl_cs: FTL header not found. [ 1442.991298][T30050] kexec: Could not allocate control_code_buffer [ 1444.152818][T30087] can0: slcan on pty66. [ 1444.336899][T30091] can0 (unregistered): slcan off pty66. [ 1444.808962][T30098] FAULT_INJECTION: forcing a failure. [ 1444.808962][T30098] name failslab, interval 1, probability 393216, space 0, times 0 [ 1444.916971][T30098] CPU: 0 UID: 0 PID: 30098 Comm: syz.4.8328 Tainted: G U syzkaller #0 PREEMPT(full) [ 1444.917009][T30098] Tainted: [U]=USER [ 1444.917015][T30098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1444.917025][T30098] Call Trace: [ 1444.917030][T30098] [ 1444.917036][T30098] dump_stack_lvl+0x16c/0x1f0 [ 1444.917058][T30098] should_fail_ex+0x512/0x640 [ 1444.917080][T30098] ? trace_fib_table_lookup+0x19f/0x220 [ 1444.917107][T30098] should_failslab+0xc2/0x120 [ 1444.917127][T30098] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1444.917142][T30098] ? dst_alloc+0x99/0x1a0 [ 1444.917166][T30098] ? dst_alloc+0x99/0x1a0 [ 1444.917185][T30098] dst_alloc+0x99/0x1a0 [ 1444.917206][T30098] rt_dst_alloc+0x35/0x3a0 [ 1444.917225][T30098] ip_route_output_key_hash_rcu+0x87a/0x28e0 [ 1444.917252][T30098] ip_route_output_key_hash+0x10f/0x2b0 [ 1444.917273][T30098] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 1444.917297][T30098] ? __call_rcu_common.constprop.0+0x3f0/0xa10 [ 1444.917319][T30098] ? lockdep_hardirqs_on+0x7c/0x110 [ 1444.917335][T30098] ? percpu_counter_add_batch+0xca/0x200 [ 1444.917357][T30098] ip_route_output_flow+0x27/0x150 [ 1444.917379][T30098] __ip4_datagram_connect+0x8bf/0x14c0 [ 1444.917406][T30098] ip4_datagram_connect+0x2e/0x50 [ 1444.917426][T30098] inet_dgram_connect+0x143/0x200 [ 1444.917446][T30098] ? __pfx_inet_dgram_connect+0x10/0x10 [ 1444.917463][T30098] __sys_connect_file+0x141/0x1a0 [ 1444.917486][T30098] __sys_connect+0x13b/0x160 [ 1444.917506][T30098] ? __pfx___sys_connect+0x10/0x10 [ 1444.917532][T30098] ? xfd_validate_state+0x61/0x180 [ 1444.917551][T30098] ? do_execveat_common.isra.0+0x4c6/0x610 [ 1444.917571][T30098] __x64_sys_connect+0x72/0xb0 [ 1444.917590][T30098] ? lockdep_hardirqs_on+0x7c/0x110 [ 1444.917605][T30098] do_syscall_64+0xcd/0xfa0 [ 1444.917623][T30098] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1444.917637][T30098] RIP: 0033:0x7ff21e38efc9 [ 1444.917650][T30098] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1444.917664][T30098] RSP: 002b:00007ff21f171038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1444.917678][T30098] RAX: ffffffffffffffda RBX: 00007ff21e5e6090 RCX: 00007ff21e38efc9 [ 1444.917688][T30098] RDX: 0000000000000054 RSI: 0000200000000080 RDI: 0000000000000003 [ 1444.917697][T30098] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1444.917706][T30098] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1444.917715][T30098] R13: 00007ff21e5e6128 R14: 00007ff21e5e6090 R15: 00007ffdfb7db798 [ 1444.917735][T30098] [ 1446.140028][T30075] Process accounting resumed [ 1446.756041][T30106] ERROR: Out of memory at tomoyo_memory_ok. [ 1448.413898][T30117] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8332'. [ 1451.074142][T30133] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8337'. [ 1452.212452][T30156] ERROR: Out of memory at tomoyo_memory_ok. [ 1452.336974][T30156] FAULT_INJECTION: forcing a failure. [ 1452.336974][T30156] name failslab, interval 1, probability 393216, space 0, times 0 [ 1452.463460][T30156] CPU: 0 UID: 0 PID: 30156 Comm: syz.4.8342 Tainted: G U syzkaller #0 PREEMPT(full) [ 1452.463488][T30156] Tainted: [U]=USER [ 1452.463494][T30156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1452.463503][T30156] Call Trace: [ 1452.463510][T30156] [ 1452.463518][T30156] dump_stack_lvl+0x16c/0x1f0 [ 1452.463539][T30156] should_fail_ex+0x512/0x640 [ 1452.463562][T30156] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 1452.463584][T30156] should_failslab+0xc2/0x120 [ 1452.463605][T30156] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 1452.463624][T30156] ? string+0x2c4/0x4f0 [ 1452.463643][T30156] ? kstrdup_const+0x63/0x80 [ 1452.463663][T30156] ? kstrdup+0x53/0x100 [ 1452.463676][T30156] kstrdup+0x53/0x100 [ 1452.463692][T30156] kstrdup_const+0x63/0x80 [ 1452.463707][T30156] __kernfs_new_node+0x9b/0x8e0 [ 1452.463729][T30156] ? __pfx___kernfs_new_node+0x10/0x10 [ 1452.463752][T30156] ? find_held_lock+0x2b/0x80 [ 1452.463768][T30156] ? kernfs_root+0xee/0x2a0 [ 1452.463789][T30156] kernfs_new_node+0x13c/0x1e0 [ 1452.463813][T30156] __kernfs_create_file+0x53/0x350 [ 1452.463831][T30156] cgroup_addrm_files+0x546/0xc20 [ 1452.463860][T30156] ? __xa_store+0x1dc/0x2e0 [ 1452.463876][T30156] ? __pfx_cgroup_addrm_files+0x10/0x10 [ 1452.463898][T30156] ? __pfx___xa_store+0x10/0x10 [ 1452.463922][T30156] ? do_raw_spin_unlock+0x172/0x230 [ 1452.463947][T30156] css_populate_dir+0x169/0x580 [ 1452.463966][T30156] cgroup_apply_control_enable+0x3f3/0xbb0 [ 1452.463996][T30156] cgroup_mkdir+0x5e0/0x1310 [ 1452.464013][T30156] ? __pfx_cgroup_mkdir+0x10/0x10 [ 1452.464027][T30156] kernfs_iop_mkdir+0x111/0x190 [ 1452.464046][T30156] ? bpf_lsm_inode_mkdir+0x9/0x10 [ 1452.464062][T30156] vfs_mkdir+0x593/0x8c0 [ 1452.464086][T30156] do_mkdirat+0x304/0x3e0 [ 1452.464104][T30156] ? __pfx_do_mkdirat+0x10/0x10 [ 1452.464121][T30156] ? getname_flags.part.0+0x1c5/0x550 [ 1452.464144][T30156] __x64_sys_mkdir+0xef/0x140 [ 1452.464160][T30156] do_syscall_64+0xcd/0xfa0 [ 1452.464178][T30156] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1452.464193][T30156] RIP: 0033:0x7ff21e38efc9 [ 1452.464206][T30156] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1452.464221][T30156] RSP: 002b:00007ff21f192038 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1452.464247][T30156] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1452.464258][T30156] RDX: 0000000000000000 RSI: 00000000000008cd RDI: 0000200000000000 [ 1452.464267][T30156] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1452.464277][T30156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1452.464286][T30156] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1452.464306][T30156] [ 1452.464315][T30156] cgroup: cgroup_addrm_files: failed to add move_charge_at_immigrate, err=-12 [ 1452.971273][T30159] block2mtd: Using custom MTD label '' for dev [ 1453.000612][T30159] block2mtd: error: cannot open device [ 1455.188679][T30182] kvm: vcpu 4: requested lapic timer restore with starting count register 0x390=1569308806 (25108940896 ns) > initial count (13698835952 ns). Using initial count to start timer. [ 1456.605726][T30202] Loading of unsigned module is rejected [ 1457.090234][T30200] delete_channel: no stack [ 1457.929107][T30217] ERROR: Out of memory at tomoyo_memory_ok. [ 1458.332839][T30211] block2mtd: Using custom MTD label '' for dev [ 1458.503164][T30211] block2mtd: error: cannot open device [ 1460.527375][T30254] netlink: 64 bytes leftover after parsing attributes in process `syz.3.8366'. [ 1460.956320][T30260] FAULT_INJECTION: forcing a failure. [ 1460.956320][T30260] name failslab, interval 1, probability 393216, space 0, times 0 [ 1461.057799][T30260] CPU: 0 UID: 0 PID: 30260 Comm: syz.6.8367 Tainted: G U syzkaller #0 PREEMPT(full) [ 1461.057828][T30260] Tainted: [U]=USER [ 1461.057833][T30260] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1461.057843][T30260] Call Trace: [ 1461.057848][T30260] [ 1461.057856][T30260] dump_stack_lvl+0x16c/0x1f0 [ 1461.057878][T30260] should_fail_ex+0x512/0x640 [ 1461.057900][T30260] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1461.057926][T30260] should_failslab+0xc2/0x120 [ 1461.057946][T30260] __kmalloc_cache_noprof+0x72/0x780 [ 1461.057969][T30260] ? kvm_uevent_notify_change.part.0+0x93/0x450 [ 1461.057992][T30260] ? kvm_uevent_notify_change.part.0+0x93/0x450 [ 1461.058010][T30260] kvm_uevent_notify_change.part.0+0x93/0x450 [ 1461.058030][T30260] ? __pfx_kvm_vm_release+0x10/0x10 [ 1461.058044][T30260] kvm_put_kvm+0xe3/0xb00 [ 1461.058060][T30260] ? lockdep_hardirqs_on+0x7c/0x110 [ 1461.058075][T30260] ? _raw_spin_unlock_irq+0x2e/0x50 [ 1461.058091][T30260] ? __pfx_kvm_vm_release+0x10/0x10 [ 1461.058106][T30260] kvm_vm_release+0x3c/0x50 [ 1461.058121][T30260] __fput+0x402/0xb70 [ 1461.058144][T30260] task_work_run+0x150/0x240 [ 1461.058167][T30260] ? __pfx_task_work_run+0x10/0x10 [ 1461.058189][T30260] ? __pfx___do_sys_close_range+0x10/0x10 [ 1461.058208][T30260] exit_to_user_mode_loop+0xec/0x130 [ 1461.058241][T30260] do_syscall_64+0x426/0xfa0 [ 1461.058260][T30260] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1461.058275][T30260] RIP: 0033:0x7f923678efc9 [ 1461.058289][T30260] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1461.058304][T30260] RSP: 002b:00007f92375fe038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1461.058319][T30260] RAX: 0000000000000000 RBX: 00007f92369e6090 RCX: 00007f923678efc9 [ 1461.058329][T30260] RDX: 0000000000000000 RSI: fffffffffffff000 RDI: 0000000000000000 [ 1461.058338][T30260] RBP: 00007f9236811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1461.058346][T30260] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1461.058355][T30260] R13: 00007f92369e6128 R14: 00007f92369e6090 R15: 00007fffde27d548 [ 1461.058374][T30260] [ 1461.273454][ C0] vkms_vblank_simulate: vblank timer overrun [ 1464.606867][T30269] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1464.679186][T30269] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1464.756115][T30269] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1464.831251][T28699] Bluetooth: hci3: command 0x0c1a tx timeout [ 1465.434479][T30289] random: crng reseeded on system resumption [ 1466.663811][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 1466.819131][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 1467.482754][T30315] kAFS: No cell specified [ 1468.330868][T28699] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1468.768775][T30331] random: crng reseeded on system resumption [ 1469.301878][T30335] ERROR: Out of memory at tomoyo_memory_ok. [ 1469.659755][T30340] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8385'. [ 1469.818864][T30340] netlink: 354 bytes leftover after parsing attributes in process `syz.4.8385'. [ 1470.402120][T30347] FAULT_INJECTION: forcing a failure. [ 1470.402120][T30347] name failslab, interval 1, probability 393216, space 0, times 0 [ 1470.493875][T30347] CPU: 0 UID: 0 PID: 30347 Comm: syz.4.8388 Tainted: G U syzkaller #0 PREEMPT(full) [ 1470.493903][T30347] Tainted: [U]=USER [ 1470.493909][T30347] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1470.493918][T30347] Call Trace: [ 1470.493924][T30347] [ 1470.493930][T30347] dump_stack_lvl+0x16c/0x1f0 [ 1470.493952][T30347] should_fail_ex+0x512/0x640 [ 1470.493974][T30347] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1470.493992][T30347] should_failslab+0xc2/0x120 [ 1470.494012][T30347] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1470.494026][T30347] ? __anon_vma_prepare+0xae/0x5e0 [ 1470.494053][T30347] ? __anon_vma_prepare+0xae/0x5e0 [ 1470.494072][T30347] __anon_vma_prepare+0xae/0x5e0 [ 1470.494093][T30347] ? __pfx___pte_alloc+0x10/0x10 [ 1470.494112][T30347] __vmf_anon_prepare+0x11c/0x240 [ 1470.494132][T30347] do_pte_missing+0x10b7/0x3ba0 [ 1470.494154][T30347] ? do_raw_spin_unlock+0x172/0x230 [ 1470.494178][T30347] ? __pmd_alloc+0x64f/0x8b0 [ 1470.494198][T30347] __handle_mm_fault+0x1556/0x2aa0 [ 1470.494225][T30347] ? __pfx___handle_mm_fault+0x10/0x10 [ 1470.494263][T30347] handle_mm_fault+0x589/0xd10 [ 1470.494288][T30347] __get_user_pages+0x54e/0x3530 [ 1470.494319][T30347] ? __pfx_validate_mm+0x10/0x10 [ 1470.494344][T30347] ? __pfx___get_user_pages+0x10/0x10 [ 1470.494370][T30347] get_user_pages_remote+0x243/0xab0 [ 1470.494393][T30347] ? __pfx_get_user_pages_remote+0x10/0x10 [ 1470.494412][T30347] ? __pfx_vma_link+0x10/0x10 [ 1470.494432][T30347] get_arg_page+0xf4/0x310 [ 1470.494446][T30347] ? __pfx_get_arg_page+0x10/0x10 [ 1470.494459][T30347] ? up_write+0x1b2/0x520 [ 1470.494484][T30347] copy_string_kernel+0x182/0x520 [ 1470.494503][T30347] do_execveat_common.isra.0+0x2ed/0x610 [ 1470.494522][T30347] __x64_sys_execve+0x8e/0xb0 [ 1470.494537][T30347] do_syscall_64+0xcd/0xfa0 [ 1470.494555][T30347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1470.494570][T30347] RIP: 0033:0x7ff21e38efc9 [ 1470.494583][T30347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1470.494597][T30347] RSP: 002b:00007ff21f192038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 1470.494612][T30347] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1470.494621][T30347] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 1470.494630][T30347] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1470.494639][T30347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1470.494648][T30347] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1470.494669][T30347] [ 1474.508869][T30374] random: crng reseeded on system resumption [ 1474.832624][T30377] Loading of unsigned module is rejected [ 1477.946157][T30353] Process