last executing test programs: 14m24.875762143s ago: executing program 1 (id=1154): r0 = prctl$auto(0x41, 0x3, 0x0, 0x0, 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$auto_SO_PEEK_OFF(r1, 0x0, 0x2a, 0x0, 0x6) pwritev$auto(r0, 0x0, 0x2, 0xfffffffffffff274, 0x6) msgget$auto(0xc, 0x77d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_USBDEVFS_RELEASEINTERFACE(0xffffffffffffffff, 0x80045510, &(0x7f0000000040)=0x1) sendto$auto(r0, 0x0, 0xffffffffffffbdef, 0x101, 0x0, 0x1c) r2 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_SMC_NETLINK_DISABLE_SEID(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r2], 0x14}, 0x1, 0x0, 0x0, 0x880}, 0x810) sendmsg$auto_SMC_NETLINK_DISABLE_HS_LIMITATION(r0, &(0x7f0000000300)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, 0x0}, 0x87) ioctl$auto(0x3, 0x541b, 0x38) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\x00\x80\x00\x00\x00\x00\x00\x00j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) r3 = openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) read$auto(r3, 0x0, 0x8) ioctl$auto(r3, 0xbf, r3) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) getdents$auto(r4, 0x0, 0xa2b0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) read$auto(r5, 0x0, 0x20) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) futex_waitv$auto(&(0x7f0000000180)={0x3fb, 0x6, 0x2, 0xfff}, 0x3, 0xbffffffc, 0x0, 0x81) bpf$auto(0x5, &(0x7f0000000100)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8002}, 0x101) r6 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0x40900, 0x0) ioctl$auto_UBI_IOCATT(r6, 0x40186f40, 0x0) msync$auto(0x0, 0x2000000005, 0x6) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1e00df45"], 0x1ac}}, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0xfffffffe, &(0x7f0000000100)={&(0x7f0000000080), 0x180}, 0x2, &(0x7f0000000340), 0x7, 0xa505}, 0x800}, 0x7, 0x6) 14m24.227265738s ago: executing program 1 (id=1156): r0 = socket(0xa, 0x3, 0x3a) getsockopt$auto(0x3, 0x0, 0xe, 0x0, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) pipe$auto(&(0x7f0000000000)=r0) r2 = epoll_create$auto(0x3e) poll$auto(&(0x7f0000000040)={r1, 0x1, 0xa}, 0x5, 0x108) epoll_ctl$auto(r2, 0x1, r1, 0x0) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xb5n\x91p\xe6\x1eRN8\x99\b\x06\x11\x00\x00\x00\x00?W\xff\xff\xba\xae\xb8-\x14\xe4\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\x00\x00\x9f\x1e\xf6\xa4*\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e#\xae\xa9\xc5\x93\x1dD\x811\xb9_\xdd*j\xfd\xeb\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;\x9e\x83\x120\x81\x11\x9a?g`sFh\x00\x00\xda,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xdex\xd8\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00'/228, 0x8fdef, 0x4000000000000007) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x1d, 0x2, 0x5) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x3, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/debug/block/sda/sched/read0_fifo_list\x00', 0x2000, 0x0) read$auto_blk_mq_debugfs_fops_blk_mq_debugfs(r4, &(0x7f0000000040)=""/163, 0xa3) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x948b, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x8000001c, 0x1002, 0xb, 0x9, 0x1, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x8000000000001fd, 0x20000000007, 0xea8, 0x1000000000000bc3, 0xaf000000000, 0x3, 0xff, 0x200010001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) 14m23.14479816s ago: executing program 1 (id=1162): sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 14m22.887595509s ago: executing program 1 (id=1163): openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0x2000040080000004, 0xe) r0 = open(&(0x7f0000000000)='./bus\x00', 0xa23c2, 0x1c0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x2) getdents64$auto(r1, &(0x7f0000000f40)={0x309, 0x7, 0xffff, 0x7}, 0x200c8) mlockall$auto(0x7) mlockall$auto(0xffffffff) r2 = socket$auto(0x80000000, 0x497e, 0x6) r3 = openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cec8\x00', 0x0, 0x0) r4 = openat$auto_tracing_stats_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/per_cpu/cpu1/stats\x00', 0x183001, 0x0) ioctl$auto_VHOST_SET_LOG_FD(r2, 0x4004af07, &(0x7f0000000140)=r4) ioctl$auto_CEC_DQEVENT(r3, 0xc0506107, 0x0) socket$nl_generic(0x10, 0x3, 0x10) setuid$auto(0x800000000008) openat$auto_tracing_fops_trace(0xffffffffffffff9c, &(0x7f0000000140)='/sys/kernel/tracing/per_cpu/cpu0/trace\x00', 0x1a6b75d638828712, 0x0) fcntl$auto(0x3, 0x4, 0xffffffffffffffff) ioctl$auto_FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, &(0x7f0000000040)="2e5d2c8da54e0b2fcb") msgctl$auto_MSG_INFO(0x7ff, 0xc, &(0x7f0000000240)={{0x1, 0xee00, 0xee00, 0x8, 0x7, 0x5, 0xfff}, 0x0, &(0x7f0000000200)=0x7a, 0xfe0, 0x8, 0x9, 0x5, 0x80, 0xfff, 0xe, 0x9}) r6 = socket$nl_generic(0x10, 0x3, 0x10) fcntl$auto_F_SETSIG(r6, 0xa, 0x6) r7 = fcntl$getown(r6, 0x9) shmctl$auto_IPC_SET(0xffffff2c, 0x1, &(0x7f0000000300)={{0x8000100, 0xee00, 0xee00, 0x2, 0x1, 0x5, 