last executing test programs: 24m56.809608806s ago: executing program 2 (id=3336): r0 = openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cuse\x00', 0x1c1041, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/bus/pci/00/01.3\x00', 0x48041, 0x0) write$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000000)="1c520b", 0x3) write$auto_fuse_dev_operations_fuse_i(r0, &(0x7f0000000440)="1100000000000000000000000000010000", 0x11) writev$auto(0xffffffffffffffff, &(0x7f0000000e00)={0x0, 0xd762}, 0x400) ioctl$auto_NS_GET_NSTYPE(0xffffffffffffffff, 0xb703, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) timer_create$auto(0x2, 0x0, 0x0) read$auto_proc_reg_file_ops_compat_inode(r1, &(0x7f0000000a40)=""/4096, 0x1000) rt_sigprocmask$auto(0x0, &(0x7f0000000000)={0xfffffffffffffe01}, 0x0, 0x8) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='#\x00\x00\x00', @ANYBLOB='&\x00', @ANYBLOB], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x0, 0x400}, {0x0, 0x87}}, 0x0) r2 = socket(0x2, 0x80802, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f00000000c0)={0x101, r2, 0x1ff, "c4e5cd51cd7356c259799bd4c8f31ff2"}) mmap$auto(0x0, 0x20005, 0x4000000000df, 0x1000000018, r3, 0x9) socket(0xa, 0x3, 0x3b) connect$auto(r2, &(0x7f0000000040)=@phonet={0x23, 0x9f, 0xcb, 0x8}, 0x5c) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x3, 0xf2) ioctl$auto(0x3, 0x89e1, 0x91) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x1, 0x9, 0x3, 0x1a, 0x940, 0x1ffe0, 0x7f, 0x6, 0x2, 0x7f, 0x5, 0xfff, 0x7, 0xb0, 0xa, 0x5, 0x3, 0x5, 0x7, 0x20, 0x0, 0x5, 0x202, 0x0, 0x0, 0x9, 0x409, 0x0, 0x0, 0x2, [0x3, 0x100002, 0x0, 0x4, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5, 0x0, 0x0, 0x1, 0x0, 0x1, 0x8001, 0x3, 0x0, 0x7ffd, 0x0, 0x6, 0x5, 0x3, 0xb, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x80000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0xff]}, 0x1fe, 0x7f) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="11002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f0000000380), 0x101080, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000080)=""/200, 0xc8) 24m55.951126951s ago: executing program 2 (id=3338): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto(0x3, 0x0, 0x1) mmap$auto(0xfffffffffffffffe, 0x40000a, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time_for_children\x00') mmap$auto(0x0, 0x80004, 0xe2, 0xeb1, 0x405, 0x8000) r2 = fcntl$auto_F_DUPFD(r0, 0x0, r0) close_range$auto(0x2, 0x8, 0x0) r3 = io_uring_setup$auto(0x6, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r4 = socket(0x15, 0x5, 0x0) r5 = syz_genetlink_get_family_id$auto_802_15_4_mac(&(0x7f00000000c0), r3) sendmsg$auto_IEEE802154_LLSEC_LIST_DEVKEY(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x5c, r5, 0x2, 0x70bd26, 0x25dfdbfe, {}, [@IEEE802154_ATTR_CHANNEL={0x5, 0x7, 0x9}, @IEEE802154_ATTR_REASON={0x5, 0x12, 0xa}, @IEEE802154_ATTR_DEST_HW_ADDR={0xc, 0xf, 0x4}, @IEEE802154_ATTR_SRC_HW_ADDR={0xc, 0xc, 0x8}, @IEEE802154_ATTR_TXPOWER={0x5, 0x21, 0x1}, @IEEE802154_ATTR_PAGE={0x5, 0x1d, 0x7}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5, 0x2b, 0x2}, @IEEE802154_ATTR_CCA_MODE={0x5, 0x23, 0x9}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40040}, 0x40000) bind$auto(r1, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event_pid\x00', 0x22b01, 0x0) sendmsg$auto(r4, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) r6 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r6, 0xfff7, 0x9816}, 0x7f, 0x9) ioctl$auto_VHOST_SET_OWNER(r7, 0xaf01, 0x0) ioctl$auto_VHOST_VSOCK_SET_RUNNING(r7, 0x4004af61, &(0x7f0000000000)=0x8) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) close_range$auto(0x0, 0xffffffffffffffff, 0x0) socket(0x23, 0x80805, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/block/nbd10/queue/iosched/read_expire\x00', 0x1c2b02, 0x0) 24m54.283610808s ago: executing program 2 (id=3340): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), r0) ioctl$auto_XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000600)={{r0, &(0x7f0000000240)="0172371cfb675c39822d2359ed6378b0df65a77930b3007e326bfcc29d8d433b6bbb7f735d681f657c81d75ea5c87f669ed45e4f501519f5a09b0b5ae155d7b8cfba909bdfdbac5deda55c2733681764b3db1a6a", 0x7, &(0x7f00000002c0)="5e95dfc535d1aa8859443a98bc1de2d5bd8803feb680441eb6b9d26a7f5fc92bd3d555b592bea4bca7beb0d4246fdc5f5b6b2838ff159386b81eb06e57ea54077a1b9ba416d4c566a3b87fb8b18c21be4b0f62d3767824959c9ce08469fad3d49ecb6e6e2cc47024b29804fb121824d4afe4e2e80bf401bb1ccbbeed349c0449d51d4b6551be484ac57f552cb7bf97e086c79dbc438b465f76847386a505bf999857361e6cd712fbe7", 0x1, &(0x7f0000000380)="2e889e1bb441848624ec41f21b8e095172e0a4fcfd0e2a575738c943948f330eaa908f74accfc5a9c2855f3a78559744ccabba951e6d98e8b6f9b1b1f7758d1f173c88946ec93b5af9f710228cde161b431ccd9fe6b7fc4ab906e5268b45bc8ef50e112b5a8f56bdbe379b91ef7106df430ec8040bb7972476111d85acf577b995778c4076137a733e4e372b344025fff10f8dd757572c23fcc8beb1da391f3fb9d52371a13830aaae7d04505b98e894411cdf8ecbf2e31bcdb40d486a585e2bcdf10da0a4", &(0x7f0000000480)=0x7ff}, 0x101, &(0x7f00000005c0)={0xfffffff9, 0x87e, &(0x7f00000004c0)="87b1b1f7fbd6d302e01dcb054771e2866fec5a2ee3d4361555f4b3d0", &(0x7f0000000500)="c3d19b3973bbba4ab61723b5e5a7b6f9f99f87c3b0760c24e8afae010a31a8cbba1b270ca3cc442cca914c2fe5a1568cc5a54ce23ae83a2b40c035bc0e68c31d44f82e5e5050c524ecb9c605235cbcd0baf493b376cddc96e1015856615449a4ba026f08a7957e7f4c5f767a6d076358f7427f2b83524d96160ec91b2657000d714865850b8d2fa3e016e6748b2b13254801d29aeb4e450f30a415521afa9418d99d4c335a26f18b327197367a99", 0x6, 0x7}}) socket(0xa, 0x1, 0x100) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) getrandom$auto(0x0, 0x6000000, 0x3) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r3 = socket(0xa, 0x801, 0x84) getsockopt$auto(r3, 0x84, 0xc, 0x0, 0x0) r4 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000008040), 0x2, 0x0) ioctl$auto_I2C_SMBUS(r4, 0x720, 0x0) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000680)={0x14, r1, 0x200, 0x70bd29, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4000001}, 0x24000010) r5 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/dynamic_events\x00', 0x542, 0x0) write$auto_dynamic_events_ops_trace_dynevent(r5, &(0x7f0000000140)="65507307ff6587a725ca87720ef9769f20592e775f", 0x15) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000240)='/sys/devices/platform/dummy_hcd.7/usb8/power/level\x00', 0x2881, 0x0) connect$auto(r6, &(0x7f0000000080)=@phonet={0x23, 0x0, 0x4}, 0x3) write$auto_kernfs_file_fops_kernfs_internal(r6, &(0x7f00000002c0)="dd", 0x1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) open(&(0x7f0000000000)='./file0\x00', 0x261c2, 0x84) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x5, 0x2000000000002) socket$nl_generic(0x10, 0x3, 0x10) socket(0x26, 0x80805, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) pidfd_getfd$auto(0x3, 0x1, 0x100000000) bpf$auto(0x0, &(0x7f0000000040)=@bpf_attr_5={@target_ifindex=r8, 0x7f, 0x99, 0x8, 0x1, @relative_id=0x8, 0x5}, 0x92) bpf$auto(0x2, &(0x7f00000001c0)=@raw_tracepoint={0x5, 0xffff, 0x0, 0x3}, 0xc) 24m53.874445356s ago: executing program 2 (id=3341): mmap$auto(0x0, 0x4020009, 0xdb, 0xeb1, 0x401, 0x8000) r0 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'erspan0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'bond_slave_0\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'veth1_to_bridge\x00'}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'dummy0\x00'}) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000001500), r1) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001540)={'netdevsim0\x00', 0x0}) sendmsg$auto_NET_SHAPER_CMD_GROUP(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0)={&(0x7f0000000600)={0x2c, r2, 0x1, 0x70bd29, 0x25dfdbfe, {}, [@NET_SHAPER_A_LEAVES={0x10, 0xa, 0x0, 0x1, [@NET_SHAPER_A_HANDLE={0xc, 0x1, 0x0, 0x1, [@NET_SHAPER_A_HANDLE_SCOPE={0x8, 0x1, 0x2}]}]}, @NET_SHAPER_A_IFINDEX={0x8, 0x8, r3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44000}, 0x14) r4 = socket(0x1d, 0x2, 0x7) pidfd_open$auto(0xffffffffffffffff, 0xfe) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000580)={'ipvlan1\x00', 0x0}) bind$auto(0x3, &(0x7f0000000040)=@can={0x1d, r5}, 0x6a) bpf$auto_BPF_PROG_DETACH(0x9, &(0x7f00000002c0)=@batch={0x10001, 0x23c, 0x3, 0x1, 0xa, r1, 0x1ff, 0x2}, 0xedd) sendmsg$auto_ETHTOOL_MSG_COALESCE_GET(r1, &(0x7f0000000840)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x10080008}, 0xc, &(0x7f0000000800)={0x0}, 0x1, 0x0, 0x0, 0x40}, 0x4) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x34, r0, 0x300, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_CHANNELS_HEADER={0x4}, @ETHTOOL_A_CHANNELS_HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xb}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x2004090}, 0x4008084) clone$auto(0x467, 0x2, 0x0, 0x0, 0x2) r6 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000003c0), r4) sendmsg$auto_NL80211_CMD_DEL_STATION(r4, &(0x7f0000000540)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x90, r6, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x7}, @NL80211_ATTR_VHT_CAPABILITY={0x6a, 0x9d, "5bd2264cdc3eda876c8ee99a6645655b45fab5c468421b59aa30ba4573209fdfee695650a416144ce0ac76107629ac8904be38bbc1b519793bb44dd8ec648eb1a7d00c2190cf3ec70c87dc2854a68505e244e4eb70fa13a798df0ee0de58b1524a27bf5e5df4"}, @NL80211_ATTR_AUTH_TYPE={0x8, 0x35, 0x1000}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000041}, 0x4c000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r7 = socket(0x10, 0x80002, 0x0) close_range$auto(0x2, 0x8000, 0x0) io_uring_setup$auto(0x6, 0x0) timerfd_create$auto(0x0, 0x0) timerfd_settime$auto(r7, 0x3, &(0x7f0000000000)={{0x6, 0x7}, {0x0, 0xa2b}}, 0x0) read$auto(0x3, 0x0, 0x80) r8 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_GINFO(r8, 0xc0f85403, 0x0) 24m51.154324305s ago: executing program 2 (id=3345): r0 = openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000140), 0x8001, 0x0) mmap$auto(0x6, 0x4, 0x400000000000df, 0xebd, r0, 0x8000) r1 = io_uring_setup$auto(0x5, 0x0) socket(0x2, 0x5, 0x0) mmap$auto(0x0, 0x5998, 0xdf, 0x12, r1, 0x28010) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) keyctl$auto_KEYCTL_PKEY_VERIFY(0x1c, 0xa, 0x2, 0x10000, 0x8) close_range$auto(0x2, 0x8, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNAPSHOT_PLATFORM_SUPPORT(r1, 0x330f, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket(0xa, 0x801, 0x106) setsockopt$auto(r4, 0x6, 0x21, 0x0, 0xe) r5 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000040), r3) sendmsg$auto_TCP_METRICS_CMD_DEL(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r5, @ANYBLOB="010029bd7000fddbdf2502000000f13069aa5982d49069cd45bdc11a25b7efd15a49861bf2dbf6e802334254c2411bb0d64a49dbf4eb9f6f65e2acaf5783e091350aeabe3a710ee6c54ca896ff3672ea4aa2cb17d1f8925cf16c51faf52c61cacd6407900434b6bdb6f53361e8bd2b3604182f4127a1089a94ee048a9e0b4dd38163996b9ab1119e772ff85252c86578459026fa1e9994e6eae4af61e1f3f00a221b379d29a6710296a186174a2ac2037a28d20b5e9f9557"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x2) sendmsg$auto_TCP_METRICS_CMD_GET(r2, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r5, @ANYBLOB="02002dbd700051fddbdf25010000000800010101d3f7437341d351e0552add3e87d47717b1e417db3648d686d81a5667154ca4a017d63f7f35c6137529c0a21472a8b0f2e8aef8067cd3e49ad4764e54d0cc991f925b1606ba26843f56b6d2137ad014cadfb1acdd769c59aa1f73fc124a75b0556875254127f1f834694f9272d475cbc9bb4d1678055f"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4800) r6 = socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="720100", @ANYBLOB="1000"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8200, 0x1, 0x9, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "7829000000000000000200", 0x0, 0xffffffffffffffff, 0x7, 0xffff4e8b, 0x2, 0x1}, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(r7, r6, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r8 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="7e7e81c2", @ANYRES16=0x0, @ANYRESHEX=r8], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) 24m49.209351529s ago: executing program 2 (id=3349): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) r1 = openat$auto_u32_array_fops_file(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim3/ports/3/udp_ports_table0\x00', 0x20080, 0x0) timerfd_gettime$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x15c, 0x6}, {0xff, 0x400}}) setsockopt$auto_SO_NOFCS(r1, 0xd718, 0x2b, &(0x7f0000000180)='[()@\x00', 0xffff5791) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) open(0x0, 0x22240, 0x154) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/profile\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) mmap$auto(0x0, 0x20000a00006, 0x100, 0x91, 0xffffffffffffffff, 0x2ffffffffffe) mmap$auto(0x0, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, 0x0, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/fail-nth\x00', 0x40400, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 24m33.594249074s ago: executing program 32 (id=3349): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) r1 = openat$auto_u32_array_fops_file(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim3/ports/3/udp_ports_table0\x00', 0x20080, 0x0) timerfd_gettime$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x15c, 0x6}, {0xff, 0x400}}) setsockopt$auto_SO_NOFCS(r1, 0xd718, 0x2b, &(0x7f0000000180)='[()@\x00', 0xffff5791) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) open(0x0, 0x22240, 0x154) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/profile\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) mmap$auto(0x0, 0x20000a00006, 0x100, 0x91, 0xffffffffffffffff, 0x2ffffffffffe) mmap$auto(0x0, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, 0x0, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000240)='/proc/thread-self/fail-nth\x00', 0x40400, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 23m57.742886606s ago: executing program 3 (id=3467): openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000140), 0x8001, 0x0) r0 = io_uring_setup$auto(0x5, 0x0) socket(0x2, 0x5, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x5998, 0xdf, 0x12, r0, 0x28010) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) keyctl$auto_KEYCTL_PKEY_VERIFY(0x1c, 0xa, 0x2, 0x10000, 0x8) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$auto_SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0xa, 0x801, 0x106) setsockopt$auto(r3, 0x6, 0x21, 0x0, 0xe) r4 = syz_genetlink_get_family_id$auto_tcp_metrics(&(0x7f0000000040), r2) sendmsg$auto_TCP_METRICS_CMD_DEL(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="010029bd7000fddbdf2502000000f13069aa5982d49069cd45bdc11a25b7efd15a49861bf2dbf6e802334254c2411bb0d64a49dbf4eb9f6f65e2acaf5783e091350aeabe3a710ee6c54ca896ff3672ea4aa2cb17d1f8925cf16c51faf52c61cacd6407900434b6bdb6f53361e8bd2b3604182f4127a1089a94ee048a9e0b4dd38163996b9ab1119e772ff85252c86578459026fa1e9994e6eae4af61e1f3f00a221b379d29a6710296a186174a2ac2037a28d20b5e9f9557"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x2) sendmsg$auto_TCP_METRICS_CMD_GET(r1, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="02002dbd700051fddbdf25010000000800010101d3f7437341d351e0552add3e87d47717b1e417db3648d686d81a5667154ca4a017d63f7f35c6137529c0a21472a8b0f2e8aef8067cd3e49ad4764e54d0cc991f925b1606ba26843f56b6d2137ad014cadfb1acdd769c59aa1f73fc124a75b0556875254127f1f834694f9272d475cbc9bb4d1678055f"], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4800) r5 = socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="720100", @ANYBLOB="1000"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) bpf$auto(0x5, &(0x7f0000000000)=@bpf_attr_0={0x8200, 0x1, 0x9, 0x7, 0x5, 0xffffffffffffffff, 0x80000001, "7829000000000000000200", 0x0, 0xffffffffffffffff, 0x7, 0xffff4e8b, 0x2, 0x1}, 0x7) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(r6, r5, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) r7 = socket(0x10, 0x2, 0x4) sendmsg$auto_THERMAL_GENL_CMD_TZ_GET_ID(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000004c0)=ANY=[@ANYBLOB="7e7e81c2", @ANYRES16=0x0, @ANYRESHEX=r7], 0x14}, 0x1, 0x0, 0x0, 0x400c050}, 0x4000080) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c00000014"], 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x400c000) 23m56.631388983s ago: executing program 3 (id=3469): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_prog_fd=r0}, 0xa3) bpf$auto(0x10, &(0x7f0000000040)=@query={@target_ifindex, 0x26, 0x10000, 0x9, 0x6, @prog_cnt=0x2, 0x0, 0x80000000, 0x9, 0x9, 0xffffffffffffff66}, 0x9) 23m55.393074809s ago: executing program 3 (id=3473): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x2, 0x88) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @rand_addr=0xfffffffe}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) select$auto(0x7, 0x0, &(0x7f0000000080)={[0x209c, 0xe9e, 0x48, 0x15, 0x1000, 0x100000001, 0xc, 0xf, 0x0, 0x0, 0xe, 0xd59, 0x101, 0xff, 0x2, 0x1]}, 0x0, 0x0) 23m54.302676167s ago: executing program 3 (id=3476): r0 = socket(0x10, 0x2, 0x6) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages_mempolicy\x00', 0xa001, 0x0) set_mempolicy$auto(0x5, &(0x7f0000000000)=0x2, 0x5) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth1_to_batadv/dad_transmits\x00', 0x0, 0x0) sendfile$auto(r0, r1, 0x0, 0x3) 23m53.468493053s ago: executing program 3 (id=3478): sendmmsg$auto(0x3, &(0x7f0000000000)={{0x0, 0x2, 0x0, 0x106, 0x0, 0x1, 0x3}, 0xed7138c}, 0x5, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0x2, 0x1, 0x0) socket(0x23, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket(0xa, 0x2, 0x88) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r0, @new_prog_fd=0x4, 0x4, @old_map_fd=0x3ff}, 0xa3) 23m51.917994046s ago: executing program 3 (id=3482): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) r1 = openat$auto_u32_array_fops_file(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim3/ports/3/udp_ports_table0\x00', 0x20080, 0x0) timerfd_gettime$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x15c, 0x6}, {0xff, 0x400}}) setsockopt$auto_SO_NOFCS(r1, 0xd718, 0x2b, &(0x7f0000000180)='[()@\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) open(0x0, 0x22240, 0x154) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) ioctl$auto_FIONREAD(r0, 0x541b, 0x7) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/profile\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) mmap$auto(0x0, 0x20000a00006, 0x100, 0x91, 0xffffffffffffffff, 0x2ffffffffffe) mmap$auto(0x0, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, 0x0, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) getitimer$auto(0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 23m36.113093208s ago: executing program 33 (id=3482): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) r1 = openat$auto_u32_array_fops_file(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/netdevsim/netdevsim3/ports/3/udp_ports_table0\x00', 0x20080, 0x0) timerfd_gettime$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x15c, 0x6}, {0xff, 0x400}}) setsockopt$auto_SO_NOFCS(r1, 0xd718, 0x2b, &(0x7f0000000180)='[()@\x00', 0x4) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r2, &(0x7f0000000000)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810006, 0xffb, 0x8000000008011, 0x3, 0x0) open(0x0, 0x22240, 0x154) kexec_load$auto(0x200000000007, 0x1, &(0x7f0000000040)={@kbuf=0x0, 0x2aaa, 0x6c0000c000, 0xc000}, 0x4) ioctl$auto_FIONREAD(r0, 0x541b, 0x7) setsockopt$auto(0x400000000000003, 0x28, 0x6, 0x0, 0x56d) r3 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/security/tomoyo/profile\x00', 0x40802, 0x0) read$auto(r3, 0x0, 0xb4d3) mmap$auto(0x0, 0x20000a00006, 0x100, 0x91, 0xffffffffffffffff, 0x2ffffffffffe) mmap$auto(0x0, 0x400008, 0x0, 0x9b72, 0x2, 0x8000) bind$auto(0xffffffffffffffff, 0x0, 0x6a) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) getitimer$auto(0x0, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 24.409939483s ago: executing program 0 (id=5419): mmap$auto(0x0, 0x400008, 0xdf, 0x2000000009b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x1f, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x1ff, 0x40eb1, 0x401, 0x300000000001) r0 = socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) bind$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x3, 0x4001}, 0x4006b) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f0000000680), 0x0) ioctl$auto_I2C_SMBUS(r1, 0x720, &(0x7f0000000080)) socket(0x11, 0xa, 