last executing test programs: 2m7.678147746s ago: executing program 0 (id=2722): mmap$auto(0x0, 0x20009, 0xe3, 0x100000eb1, 0x40000000000a1, 0x8000) socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) openat$auto_sco_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x242, 0x0) openat$auto_tun_fops_tun(0xffffffffffffff9c, 0x0, 0x2002, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) r0 = open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b4a, 0x8, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r2, r1, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) bpf$auto(0x1, &(0x7f0000000380)=@raw_tracepoint={0x5, r0, 0x0, 0x6}, 0xc) 2m7.384101187s ago: executing program 0 (id=2723): r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, 0x0, 0x40, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000002c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1d\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"P\x8a\xbbY8@Z5`\xa2\x9aSVd\x1d\xac\xe8\x90e\x9d\x03tm\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7.\xbe\x01\x98\xd7l\x00\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfa\xf0\xd9\xc0K\x8b\xa3c\x00'/160, 0xa9) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x4c2080, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x20004000) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) r3 = socketpair$auto(0x0, 0x1000, 0x7fffffff, 0x0) close_range$auto(r3, 0xffffffffffffffff, 0x0) ioctl$auto(0x3, 0x6f50, 0xffffffffffffffff) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r2, 0x8000) setresgid$auto(0x0, 0x0, 0x0) r4 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r0, 0x8004b709, 0x0) shmctl$auto_SHM_STAT(0x1, 0xd, &(0x7f00000029c0)={{0x3, 0x0, 0x0, 0x80000001, 0x6, 0xca, 0x8}, 0x1, 0x2, 0x2, 0x6, @inferred=r4, @raw=0x8, 0x0, 0x0, &(0x7f00000018c0), &(0x7f00000019c0)}) ioctl$auto_BLKRRPART(r2, 0x125f, 0x0) lseek$auto(r1, 0x7fff, 0x40001000) madvise$auto(0x0, 0x400053, 0x9) 2m5.734054945s ago: executing program 0 (id=2728): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x2c, 0x3, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x101202, 0x0) write$auto(0xffffffffffffffff, 0x0, 0x100000a3d9) prctl$auto(0x41, 0x7, 0x0, 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x10, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4048) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/net/xfrm_stat\x00', 0x5612c1, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x5}, 0xa) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x7, 0x28000) r2 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0) socketpair$auto(0x200001e, 0x8, 0x80000000, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r2, 0x7a7, 0x0) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, 0x6) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x3, 0x0) select$auto(0x8, 0x0, 0x0, &(0x7f00000002c0)={[0x1fe, 0x7, 0xd, 0x1, 0x948d, 0x5, 0x7, 0x3, 0x8003, 0x65, 0x8000001f, 0x1000, 0x100000000006d3e, 0x9, 0x1, 0x8]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 2m4.698484521s ago: executing program 0 (id=2732): mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x23, 0x80805, 0x0) fanotify_init$auto(0x5, 0x2000000000002) io_uring_setup$auto(0x3, 0x0) pipe$auto(0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) socket(0x2, 0x3, 0xa) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x2, 0x801, 0x106) socket(0x15, 0x5, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x40e00, 0x0) r1 = socket(0x10, 0x2, 0xc) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r1, @ANYRES8=r0, @ANYRES64], 0x18}, 0x1, 0x2000, 0x0, 0x40000}, 0x80) 2m4.421478141s ago: executing program 0 (id=2735): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x68881, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x801, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) bind$auto(r0, &(0x7f0000000240)=@sco={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0xffffeffb) r1 = socket(0xa, 0x1, 0x84) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) madvise$auto(0x0, 0xffffffdfffff0005, 0x14) 2m3.156742256s ago: executing program 0 (id=2749): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) 1m47.995763504s ago: executing program 32 (id=2749): openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x2, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, r0, 0x0) write$auto(0xffffffffffffffff, &(0x7f0000000080)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94&\x81\xe2\x13\x8f\xea#\xf8F\xbbOO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\b\xc1\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xcbA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(', 0xa) unshare$auto(0x40000080) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x202000a, 0xffffffff, 0xdc, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x101001, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r3, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) 1m21.12218558s ago: executing program 3 (id=2909): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14fa02, 0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = socket(0xa, 0x3, 0x3a) close$auto(r1) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(r1, 0x8, 0x0, 0x0) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) open(0x0, 0x0, 0x408) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) preadv2$auto(r0, 0x0, 0x6, 0xffffffffffffffff, 0x4, 0x2e) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x29, 0x2, 0x0) io_uring_setup$auto(0xa, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) close_range$auto(0x2, 0xa, 0x0) r2 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/003/001\x00', 0x42082, 0x0) ioctl$auto_USBDEVFS_SETCONFIGURATION(r2, 0x80045505, 0x0) 1m19.848168199s ago: executing program 3 (id=2914): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x68881, 0x0) ioctl$auto(r0, 0x80845663, r0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffdfffff0005, 0x14) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x400028) 1m18.660855816s ago: executing program 3 (id=2918): open(&(0x7f0000000040)='./file0\x00', 0x149443, 0x0) mq_getsetattr$auto(0xd, &(0x7f0000000200)={0x0, 0x5, 0x7f, 0x10}, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_7={@btf_id=0x1, 0x3, 0x3}, 0x3) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x3, 0x6) socket(0x11, 0x80003, 0x300) socket(0x10, 0x2, 0x0) socket(0x2, 0x3, 0x2) socket(0x2, 0x3, 0x104) socket$nl_generic(0x10, 0x3, 0x10) timer_create$auto(0x0, 0x0, 0x0) timer_settime$auto(0x0, 0x803, &(0x7f0000000000)={{0x800000008, 0xa}, {0x9, 0x2}}, 0x0) timer_gettime$auto(0x0, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x40, 0x0) socketpair$auto(0x3, 0x5, 0x7, 0x0) mount$auto(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x200, &(0x7f00000001c0)) 1m18.266954406s ago: executing program 3 (id=2920): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd4\x00', 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) read$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) 1m14.620058001s ago: executing program 3 (id=2929): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) mmap$auto(0x0, 0x20006, 0x4000000000df, 0xeb1, 0x4, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) madvise$auto(0x0, 0x20499d, 0x9) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x29, 0x2, 0x0) mmap$auto(0x0, 0x100, 0x4000000000df, 0x13, 0xffffffffffffffff, 0x8000) r1 = socket(0x2, 0x1, 0x106) connect$auto(r1, 0x0, 0x54) mmap$auto(0x0, 0x400008, 0x2000000000000, 0x9b72, 0x2, 0x8000) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) io_uring_register$auto(0xffffffffffffffff, 0x1f, &(0x7f0000000180), 0x1) futex$auto(0x0, 0x86, 0x80000001, 0x0, 0x0, 0xa) madvise$auto(0x1000000, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mbind$auto(0x2000, 0x100000004, 0x100000000, 0x0, 0x1000, 0x2) munlock$auto(0xf800000000000000, 0x100) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) 1m12.184041651s ago: executing program 3 (id=2943): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) acct$auto(&(0x7f0000000380)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc') fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(r0, 0x1, 0x820, 0x7fff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x28b42, 0x0) writev$auto(r1, &(0x7f0000000100)={&(0x7f0000000280)="8e8873b5f9dd39182ab801a9e417130ff346eab3d41f954d458b276ffab4f6d5b23e17c1", 0x7115}, 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8, &(0x7f0000000280)=@bpf_attr_7={@btf_id=0x2, 0x6, 0x40000023}, 0x96) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/sound/ctl-led/speaker/card2/reset\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000140)='1\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d\xbcs!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85C /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\x9bA\xac\x9c\x8e\r(\x1d\x98\x84\x98\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) 57.118220191s ago: executing program 33 (id=2943): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) acct$auto(&(0x7f0000000380)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc') fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(r0, 0x1, 0x820, 0x7fff) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x28b42, 0x0) writev$auto(r1, &(0x7f0000000100)={&(0x7f0000000280)="8e8873b5f9dd39182ab801a9e417130ff346eab3d41f954d458b276ffab4f6d5b23e17c1", 0x7115}, 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) memfd_secret$auto(0x0) mmap$auto(0x0, 0x810004, 0x400000000ffb, 0x8000000008011, 0x3, 0x8000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8, &(0x7f0000000280)=@bpf_attr_7={@btf_id=0x2, 0x6, 0x40000023}, 0x96) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, 0x0, 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/sound/ctl-led/speaker/card2/reset\x00', 0xa001, 0x0) write$auto(r3, &(0x7f0000000140)='1\x81=\"\xad/\x8d\b\x00\x18\xa4\xb0\xb4\xd9\x82=~\x17\xfb&L\xeb=j\a\xf1y\xb3\"\xeb\a\xdd\xf4\xf4Ry\xee\xd7\x1e\x1c\x86\x0f\xcf\x7f\xbf\xab\x12{\xc2\xc2*\xc1M+6/v8\xea\xe9\x85s4\xfe\xe5\t\x7fc\xfb7^\xb86J_\x1d\xbcs!\x01\xff\xff\xff\xff\xff\xff\xff\x1dF\xe6\xf6\x17\x10+\xc0\xb0\xafc\x99\xd4\x150Y~\x1e\xe2\xd6x4fW\x13\xc4U`\x9e-X\xd7\xe2H^\fLS`\xfc\xbb\r\f\x00\xeaN\xa5\xd2\x82;\x7f\xa0.\x9a\xfb\x8d\xf3l\xf2\xd3\x95\xc1M5\xcb\xa6I\x067\xe36\xea\xe9\xe3\xf44oT_`8\xb3\xef\x04 \x05K\xf9\x87pl\xac\x86\nE\xc7e\xc5Q\x89\xcd@\x1c\x92\x00\x87\x976\x9f>\xa2\xcfm\xec\r\x11\x7f\x00\x00\x00\xb1\xde@\x02\xce\x03\xb7\xb1\xfb\x9fr\v\xb2\xe3\xc7\b\x85C /zm\x7f\x8fg,p\a\xc8\x7f\xa5\x87\x02\x87\xbbR=A\x00\x1f\x8a\xa7/Q\"J\xbb\xb0m\xf2SP\x84\x84S\xf0\xba\x9a\xf6\xb6`WI\xba\xba*8\x9f\xea\xe8K/\x98\xbc7~>\x12\x9buB\xcb\xe4\x8aKf\xba\x8c\x19m\xe6I\x02\xde\x80\x9d\x87}\xf4\xbd9\x9bA\xac\x9c\x8e\r(\x1d\x98\x84\x98\xaa\xd6\xdb1]\xde\xa0r\x14\xca56^\x94\xd2\xd8\xe6}9\x91\xb6\xf7\xa1=\x96\x11\xf1\\\xa91\x0e\xd1\xe4z\xc1;Pw!\x8b\xf5{\xc7Xd\xf1\xf2}\x96EVf\xc9\xa8\xcd\xe4\xc9\x8d\x1d7\xd5\x94\\\xb5\r\xd2\xaa\xe6H\xfe)\xb3a\x04\x1eRMl\xa3F\xa8W0\x90\xc9Ky#\x03\xf5~\xd2Z\xe9(\x99\b\x00M\xde\x01]\r\xd09k\xc2\x84\xc1\xabN\x96\x8a6\x98@\xd3\xab\xa8m\xdf\x8d\x1d\b\x82\xfcP\x87\x93\x80\x97Q\x86\x8a\x9c\xf8L\x0f\xa8@VE2\x9d\x1e`#\xd8\xd7M\xd4k1\xe6\x13Y\\\x83E\xd0e\x0eM\xa9Q\xac\x0e\x1d]\a\x19H\x81\xd2\xccF\xc6\xd4\xe2R$\xfa\xd6}\xbdsN\x18\xdf\xf5\xffP\xf5\f\xccL\xef\x83\xb3$\xd4\xf4\xb5\xe6\xd0 \xb9\xa7\x8e6\t\x83q\xef\b\xd2\xdb', 0x1) 38.294237383s ago: executing program 4 (id=3039): madvise$auto(0x100000000002, 0x2000040080000004, 0xe) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/snd/controlC0\x00', 0x0, 0x0) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) renameat$auto(0x6, 0x0, 0x5, 0x0) madvise$auto(0x0, 0x200006, 0x9) syslog$auto(0x3, 0x0, 0x5) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f0000000000)={0x6}) poll$auto(0x0, 0x7f, 0x9) socket(0x25, 0x5, 0x6) writev$auto(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000040), 0x1000}, 0x3) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000280), 0x101000, 0x0) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sda1\x00', 0x4040, 0x0) fadvise64$auto(r2, 0x7fffffffffffffff, 0x400000040000005, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) 37.132557319s ago: executing program 4 (id=3042): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) r0 = openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$auto_dvb_demux_fops_dmxdev(r0, 0x5, &(0x7f00000000c0)="e15ee553ec2196a28ebf55e5f5d174e63fc2add7f16252c1a777942fabffd11a366aaf5100528ba863f373fd279f7076a79aa49534e6ad7a1a01abf29f95d4461078") connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) mmap$auto(0x0, 0x7, 0x4000000000df, 0xeb1, 0x401, 0x8000) setsockopt$auto(0x3, 0x10000000084, 0x14, 0x0, 0x8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) statmount$auto(0x0, &(0x7f0000000180)={0xa, 0x1, 0x9, 0x3, 0x16, 0x93f, 0x1ffe0, 0x3, 0x6, 0x2, 0x0, 0x5, 0xfff, 0xf, 0xb0, 0x1, 0x5, 0x7, 0x9, 0x7, 0x0, 0x0, 0x0, 0x200, 0xfffffffe, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, [0x6, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000000000, 0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3043, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x0, 0x10000000000, 0x0, 0x3, 0x0, 0x0, 0x0, 0x11, 0x8000000000000001]}, 0x1fe, 0x10081) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa503}, 0x800}, 0x7, 0x4008) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 36.402711014s ago: executing program 4 (id=3044): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000380)='/sys/devices/virtual/net/ifb1/queues/tx-0/byte_queue_limits/stall_max\x00', 0x1a1802, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_taskstats(&(0x7f0000000000), r0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) r1 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/blkio.throttle.io_serviced\x00', 0x0, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000080)=""/64, 0x40) ioctl$auto_VHOST_SET_MEM_TABLE(r1, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r1, 0xaf01, 0x0) r3 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$auto_VHOST_SET_MEM_TABLE(r3, 0x4001af84, 0x0) ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x891}, 0x10040) openat$auto_ima_measure_policy_ops_ima_fs(0xffffffffffffff9c, 0x0, 0x40001, 0x0) mmap$auto(0x0, 0x400008, 0x3, 0x9b72, 0x2, 0x8000) socket(0x2, 0x80802, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) 36.110330495s ago: executing program 4 (id=3054): r0 = socketpair$auto(0xb, 0xd, 0xfffffffd, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000001c0)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0) ioctl$auto_VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000140)=r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x40980, 0x0) pread64$auto(r3, 0x0, 0x1000f42d, 0x100) sysfs$auto(0x2, 0x23, 0x0) r4 = socket(0x2b, 0x1, 0x0) setsockopt$auto(r4, 0x1, 0x3, &(0x7f0000000380)='nl80211\x00', 0x8) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r5, 0x0, 0x4) 35.063271191s ago: executing program 4 (id=3051): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x68881, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffdfffff0005, 0x14) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x400028) 34.096904639s ago: executing program 4 (id=3055): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) ioctl$auto_BLKRRPART2(0xffffffffffffffff, 0x125f, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r0, 0x1269, 0x0) ioctl$auto_MEMGETINFO(r0, 0x80204d01, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3a8453cf, 0x80, 0x8, 0x4, 0xffffffff, 0x200, 0x8, 0x401, 0x2, 0x2, 0x2, 0xc28}, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054) write$auto(r2, 0x0, 0x81) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x1, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x80000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) prctl$auto(0x39, 0x1, 0x4, 0x5, 0x7) 19.029888596s ago: executing program 34 (id=3055): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) ioctl$auto_BLKRRPART2(0xffffffffffffffff, 0x125f, 0x0) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r0 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r0, 0x1269, 0x0) ioctl$auto_MEMGETINFO(r0, 0x80204d01, 0x0) openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x28082, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3a8453cf, 0x80, 0x8, 0x4, 0xffffffff, 0x200, 0x8, 0x401, 0x2, 0x2, 0x2, 0xc28}, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, 0x0, 0x100000a3d7) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20000054) write$auto(r2, 0x0, 0x81) write$auto(r2, &(0x7f0000000440)='0\x00\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf8F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\x06(\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0x98c7) mmap$auto(0x0, 0x1, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x80000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nbd(0x0, 0xffffffffffffffff) prctl$auto(0x39, 0x1, 0x4, 0x5, 0x7) 19.029726747s ago: executing program 1 (id=3070): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) socket(0x18, 0x2, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000005c0), 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x5, 0x1) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/udp_port\x00', 0x202, 0x0) openat$auto_supply_map_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/net/bond0/bonding/downdelay\x00', 0x303140, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x202, 0x3, 0x2a9, &(0x7f0000000000)=0x1e00) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r0, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) 18.920288296s ago: executing program 1 (id=3073): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd4\x00', 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) read$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) 15.39988212s ago: executing program 1 (id=3074): sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000240)='/dev/loop4\x00', 0xc040, 0x0) ioctl$auto(0x3, 0x1, 0x90000800000402) r0 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000040), 0x2400, 0x0) getsockopt$auto_SO_BUF_LOCK(r0, 0x4, 0x48, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', &(0x7f0000000080)=0x2) unshare$auto(0x40000080) socket(0x11, 0x800, 0xfffff000) mmap$auto(0x0, 0x400005, 0xdf, 0x9b72, 0x2, 0x8000) r1 = socket(0x25, 0x800, 0xc) setsockopt$auto(r1, 0x6, 0x1f, 0x0, 0x3a) sendmsg$auto_NETDEV_CMD_BIND_RX(r1, 0x0, 0x24008000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x2, 0x0, 0x1, 0x1) sendmsg$auto_NFC_CMD_LLC_SDREQ(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000002c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fbdbdf251300000005000f0009001d002b3ef8b0fdf9195984a638bfa774d959c9ed70dd906c8cd36d40f2e76fe6727fd929586d15a5b5a7e3b980592ecff2d4116bbe7a8e4b5138526f8ba8"], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x40) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000240)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700", 0x3ff, 0x408, 0xffc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) listen$auto(0x3, 0x81) madvise$auto(0x0, 0xffffffffffff0005, 0x19) userfaultfd$auto(0x1) 14.441221007s ago: executing program 1 (id=3079): close_range$auto(0x2, 0x8, 0x0) 14.181802987s ago: executing program 1 (id=3080): socket(0x2a, 0x2, 0x1) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x40000000c07) getsockopt$auto(0x3, 0x1, 0x1c, 0x0, 0x0) fcntl$auto(0x3, 0x4, 0xa553) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x7, 0x4, 0x200, 0x3, 0x8, 0xc, 0x2e, 0x0, 0x3}, 0x6f4) pidfd_open$auto(0x1, 0x0) bpf$auto(0x2, 0x0, 0x103) sendmsg$auto_NBD_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="d801", @ANYBLOB], 0x1d8}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400", @ANYRES16], 0x14}, 0x1, 0x0, 0x0, 0x20040800}, 0x8000) r0 = socket(0x10, 0x2, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000011c0)={&(0x7f0000000280)=ANY=[@ANYRESDEC], 0x1ac}}, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) unshare$auto(0x40000080) fsetxattr$auto(0xffffffffffffffff, 0x0, 0x0, 0x6, 