0xfff8}, 0x80000001, 0x1, 0xe, 0xffffffffffff304d, @raw=0x6, @inferred=r7, 0x100, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000600)={'vxcan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_DEL_MPATH(r6, &(0x7f00000006c0)={&(0x7f00000005c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000680)={&(0x7f0000000640)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fedbdf251800000008000300", @ANYRES32=r9, @ANYBLOB="0800230101000000"], 0x24}, 0x1, 0x0, 0x0, 0x24000800}, 0x4008880) sendmsg$auto_OVS_CT_LIMIT_CMD_GET(r2, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000b80)=ANY=[@ANYRES8=r3, @ANYRES16=0x0, @ANYBLOB="00042abd7000fddbdf2503082000ae9a01800800020066e0ae68f5a3762341f0ebc1f0cfa0fa7c25bbaa6b1790508ba1528b3419e38251c57371e8353ead17a0eb9d73ead249acb95d64cb34c1fbcd011ea65a1e4819d1705b6bd4b8e099fa2aa44045b3c95b0b052af070b56dd953793fcb424e4ca23527130b9089d1db58559059dcb7bcfafc0e0f0b86e198f678e03387df3302542cdf01c1479bc99ca5ac291355a400b33db3100ef211a3c3d8572b206889632cc3098b238be38d1197826345f9f0bff9cd2990332287219ff06de9", @ANYRES32=r5, @ANYBLOB="08005080040087000800250009000000192010f06f477f7a135ab0c49361555bbd6294bcc1a521ec53bc37306adbeec6bcb151b02492e997d8de28eab06396e840aaf4af86f647643e88adf5e7f18162339d165cb902d4d59febba0fb2cbca10ad3f3a1981e6fce31b025d50c03924d58b94570d98b182a317aa54f754fc4d6b3c0fe65a7a1b449d056f86458a632948388957af25d6d809da769f35eb0c91460f4bf5e9aa5a36970505d1bf4404b14f956ac479e6d15351f02ce15344333ee6fae45bea042987bec03082a164b30095800400398049e84012784ef1c1923579eaa85baa3ca64e9a1b19e6bc256b3712d91f4e12bbfbe793bb2cbc8981e4c6d1237ac621d229ae1064e9698fbdc5f72dbae0e78a87f4fa7197e23bff1b5bd36d1f110fbffae3d4514c0400f480060041007d0000004f1a6b86cd12642f8a0400cb80404890039fcb69ef2c1f8971aec4e1122c864828a5a1f15c1fac2f730fb346abf81ef59e9b601dfe749c08002400", @ANYBLOB="aab6e80e49c9cb0a066d503523db38b4f5d8fb06ca2f1a7c9d23d98d533c3ae7e107193bf0cb3b83c4407204cd51538c9809b7af0a87b6c5b53feccfe1c4cda89ebb27296429ef2667c407723e34d3f6b9a14545b3d8e0db7579b417311f90c8dd502b5d341554e8fb23a4a8cb9f1227c21f14ae2b223f3affa9e87246a98c3ba4a514e03a62ce82d716fd5d1a2c2c75e81e987814881362e12c78ed90d488ce543f859b5e0ddabf0705f763afc187b89ada52ddbc5165324d78526047d36808275974245bc5371156eabd9888fa47ecb940", @ANYRESHEX=r8], 0x264}, 0x1, 0x0, 0x0, 0x4008040}, 0x0) ioctl$auto_CEC_DQEVENT(r3, 0xc0506107, 0x0) syz_genetlink_get_family_id$auto_smc_pnetid(0xfffffffffffffffc, 0xffffffffffffffff) madvise$auto(0x6450, 0x0, 0xc) 14m22.493721669s ago: executing program 1 (id=1164): mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xffffffffffffffff, 0x8000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101c40, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r0, 0x560a, r1) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES16=r3, @ANYBLOB="e73625bd7000fddbdf250b0000000800130007000000080004009a000000"], 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) setsockopt$auto(r2, 0xa, 0x9, &(0x7f0000000080)='/dev/sg0\x00', 0x0) setreuid$auto(0xffffffffffffffff, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(0xffffffffffffffff, 0x0, 0x48084) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/controlC1\x00', 0x80000, 0x0) connect$auto(0x3, 0x0, 0x54) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0x8, 0x8000) r4 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r4, 0x0, 0x101, 0x103) r5 = ioctl$auto_TIOCGPTPEER(r1, 0x5441, 0x0) sendmsg$auto_NL802154_CMD_NEW_SEC_LEVEL(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000440)={&(0x7f0000000340)={0xec, 0x0, 0x200, 0x70bd2a, 0x25dfdbfe, {}, [@NL802154_ATTR_NETNS_FD={0x8, 0x1d, r1}, @NL802154_ATTR_NETNS_FD={0x8, 0x1d, r5}, @NL802154_ATTR_MAX_FRAME_RETRIES={0x5, 0xf, 0x8}, @NL802154_ATTR_SEC_DEVICE={0xc0, 0x2e, 0x0, 0x1, [@typed={0x9f, 0x12f, 0x0, 0x0, @binary="722ee2c6218702ec3231df22b404bd8002e9bbe38258f022b9a95927d14cc3b0dccaff0413f012355da1cffeafce5837b94ccd62996582d60dd7582713e2bacd298cb0de002c111ccd8c8da163f89434c520f843e1388c73556e564df1afed63e81e01981f5180989e3bcc6cf0bb56b367b58c2baeaba12e92505b6f63e5fd4c1c8d40546dcd5222a7f7ebc6d1f9e004e6297dba7771e63888a5ed"}, @nested={0xc, 0x17, 0x0, 0x1, [@typed={0x8, 0x7d, 0x0, 0x0, @ipv4=@empty}]}, @typed={0x8, 0xbc, 0x0, 0x0, @u32=0x80}, @typed={0x8, 0x63, 0x0, 0x0, @ipv4=@multicast2}]}]}, 0xec}, 0x1, 0x0, 0x0, 0x8000}, 0x40014) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) unshare$auto(0x40000080) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) remap_file_pages$auto(0x40, 0x2000fff, 0x0, 0xdc, 0x100000) ioctl$auto_FS_IOC_GETFSLABEL(r1, 0x81009431, &(0x7f0000000100)="83970b7b471b2671f0e384fb0f365c712a757edc19b450715638e29c7696832f1517c7e9f8917a253ebbf75d48b434efca8f108281910325a818fa28d530b2e42c693ccf71c746cd7332ca4a767832f6b5d3259882481a8cd76732e54a96f828431760b81345eac00edbb65a565e2b71de7e7f3a23140d4c98d391f65516ab985bf0205d5c49598c3e5647f51de7b8562aade82d337a94f384e0ebc83538a3df70456c9b0dd4a2b6c4fabc813f58765a3a5006d01d495bd81b516dfa800aafc11e7e9b12d0b677ddc32813b3dd497d9c2c32170dfaade0f851bed59eccf307ed4c422e3da0767d66dcdb8bdf8a9af810e8dac9f05d40a85e3902a6208f07c005") clock_nanosleep$auto(0x2, 