accounting paused [ 1481.749617][T30422] ERROR: Out of memory at tomoyo_memory_ok. [ 1483.393397][T30436] FAULT_INJECTION: forcing a failure. [ 1483.393397][T30436] name failslab, interval 1, probability 393216, space 0, times 0 [ 1483.670917][T30436] CPU: 0 UID: 0 PID: 30436 Comm: syz.3.8408 Tainted: G U syzkaller #0 PREEMPT(full) [ 1483.670944][T30436] Tainted: [U]=USER [ 1483.670950][T30436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1483.670959][T30436] Call Trace: [ 1483.670968][T30436] [ 1483.670974][T30436] dump_stack_lvl+0x16c/0x1f0 [ 1483.670997][T30436] should_fail_ex+0x512/0x640 [ 1483.671020][T30436] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 1483.671037][T30436] should_failslab+0xc2/0x120 [ 1483.671057][T30436] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 1483.671073][T30436] ? __d_alloc+0x32/0xae0 [ 1483.671093][T30436] ? __d_alloc+0x32/0xae0 [ 1483.671107][T30436] __d_alloc+0x32/0xae0 [ 1483.671125][T30436] d_alloc_pseudo+0x1c/0xc0 [ 1483.671145][T30436] alloc_file_pseudo+0xcf/0x230 [ 1483.671166][T30436] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1483.671186][T30436] ? alloc_fd+0x471/0x7d0 [ 1483.671203][T30436] sock_alloc_file+0x50/0x210 [ 1483.671219][T30436] __sys_socket+0x1c0/0x260 [ 1483.671238][T30436] ? __pfx___sys_socket+0x10/0x10 [ 1483.671256][T30436] ? xfd_validate_state+0x61/0x180 [ 1483.671275][T30436] ? __pfx_ksys_write+0x10/0x10 [ 1483.671294][T30436] __x64_sys_socket+0x72/0xb0 [ 1483.671312][T30436] ? lockdep_hardirqs_on+0x7c/0x110 [ 1483.671327][T30436] do_syscall_64+0xcd/0xfa0 [ 1483.671344][T30436] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1483.671358][T30436] RIP: 0033:0x7f9f3058efc9 [ 1483.671371][T30436] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1483.671385][T30436] RSP: 002b:00007f9f31433038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1483.671400][T30436] RAX: ffffffffffffffda RBX: 00007f9f307e5fa0 RCX: 00007f9f3058efc9 [ 1483.671410][T30436] RDX: 0000000000000106 RSI: 0000000000000001 RDI: 0000000000000002 [ 1483.671418][T30436] RBP: 00007f9f30611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1483.671427][T30436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1483.671435][T30436] R13: 00007f9f307e6038 R14: 00007f9f307e5fa0 R15: 00007ffd60d17b88 [ 1483.671455][T30436] [ 1484.317833][ T30] audit: type=1804 audit(4294967355.723:38): pid=30443 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.8410" name="/newroot/1110/file0" dev="tmpfs" ino=5769 res=1 errno=0 [ 1485.764500][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1485.771552][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1487.100098][T30455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8413'. [ 1487.388646][T30455] : entered allmulticast mode [ 1487.398483][T30455] bond_slave_0: entered allmulticast mode [ 1487.431492][T30455] bond_slave_1: entered allmulticast mode [ 1487.482581][T30455] 8021q: adding VLAN 0 to HW filter on device  [ 1488.547511][T30480] random: crng reseeded on system resumption [ 1492.555783][T30523] netlink: 'syz.5.8427': attribute type 1 has an invalid length. [ 1492.649670][T30523] netlink: 17 bytes leftover after parsing attributes in process `syz.5.8427'. [ 1493.386290][T30528] ERROR: Out of memory at tomoyo_memory_ok. [ 1493.598147][T30530] Loading of unsigned module is rejected [ 1493.729361][T30532] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1493.735504][T30532] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1493.933034][T30532] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1495.795589][ T5837] Bluetooth: hci4: command 0x0c1a tx timeout [ 1495.801706][T28699] Bluetooth: hci3: command 0x0c1a tx timeout [ 1495.968595][ T5837] Bluetooth: hci0: command 0x0c1a tx timeout [ 1497.212105][T30550] ERROR: Out of memory at tomoyo_memory_ok. [ 1501.678971][T30593] usb usb15: usbfs: process 30593 (syz.4.8445) did not claim interface 0 before use [ 1502.240981][T30605] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1504.566323][T30623] ERROR: Out of memory at tomoyo_memory_ok. [ 1506.827018][T30640] scsi_strcpy_devinfo: vendor string 'νΩ/&cžΐ~n] ς | [ 1506.827018][T30640] MΕ' is too long [ 1506.995839][T30640] scsi_strcpy_devinfo: model string '’Dd5‚ ΥK€2bΫ [ 1506.995839][T30640] ††½WΟυ›ϊ «ϊ' is too long [ 1508.567217][T30559] Process accounting resumed [ 1508.588308][T30643] ERROR: Out of memory at tomoyo_memory_ok. [ 1508.929745][ T30] audit: type=1804 audit(4294967380.572:39): pid=30654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.8457" name="/newroot/862/file0" dev="tmpfs" ino=4524 res=1 errno=0 [ 1509.014628][ T30] audit: type=1804 audit(4294967380.632:40): pid=30655 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.8457" name="/newroot/862/file0" dev="tmpfs" ino=4524 res=1 errno=0 [ 1509.178406][ T30] audit: type=1800 audit(4294967380.793:41): pid=30654 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.8457" name="file0" dev="tmpfs" ino=4524 res=0 errno=0 [ 1513.055398][T30700] mkiss: ax0: crc mode is auto. [ 1513.596822][T30714] netlink: 25 bytes leftover after parsing attributes in process `syz.6.8476'. [ 1513.609495][T30716] scsi_strcpy_devinfo: vendor string 'νΩ/&cžΐ~n] ς | [ 1513.609495][T30716] MΕ' is too long [ 1513.670125][T30716] scsi_strcpy_devinfo: model string '’Dd5‚ ΥK€2bΫ [ 1513.670125][T30716] ††½WΟυ›ϊ «ϊ' is too long [ 1514.487159][T30724] ERROR: Out of memory at tomoyo_memory_ok. [ 1515.704077][T30751] ERROR: Out of memory at tomoyo_memory_ok. [ 1515.742603][T30753] netlink: 330 bytes leftover after parsing attributes in process `syz.4.8473'. [ 1515.814261][T30753] mac80211_hwsim hwsim18 ›: renamed from wlan0 (while UP) [ 1518.108791][T30782] Console: switching to colour VGA+ 4x1 [ 1518.382521][T30783] Console: switching to colour frame buffer device 4x6 [ 1518.566928][T30788] netlink: 4 bytes leftover after parsing attributes in process `syz.5.8485'. [ 1520.072863][T30801] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1521.163586][T30825] netlink: 8 bytes leftover after parsing attributes in process `syz.4.8492'. [ 1524.469995][T30855] ERROR: Out of memory at tomoyo_memory_ok. [ 1524.476909][T30857] scsi_strcpy_devinfo: vendor string 'νΩ/&cžΐ~n] ς | [ 1524.476909][T30857] MΕ' is too long [ 1524.578944][T30857] scsi_strcpy_devinfo: model string '’Dd5‚ ΥK€2bΫ [ 1524.578944][T30857] ††½WΟυ›ϊ «ϊ' is too long [ 1524.887080][T30865] mkiss: ax0: crc mode is auto. [ 1527.044403][T30896] ERROR: Out of memory at tomoyo_memory_ok. [ 1529.273579][T30928] mkiss: ax0: crc mode is auto. [ 1529.908818][T30940] Console: switching to colour VGA+ 4x1 [ 1530.987017][T30959] openvswitch: netlink: ufid size 17 bytes exceeds the range (1, 16) [ 1531.114601][T30959] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1535.702257][T31033] delete_channel: no stack syzkaller syzkaller login: [ 1539.293034][T31089] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input42 [ 1539.350174][T31068] Process accounting paused [ 1539.381040][ T5182] ERROR: Out of memory at tomoyo_memory_ok. [ 1539.543831][T31098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8549'. [ 1539.881325][T31096] Console: switching to colour frame buffer device 4x6 [ 1540.122548][T31108] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8552'. [ 1542.267494][T31142] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input43 [ 1542.628354][T31158] netlink: 8 bytes leftover after parsing attributes in process `syz.6.8560'. [ 1542.860549][T31148] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input44 [ 1543.547004][T31164] vivid-003: ================= START STATUS ================= [ 1543.592711][T31164] vivid-003: Radio HW Seek Mode: Bounded [ 1543.630244][T31164] vivid-003: Radio Programmable HW Seek: false [ 1543.636433][T31164] vivid-003: RDS Rx I/O Mode: Block I/O [ 1543.761318][T31164] vivid-003: Generate RBDS Instead of RDS: false [ 1543.767672][T31164] vivid-003: RDS Reception: true [ 1543.819941][T31164] vivid-003: RDS Program Type: 0 inactive [ 1543.846467][T31164] vivid-003: RDS PS Name: inactive [ 1543.883766][T31164] vivid-003: RDS Radio Text: inactive [ 1543.924169][T31164] vivid-003: RDS Traffic Announcement: false inactive [ 1543.967536][T31164] vivid-003: RDS Traffic Program: false inactive [ 1544.000648][T31164] vivid-003: RDS Music: false inactive [ 1544.030093][T31164] vivid-003: ================== END STATUS ================== [ 1545.189798][T31193] FAULT_INJECTION: forcing a failure. [ 1545.189798][T31193] name failslab, interval 1, probability 393216, space 0, times 0 [ 1545.377969][T31193] CPU: 0 UID: 0 PID: 31193 Comm: syz.3.8570 Tainted: G U syzkaller #0 PREEMPT(full) [ 1545.377997][T31193] Tainted: [U]=USER [ 1545.378003][T31193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1545.378012][T31193] Call Trace: [ 1545.378018][T31193] [ 1545.378025][T31193] dump_stack_lvl+0x16c/0x1f0 [ 1545.378046][T31193] should_fail_ex+0x512/0x640 [ 1545.378068][T31193] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 1545.378091][T31193] should_failslab+0xc2/0x120 [ 1545.378111][T31193] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 1545.378129][T31193] ? kstrdup_const+0x63/0x80 [ 1545.378150][T31193] ? kstrdup+0x53/0x100 [ 1545.378163][T31193] kstrdup+0x53/0x100 [ 1545.378179][T31193] kstrdup_const+0x63/0x80 [ 1545.378194][T31193] kvasprintf_const+0x10f/0x1a0 [ 1545.378209][T31193] kobject_set_name_vargs+0x5a/0x140 [ 1545.378229][T31193] dev_set_name+0xc7/0x100 [ 1545.378244][T31193] ? __pfx_dev_set_name+0x10/0x10 [ 1545.378260][T31193] ? lockdep_init_map_type+0x5c/0x280 [ 1545.378282][T31193] ? __init_waitqueue_head+0xca/0x150 [ 1545.378310][T31193] netdev_register_kobject+0xc5/0x3d0 [ 1545.378330][T31193] register_netdevice+0x13dc/0x2270 [ 1545.378350][T31193] ? __pfx_register_netdevice+0x10/0x10 [ 1545.378372][T31193] ppp_dev_configure+0xa1e/0xd40 [ 1545.378398][T31193] ppp_ioctl+0x170e/0x2880 [ 1545.378419][T31193] ? find_held_lock+0x2b/0x80 [ 1545.378433][T31193] ? __pfx_ppp_ioctl+0x10/0x10 [ 1545.378456][T31193] ? __fget_files+0x20e/0x3c0 [ 1545.378473][T31193] ? __pfx_ppp_ioctl+0x10/0x10 [ 1545.378493][T31193] __x64_sys_ioctl+0x18e/0x210 [ 1545.378515][T31193] do_syscall_64+0xcd/0xfa0 [ 1545.378533][T31193] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1545.378548][T31193] RIP: 0033:0x7f9f3058efc9 [ 1545.378561][T31193] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1545.378575][T31193] RSP: 002b:00007f9f31433038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1545.378589][T31193] RAX: ffffffffffffffda RBX: 00007f9f307e5fa0 RCX: 00007f9f3058efc9 [ 1545.378599][T31193] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000008 [ 1545.378607][T31193] RBP: 00007f9f30611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1545.378616][T31193] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1545.378624][T31193] R13: 00007f9f307e6038 R14: 00007f9f307e5fa0 R15: 00007ffd60d17b88 [ 1545.378645][T31193] [ 1546.030616][T31199] FAULT_INJECTION: forcing a failure. [ 1546.030616][T31199] name failslab, interval 1, probability 393216, space 0, times 0 [ 1546.128445][T31199] CPU: 0 UID: 0 PID: 31199 Comm: syz.4.8573 Tainted: G U syzkaller #0 PREEMPT(full) [ 1546.128472][T31199] Tainted: [U]=USER [ 1546.128478][T31199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1546.128487][T31199] Call Trace: [ 1546.128492][T31199] [ 1546.128499][T31199] dump_stack_lvl+0x16c/0x1f0 [ 1546.128520][T31199] should_fail_ex+0x512/0x640 [ 1546.128543][T31199] ? kmem_cache_alloc_lru_noprof+0x66/0x6e0 [ 1546.128561][T31199] should_failslab+0xc2/0x120 [ 1546.128586][T31199] kmem_cache_alloc_lru_noprof+0x79/0x6e0 [ 1546.128603][T31199] ? __d_alloc+0x32/0xae0 [ 1546.128623][T31199] ? __d_alloc+0x32/0xae0 [ 1546.128638][T31199] __d_alloc+0x32/0xae0 [ 1546.128656][T31199] d_alloc_pseudo+0x1c/0xc0 [ 1546.128676][T31199] alloc_file_pseudo+0xcf/0x230 [ 1546.128698][T31199] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1546.128718][T31199] ? alloc_fd+0x471/0x7d0 [ 1546.128734][T31199] sock_alloc_file+0x50/0x210 [ 1546.128751][T31199] __sys_socket+0x1c0/0x260 [ 1546.128770][T31199] ? __pfx___sys_socket+0x10/0x10 [ 1546.128788][T31199] ? xfd_validate_state+0x61/0x180 [ 1546.128807][T31199] ? __pfx_ksys_write+0x10/0x10 [ 1546.128826][T31199] __x64_sys_socket+0x72/0xb0 [ 1546.128843][T31199] ? lockdep_hardirqs_on+0x7c/0x110 [ 1546.128859][T31199] do_syscall_64+0xcd/0xfa0 [ 1546.128876][T31199] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1546.128891][T31199] RIP: 0033:0x7ff21e38efc9 [ 1546.128903][T31199] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1546.128918][T31199] RSP: 002b:00007ff21f192038 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1546.128932][T31199] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1546.128942][T31199] RDX: 0000000000000106 RSI: 0000000000000001 RDI: 0000000000000002 [ 1546.128950][T31199] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1546.128959][T31199] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1546.128967][T31199] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1546.128986][T31199] [ 