0x974d) write$auto(0xffffffffffffffff, &(0x7f0000000000)='\',@)%(\xd5$\x00', 0xa) 13.27730386s ago: executing program 1 (id=3088): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x8905, 0x38) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x5, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) pselect6$auto(0x9, 0x0, 0x0, 0x0, &(0x7f0000000280)={0xffffffffffffff00, 0x1}, 0x0) bpf$auto(0x2, 0x0, 0x1) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000001c0), 0x101000, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000340), 0x80200, 0x0) pread64$auto(r2, &(0x7f0000000240)='\x03W\x96l\x15\x00'/21, 0x100000002, 0x100000001) 6.001330167s ago: executing program 6 (id=3112): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sysfs$auto(0x2, 0x4d, 0x0) fsopen$auto(0x0, 0x1) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ttyprintk\x00', 0x109401, 0x0) ioctl$auto(r1, 0x540a, 0x0) socket(0xa, 0x5, 0x0) timer_create$auto(0x0, 0x0, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xd, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x100, 0x83, 0x101, 0x6, 0x2}, {0x100, 0x1, 0x52, 0x5, 0x1, 0x40, 0x76c5, 0x8, 0x100000000}}) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) madvise$auto(0x0, 0xffffffffffff0005, 0x17) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) 5.713790445s ago: executing program 2 (id=3113): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/geneve0/disable_policy\x00', 0x40180, 0x0) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) write$auto(r1, 0x0, 0x5) r3 = socket(0x11, 0xa, 0x9) bind$auto(r3, &(0x7f0000000140)=@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x38}}, 0x9) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) sendmsg$auto_OVS_FLOW_CMD_SET(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 5.066918843s ago: executing program 2 (id=3114): r0 = socketpair$auto(0xb, 0xd, 0xfffffffd, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x11}}, 0x54) madvise$auto(0x4000000, 0xffffffffffff0085, 0x1004) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000001c0)='/dev/audio1\x00', 0x100000a3d9) r2 = openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f00000000c0), 0x400000, 0x0) ioctl$auto_VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000140)=r0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, 0x0, 0x40980, 0x0) pread64$auto(r3, 0x0, 0x1000f42d, 0x100) sysfs$auto(0x2, 0x23, 0x0) r4 = socket(0x2b, 0x1, 0x0) setsockopt$auto(r4, 0x1, 0x3, &(0x7f0000000380)='nl80211\x00', 0x8) r5 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r5, 0x0, 0x4) 4.822131355s ago: executing program 2 (id=3115): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x80000008000) socket(0x18, 0x2, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f00000005c0), 0x2000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x18, 0x5, 0x1) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/sctp/udp_port\x00', 0x202, 0x0) openat$auto_supply_map_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x3, 0x3b) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x202, 0x3, 0x2a9, &(0x7f0000000000)=0x1e00) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x11, 0x3, 0x9) close_range$auto(0x2, r0, 0x0) r1 = socket(0x11, 0x80003, 0x300) setsockopt$auto(r1, 0x107, 0x14, 0x0, 0x4) sendmmsg$auto(r0, &(0x7f0000000400)={{&(0x7f0000000000), 0x205aa, &(0x7f0000000100)={0x0, 0x4b}, 0x1, 0x0, 0x5, 0x1060}, 0x5}, 0x2, 0x100) 4.600009334s ago: executing program 2 (id=3117): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd4\x00', 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) read$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) 3.726246065s ago: executing program 2 (id=3119): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000280)='/dev/video37\x00', 0x68881, 0x0) ioctl$auto(r0, 0x80845663, r0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffdfffff0005, 0x14) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x400028) 3.572659876s ago: executing program 6 (id=3120): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x14fa02, 0x0) sendmsg$auto_NL80211_CMD_GET_STATION(0xffffffffffffffff, 0x0, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) timer_gettime$auto(0x0, &(0x7f0000001f80)={{0x9, 0x100000001}, {0x9f9a, 0x401}}) sched_setattr$auto(0x0, 0x0, 0x7b) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) r0 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/virtual/block/ram9/diskseq\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) ioctl$auto_IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) lsm_get_self_attr$auto(0x64, &(0x7f0000000080)={0x0, 0x1, 0x7fffffffffffffff}, &(0x7f0000002440)=0x1f9, 0x0) ioctl$auto_IOCTL_VMCI_SET_NOTIFY(r0, 0x7cb, 0x0) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r2, 0x0, 0x0) r3 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/cuse\x00', 0x0, 0x0) ioctl$auto_FS_IOC_SETFLAGS(r3, 0x40086602, 0xfffffffffffffffd) getdents$auto(0xffffffffffffffff, 0x0, 0x400018) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) close_range$auto(0x2, 0x8, 0x0) 3.234155403s ago: executing program 5 (id=3121): mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4044000}, 0x800) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2) socket(0x25, 0x2, 0x0) socket(0x21, 0x2, 0xa) sendmmsg$auto(0x2, &(0x7f0000000240)={{0x0, 0x6, &(0x7f00000001c0)={0x0, 0x10}, 0x2, &(0x7f0000000200), 0xd8, 0xfff}, 0x2}, 0x5, 0xfe64) ustat$auto(0x801, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0xa901, 0x0) ioctl$auto(r0, 0x551f, r0) open(0x0, 0x22240, 0x155) mmap$auto(0x0, 0x4005, 0x7, 0x40eb2, 0x401, 0x300000000000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) 2.724042277s ago: executing program 2 (id=3122): unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0) r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r0, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto_PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x7, 0x4) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x200948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x6, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) request_key$auto_KEY_SPEC_GROUP_KEYRING(0x0, 0x0, 0x0, 0xfffffffffffffffa) ioctl$auto(0x3, 0x8905, 0x38) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) 2.537152554s ago: executing program 6 (id=3123): mmap$auto(0x0, 0x202000c, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL802154_CMD_SET_MAX_CSMA_BACKOFFS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="00000000b6"], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x8044) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x80002, 0x73) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x7, 0x4008) r0 = openat$auto_bm_status_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000), 0x40002, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000380)='/dev/fuse\x00', 0x700, 0x0) lsm_get_self_attr$auto(0x8, &(0x7f0000002700)={0x0, 0x8000, 0x1000}, &(0x7f0000002840)=0x13e, 0x1) fcntl$auto(0x3, 0x4, 0xa553) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/ram12/queue/io_poll_delay\x00', 0x80000, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'ip_vti0\x00'}) ioctl$auto_RTC_PIE_ON(r2, 0x7005, 0x0) r3 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/block/nbd12/sched/dispatch2\x00', 0x121000, 0x0) pread64$auto(r3, 0x0, 0x68, 0xfc) read$auto(r1, 0x0, 0x9) writev$auto(r0, &(0x7f0000000200)={0x0, 0x3}, 0x9) lsm_set_self_attr$auto(0x91, &(0x7f0000000180)={0x7, 0xffff, 0xa, 0x32, "8f7c4d9f582adb7ec13f75ce0bfca9feaf5ee3d130ef6bc517651f202c0dd476e77356386407115eec57093115a8173cf154"}, 0xfb23, 0x4) 2.312223512s ago: executing program 6 (id=3124): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) ioctl$auto(0xffffffffffffffff, 0x80845663, 0xffffffffffffffff) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), 0xffffffffffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffdfffff0005, 0x14) setsockopt$auto(0x3, 0x0, 0x17, 0x0, 0x400028) 2.218532987s ago: executing program 5 (id=3125): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000001e40)={0x20, r1, 0x1, 0x70bd27, 0x25dfdbfb, {}, [@HWSIM_ATTR_IFTYPE_SUPPORT={0x8, 0x17, 0x8}, @HWSIM_ATTR_SUPPORT_P2P_DEVICE={0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x10000000400008, 0xdf, 0x9b72, 0x2, 0x40000008000) mmap$auto(0x0, 0x2020005, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0xe8) r3 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000001240)='/proc/thread-self/fail-nth\x00', 0xa0302, 0x0) writev$auto(r3, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x400008, 0xdf, 0x38, 0xffffffffffffffff, 0x8000) capget$auto(0x0, 0xfffffffffffffffe) sendmsg$auto_GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0xfffffdcb, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x200040c4}, 0x440c5) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x4, 0x7, 0xfffffffc, 0x0, 0x0, 0x0, 0x9, 0x10001, 0x7, 0x8001, 0x7ffffff8, 0x5, 0x7, 0x5, 0x61, 0x103}) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'bridge0\x00'}) 1.190482278s ago: executing program 6 (id=3126): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) socket(0x11, 0x3, 0x2) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, 0x0, 0x20342, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xa, 0x9b72, 0x2, 0x28000) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r0 = socket(0x1e, 0x1, 0x0) socketpair$auto(0x8, 0x1, 0x8000000000000000, 0x0) r1 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi0\x00', 0x80382, 0x0) ioctl$auto(r1, 0xc0045627, r0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x2, 0x73) pipe2$auto(0x0, 0x0) openat$auto_raw_fops_raw_gadget(0xffffffffffffff9c, &(0x7f0000000240), 0x101000, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f000000fc00), 0x3, 0x0) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x40401, 0x0) ioctl$auto_TIOCSETD2(r2, 0x5423, 0x0) ioctl$auto_TCFLSH2(r2, 0x540b, 0x0) 912.130874ms ago: executing program 5 (id=3127): openat$auto_zero_fops_mem(0xffffffffffffff9c, 0x0, 0x80200, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x4a401, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/nr14/proto_down\x00', 0x82942, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000100), 0xc0000, 0x0) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x189401, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = socketcall$auto(0x4, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x8400ae8e, &(0x7f00000000c0)={0xdd}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) socket(0x10, 0x2, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000180), 0x38b042, 0x0) close_range$auto(0x2, 0x8000, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r3) 655.279327ms ago: executing program 6 (id=3128): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nbd4\x00', 0x745100, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r1, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) r2 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) read$auto_vhci_fops_hci_vhci(r2, &(0x7f0000000d40)=""/16, 0x10) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x64c1, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) 490.998905ms ago: executing program 5 (id=3129): mmap$auto(0x0, 0x9, 0x8000000002, 0xeb1, 0xffffffffffffffff, 0x8000) open(0x0, 0x149443, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x28, 0x1, 0x0) connect$auto(0x3, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0x2710, @hyper}, 0x55) ioctl$auto(0x3, 0x541b, 0xfffffffffffff4e0) r0 = syz_genetlink_get_family_id$auto_ovs_packet(&(0x7f0000001940), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_OVS_PACKET_CMD_EXECUTE(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="1b0026bd7000fddbdf2503000000040008000400038012000100898771f1c19f17790485908286dd00000a00028000b487080d9c000004000800f2c21db9d91a84b6c9f7f286c85e8a4fd265dc4f14f37f1fecdd1e5e60252544623c5d884a2a0c8254fa27c92e4eae66bc7f915c8322a40624a7da54907c651f34d5e26c819d8076899934d30169cd9dd94bead14285447fd1b9b084c4ddc1add13ed1"], 0x40}, 0x1, 0x0, 0x0, 0x44000884}, 0xc880) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) openat$auto_proc_oom_score_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/oom_score_adj\x00', 0x142, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0xfa}, 0x7) 287.632077ms ago: executing program 5 (id=3130): mmap$auto(0x0, 0x20005, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22040, 0x75) socket(0x840000000002, 0x3, 0xff) socket(0x2, 0x1, 0x0) socket(0x10, 0x2, 0x0) memfd_create$auto(0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x48140, 0x0) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x802, 0x0) r1 = open(&(0x7f0000000080)='./file0\x00', 0x261c2, 0x84) close_range$auto(0x2, 0x8000, 0x0) r2 = socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$auto(0x0, &(0x7f00000000c0)=@bpf_attr_5={@target_fd=r0, r3, 0x3, 0x1ff, r2, @relative_id=0x13, 0xe600}, 0xf) bpf$auto(0x2, &(0x7f00000000c0)=@raw_tracepoint={0x5, r1, 0x0, 0x3}, 0x91) 0s ago: executing program 5 (id=3131): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mlockall$auto(0x7) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) remap_file_pages$auto(0x6, 0x19, 0x2fe, 0x5, 0x1) r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/dummy0/addr_gen_mode\x00', 0x1, 0x0) pwrite64$auto(r0, 0x0, 0x0, 0x2000000000040007) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) tgkill$auto(0x0, 0x0, 0x11) readv$auto(0x3, 0x0, 0x7) kernel console output (not intermixed with test programs): ff ff f7 d8 64 89 01 48 [ 418.291159][T10066] RSP: 002b:00007f3281676a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 418.291191][T10066] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f328079bf79 [ 418.291212][T10066] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 418.291231][T10066] RBP: 00007f3281677030 R08: 0000000000000000 R09: 000000000000000b [ 418.291250][T10066] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000013ee8 [ 418.291269][T10066] R13: 00007f3280a16218 R14: 00007f3280a16180 R15: 00007ffe093f21c8 [ 418.291311][T10066] [ 418.291327][T10066] audit: error in audit_log_subj_ctx [ 418.888683][ T30] audit: type=1326 audit(4294967446.430:6): auid=4294967295 uid=0 gid=0 ses=4294967295 pid=10062 comm="syz.1.1249" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f328079bf79 code=0x0 [ 420.491468][T10080] netlink: 'syz.3.1254': attribute type 1 has an invalid length. [ 422.711923][T10094] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1260'. [ 422.832341][T10094] bridge0: entered promiscuous mode [ 422.837621][T10094] bridge0: entered allmulticast mode [ 424.176120][T10102] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1269'. [ 424.198692][T10101] netlink: 'syz.3.1262': attribute type 29 has an invalid length. [ 424.239554][T10101] netlink: 'syz.3.1262': attribute type 30 has an invalid length. [ 424.280898][T10101] netlink: 'syz.3.1262': attribute type 31 has an invalid length. [ 424.288782][T10101] netlink: 'syz.3.1262': attribute type 32 has an invalid length. [ 424.470603][T10101] netlink: 'syz.3.1262': attribute type 33 has an invalid length. [ 424.560566][T10101] netlink: 'syz.3.1262': attribute type 35 has an invalid length. [ 424.618178][T10101] netlink: 'syz.3.1262': attribute type 37 has an invalid length. [ 424.636450][T10106] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1261'. [ 424.677189][T10101] netlink: 18 bytes leftover after parsing attributes in process `syz.3.1262'. [ 425.498347][T10115] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1265'. [ 426.866164][T10132] serio: Serial port ttyS0 [ 429.199275][T10157] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 431.138052][T10174] device-mapper: ioctl: Invalid ioctl structure: name , dev 3ff [ 431.349743][T10174] FAULT_INJECTION: forcing a failure. [ 431.349743][T10174] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 431.402735][T10174] CPU: 0 UID: 0 PID: 10174 Comm: syz.0.1281 Tainted: G U L syzkaller #0 PREEMPT(full) [ 431.402788][T10174] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 431.402800][T10174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 431.402820][T10174] Call Trace: [ 431.402830][T10174] [ 431.402842][T10174] dump_stack_lvl+0x100/0x190 [ 431.402894][T10174] should_fail_ex.cold+0x5/0xa [ 431.402932][T10174] _copy_from_iter+0x1f4/0x1690 [ 431.402983][T10174] ? __pfx__copy_from_iter+0x10/0x10 [ 431.403032][T10174] ? __pfx___might_resched+0x10/0x10 [ 431.403088][T10174] file_tty_write.isra.0+0x45b/0x890 [ 431.403151][T10174] redirected_tty_write+0xd4/0x120 [ 431.403202][T10174] vfs_write+0x6ac/0x1070 [ 431.403260][T10174] ? __pfx_redirected_tty_write+0x10/0x10 [ 431.403316][T10174] ? __pfx_vfs_write+0x10/0x10 [ 431.403357][T10174] ? find_held_lock+0x2b/0x80 [ 431.403435][T10174] ksys_write+0x12a/0x250 [ 431.403480][T10174] ? __pfx_ksys_write+0x10/0x10 [ 431.403537][T10174] do_syscall_64+0x106/0xf80 [ 431.403579][T10174] ? clear_bhb_loop+0x40/0x90 [ 431.403621][T10174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 431.403655][T10174] RIP: 0033:0x7f997139bf79 [ 431.403682][T10174] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 431.403715][T10174] RSP: 002b:00007f99721f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 431.403745][T10174] RAX: ffffffffffffffda RBX: 00007f9971615fa0 RCX: 00007f997139bf79 [ 431.403767][T10174] RDX: 000000000000fdef RSI: 0000200000000000 RDI: 0000000000000008 [ 431.403786][T10174] RBP: 00007f99714327e0 R08: 0000000000000000 R09: 0000000000000000 [ 431.403806][T10174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 431.403824][T10174] R13: 00007f9971616038 R14: 00007f9971615fa0 R15: 00007ffe9ca09278 [ 431.403867][T10174] [ 432.354036][T10190] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 432.741831][T10202] FAULT_INJECTION: forcing a failure. [ 432.741831][T10202] name failslab, interval 1, probability 0, space 0, times 0 [ 432.824008][T10202] CPU: 0 UID: 0 PID: 10202 Comm: syz.3.1288 Tainted: G U L syzkaller #0 PREEMPT(full) [ 432.824063][T10202] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 432.824076][T10202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 432.824095][T10202] Call Trace: [ 432.824106][T10202] [ 432.824117][T10202] dump_stack_lvl+0x100/0x190 [ 432.824173][T10202] should_fail_ex.cold+0x5/0xa [ 432.824212][T10202] should_failslab+0xc2/0x120 [ 432.824265][T10202] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 432.824312][T10202] ? __alloc_skb+0x140/0x710 [ 432.824373][T10202] __alloc_skb+0x140/0x710 [ 432.824411][T10202] ? __alloc_skb+0x5b7/0x710 [ 432.824451][T10202] ? __pfx___alloc_skb+0x10/0x10 [ 432.824490][T10202] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 432.824533][T10202] ? audit_log_start+0x29d/0x930 [ 432.824574][T10202] ? lockdep_init_map_type+0x5c/0x250 [ 432.824641][T10202] audit_log_start+0x350/0x930 [ 432.824688][T10202] ? __pfx_audit_log_start+0x10/0x10 [ 432.824737][T10202] ? arch_do_signal_or_restart+0x1f9/0x770 [ 432.824781][T10202] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 432.824831][T10202] audit_seccomp+0x60/0x190 [ 432.824869][T10202] ? exc_general_protection+0x12e/0x250 [ 432.824929][T10202] __secure_computing+0x26d/0x2c0 [ 432.824975][T10202] do_syscall_64+0x568/0xf80 [ 432.825019][T10202] ? clear_bhb_loop+0x40/0x90 [ 432.825068][T10202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.825103][T10202] RIP: 0033:0x7f7700d9bf79 [ 432.825132][T10202] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 432.825166][T10202] RSP: 002b:00007f7701be2a38 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 432.825198][T10202] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f7700d9bf79 [ 432.825220][T10202] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 432.825240][T10202] RBP: 00007f7701be3030 R08: 0000000000000000 R09: 000000000000000b [ 432.825260][T10202] R10: 0000000000000009 R11: 0000000000000246 R12: 0000000000014a22 [ 432.825280][T10202] R13: 00007f7701016218 R14: 00007f7701016180 R15: 00007fff62eb3398 [ 432.825323][T10202] [ 433.120387][T10202] audit: audit_lost=4 audit_rate_limit=0 audit_backlog_limit=64 [ 433.128111][T10202] audit: out of memory in audit_log_start [ 433.502504][T10208] netlink: 'syz.0.1291': attribute type 10 has an invalid length. [ 433.529561][T10208] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1291'. [ 433.963512][T10218] netlink: 246 bytes leftover after parsing attributes in process `syz.0.1294'. [ 434.617694][T10227] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1296'. [ 434.908589][T10229] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1297'. [ 434.918139][T10229] unsupported nlmsg_type 40 [ 435.046747][T10233] netlink: 306 bytes leftover after parsing attributes in process `syz.2.1298'. [ 436.818820][ T5825] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 437.605398][T10263] serio: Serial port ttyS0 [ 440.087875][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.094605][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 443.055239][T10319] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1320'. [ 443.478010][T10326] netlink: 29 bytes leftover after parsing attributes in process `syz.2.1322'. [ 443.603311][ T5825] Bluetooth: hci2: unexpected event 0x02 length: 726 > 260 [ 444.550289][T10340] netlink: 'syz.0.1327': attribute type 1 has an invalid length. [ 444.566414][T10340] netlink: 306 bytes leftover after parsing attributes in process `syz.0.1327'. [ 445.101036][T10342] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1328'. [ 445.120840][T10351] netlink: 186 bytes leftover after parsing attributes in process `syz.2.1330'. [ 445.881820][ T5825] Bluetooth: hci3: unexpected event 0x04 length: 440 > 10 [ 445.882182][ T5825] Bluetooth: hci3: connection err: -111 [ 451.331966][T10427] FAULT_INJECTION: forcing a failure. [ 451.331966][T10427] name failslab, interval 1, probability 0, space 0, times 0 [ 451.382553][T10427] CPU: 0 UID: 0 PID: 10427 Comm: syz.1.1352 Tainted: G U L syzkaller #0 PREEMPT(full) [ 451.382609][T10427] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 451.382622][T10427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 451.382642][T10427] Call Trace: [ 451.382661][T10427] [ 451.382673][T10427] dump_stack_lvl+0x100/0x190 [ 451.382728][T10427] should_fail_ex.cold+0x5/0xa [ 451.382768][T10427] should_failslab+0xc2/0x120 [ 451.382821][T10427] __kvmalloc_node_noprof+0xfa/0xa00 [ 451.382868][T10427] ? snd_pcm_plugin_alloc+0x5ed/0x7e0 [ 451.382906][T10427] ? snd_pcm_plugin_alloc+0x5d4/0x7e0 [ 451.382946][T10427] ? mark_lock+0x9f0/0xa20 [ 451.382994][T10427] snd_pcm_plugin_alloc+0x5ed/0x7e0 [ 451.383055][T10427] snd_pcm_plug_alloc+0x146/0x320 [ 451.383096][T10427] snd_pcm_oss_change_params_locked+0x1fb3/0x39f0 [ 451.383152][T10427] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 451.383222][T10427] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 451.383266][T10427] snd_pcm_oss_ioctl+0x1c08/0x3720 [ 451.383323][T10427] ? __fget_files+0x215/0x3d0 [ 451.383371][T10427] ? hook_file_ioctl_common+0x146/0x410 [ 451.383416][T10427] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 451.383459][T10427] ? __fget_files+0x21f/0x3d0 [ 451.383513][T10427] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 451.383554][T10427] __x64_sys_ioctl+0x18e/0x210 [ 451.383601][T10427] do_syscall_64+0x106/0xf80 [ 451.383654][T10427] ? clear_bhb_loop+0x40/0x90 [ 451.383698][T10427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.383734][T10427] RIP: 0033:0x7f328079bf79 [ 451.383763][T10427] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 451.383797][T10427] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 451.383829][T10427] RAX: ffffffffffffffda RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 451.383852][T10427] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000006 [ 451.383872][T10427] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 451.383892][T10427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 451.383911][T10427] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 451.383956][T10427] [ 452.310188][T10440] netlink: 86 bytes leftover after parsing attributes in process `syz.2.1357'. [ 454.004170][T10454] FAULT_INJECTION: forcing a failure. [ 454.004170][T10454] name failslab, interval 1, probability 0, space 0, times 0 [ 454.016991][T10454] CPU: 0 UID: 0 PID: 10454 Comm: syz.1.1363 Tainted: G U L syzkaller #0 PREEMPT(full) [ 454.017029][T10454] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 454.017037][T10454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 454.017051][T10454] Call Trace: [ 454.017058][T10454] [ 454.017066][T10454] dump_stack_lvl+0x100/0x190 [ 454.017104][T10454] should_fail_ex.cold+0x5/0xa [ 454.017129][T10454] should_failslab+0xc2/0x120 [ 454.017164][T10454] __kvmalloc_node_noprof+0xfa/0xa00 [ 454.017195][T10454] ? bucket_table_alloc.isra.0+0x88/0x460 [ 454.017226][T10454] bucket_table_alloc.isra.0+0x88/0x460 [ 454.017252][T10454] rhashtable_init_noprof+0x43b/0x7d0 [ 454.017274][T10454] ? __init_waitqueue_head+0xca/0x150 [ 454.017310][T10454] rhltable_init_noprof+0x20/0x60 [ 454.017335][T10454] sta_info_init+0x5f/0x160 [ 454.017372][T10454] ieee80211_alloc_hw_nm+0x836/0x22a0 [ 454.017408][T10454] ? __local_bh_enable_ip+0x9e/0x120 [ 454.017436][T10454] mac80211_hwsim_new_radio+0x1e1/0x57d0 [ 454.017486][T10454] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 454.017524][T10454] ? __nla_validate_parse+0x1e7/0x28b0 [ 454.017559][T10454] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 454.017626][T10454] hwsim_new_radio_nl+0xc1f/0x1340 [ 454.017670][T10454] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 454.017720][T10454] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 454.017761][T10454] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 454.017808][T10454] genl_family_rcv_msg_doit+0x214/0x300 [ 454.017850][T10454] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 454.017889][T10454] ? genl_get_cmd+0x3ef/0x720 [ 454.017932][T10454] ? bpf_lsm_capable+0x9/0x10 [ 454.017969][T10454] ? security_capable+0x80/0x260 [ 454.018010][T10454] ? ns_capable+0xd2/0xf0 [ 454.018050][T10454] genl_rcv_msg+0x560/0x800 [ 454.018091][T10454] ? __pfx_genl_rcv_msg+0x10/0x10 [ 454.018131][T10454] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 454.018181][T10454] netlink_rcv_skb+0x159/0x420 [ 454.018216][T10454] ? __pfx_genl_rcv_msg+0x10/0x10 [ 454.018256][T10454] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 454.018315][T10454] ? netlink_deliver_tap+0x1ae/0xcc0 [ 454.018349][T10454] genl_rcv+0x28/0x40 [ 454.018387][T10454] netlink_unicast+0x5aa/0x870 [ 454.018424][T10454] ? __pfx_netlink_unicast+0x10/0x10 [ 454.018466][T10454] netlink_sendmsg+0x8b0/0xda0 [ 454.018503][T10454] ? __pfx_netlink_sendmsg+0x10/0x10 [ 454.018534][T10454] ? __import_iovec+0x1d2/0x640 [ 454.018565][T10454] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 454.018607][T10454] ____sys_sendmsg+0xa54/0xc30 [ 454.018646][T10454] ? __pfx_____sys_sendmsg+0x10/0x10 [ 454.018688][T10454] ? __pfx_futex_wake_mark+0x10/0x10 [ 454.018724][T10454] ___sys_sendmsg+0x190/0x1e0 [ 454.018748][T10454] ? __pfx____sys_sendmsg+0x10/0x10 [ 454.018802][T10454] __sys_sendmsg+0x170/0x220 [ 454.018854][T10454] ? __pfx___sys_sendmsg+0x10/0x10 [ 454.018881][T10454] ? __x64_sys_futex+0x34f/0x4d0 [ 454.018939][T10454] do_syscall_64+0x106/0xf80 [ 454.018968][T10454] ? clear_bhb_loop+0x40/0x90 [ 454.018995][T10454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.019018][T10454] RIP: 0033:0x7f328079bf79 [ 454.019037][T10454] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 454.019060][T10454] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 454.019081][T10454] RAX: ffffffffffffffda RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 454.019096][T10454] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000006 [ 454.019110][T10454] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 454.019124][T10454] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 454.019137][T10454] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 454.019167][T10454] [ 457.655770][T10494] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1375'. [ 458.181451][T10500] netlink: 246 bytes leftover after parsing attributes in process `syz.0.1376'. [ 458.311956][T10502] openvswitch: HfR: Dropping previously announced user features [ 460.871737][T10524] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1388'. [ 460.881076][T10524] : renamed from bond_slave_0 (while UP) [ 460.916502][T10524] netlink: 330 bytes leftover after parsing attributes in process `syz.0.1388'. [ 461.481301][T10535] cougar: G6 mapped to space [ 462.617619][T10548] ubi31: attaching mtd0 [ 462.642990][T10548] ubi31: scanning is finished [ 462.702286][T10548] ubi31: empty MTD device detected [ 463.299629][T10548] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 463.307287][T10548] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3518 bytes [ 463.359466][T10548] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 463.439501][T10548] ubi31: VID header offset: 514 (aligned 514), data offset: 578 [ 463.447256][T10548] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 463.574237][T10548] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 20 [ 463.648389][T10548] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1068730087 [ 463.709642][T10548] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 463.774112][T10553] ubi31: background thread "ubi_bgt31d" started, PID 10553 [ 464.245041][T10565] FAULT_INJECTION: forcing a failure. [ 464.245041][T10565] name failslab, interval 1, probability 0, space 0, times 0 [ 464.372317][T10565] CPU: 1 UID: 0 PID: 10565 Comm: syz.0.1397 Tainted: G U L syzkaller #0 PREEMPT(full) [ 464.372375][T10565] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 464.372388][T10565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 464.372409][T10565] Call Trace: [ 464.372428][T10565] [ 464.372441][T10565] dump_stack_lvl+0x100/0x190 [ 464.372500][T10565] should_fail_ex.cold+0x5/0xa [ 464.372542][T10565] should_failslab+0xc2/0x120 [ 464.372597][T10565] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 464.372644][T10565] ? do_getname+0x35/0x390 [ 464.372688][T10565] do_getname+0x35/0x390 [ 464.372727][T10565] do_sys_openat2+0xc5/0x1e0 [ 464.372764][T10565] ? __pfx_do_sys_openat2+0x10/0x10 [ 464.372807][T10565] ? __pfx_sched_core_share_pid+0x10/0x10 [ 464.372853][T10565] __x64_sys_openat+0x12d/0x210 [ 464.372893][T10565] ? __pfx___x64_sys_openat+0x10/0x10 [ 464.372947][T10565] do_syscall_64+0x106/0xf80 [ 464.372992][T10565] ? clear_bhb_loop+0x40/0x90 [ 464.373035][T10565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.373071][T10565] RIP: 0033:0x7f997139bf79 [ 464.373100][T10565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 464.373134][T10565] RSP: 002b:00007f99721d3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 464.373167][T10565] RAX: ffffffffffffffda RBX: 00007f9971616090 RCX: 00007f997139bf79 [ 464.373202][T10565] RDX: 0000000000002000 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 464.373223][T10565] RBP: 00007f99714327e0 R08: 0000000000000000 R09: 0000000000000000 [ 464.373242][T10565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 464.373262][T10565] R13: 00007f9971616128 R14: 00007f9971616090 R15: 00007ffe9ca09278 [ 464.373305][T10565] [ 465.848147][ T5825] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 465.848187][ T5825] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 465.870904][ T5825] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 465.870970][ T5825] Bluetooth: hci0: adv larger than maximum supported [ 465.881963][ T5825] Bluetooth: hci0: adv larger than maximum supported [ 465.888705][ T5825] Bluetooth: hci0: Malformed LE Event: 0x0d [ 467.244099][T10593] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1407'. [ 468.166142][T10604] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1411'. [ 468.930621][ T5825] Bluetooth: hci0: unexpected event 0x20 length: 123 > 7 [ 471.336871][T10634] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1419'. [ 471.471501][T10634] netlink: 'syz.3.1419': attribute type 1 has an invalid length. [ 471.521267][T10634] netlink: 'syz.3.1419': attribute type 6 has an invalid length. [ 471.530767][T10636] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1421'. [ 471.702078][T10638] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1422'. [ 471.721217][T10638] netlink: 252 bytes leftover after parsing attributes in process `syz.1.1422'. [ 475.960419][T10685] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1438'. [ 476.001626][T10685] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1438'. [ 477.216068][ T154] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 478.932748][ T5825] Bluetooth: hci1: unexpected event 0x20 length: 123 > 7 [ 479.729493][T10717] FAULT_INJECTION: forcing a failure. [ 479.729493][T10717] name failslab, interval 1, probability 0, space 0, times 0 [ 479.789702][T10717] CPU: 1 UID: 0 PID: 10717 Comm: syz.1.1448 Tainted: G U L syzkaller #0 PREEMPT(full) [ 479.789758][T10717] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 479.789771][T10717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 479.789791][T10717] Call Trace: [ 479.789802][T10717] [ 479.789813][T10717] dump_stack_lvl+0x100/0x190 [ 479.789869][T10717] should_fail_ex.cold+0x5/0xa [ 479.789907][T10717] should_failslab+0xc2/0x120 [ 479.789969][T10717] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 479.790014][T10717] ? ptlock_alloc+0x1f/0x70 [ 479.790062][T10717] ? __pfx_filemap_map_pages+0x10/0x10 [ 479.790107][T10717] ptlock_alloc+0x1f/0x70 [ 479.790147][T10717] pte_alloc_one+0x84/0x3e0 [ 479.790186][T10717] __do_fault+0x359/0x550 [ 479.790240][T10717] ? __pfx_filemap_map_pages+0x10/0x10 [ 479.790282][T10717] do_fault+0x2db/0x1a00 [ 479.790314][T10717] __handle_mm_fault+0x180f/0x2b60 [ 479.790353][T10717] ? mt_find+0x45e/0x8e0 [ 479.790397][T10717] ? __pfx___handle_mm_fault+0x10/0x10 [ 479.790428][T10717] ? __pfx_mt_find+0x10/0x10 [ 479.790488][T10717] ? find_vma+0xbf/0x140 [ 479.790528][T10717] ? __pfx_find_vma+0x10/0x10 [ 479.790592][T10717] handle_mm_fault+0x36d/0xa20 [ 479.790633][T10717] do_user_addr_fault+0x74c/0x12f0 [ 479.790690][T10717] exc_page_fault+0x6f/0xd0 [ 479.790735][T10717] asm_exc_page_fault+0x26/0x30 [ 479.790765][T10717] RIP: 0010:__put_user_4+0xd/0x20 [ 479.790803][T10717] Code: 66 89 01 31 c9 0f 01 ca e9 80 d0 03 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 57 d0 03 00 0f 1f 80 00 00 00 00 90 90 90 [ 479.790833][T10717] RSP: 0018:ffffc90004ce7e08 EFLAGS: 00050246 [ 479.790857][T10717] RAX: 0000000000000005 RBX: 0000000000000000 RCX: 0000000000000000 [ 479.790874][T10717] RDX: 0000000000080000 RSI: ffffffff8255b8f1 RDI: ffffffff8c1adb20 [ 479.790893][T10717] RBP: 1ffff9200099cfc5 R08: 0000000000000001 R09: 00000000000001ca [ 479.790910][T10717] R10: 0000000000000200 R11: 0000000000000000 R12: 0000000000000005 [ 479.790927][T10717] R13: 0000000000000006 R14: 0000000000000005 R15: dffffc0000000000 [ 479.790960][T10717] ? __might_fault+0x111/0x140 [ 479.791001][T10717] __sys_socketpair+0x120/0x5b0 [ 479.791035][T10717] ? __pfx___sys_socketpair+0x10/0x10 [ 479.791066][T10717] ? xfd_validate_state+0x129/0x190 [ 479.791116][T10717] __x64_sys_socketpair+0x96/0x100 [ 479.791146][T10717] ? lockdep_hardirqs_on+0x78/0x100 [ 479.791185][T10717] do_syscall_64+0x106/0xf80 [ 479.791222][T10717] ? clear_bhb_loop+0x40/0x90 [ 479.791257][T10717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 479.791286][T10717] RIP: 0033:0x7f328079bf79 [ 479.791309][T10717] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 479.791336][T10717] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 479.791361][T10717] RAX: ffffffffffffffda RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 479.791379][T10717] RDX: 8000000000000000 RSI: 0000000000000005 RDI: 000000000000001e [ 479.791397][T10717] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 479.791414][T10717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 479.791431][T10717] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 479.791467][T10717] [ 482.913236][T10743] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 483.309737][ T5825] Bluetooth: hci2: unexpected event 0x3e length: 726 > 260 [ 483.309779][ T5825] Bluetooth: hci2: unexpected subevent 0x03 length: 725 > 9 [ 484.629694][T10765] netlink: 504 bytes leftover after parsing attributes in process `syz.3.1461'. [ 484.671434][T10765] netlink: 350 bytes leftover after parsing attributes in process `syz.3.1461'. [ 490.859652][ T5825] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 494.921383][T10871] netlink: 350 bytes leftover after parsing attributes in process `syz.1.1485'. [ 496.021832][T10879] bonding: no command found in bonding_masters - use +ifname or -ifname [ 496.061692][T10879] bonding: no command found in bonding_masters - use +ifname or -ifname [ 497.679473][T10903] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 497.688329][T10903] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 497.697425][T10903] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 497.716737][T10903] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 497.733412][T10903] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 497.749546][T10903] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 497.877151][T10903] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 499.743207][ T5834] Bluetooth: hci2: command 0x0c1a tx timeout [ 499.750738][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 499.757627][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 499.766145][ T5825] Bluetooth: hci0: command 0x0406 tx timeout [ 499.860039][T10918] netlink: 350 bytes leftover after parsing attributes in process `syz.0.1498'. [ 500.812861][T10936] netlink: 2468 bytes leftover after parsing attributes in process `syz.3.1503'. [ 500.883711][T10941] : Can't lookup blockdev [ 501.555863][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.566269][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.823101][ T5825] Bluetooth: hci1: command 0x0c1a tx timeout [ 501.835566][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 503.899654][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 505.450909][T10977] FAULT_INJECTION: forcing a failure. [ 505.450909][T10977] name failslab, interval 1, probability 0, space 0, times 0 [ 505.464357][T10977] CPU: 1 UID: 0 PID: 10977 Comm: syz.3.1513 Tainted: G U L syzkaller #0 PREEMPT(full) [ 505.464418][T10977] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 505.464428][T10977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 505.464442][T10977] Call Trace: [ 505.464450][T10977] [ 505.464458][T10977] dump_stack_lvl+0x100/0x190 [ 505.464499][T10977] should_fail_ex.cold+0x5/0xa [ 505.464526][T10977] should_failslab+0xc2/0x120 [ 505.464564][T10977] __kmalloc_cache_noprof+0x7a/0x6f0 [ 505.464595][T10977] ? tipc_nametbl_insert_publ+0x5a/0x1580 [ 505.464639][T10977] tipc_nametbl_insert_publ+0x5a/0x1580 [ 505.464696][T10977] ? do_raw_spin_lock+0x128/0x260 [ 505.464732][T10977] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 505.464776][T10977] tipc_nametbl_publish+0x137/0x260 [ 505.464818][T10977] tipc_sk_publish+0x1d8/0x430 [ 505.464858][T10977] ? __pfx_tipc_sk_publish+0x10/0x10 [ 505.464900][T10977] ? __local_bh_enable_ip+0x9e/0x120 [ 505.464929][T10977] tipc_sk_bind+0x16f/0x380 [ 505.464970][T10977] tipc_bind+0x18d/0x280 [ 505.465011][T10977] __sys_bind+0x1a9/0x260 [ 505.465038][T10977] ? __pfx___sys_bind+0x10/0x10 [ 505.465082][T10977] __x64_sys_bind+0x72/0xb0 [ 505.465106][T10977] ? lockdep_hardirqs_on+0x78/0x100 [ 505.465139][T10977] do_syscall_64+0x106/0xf80 [ 505.465171][T10977] ? clear_bhb_loop+0x40/0x90 [ 505.465201][T10977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 505.465227][T10977] RIP: 0033:0x7f7700d9bf79 [ 505.465247][T10977] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 505.465271][T10977] RSP: 002b:00007f7701c25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 505.465295][T10977] RAX: ffffffffffffffda RBX: 00007f7701015fa0 RCX: 00007f7700d9bf79 [ 505.465311][T10977] RDX: 0000000000000066 