0x6, &(0x7f0000000840)={0x0, 0xc025}, 0x0) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) 14m20.754458214s ago: executing program 1 (id=1169): close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x400) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0xaf1) mmap$auto(0x6, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, 0x0, 0x6a) connect$auto(0x3, 0x0, 0x6) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cpu/0/cpuid\x00', 0xad80, 0x0) readv$auto(r1, &(0x7f0000000480)={0x0, 0x400000000040200}, 0x3) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) mq_open$auto(&(0x7f0000000040)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0xffff0000, 0xe2, &(0x7f0000000100)={0x1, 0xfffffffffffffffd, 0x5, 0x10000000009}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x440000, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snd/midiC2D0\x00', 0x7e860bd1d717ca58, 0x0) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0x8000000e, 0x0, 0x0, &(0x7f00000002c0)={[0x400000000001ff, 0x8, 0xfffffffffffffffb, 0x47ac5677, 0x2, 0x3, 0x3, 0x3, 0x2, 0x2000000008003, 0x80000000003fffff, 0x3, 0xff, 0x8000000002, 0x5, 0x9]}, 0x0) mmap$auto(0x1003, 0x9d7, 0x9, 0x1d, 0xffffffffffffffff, 0x40000000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/net/arp\x00', 0x101400, 0x0) pread64$auto(r3, 0x0, 0xf429, 0x100) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x4, 0xe983, 0x7fff, 0xeb3, 0x401, 0x10000003) keyctl$auto(0x11, 0xfffffffd, 0x0, 0x0, 0x1000000000008) open(&(0x7f00000001c0)='./file0\x00', 0x8c81, 0xd1) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) 14m5.68437239s ago: executing program 32 (id=1169): close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x400) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0xaf1) mmap$auto(0x6, 0x20009, 0x4000000000df, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, 0x0, 0x6a) connect$auto(0x3, 0x0, 0x6) r1 = openat$auto_cpuid_fops_cpuid(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cpu/0/cpuid\x00', 0xad80, 0x0) readv$auto(r1, &(0x7f0000000480)={0x0, 0x400000000040200}, 0x3) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) mq_open$auto(&(0x7f0000000040)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0xffff0000, 0xe2, &(0x7f0000000100)={0x1, 0xfffffffffffffffd, 0x5, 0x10000000009}) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x440000, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/snd/midiC2D0\x00', 0x7e860bd1d717ca58, 0x0) write$auto(r2, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0x8000000e, 0x0, 0x0, &(0x7f00000002c0)={[0x400000000001ff, 0x8, 0xfffffffffffffffb, 0x47ac5677, 0x2, 0x3, 0x3, 0x3, 0x2, 0x2000000008003, 0x80000000003fffff, 0x3, 0xff, 0x8000000002, 0x5, 0x9]}, 0x0) mmap$auto(0x1003, 0x9d7, 0x9, 0x1d, 0xffffffffffffffff, 0x40000000) r3 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/thread-self/net/arp\x00', 0x101400, 0x0) pread64$auto(r3, 0x0, 0xf429, 0x100) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, r1, 0x3) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x4, 0xe983, 0x7fff, 0xeb3, 0x401, 0x10000003) keyctl$auto(0x11, 0xfffffffd, 0x0, 0x0, 0x1000000000008) open(&(0x7f00000001c0)='./file0\x00', 0x8c81, 0xd1) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) mmap$auto(0x0, 0x9, 0xc00000072, 0x8b72, 0x1000000002, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) 11m3.549822341s ago: executing program 4 (id=1666): r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/004/001\x00', 0x1102, 0x0) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/bus/usb/038/001\x00', 0x201, 0x0) ioctl$auto_USBDEVFS_DISCONNECT_CLAIM(r1, 0x8108551b, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) socket(0xa, 0x3, 0x3b) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/loop6\x00', 0x20082, 0x0) r3 = open(0x0, 0x8600, 0xe6) mmap$auto(0xfffffffffffffffa, 0x6bcb, 0xdf, 0xebe, r1, 0x4) socketpair$auto(0x1e, 0x6, 0x8, 0x0) r4 = socket(0x2c, 0x3, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x204c000}, 0x40854) unshare$auto(0x40000080) unshare$auto(0x40000080) unshare$auto(0x40000080) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) mmap$auto(0x0, 0x9, 0x80, 0x16, r3, 0x1) close_range$auto(0x0, 0xffffffffffffffff, 0x2) move_pages$auto(0x1, 0xf54, 0x0, 0x0, 0x0, 0x8000000000000000) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x100) ioctl$auto(0x1, 0x8983, 0x4) kexec_load$auto(0xffffffff, 0x5, &(0x7f0000000080)={@buf=0x0, 0xffffffffffffffff, 0x8000, 0x403000}, 0x4) kexec_load$auto(0xff, 0xd, &(0x7f0000000140)={@buf=&(0x7f00000000c0)="a4fc60c3cde5180ed6dc21253ad62d0090fd882763a3b9ac9585b08c1a24d3eb9af01273e4fe29f02292cb5746481f349463edfdedc2cdf1f84d059f7f446cc6627ac7f6c67aa84f193eeeebf8aacdc67263a7a116e6baef0d082e6234c97f1140955cab635ee98d6de0e180f081d0229975e43a", 0xfffffffffffffff8, 0x8, 0xffffffffffffff01}, 0x2) getsockopt$auto(r4, 0x11b, 0x8, 0x0, 0x0) r5 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40802, 0x0) getdents64$auto(0xffffffffffffffff, 0x0, 0x7f) read$auto(r5, &(0x7f00000002c0)='N\xd5\f\xb9GC*(,\x00\xc4bAL\xa3`\xb1\xf2\xe7\xc04b$\x99.