1546.940942][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.952278][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1548.836418][T31195] kexec: Could not allocate control_code_buffer [ 1549.252778][T31233] blktrace: Concurrent blktraces are not allowed on loop2 [ 1550.373723][T31247] input: 00 [ 1550.373723][T31247] as /devices/virtual/input/input45 [ 1550.414358][T31247] FAULT_INJECTION: forcing a failure. [ 1550.414358][T31247] name failslab, interval 1, probability 393216, space 0, times 0 [ 1550.472355][T31247] CPU: 0 UID: 0 PID: 31247 Comm: syz.4.8585 Tainted: G U syzkaller #0 PREEMPT(full) [ 1550.472383][T31247] Tainted: [U]=USER [ 1550.472388][T31247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1550.472397][T31247] Call Trace: [ 1550.472403][T31247] [ 1550.472410][T31247] dump_stack_lvl+0x16c/0x1f0 [ 1550.472431][T31247] should_fail_ex+0x512/0x640 [ 1550.472452][T31247] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 1550.472475][T31247] should_failslab+0xc2/0x120 [ 1550.472495][T31247] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 1550.472513][T31247] ? kstrdup_const+0x63/0x80 [ 1550.472532][T31247] ? kstrdup+0x53/0x100 [ 1550.472544][T31247] kstrdup+0x53/0x100 [ 1550.472560][T31247] kstrdup_const+0x63/0x80 [ 1550.472575][T31247] __kernfs_new_node+0x9b/0x8e0 [ 1550.472596][T31247] ? __pfx___kernfs_new_node+0x10/0x10 [ 1550.472622][T31247] ? find_held_lock+0x2b/0x80 [ 1550.472639][T31247] ? kernfs_root+0xee/0x2a0 [ 1550.472661][T31247] kernfs_new_node+0x13c/0x1e0 [ 1550.472685][T31247] kernfs_create_link+0xcc/0x240 [ 1550.472701][T31247] sysfs_do_create_link_sd+0x90/0x140 [ 1550.472720][T31247] sysfs_create_link+0x61/0xc0 [ 1550.472738][T31247] device_add+0xb14/0x1aa0 [ 1550.472762][T31247] ? __pfx_device_add+0x10/0x10 [ 1550.472784][T31247] ? __pfx_exact_lock+0x10/0x10 [ 1550.472806][T31247] ? kobject_get+0xbb/0x150 [ 1550.472825][T31247] cdev_device_add+0xc2/0x1e0 [ 1550.472853][T31247] evdev_connect+0x3a4/0x4c0 [ 1550.472871][T31247] input_attach_handler.isra.0+0x176/0x250 [ 1550.472888][T31247] input_register_device+0xab9/0x1180 [ 1550.472908][T31247] uinput_ioctl_handler.isra.0+0x1357/0x1df0 [ 1550.472929][T31247] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1550.472950][T31247] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1550.472975][T31247] ? find_held_lock+0x2b/0x80 [ 1550.472999][T31247] ? __pfx_uinput_ioctl+0x10/0x10 [ 1550.473019][T31247] __x64_sys_ioctl+0x18e/0x210 [ 1550.473041][T31247] do_syscall_64+0xcd/0xfa0 [ 1550.473058][T31247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1550.473076][T31247] RIP: 0033:0x7ff21e38efc9 [ 1550.473090][T31247] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1550.473110][T31247] RSP: 002b:00007ff21f192038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1550.473126][T31247] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1550.473136][T31247] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000008 [ 1550.473145][T31247] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1550.473155][T31247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1550.473164][T31247] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1550.473185][T31247] [ 1550.897380][T31247] input: failed to attach handler evdev to device input45, error: -12 [ 1551.729575][T31270] ERROR: Out of memory at tomoyo_memory_ok. [ 1552.225603][T31283] FAULT_INJECTION: forcing a failure. [ 1552.225603][T31283] name failslab, interval 1, probability 393216, space 0, times 0 [ 1552.317636][T31283] CPU: 0 UID: 0 PID: 31283 Comm: syz.4.8595 Tainted: G U syzkaller #0 PREEMPT(full) [ 1552.317663][T31283] Tainted: [U]=USER [ 1552.317668][T31283] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1552.317683][T31283] Call Trace: [ 1552.317689][T31283] [ 1552.317696][T31283] dump_stack_lvl+0x16c/0x1f0 [ 1552.317717][T31283] should_fail_ex+0x512/0x640 [ 1552.317740][T31283] ? fs_reclaim_acquire+0xae/0x150 [ 1552.317762][T31283] should_failslab+0xc2/0x120 [ 1552.317781][T31283] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1552.317796][T31283] ? __pfx_map_id_range_down+0x10/0x10 [ 1552.317818][T31283] ? security_inode_alloc+0x3b/0x2b0 [ 1552.317843][T31283] ? security_inode_alloc+0x3b/0x2b0 [ 1552.317865][T31283] security_inode_alloc+0x3b/0x2b0 [ 1552.317887][T31283] inode_init_always_gfp+0xce4/0x1030 [ 1552.317906][T31283] alloc_inode+0x86/0x240 [ 1552.317925][T31283] sock_alloc+0x40/0x280 [ 1552.317942][T31283] __sock_create+0xc1/0x8d0 [ 1552.317963][T31283] udp_sock_create4+0xa6/0x450 [ 1552.317981][T31283] ? __pfx_udp_sock_create4+0x10/0x10 [ 1552.318000][T31283] ? lockdep_hardirqs_on+0x7c/0x110 [ 1552.318016][T31283] ? crng_make_state+0x48e/0x6d0 [ 1552.318037][T31283] rxrpc_open_socket+0x4f5/0x6b0 [ 1552.318058][T31283] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 1552.318086][T31283] ? __pfx_rxrpc_client_conn_reap_timeout+0x10/0x10 [ 1552.318107][T31283] ? rcu_is_watching+0x12/0xc0 [ 1552.318125][T31283] rxrpc_lookup_local+0xa01/0x1220 [ 1552.318149][T31283] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 1552.318170][T31283] ? __local_bh_enable_ip+0xa4/0x120 [ 1552.318190][T31283] rxrpc_sendmsg+0x37e/0x680 [ 1552.318214][T31283] sock_write_iter+0x566/0x610 [ 1552.318232][T31283] ? __pfx_sock_write_iter+0x10/0x10 [ 1552.318257][T31283] ? bpf_lsm_file_permission+0x9/0x10 [ 1552.318273][T31283] ? security_file_permission+0x71/0x210 [ 1552.318289][T31283] ? rw_verify_area+0xcf/0x6c0 [ 1552.318304][T31283] vfs_write+0x7d3/0x11d0 [ 1552.318320][T31283] ? __pfx_sock_write_iter+0x10/0x10 [ 1552.318340][T31283] ? __pfx_vfs_write+0x10/0x10 [ 1552.318354][T31283] ? find_held_lock+0x2b/0x80 [ 1552.318381][T31283] ksys_write+0x1f8/0x250 [ 1552.318396][T31283] ? __pfx_ksys_write+0x10/0x10 [ 1552.318417][T31283] do_syscall_64+0xcd/0xfa0 [ 1552.318435][T31283] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1552.318450][T31283] RIP: 0033:0x7ff21e38efc9 [ 1552.318462][T31283] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1552.318477][T31283] RSP: 002b:00007ff21f192038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1552.318493][T31283] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1552.318503][T31283] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1552.318512][T31283] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1552.318522][T31283] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1552.318531][T31283] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1552.318551][T31283] [ 1552.624997][T31283] socket: no more sockets [ 1554.078293][T31301] FAULT_INJECTION: forcing a failure. [ 1554.078293][T31301] name failslab, interval 1, probability 393216, space 0, times 0 [ 1554.154595][T31301] CPU: 0 UID: 0 PID: 31301 Comm: syz.4.8599 Tainted: G U syzkaller #0 PREEMPT(full) [ 1554.154624][T31301] Tainted: [U]=USER [ 1554.154630][T31301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1554.154639][T31301] Call Trace: [ 1554.154646][T31301] [ 1554.154653][T31301] dump_stack_lvl+0x16c/0x1f0 [ 1554.154675][T31301] should_fail_ex+0x512/0x640 [ 1554.154697][T31301] ? __kmalloc_cache_node_noprof+0x62/0x7a0 [ 1554.154718][T31301] should_failslab+0xc2/0x120 [ 1554.154737][T31301] __kmalloc_cache_node_noprof+0x75/0x7a0 [ 1554.154754][T31301] ? blkg_alloc+0xb7/0xb60 [ 1554.154779][T31301] ? blkg_alloc+0xb7/0xb60 [ 1554.154800][T31301] blkg_alloc+0xb7/0xb60 [ 1554.154822][T31301] ? find_held_lock+0x2b/0x80 [ 1554.154840][T31301] blkcg_init_disk+0x51/0x160 [ 1554.154856][T31301] __alloc_disk_node+0x299/0x640 [ 1554.154877][T31301] __blk_mq_alloc_disk+0x89/0x120 [ 1554.154897][T31301] loop_add+0x490/0xb70 [ 1554.154913][T31301] ? __pfx_loop_add+0x10/0x10 [ 1554.154939][T31301] ? find_held_lock+0x2b/0x80 [ 1554.154956][T31301] loop_control_ioctl+0x13e/0x630 [ 1554.154971][T31301] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1554.154989][T31301] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1554.155004][T31301] __x64_sys_ioctl+0x18e/0x210 [ 1554.155027][T31301] do_syscall_64+0xcd/0xfa0 [ 1554.155044][T31301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1554.155059][T31301] RIP: 0033:0x7ff21e38efc9 [ 1554.155071][T31301] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1554.155086][T31301] RSP: 002b:00007ff21f192038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1554.155101][T31301] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1554.155112][T31301] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 1554.155121][T31301] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1554.155130][T31301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1554.155138][T31301] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1554.155158][T31301] [ 1555.007377][T31309] size and base must be multiples of 4 kiB [ 1555.030046][T31309] CPU: 0 UID: 0 PID: 31309 Comm: syz.3.8600 Tainted: G U syzkaller #0 PREEMPT(full) [ 1555.030075][T31309] Tainted: [U]=USER [ 1555.030080][T31309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1555.030090][T31309] Call Trace: [ 1555.030095][T31309] [ 1555.030104][T31309] dump_stack_lvl+0x16c/0x1f0 [ 1555.030127][T31309] mtrr_del+0xd1/0x110 [ 1555.030147][T31309] mtrr_ioctl+0x922/0xcf0 [ 1555.030168][T31309] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1555.030191][T31309] ? find_held_lock+0x2b/0x80 [ 1555.030211][T31309] ? __fget_files+0x20e/0x3c0 [ 1555.030226][T31309] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1555.030246][T31309] proc_reg_unlocked_ioctl+0x229/0x320 [ 1555.030266][T31309] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1555.030286][T31309] __x64_sys_ioctl+0x18e/0x210 [ 1555.030308][T31309] do_syscall_64+0xcd/0xfa0 [ 1555.030326][T31309] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1555.030340][T31309] RIP: 0033:0x7f9f3058efc9 [ 1555.030360][T31309] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1555.030380][T31309] RSP: 002b:00007f9f313f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1555.030395][T31309] RAX: ffffffffffffffda RBX: 00007f9f307e6180 RCX: 00007f9f3058efc9 [ 1555.030405][T31309] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 1555.030414][T31309] RBP: 00007f9f30611f91 R08: 0000000000000000 R09: 0000000000000000 [ 1555.030423][T31309] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1555.030433][T31309] R13: 00007f9f307e6218 R14: 00007f9f307e6180 R15: 00007ffd60d17b88 [ 1555.030454][T31309] [ 1555.530733][T31307] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1555.580090][T31307] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1555.656505][T31307] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1556.068298][T31323] FAULT_INJECTION: forcing a failure. [ 1556.068298][T31323] name failslab, interval 1, probability 393216, space 0, times 0 [ 1556.238285][T31323] CPU: 0 UID: 0 PID: 31323 Comm: syz.6.8606 Tainted: G U syzkaller #0 PREEMPT(full) [ 1556.238313][T31323] Tainted: [U]=USER [ 1556.238319][T31323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1556.238329][T31323] Call Trace: [ 1556.238334][T31323] [ 1556.238341][T31323] dump_stack_lvl+0x16c/0x1f0 [ 1556.238363][T31323] should_fail_ex+0x512/0x640 [ 1556.238389][T31323] ? fs_reclaim_acquire+0xae/0x150 [ 1556.238410][T31323] should_failslab+0xc2/0x120 [ 1556.238429][T31323] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1556.238444][T31323] ? __pfx_map_id_range_down+0x10/0x10 [ 1556.238466][T31323] ? security_inode_alloc+0x3b/0x2b0 [ 1556.238491][T31323] ? security_inode_alloc+0x3b/0x2b0 [ 1556.238512][T31323] security_inode_alloc+0x3b/0x2b0 [ 1556.238534][T31323] inode_init_always_gfp+0xce4/0x1030 [ 1556.238552][T31323] alloc_inode+0x86/0x240 [ 1556.238572][T31323] sock_alloc+0x40/0x280 [ 1556.238588][T31323] __sock_create+0xc1/0x8d0 [ 1556.238610][T31323] udp_sock_create4+0xa6/0x450 [ 1556.238626][T31323] ? __pfx_udp_sock_create4+0x10/0x10 [ 1556.238645][T31323] ? lockdep_hardirqs_on+0x7c/0x110 [ 1556.238661][T31323] ? crng_make_state+0x48e/0x6d0 [ 1556.238682][T31323] rxrpc_open_socket+0x4f5/0x6b0 [ 1556.238703][T31323] ? __pfx_rxrpc_open_socket+0x10/0x10 [ 1556.238731][T31323] ? __pfx_rxrpc_client_conn_reap_timeout+0x10/0x10 [ 1556.238752][T31323] ? rcu_is_watching+0x12/0xc0 [ 1556.238770][T31323] rxrpc_lookup_local+0xa01/0x1220 [ 1556.238794][T31323] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 1556.238816][T31323] ? __local_bh_enable_ip+0xa4/0x120 [ 1556.238835][T31323] rxrpc_sendmsg+0x37e/0x680 [ 1556.238860][T31323] sock_write_iter+0x566/0x610 [ 1556.238878][T31323] ? __pfx_sock_write_iter+0x10/0x10 [ 1556.238902][T31323] ? bpf_lsm_file_permission+0x9/0x10 [ 1556.238919][T31323] ? security_file_permission+0x71/0x210 [ 1556.238935][T31323] ? rw_verify_area+0xcf/0x6c0 [ 1556.238951][T31323] vfs_write+0x7d3/0x11d0 [ 1556.238967][T31323] ? __pfx_sock_write_iter+0x10/0x10 [ 1556.238994][T31323] ? __pfx_vfs_write+0x10/0x10 [ 1556.239010][T31323] ? find_held_lock+0x2b/0x80 [ 1556.239038][T31323] ksys_write+0x1f8/0x250 [ 1556.239055][T31323] ? __pfx_ksys_write+0x10/0x10 [ 1556.239078][T31323] do_syscall_64+0xcd/0xfa0 [ 1556.239096][T31323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1556.239111][T31323] RIP: 0033:0x7f923678efc9 [ 1556.239124][T31323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1556.239138][T31323] RSP: 002b:00007f923761f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1556.239152][T31323] RAX: ffffffffffffffda RBX: 00007f92369e5fa0 RCX: 00007f923678efc9 [ 1556.239162][T31323] RDX: 00000000fffffdef RSI: 0000000000000000 RDI: 0000000000000003 [ 1556.239172][T31323] RBP: 00007f9236811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1556.239186][T31323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1556.239195][T31323] R13: 00007f92369e6038 R14: 00007f92369e5fa0 R15: 00007fffde27d548 [ 1556.239217][T31323] [ 1556.850538][T31323] socket: no more sockets [ 1557.212917][T31339] busy [ 1557.251748][T31339] input input46: cannot allocate more than FF_MAX_EFFECTS effects [ 1557.628495][T30711] Bluetooth: hci3: command 0x0c1a tx timeout [ 1557.706431][T30711] Bluetooth: hci0: command 0x0c1a tx timeout [ 1557.712820][T30711] Bluetooth: hci4: command 0x0c1a tx timeout [ 1558.814055][T31352] ERROR: Out of memory at tomoyo_memory_ok. [ 1560.045988][T31361] FAULT_INJECTION: forcing a failure. [ 1560.045988][T31361] name failslab, interval 1, probability 393216, space 0, times 0 [ 1560.106241][T31361] CPU: 0 UID: 0 PID: 31361 Comm: syz.6.8613 Tainted: G U syzkaller #0 PREEMPT(full) [ 1560.106269][T31361] Tainted: [U]=USER [ 1560.106274][T31361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1560.106284][T31361] Call Trace: [ 1560.106289][T31361] [ 1560.106296][T31361] dump_stack_lvl+0x16c/0x1f0 [ 1560.106318][T31361] should_fail_ex+0x512/0x640 [ 1560.106341][T31361] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1560.106367][T31361] should_failslab+0xc2/0x120 [ 1560.106387][T31361] __kmalloc_cache_noprof+0x72/0x780 [ 1560.106410][T31361] ? rand_initialize_disk+0x3f/0xc0 [ 1560.106434][T31361] ? rand_initialize_disk+0x3f/0xc0 [ 1560.106454][T31361] rand_initialize_disk+0x3f/0xc0 [ 1560.106474][T31361] __alloc_disk_node+0x2c5/0x640 [ 1560.106496][T31361] __blk_mq_alloc_disk+0x89/0x120 [ 1560.106515][T31361] loop_add+0x490/0xb70 [ 1560.106531][T31361] ? __pfx_loop_add+0x10/0x10 [ 1560.106557][T31361] ? find_held_lock+0x2b/0x80 [ 1560.106575][T31361] loop_control_ioctl+0x13e/0x630 [ 1560.106591][T31361] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1560.106610][T31361] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1560.106627][T31361] __x64_sys_ioctl+0x18e/0x210 [ 1560.106650][T31361] do_syscall_64+0xcd/0xfa0 [ 1560.106667][T31361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1560.106683][T31361] RIP: 0033:0x7f923678efc9 [ 1560.106695][T31361] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1560.106710][T31361] RSP: 002b:00007f923761f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1560.106725][T31361] RAX: ffffffffffffffda RBX: 00007f92369e5fa0 RCX: 00007f923678efc9 [ 1560.106735][T31361] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000006 [ 1560.106744][T31361] RBP: 00007f9236811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1560.106753][T31361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1560.106762][T31361] R13: 00007f92369e6038 R14: 00007f92369e5fa0 R15: 00007fffde27d548 [ 1560.106781][T31361] [ 1560.532249][T31365] delete_channel: no stack [ 1561.444843][T31388] netlink: 186 bytes leftover after parsing attributes in process `syz.6.8620'. [ 1561.510868][T31340] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1561.913331][T30704] Bluetooth: hci3: unexpected event 0x3e length: 728 > 260 [ 1561.913357][T30704] Bluetooth: hci3: unexpected subevent 0x0c length: 727 > 5 [ 1561.946441][T31394] FAULT_INJECTION: forcing a failure. [ 1561.946441][T31394] name failslab, interval 1, probability 393216, space 0, times 0 [ 1562.004700][T31394] CPU: 0 UID: 0 PID: 31394 Comm: syz.4.8622 Tainted: G U syzkaller #0 PREEMPT(full) [ 1562.004728][T31394] Tainted: [U]=USER [ 1562.004733][T31394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1562.004742][T31394] Call Trace: [ 1562.004748][T31394] [ 1562.004755][T31394] dump_stack_lvl+0x16c/0x1f0 [ 1562.004777][T31394] should_fail_ex+0x512/0x640 [ 1562.004799][T31394] ? __kmalloc_node_track_caller_noprof+0xcb/0x8a0 [ 1562.004822][T31394] should_failslab+0xc2/0x120 [ 1562.004842][T31394] __kmalloc_node_track_caller_noprof+0xde/0x8a0 [ 1562.004860][T31394] ? kstrdup_const+0x63/0x80 [ 1562.004880][T31394] ? kstrdup+0x53/0x100 [ 1562.004894][T31394] kstrdup+0x53/0x100 [ 1562.004910][T31394] kstrdup_const+0x63/0x80 [ 1562.004924][T31394] kvasprintf_const+0x10f/0x1a0 [ 1562.004940][T31394] kobject_set_name_vargs+0x5a/0x140 [ 1562.004959][T31394] dev_set_name+0xc7/0x100 [ 1562.004974][T31394] ? __pfx_dev_set_name+0x10/0x10 [ 1562.004990][T31394] ? lockdep_init_map_type+0x5c/0x280 [ 1562.005011][T31394] ? __init_waitqueue_head+0xca/0x150 [ 1562.005040][T31394] netdev_register_kobject+0xc5/0x3d0 [ 1562.005061][T31394] register_netdevice+0x13dc/0x2270 [ 1562.005081][T31394] ? __pfx_register_netdevice+0x10/0x10 [ 1562.005102][T31394] ppp_dev_configure+0xa1e/0xd40 [ 1562.005129][T31394] ppp_ioctl+0x170e/0x2880 [ 1562.005150][T31394] ? find_held_lock+0x2b/0x80 [ 1562.005164][T31394] ? __pfx_ppp_ioctl+0x10/0x10 [ 1562.005187][T31394] ? __fget_files+0x20e/0x3c0 [ 1562.005205][T31394] ? __pfx_ppp_ioctl+0x10/0x10 [ 1562.005225][T31394] __x64_sys_ioctl+0x18e/0x210 [ 1562.005247][T31394] do_syscall_64+0xcd/0xfa0 [ 1562.005265][T31394] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1562.005279][T31394] RIP: 0033:0x7ff21e38efc9 [ 1562.005292][T31394] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1562.005306][T31394] RSP: 002b:00007ff21f192038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1562.005320][T31394] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1562.005330][T31394] RDX: 0000000000000000 RSI: 00000000c004743e RDI: 0000000000000008 [ 1562.005339][T31394] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1562.005347][T31394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1562.005357][T31394] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1562.005377][T31394] [ 1563.218613][T31401] busy [ 1563.231848][T31401] input input47: cannot allocate more than FF_MAX_EFFECTS effects [ 1565.764331][T31433] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1565.804191][T31433] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1565.882519][T31433] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1565.957152][T31433] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1567.814457][T30704] Bluetooth: hci4: command 0x0c1a tx timeout [ 1567.821316][T31340] Bluetooth: hci3: command 0x0c1a tx timeout [ 1567.894210][T31340] Bluetooth: hci0: command 0x0c1a tx timeout [ 1568.831448][T31477] FAULT_INJECTION: forcing a failure. [ 1568.831448][T31477] name failslab, interval 1, probability 393216, space 0, times 0 [ 1568.932523][T31477] CPU: 0 UID: 0 PID: 31477 Comm: syz.4.8640 Tainted: G U syzkaller #0 PREEMPT(full) [ 1568.932549][T31477] Tainted: [U]=USER [ 1568.932554][T31477] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1568.932564][T31477] Call Trace: [ 1568.932569][T31477] [ 1568.932576][T31477] dump_stack_lvl+0x16c/0x1f0 [ 1568.932597][T31477] should_fail_ex+0x512/0x640 [ 1568.932620][T31477] ? fs_reclaim_acquire+0xae/0x150 [ 1568.932643][T31477] should_failslab+0xc2/0x120 [ 1568.932662][T31477] __kmalloc_noprof+0xdd/0x880 [ 1568.932685][T31477] ? mempool_init_node+0x2f7/0x6e0 [ 1568.932706][T31477] ? __pfx_mempool_kmalloc+0x10/0x10 [ 1568.932721][T31477] ? mempool_init_node+0x2f7/0x6e0 [ 1568.932737][T31477] ? __pfx_mempool_kmalloc+0x10/0x10 [ 1568.932753][T31477] mempool_init_node+0x2f7/0x6e0 [ 1568.932775][T31477] ? __pfx_mempool_kmalloc+0x10/0x10 [ 1568.932790][T31477] ? __pfx_mempool_kfree+0x10/0x10 [ 1568.932806][T31477] mempool_init_noprof+0x3a/0x50 [ 1568.932826][T31477] do_fanotify_mark+0x2e65/0x39d0 [ 1568.932856][T31477] ? __pfx_do_fanotify_mark+0x10/0x10 [ 1568.932880][T31477] ? __x64_sys_futex+0x1e9/0x4c0 [ 1568.932903][T31477] ? xfd_validate_state+0x61/0x180 [ 1568.932923][T31477] ? __pfx_ksys_write+0x10/0x10 [ 1568.932941][T31477] __x64_sys_fanotify_mark+0xbd/0x160 [ 1568.932962][T31477] ? do_syscall_64+0x91/0xfa0 [ 1568.932978][T31477] ? lockdep_hardirqs_on+0x7c/0x110 [ 1568.932994][T31477] do_syscall_64+0xcd/0xfa0 [ 1568.933010][T31477] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1568.933025][T31477] RIP: 0033:0x7ff21e38efc9 [ 1568.933038][T31477] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1568.933052][T31477] RSP: 002b:00007ff21f171038 EFLAGS: 00000246 ORIG_RAX: 000000000000012d [ 1568.933066][T31477] RAX: ffffffffffffffda RBX: 00007ff21e5e6090 RCX: 00007ff21e38efc9 [ 1568.933076][T31477] RDX: 0000000000008009 RSI: 0000000000000105 RDI: 0000000000000000 [ 1568.933085][T31477] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1568.933093][T31477] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 1568.933102][T31477] R13: 00007ff21e5e6128 R14: 00007ff21e5e6090 R15: 00007ffdfb7db798 [ 1568.933122][T31477] [ 1569.962685][T31340] Bluetooth: hci0: command 0x0c1a tx timeout [ 1570.294437][T31476] kexec: Could not allocate control_code_buffer [ 1570.422254][ T30] audit: type=1800 audit(4294967312.311:42): pid=31482 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.8642" name="members" dev="configfs" ino=292982 res=0 errno=0 [ 1570.847482][ T5824] Process accounting resumed [ 1570.888681][T31485] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8644'. [ 1570.963487][T31485] netlink: 354 bytes leftover after parsing attributes in process `syz.4.8644'. [ 1571.778890][T30704] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1571.791358][T30704] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1571.801721][T30704] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1571.809488][T30704] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1571.817161][T30704] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1571.893616][T31504] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1571.905479][T31504] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1571.914249][T31504] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1571.922198][T31504] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1571.929596][T31504] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1573.200238][T31502] chnl_net:caif_netlink_parms(): no params data found [ 1573.251221][T31497] chnl_net:caif_netlink_parms(): no params data found [ 1573.680756][T31502] bridge0: port 1(bridge_slave_0) entered blocking state [ 1573.699130][T31502] bridge0: port 1(bridge_slave_0) entered disabled state [ 1573.714924][T31502] bridge_slave_0: entered allmulticast mode [ 1573.728718][T31502] bridge_slave_0: entered promiscuous mode [ 1573.795439][T31497] bridge0: port 1(bridge_slave_0) entered blocking state [ 1573.814864][T31497] bridge0: port 1(bridge_slave_0) entered disabled state [ 1573.854692][T31497] bridge_slave_0: entered allmulticast mode [ 1573.871946][T31497] bridge_slave_0: entered promiscuous mode [ 1573.898248][T31502] bridge0: port 2(bridge_slave_1) entered blocking state [ 1573.920810][T31502] bridge0: port 2(bridge_slave_1) entered disabled state [ 1573.944682][T31504] Bluetooth: hci1: command tx timeout [ 1573.961271][T31502] bridge_slave_1: entered allmulticast mode [ 1573.990804][T31502] bridge_slave_1: entered promiscuous mode [ 1574.021699][T31504] Bluetooth: hci5: command tx timeout [ 1574.085400][T31497] bridge0: port 2(bridge_slave_1) entered blocking state [ 1574.093454][T31529] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1574.113023][T31497] bridge0: port 2(bridge_slave_1) entered disabled state [ 1574.139202][T31497] bridge_slave_1: entered allmulticast mode [ 1574.158954][T31529] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1574.168727][T31497] bridge_slave_1: entered promiscuous mode [ 1574.253874][T31529] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1574.331751][T31502] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1574.349708][T31529] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1574.386419][T31529] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1574.445323][T31502] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1574.455532][T31529] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1574.497692][T31497] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1574.511197][T31529] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1574.549822][T31529] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1574.590550][T31529] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1574.630747][T31497] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1574.694343][T31502] team0: Port device team_slave_0 added [ 1574.767090][T31502] team0: Port device team_slave_1 added [ 1574.833991][T31497] team0: Port