RSI: 0000200000000040 RDI: 0000000000000002 [ 505.465326][T10977] RBP: 00007f7700e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 505.465342][T10977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 505.465357][T10977] R13: 00007f7701016038 R14: 00007f7701015fa0 R15: 00007fff62eb3398 [ 505.465394][T10977] [ 509.691051][T11013] netlink: 'syz.1.1518': attribute type 4 has an invalid length. [ 509.698850][T11013] netlink: 'syz.1.1518': attribute type 5 has an invalid length. [ 509.900514][T11013] netlink: 10 bytes leftover after parsing attributes in process `syz.1.1518'. [ 511.344156][T11034] netlink: 'syz.1.1523': attribute type 2 has an invalid length. [ 511.355292][T11034] netlink: 'syz.1.1523': attribute type 3 has an invalid length. [ 511.469984][T11034] netlink: 158 bytes leftover after parsing attributes in process `syz.1.1523'. [ 511.567581][T11035] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1524'. [ 511.599950][T11034] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1523'. [ 512.604891][ T5834] Bluetooth: hci2: Malformed Event: 0x02 [ 520.302770][T11129] Dead loop on virtual device ip6_vti0, fix it urgently! [ 520.385562][T11129] Dead loop on virtual device ip6_vti0, fix it urgently! [ 520.440102][T11129] Dead loop on virtual device ip6_vti0, fix it urgently! [ 520.500905][T11129] Dead loop on virtual device ip6_vti0, fix it urgently! [ 520.508530][T11129] Dead loop on virtual device ip6_vti0, fix it urgently! [ 520.552282][T11129] Dead loop on virtual device ip6_vti0, fix it urgently! [ 522.509193][T11151] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1552'. [ 524.720177][ T5834] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 526.992406][T11195] netlink: 17 bytes leftover after parsing attributes in process `syz.1.1566'. [ 527.871739][T11210] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1571'. [ 527.960874][T11212] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1571'. [ 532.637925][T11256] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1581'. [ 533.058818][T11259] HfR: entered promiscuous mode [ 533.193179][T11259] GUP no longer grows the stack in syz.3.1582 (11259): 14000-18000 (4000) [ 533.278174][T11259] CPU: 1 UID: 0 PID: 11259 Comm: syz.3.1582 Tainted: G U L syzkaller #0 PREEMPT(full) [ 533.278232][T11259] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 533.278245][T11259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 533.278266][T11259] Call Trace: [ 533.278277][T11259] [ 533.278289][T11259] dump_stack_lvl+0x100/0x190 [ 533.278346][T11259] gup_vma_lookup.cold+0x83/0x96 [ 533.278399][T11259] __get_user_pages+0x241/0x34d0 [ 533.278470][T11259] ? find_held_lock+0x2b/0x80 [ 533.278524][T11259] ? mtree_load+0x311/0xa40 [ 533.278568][T11259] ? __pfx___get_user_pages+0x10/0x10 [ 533.278636][T11259] get_user_pages_remote+0x3d2/0xb10 [ 533.278689][T11259] ? __pfx_get_user_pages_remote+0x10/0x10 [ 533.278739][T11259] ? noop_dirty_folio+0x98/0x160 [ 533.278791][T11259] __access_remote_vm+0x3ba/0xa70 [ 533.278842][T11259] ? __pfx___access_remote_vm+0x10/0x10 [ 533.278894][T11259] mem_rw+0x20a/0x640 [ 533.278939][T11259] vfs_write+0x2aa/0x1070 [ 533.278980][T11259] ? __pfx_mem_write+0x10/0x10 [ 533.279029][T11259] ? __pfx_vfs_write+0x10/0x10 [ 533.279095][T11259] ? __fget_files+0x215/0x3d0 [ 533.279154][T11259] ? __fget_files+0x21f/0x3d0 [ 533.279212][T11259] ksys_write+0x12a/0x250 [ 533.279259][T11259] ? __pfx_ksys_write+0x10/0x10 [ 533.279317][T11259] do_syscall_64+0x106/0xf80 [ 533.279366][T11259] ? clear_bhb_loop+0x40/0x90 [ 533.279406][T11259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 533.279439][T11259] RIP: 0033:0x7f7700d9bf79 [ 533.279467][T11259] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 533.279499][T11259] RSP: 002b:00007f7701c25028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 533.279530][T11259] RAX: ffffffffffffffda RBX: 00007f7701015fa0 RCX: 00007f7700d9bf79 [ 533.279553][T11259] RDX: 000000000000ffd8 RSI: 0000000000000000 RDI: 0000000000000003 [ 533.279570][T11259] RBP: 00007f7700e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 533.279588][T11259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 533.279607][T11259] R13: 00007f7701016038 R14: 00007f7701015fa0 R15: 00007fff62eb3398 [ 533.279652][T11259] [ 533.306193][T11262] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1583'. [ 535.448301][T11285] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1589'. [ 538.461015][T11301] futex_wake_op: syz.2.1593 tries to shift op by -2048; fix this program [ 538.565949][T11301] futex_wake_op: syz.2.1593 tries to shift op by -2048; fix this program [ 550.251805][T11409] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1625'. [ 553.220942][T11442] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1632'. [ 556.751774][T11470] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1640'. [ 556.821900][T11470] bond0: entered promiscuous mode [ 556.835195][T11470] : entered promiscuous mode [ 556.879712][T11470] bond_slave_1: entered promiscuous mode [ 556.885675][T11470] bond0: entered allmulticast mode [ 556.980191][T11470] : entered allmulticast mode [ 557.005889][T11470] bond_slave_1: entered allmulticast mode [ 559.669027][T11483] kexec: Could not allocate control_code_buffer [ 559.936520][T11498] netlink: 'syz.0.1647': attribute type 3 has an invalid length. [ 559.982529][T11498] netlink: 306 bytes leftover after parsing attributes in process `syz.0.1647'. [ 562.951636][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 562.958138][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.037060][T11568] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1664'. [ 569.111654][T11568] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1664'. [ 579.690283][ T5834] Bluetooth: hci0: Malformed Event: 0x13 [ 580.342311][T11663] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1685'. [ 580.429450][T11663] bond0: entered promiscuous mode [ 580.434648][T11663] bond_slave_0: entered promiscuous mode [ 580.500514][T11663] bond_slave_1: entered promiscuous mode [ 580.506545][T11663] bond0: entered allmulticast mode [ 580.549746][T11663] bond_slave_1: entered allmulticast mode [ 581.409936][T11674] FAULT_INJECTION: forcing a failure. [ 581.409936][T11674] name fail_futex, interval 1, probability 0, space 0, times 1 [ 581.510091][T11674] CPU: 0 UID: 0 PID: 11674 Comm: syz.1.1688 Tainted: G U L syzkaller #0 PREEMPT(full) [ 581.510147][T11674] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 581.510160][T11674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 581.510179][T11674] Call Trace: [ 581.510190][T11674] [ 581.510201][T11674] dump_stack_lvl+0x100/0x190 [ 581.510255][T11674] should_fail_ex.cold+0x5/0xa [ 581.510302][T11674] get_futex_key+0x1d2/0x1620 [ 581.510362][T11674] ? __pfx_get_futex_key+0x10/0x10 [ 581.510400][T11674] ? cmp_ex_search+0x8b/0xb0 [ 581.510447][T11674] ? bsearch+0x9e/0xd0 [ 581.510488][T11674] ? __pfx_cmp_ex_search+0x10/0x10 [ 581.510541][T11674] futex_wait_setup+0x81/0x500 [ 581.510600][T11674] __futex_wait+0x19f/0x300 [ 581.510652][T11674] ? __pfx___futex_wait+0x10/0x10 [ 581.510706][T11674] ? __pfx_futex_wake_mark+0x10/0x10 [ 581.510761][T11674] ? futex_hash+0x2c5/0x380 [ 581.510809][T11674] futex_wait+0xed/0x380 [ 581.510859][T11674] ? __pfx_futex_wait+0x10/0x10 [ 581.510915][T11674] ? __get_user_nocheck_8+0x20/0x20 [ 581.510965][T11674] ? do_vfs_ioctl+0x226/0x13e0 [ 581.511021][T11674] do_futex+0x1ef/0x350 [ 581.511062][T11674] ? __pfx_do_futex+0x10/0x10 [ 581.511104][T11674] ? find_held_lock+0x2b/0x80 [ 581.511161][T11674] __x64_sys_futex+0x34f/0x4d0 [ 581.511200][T11674] ? __fget_files+0x21f/0x3d0 [ 581.511245][T11674] ? __pfx___x64_sys_futex+0x10/0x10 [ 581.511309][T11674] do_syscall_64+0x106/0xf80 [ 581.511368][T11674] ? clear_bhb_loop+0x40/0x90 [ 581.511399][T11674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.511424][T11674] RIP: 0033:0x7f328079bf79 [ 581.511445][T11674] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 581.511469][T11674] RSP: 002b:00007f32816980e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 581.511493][T11674] RAX: ffffffffffffffda RBX: 00007f3280a16098 RCX: 00007f328079bf79 [ 581.511509][T11674] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f3280a16098 [ 581.511526][T11674] RBP: 00007f3280a16090 R08: 0000000000000000 R09: 0000000000000000 [ 581.511554][T11674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 581.511569][T11674] R13: 00007f3280a16128 R14: 00007ffe093f20e0 R15: 00007ffe093f21c8 [ 581.511599][T11674] [ 582.032352][T11676] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 585.864518][T11726] random: crng reseeded on system resumption [ 585.981522][T11726] hub 1-0:1.0: USB hub found [ 586.031221][T11726] hub 1-0:1.0: 1 port detected [ 588.407628][ T5834] Bluetooth: hci1: Malformed Event: 0x13 [ 592.160707][T11777] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input10 [ 594.014472][T11810] synth uevent: /module/orangefs: unknown uevent action string [ 597.168742][T11813] delete_channel: no stack [ 598.498464][T11839] netlink: 50 bytes leftover after parsing attributes in process `syz.1.1729'. [ 599.244989][T11844] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1730'. [ 599.630828][T11847] netlink: 354 bytes leftover after parsing attributes in process `syz.3.1732'. [ 600.442176][T11860] netlink: 'syz.3.1736': attribute type 12 has an invalid length. [ 601.839099][ T5834] Bluetooth: hci0: unexpected event 0x36 length: 123 > 7 [ 601.880405][T11877] FAULT_INJECTION: forcing a failure. [ 601.880405][T11877] name failslab, interval 1, probability 0, space 0, times 0 [ 601.993652][T11877] CPU: 0 UID: 0 PID: 11877 Comm: syz.1.1740 Tainted: G U L syzkaller #0 PREEMPT(full) [ 601.993711][T11877] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 601.993725][T11877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 601.993756][T11877] Call Trace: [ 601.993767][T11877] [ 601.993780][T11877] dump_stack_lvl+0x100/0x190 [ 601.993839][T11877] should_fail_ex.cold+0x5/0xa [ 601.993881][T11877] should_failslab+0xc2/0x120 [ 601.993935][T11877] __kmalloc_cache_noprof+0x7a/0x6f0 [ 601.993975][T11877] ? append_filter_err+0xb8/0x620 [ 601.994022][T11877] ? process_preds+0x937/0x1e10 [ 601.994075][T11877] append_filter_err+0xb8/0x620 [ 601.994129][T11877] apply_subsystem_event_filter+0x73d/0x17d0 [ 601.994193][T11877] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 601.994254][T11877] ? _copy_from_user+0x59/0xd0 [ 601.994300][T11877] ? __pfx_subsystem_filter_write+0x10/0x10 [ 601.994362][T11877] subsystem_filter_write+0x95/0x120 [ 601.994415][T11877] vfs_writev+0x5ea/0xe10 [ 601.994461][T11877] ? rcu_is_watching+0x12/0xc0 [ 601.994522][T11877] ? __pfx_vfs_writev+0x10/0x10 [ 601.994567][T11877] ? fdget_pos+0x2aa/0x380 [ 601.994652][T11877] ? __fget_files+0x21f/0x3d0 [ 601.994712][T11877] ? do_writev+0x13e/0x340 [ 601.994756][T11877] do_writev+0x13e/0x340 [ 601.994802][T11877] ? __pfx_do_writev+0x10/0x10 [ 601.994859][T11877] do_syscall_64+0x106/0xf80 [ 601.994908][T11877] ? clear_bhb_loop+0x40/0x90 [ 601.994952][T11877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 601.994988][T11877] RIP: 0033:0x7f328079bf79 [ 601.995027][T11877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 601.995063][T11877] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 601.995097][T11877] RAX: ffffffffffffffda RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 601.995121][T11877] RDX: 0000000000000005 RSI: 0000200000000140 RDI: 0000000000000007 [ 601.995142][T11877] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 601.995163][T11877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 601.995183][T11877] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 601.995228][T11877] [ 604.355572][T11902] netlink: 186 bytes leftover after parsing attributes in process `syz.3.1745'. [ 604.607879][T11906] random: crng reseeded on system resumption [ 604.810369][T11910] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1748'. [ 604.856247][T11906] hub 1-0:1.0: USB hub found [ 604.949482][T11906] hub 1-0:1.0: 1 port detected [ 605.629475][ T5834] Bluetooth: hci3: unexpected event 0x06 length: 440 > 3 [ 607.367392][T11939] random: crng reseeded on system resumption [ 607.964385][T11942] FAULT_INJECTION: forcing a failure. [ 607.964385][T11942] name failslab, interval 1, probability 0, space 0, times 0 [ 607.977890][T11942] CPU: 1 UID: 0 PID: 11942 Comm: syz.1.1756 Tainted: G U L syzkaller #0 PREEMPT(full) [ 607.977948][T11942] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 607.977961][T11942] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 607.977981][T11942] Call Trace: [ 607.977990][T11942] [ 607.978003][T11942] dump_stack_lvl+0x100/0x190 [ 607.978059][T11942] should_fail_ex.cold+0x5/0xa [ 607.978094][T11942] ? ip_finish_output2+0x883/0x24d0 [ 607.978150][T11942] should_failslab+0xc2/0x120 [ 607.978204][T11942] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 607.978248][T11942] ? skb_clone+0x190/0x400 [ 607.978300][T11942] skb_clone+0x190/0x400 [ 607.978348][T11942] dev_queue_xmit_nit+0x255/0xa60 [ 607.978408][T11942] dev_hard_start_xmit+0x2f5/0x7d0 [ 607.978453][T11942] __dev_queue_xmit+0x6dd/0x4750 [ 607.978506][T11942] ? __pfx___dev_queue_xmit+0x10/0x10 [ 607.978548][T11942] ? __local_bh_enable_ip+0x9e/0x120 [ 607.978589][T11942] ? __lock_acquire+0x4a5/0x2630 [ 607.978671][T11942] ? find_held_lock+0x2b/0x80 [ 607.978737][T11942] ip_finish_output2+0xf4a/0x24d0 [ 607.978807][T11942] ? __pfx_ip_finish_output2+0x10/0x10 [ 607.978860][T11942] ? __pfx_ip_dst_mtu_maybe_forward+0x10/0x10 [ 607.978922][T11942] __ip_finish_output.part.0+0x444/0x6f0 [ 607.978978][T11942] ip_output+0x39b/0xec0 [ 607.979032][T11942] ? __pfx_ip_output+0x10/0x10 [ 607.979084][T11942] ? __pfx_ip_finish_output+0x10/0x10 [ 607.979134][T11942] ? ip4_dst_hoplimit+0x1a9/0x400 [ 607.979194][T11942] __ip_queue_xmit+0x1b73/0x22b0 [ 607.979254][T11942] ? __pfx_ip_queue_xmit+0x10/0x10 [ 607.979315][T11942] __tcp_transmit_skb+0x3347/0x4b50 [ 607.979376][T11942] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 607.979441][T11942] ? ktime_get+0x200/0x300 [ 607.979472][T11942] ? lockdep_hardirqs_on+0x78/0x100 [ 607.979530][T11942] tcp_write_xmit+0x12a2/0x8980 [ 607.979616][T11942] __tcp_push_pending_frames+0xaf/0x3b0 [ 607.979663][T11942] tcp_send_fin+0x11f/0x10f0 [ 607.979714][T11942] __tcp_close+0xa0d/0x1110 [ 607.979762][T11942] ? __local_bh_enable_ip+0x9e/0x120 [ 607.979804][T11942] tcp_close+0x28/0x110 [ 607.979843][T11942] inet_release+0xed/0x200 [ 607.979878][T11942] __sock_release+0xb3/0x260 [ 607.979927][T11942] ? __pfx_sock_close+0x10/0x10 [ 607.979974][T11942] sock_close+0x1c/0x30 [ 607.980018][T11942] __fput+0x3ff/0xb40 [ 607.980056][T11942] ? _raw_spin_unlock_irq+0x23/0x50 [ 607.980102][T11942] task_work_run+0x150/0x240 [ 607.980152][T11942] ? __pfx_task_work_run+0x10/0x10 [ 607.980203][T11942] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 607.980262][T11942] get_signal+0x1bd/0x21e0 [ 607.980296][T11942] ? __pfx___fput_deferred+0x10/0x10 [ 607.980330][T11942] ? __pfx___file_ref_put+0x10/0x10 [ 607.980390][T11942] ? __pfx_get_signal+0x10/0x10 [ 607.980424][T11942] ? do_sendfile+0x44d/0xe20 [ 607.980479][T11942] arch_do_signal_or_restart+0x91/0x770 [ 607.980524][T11942] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 607.980580][T11942] ? __x64_sys_sendfile64+0x189/0x220 [ 607.980647][T11942] exit_to_user_mode_loop+0x86/0x4a0 [ 607.980695][T11942] do_syscall_64+0x668/0xf80 [ 607.980741][T11942] ? clear_bhb_loop+0x40/0x90 [ 607.980792][T11942] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 607.980830][T11942] RIP: 0033:0x7f328079bf79 [ 607.980872][T11942] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 607.980905][T11942] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 607.980937][T11942] RAX: fffffffffffffe00 RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 607.980959][T11942] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000000000000001 [ 607.980978][T11942] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 607.980997][T11942] R10: 00000000000000a1 R11: 0000000000000246 R12: 0000000000000000 [ 607.981017][T11942] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 607.981061][T11942] [ 609.212362][T11944] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1755'. [ 609.259607][T11944] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 609.394522][T11944] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 613.058857][T11989] netlink: 'syz.0.1768': attribute type 12 has an invalid length. [ 613.437064][ T5834] Bluetooth: hci0: unexpected event 0x06 length: 440 > 3 [ 613.759205][T12006] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1771'. [ 613.899873][T12003] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1771'. [ 614.002982][T12014] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1771'. [ 616.121482][T12030] netlink: 62 bytes leftover after parsing attributes in process `syz.3.1778'. [ 616.878413][T12044] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1779'. [ 617.262243][T12044] bridge0: port 2(bridge_slave_1) entered disabled state [ 617.715588][T12044] bridge_slave_1 (unregistering): left allmulticast mode [ 617.743654][T12044] bridge_slave_1 (unregistering): left promiscuous mode [ 617.779041][T12044] bridge0: port 2(bridge_slave_1) entered disabled state [ 624.383868][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.390394][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 626.960307][T12132] bond0: option slaves: interface -]=,Do does not exist! [ 630.940464][ T5825] Bluetooth: hci4: command 0x1003 tx timeout [ 630.947242][ T5834] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 634.806980][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f23a000: rx timeout, send abort [ 634.849391][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f23a000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 636.637440][T12209] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1823'. [ 636.911985][T12195] tipc: Started in network mode [ 636.917432][T12195] tipc: Node identity ee00, cluster identity 4711 [ 636.962050][T12195] tipc: Node number set to 60928 [ 636.968748][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f23a400: rx timeout, send abort [ 637.477156][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805f23a400: abort rx timeout. Force session deactivation [ 639.001456][T12222] hub 1-0:1.0: USB hub found [ 639.027911][T12222] hub 1-0:1.0: 1 port detected [ 641.448222][T12241] FAULT_INJECTION: forcing a failure. [ 641.448222][T12241] name failslab, interval 1, probability 0, space 0, times 0 [ 641.529623][T12241] CPU: 0 UID: 0 PID: 12241 Comm: syz.1.1831 Tainted: G U L syzkaller #0 PREEMPT(full) [ 641.529679][T12241] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 641.529692][T12241] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 641.529711][T12241] Call Trace: [ 641.529721][T12241] [ 641.529733][T12241] dump_stack_lvl+0x100/0x190 [ 641.529787][T12241] should_fail_ex.cold+0x5/0xa [ 641.529825][T12241] should_failslab+0xc2/0x120 [ 641.529895][T12241] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 641.529947][T12241] ? __kernfs_new_node+0xd2/0x960 [ 641.529993][T12241] __kernfs_new_node+0xd2/0x960 [ 641.530027][T12241] ? kernfs_add_one+0x583/0x850 [ 641.530071][T12241] ? __pfx___kernfs_new_node+0x10/0x10 [ 641.530117][T12241] ? find_held_lock+0x2b/0x80 [ 641.530171][T12241] ? kernfs_root+0xee/0x2a0 [ 641.530204][T12241] ? kernfs_root+0xee/0x2a0 [ 641.530249][T12241] kernfs_new_node+0x11b/0x1a0 [ 641.530297][T12241] __kernfs_create_file+0x53/0x350 [ 641.530351][T12241] sysfs_add_file_mode_ns+0x207/0x3c0 [ 641.530418][T12241] sysfs_create_file_ns+0x145/0x1e0 [ 641.530473][T12241] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 641.530530][T12241] ? __pfx___up_read+0x10/0x10 [ 641.530578][T12241] ? acpi_device_notify+0x464/0x500 [ 641.530613][T12241] ? kobject_put+0xb9/0x640 [ 641.530671][T12241] device_create_file+0xf2/0x1d0 [ 641.530723][T12241] device_add+0x2cb/0x1950 [ 