\xb4\xcc\xc0%\xaa\xd3\xd5\xef\xa4\xd35u\xc0\xa6\r\xcaJ\x11\xaf\x93\xde\xc3|\x17\x96\xd1\x15g\x10\x1ai1(=!\xf1\xe8\xe4\xcdm\xedKW\xe7\xfbL\\\xf2sj(\v\xcd\xe5\x02B\x81ss\xdd\x8199\xa5\x1e\xb0A\xa6)*j:\x8e\x03\xdd\x1d6\xb5%A\x1b\xac\xa3\xcbj7\xe9\xc9L\xcc\xc6\xa4\xaf%\xba\xda\xee\xd8%:bXj\xd5[U\x18\xe8K\xafU\x8d\xb1\f~\xaa\xab(\x86(\xf9\b\xf7$%\xf2\x11\xa4\x9bj\xc1)\n\x1ft\xb6\xaf\xe2\xd4', 0x100000001) write$auto(r2, &(0x7f0000000040)='S\x00\x00\x00\xfe\xff\xff\xff', 0x8587) ioctl$auto_USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000080)={0x7f3, 0x2, "f845d7749f"}) 10m59.924141402s ago: executing program 4 (id=1676): mmap$auto(0x0, 0x40009, 0x3, 0x9b72, 0x7, 0x28000) unshare$auto(0x40000080) close_range$auto(0x0, 0xffffffffffffffff, 0x2) socket(0x10, 0x3, 0xa) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) socket(0x1, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6b) listen$auto(0x3, 0x81) select$auto(0x5, 0x0, &(0x7f0000000140)={[0x9, 0x8, 0x3, 0x10, 0xffffffffffffffff, 0x9, 0x9, 0xff, 0x3, 0x2, 0x2, 0x7, 0x100000001, 0x8000000000000001, 0x4, 0x9]}, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x8) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000002a80), r0) prctl$auto_PR_SCHED_CORE_CREATE(0x1, 0x1, 0x0, 0x10001, 0x6) r2 = prctl$auto_PR_SCHED_CORE_CREATE(0x5, 0x1, 0xffffffffffffffff, 0x3, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000040)={'macvlan1\x00'}) r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x8000, 0x0) io_uring_register$auto_IORING_REGISTER_SYNC_CANCEL(0xffffffffffffffff, 0x18, &(0x7f00000000c0)="2fa03ca714c8a8334df365f191", 0xfffffff9) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x68) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r4, 0x89fc, &(0x7f0000000040)={'bond0\x00'}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x28000880) ioctl$auto_FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000080)) sendmsg$auto_ETHTOOL_MSG_MODULE_SET(r0, &(0x7f0000002b80)={0x0, 0x0, &(0x7f0000002b40)={&(0x7f0000000000)=ANY=[@ANYRES64=r0, @ANYRES16=r1, @ANYBLOB="010028bd7000fddbdf2523000000180001801400020076657468315f746f5f627269646765000500020001000000"], 0x34}, 0x1, 0x0, 0x0, 0x881}, 0xc810) madvise$auto(0x0, 0x200204, 0x14) 10m57.292511241s ago: executing program 4 (id=1683): mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x7ff, 0x82, 0x0, &(0x7f0000000000)=0x9000c) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fchdir$auto(r1) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f00000001c0)='nfsd\x00\xee\x1a\x8f\xa2~?\xe2\x82fg\xb3G\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\tI\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd_\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xfd\rw\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xe1\xa8\xda\x80\xc5\x8f\xb41\x81\xf0\xa3\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14', 0x5, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/pagemap\x00', 0x600, 0x0) mmap$auto(0x0, 0x400008, 0x0, 0x1010, 0x2, 0x20000000008000) madvise$auto(0xfffffffffffffffe, 0xffffffffffff0001, 0x20000015) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x20000) syslog$auto(0x0, &(0x7f0000000340)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xdd\x94\xb8\xbf\xd4Q.\x1b\xb3\x96p8\x00\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c', 0x8001) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/timer_source\x00', 0x20080, 0x0) unshare$auto(0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/platform/vhci_hcd.10/usb30/30-0:1.0/usb30-port7/over_current_count\x00', 0x200000, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'hsr0\x00'}) r3 = openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) ioctl$auto_TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000080)=0x68) ioctl$auto_FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000080)) mknod$auto(&(0x7f0000000180)=':,\x00', 0xc9, 0xfffffffa) prctl$auto(0x800040, 0x80000000017, 0x0, 0x0, 0x40000000000) execve$auto(&(0x7f0000000300)=':,/file0\x00', &(0x7f00000000c0)=&(0x7f0000000080)='$\x04\x00\x00\x00\x00\x00\xe6l\x00', &(0x7f0000000200)=&(0x7f00000001c0)=':,\x00') fchdir$auto(r2) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptyd9\x00', 0x10300, 0x0) mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0xdef, 0x0) ioctl$auto_PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, 0x0) 10m55.215272791s ago: executing program 4 (id=1690): socket(0x10, 0x3, 0x5) (async) r0 = socket(0x10, 0x3, 0x5) msgctl$auto_IPC_RMID(0x2, 0x0, &(0x7f00000000c0)={{0xcf9, 0x0, 0xee01, 0x4, 0x3, 0x0, 0xbfa5}, &(0x7f0000000040)=0xa, 0x0, 0x6, 0x2, 0x3, 0x1, 0x1, 0x5, 0x9, 0x6, @raw=0x5, @raw=0x64}) statmount$auto(&(0x7f0000000000)={0x18, @raw, 