device team_slave_0 added [ 1574.868545][T31497] team0: Port device team_slave_1 added [ 1574.919803][T31502] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1574.938352][T31502] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1575.035976][T31502] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1575.177764][T31502] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1575.184729][T31502] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1575.335178][T31502] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1575.395199][T31497] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1575.416056][T31497] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1575.509890][T31497] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1575.636957][T31497] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1575.658630][T31497] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1575.730063][T31497] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1575.774207][T31502] hsr_slave_0: entered promiscuous mode [ 1575.791038][T31502] hsr_slave_1: entered promiscuous mode [ 1575.800364][T31502] debugfs: 'hsr0' already exists in 'hsr' [ 1575.818759][T31502] Cannot create hsr debugfs directory [ 1575.974342][T31497] hsr_slave_0: entered promiscuous mode [ 1576.001418][T31497] hsr_slave_1: entered promiscuous mode [ 1576.025178][T31497] debugfs: 'hsr0' already exists in 'hsr' [ 1576.051750][T31497] Cannot create hsr debugfs directory [ 1576.091077][T31504] Bluetooth: hci3: command 0x0c1a tx timeout [ 1576.173456][T31504] Bluetooth: hci4: command 0x0c1a tx timeout [ 1576.252715][T30704] Bluetooth: hci0: command 0x0c1a tx timeout [ 1576.409005][T30704] Bluetooth: hci1: command 0x040f tx timeout [ 1576.488909][T30704] Bluetooth: hci5: command 0x040f tx timeout [ 1576.802993][T31502] netdevsim netdevsim8 netdevsim0: renamed from eth0 [ 1576.862170][T31502] netdevsim netdevsim8 netdevsim1: renamed from eth1 [ 1576.992305][T31502] netdevsim netdevsim8 netdevsim2: renamed from eth2 [ 1577.030437][T31502] netdevsim netdevsim8 netdevsim3: renamed from eth3 [ 1577.190428][T31497] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1577.217745][T31551] Process accounting resumed [ 1577.242374][T31497] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1577.282237][T31497] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1577.363064][T31497] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1577.410175][T31564] netlink: 186 bytes leftover after parsing attributes in process `syz.4.8656'. [ 1577.536574][T30704] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1577.638678][T31502] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1577.736938][T31502] 8021q: adding VLAN 0 to HW filter on device team0 [ 1577.792798][T30811] bridge0: port 1(bridge_slave_0) entered blocking state [ 1577.799900][T30811] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1577.865159][T30811] bridge0: port 2(bridge_slave_1) entered blocking state [ 1577.872392][T30811] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1578.092455][T31497] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1578.188628][T31497] 8021q: adding VLAN 0 to HW filter on device team0 [ 1578.272696][T30706] bridge0: port 1(bridge_slave_0) entered blocking state [ 1578.279862][T30706] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1578.374509][T31542] bridge0: port 2(bridge_slave_1) entered blocking state [ 1578.381761][T31542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1578.481003][T31504] Bluetooth: hci1: command 0x040f tx timeout [ 1578.560983][T31504] Bluetooth: hci5: command 0x040f tx timeout [ 1578.679845][T31576] size and base must be multiples of 4 kiB [ 1578.685682][T31576] CPU: 0 UID: 0 PID: 31576 Comm: syz.6.8658 Tainted: G U syzkaller #0 PREEMPT(full) [ 1578.685707][T31576] Tainted: [U]=USER [ 1578.685713][T31576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1578.685723][T31576] Call Trace: [ 1578.685731][T31576] [ 1578.685737][T31576] dump_stack_lvl+0x16c/0x1f0 [ 1578.685758][T31576] mtrr_del+0xd1/0x110 [ 1578.685780][T31576] mtrr_ioctl+0x922/0xcf0 [ 1578.685806][T31576] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1578.685829][T31576] ? find_held_lock+0x2b/0x80 [ 1578.685850][T31576] ? __fget_files+0x20e/0x3c0 [ 1578.685866][T31576] ? __pfx_mtrr_ioctl+0x10/0x10 [ 1578.685886][T31576] proc_reg_unlocked_ioctl+0x229/0x320 [ 1578.685906][T31576] ? __pfx_proc_reg_unlocked_ioctl+0x10/0x10 [ 1578.685927][T31576] __x64_sys_ioctl+0x18e/0x210 [ 1578.685949][T31576] do_syscall_64+0xcd/0xfa0 [ 1578.685966][T31576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1578.685981][T31576] RIP: 0033:0x7f923678efc9 [ 1578.685994][T31576] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1578.686009][T31576] RSP: 002b:00007f92375fe038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1578.686023][T31576] RAX: ffffffffffffffda RBX: 00007f92369e6090 RCX: 00007f923678efc9 [ 1578.686033][T31576] RDX: 0000000000000007 RSI: 0000000040104d04 RDI: 0000000000000003 [ 1578.686042][T31576] RBP: 00007f9236811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1578.686051][T31576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1578.686060][T31576] R13: 00007f92369e6128 R14: 00007f92369e6090 R15: 00007fffde27d548 [ 1578.686080][T31576] [ 1578.854952][T31580] delete_channel: no stack [ 1579.137415][T31502] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1579.358276][T31589] netlink: 4 bytes leftover after parsing attributes in process `syz.6.8661'. [ 1579.862743][T31502] veth0_vlan: entered promiscuous mode [ 1579.917842][T31502] veth1_vlan: entered promiscuous mode [ 1579.989177][T31502] veth0_macvtap: entered promiscuous mode [ 1580.048953][T31497] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1580.064167][T31502] veth1_macvtap: entered promiscuous mode [ 1580.142864][T31502] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1580.221672][T31502] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1580.280824][T30811] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1580.316773][T30811] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1580.360214][T30811] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1580.412111][T30811] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1580.510530][T31596] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1580.539684][T31596] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1580.548773][T31504] Bluetooth: hci1: command 0x040f tx timeout [ 1580.580133][T31596] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1580.586160][T31596] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1580.619203][T31596] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1580.647833][T31596] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1580.747776][T31497] veth0_vlan: entered promiscuous mode [ 1580.805369][T31497] veth1_vlan: entered promiscuous mode [ 1580.901342][T31542] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1580.929269][T31542] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1580.982441][T31497] veth0_macvtap: entered promiscuous mode [ 1581.057028][T31497] veth1_macvtap: entered promiscuous mode [ 1581.065659][T31592] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1581.095198][T31592] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1581.180028][T31497] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1581.244768][T31497] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1581.313626][T30723] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1581.322632][T30723] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1581.402724][T30723] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1581.411483][T30723] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1581.741911][T30704] Bluetooth: hci3: command 0x0c1a tx timeout [ 1581.792155][T31592] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1581.799985][T31592] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1581.956983][T30811] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1581.995190][T30811] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1582.452120][T31626] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1582.552095][T31626] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1582.603092][T31626] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1582.617265][T30704] Bluetooth: hci5: command 0x040f tx timeout [ 1582.625062][T31504] Bluetooth: hci1: command 0x040f tx timeout [ 1582.683430][T31626] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1583.137412][T31626] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1584.450819][T31504] Bluetooth: hci3: command 0x0c1a tx timeout [ 1584.626220][T31504] Bluetooth: hci0: command 0x0c1a tx timeout [ 1584.632250][T31504] Bluetooth: hci4: command 0x0c1a tx timeout [ 1584.696760][T31504] Bluetooth: hci1: command 0x040f tx timeout [ 1585.759010][ C0] vcan0: j1939_tp_rxtimer: 0xffff888056480c00: rx timeout, send abort [ 1585.767506][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff888056480c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1585.793315][T31504] Bluetooth: hci5: command 0x040f tx timeout [ 1586.858272][T31646] ERROR: Out of memory at tomoyo_memory_ok. [ 1586.944546][T31646] netlink: 40 bytes leftover after parsing attributes in process `syz.7.8671'. [ 1587.873090][T31504] Bluetooth: hci5: command 0x040f tx timeout [ 1589.085226][T31689] netlink: 4 bytes leftover after parsing attributes in process `syz.7.8682'. [ 1589.143708][T31689] netlink: 'syz.7.8682': attribute type 1 has an invalid length. [ 1589.192696][T31689] netlink: 342 bytes leftover after parsing attributes in process `syz.7.8682'. [ 1590.714573][T31702] sp0: Synchronizing with TNC [ 1591.258992][T31729] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1591.442333][T31729] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1591.627400][T31729] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1591.761329][T31729] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1591.876725][T31729] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1592.575296][T31749] Loading of unsigned module is rejected [ 1593.281540][T31504] Bluetooth: hci3: command 0x0c1a tx timeout [ 1593.364836][T31504] Bluetooth: hci4: command 0x0c1a tx timeout [ 1593.376432][T31767] usb usb15: usbfs: process 31767 (syz.6.8697) did not claim interface 0 before use [ 1593.681722][T31504] Bluetooth: hci0: command 0x0c1a tx timeout [ 1593.759726][T31504] Bluetooth: hci1: command 0x040f tx timeout [ 1593.918014][T31504] Bluetooth: hci5: command 0x040f tx timeout [ 1594.233129][T31779] Loading of unsigned module is rejected [ 1595.533562][T31795] can0: slcan on ttyS2. [ 1595.678902][T31795] can0 (unregistered): slcan off ttyS2. [ 1598.575880][T31798] kexec: Could not allocate control_code_buffer [ 1599.013282][T31844] can0: slcan on ptm0. [ 1599.030105][T31840] svc: failed to register nfsdv3 RPC service (errno 111). [ 1599.076210][T31840] svc: failed to register nfsaclv3 RPC service (errno 111). [ 1599.231225][T31842] can0 (unregistered): slcan off ptm0. [ 1599.740455][T31854] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8717'. [ 1603.625996][T31908] FAULT_INJECTION: forcing a failure. [ 1603.625996][T31908] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1603.748548][T31908] CPU: 0 UID: 0 PID: 31908 Comm: syz.8.8729 Tainted: G U syzkaller #0 PREEMPT(full) [ 1603.748575][T31908] Tainted: [U]=USER [ 1603.748581][T31908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1603.748591][T31908] Call Trace: [ 1603.748596][T31908] [ 1603.748603][T31908] dump_stack_lvl+0x16c/0x1f0 [ 1603.748625][T31908] should_fail_ex+0x512/0x640 [ 1603.748650][T31908] should_fail_alloc_page+0xe7/0x130 [ 1603.748673][T31908] prepare_alloc_pages+0x3c2/0x610 [ 1603.748695][T31908] __alloc_frozen_pages_noprof+0x18b/0x2470 [ 1603.748711][T31908] ? __alloc_frozen_pages_noprof+0x292/0x2470 [ 1603.748726][T31908] ? css_rstat_updated+0x1c2/0x510 [ 1603.748749][T31908] ? find_held_lock+0x2b/0x80 [ 1603.748764][T31908] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1603.748778][T31908] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1603.748801][T31908] ? __alloc_frozen_pages_noprof+0x292/0x2470 [ 1603.748818][T31908] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1603.748843][T31908] ? policy_nodemask+0xea/0x4e0 [ 1603.748863][T31908] alloc_pages_mpol+0x1fb/0x550 [ 1603.748883][T31908] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1603.748901][T31908] ? do_raw_spin_lock+0x12c/0x2b0 [ 1603.748923][T31908] ? find_held_lock+0x2b/0x80 [ 1603.748940][T31908] alloc_pages_noprof+0x131/0x390 [ 1603.748960][T31908] __pmd_alloc+0x3b/0x8b0 [ 1603.748978][T31908] ? __pud_alloc+0x51f/0x6b0 [ 1603.748998][T31908] walk_to_pmd+0x3a6/0x4c0 [ 1603.749018][T31908] __get_locked_pte+0x25/0xc0 [ 1603.749039][T31908] map_ldt_struct+0x3b0/0xa60 [ 1603.749058][T31908] ? __pfx_map_ldt_struct+0x10/0x10 [ 1603.749073][T31908] ? alloc_pages_noprof+0x23c/0x390 [ 1603.749095][T31908] write_ldt+0x8fa/0xd20 [ 