0xa) sendmsg$auto_OVS_FLOW_CMD_SET(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 17.858571225s ago: executing program 4 (id=5427): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x103342, 0x0) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000280)={@_si_pad}, 0x6, 0x0) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) ioctl$auto_FIONREAD(r1, 0x541b, 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000100), 0x111802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301040, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x2000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) openat$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x80000, 0x0) 17.051944007s ago: executing program 1 (id=5428): prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x200000001000000, 0xfffff7fffffffff7, 0x3ee) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) bpf$auto(0x6, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x400008, 0xe4, 0x9b72, 0x2, 0x400) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto_PR_SET_VMA(0x53564d41, 0x0, 0x9000, 0x8002, 0x2) mprotect$auto(0x0, 0x806121, 0x6) r0 = io_uring_setup$auto(0x5, 0x0) close_range$auto(0x2, r0, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x181881, 0x0) openat$auto_sg_fops_sg(0xffffffffffffff9c, 0x0, 0x100, 0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x8c00, 0x0) r1 = socket(0x10, 0x2, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x0, 0x1, 0x9, 0x7, 0x3c, 0x3ff, 0x1ffde, 0x7, 0x6, 0x2, 0x9, 0x2, 0x9, 0x4, 0xb2, 0x9, 0x0, 0xfffd, 0x80, 0x7, 0x40000, 0x7, 0x2000, 0x200, 0x0, 0x81, 0x0, 0x7, 0x0, 0x0, 0x0, [0x1, 0x6, 0x4, 0x0, 0x0, 0x0, 0x6, 0xfffffffffffffffe, 0x3, 0xfffffffffffffffe, 0xfffffffffffffffe, 0x0, 0x5, 0x0, 0x6, 0x0, 0xfffffffffffffffc, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2000000ffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x1, 0x0, 0x5]}, 0x202, 0x2000000d) sendmsg$auto_OVS_VPORT_CMD_DEL(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYBLOB="10002d"], 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[], 0x1ac}}, 0x40000) sendmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x5}, 0x7, 0x0) 16.43218265s ago: executing program 0 (id=5430): socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="13") ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 15.539957796s ago: executing program 1 (id=5431): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_psample(0x0, 0xffffffffffffffff) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r0, &(0x7f0000007b00)={0x0, 0x0, &(0x7f0000007ac0)={&(0x7f0000007a80)={0x14, r1, 0x311, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) mq_open$auto(0x0, 0x62, 0x1, 0x0) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9e, 0x2, 0xe, 0xfffffffffffffffb, 0x100000004, 0x2c2, 0x800002017e, 0x4, 0x3e, 0x3, 0xd59, 0xfb, 0x40, 0x800, 0x100000005]}, 0x0, 0x0) mmap$auto(0x0, 0x56f, 0x4000000000e0, 0x14, r0, 0x58d6422d) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r2 = socket(0x22, 0x2, 0x1) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_map_fd=0x2, 0x7, @old_prog_fd=0x13b}, 0xa3) bpf$auto(0x2, 0x0, 0xc) fstat$auto(r2, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4000000000002) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1Y\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\v\xf8\xfe\n\xa7\xfeD\xca\xd9\xb3\xc1\xe4\xf5j\x94\x7f\x00\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xed\x013\x87l\xb9\x1e\x05\x90\xa2', 0x2) r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) lseek$auto(r3, 0x0, 0x0) mkdir$auto(0x0, 0x8cd) unshare$auto(0x40000080) settimeofday$auto(0x0, &(0x7f0000000100)={0x82, 0x4}) 15.282107244s ago: executing program 4 (id=5432): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x103342, 0x0) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000280)={@_si_pad}, 0x6, 0x0) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) readv$auto(r0, &(0x7f0000000240)={0x0, 0x9}, 0x3) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x2000, 0x0) ioctl$auto(0x3, 0xae41, r1) openat$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x80000, 0x0) 13.690181223s ago: executing program 0 (id=5434): r0 = openat$auto_minstrel_ht_stat_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/debug/ieee80211/phy9/netdev:wlan1/stations/08:02:11:00:00:00/rc_stats\x00', 0x2100, 0x0) shutdown$auto(r0, 0x9) timer_create$auto(0xb, &(0x7f00000001c0)={@sival_ptr=0x0, @inferred, 0x1, @_sigev_thread={0x0, 0x0}}, 0x0) timer_gettime$auto(0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pnp0/00:01/options\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x80000002) r2 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000280)={'vxcan1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000001680)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001640)={&(0x7f00000016c0)={0x10c, 0x0, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_TSCONFIG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x10}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x4}, @ETHTOOL_A_TSCONFIG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r3}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x4}, @ETHTOOL_A_TSCONFIG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1fb}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xe0a3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7d21}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x800}, 0x20040800) r4 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r4, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000040), 0xa202, 0x0) getpid() sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) r5 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40001, 0x0) capget$auto(0x0, 0xfffffffffffffffe) r6 = socket(0xa, 0x5, 0x0) getsockopt$auto(r6, 0x84, 0x7a, 0x0, 0x0) write$auto(r5, &(0x7f0000000040)='\x00', 0x9) write$auto(0xca, &(0x7f0000000040)='\x04\x1c\xdc\xec7z\xdf3\xf2\xd3!\v\xb0M\xf8Q\x15\f', 0x2d8) 13.396023109s ago: executing program 1 (id=5435): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x103342, 0x0) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000280)={@_si_pad}, 0x6, 0x0) pidfd_open$auto(0x0, 0x1) write$auto(0x3, 0x0, 0xffd8) readv$auto(r0, &(0x7f0000000240)={0x0, 0x9}, 0x3) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) ioctl$auto_FIONREAD(r1, 0x541b, 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000100), 0x111802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301040, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x2000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) openat$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x80000, 0x0) 13.332717724s ago: executing program 4 (id=5436): mmap$auto(0x0, 0x400008, 0xdf, 0x2000000009b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x1f, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x1ff, 0x40eb1, 0x401, 0x300000000001) r0 = socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) bind$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x3, 0x4001}, 0x4006b) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f0000000680), 0x0) ioctl$auto_I2C_SMBUS(r1, 0x720, &(0x7f0000000080)) socket(0x11, 0xa, 0xa) sendmsg$auto_OVS_FLOW_CMD_SET(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 12.198260495s ago: executing program 0 (id=5437): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r1 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400005, 0x100000005}}) io_uring_enter$auto(r1, 0x9, 0x820e, 0x6, 0x0, 0x18) ioctl$auto_EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r0, 0x2, 0x2, 0x1, 0x2}) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/if_inet6\x00', 0x181800, 0x0) pread64$auto(r2, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00'/232, 0x3ef, 0x9) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mkdir$auto(0x0, 0x1) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x728201, 0x0) write$auto(0x3, 0x0, 0xfdef) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.max.depth\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000100), 0x0) 11.081070486s ago: executing program 1 (id=5439): socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="13") ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 9.995185746s ago: executing program 0 (id=5440): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x103342, 0x0) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000280)={@_si_pad}, 0x6, 0x0) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) write$auto(0x3, 0x0, 0xffd8) readv$auto(r0, &(0x7f0000000240)={0x0, 0x9}, 0x3) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) ioctl$auto_FIONREAD(r1, 0x541b, 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301040, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x2000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) openat$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x80000, 0x0) 8.662927063s ago: executing program 5 (id=5442): socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) close_range$auto(0x2, 0xa, 0x0) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="13") ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 8.166001413s ago: executing program 1 (id=5443): mmap$auto(0x0, 0x400008, 0xdf, 0x2000000009b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x1f, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x1ff, 0x40eb1, 0x401, 0x300000000001) r0 = socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) bind$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x3, 0x4001}, 0x4006b) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f0000000680), 0x0) r3 = socket(0x11, 0xa, 0xa) bind$auto(r3, 0x0, 0x9) sendmsg$auto_OVS_FLOW_CMD_SET(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 7.935095489s ago: executing program 5 (id=5444): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r0 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp1\x00', 0x103342, 0x0) close_range$auto(0x2, r0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x6, 0x0) r1 = socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x3, @loopback}, 0x54) waitid$auto_P_PID(0x1, 0xffffffffffffffff, &(0x7f0000000280)={@_si_pad}, 0x6, 0x0) pidfd_open$auto(0x0, 0x1) read$auto(0x3, 0x0, 0x8080) readv$auto(r0, &(0x7f0000000240)={0x0, 0x9}, 0x3) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) ioctl$auto_FIONREAD(r1, 0x541b, 0x5) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000100), 0x111802, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x301040, 0x0) r2 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x2000, 0x0) ioctl$auto_KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r2) openat$auto_uprobe_profile_ops_trace_uprobe(0xffffffffffffff9c, 0x0, 0x80000, 0x0) 7.466372676s ago: executing program 0 (id=5445): mmap$auto(0x0, 0x400008, 0xdf, 0x2000000009b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x1f, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x1ff, 0x40eb1, 0x401, 0x300000000001) r0 = socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) bind$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x3, 0x4001}, 0x4006b) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f0000000680), 0x0) ioctl$auto_I2C_SMBUS(r1, 0x720, &(0x7f0000000080)) bind$auto(0xffffffffffffffff, 0x0, 0x9) sendmsg$auto_OVS_FLOW_CMD_SET(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) 5.773526233s ago: executing program 4 (id=5446): socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="13") ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 5.491326424s ago: executing program 5 (id=5447): mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) openat$auto_minstrel_ht_stat_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/debug/ieee80211/phy9/netdev:wlan1/stations/08:02:11:00:00:00/rc_stats\x00', 0x2100, 0x0) timer_create$auto(0xb, &(0x7f00000001c0)={@sival_ptr=0x0, @inferred, 0x1, @_sigev_thread={0x0, 0x0}}, 0x0) timer_gettime$auto(0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pnp0/00:01/options\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x80000002) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'vxcan1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000001680)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001640)={&(0x7f00000016c0)={0x10c, 0x0, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_TSCONFIG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x10}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x4}, @ETHTOOL_A_TSCONFIG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x4}, @ETHTOOL_A_TSCONFIG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1fb}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xe0a3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7d21}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x800}, 0x20040800) r3 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r3, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000040), 0xa202, 0x0) getpid() sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40001, 0x0) capget$auto(0x0, 0xfffffffffffffffe) r5 = socket(0xa, 0x5, 0x0) getsockopt$auto(r5, 0x84, 0x7a, 0x0, 0x0) write$auto(r4, &(0x7f0000000040)='\x00', 0x9) write$auto(0xca, &(0x7f0000000040)='\x04\x1c\xdc\xec7z\xdf3\xf2\xd3!\v\xb0M\xf8Q\x15\f', 0x2d8) 4.212090494s ago: executing program 5 (id=5448): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_psample(0x0, 0xffffffffffffffff) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r0, &(0x7f0000007b00)={0x0, 0x0, &(0x7f0000007ac0)={&(0x7f0000007a80)={0x14, r1, 0x311, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) mq_open$auto(0x0, 0x62, 0x1, 0x0) select$auto(0x4, 0x0, &(0x7f0000000080)={[0x209c, 0x80000e9e, 0x2, 0xe, 0xfffffffffffffffb, 0x100000004, 0x2c2, 0x800002017e, 0x4, 0x3e, 0x3, 0xd59, 0xfb, 0x40, 0x800, 0x100000005]}, 0x0, 0x0) mmap$auto(0x0, 0x56f, 0x4000000000e0, 0x14, r0, 0x58d6422d) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) socket(0x22, 0x2, 0x1) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_map_fd=0x2, 0x7, @old_prog_fd=0x13b}, 0xa3) bpf$auto(0x2, 0x0, 0xc) r2 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) close_range$auto(0x0, r2, 0x4000000000002) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1Y\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\v\xf8\xfe\n\xa7\xfeD\xca\xd9\xb3\xc1\xe4\xf5j\x94\x7f\x00\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xed\x013\x87l\xb9\x1e\x05\x90\xa2', 0x2) r3 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) lseek$auto(r3, 0x0, 0x0) mkdir$auto(0x0, 0x8cd) unshare$auto(0x40000080) settimeofday$auto(0x0, &(0x7f0000000100)={0x82, 0x4}) 3.388313079s ago: executing program 4 (id=5449): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) r1 = io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x6, 0x2, 0x29f, 0x100, 0x7f, 0x101, 0x6, 0x2}, {0xff, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x76c5, 0x400005, 0x100000005}}) io_uring_enter$auto(r1, 0x9, 0x820e, 0x6, 0x0, 0x18) ioctl$auto_EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000040)={0x0, r0, 0x2, 0x2, 0x1, 0x2}) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/if_inet6\x00', 0x181800, 0x0) pread64$auto(r2, &(0x7f0000000000)='/proc/thread-self/net/tcp6\x00\xd2)\x8e\x892\x82\x19\xfd\x03\xc3\x8d\xd7D\bz\xde5u4\xddS\xe6\x1a\x8a`\xad0\x98|\xbc\x00\x98\b\x0ey\xcb`\x9b\x91r\xd5\x13\x9e\xdd4\xe7\xb7\x94P\x8fBlm\x04eAW\xbc0\x9b\xbd\x8f\xf5];\x94\x18\xf0\v\xd7\xf4P\xd3\x9e,Q\xd8\x16\x989l\x03\a\xcc\x1e\xb9\xe9{\xeeS\xa9\xc60\x00\xb5&\x9e\xdbk{F\x18\xa8\xba*G\xd3\x80\xb1G.\xec1\x96uP\x97\x8co\xf1\xa6\xd5\xea\xc8L3|a\xb3\xaa\x90~Y\xb19\xad\xdc\x05o\x98g\xd4\x10]5\x95\xd0\xabJC\x06\xd0c\xd1Ra\xf7\xc4n\xdf\xe4\xc7\x03\x19x\xbb\v\x00\t\xde\xf5\x93\xfb\xfb#\xbd\xc0S\f57\x83\xdd\xaa\xf0\x9c\xd3G\xe1\x00'/232, 0x3ef, 0x9) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, 0x0, 0x728201, 0x0) write$auto(0x3, 0x0, 0xfdef) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.max.depth\x00', 0x20681, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000100), 0x0) 2.16563244s ago: executing program 5 (id=5450): socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) pipe2$auto(0x0, 0x80) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) keyctl$auto(0x200000000000020, 0xffffffffffffffff, 0x5, 0x5, 0x8) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) sendfile$auto(0x1, 0xffffffffffffffff, 0x0, 0x8fb5) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) ioctl$auto_TIOCSTI2(r0, 0x5412, &(0x7f0000000840)="13") ioctl$auto_TIOCSTI2(r0, 0x5412, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 566.707483ms ago: executing program 1 (id=5451): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_psample(0x0, 0xffffffffffffffff) sendmsg$auto_PSAMPLE_CMD_GET_GROUP(r0, &(0x7f0000007b00)={0x0, 0x0, &(0x7f0000007ac0)={&(0x7f0000007a80)={0x14, r1, 0x311, 0x70bd2a, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x20000000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x2) socket(0xa, 0x2, 0x73) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) mq_open$auto(0x0, 0x62, 0x1, 0x0) mmap$auto(0x0, 0x56f, 0x4000000000e0, 0x14, r0, 0x58d6422d) capset$auto(&(0x7f0000000100)={0x20080522}, 0x0) r2 = socket(0x22, 0x2, 0x1) bpf$auto(0x0, &(0x7f0000000000)=@link_update={0xa, @new_map_fd=0x2, 0x7, @old_prog_fd=0x13b}, 0xa3) bpf$auto(0x2, 0x0, 0xc) fstat$auto(r2, 0x0) r3 = openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000040), 0x400000, 0x0) close_range$auto(0x0, r3, 0x4000000000002) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1Y\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\v\xf8\xfe\n\xa7\xfeD\xca\xd9\xb3\xc1\xe4\xf5j\x94\x7f\x00\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xed\x013\x87l\xb9\x1e\x05\x90\xa2', 0x2) r4 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000080)) lseek$auto(r4, 0x0, 0x0) mkdir$auto(0x0, 0x8cd) unshare$auto(0x40000080) settimeofday$auto(0x0, &(0x7f0000000100)={0x82, 0x4}) 498.162753ms ago: executing program 4 (id=5452): mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) openat$auto_minstrel_ht_stat_fops_rc80211_minstrel_ht_debugfs(0xffffffffffffff9c, &(0x7f0000000640)='/sys/kernel/debug/ieee80211/phy9/netdev:wlan1/stations/08:02:11:00:00:00/rc_stats\x00', 0x2100, 0x0) timer_create$auto(0xb, &(0x7f00000001c0)={@sival_ptr=0x0, @inferred, 0x1, @_sigev_thread={0x0, 0x0}}, 0x0) timer_gettime$auto(0x0, 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_tk_debug_sleep_time_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pnp0/00:01/options\x00', 0x0, 0x0) read$auto(r0, 0x0, 0x80000002) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'vxcan1\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_TSCONFIG_GET(0xffffffffffffffff, &(0x7f0000001680)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001640)={&(0x7f00000016c0)={0x10c, 0x0, 0x4, 0x70bd27, 0x25dfdbfc, {}, [@ETHTOOL_A_TSCONFIG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wg2\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x10}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x4}, @ETHTOOL_A_TSCONFIG_HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r2}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x4}, @ETHTOOL_A_TSCONFIG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1fb}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vcan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xe0a3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x7d21}]}, @ETHTOOL_A_TSCONFIG_HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6_vti0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x800}, 0x20040800) r3 = syz_clone(0x8000, 0x0, 0x0, 0x0, 0x0, 0x0) move_pages$auto(r3, 0x1002, 0x0, 0x0, 0x0, 0x2) openat$auto_kmsg_fops_printk(0xffffffffffffff9c, &(0x7f0000000040), 0xa202, 0x0) getpid() sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x44814}, 0x2004c0c4) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x40001, 0x0) capget$auto(0x0, 0xfffffffffffffffe) r5 = socket(0xa, 0x5, 0x0) getsockopt$auto(r5, 0x84, 0x7a, 0x0, 0x0) write$auto(r4, &(0x7f0000000040)='\x00', 0x9) write$auto(0xca, &(0x7f0000000040)='\x04\x1c\xdc\xec7z\xdf3\xf2\xd3!