0x400000080000029, 0x100000001, 0x8}, 0x0, 0x207, 0x0) sendmmsg$auto(r0, &(0x7f0000000000)={{&(0x7f0000000040), 0xc88, 0x0, 0x0, &(0x7f00000000c0), 0x8, 0x200}, 0x5}, 0x3b8b, 0x800) 10m54.571688863s ago: executing program 4 (id=1692): mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) r0 = socket(0x15, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmsg$auto(r0, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0xd0) select$auto(0x5, 0x0, &(0x7f0000000100)={[0x9, 0x200, 0x0, 0x8000000000000201, 0x9, 0x3, 0x6, 0x7, 0xd886, 0x5e58296b, 0x341, 0x41, 0x7, 0x200, 0x8, 0xc]}, 0x0, 0x0) 10m54.240127355s ago: executing program 4 (id=1695): r0 = socket(0x2, 0x3, 0xa) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000180), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'hsr0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="28cbbff93222900f42808bd3d222c798000000", @ANYRES16=r2, @ANYBLOB="290928bd7000ffdbdf250300000008000200", @ANYRES32=r3, @ANYBLOB="0a000100bbbbbbbbbbbb0000"], 0x28}, 0x1, 0x0, 0x0, 0x240008c5}, 0x4054) (async) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r2, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@HSR_A_NODE_ADDR_B={0xa, 0x5, @local}]}, 0x20}, 0x1, 0x0, 0x0, 0x8091}, 0x4008091) (async) mmap$auto(0x0, 0x9, 0x3, 0x8b72, 0x1000000002, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) (async) open$dir(&(0x7f0000000280)='./file0\x00', 0x14000, 0x94) (async) mmap$auto(0x0, 0x8, 0x8, 0xeb1, 0xffffffffffffffff, 0xa800000000000000) (async) syz_genetlink_get_family_id$auto_nfc(0x0, 0xffffffffffffffff) (async) sendmsg$auto_NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000010}, 0x20000804) (async) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram1\x00', 0x20001, 0x0) ioctl$auto_BLKRRPART(r4, 0x801070cf, 0x700000000000000) r5 = memfd_create$auto(&(0x7f0000000300)='/sys/kernel/debug/x86/boot_params/data\x00\"F\xb6\xcd\x06\xd6\x97\\L\xe1\xb2\xee\xb8\x8e\xd6O\xa1j\x90w\xc7\x94\xb7yi\x01&\x04b/\xaa\xfb#s\xc4\xa3\xa7\xacj\xc6\x8e\xf4L\x9a\xf8\xcc\xdcy\x9f\x93\xbc\xf6\xc8\xdb\x05w,|B\xfc\x04\x97\xd3\x0f\x8b\x81\xe8\xbc\x81\x0e\xd7o\xd2\xcd\x18z\xc2\xb7|\xe1\xa6\x9a~\x96\x10rnLnt\xdb\xdb-\x1b\x99\xd4\xed;\xf8\x13a\r\xf2\a\x85%\xef\xa7\x7f#\x96\xf2S\xb0\xf1Hq\x0f;\x83\xb7\x0fz\x9dN\xc9\x1e\x15r\x97|\xbfE\xce\"', 0x4) (async) r6 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYRES16=r6, @ANYBLOB="0118d09c4ab9eb14d061ea6c1d4f5d0028bd7000fedbdf251c00000018000180140002006e657af8ae866c0bbc99e472fac252657673"], 0x2c}}, 0x4000000) (async) fallocate$auto(r5, 0x0, 0x9, 0x4cbd5d) (async) fstat$auto(0xffffffffffffffff, &(0x7f00000009c0)={0x4, 0x6, 0x8, 0x8, 0x0, 0xee01, 0x0, 0x80000001, 0x4, 0x5, 0x80000000, 0xff, 0x8, 0x8, 0x3, 0x101, 0x8001}) (async) r7 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x400000, 0x0) read$auto(r7, 0x0, 0x1f40) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_ila(0x0, 0xffffffffffffffff) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x4400, 0x0) write$auto(0xca, &(0x7f0000000040)='\x04\x1c\xdc\xec7z\xdf3\xf2\xd3!\v\xb0M\xf8Q\x15\f', 0x2d8) io_uring_setup$auto(0x999, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000010c0), 0xffffffffffffffff) 10m39.202574518s ago: executing program 33 (id=1695): r0 = socket(0x2, 0x3, 0xa) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tun_fops_tun(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_hsr(&(0x7f0000000180), 0xffffffffffffffff) (async) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'hsr0\x00', 0x0}) sendmsg$auto_HSR_C_GET_NODE_STATUS(r1, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="28cbbff93222900f42808bd3d222c798000000", @ANYRES16=r2, @ANYBLOB="290928bd7000ffdbdf250300000008000200", @ANYRES32=r3, @ANYBLOB="0a000100bbbbbbbbbbbb0000"], 0x28}, 0x1, 0x0, 0x0, 0x240008c5}, 0x4054) (async) sendmsg$auto_HSR_C_GET_NODE_STATUS(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x20, r2, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@HSR_A_NODE_ADDR_B={0xa, 0x5, @local}]}, 0x20}, 0x1, 0x0, 0x0, 0x8091}, 0x4008091) (async) mmap$auto(0x0, 0x9, 0x3, 0x8b72, 0x1000000002, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto(0x3, 0x400454ca, 0x38) (async) open$dir(&(0x7f0000000280)='./file0\x00', 0x14000, 0x94) (async) mmap$auto(0x0, 0x8, 0x8, 0xeb1, 0xffffffffffffffff, 0xa800000000000000) (async) syz_genetlink_get_family_id$auto_nfc(0x0, 0xffffffffffffffff) (async) sendmsg$auto_NFC_CMD_DEV_UP(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24000010}, 0x20000804) (async) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ram1\x00', 0x20001, 0x0) ioctl$auto_BLKRRPART(r4, 0x801070cf, 0x700000000000000) r5 = memfd_create$auto(&(0x7f0000000300)='/sys/kernel/debug/x86/boot_params/data\x00\"F\xb6\xcd\x06\xd6\x97\\L\xe1\xb2\xee\xb8\x8e\xd6O\xa1j\x90w\xc7\x94\xb7yi\x01&\x04b/\xaa\xfb#s\xc4\xa3\xa7\xacj\xc6\x8e\xf4L\x9a\xf8\xcc\xdcy\x9f\x93\xbc\xf6\xc8\xdb\x05w,|B\xfc\x04\x97\xd3\x0f\x8b\x81\xe8\xbc\x81\x0e\xd7o\xd2\xcd\x18z\xc2\xb7|\xe1\xa6\x9a~\x96\x10rnLnt\xdb\xdb-\x1b\x99\xd4\xed;\xf8\x13a\r\xf2\a\x85%\xef\xa7\x7f#\x96\xf2S\xb0\xf1Hq\x0f;\x83\xb7\x0fz\x9dN\xc9\x1e\x15r\x97|\xbfE\xce\"', 