641.530765][T12241] ? __pfx_dev_set_name+0x10/0x10 [ 641.530810][T12241] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 641.530864][T12241] ? __pfx_device_add+0x10/0x10 [ 641.530911][T12241] ? lockdep_init_map_type+0x5c/0x250 [ 641.530955][T12241] ? __init_waitqueue_head+0xca/0x150 [ 641.531015][T12241] netdev_register_kobject+0x1a9/0x3d0 [ 641.531075][T12241] register_netdevice+0x12e0/0x2210 [ 641.531134][T12241] ? __pfx_register_netdevice+0x10/0x10 [ 641.531193][T12241] ? __pfx_loopback_net_init+0x10/0x10 [ 641.531229][T12241] register_netdev+0x34/0x50 [ 641.531276][T12241] loopback_net_init+0x7a/0x170 [ 641.531312][T12241] ? __pfx_loopback_net_init+0x10/0x10 [ 641.531346][T12241] ops_init+0x1e2/0x5f0 [ 641.531397][T12241] setup_net+0x118/0x3a0 [ 641.531445][T12241] ? __pfx_setup_net+0x10/0x10 [ 641.531490][T12241] ? lockdep_init_map_type+0x5c/0x250 [ 641.531535][T12241] ? mutex_init_lockep+0x110/0x150 [ 641.531586][T12241] copy_net_ns+0x46f/0x7c0 [ 641.531642][T12241] create_new_namespaces+0x3ea/0xac0 [ 641.531710][T12241] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 641.531748][T12241] ksys_unshare+0x455/0xab0 [ 641.531793][T12241] ? __pfx_ksys_unshare+0x10/0x10 [ 641.531852][T12241] __x64_sys_unshare+0x31/0x40 [ 641.531894][T12241] do_syscall_64+0x106/0xf80 [ 641.531945][T12241] ? clear_bhb_loop+0x40/0x90 [ 641.531989][T12241] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 641.532026][T12241] RIP: 0033:0x7f328079bf79 [ 641.532054][T12241] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 641.532095][T12241] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 641.532127][T12241] RAX: ffffffffffffffda RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 641.532148][T12241] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 641.532168][T12241] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 641.532188][T12241] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 641.532207][T12241] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 641.532252][T12241] [ 643.626075][T12263] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1835'. [ 644.410331][T12269] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1837'. [ 644.461588][T12269] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1837'. [ 645.010620][T12274] netlink: 25 bytes leftover after parsing attributes in process `syz.1.1839'. [ 645.844005][T12285] random: crng reseeded on system resumption [ 646.025805][T12288] hub 1-0:1.0: USB hub found [ 646.669881][T12288] hub 1-0:1.0: 1 port detected [ 647.262044][T12296] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1843'. [ 649.197820][T12307] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 649.968329][T12287] kexec: Could not allocate control_code_buffer [ 652.574418][T12334] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1854'. [ 657.642580][T12380] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1866'. [ 658.070224][T12381] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1867'. [ 659.894366][ T30] audit: type=1800 audit(4294967308.320:7): pid=12398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1871" name="features" dev="configfs" ino=439805 res=0 errno=0 [ 661.871816][T12425] FAULT_INJECTION: forcing a failure. [ 661.871816][T12425] name failslab, interval 1, probability 0, space 0, times 0 [ 661.983126][T12425] CPU: 1 UID: 0 PID: 12425 Comm: syz.1.1874 Tainted: G U L syzkaller #0 PREEMPT(full) [ 661.983180][T12425] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 661.983193][T12425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 661.983213][T12425] Call Trace: [ 661.983223][T12425] [ 661.983235][T12425] dump_stack_lvl+0x100/0x190 [ 661.983290][T12425] should_fail_ex.cold+0x5/0xa [ 661.983329][T12425] should_failslab+0xc2/0x120 [ 661.983381][T12425] __kmalloc_cache_noprof+0x7a/0x6f0 [ 661.983418][T12425] ? snd_midi_event_new+0x6f/0x210 [ 661.983478][T12425] snd_midi_event_new+0x6f/0x210 [ 661.983530][T12425] snd_virmidi_output_open+0x106/0x670 [ 661.983608][T12425] open_substream+0x480/0x9e0 [ 661.983651][T12425] rawmidi_open_priv+0x595/0x6f0 [ 661.983708][T12425] snd_rawmidi_open+0x4c9/0xba0 [ 661.983761][T12425] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 661.983807][T12425] ? __pfx_default_wake_function+0x10/0x10 [ 661.983871][T12425] ? kobject_get_unless_zero+0x156/0x200 [ 661.983930][T12425] ? __pfx_snd_rawmidi_open+0x10/0x10 [ 661.983973][T12425] snd_open+0x22d/0x4c0 [ 661.984030][T12425] ? __pfx_snd_open+0x10/0x10 [ 661.984085][T12425] chrdev_open+0x234/0x6a0 [ 661.984137][T12425] ? __pfx_apparmor_file_open+0x10/0x10 [ 661.984172][T12425] ? __pfx_chrdev_open+0x10/0x10 [ 661.984227][T12425] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 661.984288][T12425] do_dentry_open+0x6d8/0x1660 [ 661.984340][T12425] ? __pfx_chrdev_open+0x10/0x10 [ 661.984402][T12425] vfs_open+0x82/0x3f0 [ 661.984443][T12425] path_openat+0x208c/0x31a0 [ 661.984510][T12425] ? __pfx_path_openat+0x10/0x10 [ 661.984576][T12425] do_file_open+0x20e/0x430 [ 661.984632][T12425] ? __pfx_do_file_open+0x10/0x10 [ 661.984738][T12425] ? alloc_fd+0x476/0x790 [ 661.984794][T12425] ? do_getname+0x191/0x390 [ 661.984834][T12425] do_sys_openat2+0x10d/0x1e0 [ 661.984872][T12425] ? __pfx_do_sys_openat2+0x10/0x10 [ 661.984915][T12425] ? __fget_files+0x21f/0x3d0 [ 661.984974][T12425] __x64_sys_openat+0x12d/0x210 [ 661.985014][T12425] ? __pfx___x64_sys_openat+0x10/0x10 [ 661.985070][T12425] do_syscall_64+0x106/0xf80 [ 661.985115][T12425] ? clear_bhb_loop+0x40/0x90 [ 661.985158][T12425] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 661.985194][T12425] RIP: 0033:0x7f328079bf79 [ 661.985223][T12425] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 661.985257][T12425] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 661.985290][T12425] RAX: ffffffffffffffda RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 661.985313][T12425] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 661.985335][T12425] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 661.985354][T12425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 661.985373][T12425] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 661.985417][T12425] [ 666.039691][T12457] kAFS: Invalid Command on /proc/fs/afs/cells file [ 667.165675][T12470] Invalid ELF header magic: != ELF [ 667.204199][T12451] Invalid ELF header magic: != ELF [ 667.486648][T12466] delete_channel: no stack [ 667.603261][T12469] netlink: 206 bytes leftover after parsing attributes in process `syz.3.1886'. [ 670.166202][T12486] netlink: 25 bytes leftover after parsing attributes in process `syz.3.1893'. [ 672.493629][T12515] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1899'. [ 673.086977][T12525] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1903'. [ 676.207636][T12559] netlink: 'syz.2.1919': attribute type 64 has an invalid length. [ 676.289417][T12559] netlink: 74 bytes leftover after parsing attributes in process `syz.2.1919'. [ 678.945685][T12573] netlink: 306 bytes leftover after parsing attributes in process `syz.2.1914'. [ 680.000786][T12591] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1920'. [ 680.381271][T12588] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1920'. [ 685.359346][T12624] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 685.375747][T12624] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 685.490906][T12624] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 685.497087][T12624] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 685.659555][ T5834] Bluetooth: hci3: command 0x0c1a tx timeout [ 685.825148][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 685.839434][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.421309][ T5834] Bluetooth: hci1: command 0x0c1a tx timeout [ 687.503264][ T5834] Bluetooth: hci0: command 0x0406 tx timeout [ 687.509661][ T5825] Bluetooth: hci2: command 0x0c1a tx timeout [ 699.197790][T12751] netlink: 17 bytes leftover after parsing attributes in process `syz.3.1967'. [ 701.971731][T12780] netlink: 'syz.2.1975': attribute type 2 has an invalid length. [ 703.385715][T12795] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1979'. [ 704.710611][T12807] device-mapper: ioctl: only supply one of name or uuid, cmd(5) [ 709.919962][T12846] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1989'. [ 710.182079][T12829] kexec: Could not allocate control_code_buffer [ 714.831997][T12902] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2004'. [ 714.917281][T12902] netlink: 'syz.0.2004': attribute type 3 has an invalid length. [ 715.696446][T12891] kexec: Could not allocate control_code_buffer [ 717.183062][T12936] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2012'. [ 719.072098][ T30] audit: type=1800 audit(4294967367.484:8): pid=12971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2023" name="features" dev="configfs" ino=491731 res=0 errno=0 [ 719.108894][T12971] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2023'. [ 723.242843][T13032] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2046'. [ 723.573127][ T5834] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 725.934009][T13068] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2056'. [ 728.656944][T13074] usb usb3: usbfs: interface 0 claimed by hub while 'syz.3.2058' sets config #16 [ 734.063379][T13159] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2081'. [ 742.872431][T13263] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2108'. [ 744.338325][T13290] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2118'. [ 747.280991][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.287376][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 747.384600][ T5834] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 754.189993][T13424] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 754.409531][T13424] File: /dev/nullb0 PID: 13424 Comm: syz.1.2151 [ 755.175873][ T30] audit: type=1800 audit(4294967403.594:9): pid=13445 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.2156" name="SYSVffffffff" dev="tmpfs" ino=0 res=0 errno=0 [ 755.523803][T13422] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.2151' sets config #16 [ 759.963790][T13490] netlink: 330 bytes leftover after parsing attributes in process `syz.1.2166'. [ 760.540960][T13501] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2168'. [ 760.589925][T13501] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2168'. [ 773.449612][T13666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x78000 [ 773.458503][T13666] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 773.642941][T13666] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 773.764888][T13666] page_type: f5(slab) [ 773.768961][T13666] raw: 00fff00000000040 ffff88801dad9000 dead000000000100 dead000000000122 [ 773.875858][T13666] raw: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 773.951251][T13666] head: 00fff00000000040 ffff88801dad9000 dead000000000100 dead000000000122 [ 774.029391][T13666] head: 0000000000000000 0000000000130013 00000000f5000000 0000000000000000 [ 774.089719][T13666] head: 00fff00000000003 ffffea0001e00001 00000000ffffffff 00000000ffffffff [ 774.137065][T13666] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 774.182494][T13666] page dumped because: unmovable page [ 774.199362][T13666] page_owner tracks the page as allocated [ 774.205144][T13666] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5197, tgid 5197 (udevd), ts 54674086067, free_ts 54666824603 [ 774.309373][T13666] post_alloc_hook+0x153/0x170 [ 774.314254][T13666] get_page_from_freelist+0x111d/0x3140 [ 774.350489][T13666] __alloc_frozen_pages_noprof+0x27c/0x2ba0 [ 774.356489][T13666] new_slab+0xa6/0x6e0 [ 774.404270][T13666] refill_objects+0x26b/0x400 [ 774.409045][T13666] __pcs_replace_empty_main+0x19f/0x600 [ 774.439390][T13666] kmem_cache_alloc_lru_noprof+0x485/0x6e0 [ 774.445303][T13666] shmem_alloc_inode+0x25/0x50 [ 774.479438][T13666] alloc_inode+0x68/0x250 [ 774.483966][T13666] new_inode+0x22/0x1c0 [ 774.488179][T13666] shmem_get_inode+0x197/0xf30 [ 774.550318][T13666] shmem_mknod+0x1a2/0x3b0 [ 774.622422][T13666] lookup_open.isra.0+0xc47/0x11b0 [ 774.627649][T13666] path_openat+0x2291/0x31a0 [ 774.709381][T13666] do_file_open+0x20e/0x430 [ 774.734412][T13666] do_sys_openat2+0x10d/0x1e0 [ 774.753320][T13666] page last free pid 5194 tgid 5194 stack trace: [ 774.779463][T13666] __free_frozen_pages+0x7ca/0x10a0 [ 774.784753][T13666] qlist_free_all+0x47/0xe0 [ 774.791885][T13666] kasan_quarantine_reduce+0x1a0/0x1f0 [ 774.797429][T13666] __kasan_slab_alloc+0x69/0x90 [ 774.829466][T13666] kmem_cache_alloc_noprof+0x241/0x6e0 [ 774.835087][T13666] do_getname+0x35/0x390 [ 774.849402][T13666] do_sys_openat2+0xc5/0x1e0 [ 774.864356][T13666] __x64_sys_openat+0x12d/0x210 [ 774.879394][T13666] do_syscall_64+0x106/0xf80 [ 774.894334][T13666] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 781.252798][T13784] futex_wake_op: syz.1.2246 tries to shift op by -2048; fix this program [ 781.309976][T13784] futex_wake_op: syz.1.2246 tries to shift op by -2048; fix this program [ 781.350781][T13784] 0x000000000001-0x000000020000 : "" [ 781.703799][T13784] ftl_cs: FTL header corrupt! [ 793.186570][T13935] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2286'. [ 793.773710][T13943] ptrace attach of "./syz-executor exec"[5821] was attempted by "[w#9nyˋGf |/\x0a2\x229D\x0c|vOL #6h1!?:X@L+,$eUigȄmtLϺ^42yN%\x0dN.\x1b\x09Zk~k6~KY2\x5cx*Jnq\x0bv7̈7e3}>R}u,l$([VgDpt! o˱i\x5cTOv[.y\x1bhe_YL̢C`sBrfGcg*xˁ)+x8Їwà?\x0cs3q(tk4wl㥹'RbGI`sX\x5c6$t$Y6;i JCXyvHSd QmБjIpч2p9u\x0a|.Ȇy>=ea\x0aHMӘb@pn`aFNx`=r2\x0bS\x0a2]0?64gҟ [ 798.770753][T13995] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 801.168856][T14007] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2304'. [ 804.750306][T14063] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2317'. [ 805.923721][T14068] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2319'. [ 808.703580][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.711464][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.338998][T14137] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 811.389366][T14137] File: /dev/nullb0 PID: 14137 Comm: syz.1.2335 [ 812.523344][T14158] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2338'. [ 813.754243][T14147] kexec: Could not allocate control_code_buffer [ 814.119525][ T30] audit: type=1800 audit(4294967462.524:10): pid=14168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2342" name="dbroot" dev="configfs" ino=571189 res=0 errno=0 [ 817.953515][T14180] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.2346' sets config #16 [ 820.261024][T14228] zswap: compressor not available [ 821.103856][T14240] misc userio: Invalid payload size [ 821.155520][T14251] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2366'. [ 827.243420][T14333] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2387'. [ 829.159721][T14366] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2395'. [ 830.020772][T14376] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2397'. [ 831.700457][T14389] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2401'. [ 833.080104][T14405] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.2405' sets config #16 [ 841.057361][T14491] kexec: Could not allocate control_code_buffer [ 845.287077][T14550] netlink: 334 bytes leftover after parsing attributes in process `syz.2.2436'. [ 846.323841][ T30] audit: type=1800 audit(4294967494.734:11): pid=14566 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2443" name="SYSV00000008" dev="tmpfs" ino=0 res=0 errno=0 [ 846.538947][T14564] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2442'. [ 846.699458][T14561] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2441'. [ 847.564257][T14576] FAULT_INJECTION: forcing a failure. [ 847.564257][T14576] name fail_futex, interval 1, probability 0, space 0, times 0 [ 847.578547][T14576] CPU: 1 UID: 0 PID: 14576 Comm: syz.1.2445 Tainted: G U L syzkaller #0 PREEMPT(full) [ 847.578600][T14576] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 847.578613][T14576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 847.578632][T14576] Call Trace: [ 847.578642][T14576] [ 847.578654][T14576] dump_stack_lvl+0x100/0x190 [ 847.578710][T14576] should_fail_ex.cold+0x5/0xa [ 847.578749][T14576] should_fail_futex+0x4c/0x60 [ 847.578785][T14576] futex_lock_pi_atomic+0x12d/0xaf0 [ 847.578841][T14576] futex_lock_pi+0x246/0x7b0 [ 847.578893][T14576] ? __pfx_futex_lock_pi+0x10/0x10 [ 847.578936][T14576] ? preempt_schedule_common+0x42/0xc0 [ 847.578982][T14576] ? preempt_schedule_thunk+0x16/0x30 [ 847.579040][T14576] ? __pfx_try_to_wake_up+0x10/0x10 [ 847.579105][T14576] ? futex_private_hash_put+0x107/0x1c0 [ 847.579148][T14576] ? __pfx_futex_wake_mark+0x10/0x10 [ 847.579205][T14576] ? ksys_write+0x190/0x250 [ 847.579253][T14576] ? ksys_write+0x190/0x250 [ 847.579307][T14576] do_futex+0x18a/0x350 [ 847.579345][T14576] ? __pfx_do_futex+0x10/0x10 [ 847.579395][T14576] __x64_sys_futex+0x34f/0x4d0 [ 847.579450][T14576] ? __pfx___x64_sys_futex+0x10/0x10 [ 847.579507][T14576] do_syscall_64+0x106/0xf80 [ 847.579551][T14576] ? clear_bhb_loop+0x40/0x90 [ 847.579594][T14576] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.579628][T14576] RIP: 0033:0x7f328079bf79 [ 847.579654][T14576] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 847.579685][T14576] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 847.579717][T14576] RAX: ffffffffffffffda RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 847.579758][T14576] RDX: 0000000000000008 RSI: 0000000000000006 RDI: 0000000000000000 [ 847.579778][T14576] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 000000008000fff5 [ 847.579799][T14576] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 847.579818][T14576] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 847.579863][T14576] [ 848.991745][T14592] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2451'. [ 849.036284][T14592] netlink: 25 bytes leftover after parsing attributes in process `syz.2.2451'. [ 851.010392][T14614] misc userio: Invalid payload size [ 858.050067][T14685] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2473'. [ 863.539892][T14724] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2480'. [ 864.816415][T14747] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2487'. [ 864.827253][T14747] netlink: 'syz.3.2487': attribute type 1 has an invalid length. [ 864.854698][T14747] netlink: 51505 bytes leftover after parsing attributes in process `syz.3.2487'. [ 865.053440][T14749] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2488'. [ 868.821489][T14796] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2498'. [ 870.211437][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.220583][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 877.790227][T14889] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2521'. [ 883.064343][T14963] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2537'. [ 888.094633][T15010] FAULT_INJECTION: forcing a failure. [ 888.094633][T15010] name failslab, interval 1, probability 0, space 0, times 0 [ 888.221210][T15010] CPU: 1 UID: 0 PID: 15010 Comm: syz.1.2547 Tainted: G U L syzkaller #0 PREEMPT(full) [ 888.221273][T15010] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 888.221286][T15010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 888.221307][T15010] Call Trace: [ 888.221318][T15010] [ 888.221332][T15010] dump_stack_lvl+0x100/0x190 [ 888.221390][T15010] should_fail_ex.cold+0x5/0xa [ 888.221430][T15010] should_failslab+0xc2/0x120 [ 888.221483][T15010] __kmalloc_cache_noprof+0x7a/0x6f0 [ 888.221521][T15010] ? snd_seq_timer_new+0x44/0x1b0 [ 888.221578][T15010] snd_seq_timer_new+0x44/0x1b0 [ 888.221625][T15010] snd_seq_queue_alloc+0x177/0x590 [ 888.221672][T15010] snd_seq_ioctl_create_queue+0xa9/0x370 [ 888.221726][T15010] call_seq_client_ctl+0xa3/0x130 [ 888.221780][T15010] snd_seq_kernel_client_ctl+0x77/0xd0 [ 888.221835][T15010] alloc_seq_queue+0xdb/0x180 [ 888.221908][T15010] ? __pfx_alloc_seq_queue+0x10/0x10 [ 888.221983][T15010] ? mark_held_locks+0x40/0x70 [ 888.222023][T15010] ? _raw_spin_unlock_irq+0x23/0x50 [ 888.222063][T15010] ? lockdep_hardirqs_on+0x78/0x100 [ 888.222111][T15010] snd_seq_oss_open+0x2b2/0xa10 [ 888.222173][T15010] odev_open+0x79/0xc0 [ 888.222221][T15010] ? __pfx_odev_open+0x10/0x10 [ 888.222270][T15010] soundcore_open+0x2e3/0x5a0 [ 888.222327][T15010] ? __pfx_soundcore_open+0x10/0x10 [ 888.222378][T15010] chrdev_open+0x234/0x6a0 [ 888.222428][T15010] ? __pfx_apparmor_file_open+0x10/0x10 [ 888.222463][T15010] ? __pfx_chrdev_open+0x10/0x10 [ 888.222537][T15010] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 888.222599][T15010] do_dentry_open+0x6d8/0x1660 [ 888.222661][T15010] ? __pfx_chrdev_open+0x10/0x10 [ 888.222722][T15010] vfs_open+0x82/0x3f0 [ 888.222762][T15010] path_openat+0x208c/0x31a0 [ 888.222827][T15010] ? __pfx_path_openat+0x10/0x10 [ 888.222899][T15010] do_file_open+0x20e/0x430 [ 888.222955][T15010] ? __pfx_do_file_open+0x10/0x10 [ 888.223036][T15010] ? alloc_fd+0x476/0x790 [ 888.223089][T15010] ? do_getname+0x191/0x390 [ 888.223146][T15010] do_sys_openat2+0x10d/0x1e0 [ 888.223185][T15010] ? __pfx_do_sys_openat2+0x10/0x10 [ 888.223239][T15010] __x64_sys_openat+0x12d/0x210 [ 888.223279][T15010] ? __pfx___x64_sys_openat+0x10/0x10 [ 888.223335][T15010] do_syscall_64+0x106/0xf80 [ 888.223379][T15010] ? clear_bhb_loop+0x40/0x90 [ 888.223422][T15010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 888.223458][T15010] RIP: 0033:0x7f328079bf79 [ 888.223488][T15010] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 888.223523][T15010] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 888.223556][T15010] RAX: ffffffffffffffda RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 888.223579][T15010] RDX: 0000000000000801 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 888.223601][T15010] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 888.223622][T15010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 888.223642][T15010] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 888.223685][T15010] [ 892.317965][T15042] kexec: Could not allocate control_code_buffer [ 894.580235][T15064] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2559'. [ 896.689437][T15099] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2567'. [ 896.733217][T15099] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2567'. [ 897.853275][T15112] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2574'. [ 898.477720][T15122] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2576'. [ 900.162853][T15135] usb usb3: usbfs: interface 0 claimed by hub while 'syz.3.2580' sets config #16 [ 900.308243][T15150] input: jJǸ-9%vJ86 as /devices/virtual/input/input11 [ 902.550306][T15182] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2589'. [ 902.859898][T15186] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2591'. [ 902.871428][T15186] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2591'. [ 904.109696][T15187] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 904.129460][T15187] File: /dev/nullb0 PID: 15187 Comm: syz.3.2590 [ 905.219741][T15209] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2595'. [ 910.344013][T15249] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2604'. [ 914.082001][T15296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2615'. [ 919.239689][T15354] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2627'. [ 920.017685][T15372] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2631'. [ 920.226502][T15379] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2632'. [ 920.572796][T15386] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2633'. [ 921.143718][T15401] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2637'. [ 921.876179][T15418] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2642'. [ 922.082039][T15411] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.2640' sets config #16 [ 922.850102][T15430] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2645'. [ 924.164848][T15459] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2649'. [ 924.841616][T15468] __vm_enough_memory: pid: 15468, comm: syz.2.2654, bytes: 8589938688 not enough memory for the allocation [ 925.852078][T15497] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2660'. [ 928.239550][T15522] Page cache invalidation failure on direct I/O. Possible data corruption due to collision with buffered I/O! [ 928.367729][T15522] File: /dev/nullb0 PID: 15522 Comm: syz.3.2663 [ 928.659803][T15517] usb usb3: usbfs: interface 0 claimed by hub while 'syz.3.2663' sets config #16 [ 929.147654][T15538] hub 1-0:1.0: USB hub found [ 929.170685][T15538] hub 1-0:1.0: 1 port detected [ 929.615769][T15550] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2670'. [ 931.589063][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.595653][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.319527][T15605] misc userio: Invalid payload size [ 934.512184][T15609] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2683'. [ 934.874587][T15619] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 935.342177][T15620] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input13 [ 937.811676][T15676] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2700'. [ 944.305357][T15801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2732'. [ 946.351739][T15821] Process accounting resumed [ 950.664754][T15919] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2763'. [ 951.029802][T15918] misc userio: Invalid payload size [ 951.554708][T15933] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input14 [ 953.897600][T15968] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2776'. [ 955.782986][T16003] netlink: 504 bytes leftover after parsing attributes in process `syz.2.2784'. [ 956.926170][T16022] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2789'. [ 958.248243][T16050] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2794'. [ 958.508992][T16047] usb usb3: usbfs: interface 0 claimed by hub while 'syz.3.2795' sets config #16 [ 960.675051][T16081] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 960.682460][T16081] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 960.688636][T16081] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 960.699046][T16081] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 960.710180][T16081] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 960.716533][T16081] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 961.297897][T16102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 961.320443][T16102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 961.339048][T16102] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 961.348356][T16102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 961.371169][T16102] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 961.624498][T16107] base or size exceeds the MTRR width [ 961.753263][T16110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2810'. [ 961.980064][T16102] Bluetooth: hci3: command 0x0c1a tx timeout [ 962.082571][T16101] chnl_net:caif_netlink_parms(): no params data found [ 962.443273][T16101] bridge0: port 1(bridge_slave_0) entered blocking state [ 962.459687][T16101] bridge0: port 1(bridge_slave_0) entered disabled state [ 962.467051][T16101] bridge_slave_0: entered allmulticast mode [ 962.492976][T16101] bridge_slave_0: entered promiscuous mode [ 962.501631][T16101] bridge0: port 2(bridge_slave_1) entered blocking state [ 962.514559][T16101] bridge0: port 2(bridge_slave_1) entered disabled state [ 962.529516][T16101] bridge_slave_1: entered allmulticast mode [ 962.551460][T16101] bridge_slave_1: entered promiscuous mode [ 962.703038][T16102] Bluetooth: hci2: command 0x0c1a tx timeout [ 962.721631][T16101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 962.748480][T16101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 962.783256][T16102] Bluetooth: hci0: command 0x0406 tx timeout [ 962.844352][T16101] team0: Port device team_slave_0 added [ 962.880499][T16101] team0: Port device team_slave_1 added [ 962.928703][T16101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 962.936149][T16101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 962.962695][T16101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 962.991882][T16101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 962.999396][T16101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 963.026956][T16101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 963.086861][T16101] hsr_slave_0: entered promiscuous mode [ 963.093618][T16101] hsr_slave_1: entered promiscuous mode [ 963.104360][T16101] debugfs: 'hsr0' already exists in 'hsr' [ 963.110253][T16101] Cannot create hsr debugfs directory [ 963.329939][T16101] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 963.341627][T16101] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 963.352044][T16101] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 963.364000][T16101] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 963.397361][T16101] bridge0: port 2(bridge_slave_1) entered blocking state [ 963.404573][T16101] bridge0: port 2(bridge_slave_1) entered forwarding state [ 963.419761][T16102] Bluetooth: hci4: command tx timeout [ 963.428201][T15356] bridge0: port 2(bridge_slave_1) entered disabled state [ 963.482649][T16101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 963.505525][T16101] 8021q: adding VLAN 0 to HW filter on device team0 [ 963.520127][T15432] bridge0: port 1(bridge_slave_0) entered blocking state [ 963.527413][T15432] bridge0: port 1(bridge_slave_0) entered forwarding state [ 963.544556][T15432] bridge0: port 2(bridge_slave_1) entered blocking state [ 963.551779][T15432] bridge0: port 2(bridge_slave_1) entered forwarding state [ 963.783177][T16101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 964.055772][T16101] veth0_vlan: entered promiscuous mode [ 964.069978][T16101] veth1_vlan: entered promiscuous mode [ 964.103204][T16101] veth0_macvtap: entered promiscuous mode [ 964.113971][T16101] veth1_macvtap: entered promiscuous mode [ 964.134803][T16101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 964.155437][T16101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 964.172835][T15432] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.185484][T15432] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.194492][T15432] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.204318][T15432] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 964.289444][T15432] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 964.304908][T15432] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 964.340944][T15432] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 964.348849][T15432] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 964.486807][T16151] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2821'. [ 964.513835][T16151] netlink: 'syz.1.2821': attribute type 1 has an invalid length. [ 964.530068][T16151] netlink: 342 bytes leftover after parsing attributes in process `syz.1.2821'. [ 964.669529][T16158] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2806'. [ 964.859810][T16102] Bluetooth: hci0: command 0x0406 tx timeout [ 965.499701][T16102] Bluetooth: hci4: command tx timeout [ 967.221448][T16198] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2826'. [ 967.579515][T16102] Bluetooth: hci4: command tx timeout [ 967.835790][T16209] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2827'. [ 967.892355][T16215] netlink: 'syz.1.2827': attribute type 1 has an invalid length. [ 967.907973][T16215] netlink: 51505 bytes leftover after parsing attributes in process `syz.1.2827'. [ 967.998344][T16216] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2830'. [ 968.226858][T16222] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2831'. [ 969.247998][T16246] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2837'. [ 969.660971][T16102] Bluetooth: hci4: command tx timeout [ 970.801905][T16256] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 970.815315][T16256] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 970.821730][T16281] loop6: detected capacity change from 0 to 8192 [ 970.848617][T16282] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2843'. [ 970.874950][T16256] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 970.892341][T16256] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 970.938252][T16256] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 970.977004][T16256] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 971.900956][T16102] Bluetooth: hci3: command 0x0c1a tx timeout [ 972.339349][T16310] FAULT_INJECTION: forcing a failure. [ 972.339349][T16310] name failslab, interval 1, probability 0, space 0, times 0 [ 972.394935][T16310] CPU: 0 UID: 0 PID: 16310 Comm: syz.4.2852 Tainted: G U L syzkaller #0 PREEMPT(full) [ 972.394998][T16310] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 972.395011][T16310] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 972.395031][T16310] Call Trace: [ 972.395042][T16310] [ 972.395055][T16310] dump_stack_lvl+0x100/0x190 [ 972.395113][T16310] should_fail_ex.cold+0x5/0xa [ 972.395154][T16310] should_failslab+0xc2/0x120 [ 972.395208][T16310] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 972.395251][T16310] ? __proc_create+0x2cb/0x8c0 [ 972.395302][T16310] __proc_create+0x2cb/0x8c0 [ 972.395346][T16310] ? __pfx___proc_create+0x10/0x10 [ 972.395395][T16310] ? _raw_write_unlock+0x28/0x50 [ 972.395445][T16310] proc_create_reg+0x75/0x170 [ 972.395492][T16310] proc_create_data+0x86/0x110 [ 972.395537][T16310] ? __pfx_proc_create_data+0x10/0x10 [ 972.395583][T16310] ? cache_register_net+0x137/0x5e0 [ 972.395634][T16310] ? cache_register_net+0x137/0x5e0 [ 972.395693][T16310] cache_register_net+0x1e0/0x5e0 [ 972.395750][T16310] gss_svc_init_net+0x98/0x640 [ 972.395791][T16310] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 972.395849][T16310] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 972.395896][T16310] ops_init+0x1e2/0x5f0 [ 972.395951][T16310] setup_net+0x118/0x3a0 [ 972.396000][T16310] ? __pfx_setup_net+0x10/0x10 [ 972.396056][T16310] ? lockdep_init_map_type+0x5c/0x250 [ 972.396101][T16310] ? mutex_init_lockep+0x110/0x150 [ 972.396150][T16310] copy_net_ns+0x46f/0x7c0 [ 972.396203][T16310] create_new_namespaces+0x3ea/0xac0 [ 972.396268][T16310] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 972.396305][T16310] ksys_unshare+0x455/0xab0 [ 972.396350][T16310] ? __pfx_ksys_unshare+0x10/0x10 [ 972.396406][T16310] __x64_sys_unshare+0x31/0x40 [ 972.396444][T16310] do_syscall_64+0x106/0xf80 [ 972.396488][T16310] ? clear_bhb_loop+0x40/0x90 [ 972.396529][T16310] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 972.396563][T16310] RIP: 0033:0x7fc680b9bf79 [ 972.396592][T16310] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 972.396625][T16310] RSP: 002b:00007fc67edf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 972.396657][T16310] RAX: ffffffffffffffda RBX: 00007fc680e16090 RCX: 00007fc680b9bf79 [ 972.396679][T16310] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 972.396698][T16310] RBP: 00007fc680c327e0 R08: 0000000000000000 R09: 0000000000000000 [ 972.396717][T16310] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 972.396737][T16310] R13: 00007fc680e16128 R14: 00007fc680e16090 R15: 00007ffeb56ad978 [ 972.396780][T16310] [ 972.922444][T15375] Bluetooth: hci2: command 0x0c1a tx timeout [ 972.976807][T16102] Bluetooth: hci4: command 0x0c1a tx timeout [ 972.983123][T15375] Bluetooth: hci0: command 0x0406 tx timeout [ 974.815452][T16350] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2860'. [ 975.026789][T16102] Bluetooth: hci4: command 0x0c1a tx timeout [ 975.116851][T16357] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2861'. [ 976.271825][T16382] FAULT_INJECTION: forcing a failure. [ 976.271825][T16382] name failslab, interval 1, probability 0, space 0, times 0 [ 976.349409][T16382] CPU: 1 UID: 0 PID: 16382 Comm: syz.3.2866 Tainted: G U L syzkaller #0 PREEMPT(full) [ 976.349465][T16382] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 976.349478][T16382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 976.349497][T16382] Call Trace: [ 976.349507][T16382] [ 976.349519][T16382] dump_stack_lvl+0x100/0x190 [ 976.349577][T16382] should_fail_ex.cold+0x5/0xa [ 976.349615][T16382] ? cache_create_net+0x9b/0x220 [ 976.349662][T16382] should_failslab+0xc2/0x120 [ 976.349711][T16382] __kmalloc_noprof+0xe0/0x850 [ 976.349774][T16382] cache_create_net+0x9b/0x220 [ 976.349822][T16382] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 976.349869][T16382] gss_svc_init_net+0x69/0x640 [ 976.349911][T16382] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 976.349965][T16382] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 976.350012][T16382] ops_init+0x1e2/0x5f0 [ 976.350064][T16382] setup_net+0x118/0x3a0 [ 976.350111][T16382] ? __pfx_setup_net+0x10/0x10 [ 976.350154][T16382] ? lockdep_init_map_type+0x5c/0x250 [ 976.350197][T16382] ? mutex_init_lockep+0x110/0x150 [ 976.350248][T16382] copy_net_ns+0x46f/0x7c0 [ 976.350302][T16382] create_new_namespaces+0x3ea/0xac0 [ 976.350367][T16382] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 976.350405][T16382] ksys_unshare+0x455/0xab0 [ 976.350450][T16382] ? __pfx_ksys_unshare+0x10/0x10 [ 976.350512][T16382] __x64_sys_unshare+0x31/0x40 [ 976.350555][T16382] do_syscall_64+0x106/0xf80 [ 976.350602][T16382] ? clear_bhb_loop+0x40/0x90 [ 976.350646][T16382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 976.350682][T16382] RIP: 0033:0x7f7700d9bf79 [ 976.350711][T16382] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 976.350754][T16382] RSP: 002b:00007f7701c04028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 976.350786][T16382] RAX: ffffffffffffffda RBX: 00007f7701016090 RCX: 00007f7700d9bf79 [ 976.350808][T16382] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 976.350828][T16382] RBP: 00007f7700e327e0 R08: 0000000000000000 R09: 0000000000000000 [ 976.350847][T16382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 976.350866][T16382] R13: 00007f7701016128 R14: 00007f7701016090 R15: 00007fff62eb3398 [ 976.350911][T16382] [ 976.605362][T16388] tipc: Started in network mode [ 976.610466][T16388] tipc: Node identity ee00, cluster identity 4711 [ 976.617090][T16388] tipc: Node number set to 60928 [ 977.101636][T16102] Bluetooth: hci4: command 0x0c1a tx timeout [ 977.647501][T16398] Process accounting paused [ 977.955675][T16415] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2872'. [ 980.873606][T16447] zswap: compressor not available [ 980.949327][T16453] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2880'. [ 980.999946][T16453] netlink: 354 bytes leftover after parsing attributes in process `syz.3.2880'. [ 981.090066][T16456] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 981.826140][T16461] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 985.471222][T16525] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2898'. [ 985.600565][T16520] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 985.665537][T16520] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 985.695755][T16520] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 985.743541][T16532] FAULT_INJECTION: forcing a failure. [ 985.743541][T16532] name failslab, interval 1, probability 0, space 0, times 0 [ 985.756825][T16532] CPU: 0 UID: 0 PID: 16532 Comm: syz.1.2897 Tainted: G U L syzkaller #0 PREEMPT(full) [ 985.756880][T16532] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 985.756894][T16532] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 985.756914][T16532] Call Trace: [ 985.756925][T16532] [ 985.756938][T16532] dump_stack_lvl+0x100/0x190 [ 985.756995][T16532] should_fail_ex.cold+0x5/0xa [ 985.757036][T16532] should_failslab+0xc2/0x120 [ 985.757091][T16532] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 985.757141][T16532] ? cache_create_net+0x2b/0x220 [ 985.757196][T16532] kmemdup_noprof+0x29/0x60 [ 985.757244][T16532] cache_create_net+0x2b/0x220 [ 985.757292][T16532] gss_svc_init_net+0x11f/0x640 [ 985.757334][T16532] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 985.757385][T16532] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 985.757431][T16532] ops_init+0x1e2/0x5f0 [ 985.757483][T16532] setup_net+0x118/0x3a0 [ 985.757530][T16532] ? __pfx_setup_net+0x10/0x10 [ 985.757573][T16532] ? lockdep_init_map_type+0x5c/0x250 [ 985.757619][T16532] ? mutex_init_lockep+0x110/0x150 [ 985.757688][T16532] copy_net_ns+0x46f/0x7c0 [ 985.757745][T16532] create_new_namespaces+0x3ea/0xac0 [ 985.757824][T16532] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 985.757865][T16532] ksys_unshare+0x455/0xab0 [ 985.757913][T16532] ? __pfx_ksys_unshare+0x10/0x10 [ 985.757974][T16532] __x64_sys_unshare+0x31/0x40 [ 985.758017][T16532] do_syscall_64+0x106/0xf80 [ 985.758062][T16532] ? clear_bhb_loop+0x40/0x90 [ 985.758107][T16532] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 985.758144][T16532] RIP: 0033:0x7f328079bf79 [ 985.758173][T16532] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 985.758207][T16532] RSP: 002b:00007f3281698028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 985.758241][T16532] RAX: ffffffffffffffda RBX: 00007f3280a16090 RCX: 00007f328079bf79 [ 985.758263][T16532] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 985.758282][T16532] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 985.758303][T16532] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 985.758322][T16532] R13: 00007f3280a16128 R14: 00007f3280a16090 R15: 00007ffe093f21c8 [ 985.758367][T16532] [ 985.981136][T16520] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 986.247382][T16102] Bluetooth: hci3: Malformed Event: 0x02 [ 987.031290][T16102] Bluetooth: hci3: command 0x0c1a tx timeout [ 987.760801][T16102] Bluetooth: hci0: command 0x0406 tx timeout [ 987.766899][T16102] Bluetooth: hci2: command 0x0c1a tx timeout [ 988.069468][T16102] Bluetooth: hci4: command 0x0c1a tx timeout [ 988.308969][T16565] usb usb3: usbfs: interface 0 claimed by hub while 'syz.3.2909' sets config #16 [ 988.729273][T16575] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2912'. [ 989.365836][T16574] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 989.404074][T16574] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 989.419682][T16574] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 989.435867][T16574] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 989.786164][T16595] FAULT_INJECTION: forcing a failure. [ 989.786164][T16595] name failslab, interval 1, probability 0, space 0, times 0 [ 989.838698][T16595] CPU: 1 UID: 0 PID: 16595 Comm: syz.1.2916 Tainted: G U L syzkaller #0 PREEMPT(full) [ 989.838756][T16595] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 989.838769][T16595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 989.838790][T16595] Call Trace: [ 989.838801][T16595] [ 989.838814][T16595] dump_stack_lvl+0x100/0x190 [ 989.838873][T16595] should_fail_ex.cold+0x5/0xa [ 989.838913][T16595] ? cache_create_net+0x9b/0x220 [ 989.838958][T16595] should_failslab+0xc2/0x120 [ 989.839013][T16595] __kmalloc_noprof+0xe0/0x850 [ 989.839068][T16595] cache_create_net+0x9b/0x220 [ 989.839114][T16595] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 989.839165][T16595] gss_svc_init_net+0x69/0x640 [ 989.839206][T16595] ? __pfx_canbcm_pernet_init+0x10/0x10 [ 989.839262][T16595] ? __pfx_rpcsec_gss_init_net+0x10/0x10 [ 989.839309][T16595] ops_init+0x1e2/0x5f0 [ 989.839362][T16595] setup_net+0x118/0x3a0 [ 989.839419][T16595] ? __pfx_setup_net+0x10/0x10 [ 989.839466][T16595] ? lockdep_init_map_type+0x5c/0x250 [ 989.839513][T16595] ? mutex_init_lockep+0x110/0x150 [ 989.839566][T16595] copy_net_ns+0x46f/0x7c0 [ 989.839623][T16595] create_new_namespaces+0x3ea/0xac0 [ 989.839688][T16595] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 989.839728][T16595] ksys_unshare+0x455/0xab0 [ 989.839773][T16595] ? __pfx_ksys_unshare+0x10/0x10 [ 989.839833][T16595] __x64_sys_unshare+0x31/0x40 [ 989.839874][T16595] do_syscall_64+0x106/0xf80 [ 989.839919][T16595] ? clear_bhb_loop+0x40/0x90 [ 989.839962][T16595] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 989.839998][T16595] RIP: 0033:0x7f328079bf79 [ 989.840027][T16595] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 989.840061][T16595] RSP: 002b:00007f3281698028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 989.840096][T16595] RAX: ffffffffffffffda RBX: 00007f3280a16090 RCX: 00007f328079bf79 [ 989.840119][T16595] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 989.840140][T16595] RBP: 00007f32808327e0 R08: 0000000000000000 R09: 0000000000000000 [ 989.840160][T16595] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 989.840180][T16595] R13: 00007f3280a16128 R14: 00007f3280a16090 R15: 00007ffe093f21c8 [ 989.840232][T16595] [ 990.805179][T16102] Bluetooth: hci3: command 0x0c1a tx timeout [ 991.419635][T16102] Bluetooth: hci2: command 0x0c1a tx timeout [ 991.501747][T16102] Bluetooth: hci4: command 0x0c1a tx timeout [ 991.507834][T15375] Bluetooth: hci0: command 0x0406 tx timeout [ 992.384015][T16633] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.2924' sets config #16 [ 992.863914][T16638] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2925'. [ 993.028620][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.043620][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.610908][T16644] Invalid ELF header magic: != ELF [ 994.060185][T16102] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 994.828680][T16669] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2932'. [ 994.849819][T16669] netlink: 'syz.2.2932': attribute type 1 has an invalid length. [ 994.867037][T16669] netlink: 'syz.2.2932': attribute type 6 has an invalid length. [ 995.196710][T16676] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2935'. [ 997.103267][T16706] tipc: Started in network mode [ 997.108474][T16706] tipc: Node identity ee00, cluster identity 4711 [ 997.133215][T16706] tipc: Node number set to 60928 [ 998.492564][T16722] usb usb3: usbfs: interface 0 claimed by hub while 'syz.1.2945' sets config #16 [ 999.961307][T16748] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2952'. [ 999.979643][T16748] netlink: 'syz.1.2952': attribute type 1 has an invalid length. [ 999.999355][T16748] netlink: 'syz.1.2952': attribute type 6 has an invalid length. [ 1000.007202][T16748] netlink: 51505 bytes leftover after parsing attributes in process `syz.1.2952'. [ 1000.229607][T16748] netlink: 'syz.1.2952': attribute type 1 has an invalid length. [ 1000.811571][T16102] Bluetooth: hci0: Malformed Event: 0x02 [ 1000.865920][T16754] FAULT_INJECTION: forcing a failure. [ 1000.865920][T16754] name failslab, interval 1, probability 0, space 0, times 0 [ 1000.879409][T16754] CPU: 0 UID: 0 PID: 16754 Comm: syz.4.2953 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1000.879478][T16754] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1000.879491][T16754] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1000.879512][T16754] Call Trace: [ 1000.879524][T16754] [ 1000.879537][T16754] dump_stack_lvl+0x100/0x190 [ 1000.879600][T16754] should_fail_ex.cold+0x5/0xa [ 1000.879647][T16754] should_failslab+0xc2/0x120 [ 1000.879701][T16754] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1000.879753][T16754] ? kasprintf+0xc7/0x100 [ 1000.879796][T16754] ? __lock_acquire+0x4a5/0x2630 [ 1000.879844][T16754] kvasprintf+0xbc/0x150 [ 1000.879888][T16754] ? __pfx_kvasprintf+0x10/0x10 [ 1000.879949][T16754] kasprintf+0xc7/0x100 [ 1000.879993][T16754] ? __pfx_kasprintf+0x10/0x10 [ 1000.880040][T16754] ? __is_module_percpu_address+0x1c2/0x430 [ 1000.880095][T16754] alloc_workqueue_noprof+0x114/0x200 [ 1000.880137][T16754] ? __pfx_alloc_workqueue_noprof+0x10/0x10 [ 1000.880188][T16754] ? __pfx___debug_object_init+0x10/0x10 [ 1000.880234][T16754] nci_register_device+0x394/0xb80 [ 1000.880275][T16754] ? __pfx_nci_register_device+0x10/0x10 [ 1000.880317][T16754] ? lockdep_init_map_type+0x5c/0x250 [ 1000.880376][T16754] virtual_ncidev_open+0x141/0x220 [ 1000.880426][T16754] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 1000.880475][T16754] misc_open+0x26d/0x450 [ 1000.880517][T16754] ? __pfx_misc_open+0x10/0x10 [ 1000.880558][T16754] chrdev_open+0x234/0x6a0 [ 1000.880612][T16754] ? __pfx_apparmor_file_open+0x10/0x10 [ 1000.880648][T16754] ? __pfx_chrdev_open+0x10/0x10 [ 1000.880703][T16754] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1000.880765][T16754] do_dentry_open+0x6d8/0x1660 [ 1000.880816][T16754] ? __pfx_chrdev_open+0x10/0x10 [ 1000.880879][T16754] vfs_open+0x82/0x3f0 [ 1000.880922][T16754] path_openat+0x208c/0x31a0 [ 1000.880989][T16754] ? __pfx_path_openat+0x10/0x10 [ 1000.881058][T16754] do_file_open+0x20e/0x430 [ 1000.881113][T16754] ? __pfx_do_file_open+0x10/0x10 [ 1000.881197][T16754] ? alloc_fd+0x476/0x790 [ 1000.881250][T16754] ? do_getname+0x191/0x390 [ 1000.881289][T16754] do_sys_openat2+0x10d/0x1e0 [ 1000.881327][T16754] ? __pfx_do_sys_openat2+0x10/0x10 [ 1000.881390][T16754] __x64_sys_openat+0x12d/0x210 [ 1000.881431][T16754] ? __pfx___x64_sys_openat+0x10/0x10 [ 1000.881469][T16754] ? ksys_mmap_pgoff+0x85/0x5b0 [ 1000.881539][T16754] do_syscall_64+0x106/0xf80 [ 1000.881585][T16754] ? clear_bhb_loop+0x40/0x90 [ 1000.881636][T16754] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1000.881674][T16754] RIP: 0033:0x7fc680b9bf79 [ 1000.881702][T16754] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1000.881736][T16754] RSP: 002b:00007fc681977028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1000.881770][T16754] RAX: ffffffffffffffda RBX: 00007fc680e15fa0 RCX: 00007fc680b9bf79 [ 1000.881793][T16754] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 1000.881816][T16754] RBP: 00007fc680c327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1000.881837][T16754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1000.881864][T16754] R13: 00007fc680e16038 R14: 00007fc680e15fa0 R15: 00007ffeb56ad978 [ 1000.881916][T16754] [ 1001.681197][T16766] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2956'. [ 1002.170204][T16781] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2958'. [ 1002.676102][T16794] futex_wake_op: syz.2.2961 tries to shift op by -2048; fix this program [ 1002.691667][T16794] futex_wake_op: syz.2.2961 tries to shift op by -2048; fix this program [ 1011.695410][ T5822] Process accounting resumed [ 1011.828142][T15375] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1011.837556][T15375] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1011.846763][T15375] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1011.862557][T15375] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1011.870894][T15375] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1012.054221][T16805] chnl_net:caif_netlink_parms(): no params data found [ 1012.137878][T16805] bridge0: port 1(bridge_slave_0) entered blocking state [ 1012.151138][T16805] bridge0: port 1(bridge_slave_0) entered disabled state [ 1012.158996][T16805] bridge_slave_0: entered allmulticast mode [ 1012.179614][T16805] bridge_slave_0: entered promiscuous mode [ 1012.200384][T16805] bridge0: port 2(bridge_slave_1) entered blocking state [ 1012.207577][T16805] bridge0: port 2(bridge_slave_1) entered disabled state [ 1012.215499][T16805] bridge_slave_1: entered allmulticast mode [ 1012.228059][T16805] bridge_slave_1: entered promiscuous mode [ 1012.304484][T16805] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1012.392528][T16805] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1012.547746][T16805] team0: Port device team_slave_0 added [ 1012.558778][T16805] team0: Port device team_slave_1 added [ 1012.681354][T16805] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1012.688538][T16805] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1012.745019][T16805] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1012.788978][T16805] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1012.796258][T16805] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1012.840598][T16805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1012.963481][T16805] hsr_slave_0: entered promiscuous mode [ 1013.123484][T16805] hsr_slave_1: entered promiscuous mode [ 1013.130305][T16805] debugfs: 'hsr0' already exists in 'hsr' [ 1013.136278][T16805] Cannot create hsr debugfs directory [ 1013.450611][T16805] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1013.464599][T16805] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1013.476232][T16805] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1013.487975][T16805] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1013.574841][T16805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1013.601349][T16805] 8021q: adding VLAN 0 to HW filter on device team0 [ 1013.614079][T15368] bridge0: port 1(bridge_slave_0) entered blocking state [ 1013.621287][T15368] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1013.639850][T15434] bridge0: port 2(bridge_slave_1) entered blocking state [ 1013.647074][T15434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1013.877801][T16805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1013.900134][T15375] Bluetooth: hci1: command tx timeout [ 1014.162226][T16805] veth0_vlan: entered promiscuous mode [ 1014.175812][T16805] veth1_vlan: entered promiscuous mode [ 1014.209771][T16805] veth0_macvtap: entered promiscuous mode [ 1014.222436][T16805] veth1_macvtap: entered promiscuous mode [ 1014.243998][T16805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1014.260370][T16805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1014.276360][T15381] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.286570][T15381] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.298991][T15381] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.311948][T15381] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1014.396086][T15368] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1014.413925][T15368] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1014.441019][T15368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1014.448955][T15368] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1015.035138][ T30] audit: type=1804 audit(4294986007.447:12): pid=16862 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2976" name="/newroot/636/file0" dev="tmpfs" ino=3357 res=1 errno=0 [ 1015.121053][ T30] audit: type=1804 audit(4294986007.487:13): pid=16864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.2976" name="/newroot/636/file0" dev="tmpfs" ino=3357 res=1 errno=0 [ 1015.980207][T15375] Bluetooth: hci1: command tx timeout [ 1016.481473][T16886] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2969'. [ 1017.428199][T16898] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 1018.059449][T15375] Bluetooth: hci1: command tx timeout [ 1019.351028][T16939] netlink: set zone limit has 8 unknown bytes [ 1019.586105][T16944] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1019.679465][T16947] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2986'. [ 1019.720680][T16947] netlink: 354 bytes leftover after parsing attributes in process `syz.4.2986'. [ 1019.920289][T16951] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1020.040906][T16954] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2989'. [ 1020.139986][T15375] Bluetooth: hci1: command tx timeout [ 1021.076067][T16982] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1021.541113][T16993] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2998'. [ 1024.329801][T17039] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3009'. [ 1025.758376][T17075] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3017'. [ 1027.500386][T15375] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 1028.117780][T17110] bridge0: port 3(gretap0) entered blocking state [ 1028.125207][T17110] bridge0: port 3(gretap0) entered disabled state [ 1028.132095][T17110] gretap0: entered allmulticast mode [ 1028.140335][T17110] gretap0: entered promiscuous mode [ 1028.146346][T17110] bridge0: port 3(gretap0) entered blocking state [ 1028.153050][T17110] bridge0: port 3(gretap0) entered forwarding state [ 1030.152541][T17145] netlink: 25 bytes leftover after parsing attributes in process `syz.1.3034'. [ 1030.853229][T17142] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 1031.855265][ T30] audit: type=1804 audit(4295022712.280:14): pid=17168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3041" name="/newroot/16/file0" dev="tmpfs" ino=101 res=1 errno=0 [ 1031.911187][T17177] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3042'. [ 1031.929460][ T30] audit: type=1804 audit(4295022712.310:15): pid=17174 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3041" name="/newroot/16/file0" dev="tmpfs" ino=101 res=1 errno=0 [ 1033.910709][T17213] netlink: set zone limit has 8 unknown bytes [ 1034.728915][T17230] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3053'. [ 1034.805104][T17233] futex_wake_op: syz.4.3055 tries to shift op by -2048; fix this program [ 1034.814902][T17233] futex_wake_op: syz.4.3055 tries to shift op by -2048; fix this program [ 1034.830053][T17233] 0x000000000001-0x000000020000 : "" [ 1034.854636][T17233] ftl_cs: FTL header corrupt! [ 1035.112336][T17233] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 1035.289677][T17245] FAULT_INJECTION: forcing a failure. [ 1035.289677][T17245] name failslab, interval 1, probability 0, space 0, times 0 [ 1035.346453][T17245] CPU: 1 UID: 0 PID: 17245 Comm: syz.1.3057 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1035.346506][T17245] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1035.346518][T17245] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1035.346537][T17245] Call Trace: [ 1035.346548][T17245] [ 1035.346560][T17245] dump_stack_lvl+0x100/0x190 [ 1035.346615][T17245] should_fail_ex.cold+0x5/0xa [ 1035.346653][T17245] should_failslab+0xc2/0x120 [ 1035.346705][T17245] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1035.346746][T17245] ? __d_alloc+0x34/0xa80 [ 1035.346797][T17245] __d_alloc+0x34/0xa80 [ 1035.346854][T17245] d_alloc_pseudo+0x1c/0xc0 [ 1035.346905][T17245] alloc_file_pseudo+0xcf/0x230 [ 1035.346946][T17245] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1035.346993][T17245] __shmem_file_setup+0x1a3/0x330 [ 1035.347037][T17245] shmem_zero_setup+0x93/0x1b0 [ 1035.347088][T17245] __mmap_region+0x20b5/0x2760 [ 1035.347136][T17245] ? __pfx___mmap_region+0x10/0x10 [ 1035.347207][T17245] ? finish_task_switch.isra.0+0x205/0xb80 [ 1035.347241][T17245] ? lockdep_hardirqs_on+0x78/0x100 [ 1035.347285][T17245] ? finish_task_switch.isra.0+0x205/0xb80 [ 1035.347392][T17245] ? rcu_is_watching+0x12/0xc0 [ 1035.347440][T17245] ? cap_capable+0x107/0x460 [ 1035.347502][T17245] mmap_region+0x180/0x3e0 [ 1035.347553][T17245] do_mmap+0xc63/0x12f0 [ 1035.347612][T17245] ? __pfx_do_mmap+0x10/0x10 [ 1035.347664][T17245] ? __pfx_down_write_killable+0x10/0x10 [ 1035.347742][T17245] vm_mmap_pgoff+0x29e/0x470 [ 1035.347804][T17245] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1035.347870][T17245] ? __x64_sys_futex+0x34f/0x4d0 [ 1035.347919][T17245] ? __x64_sys_futex+0x358/0x4d0 [ 1035.347976][T17245] ksys_mmap_pgoff+0x7d/0x5b0 [ 1035.348036][T17245] __x64_sys_mmap+0x125/0x190 [ 1035.348092][T17245] do_syscall_64+0x106/0xf80 [ 1035.348136][T17245] ? clear_bhb_loop+0x40/0x90 [ 1035.348177][T17245] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1035.348212][T17245] RIP: 0033:0x7f328079bf79 [ 1035.348239][T17245] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1035.348272][T17245] RSP: 002b:00007f32816b9028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1035.348303][T17245] RAX: ffffffffffffffda RBX: 00007f3280a15fa0 RCX: 00007f328079bf79 [ 1035.348326][T17245] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 1035.348345][T17245] RBP: 00007f32808327e0 R08: fffffffffffffffa R09: 0000000000008000 [ 1035.348365][T17245] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1035.348384][T17245] R13: 00007f3280a16038 R14: 00007f3280a15fa0 R15: 00007ffe093f21c8 [ 1035.348425][T17245] [ 