\v\xb0M\xf8Q\x15\f', 0x2d8) 0s ago: executing program 5 (id=5453): mmap$auto(0x0, 0x400008, 0xdf, 0x2000000009b72, 0xffffffffffffffff, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) getsockopt$auto(0x3, 0x200000000001, 0x1f, 0x0, 0x0) mmap$auto(0x0, 0x4, 0x1ff, 0x40eb1, 0x401, 0x300000000001) r0 = socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x5b, &(0x7f0000000080)={0x7fffffff, 0xe, 0x2, 0x6, 0x5, 0x8, 0xffffffffffffffff, [], {0xd74c, 0x10000, 0x1, 0x29f, 0x100, 0xfff, 0x101, 0x6, 0x2}, {0xfb, 0x1, 0x10001, 0x7, 0x1, 0x40, 0x176c5, 0x400005, 0x100000005}}) bind$auto(r0, &(0x7f00000000c0)=@qipcrtr={0x2a, 0x3, 0x4001}, 0x4006b) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) r1 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS0\x00', 0x101e81, 0x0) write$auto_tty_fops_tty_io(r2, &(0x7f0000000680), 0x0) ioctl$auto_I2C_SMBUS(r1, 0x720, &(0x7f0000000080)) socket(0x11, 0xa, 0xa) sendmsg$auto_OVS_FLOW_CMD_SET(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x90}, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) kernel console output (not intermixed with test programs): utes in process `syz.0.2326'. [ 870.376424][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.384459][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 871.306821][T18089] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2325'. [ 872.871601][T18109] can: request_module (can-proto-0) failed. [ 876.327605][T18055] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 878.067144][T18158] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2339'. [ 879.811430][T18176] random: crng reseeded on system resumption [ 880.888270][T18186] ptrace attach of "./syz-executor exec"[5822] was attempted by "./syz-executor exec"[18186] [ 881.768394][T18197] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2347'. [ 881.830983][T18199] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2348'. [ 883.401647][T18216] Process accounting resumed [ 887.411260][T18282] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2361'. [ 887.679073][T18294] WARNING! power/level is deprecated; use power/control instead [ 893.749495][T18408] zram0: detected capacity change from 16 to 0 [ 894.079356][T18408] zram: Removed device: zram0 [ 896.220573][T18436] ptrace attach of "./syz-executor exec"[5823] was attempted by ""[18436] [ 903.751034][T18519] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2392'. [ 907.485103][T18545] kAFS: Invalid Command on /proc/fs/afs/cells file [ 912.279136][T18572] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2403'. [ 913.771817][T18473] Process accounting paused [ 914.150306][T18601] random: crng reseeded on system resumption [ 921.083418][ T30] audit: type=1800 audit(4294967737.113:13): pid=18670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2423" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 922.090903][T18682] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 925.285354][T18709] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2433'. [ 928.408207][T18738] pci 0000:00:00.0: MSI/MSI-X allowed for future drivers [ 930.684689][ T30] audit: type=1804 audit(4294967746.713:14): pid=18757 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.2445" name="/newroot/sys/kernel/debug/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 930.920162][ T30] audit: type=1804 audit(4294967746.953:15): pid=18762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.2447" name="/newroot/sys/kernel/tracing/events/vmalloc/filter" dev="tracefs" ino=19680823 res=1 errno=0 [ 931.818978][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.835070][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.526011][T18791] net_ratelimit: 5 callbacks suppressed [ 933.526042][T18791] wlan1: mtu less than device minimum [ 936.056298][T18824] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2464'. [ 938.483189][T18862] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2476'. [ 938.937539][T18871] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2480'. [ 939.820099][T18887] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2488'. [ 940.756733][T18907] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2492'. [ 943.087533][T18949] Format for adding new port is "id [perm_addr]" (uint MAC). [ 944.129033][T18959] Process accounting resumed [ 944.363013][T18953] FAULT_INJECTION: forcing a failure. [ 944.363013][T18953] name failslab, interval 1, probability 0, space 0, times 0 [ 944.415499][T18953] CPU: 0 UID: 0 PID: 18953 Comm: syz.2.2506 Tainted: G L syzkaller #0 PREEMPT(full) [ 944.415537][T18953] Tainted: [L]=SOFTLOCKUP [ 944.415546][T18953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 944.415561][T18953] Call Trace: [ 944.415569][T18953] [ 944.415578][T18953] dump_stack_lvl+0x100/0x190 [ 944.415623][T18953] should_fail_ex.cold+0x5/0xa [ 944.415654][T18953] should_failslab+0xc2/0x120 [ 944.415692][T18953] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 944.415724][T18953] ? __mpol_dup+0x74/0x390 [ 944.415753][T18953] __mpol_dup+0x74/0x390 [ 944.415776][T18953] ? __pfx___mpol_dup+0x10/0x10 [ 944.415800][T18953] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 944.415831][T18953] ? sp_alloc+0x27/0x160 [ 944.415859][T18953] sp_alloc+0x4d/0x160 [ 944.415884][T18953] mpol_set_shared_policy+0xa5/0x890 [ 944.415919][T18953] ? __pfx_shmem_set_policy+0x10/0x10 [ 944.415958][T18953] mbind_range+0x339/0x550 [ 944.415987][T18953] do_mbind+0x7dc/0xfd0 [ 944.416018][T18953] ? __might_fault+0xc5/0x140 [ 944.416048][T18953] ? __pfx_do_mbind+0x10/0x10 [ 944.416090][T18953] ? _copy_from_user+0x59/0xd0 [ 944.416126][T18953] ? __pfx_get_nodes+0x10/0x10 [ 944.416171][T18953] kernel_mbind+0x1b7/0x200 [ 944.416196][T18953] ? __pfx_kernel_mbind+0x10/0x10 [ 944.416222][T18953] ? rcu_is_watching+0x12/0xc0 [ 944.416249][T18953] do_syscall_64+0x10b/0xf80 [ 944.416277][T18953] ? clear_bhb_loop+0x40/0x90 [ 944.416304][T18953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 944.416326][T18953] RIP: 0033:0x7f34cc59c819 [ 944.416344][T18953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 944.416365][T18953] RSP: 002b:00007f34cd3bb028 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed [ 944.416386][T18953] RAX: ffffffffffffffda RBX: 00007f34cc815fa0 RCX: 00007f34cc59c819 [ 944.416400][T18953] RDX: 0000000000008003 RSI: 0000000000800605 RDI: 0000000000000000 [ 944.416413][T18953] RBP: 00007f34cc632c91 R08: 0000000000000003 R09: 0000000000000003 [ 944.416426][T18953] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000000 [ 944.416439][T18953] R13: 00007f34cc816038 R14: 00007f34cc815fa0 R15: 00007ffe93720708 [ 944.416468][T18953] [ 945.227515][T18970] netlink: 'syz.0.2511': attribute type 2 has an invalid length. [ 945.473965][T18972] random: crng reseeded on system resumption [ 945.572447][T18972] Restarting kernel threads ... [ 945.613751][T18972] Done restarting kernel threads. [ 945.676566][T18976] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 950.327173][T19058] random: crng reseeded on system resumption [ 951.820288][T19083] random: crng reseeded on system resumption [ 956.251750][T19142] nbd: must specify at least one socket [ 958.093788][T19166] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2568'. [ 961.691395][T19213] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2571'. [ 961.771269][T19209] nbd: must specify at least one socket [ 964.356427][T19260] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2582'. [ 969.510182][T19344] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2601'. [ 974.886457][T19394] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2609'. [ 975.614113][T19364] Process accounting paused [ 976.745310][T19405] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2611'. [ 977.275383][T19402] < [ 979.650736][T19432] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2617'. [ 980.035738][T19449] random: crng reseeded on system resumption [ 982.696177][T13621] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 982.923456][T19484] ubi0: attaching mtd0 [ 982.944775][T19484] ubi0: scanning is finished [ 982.970466][T19484] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 983.223566][T19484] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 983.315431][T19490] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2632'. [ 985.389283][T19514] random: crng reseeded on system resumption [ 987.494525][T19521] netlink: 9 bytes leftover after parsing attributes in process `syz.1.2640'. [ 987.799234][T19537] program syz.3.2644 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 987.894456][T19539] ubi0: attaching mtd0 [ 987.942334][T19539] FAULT_INJECTION: forcing a failure. [ 987.942334][T19539] name failslab, interval 1, probability 0, space 0, times 0 [ 988.035912][T19539] CPU: 0 UID: 0 PID: 19539 Comm: syz.2.2643 Tainted: G L syzkaller #0 PREEMPT(full) [ 988.035950][T19539] Tainted: [L]=SOFTLOCKUP [ 988.035959][T19539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 988.035974][T19539] Call Trace: [ 988.035981][T19539] [ 988.035991][T19539] dump_stack_lvl+0x100/0x190 [ 988.036070][T19539] should_fail_ex.cold+0x5/0xa [ 988.036097][T19539] should_failslab+0xc2/0x120 [ 988.036130][T19539] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 988.036157][T19539] ? __kernfs_new_node+0xd2/0x9f0 [ 988.036191][T19539] __kernfs_new_node+0xd2/0x9f0 [ 988.036225][T19539] ? __pfx___kernfs_new_node+0x10/0x10 [ 988.036260][T19539] ? find_held_lock+0x2b/0x80 [ 988.036282][T19539] ? kernfs_root+0xee/0x2a0 [ 988.036309][T19539] ? kernfs_root+0xee/0x2a0 [ 988.036342][T19539] kernfs_new_node+0x11b/0x1a0 [ 988.036378][T19539] __kernfs_create_file+0x53/0x350 [ 988.036404][T19539] sysfs_add_file_mode_ns+0x207/0x3c0 [ 988.036436][T19539] internal_create_group+0x593/0xf40 [ 988.036472][T19539] ? __pfx_internal_create_group+0x10/0x10 [ 988.036501][T19539] ? kernfs_remove_by_name_ns+0xdf/0x120 [ 988.036530][T19539] sysfs_slab_add+0x1a4/0x1f0 [ 988.036562][T19539] do_kmem_cache_create+0x472/0x540 [ 988.036597][T19539] __kmem_cache_create_args+0x386/0x420 [ 988.036626][T19539] ubi_attach+0x32a/0x4d30 [ 988.036660][T19539] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 988.036683][T19539] ? ubi_msg+0x114/0x159 [ 988.036701][T19539] ? __pfx_ubi_msg+0x10/0x10 [ 988.036722][T19539] ? __pfx_ubi_attach+0x10/0x10 [ 988.036746][T19539] ? lockdep_init_map_type+0x5c/0x250 [ 988.036780][T19539] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 988.036806][T19539] ? __vmalloc_node_noprof+0xad/0xf0 [ 988.036827][T19539] ? ubi_attach_mtd_dev+0x1353/0x32a0 [ 988.036856][T19539] ubi_attach_mtd_dev+0x139f/0x32a0 [ 988.036904][T19539] ? __pfx_ubi_attach_mtd_dev+0x10/0x10 [ 988.036930][T19539] ? __pfx_get_mtd_device+0x10/0x10 [ 988.036977][T19539] ctrl_cdev_ioctl+0x36a/0x400 [ 988.037010][T19539] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 988.037061][T19539] ? __pfx_ctrl_cdev_ioctl+0x10/0x10 [ 988.037094][T19539] __x64_sys_ioctl+0x18e/0x210 [ 988.037126][T19539] do_syscall_64+0x10b/0xf80 [ 988.037158][T19539] ? clear_bhb_loop+0x40/0x90 [ 988.037187][T19539] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 988.037211][T19539] RIP: 0033:0x7f34cc59c819 [ 988.037230][T19539] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 988.037253][T19539] RSP: 002b:00007f34cd3bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 988.037275][T19539] RAX: ffffffffffffffda RBX: 00007f34cc815fa0 RCX: 00007f34cc59c819 [ 988.037290][T19539] RDX: 0000000000000000 RSI: 0000000040186f40 RDI: 0000000000000008 [ 988.037304][T19539] RBP: 00007f34cc632c91 R08: 0000000000000000 R09: 0000000000000000 [ 988.037318][T19539] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 988.037332][T19539] R13: 00007f34cc816038 R14: 00007f34cc815fa0 R15: 00007ffe93720708 [ 988.037362][T19539] [ 988.658199][T19539] SLUB: Unable to add cache ubi_aeb_slab_cache to sysfs [ 988.695467][T19539] ubi0: scanning is finished [ 988.731143][T19539] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 989.682316][T19558] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2648'. [ 989.726181][T19539] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 991.329413][T19547] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 991.865694][T19587] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2657'. [ 993.259759][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.266179][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 995.826982][T19635] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2665'. [ 996.520101][T19645] [U] 5 [ 997.734450][T19672] ptrace attach of "./syz-executor exec"[5821] was attempted by "./syz-executor exec"[19672] [ 999.927113][T19698] can: request_module (can-proto-0) failed. [ 1003.141346][T19755] program syz.2.2695 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1005.537932][T19783] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2711'. [ 1006.477848][T19779] Process accounting resumed [ 1007.940736][T19810] zswap: compressor not available [ 1009.557439][T19834] device-mapper: ioctl: Unable to rename non-existent device, to uuid „ [ 1010.246574][T19788] x86/mm: Checked W+X mappings: passed, no W+X pages found. [ 1012.243108][ T30] audit: type=1800 audit(4294967828.273:16): pid=19859 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2720" name="lu_gp_id" dev="configfs" ino=55706 res=0 errno=0 [ 1012.909382][T19872] random: crng reseeded on system resumption [ 1015.395040][T19885] < [ 1020.312712][T19974] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2746'. [ 1020.965276][T19985] random: crng reseeded on system resumption [ 1022.865504][T20016] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2756'. [ 1025.553138][T20079] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2772'. [ 1033.626554][T20200] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2805'. [ 1035.073010][T20223] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2813'. [ 1035.373898][T20231] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2824'. [ 1035.519138][T20237] netlink: 338 bytes leftover after parsing attributes in process `syz.1.2817'. [ 1036.277604][T20254] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2825'. [ 1036.935295][T20270] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2829'. [ 1037.070977][T20264] Process accounting paused [ 1038.013109][T20292] random: crng reseeded on system resumption [ 1038.778585][T20306] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2838'. [ 1042.674536][ T30] audit: type=1800 audit(4294967858.703:17): pid=20388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2861" name="dbroot" dev="configfs" ino=57528 res=0 errno=0 [ 1042.711340][T20388] FAULT_INJECTION: forcing a failure. [ 1042.711340][T20388] name failslab, interval 1, probability 0, space 0, times 0 [ 1042.784406][T20388] CPU: 0 UID: 0 PID: 20388 Comm: syz.2.2861 Tainted: G L syzkaller #0 PREEMPT(full) [ 1042.784445][T20388] Tainted: [L]=SOFTLOCKUP [ 1042.784453][T20388] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1042.784471][T20388] Call Trace: [ 1042.784479][T20388] [ 1042.784488][T20388] dump_stack_lvl+0x100/0x190 [ 1042.784533][T20388] should_fail_ex.cold+0x5/0xa [ 1042.784563][T20388] ? inotify_handle_inode_event+0x1a5/0x6a0 [ 1042.784591][T20388] should_failslab+0xc2/0x120 [ 1042.784628][T20388] __kmalloc_noprof+0xe0/0x850 [ 1042.784658][T20388] ? stack_trace_save+0x8e/0xc0 [ 1042.784691][T20388] inotify_handle_inode_event+0x1a5/0x6a0 [ 1042.784725][T20388] ? __pfx_inotify_handle_inode_event+0x10/0x10 [ 1042.784754][T20388] fsnotify_handle_inode_event.isra.0+0x1e3/0x410 [ 1042.784798][T20388] fsnotify+0x187d/0x3550 [ 1042.784844][T20388] ? __pfx_fsnotify+0x10/0x10 [ 1042.784928][T20388] __fsnotify_parent+0x704/0xca0 [ 1042.784973][T20388] ? __pfx___fsnotify_parent+0x10/0x10 [ 1042.785018][T20388] ? __pfx___might_resched+0x10/0x10 [ 1042.785047][T20388] ? __fput+0x30d/0xb50 [ 1042.785075][T20388] __fput+0x30d/0xb50 [ 1042.785105][T20388] task_work_run+0x150/0x240 [ 1042.785129][T20388] ? __pfx_task_work_run+0x10/0x10 [ 1042.785171][T20388] ? rcu_is_watching+0x12/0xc0 [ 1042.785200][T20388] exit_to_user_mode_loop+0x100/0x4a0 [ 1042.785235][T20388] ? do_syscall_64+0x519/0xf80 [ 1042.785270][T20388] do_syscall_64+0x6f2/0xf80 [ 1042.785301][T20388] ? clear_bhb_loop+0x40/0x90 [ 1042.785330][T20388] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1042.785355][T20388] RIP: 0033:0x7f34cc59c819 [ 1042.785374][T20388] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1042.785404][T20388] RSP: 002b:00007f34cd3bb028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 1042.785427][T20388] RAX: 0000000000000000 RBX: 00007f34cc815fa0 RCX: 00007f34cc59c819 [ 1042.785443][T20388] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 1042.785457][T20388] RBP: 00007f34cc632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1042.785472][T20388] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1042.785486][T20388] R13: 00007f34cc816038 R14: 00007f34cc815fa0 R15: 00007ffe93720708 [ 1042.785517][T20388] [ 1044.228715][T20400] zswap: compressor not available [ 1044.971587][T20423] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2871'. [ 1046.377885][T20457] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2880'. [ 1046.643946][T20462] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2882'. [ 1048.305322][T20499] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2893'. [ 1049.102182][T20512] raw_sendmsg: syz.0.2906 forgot to set AF_INET. Fix it! [ 1050.670304][ T30] audit: type=1800 audit(4294967866.703:18): pid=20548 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2909" name="dbroot" dev="configfs" ino=58337 res=0 errno=0 [ 1051.579613][T20560] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2914'. [ 1053.055709][T20565] < [ 1053.070594][T20593] netlink: 146 bytes leftover after parsing attributes in process `syz.0.2924'. [ 1054.700242][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.706710][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.388708][T13621] Bluetooth: hci3: unexpected event 0x0f length: 123 > 4 [ 1055.771846][T20633] FAULT_INJECTION: forcing a failure. [ 1055.771846][T20633] name failslab, interval 1, probability 0, space 0, times 0 [ 1055.792413][T20634] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2945'. [ 1055.886747][T20633] CPU: 0 UID: 0 PID: 20633 Comm: syz.2.2938 Tainted: G L syzkaller #0 PREEMPT(full) [ 1055.886782][T20633] Tainted: [L]=SOFTLOCKUP [ 1055.886789][T20633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1055.886802][T20633] Call Trace: [ 1055.886809][T20633] [ 1055.886817][T20633] dump_stack_lvl+0x100/0x190 [ 1055.886859][T20633] should_fail_ex.cold+0x5/0xa [ 1055.886888][T20633] should_failslab+0xc2/0x120 [ 1055.886923][T20633] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1055.886952][T20633] ? acpi_ps_alloc_op+0x29d/0x360 [ 1055.886983][T20633] ? __pfx_acpi_ut_trace_ptr+0x10/0x10 [ 1055.887016][T20633] ? __pfx_acpi_ut_track_stack_ptr+0x10/0x10 [ 1055.887053][T20633] acpi_ps_alloc_op+0x29d/0x360 [ 1055.887087][T20633] acpi_ps_get_next_namepath+0x515/0xa10 [ 1055.887120][T20633] ? __pfx_acpi_ps_get_next_namepath+0x10/0x10 [ 1055.887154][T20633] ? acpi_ut_status_exit+0x111/0x1c0 [ 1055.887192][T20633] acpi_ps_parse_loop+0xb98/0x24a0 [ 1055.887229][T20633] ? __pfx_acpi_ps_parse_loop+0x10/0x10 [ 1055.887258][T20633] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 1055.887287][T20633] ? acpi_ut_create_thread_state+0x6d/0x170 [ 1055.887325][T20633] acpi_ps_parse_aml+0x81e/0x1120 [ 1055.887360][T20633] acpi_ps_execute_method+0x5c4/0xe90 [ 1055.887400][T20633] acpi_ns_evaluate+0x640/0x1670 [ 1055.887467][T20633] acpi_evaluate_object+0x420/0xe00 [ 1055.887497][T20633] ? kasan_save_stack+0x30/0x50 [ 1055.887528][T20633] ? kasan_save_track+0x14/0x30 [ 1055.887559][T20633] ? __kasan_kmalloc+0xaa/0xb0 [ 1055.887590][T20633] ? __kvmalloc_node_noprof+0x360/0xa00 [ 1055.887627][T20633] ? __pfx_acpi_evaluate_object+0x10/0x10 [ 1055.887655][T20633] ? lock_acquire+0x1b1/0x370 [ 1055.887697][T20633] acpi_evaluate_integer+0xdf/0x220 [ 1055.887721][T20633] ? __pfx_acpi_evaluate_integer+0x10/0x10 [ 1055.887756][T20633] ? __pfx_status_show+0x10/0x10 [ 1055.887784][T20633] status_show+0xa0/0x120 [ 1055.887812][T20633] ? __pfx_status_show+0x10/0x10 [ 1055.887847][T20633] dev_attr_show+0x52/0xa0 [ 1055.887882][T20633] ? __pfx_dev_attr_show+0x10/0x10 [ 1055.887931][T20633] sysfs_kf_seq_show+0x217/0x3a0 [ 1055.887965][T20633] seq_read_iter+0x32f/0x1270 [ 1055.887997][T20633] ? lock_acquire+0x1b1/0x370 [ 1055.888042][T20633] kernfs_fop_read_iter+0x46c/0x610 [ 1055.888068][T20633] ? rw_verify_area+0xce/0x6d0 [ 