0x4) (async) r6 = syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_TUNNEL_INFO_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000580)=ANY=[@ANYRES16=r6, @ANYBLOB="0118d09c4ab9eb14d061ea6c1d4f5d0028bd7000fedbdf251c00000018000180140002006e657af8ae866c0bbc99e472fac252657673"], 0x2c}}, 0x4000000) (async) fallocate$auto(r5, 0x0, 0x9, 0x4cbd5d) (async) fstat$auto(0xffffffffffffffff, &(0x7f00000009c0)={0x4, 0x6, 0x8, 0x8, 0x0, 0xee01, 0x0, 0x80000001, 0x4, 0x5, 0x80000000, 0xff, 0x8, 0x8, 0x3, 0x101, 0x8001}) (async) r7 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/oom_adj\x00', 0x400000, 0x0) read$auto(r7, 0x0, 0x1f40) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$auto_ila(0x0, 0xffffffffffffffff) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, 0x0, 0x4400, 0x0) write$auto(0xca, &(0x7f0000000040)='\x04\x1c\xdc\xec7z\xdf3\xf2\xd3!\v\xb0M\xf8Q\x15\f', 0x2d8) io_uring_setup$auto(0x999, 0x0) syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000010c0), 0xffffffffffffffff) 3m47.515207136s ago: executing program 0 (id=2768): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000040)='/dev/tty17\x00', 0x1, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f00000001c0)="352c8efa618c0bcf83a4ebdb27ec25906b0e1015b18c429fc1d7c523728754e15f334a572cad539da201096bbbc2ce7db19c429be7137d848ef31b50b0b3c7da1361fef8e0e23a77846b4e400f", 0x4d) 3m46.839753004s ago: executing program 0 (id=2772): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x10800, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) 3m45.617210665s ago: executing program 0 (id=2773): sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x4000050) unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) close_range$auto(r0, 0x8, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) r2 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0xc0842, 0x95) sendfile$auto(r2, r2, 0x0, 0x1) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0xecf, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7fd, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xf90, 0xfffffffffffffffe, 0x80000000, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x2000000008000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x4bd, 0x0, 0x1000, &(0x7f0000000040)=0x2) write$auto(0xffffffffffffffff, 0x0, 0xfdef) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x2c, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_AID={0x6, 0x10, 0x1}, @NL80211_ATTR_SPLIT_WIPHY_DUMP={0x4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x294d}, @NL80211_ATTR_ASSOC_SPP_AMSDU={0x4}]}, 0x3}, 0x1, 0x0, 0x0, 0x890}, 0x800c5) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r3, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) 3m41.439577134s ago: executing program 0 (id=2781): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x40000, 0x400053, 0x9) 3m38.45535798s ago: executing program 0 (id=2787): sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, 0x0, 0x4000050) unshare$auto(0x40000080) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x2404c000) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) set_mempolicy$auto(0x6, &(0x7f0000000000)=0x7e, 0x4) close_range$auto(r0, 0x8, 0x0) socket(0x2b, 0x1, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) openat$auto_generic(0xffffffffffffff9c, &(0x7f00000032c0)='/proc/kmsg\x00', 0x80002, 0x0) r2 = open(&(0x7f0000000480)='./cgroup.cpu/cgroup.procs\x00', 0xc0842, 0x95) sendfile$auto(r2, r2, 0x0, 0x1) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x2, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0xecf, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bc3, 0x7fd, 0x3, 0xff, 0x10001, 0x400000000003, 0x3, 0xf90, 0xfffffffffffffffe, 0x80000000, 0x335b0eef, 0xffffdfffffffff81, 0x4]}, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x2000000008000) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x4bd, 0x0, 0x1000, &(0x7f0000000040)=0x2) write$auto(0xffffffffffffffff, 0x0, 0xfdef) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x2c, 0x0, 0x100, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_STA_AID={0x6, 0x10, 0x1}, @NL80211_ATTR_SPLIT_WIPHY_DUMP={0x4}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x294d}, @NL80211_ATTR_ASSOC_SPP_AMSDU={0x4}]}, 0x3}, 0x1, 0x0, 0x0, 0x890}, 0x800c5) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r3, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) 3m32.506053257s ago: executing program 0 (id=2801): mmap$auto(0x4, 0x200000000400008, 0xdf, 0x9b76, 0x2, 0x8000) socket(0xa, 0x2, 0x73) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x8010) madvise$auto(0x0, 0xffffffffffff0006, 0x17) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto(r2, 0x0, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r2, 