1603.749112][T31908] ? __pfx_write_ldt+0x10/0x10 [ 1603.749126][T31908] ? fput+0x9b/0xd0 [ 1603.749146][T31908] ? __pfx_ksys_write+0x10/0x10 [ 1603.749174][T31908] __x64_sys_modify_ldt+0xb1/0x170 [ 1603.749190][T31908] do_syscall_64+0xcd/0xfa0 [ 1603.749209][T31908] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1603.749225][T31908] RIP: 0033:0x7f8f4ff8efc9 [ 1603.749239][T31908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1603.749253][T31908] RSP: 002b:00007f8f50e58038 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 1603.749268][T31908] RAX: ffffffffffffffda RBX: 00007f8f501e5fa0 RCX: 00007f8f4ff8efc9 [ 1603.749279][T31908] RDX: 0000000000000010 RSI: 00002000000001c0 RDI: 0000000000000001 [ 1603.749289][T31908] RBP: 00007f8f50011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1603.749298][T31908] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1603.749307][T31908] R13: 00007f8f501e6038 R14: 00007f8f501e5fa0 R15: 00007ffd4351a828 [ 1603.749327][T31908] [ 1605.999323][T31941] random: crng reseeded on system resumption [ 1606.462850][T31945] zswap: compressor not available [ 1606.987182][T31945] ERROR: Out of memory at tomoyo_memory_ok. [ 1608.017268][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1608.025214][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1608.569638][T31951] Process accounting paused [ 1608.715109][T31967] ERROR: Out of memory at tomoyo_memory_ok. [ 1608.798957][T31967] netlink: 40 bytes leftover after parsing attributes in process `syz.6.8739'. [ 1609.284332][T31978] netlink: 'syz.6.8742': attribute type 7 has an invalid length. [ 1609.333789][T31978] netlink: 17 bytes leftover after parsing attributes in process `syz.6.8742'. [ 1612.382457][T31504] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 1612.490031][T32014] random: crng reseeded on system resumption [ 1612.772674][T32018] random: crng reseeded on system resumption [ 1613.292546][T31999] kexec: Could not allocate control_code_buffer [ 1613.699606][T32025] zswap: compressor not available [ 1613.981232][T32041] ERROR: Out of memory at tomoyo_memory_ok. [ 1614.122980][T32038] FAULT_INJECTION: forcing a failure. [ 1614.122980][T32038] name failslab, interval 1, probability 393216, space 0, times 0 [ 1614.186794][T32038] CPU: 0 UID: 0 PID: 32038 Comm: syz.8.8756 Tainted: G U syzkaller #0 PREEMPT(full) [ 1614.186821][T32038] Tainted: [U]=USER [ 1614.186827][T32038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1614.186836][T32038] Call Trace: [ 1614.186841][T32038] [ 1614.186848][T32038] dump_stack_lvl+0x16c/0x1f0 [ 1614.186870][T32038] should_fail_ex+0x512/0x640 [ 1614.186892][T32038] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1614.186918][T32038] should_failslab+0xc2/0x120 [ 1614.186938][T32038] __kmalloc_cache_noprof+0x72/0x780 [ 1614.186961][T32038] ? kvm_pic_init+0x4f/0x380 [ 1614.186985][T32038] ? kvm_pic_init+0x4f/0x380 [ 1614.187003][T32038] ? stack_depot_save_flags+0x29/0x9c0 [ 1614.187025][T32038] kvm_pic_init+0x4f/0x380 [ 1614.187048][T32038] kvm_arch_vm_ioctl+0x8f0/0x18b0 [ 1614.187066][T32038] ? register_lock_class+0x41/0x4c0 [ 1614.187086][T32038] ? find_held_lock+0x2b/0x80 [ 1614.187100][T32038] ? __pfx_kvm_arch_vm_ioctl+0x10/0x10 [ 1614.187117][T32038] ? ima_match_policy+0x7f9/0x22e0 [ 1614.187142][T32038] ? __lock_acquire+0x622/0x1c90 [ 1614.187166][T32038] ? __lock_acquire+0x622/0x1c90 [ 1614.187191][T32038] ? __lock_acquire+0x622/0x1c90 [ 1614.187214][T32038] ? __lock_acquire+0x622/0x1c90 [ 1614.187246][T32038] ? bpf_ksym_find+0x124/0x1c0 [ 1614.187263][T32038] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1614.187282][T32038] ? is_bpf_text_address+0x94/0x1a0 [ 1614.187302][T32038] ? kernel_text_address+0x8d/0x100 [ 1614.187324][T32038] ? widen_string+0xdc/0x2d0 [ 1614.187343][T32038] ? __kernel_text_address+0xd/0x40 [ 1614.187355][T32038] ? unwind_get_return_address+0x59/0xa0 [ 1614.187371][T32038] ? arch_stack_walk+0xa6/0x100 [ 1614.187393][T32038] ? stack_trace_save+0x8e/0xc0 [ 1614.187409][T32038] ? __pfx_stack_trace_save+0x10/0x10 [ 1614.187426][T32038] ? stack_depot_save_flags+0x29/0x9c0 [ 1614.187448][T32038] ? __lock_acquire+0xb8a/0x1c90 [ 1614.187468][T32038] ? kasan_save_stack+0x42/0x60 [ 1614.187484][T32038] ? kasan_save_stack+0x33/0x60 [ 1614.187499][T32038] ? kasan_save_track+0x14/0x30 [ 1614.187514][T32038] ? __kasan_save_free_info+0x3b/0x60 [ 1614.187526][T32038] ? __kasan_slab_free+0x5f/0x80 [ 1614.187542][T32038] ? kfree+0x2b8/0x6d0 [ 1614.187552][T32038] ? tomoyo_path_number_perm+0x470/0x580 [ 1614.187577][T32038] kvm_vm_ioctl+0x1a91/0x3fd0 [ 1614.187600][T32038] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1614.187628][T32038] ? kasan_quarantine_put+0x10a/0x240 [ 1614.187644][T32038] ? lockdep_hardirqs_on+0x7c/0x110 [ 1614.187661][T32038] ? find_held_lock+0x2b/0x80 [ 1614.187676][T32038] ? tomoyo_path_number_perm+0x295/0x580 [ 1614.187701][T32038] ? tomoyo_path_number_perm+0x18d/0x580 [ 1614.187724][T32038] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1614.187753][T32038] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1614.187778][T32038] ? do_vfs_ioctl+0x128/0x14f0 [ 1614.187799][T32038] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1614.187825][T32038] ? find_held_lock+0x2b/0x80 [ 1614.187838][T32038] ? hook_file_ioctl_common+0x145/0x410 [ 1614.187857][T32038] ? __fget_files+0x20e/0x3c0 [ 1614.187874][T32038] ? __pfx_kvm_vm_ioctl+0x10/0x10 [ 1614.187891][T32038] __x64_sys_ioctl+0x18e/0x210 [ 1614.187913][T32038] do_syscall_64+0xcd/0xfa0 [ 1614.187930][T32038] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1614.187945][T32038] RIP: 0033:0x7f8f4ff8efc9 [ 1614.187958][T32038] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1614.187972][T32038] RSP: 002b:00007f8f50e58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1614.187987][T32038] RAX: ffffffffffffffda RBX: 00007f8f501e5fa0 RCX: 00007f8f4ff8efc9 [ 1614.187996][T32038] RDX: 0010000000000402 RSI: 000000000000ae60 RDI: 0000000000000003 [ 1614.188006][T32038] RBP: 00007f8f50011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1614.188015][T32038] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1614.188024][T32038] R13: 00007f8f501e6038 R14: 00007f8f501e5fa0 R15: 00007ffd4351a828 [ 1614.188044][T32038] [ 1615.456920][T32044] hub 1-0:1.0: USB hub found [ 1615.545513][T32044] hub 1-0:1.0: 1 port detected [ 1615.642664][T32044] FAULT_INJECTION: forcing a failure. [ 1615.642664][T32044] name failslab, interval 1, probability 393216, space 0, times 0 [ 1615.664985][T32044] CPU: 0 UID: 0 PID: 32044 Comm: syz.6.8758 Tainted: G U syzkaller #0 PREEMPT(full) [ 1615.665013][T32044] Tainted: [U]=USER [ 1615.665018][T32044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1615.665028][T32044] Call Trace: [ 1615.665033][T32044] [ 1615.665040][T32044] dump_stack_lvl+0x16c/0x1f0 [ 1615.665062][T32044] should_fail_ex+0x512/0x640 [ 1615.665084][T32044] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1615.665101][T32044] should_failslab+0xc2/0x120 [ 1615.665121][T32044] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1615.665136][T32044] ? __kernfs_new_node+0xd2/0x8e0 [ 1615.665159][T32044] ? __kernfs_new_node+0xd2/0x8e0 [ 1615.665176][T32044] __kernfs_new_node+0xd2/0x8e0 [ 1615.665197][T32044] ? __pfx___kernfs_new_node+0x10/0x10 [ 1615.665220][T32044] ? find_held_lock+0x2b/0x80 [ 1615.665237][T32044] ? kernfs_root+0xee/0x2a0 [ 1615.665258][T32044] kernfs_new_node+0x13c/0x1e0 [ 1615.665282][T32044] kernfs_create_dir_ns+0x4c/0x1a0 [ 1615.665305][T32044] sysfs_create_dir_ns+0x13a/0x2b0 [ 1615.665324][T32044] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1615.665341][T32044] ? find_held_lock+0x2b/0x80 [ 1615.665359][T32044] ? do_raw_spin_unlock+0x172/0x230 [ 1615.665382][T32044] kobject_add_internal+0x2c4/0x9b0 [ 1615.665408][T32044] kobject_add+0x16e/0x240 [ 1615.665426][T32044] ? __pfx_kobject_add+0x10/0x10 [ 1615.665447][T32044] ? lockdep_init_map_type+0x5c/0x280 [ 1615.665466][T32044] ? class_to_subsys+0x131/0x160 [ 1615.665493][T32044] device_add+0x288/0x1aa0 [ 1615.665515][T32044] ? lockdep_init_map_type+0x5c/0x280 [ 1615.665535][T32044] ? __pfx_device_add+0x10/0x10 [ 1615.665555][T32044] ? lockdep_init_map_type+0x5c/0x280 [ 1615.665575][T32044] ? __init_waitqueue_head+0xca/0x150 [ 1615.665602][T32044] usb_hub_create_port_device+0x3a1/0xde0 [ 1615.665625][T32044] hub_probe+0x203b/0x3480 [ 1615.665644][T32044] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1615.665666][T32044] ? __pfx_hub_probe+0x10/0x10 [ 1615.665677][T32044] ? mark_held_locks+0x49/0x80 [ 1615.665695][T32044] ? force_hpet_resume+0x90/0x330 [ 1615.665713][T32044] ? mark_held_locks+0x49/0x80 [ 1615.665730][T32044] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1615.665748][T32044] usb_probe_interface+0x303/0xa40 [ 1615.665767][T32044] ? __pfx_usb_probe_interface+0x10/0x10 [ 1615.665784][T32044] really_probe+0x241/0xa90 [ 1615.665805][T32044] __driver_probe_device+0x1de/0x440 [ 1615.665825][T32044] driver_probe_device+0x4c/0x1b0 [ 1615.665845][T32044] __device_attach_driver+0x1df/0x310 [ 1615.665865][T32044] ? __pfx___device_attach_driver+0x10/0x10 [ 1615.665884][T32044] bus_for_each_drv+0x159/0x1e0 [ 1615.665908][T32044] ? __pfx_bus_for_each_drv+0x10/0x10 [ 1615.665926][T32044] ? lockdep_hardirqs_on+0x7c/0x110 [ 1615.665942][T32044] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1615.665960][T32044] __device_attach+0x1e4/0x4b0 [ 1615.665979][T32044] ? __pfx___device_attach+0x10/0x10 [ 1615.665999][T32044] ? do_raw_spin_unlock+0x172/0x230 [ 1615.666028][T32044] bus_probe_device+0x17f/0x1c0 [ 1615.666046][T32044] device_add+0x1148/0x1aa0 [ 1615.666069][T32044] ? __pfx_device_add+0x10/0x10 [ 1615.666091][T32044] ? mark_held_locks+0x49/0x80 [ 1615.666116][T32044] usb_set_configuration+0x1187/0x1e20 [ 1615.666151][T32044] bConfigurationValue_store+0x100/0x180 [ 1615.666166][T32044] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1615.666180][T32044] ? find_held_lock+0x2b/0x80 [ 1615.666195][T32044] ? sysfs_file_kobj+0xe4/0x290 [ 1615.666212][T32044] ? __pfx_bConfigurationValue_store+0x10/0x10 [ 1615.666225][T32044] dev_attr_store+0x58/0x80 [ 1615.666245][T32044] ? __pfx_dev_attr_store+0x10/0x10 [ 1615.666264][T32044] sysfs_kf_write+0xf2/0x150 [ 1615.666281][T32044] kernfs_fop_write_iter+0x3af/0x570 [ 1615.666302][T32044] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1615.666320][T32044] iter_file_splice_write+0xa24/0x12e0 [ 1615.666348][T32044] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1615.666367][T32044] ? __pfx_copy_splice_read+0x10/0x10 [ 1615.666401][T32044] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1615.666417][T32044] direct_splice_actor+0x192/0x6c0 [ 1615.666434][T32044] splice_direct_to_actor+0x345/0xa30 [ 1615.666450][T32044] ? __pfx_direct_splice_actor+0x10/0x10 [ 1615.666468][T32044] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1615.666489][T32044] do_splice_direct+0x174/0x240 [ 1615.666503][T32044] ? __pfx_do_splice_direct+0x10/0x10 [ 1615.666518][T32044] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1615.666544][T32044] ? rw_verify_area+0xcf/0x6c0 [ 1615.666560][T32044] do_sendfile+0xb06/0xe50 [ 1615.666578][T32044] ? __pfx_do_sendfile+0x10/0x10 [ 1615.666597][T32044] ? __x64_sys_futex+0x1e0/0x4c0 [ 1615.666615][T32044] ? __x64_sys_futex+0x1e9/0x4c0 [ 1615.666636][T32044] __x64_sys_sendfile64+0x1d8/0x220 [ 1615.666656][T32044] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1615.666681][T32044] do_syscall_64+0xcd/0xfa0 [ 1615.666699][T32044] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1615.666714][T32044] RIP: 0033:0x7f923678efc9 [ 1615.666727][T32044] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1615.666742][T32044] RSP: 002b:00007f923761f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1615.666758][T32044] RAX: ffffffffffffffda RBX: 00007f92369e5fa0 RCX: 00007f923678efc9 [ 1615.666769][T32044] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000006 [ 1615.666778][T32044] RBP: 00007f9236811f91 R08: 0000000000000000 R09: 0000000000000000 [ 1615.666787][T32044] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 1615.666796][T32044] R13: 00007f92369e6038 R14: 00007f92369e5fa0 R15: 00007fffde27d548 [ 1615.666817][T32044] [ 1616.209889][ C0] vkms_vblank_simulate: vblank timer overrun [ 1616.231221][T32044] kobject: kobject_add_internal failed for usb1-port1 (error: -12 parent: 1-0:1.0) [ 1616.240679][T32044] hub 1-0:1.0: couldn't create port1 device. [ 1616.246759][T32044] hub 1-0:1.0: config failed, out of memory (err -12) [ 1618.263261][T30704] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1618.281160][T30704] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1618.289811][T30704] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1618.297902][T30704] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1618.305673][T30704] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1619.112200][T32077] chnl_net:caif_netlink_parms(): no params data found [ 1619.615414][T32077] bridge0: port 1(bridge_slave_0) entered blocking state [ 1619.650107][T32077] bridge0: port 1(bridge_slave_0) entered disabled state [ 1619.677738][T32077] bridge_slave_0: entered allmulticast mode [ 1619.715214][T32077] bridge_slave_0: entered promiscuous mode [ 1619.766233][T32077] bridge0: port 2(bridge_slave_1) entered blocking state [ 1619.809819][T32077] bridge0: port 2(bridge_slave_1) entered disabled state [ 1619.853500][T32077] bridge_slave_1: entered allmulticast mode [ 1619.884100][T32077] bridge_slave_1: entered promiscuous mode [ 1620.080513][T32077] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1620.156545][T32077] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1620.340868][T31504] Bluetooth: hci6: command tx timeout [ 1620.360705][T32077] team0: Port device team_slave_0 added [ 1620.413636][T32077] team0: Port device team_slave_1 added [ 1620.655020][T32077] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1620.704820][T32077] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1620.887744][T32077] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1620.959362][T32077] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1620.966338][T32077] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1621.101400][T32077] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1621.389078][T32116] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8772'. [ 1621.437699][T32116] netlink: 'syz.4.8772': attribute type 1 has an invalid length. [ 1621.506914][T32116] netlink: 'syz.4.8772': attribute type 6 has an invalid length. [ 1622.410066][T31504] Bluetooth: hci6: command tx timeout [ 1622.520189][T32077] hsr_slave_0: entered promiscuous mode [ 1622.561843][T32077] hsr_slave_1: entered promiscuous mode [ 1622.604890][T32077] debugfs: 'hsr0' already exists in 'hsr' [ 1622.634048][T32077] Cannot create hsr debugfs directory [ 1623.284742][T32111] kexec: Could not allocate control_code_buffer [ 1623.459879][T32077] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1623.519162][T32077] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1623.587492][T32077] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1623.676766][T32077] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1624.051690][T32077] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1624.170203][T32077] 8021q: adding VLAN 0 to HW filter on device team0 [ 1624.253694][T30811] bridge0: port 1(bridge_slave_0) entered blocking state [ 1624.260882][T30811] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1624.342616][T30811] bridge0: port 2(bridge_slave_1) entered blocking state [ 1624.349802][T30811] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1624.479323][T31504] Bluetooth: hci6: command tx timeout [ 1624.587164][T32077] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1624.659837][T32077] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1625.321583][T32077] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1626.361602][T32144] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1626.515832][T32077] veth0_vlan: entered promiscuous mode [ 1626.550425][T31504] Bluetooth: hci6: command tx timeout [ 1626.692907][T32077] veth1_vlan: entered promiscuous mode [ 1626.784089][T32183] random: crng reseeded on system resumption [ 1626.943486][T32077] veth0_macvtap: entered promiscuous mode [ 1627.001626][T32077] veth1_macvtap: entered promiscuous mode [ 1627.109355][T32077] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1627.148063][T32077] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1627.346417][T30721] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1627.397025][T30721] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1627.478028][T30721] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1627.536311][T30721] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1628.030350][T30811] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1628.081173][T30811] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1628.229588][T31542] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1628.237419][T31542] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1630.310021][T32219] netlink: 338 bytes leftover after parsing attributes in process `syz.8.8789'. [ 1630.366062][T32219] macsec0: entered allmulticast mode [ 1630.411101][T32219] veth1_macvtap: entered allmulticast mode [ 1633.519807][T32273] FAULT_INJECTION: forcing a failure. [ 1633.519807][T32273] name failslab, interval 1, probability 393216, space 0, times 0 [ 1633.544851][T32273] CPU: 0 UID: 0 PID: 32273 Comm: syz.9.8802 Tainted: G U syzkaller #0 PREEMPT(full) [ 1633.544878][T32273] Tainted: [U]=USER [ 1633.544883][T32273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1633.544892][T32273] Call Trace: [ 1633.544897][T32273] [ 1633.544904][T32273] dump_stack_lvl+0x16c/0x1f0 [ 1633.544925][T32273] should_fail_ex+0x512/0x640 [ 1633.544947][T32273] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1633.544965][T32273] should_failslab+0xc2/0x120 [ 1633.544984][T32273] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1633.545006][T32273] ? copy_fs_struct+0x49/0x340 [ 1633.545032][T32273] ? copy_fs_struct+0x49/0x340 [ 1633.545051][T32273] copy_fs_struct+0x49/0x340 [ 1633.545073][T32273] ksys_unshare+0x356/0xa40 [ 1633.545094][T32273] ? __pfx_ksys_unshare+0x10/0x10 [ 1633.545113][T32273] ? xfd_validate_state+0x61/0x180 [ 1633.545139][T32273] __x64_sys_unshare+0x31/0x40 [ 1633.545157][T32273] do_syscall_64+0xcd/0xfa0 [ 1633.545174][T32273] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1633.545189][T32273] RIP: 0033:0x7f71a718efc9 [ 1633.545200][T32273] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1633.545214][T32273] RSP: 002b:00007f71a8081038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1633.545229][T32273] RAX: ffffffffffffffda RBX: 00007f71a73e5fa0 RCX: 00007f71a718efc9 [ 1633.545239][T32273] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 1633.545248][T32273] RBP: 00007f71a7211f91 R08: 0000000000000000 R09: 0000000000000000 [ 1633.545257][T32273] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1633.545265][T32273] R13: 00007f71a73e6038 R14: 00007f71a73e5fa0 R15: 00007ffc149e4078 [ 1633.545284][T32273] [ 1633.726459][ C0] vkms_vblank_simulate: vblank timer overrun [ 1634.536919][T32279] ERROR: Out of memory at tomoyo_memory_ok. [ 1635.317764][T32273] kexec: Could not allocate control_code_buffer [ 1635.466530][T32287] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1637.118045][T32320] netlink: 4 bytes leftover after parsing attributes in process `syz.9.8813'. [ 1637.156662][T32320] netlink: 354 bytes leftover after parsing attributes in process `syz.9.8813'. [ 1637.503495][T32329] ERROR: Out of memory at tomoyo_memory_ok. [ 1637.650815][T32329] FAULT_INJECTION: forcing a failure. [ 1637.650815][T32329] name failslab, interval 1, probability 393216, space 0, times 0 [ 1637.813536][T32329] CPU: 0 UID: 0 PID: 32329 Comm: syz.4.8814 Tainted: G U syzkaller #0 PREEMPT(full) [ 1637.813563][T32329] Tainted: [U]=USER [ 1637.813568][T32329] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1637.813578][T32329] Call Trace: [ 1637.813583][T32329] [ 1637.813590][T32329] dump_stack_lvl+0x16c/0x1f0 [ 1637.813619][T32329] should_fail_ex+0x512/0x640 [ 1637.813645][T32329] ? __kmalloc_cache_noprof+0x5f/0x780 [ 1637.813672][T32329] should_failslab+0xc2/0x120 [ 1637.813691][T32329] __kmalloc_cache_noprof+0x72/0x780 [ 1637.813715][T32329] ? ip6addrlbl_add+0xbb/0xc40 [ 1637.813740][T32329] ? ip6addrlbl_add+0xbb/0xc40 [ 1637.813760][T32329] ip6addrlbl_add+0xbb/0xc40 [ 1637.813787][T32329] ip6addrlbl_net_init+0x10a/0x380 [ 1637.813809][T32329] ? __pfx_ip6addrlbl_net_init+0x10/0x10 [ 1637.813830][T32329] ops_init+0x1e2/0x5f0 [ 1637.813848][T32329] setup_net+0x100/0x390 [ 1637.813862][T32329] ? __pfx_setup_net+0x10/0x10 [ 1637.813878][T32329] ? debug_mutex_init+0x37/0x70 [ 1637.813895][T32329] copy_net_ns+0x2f8/0x690 [ 1637.813913][T32329] create_new_namespaces+0x3ea/0xa90 [ 1637.813934][T32329] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 1637.813953][T32329] ksys_unshare+0x45b/0xa40 [ 1637.813971][T32329] ? __pfx_ksys_unshare+0x10/0x10 [ 1637.813991][T32329] ? xfd_validate_state+0x61/0x180 [ 1637.814017][T32329] __x64_sys_unshare+0x31/0x40 [ 1637.814035][T32329] do_syscall_64+0xcd/0xfa0 [ 1637.814053][T32329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1637.814067][T32329] RIP: 0033:0x7ff21e38efc9 [ 1637.814080][T32329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1637.814094][T32329] RSP: 002b:00007ff21f192038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1637.814112][T32329] RAX: ffffffffffffffda RBX: 00007ff21e5e5fa0 RCX: 00007ff21e38efc9 [ 1637.814121][T32329] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1637.814129][T32329] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1637.814138][T32329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1637.814147][T32329] R13: 00007ff21e5e6038 R14: 00007ff21e5e5fa0 R15: 00007ffdfb7db798 [ 1637.814166][T32329] [ 1637.815047][T32337] netlink: 28 bytes leftover after parsing attributes in process `syz.9.8817'. [ 1638.586833][T32329] Process accounting resumed [ 1640.129282][T32357] ERROR: Out of memory at tomoyo_memory_ok. [ 1641.320236][T32303] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1643.542622][T32409] FAULT_INJECTION: forcing a failure. [ 1643.542622][T32409] name failslab, interval 1, probability 393216, space 0, times 0 [ 1643.599472][T32409] CPU: 0 UID: 0 PID: 32409 Comm: syz.8.8830 Tainted: G U syzkaller #0 PREEMPT(full) [ 1643.599499][T32409] Tainted: [U]=USER [ 1643.599504][T32409] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1643.599514][T32409] Call Trace: [ 1643.599519][T32409] [ 1643.599526][T32409] dump_stack_lvl+0x16c/0x1f0 [ 1643.599546][T32409] should_fail_ex+0x512/0x640 [ 1643.599570][T32409] ? kmem_cache_alloc_noprof+0x62/0x6e0 [ 1643.599587][T32409] should_failslab+0xc2/0x120 [ 1643.599607][T32409] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1643.599621][T32409] ? copy_fs_struct+0x49/0x340 [ 1643.599644][T32409] ? copy_fs_struct+0x49/0x340 [ 1643.599663][T32409] copy_fs_struct+0x49/0x340 [ 1643.599683][T32409] ksys_unshare+0x356/0xa40 [ 1643.599703][T32409] ? __pfx_ksys_unshare+0x10/0x10 [ 1643.599722][T32409] ? xfd_validate_state+0x61/0x180 [ 1643.599748][T32409] __x64_sys_unshare+0x31/0x40 [ 1643.599767][T32409] do_syscall_64+0xcd/0xfa0 [ 1643.599784][T32409] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1643.599799][T32409] RIP: 0033:0x7f8f4ff8efc9 [ 1643.599811][T32409] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1643.599825][T32409] RSP: 002b:00007f8f50e58038 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1643.599840][T32409] RAX: ffffffffffffffda RBX: 00007f8f501e5fa0 RCX: 00007f8f4ff8efc9 [ 1643.599850][T32409] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 1643.599858][T32409] RBP: 00007f8f50011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1643.599867][T32409] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1643.599876][T32409] R13: 00007f8f501e6038 R14: 00007f8f501e5fa0 R15: 00007ffd4351a828 [ 1643.599895][T32409] [ 1643.784285][ C0] vkms_vblank_simulate: vblank timer overrun [ 1645.478402][T32409] kexec: Could not allocate control_code_buffer [ 1647.197670][T32443] netlink: 306 bytes leftover after parsing attributes in process `syz.9.8837'. [ 1648.648552][T32467] i2c i2c-0: delete_device: Can't find device in list [ 1651.424115][T32490] kexec: Could not allocate control_code_buffer [ 1655.493469][T32561] snd_aloop snd_aloop.0: control 7:265:7:ͺΈθ:2 is already present [ 1657.181327][T32586] FAULT_INJECTION: forcing a failure. [ 1657.181327][T32586] name failslab, interval 1, probability 393216, space 0, times 0 [ 1657.561153][T32586] CPU: 0 UID: 0 PID: 32586 Comm: syz.4.8865 Tainted: G U syzkaller #0 PREEMPT(full) [ 1657.561180][T32586] Tainted: [U]=USER [ 1657.561185][T32586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1657.561194][T32586] Call Trace: [ 1657.561200][T32586] [ 1657.561206][T32586] dump_stack_lvl+0x16c/0x1f0 [ 1657.561227][T32586] should_fail_ex+0x512/0x640 [ 1657.561252][T32586] should_failslab+0xc2/0x120 [ 1657.561272][T32586] kmem_cache_alloc_noprof+0x75/0x6e0 [ 1657.561287][T32586] ? __pfx___alloc_skb+0x10/0x10 [ 1657.561307][T32586] ? sctp_chunkify+0x51/0x2d0 [ 1657.561334][T32586] ? sctp_chunkify+0x51/0x2d0 [ 1657.561355][T32586] sctp_chunkify+0x51/0x2d0 [ 1657.561378][T32586] _sctp_make_chunk+0x148/0x270 [ 1657.561393][T32586] sctp_make_control+0x2f/0x2d0 [ 1657.561407][T32586] sctp_make_sack+0x1af/0x520 [ 1657.561423][T32586] ? __pfx_sctp_make_sack+0x10/0x10 [ 1657.561443][T32586] ? sctp_sf_eat_data_6_2+0x574/0xba0 [ 1657.561465][T32586] sctp_do_sm+0x4215/0x5c80 [ 1657.561500][T32586] ? __pfx_sctp_do_sm+0x10/0x10 [ 1657.561520][T32586] ? __pfx_sctp_do_sm+0x10/0x10 [ 1657.561566][T32586] ? ktime_get+0x200/0x310 [ 1657.561583][T32586] ? lockdep_hardirqs_on+0x7c/0x110 [ 1657.561602][T32586] sctp_assoc_bh_rcv+0x392/0x6f0 [ 