1055.888108][T20633] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 1055.888133][T20633] vfs_read+0x825/0xb30 [ 1055.888168][T20633] ? __pfx_vfs_read+0x10/0x10 [ 1055.888216][T20633] ksys_read+0x12a/0x250 [ 1055.888246][T20633] ? __pfx_ksys_read+0x10/0x10 [ 1055.888279][T20633] ? rcu_is_watching+0x12/0xc0 [ 1055.888305][T20633] do_syscall_64+0x10b/0xf80 [ 1055.888334][T20633] ? clear_bhb_loop+0x40/0x90 [ 1055.888379][T20633] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.888403][T20633] RIP: 0033:0x7f34cc59c819 [ 1055.888423][T20633] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1055.888452][T20633] RSP: 002b:00007f34cd3bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1055.888474][T20633] RAX: ffffffffffffffda RBX: 00007f34cc815fa0 RCX: 00007f34cc59c819 [ 1055.888490][T20633] RDX: 000000000000007a RSI: 0000200000000140 RDI: 0000000000000004 [ 1055.888504][T20633] RBP: 00007f34cc632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1055.888518][T20633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1055.888532][T20633] R13: 00007f34cc816038 R14: 00007f34cc815fa0 R15: 00007ffe93720708 [ 1055.888563][T20633] [ 1056.266918][T20633] ACPI Error: Aborting method \_SB.LNKA._STA due to previous error (AE_NO_MEMORY) (20251212/psparse-529) [ 1056.531512][T20649] netlink: 202 bytes leftover after parsing attributes in process `syz.3.2942'. [ 1057.720585][T20670] zswap: compressor not available [ 1057.907493][T20684] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 1062.793972][T20778] FAULT_INJECTION: forcing a failure. [ 1062.793972][T20778] name fail_futex, interval 1, probability 0, space 0, times 0 [ 1062.855460][T20778] CPU: 0 UID: 0 PID: 20778 Comm: syz.2.2976 Tainted: G L syzkaller #0 PREEMPT(full) [ 1062.855500][T20778] Tainted: [L]=SOFTLOCKUP [ 1062.855509][T20778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1062.855523][T20778] Call Trace: [ 1062.855531][T20778] [ 1062.855540][T20778] dump_stack_lvl+0x100/0x190 [ 1062.855585][T20778] should_fail_ex.cold+0x5/0xa [ 1062.855616][T20778] get_futex_key+0x1d2/0x1600 [ 1062.855665][T20778] ? __pfx_get_futex_key+0x10/0x10 [ 1062.855701][T20778] ? __lock_acquire+0x4a5/0x2630 [ 1062.855737][T20778] ? __lock_acquire+0x4a5/0x2630 [ 1062.855778][T20778] futex_wake+0xea/0x530 [ 1062.855808][T20778] ? reacquire_held_locks+0xce/0x1e0 [ 1062.855845][T20778] ? __pfx_futex_wake+0x10/0x10 [ 1062.855875][T20778] ? find_held_lock+0x2b/0x80 [ 1062.855902][T20778] ? smc_bind+0x30e/0x3b0 [ 1062.855937][T20778] ? rcu_is_watching+0x12/0xc0 [ 1062.855965][T20778] do_futex+0x32b/0x350 [ 1062.856016][T20778] ? __pfx_do_futex+0x10/0x10 [ 1062.856051][T20778] ? __sys_bind+0x1c7/0x260 [ 1062.856081][T20778] __x64_sys_futex+0x34f/0x4d0 [ 1062.856120][T20778] ? __pfx___x64_sys_futex+0x10/0x10 [ 1062.856160][T20778] ? rcu_is_watching+0x12/0xc0 [ 1062.856186][T20778] do_syscall_64+0x10b/0xf80 [ 1062.856214][T20778] ? clear_bhb_loop+0x40/0x90 [ 1062.856241][T20778] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.856263][T20778] RIP: 0033:0x7f34cc59c819 [ 1062.856280][T20778] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1062.856301][T20778] RSP: 002b:00007f34cd3bb0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1062.856322][T20778] RAX: ffffffffffffffda RBX: 00007f34cc815fa8 RCX: 00007f34cc59c819 [ 1062.856336][T20778] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f34cc815fac [ 1062.856349][T20778] RBP: 00007f34cc815fa0 R08: 0000000000000001 R09: 0000000000000000 [ 1062.856362][T20778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1062.856375][T20778] R13: 00007f34cc816038 R14: 00007ffe93720620 R15: 00007ffe93720708 [ 1062.856402][T20778] [ 1064.198031][T20798] netlink: 'syz.2.2984': attribute type 5 has an invalid length. [ 1064.254770][T20798] netlink: 314 bytes leftover after parsing attributes in process `syz.2.2984'. [ 1067.048405][T20843] binder: 20842:20843 ioctl c0306201 2000000000c0 returned -14 [ 1067.435868][T20837] Process accounting resumed [ 1067.860586][T20854] netlink: 186 bytes leftover after parsing attributes in process `syz.1.2999'. [ 1068.152678][T20861] ima: policy update failed [ 1068.166108][ T30] audit: type=1802 audit(4294967884.193:19): pid=20861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.2.3002" res=0 errno=0 [ 1071.611196][T20937] FAULT_INJECTION: forcing a failure. [ 1071.611196][T20937] name failslab, interval 1, probability 0, space 0, times 0 [ 1071.660199][T20937] CPU: 0 UID: 0 PID: 20937 Comm: syz.2.3023 Tainted: G L syzkaller #0 PREEMPT(full) [ 1071.660237][T20937] Tainted: [L]=SOFTLOCKUP [ 1071.660245][T20937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1071.660260][T20937] Call Trace: [ 1071.660267][T20937] [ 1071.660276][T20937] dump_stack_lvl+0x100/0x190 [ 1071.660320][T20937] should_fail_ex.cold+0x5/0xa [ 1071.660352][T20937] should_failslab+0xc2/0x120 [ 1071.660388][T20937] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1071.660419][T20937] ? alloc_empty_file+0x5b/0x1c0 [ 1071.660463][T20937] ? _raw_spin_unlock+0x28/0x50 [ 1071.660508][T20937] alloc_empty_file+0x5b/0x1c0 [ 1071.660534][T20937] dentry_open+0x46/0xd0 [ 1071.660559][T20937] __do_sys_fsmount+0x90a/0xda0 [ 1071.660584][T20937] ? __pfx___do_sys_fsmount+0x10/0x10 [ 1071.660611][T20937] ? rcu_is_watching+0x12/0xc0 [ 1071.660642][T20937] do_syscall_64+0x10b/0xf80 [ 1071.660672][T20937] ? clear_bhb_loop+0x40/0x90 [ 1071.660701][T20937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1071.660725][T20937] RIP: 0033:0x7f34cc59c819 [ 1071.660743][T20937] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1071.660766][T20937] RSP: 002b:00007f34cd3bb028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b0 [ 1071.660788][T20937] RAX: ffffffffffffffda RBX: 00007f34cc815fa0 RCX: 00007f34cc59c819 [ 1071.660804][T20937] RDX: 0000000000200003 RSI: 0000000000000000 RDI: 0000000000000004 [ 1071.660818][T20937] RBP: 00007f34cc632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1071.660832][T20937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1071.660846][T20937] R13: 00007f34cc816038 R14: 00007f34cc815fa0 R15: 00007ffe93720708 [ 1071.660875][T20937] [ 1080.090354][T21106] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1081.087543][T21129] FAULT_INJECTION: forcing a failure. [ 1081.087543][T21129] name failslab, interval 1, probability 0, space 0, times 0 [ 1081.137023][T21129] CPU: 0 UID: 0 PID: 21129 Comm: syz.2.3077 Tainted: G L syzkaller #0 PREEMPT(full) [ 1081.137073][T21129] Tainted: [L]=SOFTLOCKUP [ 1081.137080][T21129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1081.137094][T21129] Call Trace: [ 1081.137100][T21129] [ 1081.137108][T21129] dump_stack_lvl+0x100/0x190 [ 1081.137150][T21129] should_fail_ex.cold+0x5/0xa [ 1081.137178][T21129] ? snd_pcm_plugin_build+0x434/0x650 [ 1081.137204][T21129] should_failslab+0xc2/0x120 [ 1081.137239][T21129] __kmalloc_noprof+0xe0/0x850 [ 1081.137274][T21129] snd_pcm_plugin_build+0x434/0x650 [ 1081.137300][T21129] ? snd_pcm_plugin_build+0x4b7/0x650 [ 1081.137337][T21129] snd_pcm_plugin_build_linear+0x254/0x850 [ 1081.137370][T21129] ? __pfx_snd_pcm_plugin_build_linear+0x10/0x10 [ 1081.137407][T21129] ? snd_pcm_hw_params+0x241/0x1bf0 [ 1081.137441][T21129] snd_pcm_plug_format_plugins+0x536/0x1430 [ 1081.137473][T21129] ? __pfx_snd_pcm_plug_format_plugins+0x10/0x10 [ 1081.137506][T21129] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 1081.137540][T21129] snd_pcm_oss_change_params_locked+0x2e3c/0x39f0 [ 1081.137578][T21129] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 1081.137604][T21129] ? __pfx___mutex_lock+0x10/0x10 [ 1081.137654][T21129] snd_pcm_oss_get_active_substream+0x175/0x1d0 [ 1081.137684][T21129] snd_pcm_oss_ioctl+0x1bf1/0x3700 [ 1081.137712][T21129] ? __fget_files+0x215/0x3d0 [ 1081.137743][T21129] ? hook_file_ioctl_common+0x149/0x410 [ 1081.137773][T21129] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1081.137802][T21129] ? __fget_files+0x21f/0x3d0 [ 1081.137837][T21129] ? __pfx_snd_pcm_oss_ioctl+0x10/0x10 [ 1081.137864][T21129] __x64_sys_ioctl+0x18e/0x210 [ 1081.137895][T21129] do_syscall_64+0x10b/0xf80 [ 1081.137922][T21129] ? clear_bhb_loop+0x40/0x90 [ 1081.137949][T21129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1081.137971][T21129] RIP: 0033:0x7f34cc59c819 [ 1081.137989][T21129] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1081.138035][T21129] RSP: 002b:00007f34cd3bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1081.138058][T21129] RAX: ffffffffffffffda RBX: 00007f34cc815fa0 RCX: 00007f34cc59c819 [ 1081.138073][T21129] RDX: 0000000000000000 RSI: 00000000c0045002 RDI: 0000000000000006 [ 1081.138088][T21129] RBP: 00007f34cc632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1081.138102][T21129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1081.138116][T21129] R13: 00007f34cc816038 R14: 00007f34cc815fa0 R15: 00007ffe93720708 [ 1081.138146][T21129] [ 1085.572049][T21216] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3098'. [ 1085.622896][T21216] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3098'. [ 1086.004083][T21218] mkiss: ax0: crc mode is auto. [ 1087.628597][T21261] FAULT_INJECTION: forcing a failure. [ 1087.628597][T21261] name failslab, interval 1, probability 0, space 0, times 0 [ 1087.687192][T21261] CPU: 0 UID: 0 PID: 21261 Comm: syz.2.3109 Tainted: G L syzkaller #0 PREEMPT(full) [ 1087.687230][T21261] Tainted: [L]=SOFTLOCKUP [ 1087.687238][T21261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1087.687252][T21261] Call Trace: [ 1087.687259][T21261] [ 1087.687268][T21261] dump_stack_lvl+0x100/0x190 [ 1087.687311][T21261] should_fail_ex.cold+0x5/0xa [ 1087.687341][T21261] should_failslab+0xc2/0x120 [ 1087.687378][T21261] __kmalloc_cache_node_noprof+0x7d/0x770 [ 1087.687413][T21261] ? blk_mq_init_tags+0x8c/0x300 [ 1087.687447][T21261] blk_mq_init_tags+0x8c/0x300 [ 1087.687476][T21261] blk_mq_alloc_map_and_rqs+0x218/0xeb0 [ 1087.687504][T21261] ? blk_mq_update_queue_map+0x227/0x3a0 [ 1087.687535][T21261] blk_mq_alloc_tag_set+0x848/0x1330 [ 1087.687569][T21261] loop_add+0x3b7/0xb60 [ 1087.687592][T21261] ? __pfx_loop_add+0x10/0x10 [ 1087.687632][T21261] ? find_held_lock+0x2b/0x80 [ 1087.687658][T21261] ? __fget_files+0x215/0x3d0 [ 1087.687695][T21261] loop_control_ioctl+0xae/0x620 [ 1087.687720][T21261] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1087.687749][T21261] ? __pfx_loop_control_ioctl+0x10/0x10 [ 1087.687775][T21261] __x64_sys_ioctl+0x18e/0x210 [ 1087.687807][T21261] do_syscall_64+0x10b/0xf80 [ 1087.687837][T21261] ? clear_bhb_loop+0x40/0x90 [ 1087.687866][T21261] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1087.687890][T21261] RIP: 0033:0x7f34cc59c819 [ 1087.687909][T21261] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1087.687932][T21261] RSP: 002b:00007f34cd3bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1087.687954][T21261] RAX: ffffffffffffffda RBX: 00007f34cc815fa0 RCX: 00007f34cc59c819 [ 1087.687969][T21261] RDX: fffffffffffffffd RSI: 0000000000004c80 RDI: 0000000000000009 [ 1087.687984][T21261] RBP: 00007f34cc632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1087.687998][T21261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1087.688011][T21261] R13: 00007f34cc816038 R14: 00007f34cc815fa0 R15: 00007ffe93720708 [ 1087.688040][T21261] [ 1087.688151][T21261] blk-mq: reduced tag depth (128 -> 64) [ 1089.831069][T21288] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3116'. [ 1089.880572][T21288] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3116'. [ 1089.919502][T21288] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3116'. [ 1089.985993][T21291] netlink: 306 bytes leftover after parsing attributes in process `syz.2.3116'. [ 1090.021538][T21288] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3116'. [ 1090.064354][T21288] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3116'. [ 1090.110317][T21288] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3116'. [ 1090.154813][T21288] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3116'. [ 1092.049214][T13621] Bluetooth: hci2: SCO packet for unknown connection handle 0 [ 1092.549690][T21333] sp0: Synchronizing with TNC [ 1094.120820][T21355] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1094.725087][T21365] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input12 [ 1096.069154][T13621] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1098.382040][T21423] Invalid ELF header magic: != ELF [ 1099.879231][T21413] Process accounting paused [ 1100.042482][T21443] futex_wake_op: syz.2.3153 tries to shift op by -2048; fix this program [ 1100.121498][T21443] futex_wake_op: syz.2.3153 tries to shift op by -2048; fix this program [ 1103.108187][T21467] vivid-007: ================= START STATUS ================= [ 1103.141366][T21467] vivid-007: Generate PTS: true [ 1103.161404][T21467] vivid-007: Generate SCR: true [ 1103.182135][T21467] tpg source WxH: 320x240 (Y'CbCr) [ 1103.206829][T21467] tpg field: 1 [ 1103.218143][T21467] tpg crop: (0,0)/320x240 [ 1103.232739][T21467] tpg compose: (0,0)/320x240 [ 1103.247107][T21467] tpg colorspace: 8 [ 1103.262447][T21467] tpg transfer function: 0/0 [ 1103.281891][T21467] tpg Y'CbCr encoding: 0/0 [ 1103.297663][T21467] tpg quantization: 0/0 [ 1103.325695][T21467] tpg RGB range: 0/2 [ 1103.348328][T21467] vivid-007: ================== END STATUS ================== [ 1103.903649][T21481] random: crng reseeded on system resumption [ 1105.987137][T21519] vivid-007: ================= START STATUS ================= [ 1106.097410][T21519] vivid-007: Generate PTS: true [ 1106.132044][T21516] random: crng reseeded on system resumption [ 1106.174236][T21519] vivid-007: Generate SCR: true [ 1106.216879][T13621] Bluetooth: hci3: SCO packet for unknown connection handle 0 [ 1106.322458][T21519] tpg source WxH: 320x240 (Y'CbCr) [ 1106.413754][T21519] tpg field: 1 [ 1106.487450][T21519] tpg crop: (0,0)/320x240 [ 1106.593563][T21519] tpg compose: (0,0)/320x240 [ 1106.600463][T21518] __nla_validate_parse: 1 callbacks suppressed [ 1106.600487][T21518] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3169'. [ 1106.689442][T21519] tpg colorspace: 8 [ 1106.746845][T21519] tpg transfer function: 0/0 [ 1106.887327][T21519] tpg Y'CbCr encoding: 0/0 [ 1106.928355][T21519] tpg quantization: 0/0 [ 1106.986932][T21519] tpg RGB range: 0/2 [ 1107.043442][T21519] vivid-007: ================== END STATUS ================== [ 1111.509719][T21619] random: crng reseeded on system resumption [ 1116.142331][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.151964][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.602490][T21676] random: crng reseeded on system resumption [ 1117.504234][T21690] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3207'. [ 1117.901470][T21700] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3209'. [ 1120.622554][T21728] dyndbg: expected <4096 bytes into control [ 1121.397839][T21726] Invalid ELF header magic: != ELF [ 1121.437441][T21736] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input13 [ 1123.843513][T21766] FAULT_INJECTION: forcing a failure. [ 1123.843513][T21766] name failslab, interval 1, probability 0, space 0, times 0 [ 1123.910630][T21766] CPU: 0 UID: 0 PID: 21766 Comm: syz.2.3222 Tainted: G L syzkaller #0 PREEMPT(full) [ 1123.910668][T21766] Tainted: [L]=SOFTLOCKUP [ 1123.910676][T21766] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1123.910690][T21766] Call Trace: [ 1123.910698][T21766] [ 1123.910706][T21766] dump_stack_lvl+0x100/0x190 [ 1123.910749][T21766] should_fail_ex.cold+0x5/0xa [ 1123.910779][T21766] should_failslab+0xc2/0x120 [ 1123.910815][T21766] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1123.910842][T21766] ? usbdev_open+0x9d/0x870 [ 1123.910868][T21766] usbdev_open+0x9d/0x870 [ 1123.910889][T21766] ? kobject_get_unless_zero+0x156/0x200 [ 1123.910936][T21766] ? __pfx_usbdev_open+0x10/0x10 [ 1123.910970][T21766] ? chrdev_open+0x10b/0x6a0 [ 1123.911003][T21766] ? chrdev_open+0x10b/0x6a0 [ 1123.911041][T21766] ? __pfx_usbdev_open+0x10/0x10 [ 1123.911075][T21766] chrdev_open+0x234/0x6a0 [ 1123.911108][T21766] ? __pfx_apparmor_file_open+0x10/0x10 [ 1123.911133][T21766] ? __pfx_chrdev_open+0x10/0x10 [ 1123.911169][T21766] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1123.911210][T21766] do_dentry_open+0x6d8/0x1660 [ 1123.911243][T21766] ? __pfx_chrdev_open+0x10/0x10 [ 1123.911291][T21766] vfs_open+0x82/0x3f0 [ 1123.911317][T21766] path_openat+0x208c/0x31a0 [ 1123.911359][T21766] ? __pfx_path_openat+0x10/0x10 [ 1123.911403][T21766] do_file_open+0x20e/0x430 [ 1123.911439][T21766] ? __pfx_do_file_open+0x10/0x10 [ 1123.911491][T21766] ? alloc_fd+0x476/0x790 [ 1123.911527][T21766] ? do_getname+0x191/0x390 [ 1123.911553][T21766] do_sys_openat2+0x10d/0x1e0 [ 1123.911577][T21766] ? __pfx_do_sys_openat2+0x10/0x10 [ 1123.911604][T21766] ? __fget_files+0x21f/0x3d0 [ 1123.911641][T21766] __x64_sys_openat+0x12d/0x210 [ 1123.911666][T21766] ? __pfx___x64_sys_openat+0x10/0x10 [ 1123.911697][T21766] ? rcu_is_watching+0x12/0xc0 [ 1123.911723][T21766] do_syscall_64+0x10b/0xf80 [ 1123.911751][T21766] ? clear_bhb_loop+0x40/0x90 [ 1123.911778][T21766] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1123.911800][T21766] RIP: 0033:0x7f34cc59c819 [ 1123.911818][T21766] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1123.911839][T21766] RSP: 002b:00007f34cd39a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1123.911860][T21766] RAX: ffffffffffffffda RBX: 00007f34cc816090 RCX: 00007f34cc59c819 [ 1123.911875][T21766] RDX: 0000000000040101 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 1123.911888][T21766] RBP: 00007f34cc632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1123.911901][T21766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1123.911914][T21766] R13: 00007f34cc816128 R14: 00007f34cc816090 R15: 00007ffe93720708 [ 1123.911945][T21766] [ 1125.453493][T21771] netlink: 342 bytes leftover after parsing attributes in process `syz.1.3223'. [ 1127.929771][T21805] ubi0: attaching mtd0 [ 1128.093711][T21815] random: crng reseeded on system resumption [ 1128.210332][T21805] ubi0: scanning is finished [ 1128.306557][T21805] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1128.958673][T21805] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1130.429527][T21838] Process accounting resumed [ 1132.705716][T21860] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1132.818273][T21860] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1132.914106][T21860] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1133.171601][T21860] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1133.238750][T21860] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1133.542393][T21878] futex_wake_op: syz.3.3244 tries to shift op by -2048; fix this program [ 1133.669422][T21873] 0x000000000001-0x000000020000 : "" [ 1133.754094][T21873] ftl_cs: FTL header corrupt! [ 1134.775570][T13621] Bluetooth: hci0: command 0x0406 tx timeout [ 1134.855202][T13621] Bluetooth: hci2: command 0x0406 tx timeout [ 1135.175282][T13621] Bluetooth: hci1: command 0x0406 tx timeout [ 1135.255020][T13621] Bluetooth: hci3: command 0x0406 tx timeout [ 1135.890597][T21919] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3251'. [ 1136.935232][T13621] Bluetooth: hci2: command 0x0406 tx timeout [ 1144.141753][T22014] block2mtd: illegal erase size [ 1146.736371][T22030] input: fÈ as /devices/virtual/input/input14 [ 1149.512521][T22069] ubi0: attaching mtd0 [ 1149.779165][T22069] ubi0: scanning is finished [ 1149.908761][T22069] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1150.524201][T22069] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1151.784254][T22103] random: crng reseeded on system resumption [ 1156.380255][T13621] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 1156.407235][T22142] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3295'. [ 1157.802797][T22150] nfs4: Unknown parameter '/dev/u ' [ 1159.074558][T22158] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1159.140336][T22158] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1159.216218][T22158] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1159.279305][T22158] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1160.615248][T13621] Bluetooth: hci0: command 0x0406 tx timeout [ 1161.097290][T22171] Process accounting