0x408010) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r4, 0xc0045520, r3) write$auto(0x3, 0x0, 0x100082) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.2/usb3/ep_00/power/control\x00', 0x30f000, 0x0) write$auto(r5, &(0x7f0000000040)=' ', 0x4) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x1, 0xfffffffdffef0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) 3m17.36917877s ago: executing program 34 (id=2801): mmap$auto(0x4, 0x200000000400008, 0xdf, 0x9b76, 0x2, 0x8000) socket(0xa, 0x2, 0x73) connect$auto(0x3, 0x0, 0x55) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_VERSION_GET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x1, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000080}, 0x8010) madvise$auto(0x0, 0xffffffffffff0006, 0x17) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x80000, 0x0) read$auto(r2, 0x0, 0x9) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, r2, 0x408010) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) r4 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto(r4, 0xc0045520, r3) write$auto(0x3, 0x0, 0x100082) madvise$auto(0x0, 0xffffffffffff0001, 0x15) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.2/usb3/ep_00/power/control\x00', 0x30f000, 0x0) write$auto(r5, &(0x7f0000000040)=' ', 0x4) write$auto(0x3, 0x0, 0xfdef) madvise$auto(0x1, 0xfffffffdffef0005, 0x19) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x0, 0x100000000008000) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x60742, 0x0) socket(0x2, 0x1, 0x0) epoll_create$auto(0x4) 12.178846523s ago: executing program 6 (id=3246): socket(0xa, 0x3, 0x3a) getsockopt$auto(0x3, 0x0, 0xe, 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = epoll_create$auto(0x3e) poll$auto(&(0x7f0000000040)={r0, 0x1, 0xa}, 0x5, 0x108) epoll_ctl$auto(r1, 0x1, r0, 0x0) ioctl$auto_TIOCVHANGUP2(r0, 0x5437, 0x0) shmctl$auto_IPC_RMID(0x7, 0x0, &(0x7f0000000340)={{0x6, 0xffffffffffffffff, 0xee01, 0x0, 0x8, 0x92, 0x2}, 0x3, 0xbe, 0xb8ff, 0x7, @inferred, @raw=0x1, 0x3, 0x0, &(0x7f0000000200)="1f30785de7312723eeab45aec91e94870a7d2bcee8574581afbc6d2fe24d2fb5ecbf7e1bf3eb50ef98276be34ce341e39fa95e38ccba531bbd4f65486b9a3e0680d1b9b2828d8fbe7896f054c226907b31c576338464e7e1db69edd5798bdba6365dd59305d92aff4df447114ed1cbb312cc79a85c726022946b16facbf85547438481fa959ec709a964e72e08917c5108fe9f448ba7665a981fdaf8293a6088b277d0", &(0x7f00000002c0)="861d1a88715034b7f668949fe1d6099003c7e0cae9e244afd72bbc4b10f446e832fa3c7e20672513780d833312945af0aa15271eedbd1d05ee00361342bb51dbd1d974945cadda2d5581884dbbdb0b7552f1b17608744ebc1d46"}) fstat$auto(0xffffffffffffffff, &(0x7f0000000440)={0x3, 0x8, 0x4, 0x4, 0xee01, 0xffffffffffffffff, 0x0, 0x8000000000000000, 0x1669d601, 0x5, 0x7, 0x2, 0xfff, 0x81, 0x5, 0x4, 0x6}) r4 = getpid() openat2$auto(0xffffffffffffff9c, 0x0, 0x0, 0xf6) getpriority$auto_PRIO_PGRP(0x1, r4) r5 = wait4$auto(0x0, &(0x7f0000000580)=0x7, 0x5, &(0x7f00000005c0)={{}, {0x8, 0x2}, 0xb7a, 0x8000000000000000, 0x7, 0x2, 0x6, 0x6, 0x7, 0x1, 0x0, 0x7, 0x945, 0x8000000000000001, 0x5, 0x9}) msgctl$auto(0x3, 0x4c, &(0x7f0000000680)={{0xfffffffd, r2, r3, 0x4, 0x9, 0x200, 0x742}, &(0x7f0000000500)=0x7f, &(0x7f0000000540)=0xb, 0x0, 0xf, 0x2233, 0x6, 0x3, 0x3, 0xba, 0x9, @inferred=r4, @inferred=r5}) mmap$auto(0x0, 0x20009, 0x4000000001df, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) socket(0x2, 0x1, 0x106) io_uring_setup$auto(0x3, 0x0) r6 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r6, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xb, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x1, 0x3, 0x0, 0x948b, 0xa, 0x6, 0x6, 0x2, 0x68, 0x8000001c, 0x1002, 0x100000002, 0x9, 0x100, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f0000000180)={[0x8000000000001fd, 0x20000000007, 0xea8, 0x1000000000000bc3, 0xaf000000000, 0x3, 0xff, 0x200010001, 0x400000000003, 0x3, 0xfffffffffffffffc, 0xfffffffffffffffe, 0x80000000, 0x9, 0xffffdfffffffff81, 0x4]}, 0x0) 11.173578267s ago: executing program 6 (id=3249): io_uring_setup$auto(0x59, &(0x7f0000000080)={0x6, 0xd, 0xfffffffe, 0x6, 0x7fff, 0x8, 0xffffffffffffffff, [], {0x6, 0x10001, 0xb, 0x2de, 0x504, 0x1, 0x80, 0x6, 0x6}, {0xfff7ffff, 0x2, 0x52, 0x5, 0x10001, 0x40, 0x76c5, 0x8, 0x8000000000000000}}) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x4, 0xb374, 0x8) prctl$auto(0xfffffffb, 0x1, r0, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0x3ff, 0x203, 0xffffffff7fffffff, 0xfffffffffffffffa, 0xaaa7) close_range$auto(0x0, 0x5, 0x0) sysfs$auto(0x2, 0x49, 0x0) fsopen$auto(0x0, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) close_range$auto(0x2, 0x8, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/fcloop/ctl/del_remote_port\x00', 0xa001, 0x0) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x0, 0x0) ioctl$auto_TCFLSH2(r2, 0x5453, 0x0) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r3 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, 0x0, 0x8c00, 0x0) ioctl$auto_KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$auto(0x3, 