1657.561626][T32586] sctp_inq_push+0x1db/0x270 [ 1657.561646][T32586] sctp_backlog_rcv+0x169/0x590 [ 1657.561670][T32586] ? __pfx_sctp_backlog_rcv+0x10/0x10 [ 1657.561691][T32586] __release_sock+0x3a9/0x450 [ 1657.561713][T32586] release_sock+0x5a/0x220 [ 1657.561727][T32586] sctp_sendmsg+0xeb9/0x1e00 [ 1657.561752][T32586] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1657.561770][T32586] ? __pfx___might_resched+0x10/0x10 [ 1657.561785][T32586] ? rcu_is_watching+0x12/0xc0 [ 1657.561803][T32586] ? aa_sk_perm+0x2f4/0xb10 [ 1657.561824][T32586] ? __pfx_aa_sk_perm+0x10/0x10 [ 1657.561836][T32586] ? iovec_from_user+0xbb/0x140 [ 1657.561855][T32586] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1657.561875][T32586] inet_sendmsg+0x11c/0x140 [ 1657.561897][T32586] ____sys_sendmsg+0x973/0xc70 [ 1657.561915][T32586] ? copy_msghdr_from_user+0x10a/0x160 [ 1657.561928][T32586] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1657.561947][T32586] ? trace_pid_list_is_set+0x100/0x150 [ 1657.561969][T32586] ? trace_ignore_this_task+0xc3/0x100 [ 1657.561986][T32586] ___sys_sendmsg+0x134/0x1d0 [ 1657.562001][T32586] ? __pfx____sys_sendmsg+0x10/0x10 [ 1657.562024][T32586] ? find_held_lock+0x2b/0x80 [ 1657.562051][T32586] __sys_sendmmsg+0x200/0x420 [ 1657.562067][T32586] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1657.562087][T32586] ? __pfx_do_futex+0x10/0x10 [ 1657.562104][T32586] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1657.562132][T32586] ? xfd_validate_state+0x61/0x180 [ 1657.562151][T32586] ? __pfx_do_writev+0x10/0x10 [ 1657.562169][T32586] __x64_sys_sendmmsg+0x9c/0x100 [ 1657.562183][T32586] ? lockdep_hardirqs_on+0x7c/0x110 [ 1657.562198][T32586] do_syscall_64+0xcd/0xfa0 [ 1657.562215][T32586] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1657.562229][T32586] RIP: 0033:0x7ff21e38efc9 [ 1657.562242][T32586] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1657.562257][T32586] RSP: 002b:00007ff21f150038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1657.562272][T32586] RAX: ffffffffffffffda RBX: 00007ff21e5e6180 RCX: 00007ff21e38efc9 [ 1657.562282][T32586] RDX: 0000000000000003 RSI: 0000200000000080 RDI: 0000000000000003 [ 1657.562292][T32586] RBP: 00007ff21e411f91 R08: 0000000000000000 R09: 0000000000000000 [ 1657.562301][T32586] R10: 000000000000e3a7 R11: 0000000000000246 R12: 0000000000000000 [ 1657.562310][T32586] R13: 00007ff21e5e6218 R14: 00007ff21e5e6180 R15: 00007ffdfb7db798 [ 1657.562329][T32586] [ 1660.899403][T32622] netlink: 20 bytes leftover after parsing attributes in process `syz.9.8882'. [ 1661.558915][T32630] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1662.628975][T32647] netlink: 28 bytes leftover after parsing attributes in process `syz.9.8879'. [ 1662.659056][T32647] hsr_slave_0: left promiscuous mode [ 1662.679873][T32647] hsr_slave_1: left promiscuous mode [ 1663.189070][T32658] netlink: 186 bytes leftover after parsing attributes in process `syz.9.8881'. [ 1666.231086][T32683] kexec: Could not allocate control_code_buffer [ 1667.206842][T32701] snd_aloop snd_aloop.0: control 7:265:7:ͺΈθ:2 is already present [ 1667.610215][T32711] block nbd9: NBD_DISCONNECT [ 1668.304382][T30704] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 1668.320897][T30704] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 1668.329676][T30704] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 1668.345497][T30704] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 1668.361782][T30704] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 1668.914390][T32700] Process accounting paused [ 1669.102031][T32723] chnl_net:caif_netlink_parms(): no params data found [ 1669.131136][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.144122][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.470790][T32723] bridge0: port 1(bridge_slave_0) entered blocking state [ 1669.497328][T32723] bridge0: port 1(bridge_slave_0) entered disabled state [ 1669.518256][T32723] bridge_slave_0: entered allmulticast mode [ 1669.533234][T32723] bridge_slave_0: entered promiscuous mode [ 1669.551441][T32723] bridge0: port 2(bridge_slave_1) entered blocking state [ 1669.571116][T32723] bridge0: port 2(bridge_slave_1) entered disabled state [ 1669.587216][T32723] bridge_slave_1: entered allmulticast mode [ 1669.607786][T32723] bridge_slave_1: entered promiscuous mode [ 1669.666012][T32723] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1669.694584][T32723] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1669.771164][T32723] team0: Port device team_slave_0 added [ 1669.791504][T32723] team0: Port device team_slave_1 added [ 1669.945487][T32723] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1670.030672][T32723] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1670.266008][T32723] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1670.370933][T32723] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1670.401111][T30704] Bluetooth: hci7: command tx timeout [ 1670.477283][T32723] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1670.806819][T32723] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1671.635935][T32723] hsr_slave_0: entered promiscuous mode [ 1671.725375][T32723] hsr_slave_1: entered promiscuous mode [ 1671.807656][T32723] debugfs: 'hsr0' already exists in 'hsr' [ 1671.869512][T32723] Cannot create hsr debugfs directory [ 1672.472299][T30704] Bluetooth: hci7: command tx timeout [ 1672.666318][ T301] kexec: Could not allocate control_code_buffer [ 1672.778218][ T304] ERROR: Out of memory at tomoyo_memory_ok. [ 1672.834172][T32723] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1672.977864][T32723] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1673.094692][T32723] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1673.214697][T32723] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1673.296376][ T310] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8912'. [ 1673.316323][T32723] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1673.366699][ T310] geneve1: entered promiscuous mode [ 1673.372142][ T310] geneve1: entered allmulticast mode [ 1673.406844][ T310] netlink: 28 bytes leftover after parsing attributes in process `syz.4.8912'. [ 1673.584977][ T31] INFO: task kworker/u11:2:30717 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1673.639626][ T31] Tainted: G U syzkaller #0 [ 1673.726124][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1673.847723][ T31] task:kworker/u11:2 state:D stack:26904 pid:30717 tgid:30717 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1674.012190][ T31] Workqueue: netns cleanup_net [ 1674.024551][T32723] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1674.031999][ T31] Call Trace: [ 1674.042954][ T31] [ 1674.050339][ T31] __schedule+0x1190/0x5de0 [ 1674.080488][ T31] ? __lock_acquire+0x622/0x1c90 [ 1674.103542][ T31] ? __pfx___schedule+0x10/0x10 [ 1674.108432][ T31] ? find_held_lock+0x2b/0x80 [ 1674.142813][ T31] ? schedule+0x2d7/0x3a0 [ 1674.147171][ T31] schedule+0xe7/0x3a0 [ 1674.163086][ T31] schedule_timeout+0x257/0x290 [ 1674.167966][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1674.201384][ T31] ? mark_held_locks+0x49/0x80 [ 1674.216390][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1674.236623][ T31] __wait_for_common+0x2fc/0x4e0 [ 1674.250654][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1674.256067][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1674.300763][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1674.306047][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 1674.326226][ T31] __flush_workqueue+0x3e2/0x1230 [ 1674.342229][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 1674.362395][ T31] ? reacquire_held_locks+0xcd/0x1f0 [ 1674.367713][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1674.399231][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1674.414926][ T31] rds_tcp_listen_stop+0x104/0x150 [ 1674.469369][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1674.474768][ T31] rds_tcp_exit_net+0xcb/0x810 [ 1674.538623][T30704] Bluetooth: hci7: command tx timeout [ 1674.558587][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1674.563980][ T31] ? __pfx___might_resched+0x10/0x10 [ 1674.618313][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1674.623708][ T31] ops_undo_list+0x2ee/0xab0 [ 1674.645949][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 1674.660886][ T31] ? cleanup_net+0x347/0x8b0 [ 1674.665494][ T31] ? idr_destroy+0x62/0x2e0 [ 1674.677783][ T31] cleanup_net+0x41b/0x8b0 [ 1674.690022][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1674.695089][ T31] ? rcu_is_watching+0x12/0xc0 [ 1674.717947][ T31] process_one_work+0x9cf/0x1b70 [ 1674.723012][ T31] ? __pfx_cfg80211_wiphy_work+0x10/0x10 [ 1674.737380][ T31] ? __pfx_process_one_work+0x10/0x10 [ 1674.742781][ T31] ? assign_work+0x1a0/0x250 [ 1674.757333][ T31] worker_thread+0x6c8/0xf10 [ 1674.761957][ T31] ? __kthread_parkme+0x19e/0x250 [ 1674.766977][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1674.787179][ T31] kthread+0x3c5/0x780 [ 1674.791302][ T31] ? __pfx_kthread+0x10/0x10 [ 1674.795994][ T31] ? rcu_is_watching+0x12/0xc0 [ 1674.827422][ T31] ? __pfx_kthread+0x10/0x10 [ 1674.832040][ T31] ret_from_fork+0x675/0x7d0 [ 1674.836621][ T31] ? __pfx_kthread+0x10/0x10 [ 1674.847170][ T31] ret_from_fork_asm+0x1a/0x30 [ 1674.851957][ T31] [ 1674.876893][ T31] [ 1674.876893][ T31] Showing all locks held in the system: [ 1675.060306][ T31] 1 lock held by khungtaskd/31: [ 1675.065177][ T31] #0: ffffffff8e3c42e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x36/0x1c0 [ 1675.214988][ T31] 2 locks held by udevd/5197: [ 1675.219698][ T31] 3 locks held by kworker/u11:2/30717: [ 1675.234996][ T31] #0: ffff88801ba9f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 1675.264690][ T31] #1: ffffc9000440fd00 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 1675.285508][ T31] #2: ffffffff900d3af0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xad/0x8b0 [ 1675.314531][ T31] 2 locks held by getty/31078: [ 1675.319312][ T31] #0: ffff888030b7e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 1675.344268][ T31] #1: ffffc900046fb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x41b/0x14f0 [ 1675.364165][ T31] 1 lock held by syz.3.8605/31319: [ 1675.369291][ T31] #0: ffffffff900d3af0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 1675.392735][ T31] 1 lock held by syz.5.8604/31320: [ 1675.404088][ T31] #0: ffffffff900d3af0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 1675.433835][ T31] 1 lock held by syz.7.8726/31903: [ 1675.438963][ T31] #0: ffffffff900d3af0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 1675.463930][ T31] 1 lock held by syz.6.8855/32517: [ 1675.469052][ T31] #0: ffffffff900d3af0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 1675.495179][ T31] 1 lock held by syz.8.8883/32660: [ 1675.500308][ T31] #0: ffffffff900d3af0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x2d6/0x690 [ 1675.533317][ T31] 1 lock held by syz-executor/32723: [ 1675.538618][ T31] #0: ffffffff8e3cf878 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x1a3/0x3c0 [ 1675.563199][ T31] 4 locks held by syz.9.8913/311: [ 1675.568274][ T31] #0: ffff88808b7b0dc8 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_close+0x26/0x90 [ 1675.593220][ T31] #1: ffff88808b7b00b8 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x3ae/0x11d0 [ 1675.613275][ T31] #2: ffffffff9035dbc8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xbb/0x260 [ 1675.642696][ T31] #3: ffff888034104338 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x80/0x730 [ 1675.700711][ T31] [ 1675.711668][ T31] ============================================= [ 1675.711668][ T31] [ 1675.761410][ T31] NMI backtrace for cpu 0 [ 1675.761429][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U syzkaller #0 PREEMPT(full) [ 1675.761450][ T31] Tainted: [U]=USER [ 1675.761455][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1675.761464][ T31] Call Trace: [ 1675.761470][ T31] [ 1675.761477][ T31] dump_stack_lvl+0x116/0x1f0 [ 1675.761498][ T31] nmi_cpu_backtrace+0x27b/0x390 [ 1675.761518][ T31] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1675.761534][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1675.761556][ T31] nmi_trigger_cpumask_backtrace+0x29c/0x300 [ 1675.761584][ T31] watchdog+0xf3f/0x1170 [ 1675.761601][ T31] ? rcu_is_watching+0x12/0xc0 [ 1675.761618][ T31] ? __pfx_watchdog+0x10/0x10 [ 1675.761630][ T31] ? lockdep_hardirqs_on+0x7c/0x110 [ 1675.761647][ T31] ? __kthread_parkme+0x19e/0x250 [ 1675.761665][ T31] ? __pfx_watchdog+0x10/0x10 [ 1675.761678][ T31] kthread+0x3c5/0x780 [ 1675.761699][ T31] ? __pfx_kthread+0x10/0x10 [ 1675.761720][ T31] ? rcu_is_watching+0x12/0xc0 [ 1675.761735][ T31] ? __pfx_kthread+0x10/0x10 [ 1675.761756][ T31] ret_from_fork+0x675/0x7d0 [ 1675.761777][ T31] ? __pfx_kthread+0x10/0x10 [ 1675.761797][ T31] ret_from_fork_asm+0x1a/0x30 [ 1675.761831][ T31] [ 1676.608129][T30704] Bluetooth: hci7: command tx timeout