paused [ 1161.175552][T13621] Bluetooth: hci2: command 0x0406 tx timeout [ 1161.255194][T13621] Bluetooth: hci1: command 0x0406 tx timeout [ 1161.335753][T13621] Bluetooth: hci3: command 0x0406 tx timeout [ 1162.933825][T22199] futex_wake_op: syz.3.3311 tries to shift op by -2048; fix this program [ 1163.416128][T22208] input: jJǸ-¶š9ã%vø“ûJ86Ö‘ as /devices/virtual/input/input15 [ 1168.781809][T22246] netlink: 354 bytes leftover after parsing attributes in process `syz.0.3315'. [ 1169.337301][T22248] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3316'. [ 1170.769078][T22264] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3319'. [ 1172.581573][T22286] bond0: invalid ARP target specified [ 1172.878127][T22294] FAULT_INJECTION: forcing a failure. [ 1172.878127][T22294] name failslab, interval 1, probability 0, space 0, times 0 [ 1173.513709][T22294] CPU: 0 UID: 0 PID: 22294 Comm: syz.2.3326 Tainted: G L syzkaller #0 PREEMPT(full) [ 1173.513748][T22294] Tainted: [L]=SOFTLOCKUP [ 1173.513756][T22294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1173.513770][T22294] Call Trace: [ 1173.513777][T22294] [ 1173.513786][T22294] dump_stack_lvl+0x100/0x190 [ 1173.513832][T22294] should_fail_ex.cold+0x5/0xa [ 1173.513861][T22294] ? tomoyo_encode2+0xfb/0x3c0 [ 1173.513895][T22294] should_failslab+0xc2/0x120 [ 1173.513931][T22294] __kmalloc_noprof+0xe0/0x850 [ 1173.513961][T22294] ? d_absolute_path+0x136/0x1b0 [ 1173.513994][T22294] tomoyo_encode2+0xfb/0x3c0 [ 1173.514033][T22294] tomoyo_encode+0x29/0x50 [ 1173.514067][T22294] tomoyo_realpath_from_path+0x18c/0x690 [ 1173.514121][T22294] tomoyo_check_open_permission+0x2af/0x3c0 [ 1173.514151][T22294] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1173.514190][T22294] ? hook_file_open+0x24e/0x7a0 [ 1173.514236][T22294] ? path_get+0x61/0x80 [ 1173.514278][T22294] tomoyo_file_open+0x6b/0x90 [ 1173.514302][T22294] security_file_open+0xb5/0x1e0 [ 1173.514336][T22294] do_dentry_open+0x5aa/0x1660 [ 1173.514373][T22294] ? security_inode_permission+0xbf/0x250 [ 1173.514408][T22294] vfs_open+0x82/0x3f0 [ 1173.514437][T22294] path_openat+0x208c/0x31a0 [ 1173.514482][T22294] ? __pfx_path_openat+0x10/0x10 [ 1173.514539][T22294] do_file_open+0x20e/0x430 [ 1173.514575][T22294] ? __pfx_do_file_open+0x10/0x10 [ 1173.514627][T22294] ? alloc_fd+0x476/0x790 [ 1173.514662][T22294] ? do_getname+0x191/0x390 [ 1173.514758][T22294] do_sys_openat2+0x10d/0x1e0 [ 1173.514783][T22294] ? __pfx_do_sys_openat2+0x10/0x10 [ 1173.514818][T22294] __x64_sys_openat+0x12d/0x210 [ 1173.514848][T22294] ? __pfx___x64_sys_openat+0x10/0x10 [ 1173.514899][T22294] ? rcu_is_watching+0x12/0xc0 [ 1173.514944][T22294] do_syscall_64+0x10b/0xf80 [ 1173.514976][T22294] ? clear_bhb_loop+0x40/0x90 [ 1173.515006][T22294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1173.515031][T22294] RIP: 0033:0x7f34cc59c819 [ 1173.515051][T22294] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1173.515074][T22294] RSP: 002b:00007f34cd3bb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1173.515097][T22294] RAX: ffffffffffffffda RBX: 00007f34cc815fa0 RCX: 00007f34cc59c819 [ 1173.515114][T22294] RDX: 0000000000000001 RSI: 0000200000000240 RDI: ffffffffffffff9c [ 1173.515129][T22294] RBP: 00007f34cc632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1173.515144][T22294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1173.515158][T22294] R13: 00007f34cc816038 R14: 00007f34cc815fa0 R15: 00007ffe93720708 [ 1173.515189][T22294] [ 1174.901121][T22141] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1175.871051][T22294] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1177.578295][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1177.586666][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1186.292792][ T30] audit: type=1807 audit(4294967331.980:20): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 1186.417368][T22426] ima: policy update failed [ 1186.422108][ T30] audit: type=1802 audit(4294967332.030:21): pid=22423 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.3.3351" res=0 errno=0 [ 1186.611230][ T30] audit: type=1802 audit(4294967332.240:22): pid=22426 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.3.3351" res=0 errno=0 [ 1194.599268][T22478] futex_wake_op: syz.0.3362 tries to shift op by -2048; fix this program [ 1195.653035][T22469] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1195.703107][T22469] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1195.740481][T22469] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1195.796983][T22469] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1196.082051][T22457] Process accounting resumed [ 1196.418667][T22487] ubi0: attaching mtd0 [ 1196.488041][T22487] ubi0: scanning is finished [ 1196.551056][T22487] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1196.767839][T22490] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 1196.767839][T22490] The task syz.1.3364 (22490) triggered the difference, watch for misbehavior. [ 1197.736192][T13621] Bluetooth: hci2: command 0x0406 tx timeout [ 1197.742250][T19465] Bluetooth: hci0: command 0x0406 tx timeout [ 1197.815295][T13621] Bluetooth: hci3: command 0x0406 tx timeout [ 1197.821515][T19465] Bluetooth: hci1: command 0x0406 tx timeout [ 1198.250093][T22487] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1199.349043][T22502] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 1202.298990][T19465] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1202.316577][T19465] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1202.326880][T19465] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1202.342240][T19465] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1202.355174][T19465] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1204.000973][T22531] ptrace attach of "./syz-executor exec"[5822] was attempted by ""[22531] [ 1204.303370][T22534] ubi3: attaching mtd1 [ 1204.455017][T19465] Bluetooth: hci4: command tx timeout [ 1205.756956][T22522] chnl_net:caif_netlink_parms(): no params data found [ 1206.535571][T19465] Bluetooth: hci4: command tx timeout [ 1206.731472][T22522] bridge0: port 1(bridge_slave_0) entered blocking state [ 1206.795546][T22522] bridge0: port 1(bridge_slave_0) entered disabled state [ 1206.862879][T22522] bridge_slave_0: entered allmulticast mode [ 1206.928795][T22522] bridge_slave_0: entered promiscuous mode [ 1207.019447][T22522] bridge0: port 2(bridge_slave_1) entered blocking state [ 1207.110271][T22522] bridge0: port 2(bridge_slave_1) entered disabled state [ 1207.182493][T22522] bridge_slave_1: entered allmulticast mode [ 1207.250908][T22522] bridge_slave_1: entered promiscuous mode [ 1207.614522][T22522] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1207.750187][T22522] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1208.072885][T22522] team0: Port device team_slave_0 added [ 1208.158093][T22522] team0: Port device team_slave_1 added [ 1208.619897][T19465] Bluetooth: hci4: command tx timeout [ 1209.180002][T22522] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1209.308080][T22522] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1209.552374][T22522] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1209.667566][T22522] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1209.734402][T22522] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1209.989997][T22522] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1210.695048][T19465] Bluetooth: hci4: command tx timeout [ 1210.732498][T22522] hsr_slave_0: entered promiscuous mode [ 1210.783582][T22522] hsr_slave_1: entered promiscuous mode [ 1210.844769][T22522] debugfs: 'hsr0' already exists in 'hsr' [ 1210.900380][T22522] Cannot create hsr debugfs directory [ 1213.623755][T22522] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1213.757017][T22522] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1213.813689][T22522] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1213.942926][T22522] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1214.035649][T22522] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1214.147399][T22522] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1214.242186][T22522] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1214.349864][T22522] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1215.002257][T22522] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1215.194023][T22522] 8021q: adding VLAN 0 to HW filter on device team0 [ 1215.351147][T20927] bridge0: port 1(bridge_slave_0) entered blocking state [ 1215.358331][T20927] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1215.550064][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 1215.557258][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1217.458455][T22522] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1219.469131][T22522] veth0_vlan: entered promiscuous mode [ 1219.573335][T22522] veth1_vlan: entered promiscuous mode [ 1219.817801][T22522] veth0_macvtap: entered promiscuous mode [ 1219.911089][T22522] veth1_macvtap: entered promiscuous mode [ 1220.060877][T22522] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1220.173735][T22522] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1220.320245][ T62] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.433520][ T62] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.509900][ T62] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1220.644428][ T62] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1221.136856][T10721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1221.234260][T10721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1221.474591][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1221.552898][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1223.927817][T22723] FAULT_INJECTION: forcing a failure. [ 1223.927817][T22723] name failslab, interval 1, probability 0, space 0, times 0 [ 1224.038180][T22723] CPU: 0 UID: 0 PID: 22723 Comm: syz.4.3422 Tainted: G L syzkaller #0 PREEMPT(full) [ 1224.038237][T22723] Tainted: [L]=SOFTLOCKUP [ 1224.038245][T22723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1224.038260][T22723] Call Trace: [ 1224.038267][T22723] [ 1224.038275][T22723] dump_stack_lvl+0x100/0x190 [ 1224.038320][T22723] should_fail_ex.cold+0x5/0xa [ 1224.038349][T22723] ? sk_prot_alloc+0x10b/0x2a0 [ 1224.038371][T22723] should_failslab+0xc2/0x120 [ 1224.038408][T22723] __kmalloc_noprof+0xe0/0x850 [ 1224.038444][T22723] sk_prot_alloc+0x10b/0x2a0 [ 1224.038469][T22723] sk_alloc+0x36/0xe80 [ 1224.038500][T22723] packet_create+0x127/0x8e0 [ 1224.038542][T22723] __sock_create+0x339/0x860 [ 1224.038571][T22723] __sys_socket+0x14d/0x260 [ 1224.038598][T22723] ? __pfx___sys_socket+0x10/0x10 [ 1224.038623][T22723] ? ksys_write+0x1ac/0x250 [ 1224.038663][T22723] __x64_sys_socket+0x72/0xb0 [ 1224.038688][T22723] ? lockdep_hardirqs_on+0x78/0x100 [ 1224.038720][T22723] do_syscall_64+0x10b/0xf80 [ 1224.038749][T22723] ? clear_bhb_loop+0x40/0x90 [ 1224.038777][T22723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1224.038801][T22723] RIP: 0033:0x7fcf2119c819 [ 1224.038819][T22723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1224.038843][T22723] RSP: 002b:00007fcf21fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1224.038865][T22723] RAX: ffffffffffffffda RBX: 00007fcf21415fa0 RCX: 00007fcf2119c819 [ 1224.038880][T22723] RDX: 0000000000000300 RSI: 0000000000080003 RDI: 0000000000000011 [ 1224.038894][T22723] RBP: 00007fcf21232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1224.038908][T22723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1224.038922][T22723] R13: 00007fcf21416038 R14: 00007fcf21415fa0 R15: 00007ffc06cd1448 [ 1224.038951][T22723] [ 1225.442050][T22732] FAULT_INJECTION: forcing a failure. [ 1225.442050][T22732] name failslab, interval 1, probability 0, space 0, times 0 [ 1225.529070][T22732] CPU: 0 UID: 0 PID: 22732 Comm: syz.4.3425 Tainted: G L syzkaller #0 PREEMPT(full) [ 1225.529106][T22732] Tainted: [L]=SOFTLOCKUP [ 1225.529114][T22732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1225.529126][T22732] Call Trace: [ 1225.529133][T22732] [ 1225.529142][T22732] dump_stack_lvl+0x100/0x190 [ 1225.529191][T22732] should_fail_ex.cold+0x5/0xa [ 1225.529220][T22732] should_failslab+0xc2/0x120 [ 1225.529254][T22732] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1225.529278][T22732] ? do_epoll_create+0x62/0x4b0 [ 1225.529318][T22732] do_epoll_create+0x62/0x4b0 [ 1225.529353][T22732] __x64_sys_epoll_create+0x45/0x70 [ 1225.529373][T22732] do_syscall_64+0x10b/0xf80 [ 1225.529401][T22732] ? clear_bhb_loop+0x40/0x90 [ 1225.529429][T22732] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1225.529451][T22732] RIP: 0033:0x7fcf2119c819 [ 1225.529471][T22732] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1225.529493][T22732] RSP: 002b:00007fcf21fe1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d5 [ 1225.529513][T22732] RAX: ffffffffffffffda RBX: 00007fcf21415fa0 RCX: 00007fcf2119c819 [ 1225.529528][T22732] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000005 [ 1225.529540][T22732] RBP: 00007fcf21232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1225.529553][T22732] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1225.529566][T22732] R13: 00007fcf21416038 R14: 00007fcf21415fa0 R15: 00007ffc06cd1448 [ 1225.529595][T22732] [ 1225.850055][T22738] futex_wake_op: syz.4.3428 tries to shift op by -2048; fix this program [ 1225.859799][T22738] futex_wake_op: syz.4.3428 tries to shift op by -2048; fix this program [ 1225.923720][T22741] 0x000000000001-0x000000020000 : "" [ 1225.963266][T22743] netlink: 435 bytes leftover after parsing attributes in process `syz.3.3429'. [ 1226.046953][T22741] ftl_cs: FTL header corrupt! [ 1226.319891][T22747] Process accounting paused [ 1227.650555][T22761] zswap: compressor not available [ 1229.707053][T22785] nvme_fabrics: missing parameter 'transport=%s' [ 1229.740786][T22785] nvme_fabrics: missing parameter 'nqn=%s' [ 1232.806148][T22827] netlink: 206 bytes leftover after parsing attributes in process `syz.3.3451'. [ 1232.859806][T22820] zswap: compressor û not available [ 1233.309964][T22832] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3454'. [ 1235.649785][T22868] FAULT_INJECTION: forcing a failure. [ 1235.649785][T22868] name failslab, interval 1, probability 0, space 0, times 0 [ 1235.769938][T22868] CPU: 0 UID: 0 PID: 22868 Comm: syz.4.3465 Tainted: G L syzkaller #0 PREEMPT(full) [ 1235.769977][T22868] Tainted: [L]=SOFTLOCKUP [ 1235.769985][T22868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1235.769998][T22868] Call Trace: [ 1235.770005][T22868] [ 1235.770013][T22868] dump_stack_lvl+0x100/0x190 [ 1235.770055][T22868] should_fail_ex.cold+0x5/0xa [ 1235.770083][T22868] should_failslab+0xc2/0x120 [ 1235.770117][T22868] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1235.770145][T22868] ? do_timer_create+0x209/0x1480 [ 1235.770172][T22868] do_timer_create+0x209/0x1480 [ 1235.770196][T22868] ? do_futex+0x192/0x350 [ 1235.770229][T22868] ? __pfx_do_timer_create+0x10/0x10 [ 1235.770249][T22868] ? __pfx_do_futex+0x10/0x10 [ 1235.770286][T22868] ? find_held_lock+0x2b/0x80 [ 1235.770315][T22868] __x64_sys_timer_create+0x199/0x1d0 [ 1235.770338][T22868] ? __pfx___x64_sys_timer_create+0x10/0x10 [ 1235.770361][T22868] ? xfd_validate_state+0x129/0x190 [ 1235.770403][T22868] ? rcu_is_watching+0x12/0xc0 [ 1235.770428][T22868] do_syscall_64+0x10b/0xf80 [ 1235.770456][T22868] ? clear_bhb_loop+0x40/0x90 [ 1235.770482][T22868] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.770511][T22868] RIP: 0033:0x7fcf2119c819 [ 1235.770529][T22868] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1235.770551][T22868] RSP: 002b:00007fcf21fe1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000de [ 1235.770572][T22868] RAX: ffffffffffffffda RBX: 00007fcf21415fa0 RCX: 00007fcf2119c819 [ 1235.770587][T22868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 1235.770599][T22868] RBP: 00007fcf21232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1235.770612][T22868] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1235.770625][T22868] R13: 00007fcf21416038 R14: 00007fcf21415fa0 R15: 00007ffc06cd1448 [ 1235.770652][T22868] [ 1239.017846][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1239.031294][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1244.546448][T19465] Bluetooth: hci4: unexpected event 0x0f length: 123 > 4 [ 1244.943219][T22966] vivid-007: ================= START STATUS ================= [ 1245.076482][T22966] vivid-007: Generate PTS: true [ 1245.137726][T22968] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1245.292295][T22966] vivid-007: Generate SCR: true [ 1245.340111][T22966] tpg source WxH: 320x240 (Y'CbCr) [ 1245.392010][T22966] tpg field: 1 [ 1245.436980][T22966] tpg crop: (0,0)/320x240 [ 1245.469411][T22966] tpg compose: (0,0)/320x240 [ 1245.503826][T22966] tpg colorspace: 8 [ 1245.549700][T22966] tpg transfer function: 0/0 [ 1245.589413][T22966] tpg Y'CbCr encoding: 0/0 [ 1245.643482][T22966] tpg quantization: 0/0 [ 1245.678929][T22966] tpg RGB range: 0/2 [ 1245.712707][T22966] vivid-007: ================== END STATUS ================== [ 1247.140454][T22992] netlink: 338 bytes leftover after parsing attributes in process `syz.1.3497'. [ 1252.421625][T23042] nvme_fabrics: missing parameter 'transport=%s' [ 1252.459931][T23042] nvme_fabrics: missing parameter 'nqn=%s' [ 1252.714298][T23044] nvme_fabrics: missing parameter 'transport=%s' [ 1252.759730][T23044] nvme_fabrics: missing parameter 'nqn=%s' [ 1256.605792][T22910] Process accounting resumed [ 1257.463154][T23091] FAULT_INJECTION: forcing a failure. [ 1257.463154][T23091] name failslab, interval 1, probability 0, space 0, times 0 [ 1257.578014][T23091] CPU: 0 UID: 0 PID: 23091 Comm: syz.4.3525 Tainted: G L syzkaller #0 PREEMPT(full) [ 1257.578053][T23091] Tainted: [L]=SOFTLOCKUP [ 1257.578062][T23091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1257.578077][T23091] Call Trace: [ 1257.578085][T23091] [ 1257.578094][T23091] dump_stack_lvl+0x100/0x190 [ 1257.578140][T23091] should_fail_ex.cold+0x5/0xa [ 1257.578171][T23091] ? tomoyo_encode2+0xfb/0x3c0 [ 1257.578205][T23091] should_failslab+0xc2/0x120 [ 1257.578243][T23091] __kmalloc_noprof+0xe0/0x850 [ 1257.578281][T23091] tomoyo_encode2+0xfb/0x3c0 [ 1257.578322][T23091] tomoyo_encode+0x29/0x50 [ 1257.578356][T23091] tomoyo_realpath_from_path+0x18c/0x690 [ 1257.578400][T23091] tomoyo_check_open_permission+0x2af/0x3c0 [ 1257.578434][T23091] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1257.578466][T23091] ? pidfs_alloc_file+0x18f/0x290 [ 1257.578502][T23091] ? do_syscall_64+0x10b/0xf80 [ 1257.578533][T23091] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1257.578565][T23091] ? hook_file_open+0x24e/0x7a0 [ 1257.578622][T23091] ? lock_acquire+0x1b1/0x370 [ 1257.578668][T23091] tomoyo_file_open+0x6b/0x90 [ 1257.578694][T23091] security_file_open+0xb5/0x1e0 [ 1257.578730][T23091] do_dentry_open+0x5aa/0x1660 [ 1257.578787][T23091] vfs_open+0x82/0x3f0 [ 1257.578827][T23091] dentry_open+0x71/0xd0 [ 1257.578850][T23091] pidfs_alloc_file+0x18f/0x290 [ 1257.578883][T23091] ? __pfx_pidfs_alloc_file+0x10/0x10 [ 1257.578923][T23091] pidfd_prepare+0x10c/0x1b0 [ 1257.578954][T23091] __x64_sys_pidfd_open+0x105/0x1a0 [ 1257.579008][T23091] ? __pfx___x64_sys_pidfd_open+0x10/0x10 [ 1257.579047][T23091] ? rcu_is_watching+0x12/0xc0 [ 1257.579074][T23091] do_syscall_64+0x10b/0xf80 [ 1257.579104][T23091] ? clear_bhb_loop+0x40/0x90 [ 1257.579132][T23091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1257.579155][T23091] RIP: 0033:0x7fcf2119c819 [ 1257.579174][T23091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1257.579197][T23091] RSP: 002b:00007fcf21fe1028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b2 [ 1257.579219][T23091] RAX: ffffffffffffffda RBX: 00007fcf21415fa0 RCX: 00007fcf2119c819 [ 1257.579235][T23091] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 1257.579248][T23091] RBP: 00007fcf21232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1257.579262][T23091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1257.579275][T23091] R13: 00007fcf21416038 R14: 00007fcf21415fa0 R15: 00007ffc06cd1448 [ 1257.579305][T23091] [ 