1036.147576][T17249] openvswitch: netlink: Key type 261 is out of range max 32 [ 1038.313317][T17281] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3064'. [ 1050.075730][T16102] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1050.087809][T16102] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1050.096245][T16102] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1050.104741][T16102] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1050.114472][T16102] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1050.645325][T17302] chnl_net:caif_netlink_parms(): no params data found [ 1050.757121][T17302] bridge0: port 1(bridge_slave_0) entered blocking state [ 1050.766105][T17302] bridge0: port 1(bridge_slave_0) entered disabled state [ 1050.776557][T17302] bridge_slave_0: entered allmulticast mode [ 1050.793429][T17302] bridge_slave_0: entered promiscuous mode [ 1050.805368][T17302] bridge0: port 2(bridge_slave_1) entered blocking state [ 1050.819419][T17302] bridge0: port 2(bridge_slave_1) entered disabled state [ 1050.826933][T17302] bridge_slave_1: entered allmulticast mode [ 1050.836618][T17302] bridge_slave_1: entered promiscuous mode [ 1050.887238][T17302] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1050.902337][T17302] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1050.971205][T17302] team0: Port device team_slave_0 added [ 1051.001769][T17302] team0: Port device team_slave_1 added [ 1051.105719][T17302] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1051.119114][T17302] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1051.169585][T17302] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1051.193542][T17302] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1051.204221][T17302] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1051.263801][T17302] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1051.321862][T17302] hsr_slave_0: entered promiscuous mode [ 1051.329352][T17302] hsr_slave_1: entered promiscuous mode [ 1051.335955][T17302] debugfs: 'hsr0' already exists in 'hsr' [ 1051.344761][T17302] Cannot create hsr debugfs directory [ 1051.574764][T17302] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1051.596491][T17302] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1051.610554][T17302] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1051.622931][T17302] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1051.742082][T17302] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1051.769045][T17302] 8021q: adding VLAN 0 to HW filter on device team0 [ 1051.786591][T15434] bridge0: port 1(bridge_slave_0) entered blocking state [ 1051.793785][T15434] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1051.824602][T15434] bridge0: port 2(bridge_slave_1) entered blocking state [ 1051.831790][T15434] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1052.092771][T17302] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1052.224880][T15375] Bluetooth: hci5: command tx timeout [ 1052.420743][T17302] veth0_vlan: entered promiscuous mode [ 1052.436128][T17302] veth1_vlan: entered promiscuous mode [ 1052.481664][T17302] veth0_macvtap: entered promiscuous mode [ 1052.508299][T17302] veth1_macvtap: entered promiscuous mode [ 1052.533591][T17302] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1052.546398][T17302] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1052.583664][T15434] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1052.597503][T15434] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1052.610507][T15434] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1052.621146][T15434] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1052.756452][T15356] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1052.772184][T15356] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1052.810836][T15434] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1052.818983][T15434] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1052.999635][ T30] audit: type=1804 audit(4295022733.420:16): pid=17338 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3082" name="/newroot/sys/kernel/tracing/current_tracer" dev="tracefs" ino=3628 res=1 errno=0 [ 1053.260534][T16102] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 1053.928224][T17349] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1054.299715][T16102] Bluetooth: hci5: command tx timeout [ 1054.485192][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.503969][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1056.380813][T16102] Bluetooth: hci5: command tx timeout [ 1058.487874][T16102] Bluetooth: hci5: command tx timeout [ 1060.507165][T17459] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1060.520595][T17459] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1060.535393][T17459] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1060.547373][T17459] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1060.589769][T17459] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1060.600603][T17459] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1060.618405][T17459] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1060.636971][T17459] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1060.650530][T17459] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1060.672426][T17459] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1061.360310][T17479] vivid-007: ================= START STATUS ================= [ 1061.368266][T17479] vivid-007: Generate PTS: true [ 1061.375286][T17479] vivid-007: Generate SCR: true [ 1061.382143][T17479] tpg source WxH: 320x240 (Y'CbCr) [ 1061.387388][T17479] tpg field: 1 [ 1061.391247][T17479] tpg crop: (0,0)/320x240 [ 1061.395806][T17479] tpg compose: (0,0)/320x240 [ 1061.460445][T17479] tpg colorspace: 8 [ 1061.468591][T17479] tpg transfer function: 0/0 [ 1061.487150][T17479] tpg Y'CbCr encoding: 0/0 [ 1061.500841][T17479] tpg quantization: 0/0 [ 1061.525392][T17479] tpg RGB range: 0/2 [ 1061.538214][T17479] vivid-007: ================== END STATUS ================== [ 1061.900177][T16102] Bluetooth: hci3: command 0x0c1a tx timeout [ 1062.155669][T17494] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(12) [ 1062.539412][T16102] Bluetooth: hci0: command 0x0406 tx timeout [ 1062.545651][T15375] Bluetooth: hci2: command 0x0c1a tx timeout [ 1062.620923][T15375] Bluetooth: hci4: command 0x0c1a tx timeout [ 1062.628044][T16102] Bluetooth: hci1: command 0x0c1a tx timeout [ 1062.699836][T16102] Bluetooth: hci5: command 0x0c1a tx timeout [ 1064.705274][T16102] Bluetooth: hci1: command 0x0c1a tx timeout [ 1064.789321][T15375] Bluetooth: hci5: command 0x0c1a tx timeout [ 1066.811356][T15375] Bluetooth: hci1: command 0x0c1a tx timeout [ 1066.859884][T15375] Bluetooth: hci5: command 0x0c1a tx timeout [ 1067.080142][T17567] bridge0: port 3(gretap0) entered blocking state [ 1067.090105][T17567] bridge0: port 3(gretap0) entered disabled state [ 1067.096903][T17567] gretap0: entered allmulticast mode [ 1067.105930][T17567] gretap0: entered promiscuous mode [ 1067.112413][T17567] FAULT_INJECTION: forcing a failure. [ 1067.112413][T17567] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.125134][T17567] CPU: 0 UID: 0 PID: 17567 Comm: syz.5.3125 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1067.125200][T17567] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1067.125213][T17567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1067.125232][T17567] Call Trace: [ 1067.125243][T17567] [ 1067.125256][T17567] dump_stack_lvl+0x100/0x190 [ 1067.125313][T17567] should_fail_ex.cold+0x5/0xa [ 1067.125354][T17567] should_failslab+0xc2/0x120 [ 1067.125407][T17567] __kvmalloc_node_noprof+0xfa/0xa00 [ 1067.125456][T17567] ? bucket_table_alloc.isra.0+0x88/0x460 [ 1067.125505][T17567] bucket_table_alloc.isra.0+0x88/0x460 [ 1067.125545][T17567] rhashtable_init_noprof+0x43b/0x7d0 [ 1067.125589][T17567] nbp_vlan_init+0x254/0x500 [ 1067.125633][T17567] ? __pfx_nbp_vlan_init+0x10/0x10 [ 1067.125683][T17567] ? __local_bh_enable_ip+0x9e/0x120 [ 1067.125719][T17567] ? lockdep_hardirqs_on+0x78/0x100 [ 1067.125765][T17567] ? br_fdb_add_local+0x43/0x60 [ 1067.125799][T17567] ? __local_bh_enable_ip+0x9e/0x120 [ 1067.125842][T17567] br_add_if+0xf79/0x1b40 [ 1067.125885][T17567] ? veth_get_iflink+0x203/0x2c0 [ 1067.125945][T17567] add_del_if+0x114/0x160 [ 1067.125992][T17567] br_dev_siocdevprivate+0x8ac/0x1650 [ 1067.126045][T17567] ? __pfx_br_dev_siocdevprivate+0x10/0x10 [ 1067.126110][T17567] ? lock_acquire+0x1cf/0x380 [ 1067.126167][T17567] ? netdev_name_node_lookup+0x107/0x150 [ 1067.126215][T17567] ? __mutex_lock+0x26a/0x1b90 [ 1067.126271][T17567] dev_ifsioc+0xc1e/0x1e90 [ 1067.126318][T17567] ? __pfx_dev_ifsioc+0x10/0x10 [ 1067.126357][T17567] ? __pfx___mutex_lock+0x10/0x10 [ 1067.126421][T17567] ? dev_load+0x8e/0x240 [ 1067.126458][T17567] ? dev_load+0x8e/0x240 [ 1067.126507][T17567] dev_ioctl+0x70e/0x1070 [ 1067.126553][T17567] sock_ioctl+0x494/0x6b0 [ 1067.126589][T17567] ? __pfx_sock_ioctl+0x10/0x10 [ 1067.126621][T17567] ? hook_file_ioctl_common+0x146/0x410 [ 1067.126673][T17567] ? __fget_files+0x21f/0x3d0 [ 1067.126729][T17567] ? __pfx_sock_ioctl+0x10/0x10 [ 1067.126766][T17567] __x64_sys_ioctl+0x18e/0x210 [ 1067.126813][T17567] do_syscall_64+0x106/0xf80 [ 1067.126859][T17567] ? clear_bhb_loop+0x40/0x90 [ 1067.126903][T17567] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.126939][T17567] RIP: 0033:0x7ff63e19bf79 [ 1067.126968][T17567] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1067.127002][T17567] RSP: 002b:00007ff63f0ec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1067.127035][T17567] RAX: ffffffffffffffda RBX: 00007ff63e416180 RCX: 00007ff63e19bf79 [ 1067.127057][T17567] RDX: 0000200000000040 RSI: 00000000000089fc RDI: 0000000000000008 [ 1067.127077][T17567] RBP: 00007ff63e2327e0 R08: 0000000000000000 R09: 0000000000000000 [ 1067.127097][T17567] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1067.127117][T17567] R13: 00007ff63e416218 R14: 00007ff63e416180 R15: 00007ffcee38b5c8 [ 1067.127161][T17567] [ 1067.127561][T17567] bridge0: port 3(gretap0) entered blocking state [ 1067.422250][T17567] bridge0: port 3(gretap0) entered forwarding state [ 1069.219374][ T31] INFO: task kworker/u10:1:15355 blocked for more than 143 seconds. [ 1069.256058][ T31] Tainted: G U L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1069.290061][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1069.309275][ T31] task:kworker/u10:1 state:D stack:26792 pid:15355 tgid:15355 ppid:2 task_flags:0x4208060 flags:0x00080000 [ 1069.371280][ T31] Workqueue: netns cleanup_net [ 1069.414299][ T31] Call Trace: [ 1069.417906][ T31] [ 1069.433511][ T31] __schedule+0xfee/0x60e0 [ 1069.487789][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1069.499892][ T31] ? __pfx___schedule+0x10/0x10 [ 1069.558275][ T31] ? find_held_lock+0x2b/0x80 [ 1069.566883][ T31] ? schedule+0x2bf/0x390 [ 1069.577058][ T31] schedule+0xdd/0x390 [ 1069.599248][ T31] schedule_timeout+0x1b2/0x280 [ 1069.617715][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1069.649359][ T31] ? mark_held_locks+0x40/0x70 [ 1069.664393][ T31] __wait_for_common+0x2e7/0x4c0 [ 1069.689241][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 1069.714403][ T31] ? __pfx___wait_for_common+0x10/0x10 [ 1069.747548][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1069.752909][ T31] ? flush_workqueue_prep_pwqs+0x2e9/0x510 [ 1069.758788][ T31] __flush_workqueue+0x3f7/0x1200 [ 1069.769206][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1069.775526][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1069.787479][ T31] ? __pfx___flush_workqueue+0x10/0x10 [ 1069.797704][ T31] ? reacquire_held_locks+0xce/0x1e0 [ 1069.910120][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1069.922549][ T31] ? __pfx_sock_def_readable+0x10/0x10 [ 1069.936754][ T31] rds_tcp_listen_stop+0x104/0x160 [ 1069.949279][ T31] rds_tcp_exit_net+0xe0/0x870 [ 1069.954117][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1070.019620][ T31] ? __pfx___might_resched+0x10/0x10 [ 1070.025211][ T31] ? __pfx_rds_tcp_exit_net+0x10/0x10 [ 1070.089207][ T31] ops_undo_list+0x2ee/0xab0 [ 1070.093883][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 1070.099019][ T31] ? cleanup_net+0x332/0x920 [ 1070.169178][ T31] ? idr_destroy+0x62/0x2e0 [ 1070.173867][ T31] cleanup_net+0x499/0x920 [ 1070.178360][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1070.188660][ T31] ? rcu_is_watching+0x12/0xc0 [ 1070.193605][ T31] process_one_work+0x9d7/0x1920 [ 1070.198630][ T31] ? __pfx_process_one_work+0x10/0x10 [ 1070.204205][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1070.209325][ T31] worker_thread+0x5da/0xe40 [ 1070.213998][ T31] ? kthread+0x13a/0x450 [ 1070.218314][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1070.223546][ T31] kthread+0x370/0x450 [ 1070.227701][ T31] ? __pfx_kthread+0x10/0x10 [ 1070.232420][ T31] ret_from_fork+0x754/0xd80 [ 1070.237084][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1070.242297][ T31] ? __switch_to+0x7b4/0x1120 [ 1070.247028][ T31] ? __pfx_kthread+0x10/0x10 [ 1070.251710][ T31] ret_from_fork_asm+0x1a/0x30 [ 1070.256555][ T31] [ 1070.259750][ T31] [ 1070.259750][ T31] Showing all locks held in the system: [ 1070.267519][ T31] 1 lock held by khungtaskd/31: [ 1070.272674][ T31] #0: ffffffff8e7e92e0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1070.282704][ T31] 2 locks held by syz-executor/5821: [ 1070.289290][ T31] 2 locks held by kworker/u10:0/15350: [ 1070.294893][ T31] #0: ffff88801e747148 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1070.306076][ T31] #1: ffffc90003017d08 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1070.317749][ T31] 3 locks held by kworker/u10:1/15355: [ 1070.339453][ T31] #0: ffff88801c6a6948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1070.369186][ T31] #1: ffffc90003717d08 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1070.392674][ T31] #2: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xb8/0x920 [ 1070.409473][ T31] 4 locks held by kworker/u10:3/15368: [ 1070.414997][ T31] 3 locks held by kworker/u11:1/15375: [ 1070.439264][ T31] #0: ffff8880810af948 ((wq_completion)hci6){+.+.}-{0:0}, at: process_one_work+0x1287/0x1920 [ 1070.469310][ T31] #1: ffffc90003917d08 ((work_completion)(&hdev->power_on)){+.+.}-{0:0}, at: process_one_work+0x93c/0x1920 [ 1070.482371][ T31] #2: ffff8880364e8ec0 (&hdev->req_lock){+.+.}-{4:4}, at: hci_dev_do_open+0x22/0xb0 [ 1070.509219][ T31] 1 lock held by syz.0.2749/15833: [ 1070.514483][ T31] #0: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1070.539241][ T31] 3 locks held by kworker/0:2/16145: [ 1070.544599][ T31] 1 lock held by syz.3.2943/16694: [ 1070.556122][ T31] #0: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1070.566147][ T31] 1 lock held by syz-executor/16805: [ 1070.571970][ T31] #0: ffffffff8e7f4ef8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 1070.582449][ T31] 1 lock held by syz.4.3055/17235: [ 1070.587602][ T31] #0: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1070.599836][ T31] 1 lock held by syz.1.3088/17386: [ 1070.604999][ T31] #0: ffffffff905f69f0 (pernet_ops_rwsem){++++}-{4:4}, at: copy_net_ns+0x451/0x7c0 [ 1070.614968][ T31] 1 lock held by syz.2.3122/17554: [ 1070.621077][ T31] #0: ffffffff8e7f4ef8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 1070.631635][ T31] [ 1070.634006][ T31] ============================================= [ 1070.634006][ T31] [ 1070.723952][ T31] NMI backtrace for cpu 1 [ 1070.723982][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1070.724031][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1070.724042][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1070.724061][ T31] Call Trace: [ 1070.724071][ T31] [ 1070.724083][ T31] dump_stack_lvl+0x100/0x190 [ 1070.724136][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1070.724189][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1070.724238][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1070.724277][ T31] sys_info+0x141/0x190 [ 1070.724326][ T31] watchdog+0xd25/0x1050 [ 1070.724388][ T31] ? __pfx_watchdog+0x10/0x10 [ 1070.724440][ T31] ? __kthread_parkme+0x18c/0x230 [ 1070.724479][ T31] ? kthread+0x13a/0x450 [ 1070.724518][ T31] ? __pfx_watchdog+0x10/0x10 [ 1070.724565][ T31] kthread+0x370/0x450 [ 1070.724604][ T31] ? __pfx_kthread+0x10/0x10 [ 1070.724648][ T31] ret_from_fork+0x754/0xd80 [ 1070.724703][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1070.724754][ T31] ? __switch_to+0x7b4/0x1120 [ 1070.724788][ T31] ? __pfx_kthread+0x10/0x10 [ 1070.724832][ T31] ret_from_fork_asm+0x1a/0x30 [ 1070.724891][ T31] [ 1070.724903][ T31] Sending NMI from CPU 1 to CPUs 0: [ 1070.855178][ C0] NMI backtrace for cpu 0 [ 1070.855203][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1070.855243][ C0] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1070.855253][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1070.855269][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 1070.855309][ C0] Code: 98 86 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d e3 da 1f 00 fb f4 bc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 1070.855335][ C0] RSP: 0018:ffffffff8e407e00 EFLAGS: 00000242 [ 1070.855356][ C0] RAX: 00000000003cab3b RBX: ffffffff8e4975c0 RCX: ffffffff8b8bac75 [ 1070.855374][ C0] RDX: 0000000000000000 RSI: ffffffff8de752e8 RDI: ffffffff8c1adb20 [ 1070.855391][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1017086795 [ 1070.855407][ C0] R10: ffff8880b8433cab R11: 0000000000000000 R12: fffffbfff1c92eb8 [ 1070.855424][ C0] R13: 0000000000000000 R14: ffffffff90d95410 R15: 0000000000000000 [ 1070.855441][ C0] FS: 0000000000000000(0000) GS:ffff88812435a000(0000) knlGS:0000000000000000 [ 1070.855479][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1070.855496][ C0] CR2: 00007ff63ef47e20 CR3: 00000000386fc000 CR4: 00000000003526f0 [ 1070.855513][ C0] Call Trace: [ 1070.855521][ C0] [ 1070.855529][ C0] default_idle+0x9/0x10 [ 1070.855568][ C0] default_idle_call+0x6c/0xb0 [ 1070.855608][ C0] do_idle+0x35b/0x4b0 [ 1070.855650][ C0] ? __pfx_do_idle+0x10/0x10 [ 1070.855695][ C0] cpu_startup_entry+0x4f/0x60 [ 1070.855737][ C0] rest_init+0x251/0x260 [ 1070.855758][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 1070.855795][ C0] start_kernel+0x47f/0x480 [ 1070.855844][ C0] x86_64_start_reservations+0x24/0x30 [ 1070.855877][ C0] x86_64_start_kernel+0x12b/0x130 [ 1070.855909][ C0] common_startup_64+0x13e/0x148 [ 1070.855945][ C0] [ 1071.063492][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1071.070417][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1071.081176][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1071.086393][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1071.096479][ T31] Call Trace: [ 1071.099790][ T31] [ 1071.102765][ T31] dump_stack_lvl+0x100/0x190 [ 1071.107501][ T31] vpanic+0x552/0x970 [ 1071.111526][ T31] ? __pfx_vpanic+0x10/0x10 [ 1071.116115][ T31] ? nmi_trigger_cpumask_backtrace+0x182/0x230 [ 1071.122307][ T31] panic+0xd1/0xe0 [ 1071.126066][ T31] ? __pfx_panic+0x10/0x10 [ 1071.130530][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1071.136732][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1071.142925][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1071.149115][ T31] ? watchdog.cold+0x198/0x1ca [ 1071.153935][ T31] ? watchdog+0xd35/0x1050 [ 1071.158403][ T31] watchdog.cold+0x1a9/0x1ca [ 1071.163044][ T31] ? __pfx_watchdog+0x10/0x10 [ 1071.167773][ T31] ? __kthread_parkme+0x18c/0x230 [ 1071.172838][ T31] ? kthread+0x13a/0x450 [ 1071.177120][ T31] ? __pfx_watchdog+0x10/0x10 [ 1071.181839][ T31] kthread+0x370/0x450 [ 1071.185946][ T31] ? __pfx_kthread+0x10/0x10 [ 1071.190587][ T31] ret_from_fork+0x754/0xd80 [ 1071.195244][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1071.200408][ T31] ? __switch_to+0x7b4/0x1120 [ 1071.205117][ T31] ? __pfx_kthread+0x10/0x10 [ 1071.209752][ T31] ret_from_fork_asm+0x1a/0x30 [ 1071.214613][ T31] [ 1071.218275][ T31] Kernel Offset: disabled [ 1071.222627][ T31] Rebooting in 86400 seconds..