1257.579338][T23091] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1259.180776][T13621] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1259.200083][T13621] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1259.256219][T13621] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1259.375518][T13621] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1259.419228][T13621] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1260.945472][T23101] chnl_net:caif_netlink_parms(): no params data found [ 1261.034393][T23106] input: fÈ as /devices/virtual/input/input16 [ 1261.575259][T13621] Bluetooth: hci2: command tx timeout [ 1261.661070][T23101] bridge0: port 1(bridge_slave_0) entered blocking state [ 1261.710220][T23101] bridge0: port 1(bridge_slave_0) entered disabled state [ 1261.756609][T23101] bridge_slave_0: entered allmulticast mode [ 1261.800126][T23101] bridge_slave_0: entered promiscuous mode [ 1261.847596][T23101] bridge0: port 2(bridge_slave_1) entered blocking state [ 1261.891678][T23101] bridge0: port 2(bridge_slave_1) entered disabled state [ 1261.939401][T23101] bridge_slave_1: entered allmulticast mode [ 1261.979887][T23101] bridge_slave_1: entered promiscuous mode [ 1262.189329][T23101] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1262.267482][T23101] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1262.490671][T23101] team0: Port device team_slave_0 added [ 1262.542705][T23101] team0: Port device team_slave_1 added [ 1262.953714][T23101] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1263.025064][T23101] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1263.296478][T23101] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1263.391256][T23116] FAULT_INJECTION: forcing a failure. [ 1263.391256][T23116] name failslab, interval 1, probability 0, space 0, times 0 [ 1263.443628][T23101] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1263.510198][T23101] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1263.541557][T23116] CPU: 0 UID: 0 PID: 23116 Comm: syz.4.3531 Tainted: G L syzkaller #0 PREEMPT(full) [ 1263.541591][T23116] Tainted: [L]=SOFTLOCKUP [ 1263.541599][T23116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1263.541612][T23116] Call Trace: [ 1263.541619][T23116] [ 1263.541627][T23116] dump_stack_lvl+0x100/0x190 [ 1263.541668][T23116] should_fail_ex.cold+0x5/0xa [ 1263.541697][T23116] should_failslab+0xc2/0x120 [ 1263.541732][T23116] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1263.541761][T23116] ? do_epoll_ctl+0x2434/0x36a0 [ 1263.541788][T23116] do_epoll_ctl+0x2434/0x36a0 [ 1263.541818][T23116] ? __pfx_do_epoll_ctl+0x10/0x10 [ 1263.541845][T23116] ? rep_movs_alternative+0x30/0x90 [ 1263.541871][T23116] ? __x64_sys_epoll_ctl+0x15c/0x1e0 [ 1263.541890][T23116] __x64_sys_epoll_ctl+0x15c/0x1e0 [ 1263.541912][T23116] ? __pfx___x64_sys_epoll_ctl+0x10/0x10 [ 1263.541935][T23116] ? rcu_is_watching+0x12/0xc0 [ 1263.541967][T23116] do_syscall_64+0x10b/0xf80 [ 1263.541996][T23116] ? clear_bhb_loop+0x40/0x90 [ 1263.542023][T23116] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1263.542046][T23116] RIP: 0033:0x7fcf2119c819 [ 1263.542063][T23116] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1263.542084][T23116] RSP: 002b:00007fcf21fe1028 EFLAGS: 00000246 ORIG_RAX: 00000000000000e9 [ 1263.542105][T23116] RAX: ffffffffffffffda RBX: 00007fcf21415fa0 RCX: 00007fcf2119c819 [ 1263.542119][T23116] RDX: 0000000000000003 RSI: 0000000000000001 RDI: 0000000000000004 [ 1263.542132][T23116] RBP: 00007fcf21232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1263.542145][T23116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1263.542158][T23116] R13: 00007fcf21416038 R14: 00007fcf21415fa0 R15: 00007ffc06cd1448 [ 1263.542185][T23116] [ 1264.132921][T13621] Bluetooth: hci2: command tx timeout [ 1264.192868][T23101] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1265.151560][T23101] hsr_slave_0: entered promiscuous mode [ 1265.203903][T23101] hsr_slave_1: entered promiscuous mode [ 1265.259146][T23101] debugfs: 'hsr0' already exists in 'hsr' [ 1265.304307][T23101] Cannot create hsr debugfs directory [ 1266.194683][ T12] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.216075][T13621] Bluetooth: hci2: command tx timeout [ 1266.822090][ T12] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1267.299549][ T12] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1267.726231][ T12] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1268.295002][T13621] Bluetooth: hci2: command tx timeout [ 1271.480830][ T12] bridge_slave_1: left allmulticast mode [ 1271.528112][ T12] bridge_slave_1: left promiscuous mode [ 1271.605694][ T12] bridge0: port 2(bridge_slave_1) entered disabled state [ 1271.757805][ T12] bridge_slave_0: left allmulticast mode [ 1271.811461][ T12] bridge_slave_0: left promiscuous mode [ 1271.857604][ T12] bridge0: port 1(bridge_slave_0) entered disabled state [ 1273.189570][ T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1273.270863][ T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1273.351662][ T12] bond0 (unregistering): Released all slaves [ 1273.530618][T23101] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1273.653536][T23101] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1273.745818][T23101] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1273.853217][T23101] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1273.944138][T23101] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1274.084063][T23101] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1274.152470][T23101] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1274.313507][T23101] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1274.409973][ T5488] 8021q: adding VLAN 0 to HW filter on device eth1 [ 1274.518938][T23194] syz.4.3548(23194): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 1275.212951][T23200] binder: 23197:23200 ioctl 40046210 0 returned -14 [ 1277.234570][ T12] hsr_slave_0: left promiscuous mode [ 1277.451387][ T12] hsr_slave_1: left promiscuous mode [ 1277.508443][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1277.598438][ T12] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1277.674636][ T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1277.772939][ T12] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1278.152779][ T12] veth0_macvtap: left promiscuous mode [ 1278.235219][ T12] veth1_vlan: left promiscuous mode [ 1278.283503][ T12] veth0_vlan: left promiscuous mode [ 1281.024724][ T12] team0 (unregistering): Port device team_slave_1 removed [ 1281.203149][ T12] team0 (unregistering): Port device team_slave_0 removed [ 1282.102216][ T12] smc: removing net device dummy0 with user defined pnetid DUMMY0 [ 1282.725166][ T5488] 8021q: adding VLAN 0 to HW filter on device eth2 [ 1282.954019][T23101] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1283.166282][T23101] 8021q: adding VLAN 0 to HW filter on device team0 [ 1283.265176][ T3449] bridge0: port 1(bridge_slave_0) entered blocking state [ 1283.272364][ T3449] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1283.430945][T22132] bridge0: port 2(bridge_slave_1) entered blocking state [ 1283.438139][T22132] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1285.751983][T23101] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1287.369400][ T5488] 8021q: adding VLAN 0 to HW filter on device eth3 [ 1287.964002][T23101] veth0_vlan: entered promiscuous mode [ 1288.126453][T23101] veth1_vlan: entered promiscuous mode [ 1288.386599][T23101] veth0_macvtap: entered promiscuous mode [ 1288.482638][T23101] veth1_macvtap: entered promiscuous mode [ 1288.680720][T23101] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1288.894411][T23101] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1289.082743][T20927] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1289.166914][T20927] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1289.268309][T20927] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1289.361236][T20927] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1290.285855][ T3449] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1290.379812][ T3449] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1291.080880][ T3449] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1291.173732][ T3449] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1291.646186][ T5488] 8021q: adding VLAN 0 to HW filter on device eth4 [ 1294.367000][ T30] audit: type=1807 audit(4294967440.050:23): UNKNOWN=0"û]$|Ë1jë0B|d™¹ýÓ‰OŸ¬+ö×/ÉéxÔóÈõWÓ¦–Ó^¸´gq%ḦrêOŽ res=0 [ 1294.454508][T23394] ima: policy update failed [ 1294.493615][ T30] audit: type=1802 audit(4294967440.050:24): pid=23393 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=update_policy cause=invalid-policy comm="syz.4.3576" res=0 errno=0 [ 1294.680424][ T30] audit: type=1802 audit(4294967440.300:25): pid=23394 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=policy_update cause=failed comm="syz.4.3576" res=0 errno=0 [ 1300.458244][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.475251][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1301.083965][T23440] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1308.868834][T23477] random: crng reseeded on system resumption [ 1311.050362][T23498] ubi0: attaching mtd0 [ 1311.226622][T23498] ubi0: scanning is finished [ 1311.541667][T23498] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1312.751854][T23498] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1313.627860][T23505] Invalid ELF header magic: != ELF [ 1317.821581][T23541] FAULT_INJECTION: forcing a failure. [ 1317.821581][T23541] name failslab, interval 1, probability 0, space 0, times 0 [ 1318.253962][T23541] CPU: 0 UID: 0 PID: 23541 Comm: syz.5.3599 Tainted: G L syzkaller #0 PREEMPT(full) [ 1318.254002][T23541] Tainted: [L]=SOFTLOCKUP [ 1318.254011][T23541] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1318.254031][T23541] Call Trace: [ 1318.254039][T23541] [ 1318.254048][T23541] dump_stack_lvl+0x100/0x190 [ 1318.254094][T23541] should_fail_ex.cold+0x5/0xa [ 1318.254125][T23541] should_failslab+0xc2/0x120 [ 1318.254163][T23541] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1318.254190][T23541] ? kernfs_fop_open+0x23d/0xd50 [ 1318.254222][T23541] kernfs_fop_open+0x23d/0xd50 [ 1318.254263][T23541] do_dentry_open+0x6d8/0x1660 [ 1318.254301][T23541] ? __pfx_kernfs_fop_open+0x10/0x10 [ 1318.254345][T23541] vfs_open+0x82/0x3f0 [ 1318.254386][T23541] path_openat+0x208c/0x31a0 [ 1318.254430][T23541] ? __pfx_path_openat+0x10/0x10 [ 1318.254474][T23541] do_file_open+0x20e/0x430 [ 1318.254509][T23541] ? __pfx_do_file_open+0x10/0x10 [ 1318.254562][T23541] ? alloc_fd+0x476/0x790 [ 1318.254597][T23541] ? do_getname+0x191/0x390 [ 1318.254623][T23541] do_sys_openat2+0x10d/0x1e0 [ 1318.254648][T23541] ? __pfx_do_sys_openat2+0x10/0x10 [ 1318.254683][T23541] __x64_sys_openat+0x12d/0x210 [ 1318.254727][T23541] ? __pfx___x64_sys_openat+0x10/0x10 [ 1318.254754][T23541] ? ksys_write+0x1ac/0x250 [ 1318.254791][T23541] ? rcu_is_watching+0x12/0xc0 [ 1318.254818][T23541] do_syscall_64+0x10b/0xf80 [ 1318.254849][T23541] ? clear_bhb_loop+0x40/0x90 [ 1318.254877][T23541] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1318.254901][T23541] RIP: 0033:0x7fb5da59c819 [ 1318.254920][T23541] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1318.254946][T23541] RSP: 002b:00007fb5db422028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1318.254973][T23541] RAX: ffffffffffffffda RBX: 00007fb5da815fa0 RCX: 00007fb5da59c819 [ 1318.255007][T23541] RDX: 0000000000002400 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1318.255023][T23541] RBP: 00007fb5da632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1318.255038][T23541] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1318.255052][T23541] R13: 00007fb5da816038 R14: 00007fb5da815fa0 R15: 00007ffd6858f028 [ 1318.255083][T23541] [ 1328.140944][T23608] Bluetooth: hci4: command 0x0406 tx timeout [ 1328.278957][T23634] random: crng reseeded on system resumption [ 1330.582909][T23657] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1330.746621][T23655] bridge0: port 4(gretap0) entered blocking state [ 1330.983548][T23655] bridge0: port 4(gretap0) entered disabled state [ 1331.215850][T23655] gretap0: entered allmulticast mode [ 1331.446803][T23655] gretap0: entered promiscuous mode [ 1331.603833][T23655] bridge0: port 4(gretap0) entered blocking state [ 1331.610427][T23655] bridge0: port 4(gretap0) entered forwarding state [ 1331.942110][T23664] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 1335.651854][T23671] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3631'. [ 1338.586612][T23696] random: crng reseeded on system resumption [ 1339.506869][T23705] futex_wake_op: syz.5.3629 tries to shift op by -2048; fix this program [ 1339.913469][T23697] 0x000000000001-0x000000020000 : "" [ 1340.235004][T23697] ftl_cs: FTL header corrupt! [ 1340.598134][T23717] random: crng reseeded on system resumption [ 1343.990950][T23738] random: crng reseeded on system resumption [ 1344.457185][T23743] futex_wake_op: syz.5.3639 tries to shift op by -2048; fix this program [ 1346.724023][T23758] Invalid ELF header magic: != ELF [ 1346.887518][T23764] Scaler: ================= START STATUS ================= [ 1347.071325][T23764] Scaler: ================== END STATUS ================== [ 1347.647396][ T30] audit: type=1804 audit(4294967330.570:26): pid=23761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.3642" name="/newroot/17/file0" dev="tmpfs" ino=114 res=1 errno=0 [ 1347.886628][ T30] audit: type=1804 audit(4294967330.750:27): pid=23762 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.5.3642" name="/newroot/17/file0" dev="tmpfs" ino=114 res=1 errno=0 [ 1350.274357][T23787] FAULT_INJECTION: forcing a failure. [ 1350.274357][T23787] name failslab, interval 1, probability 0, space 0, times 0 [ 1350.572144][T23787] CPU: 0 UID: 0 PID: 23787 Comm: syz.5.3646 Tainted: G L syzkaller #0 PREEMPT(full) [ 1350.572180][T23787] Tainted: [L]=SOFTLOCKUP [ 1350.572187][T23787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1350.572201][T23787] Call Trace: [ 1350.572208][T23787] [ 1350.572216][T23787] dump_stack_lvl+0x100/0x190 [ 1350.572258][T23787] should_fail_ex.cold+0x5/0xa [ 1350.572287][T23787] ? tomoyo_supervisor+0x65d/0x1340 [ 1350.572308][T23787] should_failslab+0xc2/0x120 [ 1350.572342][T23787] __kmalloc_noprof+0xe0/0x850 [ 1350.572377][T23787] tomoyo_supervisor+0x65d/0x1340 [ 1350.572404][T23787] ? __pfx_tomoyo_supervisor+0x10/0x10 [ 1350.572443][T23787] ? tomoyo_check_path_acl+0x141/0x210 [ 1350.572472][T23787] ? tomoyo_check_acl+0x1f7/0x410 [ 1350.572506][T23787] tomoyo_path_permission+0x270/0x3b0 [ 1350.572543][T23787] tomoyo_check_open_permission+0x34d/0x3c0 [ 1350.572579][T23787] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1350.572618][T23787] ? hook_file_open+0x24e/0x7a0 [ 1350.572683][T23787] ? path_get+0x61/0x80 [ 1350.572708][T23787] tomoyo_file_open+0x6b/0x90 [ 1350.572733][T23787] security_file_open+0xb5/0x1e0 [ 1350.572768][T23787] do_dentry_open+0x5aa/0x1660 [ 1350.572805][T23787] ? security_inode_permission+0xbf/0x250 [ 1350.572840][T23787] vfs_open+0x82/0x3f0 [ 1350.572872][T23787] path_openat+0x208c/0x31a0 [ 1350.572928][T23787] ? __pfx_path_openat+0x10/0x10 [ 1350.572975][T23787] do_file_open+0x20e/0x430 [ 1350.573014][T23787] ? __pfx_do_file_open+0x10/0x10 [ 1350.573074][T23787] ? alloc_fd+0x476/0x790 [ 1350.573112][T23787] ? do_getname+0x191/0x390 [ 1350.573140][T23787] do_sys_openat2+0x10d/0x1e0 [ 1350.573166][T23787] ? __pfx_do_sys_openat2+0x10/0x10 [ 1350.573203][T23787] __x64_sys_openat+0x12d/0x210 [ 1350.573231][T23787] ? __pfx___x64_sys_openat+0x10/0x10 [ 1350.573263][T23787] ? rcu_is_watching+0x12/0xc0 [ 1350.573291][T23787] do_syscall_64+0x10b/0xf80 [ 1350.573321][T23787] ? clear_bhb_loop+0x40/0x90 [ 1350.573349][T23787] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1350.573372][T23787] RIP: 0033:0x7fb5da59c819 [ 1350.573391][T23787] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1350.573414][T23787] RSP: 002b:00007fb5db422028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1350.573435][T23787] RAX: ffffffffffffffda RBX: 00007fb5da815fa0 RCX: 00007fb5da59c819 [ 1350.573451][T23787] RDX: 0000000000000001 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 1350.573465][T23787] RBP: 00007fb5da632c91 R08: 0000000000000000 R09: 0000000000000000 [ 1350.573479][T23787] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1350.573493][T23787] R13: 00007fb5da816038 R14: 00007fb5da815fa0 R15: 00007ffd6858f028 [ 1350.573523][T23787] [ 1354.277824][T23801] FAULT_INJECTION: forcing a failure. [ 1354.277824][T23801] name failslab, interval 1, probability 0, space 0, times 0 [ 1354.552716][T23801] CPU: 0 UID: 0 PID: 23801 Comm: syz.4.3648 Tainted: G L syzkaller #0 PREEMPT(full) [ 1354.552752][T23801] Tainted: [L]=SOFTLOCKUP [ 1354.552759][T23801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 1354.552772][T23801] Call Trace: [ 1354.552779][T23801] [ 1354.552792][T23801] dump_stack_lvl+0x100/0x190 [ 1354.552834][T23801] should_fail_ex.cold+0x5/0xa [ 1354.552862][T23801] should_failslab+0xc2/0x120 [ 1354.552896][T23801] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 1354.552932][T23801] ? landlock_restrict_sibling_threads+0x4f5/0x1490 [ 1354.552976][T23801] krealloc_node_align_noprof+0x30a/0x3e0 [ 1354.553012][T23801] landlock_restrict_sibling_threads+0x4f5/0x1490 [ 1354.553054][T23801] ? __pfx_landlock_restrict_sibling_threads+0x10/0x10 [ 1354.553088][T23801] ? rcu_is_watching+0x12/0xc0 [ 1354.553134][T23801] ? __pfx___might_resched+0x10/0x10 [ 1354.553157][T23801] ? landlock_merge_ruleset+0x213/0x830 [ 1354.553188][T23801] __do_sys_landlock_restrict_self+0x5d2/0x9e0 [ 1354.553219][T23801] do_syscall_64+0x10b/0xf80 [ 1354.553247][T23801] ? clear_bhb_loop+0x40/0x90 [ 1354.553273][T23801] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1354.553294][T23801] RIP: 0033:0x7fcf2119c819 [ 1354.553312][T23801] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1354.553333][T23801] RSP: 002b:00007fcf21fc0028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 1354.553354][T23801] RAX: ffffffffffffffda RBX: 00007fcf21416090 RCX: 00007fcf2119c819 [ 1354.553368][T23801] RDX: 0000000000000000 RSI: 000000000000000b RDI: 0000000000000006 [ 1354.553381][T23801] RBP: 00007fcf21232c91 R08: 0000000000000000 R09: 0000000000000000 [ 1354.553394][T23801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1354.553406][T23801] R13: 00007fcf21416128 R14: 00007fcf21416090 R15: 00007ffc06cd1448 [ 1354.553444][T23801] [ 1360.303228][T23831] kexec: Could not allocate control_code_buffer [ 1361.900457][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.907659][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1362.840519][T23866] vhci_hcd vhci_hcd.0: default hub control req: 0000 v0000 i0000 l0 [ 1363.510053][T23873] block2mtd: illegal erase size [ 1365.666379][ T30] audit: type=1800 audit(4294967348.600:28): pid=23892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3668" name="dbroot" dev="configfs" ino=209618 res=0 errno=0 [ 1370.771250][ T30] audit: type=1800 audit(4294967353.700:29): pid=23929 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3676" name="dbroot" dev="configfs" ino=213029 res=0 errno=0 [ 1377.432414][ T30] audit: type=1800 audit(4294967360.360:30): pid=23958 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3680" name="dbroot" dev="configfs" ino=216192 res=0 errno=0 [ 1380.140805][ T30] audit: type=1800 audit(4294967363.070:31): pid=23981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3682" name="dbroot" dev="configfs" ino=217701 res=0 errno=0 [ 1381.684922][ T30] audit: type=1800 audit(4294967364.600:32): pid=23998 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3686" name="dbroot" dev="configfs" ino=218661 res=0 errno=0 [ 1383.864605][T24017] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3689'. [ 1383.993718][T24017] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3689'. [ 1384.132821][ T30] audit: type=1800 audit(4294967367.060:33): pid=24020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3691" name="dbroot" dev="configfs" ino=220281 res=0 errno=0 [ 1384.465447][T23608] Bluetooth: hci2: command 0x0406 tx timeout [ 1384.869931][ T30] audit: type=1800 audit(4294967367.780:34): pid=24032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3693" name="dbroot" dev="configfs" ino=220281 res=0 errno=0 [ 1386.642819][ T30] audit: type=1800 audit(4294967369.570:35): pid=24037 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3694" name="dbroot" dev="configfs" ino=222132 res=0 errno=0 [ 1388.437072][ T30] audit: type=1800 audit(4294967371.360:36): pid=24050 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3697" name="dbroot" dev="configfs" ino=223472 res=0 errno=0 [ 1389.739947][ T30] audit: type=1800 audit(4294967372.660:37): pid=24061 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3700" name="dbroot" dev="configfs" ino=224313 res=0 errno=0 [ 1389.990140][ T30] audit: type=1800 audit(4294967372.730:38): pid=24062 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3699" name="dbroot" dev="configfs" ino=224313 res=0 errno=0 [ 1391.469107][ T30] audit: type=1800 audit(4294967374.400:39): pid=24073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3702" name="dbroot" dev="configfs" ino=225453 res=0 errno=0 [ 1393.793741][ T30] audit: type=1800 audit(4294967376.720:40): pid=24081 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3704" name="dbroot" dev="configfs" ino=227188 res=0 errno=0 [ 1394.186955][ T30] audit: type=1800 audit(4294967377.110:41): pid=24088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3706" name="dbroot" dev="configfs" ino=227188 res=0 errno=0 [ 1396.124087][ T30] audit: type=1800 audit(4294967379.050:42): pid=24098 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3708" name="dbroot" dev="configfs" ino=228832 res=0 errno=0 [ 1396.634266][ T30] audit: type=1800 audit(4294967379.560:43): pid=24102 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3709" name="dbroot" dev="configfs" ino=228832 res=0 errno=0 [ 1397.548802][ T30] audit: type=1800 audit(4294967380.470:44): pid=24113 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3712" name="dbroot" dev="configfs" ino=228832 res=0 errno=0 [ 1399.222305][ T30] audit: type=1800 audit(4294967382.150:45): pid=24125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3714" name="dbroot" dev="configfs" ino=231128 res=0 errno=0 [ 1400.732717][ T30] audit: type=1800 audit(4294967383.640:46): pid=24132 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3715" name="dbroot" dev="configfs" ino=232258 res=0 errno=0 [ 1402.020475][ T30] audit: type=1800 audit(4294967384.950:47): pid=24142 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3717" name="dbroot" dev="configfs" ino=233136 res=0 errno=0 [ 1403.364640][ T30] audit: type=1800 audit(4294967386.290:48): pid=24152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3720" name="dbroot" dev="configfs" ino=234064 res=0 errno=0 [ 1404.572694][ T30] audit: type=1800 audit(4294967387.500:49): pid=24162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3722" name="dbroot" dev="configfs" ino=234064 res=0 errno=0 [ 1405.009671][ T30] audit: type=1800 audit(4294967387.920:50): pid=24167 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3723" name="dbroot" dev="configfs" ino=234064 res=0 errno=0 [ 1405.256073][ T30] audit: type=1800 audit(4294967388.190:51): pid=24172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3724" name="dbroot" dev="configfs" ino=234064 res=0 errno=0 [ 1407.829344][ T30] audit: type=1800 audit(4294967390.750:52): pid=24190 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3728" name="dbroot" dev="configfs" ino=237368 res=0 errno=0 [ 1409.012552][ T30] audit: type=1800 audit(4294967391.930:53): pid=24197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3729" name="dbroot" dev="configfs" ino=238161 res=0 errno=0 [ 1411.097397][ T30] audit: type=1800 audit(4294967394.030:54): pid=24215 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3732" name="dbroot" dev="configfs" ino=239463 res=0 errno=0 [ 1411.901235][ T30] audit: type=1800 audit(4294967394.830:55): pid=24224 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3734" name="dbroot" dev="configfs" ino=239463 res=0 errno=0 [ 1415.480168][ T30] audit: type=1800 audit(4294967398.410:56): pid=24235 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3738" name="dbroot" dev="configfs" ino=242691 res=0 errno=0 [ 1423.344455][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.351433][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1428.694174][ T30] audit: type=1800 audit(4294967411.620:57): pid=24333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3760" name="dbroot" dev="configfs" ino=252154 res=0 errno=0 [ 1431.278013][ T30] audit: type=1800 audit(4294967414.200:58): pid=24343 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3763" name="dbroot" dev="configfs" ino=254084 res=0 errno=0 [ 1434.890498][ T30] audit: type=1800 audit(4294967417.810:59): pid=24368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3768" name="dbroot" dev="configfs" ino=256805 res=0 errno=0 [ 1438.240860][ T30] audit: type=1800 audit(4294967421.170:60): pid=24379 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3770" name="dbroot" dev="configfs" ino=259206 res=0 errno=0 [ 1443.892046][ T30] audit: type=1800 audit(4294967426.810:61): pid=24404 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3777" name="dbroot" dev="configfs" ino=263391 res=0 errno=0 [ 1446.317786][ T30] audit: type=1800 audit(4294967429.250:62): pid=24416 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3781" name="dbroot" dev="configfs" ino=265374 res=0 errno=0 [ 1451.727051][ T30] audit: type=1800 audit(4294967434.650:63): pid=24458 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3791" name="dbroot" dev="configfs" ino=269523 res=0 errno=0 [ 1457.900000][ T30] audit: type=1800 audit(4294967440.830:64): pid=24497 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3800" name="dbroot" dev="configfs" ino=274121 res=0 errno=0 [ 1463.992018][ T30] audit: type=1800 audit(4294967446.920:65): pid=24534 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3810" name="dbroot" dev="configfs" ino=279014 res=0 errno=0 [ 1476.603322][ T30] audit: type=1800 audit(4294967459.530:66): pid=24599 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3826" name="dbroot" dev="configfs" ino=289639 res=0 errno=0 [ 1482.919953][ T30] audit: type=1800 audit(4294967465.840:67): pid=24641 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3837" name="dbroot" dev="configfs" ino=295048 res=0 errno=0 [ 1484.795150][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.802385][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1485.204527][ T30] audit: type=1800 audit(4294967468.130:68): pid=24653 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3840" name="dbroot" dev="configfs" ino=297004 res=0 errno=0 [ 1486.746805][ T30] audit: type=1800 audit(4294967469.670:69): pid=24670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3844" name="dbroot" dev="configfs" ino=298235 res=0 errno=0 [ 1487.614595][ T30] audit: type=1800 audit(4294967470.540:70): pid=24674 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3845" name="dbroot" dev="configfs" ino=298809 res=0 errno=0 [ 1491.429292][ T30] audit: type=1800 audit(4294967474.360:71): pid=24690 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3849" name="dbroot" dev="configfs" ino=301726 res=0 errno=0 [ 1543.835280][ T30] audit: type=1800 audit(4294967526.760:72): pid=25021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.3916" name="dbroot" dev="configfs" ino=339515 res=0 errno=0 [ 1546.222683][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1546.229266][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1554.855969][ T30] audit: type=1800 audit(4294967537.790:73): pid=25088 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3927" name="dbroot" dev="configfs" ino=347228 res=0 errno=0 [ 1591.071978][ T30] audit: type=1800 audit(4294967574.000:74): pid=25299 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3962" name="dbroot" dev="configfs" ino=372106 res=0 errno=0 [ 1607.658285][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.669391][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1612.338592][ T30] audit: type=1800 audit(4294967595.270:75): pid=25438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3986" name="dbroot" dev="configfs" ino=387163 res=0 errno=0 [ 1620.820301][ T30] audit: type=1800 audit(4294967603.750:76): pid=25485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.3995" name="dbroot" dev="configfs" ino=393161 res=0 errno=0 [ 1642.576380][ T30] audit: type=1800 audit(4294967625.500:77): pid=25612 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4019" name="dbroot" dev="configfs" ino=408970 res=0 errno=0 [ 1648.352224][ T30] audit: type=1800 audit(4294967631.280:78): pid=25649 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.4026" name="dbroot" dev="configfs" ino=412991 res=0 errno=0 [ 1651.049842][ T30] audit: type=1800 audit(4294967633.970:79): pid=25670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4030" name="dbroot" dev="configfs" ino=414872 res=0 errno=0 [ 1652.934190][ T30] audit: type=1800 audit(4294967635.860:80): pid=25681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4033" name="dbroot" dev="configfs" ino=416309 res=0 errno=0 [ 1667.238120][ T30] audit: type=1800 audit(4294967650.170:81): pid=25770 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4047" name="dbroot" dev="configfs" ino=426108 res=0 errno=0 [ 1669.098738][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1669.107827][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1676.912237][ T30] audit: type=1800 audit(4294967659.840:82): pid=25823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4057" name="dbroot" dev="configfs" ino=433047 res=0 errno=0 [ 1677.910623][ T30] audit: type=1800 audit(4294967660.830:83): pid=25835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4059" name="dbroot" dev="configfs" ino=433047 res=0 errno=0 [ 1684.334348][ T30] audit: type=1800 audit(4294967667.260:84): pid=25878 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4066" name="dbroot" dev="configfs" ino=438311 res=0 errno=0 [ 1698.546146][ T30] audit: type=1800 audit(4294967681.470:85): pid=25971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4082" name="dbroot" dev="configfs" ino=448072 res=0 errno=0 [ 1709.314691][ T30] audit: type=1800 audit(4294967692.240:86): pid=26032 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4093" name="dbroot" dev="configfs" ino=455387 res=0 errno=0 [ 1730.540422][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.550169][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1732.983918][ T30] audit: type=1800 audit(4294967715.910:87): pid=26168 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.4114" name="dbroot" dev="configfs" ino=471313 res=0 errno=0 [ 1733.216797][ T30] audit: type=1800 audit(4294967716.000:88): pid=26170 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4115" name="dbroot" dev="configfs" ino=471313 res=0 errno=0 [ 1738.032537][ T30] audit: type=1800 audit(4294967720.960:89): pid=26200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4120" name="dbroot" dev="configfs" ino=474683 res=0 errno=0 [ 1738.639581][ T30] audit: type=1800 audit(4294967721.570:90): pid=26203 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4121" name="dbroot" dev="configfs" ino=474683 res=0 errno=0 [ 1740.651868][ T30] audit: type=1800 audit(4294967723.580:91): pid=26210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4123" name="dbroot" dev="configfs" ino=476695 res=0 errno=0 [ 1750.481195][T26273] netlink: 'syz.0.4134': attribute type 1 has an invalid length. [ 1757.228030][ T30] audit: type=1800 audit(4294967740.150:92): pid=26315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4141" name="dbroot" dev="configfs" ino=488280 res=0 errno=0 [ 1769.674697][ T30] audit: type=1800 audit(4294967752.600:93): pid=26388 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.4154" name="dbroot" dev="configfs" ino=496366 res=0 errno=0 [ 1777.502527][T26438] netlink: 'syz.5.4164': attribute type 1 has an invalid length. [ 1791.981443][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1791.994198][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1796.171630][ T30] audit: type=1800 audit(4294967779.090:94): pid=26554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4182" name="dbroot" dev="configfs" ino=514288 res=0 errno=0 [ 1809.937036][ T30] audit: type=1800 audit(4294967792.870:95): pid=26640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4197" name="dbroot" dev="configfs" ino=523673 res=0 errno=0 [ 1813.632060][ T30] audit: type=1800 audit(4294967796.560:96): pid=26662 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4201" name="dbroot" dev="configfs" ino=526232 res=0 errno=0 [ 1853.424359][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1853.439254][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1884.813461][T27078] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1885.497484][T27084] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1914.863277][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1914.876511][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1976.314926][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1976.329374][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2037.737181][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2037.748553][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2099.180993][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2099.200058][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2160.617494][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2160.630452][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2222.059258][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2222.072064][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2283.503132][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2283.515465][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2344.939905][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2344.954238][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2406.383519][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2406.392084][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2461.501317][T31348] FAULT_INJECTION: forcing a failure. [ 2461.501317][T31348] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2461.636982][T31348] CPU: 0 UID: 0 PID: 31348 Comm: syz.5.5067 Tainted: G L syzkaller #0 PREEMPT(full) [ 2461.637021][T31348] Tainted: [L]=SOFTLOCKUP [ 2461.637029][T31348] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2461.637043][T31348] Call Trace: [ 2461.637062][T31348] [ 2461.637071][T31348] dump_stack_lvl+0x100/0x190 [ 2461.637113][T31348] should_fail_ex.cold+0x5/0xa [ 2461.637142][T31348] core_sys_select+0x938/0xbb0 [ 2461.637180][T31348] ? __pfx_core_sys_select+0x10/0x10 [ 2461.637257][T31348] ? ktime_get_ts64+0x306/0x420 [ 2461.637292][T31348] ? ktime_get_ts64+0x318/0x420 [ 2461.637322][T31348] ? ktime_get_ts64+0x257/0x420 [ 2461.637357][T31348] kern_select+0x20c/0x270 [ 2461.637405][T31348] ? __pfx_kern_select+0x10/0x10 [ 2461.637438][T31348] ? xfd_validate_state+0x129/0x190 [ 2461.637514][T31348] __x64_sys_select+0xbd/0x160 [ 2461.637545][T31348] ? do_syscall_64+0x90/0xf80 [ 2461.637574][T31348] ? lockdep_hardirqs_on+0x78/0x100 [ 2461.637603][T31348] do_syscall_64+0x10b/0xf80 [ 2461.637630][T31348] ? clear_bhb_loop+0x40/0x90 [ 2461.637657][T31348] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2461.637679][T31348] RIP: 0033:0x7fb5da59c819 [ 2461.637697][T31348] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2461.637719][T31348] RSP: 002b:00007fb5db422028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 2461.637740][T31348] RAX: ffffffffffffffda RBX: 00007fb5da815fa0 RCX: 00007fb5da59c819 [ 2461.637754][T31348] RDX: 0000200000000100 RSI: 0000200000000340 RDI: 0000000000000001 [ 2461.637771][T31348] RBP: 00007fb5da632c91 R08: 0000200000000200 R09: 0000000000000000 [ 2461.637784][T31348] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 2461.637798][T31348] R13: 00007fb5da816038 R14: 00007fb5da815fa0 R15: 00007ffd6858f028 [ 2461.637825][T31348] [ 2464.646817][T31370] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5075'. [ 2464.740007][T31370] ipvlan1: entered promiscuous mode [ 2464.788520][T31370] ipvlan1: entered allmulticast mode [ 2464.835088][T31370] veth0_vlan: entered allmulticast mode [ 2465.922867][T31383] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5079'. [ 2465.943538][T31395] FAULT_INJECTION: forcing a failure. [ 2465.943538][T31395] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2466.047748][T31383] ipvlan1: entered promiscuous mode [ 2466.058324][T31395] CPU: 0 UID: 0 PID: 31395 Comm: syz.5.5083 Tainted: G L syzkaller #0 PREEMPT(full) [ 2466.058359][T31395] Tainted: [L]=SOFTLOCKUP [ 2466.058366][T31395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2466.058380][T31395] Call Trace: [ 2466.058387][T31395] [ 2466.058395][T31395] dump_stack_lvl+0x100/0x190 [ 2466.058436][T31395] should_fail_ex.cold+0x5/0xa [ 2466.058463][T31395] core_sys_select+0x938/0xbb0 [ 2466.058501][T31395] ? __pfx_core_sys_select+0x10/0x10 [ 2466.058558][T31395] ? ktime_get_ts64+0x306/0x420 [ 2466.058590][T31395] ? ktime_get_ts64+0x318/0x420 [ 2466.058618][T31395] ? ktime_get_ts64+0x257/0x420 [ 2466.058651][T31395] kern_select+0x20c/0x270 [ 2466.058751][T31395] ? __pfx_kern_select+0x10/0x10 [ 2466.058785][T31395] ? xfd_validate_state+0x129/0x190 [ 2466.058828][T31395] __x64_sys_select+0xbd/0x160 [ 2466.058859][T31395] ? do_syscall_64+0x90/0xf80 [ 2466.058888][T31395] ? lockdep_hardirqs_on+0x78/0x100 [ 2466.058919][T31395] do_syscall_64+0x10b/0xf80 [ 2466.058947][T31395] ? clear_bhb_loop+0x40/0x90 [ 2466.058973][T31395] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2466.058996][T31395] RIP: 0033:0x7fb5da59c819 [ 2466.059015][T31395] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2466.059036][T31395] RSP: 002b:00007fb5db422028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 2466.059056][T31395] RAX: ffffffffffffffda RBX: 00007fb5da815fa0 RCX: 00007fb5da59c819 [ 2466.059071][T31395] RDX: 0000200000000100 RSI: 0000200000000340 RDI: 0000000000000001 [ 2466.059090][T31395] RBP: 00007fb5da632c91 R08: 0000200000000200 R09: 0000000000000000 [ 2466.059104][T31395] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 2466.059117][T31395] R13: 00007fb5da816038 R14: 00007fb5da815fa0 R15: 00007ffd6858f028 [ 2466.059145][T31395] [ 2466.576286][T31383] ipvlan1: entered allmulticast mode [ 2466.584540][T31383] veth0_vlan: entered allmulticast mode [ 2467.123515][T31402] FAULT_INJECTION: forcing a failure. [ 2467.123515][T31402] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2467.234406][T31402] CPU: 0 UID: 0 PID: 31402 Comm: syz.4.5084 Tainted: G L syzkaller #0 PREEMPT(full) [ 2467.234441][T31402] Tainted: [L]=SOFTLOCKUP [ 2467.234448][T31402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2467.234461][T31402] Call Trace: [ 2467.234468][T31402] [ 2467.234476][T31402] dump_stack_lvl+0x100/0x190 [ 2467.234518][T31402] should_fail_ex.cold+0x5/0xa [ 2467.234546][T31402] core_sys_select+0x938/0xbb0 [ 2467.234585][T31402] ? __pfx_core_sys_select+0x10/0x10 [ 2467.234642][T31402] ? ktime_get_ts64+0x306/0x420 [ 2467.234674][T31402] ? ktime_get_ts64+0x318/0x420 [ 2467.234702][T31402] ? ktime_get_ts64+0x257/0x420 [ 2467.234735][T31402] kern_select+0x20c/0x270 [ 2467.234768][T31402] ? __pfx_kern_select+0x10/0x10 [ 2467.234800][T31402] ? xfd_validate_state+0x129/0x190 [ 2467.234843][T31402] __x64_sys_select+0xbd/0x160 [ 2467.234874][T31402] ? do_syscall_64+0x90/0xf80 [ 2467.234910][T31402] ? lockdep_hardirqs_on+0x78/0x100 [ 2467.234940][T31402] do_syscall_64+0x10b/0xf80 [ 2467.234968][T31402] ? clear_bhb_loop+0x40/0x90 [ 2467.234995][T31402] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2467.235017][T31402] RIP: 0033:0x7fcf2119c819 [ 2467.235034][T31402] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2467.235056][T31402] RSP: 002b:00007fcf21fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 2467.235077][T31402] RAX: ffffffffffffffda RBX: 00007fcf21415fa0 RCX: 00007fcf2119c819 [ 2467.235091][T31402] RDX: 0000200000000100 RSI: 0000200000000340 RDI: 0000000000000001 [ 2467.235104][T31402] RBP: 00007fcf21232c91 R08: 0000200000000200 R09: 0000000000000000 [ 2467.235117][T31402] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 2467.235131][T31402] R13: 00007fcf21416038 R14: 00007fcf21415fa0 R15: 00007ffc06cd1448 [ 2467.235158][T31402] [ 2467.240174][T31405] FAULT_INJECTION: forcing a failure. [ 2467.240174][T31405] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2467.902468][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2467.909627][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2468.074356][T13621] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 2468.668235][T31405] CPU: 0 UID: 0 PID: 31405 Comm: syz.5.5086 Tainted: G L syzkaller #0 PREEMPT(full) [ 2468.668274][T31405] Tainted: [L]=SOFTLOCKUP [ 2468.668282][T31405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2468.668295][T31405] Call Trace: [ 2468.668302][T31405] [ 2468.668312][T31405] dump_stack_lvl+0x100/0x190 [ 2468.668356][T31405] should_fail_ex.cold+0x5/0xa [ 2468.668386][T31405] core_sys_select+0x938/0xbb0 [ 2468.668427][T31405] ? __pfx_core_sys_select+0x10/0x10 [ 2468.668493][T31405] ? ktime_get_ts64+0x306/0x420 [ 2468.668528][T31405] ? ktime_get_ts64+0x318/0x420 [ 2468.668558][T31405] ? ktime_get_ts64+0x257/0x420 [ 2468.668593][T31405] kern_select+0x20c/0x270 [ 2468.668629][T31405] ? __pfx_kern_select+0x10/0x10 [ 2468.668663][T31405] ? xfd_validate_state+0x129/0x190 [ 2468.668709][T31405] __x64_sys_select+0xbd/0x160 [ 2468.668742][T31405] ? do_syscall_64+0x90/0xf80 [ 2468.668773][T31405] ? lockdep_hardirqs_on+0x78/0x100 [ 2468.668812][T31405] do_syscall_64+0x10b/0xf80 [ 2468.668842][T31405] ? clear_bhb_loop+0x40/0x90 [ 2468.668871][T31405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2468.668895][T31405] RIP: 0033:0x7fb5da59c819 [ 2468.668913][T31405] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2468.668935][T31405] RSP: 002b:00007fb5db422028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 2468.668957][T31405] RAX: ffffffffffffffda RBX: 00007fb5da815fa0 RCX: 00007fb5da59c819 [ 2468.668973][T31405] RDX: 0000200000000100 RSI: 0000200000000340 RDI: 0000000000000001 [ 2468.668987][T31405] RBP: 00007fb5da632c91 R08: 0000200000000200 R09: 0000000000000000 [ 2468.669001][T31405] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 2468.669015][T31405] R13: 00007fb5da816038 R14: 00007fb5da815fa0 R15: 00007ffd6858f028 [ 2468.669044][T31405] [ 2469.981933][T31422] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5090'. [ 2470.135675][T31422] ipvlan1: entered promiscuous mode [ 2470.166527][T31422] ipvlan1: entered allmulticast mode [ 2470.217701][T31422] veth0_vlan: entered allmulticast mode [ 2470.761524][T13621] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 2471.778924][T31435] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5094'. [ 2473.358643][T13621] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 2473.597187][T13621] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 2474.097080][T31462] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5103'. [ 2474.238722][T31473] FAULT_INJECTION: forcing a failure. [ 2474.238722][T31473] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2474.366321][T31473] CPU: 0 UID: 0 PID: 31473 Comm: syz.5.5107 Tainted: G L syzkaller #0 PREEMPT(full) [ 2474.366361][T31473] Tainted: [L]=SOFTLOCKUP [ 2474.366369][T31473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2474.366384][T31473] Call Trace: [ 2474.366391][T31473] [ 2474.366400][T31473] dump_stack_lvl+0x100/0x190 [ 2474.366445][T31473] should_fail_ex.cold+0x5/0xa [ 2474.366477][T31473] core_sys_select+0x938/0xbb0 [ 2474.366518][T31473] ? __pfx_core_sys_select+0x10/0x10 [ 2474.366582][T31473] ? ktime_get_ts64+0x306/0x420 [ 2474.366617][T31473] ? ktime_get_ts64+0x318/0x420 [ 2474.366665][T31473] ? ktime_get_ts64+0x257/0x420 [ 2474.366702][T31473] kern_select+0x20c/0x270 [ 2474.366737][T31473] ? __pfx_kern_select+0x10/0x10 [ 2474.366782][T31473] ? xfd_validate_state+0x129/0x190 [ 2474.366823][T31473] __x64_sys_select+0xbd/0x160 [ 2474.366852][T31473] ? do_syscall_64+0x90/0xf80 [ 2474.366879][T31473] ? lockdep_hardirqs_on+0x78/0x100 [ 2474.366906][T31473] do_syscall_64+0x10b/0xf80 [ 2474.366932][T31473] ? clear_bhb_loop+0x40/0x90 [ 2474.366957][T31473] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2474.366978][T31473] RIP: 0033:0x7fb5da59c819 [ 2474.366994][T31473] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2474.367015][T31473] RSP: 002b:00007fb5db422028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 2474.367034][T31473] RAX: ffffffffffffffda RBX: 00007fb5da815fa0 RCX: 00007fb5da59c819 [ 2474.367047][T31473] RDX: 0000200000000100 RSI: 0000200000000340 RDI: 0000000000000001 [ 2474.367060][T31473] RBP: 00007fb5da632c91 R08: 0000200000000200 R09: 0000000000000000 [ 2474.367089][T31473] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 2474.367103][T31473] R13: 00007fb5da816038 R14: 00007fb5da815fa0 R15: 00007ffd6858f028 [ 2474.367139][T31473] [ 2475.064903][T13621] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 2476.158698][T31486] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5111'. [ 2476.281535][T31486] ipvlan1: entered promiscuous mode [ 2476.350465][T31486] ipvlan1: entered allmulticast mode [ 2476.393882][T31486] veth0_vlan: entered allmulticast mode [ 2476.853262][T31497] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5112'. [ 2476.970031][T23608] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 2477.963445][T23608] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 2478.440419][T23608] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 2479.499948][T31520] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5120'. [ 2479.912460][T23608] Bluetooth: hci3: unexpected event 0x1c length: 725 > 5 [ 2480.472914][T31533] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5124'. [ 2481.218527][T23608] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 2482.723223][T23608] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 2491.025060][T31629] FAULT_INJECTION: forcing a failure. [ 2491.025060][T31629] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2491.192865][T31629] CPU: 0 UID: 0 PID: 31629 Comm: syz.4.5154 Tainted: G L syzkaller #0 PREEMPT(full) [ 2491.192902][T31629] Tainted: [L]=SOFTLOCKUP [ 2491.192910][T31629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2491.192925][T31629] Call Trace: [ 2491.192933][T31629] [ 2491.192942][T31629] dump_stack_lvl+0x100/0x190 [ 2491.192989][T31629] should_fail_ex.cold+0x5/0xa [ 2491.193019][T31629] core_sys_select+0x938/0xbb0 [ 2491.193060][T31629] ? __pfx_core_sys_select+0x10/0x10 [ 2491.193122][T31629] ? ktime_get_ts64+0x306/0x420 [ 2491.193155][T31629] ? ktime_get_ts64+0x318/0x420 [ 2491.193185][T31629] ? ktime_get_ts64+0x257/0x420 [ 2491.193233][T31629] kern_select+0x20c/0x270 [ 2491.193266][T31629] ? __pfx_kern_select+0x10/0x10 [ 2491.193298][T31629] ? xfd_validate_state+0x129/0x190 [ 2491.193340][T31629] __x64_sys_select+0xbd/0x160 [ 2491.193371][T31629] ? do_syscall_64+0x90/0xf80 [ 2491.193399][T31629] ? lockdep_hardirqs_on+0x78/0x100 [ 2491.193447][T31629] do_syscall_64+0x10b/0xf80 [ 2491.193476][T31629] ? clear_bhb_loop+0x40/0x90 [ 2491.193504][T31629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2491.193528][T31629] RIP: 0033:0x7fcf2119c819 [ 2491.193547][T31629] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2491.193570][T31629] RSP: 002b:00007fcf21fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 2491.193591][T31629] RAX: ffffffffffffffda RBX: 00007fcf21415fa0 RCX: 00007fcf2119c819 [ 2491.193606][T31629] RDX: 0000200000000100 RSI: 0000200000000340 RDI: 0000000000000001 [ 2491.193621][T31629] RBP: 00007fcf21232c91 R08: 0000200000000200 R09: 0000000000000000 [ 2491.193635][T31629] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 2491.193649][T31629] R13: 00007fcf21416038 R14: 00007fcf21415fa0 R15: 00007ffc06cd1448 [ 2491.193678][T31629] [ 2500.673892][T23608] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 2508.459358][T23608] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 2514.440957][T31840] FAULT_INJECTION: forcing a failure. [ 2514.440957][T31840] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2514.626886][T31840] CPU: 0 UID: 0 PID: 31840 Comm: syz.4.5196 Tainted: G L syzkaller #0 PREEMPT(full) [ 2514.626921][T31840] Tainted: [L]=SOFTLOCKUP [ 2514.626929][T31840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2514.626942][T31840] Call Trace: [ 2514.626949][T31840] [ 2514.626958][T31840] dump_stack_lvl+0x100/0x190 [ 2514.626999][T31840] should_fail_ex.cold+0x5/0xa [ 2514.627062][T31840] core_sys_select+0x9b9/0xbb0 [ 2514.627128][T31840] ? __pfx_core_sys_select+0x10/0x10 [ 2514.627199][T31840] ? ktime_get_ts64+0x306/0x420 [ 2514.627235][T31840] ? ktime_get_ts64+0x318/0x420 [ 2514.627267][T31840] ? ktime_get_ts64+0x257/0x420 [ 2514.627303][T31840] kern_select+0x20c/0x270 [ 2514.627341][T31840] ? __pfx_kern_select+0x10/0x10 [ 2514.627376][T31840] ? xfd_validate_state+0x129/0x190 [ 2514.627424][T31840] __x64_sys_select+0xbd/0x160 [ 2514.627457][T31840] ? do_syscall_64+0x90/0xf80 [ 2514.627489][T31840] ? lockdep_hardirqs_on+0x78/0x100 [ 2514.627521][T31840] do_syscall_64+0x10b/0xf80 [ 2514.627552][T31840] ? clear_bhb_loop+0x40/0x90 [ 2514.627581][T31840] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2514.627606][T31840] RIP: 0033:0x7fcf2119c819 [ 2514.627625][T31840] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2514.627649][T31840] RSP: 002b:00007fcf21fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 2514.627672][T31840] RAX: ffffffffffffffda RBX: 00007fcf21415fa0 RCX: 00007fcf2119c819 [ 2514.627688][T31840] RDX: 0000200000000100 RSI: 0000200000000340 RDI: 0000000000000001 [ 2514.627704][T31840] RBP: 00007fcf21232c91 R08: 0000200000000200 R09: 0000000000000000 [ 2514.627719][T31840] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2514.627732][T31840] R13: 00007fcf21416038 R14: 00007fcf21415fa0 R15: 00007ffc06cd1448 [ 2514.627762][T31840] [ 2517.950774][T31875] FAULT_INJECTION: forcing a failure. [ 2517.950774][T31875] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2518.054332][T31875] CPU: 0 UID: 0 PID: 31875 Comm: syz.4.5203 Tainted: G L syzkaller #0 PREEMPT(full) [ 2518.054369][T31875] Tainted: [L]=SOFTLOCKUP [ 2518.054376][T31875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2518.054390][T31875] Call Trace: [ 2518.054397][T31875] [ 2518.054406][T31875] dump_stack_lvl+0x100/0x190 [ 2518.054450][T31875] should_fail_ex.cold+0x5/0xa [ 2518.054479][T31875] core_sys_select+0x9b9/0xbb0 [ 2518.054521][T31875] ? __pfx_core_sys_select+0x10/0x10 [ 2518.054581][T31875] ? do_futex+0x192/0x350 [ 2518.054620][T31875] ? __pfx_do_futex+0x10/0x10 [ 2518.054661][T31875] kern_select+0x20c/0x270 [ 2518.054696][T31875] ? __pfx_kern_select+0x10/0x10 [ 2518.054730][T31875] ? xfd_validate_state+0x129/0x190 [ 2518.054776][T31875] __x64_sys_select+0xbd/0x160 [ 2518.054808][T31875] ? do_syscall_64+0x90/0xf80 [ 2518.054839][T31875] ? lockdep_hardirqs_on+0x78/0x100 [ 2518.054869][T31875] do_syscall_64+0x10b/0xf80 [ 2518.054899][T31875] ? clear_bhb_loop+0x40/0x90 [ 2518.054934][T31875] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2518.054958][T31875] RIP: 0033:0x7fcf2119c819 [ 2518.054978][T31875] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2518.055000][T31875] RSP: 002b:00007fcf21fe1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 2518.055023][T31875] RAX: ffffffffffffffda RBX: 00007fcf21415fa0 RCX: 00007fcf2119c819 [ 2518.055038][T31875] RDX: 0000200000000100 RSI: 0000200000000340 RDI: 0000000000000001 [ 2518.055052][T31875] RBP: 00007fcf21232c91 R08: 0000000000000000 R09: 0000000000000000 [ 2518.055067][T31875] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000000 [ 2518.055082][T31875] R13: 00007fcf21416038 R14: 00007fcf21415fa0 R15: 00007ffc06cd1448 [ 2518.055112][T31875] [ 2522.982560][T23608] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 2528.043561][T23608] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 2529.259852][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2529.273669][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2529.566259][T31973] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5221'. [ 2544.982107][T23608] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 2562.843638][T32310] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5279'. [ 2567.159863][T32360] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5288'. [ 2571.805058][T23608] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 2590.698269][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2590.717753][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2602.925770][T23608] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 2652.145648][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2652.163419][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2658.448480][ T721] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5428'. [ 2661.888628][T23608] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 2669.824245][T23608] Bluetooth: hci2: unexpected event 0x1c length: 725 > 5 [ 2672.156531][ T809] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888029f5d5c1 pfn:0x535ed [ 2672.355302][ T809] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 2672.434871][ T809] memcg:ffff88803356f802 [ 2672.492874][ T809] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 2672.575635][ T809] page_type: f2(table) [ 2672.606587][ T809] raw: 00fff00000000001 ffffea00014d7b01 00000000ffffffff 00000000ffffffff [ 2672.686275][ T809] raw: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 2672.772728][ T809] head: 00fff00000000040 ffffea00014d7908 ffffffff8e648180 0000000000000000 [ 2672.848259][ T809] head: ffff888029f5d5c0 0000000000000000 00000001f2000000 ffff88803356f802 [ 2672.931646][ T809] head: 00fff00000000001 ffffea00014d7b01 00000000ffffffff 00000000ffffffff [ 2673.028182][ T809] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 2673.104805][ T809] page dumped because: VM_BUG_ON_PAGE(page->compound_head & 1) [ 2673.167496][ T809] page_owner tracks the page as allocated [ 2673.223747][ T809] page last allocated via order 1, migratetype Unmovable, gfp_mask 0x440dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO|__GFP_COMP), pid 23101, tgid 23101 (syz-executor), ts 2672153114913, free_ts 2672056550608 [ 2673.393903][ T809] post_alloc_hook+0x153/0x170 [ 2673.429629][ T809] get_page_from_freelist+0x111d/0x3140 [ 2673.475756][ T809] __alloc_frozen_pages_noprof+0x27c/0x2bd0 [ 2673.530738][ T809] alloc_pages_mpol+0x1fb/0x550 [ 2673.569875][ T809] alloc_pages_noprof+0x136/0x390 [ 2673.619129][ T809] pgd_alloc+0x4d/0x630 [ 2673.675219][ T809] mm_init+0x6da/0x10d0 [ 2673.707017][ T809] copy_process+0x4876/0x7e30 [ 2673.754103][ T809] kernel_clone+0x12e/0x9c0 [ 2673.809183][ T809] __do_sys_clone+0xd9/0x120 [ 2673.842404][ T809] do_syscall_64+0x10b/0xf80 [ 2673.885657][ T809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2673.940012][ T809] page last free pid 821 tgid 821 stack trace: [ 2673.998079][ T809] __free_frozen_pages+0x7e1/0x10d0 [ 2674.048515][ T809] pgd_free+0x3eb/0x540 [ 2674.074087][ T809] __mmdrop+0xe5/0x750 [ 2674.104304][ T809] __mmput+0x379/0x410 [ 2674.141023][ T809] mmput+0x67/0x80 [ 2674.176819][ T809] do_exit+0x830/0x2b50 [ 2674.209839][ T809] do_group_exit+0xd5/0x2a0 [ 2674.256011][ T809] __x64_sys_exit_group+0x3e/0x50 [ 2674.317638][ T809] x64_sys_call+0x102c/0x1530 [ 2674.364019][ T809] do_syscall_64+0x10b/0xf80 [ 2674.409729][ T809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2674.466771][ T809] ------------[ cut here ]------------ [ 2674.472314][ T809] kernel BUG at ./include/linux/page-flags.h:351! SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2674.674334][ T809] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 2674.680619][ T809] CPU: 0 UID: 0 PID: 809 Comm: syz.0.5445 Tainted: G L syzkaller #0 PREEMPT(full) [ 2674.691398][ T809] Tainted: [L]=SOFTLOCKUP [ 2674.695726][ T809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 2674.705786][ T809] RIP: 0010:set_ps_flags+0x321/0x390 [ 2674.711134][ T809] Code: f6 0f 84 9e fe ff ff e8 6d 3b b8 ff 49 83 ed 01 e9 98 fe ff ff e8 5f 3b b8 ff 48 c7 c6 c0 75 be 8b 48 89 df e8 d0 80 05 00 90 <0f> 0b e8 d8 fd 24 00 e9 0e fd ff ff e8 fe fd 24 00 e9 78 fd ff ff [ 2674.730751][ T809] RSP: 0018:ffffc90003baf900 EFLAGS: 00010246 [ 2674.736829][ T809] RAX: 0000000000080000 RBX: ffffea00014d7b40 RCX: ffffc90010a79000 [ 2674.744827][ T809] RDX: 0000000000080000 RSI: ffffffff8255ab88 RDI: ffff8880324ba384 [ 2674.752806][ T809] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 2674.760781][ T809] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc90003baf9d0 [ 2674.768931][ T809] R13: 0000000000000000 R14: ffffea00014d7b74 R15: ffffc90003baf9d0 [ 2674.776909][ T809] FS: 00007f2c8f0b76c0(0000) GS:ffff888124314000(0000) knlGS:0000000000000000 [ 2674.785851][ T809] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2674.792442][ T809] CR2: 00007f43e5347e20 CR3: 0000000055014000 CR4: 00000000003526f0 [ 2674.800413][ T809] Call Trace: [ 2674.803695][ T809] [ 2674.806630][ T809] snapshot_page+0x49a/0x660 [ 2674.811241][ T809] get_kpage_count+0x94/0x240 [ 2674.815927][ T809] ? __pfx_get_kpage_count+0x10/0x10 [ 2674.821237][ T809] ? __pfx___might_resched+0x10/0x10 [ 2674.826527][ T809] ? __nr_to_section+0xaa/0x100 [ 2674.831388][ T809] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 2674.837294][ T809] kpage_read.isra.0+0x1b8/0x2b0 [ 2674.842268][ T809] ? __pfx_kpagecount_read+0x10/0x10 [ 2674.847571][ T809] proc_reg_read+0x120/0x330 [ 2674.852275][ T809] ? __pfx_proc_reg_read+0x10/0x10 [ 2674.857396][ T809] vfs_readv+0x5d8/0x8d0 [ 2674.861657][ T809] ? __pfx_vfs_readv+0x10/0x10 [ 2674.866440][ T809] ? __fget_files+0x21f/0x3d0 [ 2674.871153][ T809] ? do_readv+0x13e/0x340 [ 2674.875493][ T809] do_readv+0x13e/0x340 [ 2674.879713][ T809] ? __pfx_do_readv+0x10/0x10 [ 2674.884400][ T809] ? rcu_is_watching+0x12/0xc0 [ 2674.889169][ T809] do_syscall_64+0x10b/0xf80 [ 2674.893796][ T809] ? clear_bhb_loop+0x40/0x90 [ 2674.898483][ T809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2674.904382][ T809] RIP: 0033:0x7f2c8e19c819 [ 2674.908803][ T809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 2674.928418][ T809] RSP: 002b:00007f2c8f0b7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000013 [ 2674.936843][ T809] RAX: ffffffffffffffda RBX: 00007f2c8e416090 RCX: 00007f2c8e19c819 [ 2674.944821][ T809] RDX: 0000000100000007 RSI: 00002000000001c0 RDI: 0000000000000003 [ 2674.952817][ T809] RBP: 00007f2c8e232c91 R08: 0000000000000000 R09: 0000000000000000 [ 2674.960795][ T809] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2674.968776][ T809] R13: 00007f2c8e416128 R14: 00007f2c8e416090 R15: 00007ffe8b969488 [ 2674.976778][ T809] [ 2674.979814][ T809] Modules linked in: [ 2674.985091][ T809] ---[ end trace 0000000000000000 ]--- [ 2675.361731][T23608] Bluetooth: hci4: unexpected event 0x1c length: 725 > 5 [ 2676.958468][ T809] RIP: 0010:set_ps_flags+0x321/0x390 [ 2677.164871][ T809] Code: f6 0f 84 9e fe ff ff e8 6d 3b b8 ff 49 83 ed 01 e9 98 fe ff ff e8 5f 3b b8 ff 48 c7 c6 c0 75 be 8b 48 89 df e8 d0 80 05 00 90 <0f> 0b e8 d8 fd 24 00 e9 0e fd ff ff e8 fe fd 24 00 e9 78 fd ff ff [ 2677.325096][T29203] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2677.460159][ T809] RSP: 0018:ffffc90003baf900 EFLAGS: 00010246 [ 2677.551490][ T809] RAX: 0000000000080000 RBX: ffffea00014d7b40 RCX: ffffc90010a79000 [ 2677.568626][T29203] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2677.617968][ T809] RDX: 0000000000080000 RSI: ffffffff8255ab88 RDI: ffff8880324ba384 [ 2677.676695][ T809] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 2677.696254][T29203] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2677.731300][ T809] R10: 0000000000000001 R11: 0000000000000000 R12: ffffc90003baf9d0 [ 2677.773556][T29203] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2677.797955][ T809] R13: 0000000000000000 R14: ffffea00014d7b74 R15: ffffc90003baf9d0 [ 2677.836154][ T809] FS: 00007f2c8f0b76c0(0000) GS:ffff888124314000(0000) knlGS:0000000000000000 [ 2677.879578][ T809] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2677.932292][ T809] CR2: 0000562fafe15ee8 CR3: 0000000055014000 CR4: 00000000003526f0 [ 2677.982444][T29203] bridge_slave_1: left allmulticast mode [ 2678.001189][ T809] Kernel panic - not syncing: Fatal exception [ 2678.007346][ T809] Kernel Offset: disabled [ 2678.011678][ T809] Rebooting in 86400 seconds..