0xc048aec8, r1) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x101c40, 0x0) r4 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) ioctl$auto(r1, 0x5, r4) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb2, 0x402, 0x300000000000) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000001a40)='/dev/input/event2\x00', 0x20881, 0x0) write$auto(r5, &(0x7f0000000040)='/dev/input/event1\x00', 0x10001) 8.887662007s ago: executing program 3 (id=3257): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000480), r0) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x201, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x6, 0x84) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) io_uring_setup$auto(0x401, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20a02, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) seccomp$auto(0x6, 0x5, &(0x7f0000000280)="d4e2ebcea40463216631d4cd096286e8a022b80488f13d58d6ef7aacda1e0adfa33eee358d12387067055b946bfa474fe58da8f14460e6aa73e0bcf12982c625") bind$auto(0xffffffffffffffff, 0x0, 0x68) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4008800) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20080, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000200)='/proc/kcore\x00', 0x28000, 0x0) pread64$auto(r1, 0x0, 0x840003, 0x40000000002e72) open(0x0, 0x4242, 0xe1d2b27bdc14aabc) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x100c02, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x802, 0x0) ioctl$auto(r2, 0xc1205531, 0xffffffffffffffff) 8.16616936s ago: executing program 6 (id=3258): openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/memfd_noexec\x00', 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) mmap$auto(0x0, 0x9, 0x73, 0x8b72, 0x2, 0x8000) execve$auto(0x0, 0x0, 0x0) socket(0x2, 0x1, 0x0) r0 = socket(0xa, 0x1, 0x84) getsockopt$auto(r0, 0x84, 0xe, 0x0, 0x0) r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r1, &(0x7f0000001680)="a7", 0xfffffc96) syz_clone(0x40000000, 0x0, 0x25, 0x0, 0x0, 0x0) kill$auto(0x0, 0x11) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) socket(0x2, 0x801, 0x84) 7.484613554s ago: executing program 5 (id=3259): mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) r0 = socket(0x10, 0x2, 0x0) setsockopt$auto(r0, 0x104000000000010e, 0x4, 0x0, 0x16) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="00010000", @ANYRES16=0x0, @ANYBLOB="000326bd7000fcdbdf2503000000790008805b4f2525b2dc3a73ec37e7122e6f0d55382854d419b883b7ed64bd3c7b9fb15273e787030718751e0a22cc6cabcae114aa6448d0356183e1ca7c01536c5c6f37915b26a3e75515ab02807fe932b8a415a581dcdc7800f91e231c001d800400d3800c002000f3000000002b3c0c7e9b"], 0x100}, 0x1, 0x0, 0x0, 0x8000}, 0x42) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x2, 0x15) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="72010000"], 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) socket(0x11, 0x80003, 0x300) socket(0x10, 0x2, 0x4) r1 = syz_open_procfs$namespace(0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, 0x0, 0x400c000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000840)='./cgroup.cpu/memory.stat\x00', 0x80200, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) mmap$auto(0xffffffffffffffaf, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) mmap$auto(0x4, 0x2020009, 0x3, 0x10019, r1, 0x8000) r2 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r2, 0x0, 0x400100000001, 0x1ff) write$auto(0xffffffffffffffff, 0x0, 0x5) unshare$auto(0x40000080) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) setregid$auto(0x0, 0xffffffffffffffff) r3 = getpgid(0x0) prlimit64$auto(r3, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) 7.176171256s ago: executing program 2 (id=3260): unshare$auto(0x40000080) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0xc2f02, 0x0) socket(0x1d, 0x2, 0x7) connect$auto(0x3, &(0x7f00000018c0)=@can, 0xb) r0 = timerfd_create$auto_CLOCK_TAI(0xb, 0x6) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000080)=0x1) mmap$auto(0x0, 0x477, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x3, 0x100) socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_HWSIM_CMD_REPORT_PMSR(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="011526bd7000fbdbdf250b0000000800130007000000080004000400000004000b"], 0x28}, 0x1, 0x0, 0x0, 0x24044095}, 0x4000000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0xa}, 0x7}, 0x3, 0x2) pwrite64$auto(0xc8, &(0x7f0000000000)='\vX5n\x91p\xe6\x1eRN8\x99\x88\xa2\x06\x00J\x99\x00:\x00!\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\x01\x0e\xa4\xdf\xdav\x1cC\x8a\v\x00\x00\x00\x00\x00\x00\x00X\xb9_\xdd*\xd1\x14^\xbe\xa2\x00'/97, 0x10, 0x3) socket(0x22, 0x0, 0x1) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, 0x0, 0x8001, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) mmap$auto(0x2, 0x40000a, 0x4, 0x400001009b70, 0x2, 0x8004) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x2003f2, 0x15) madvise$auto(0x0, 0x1010001, 0x100000003) 7.12848446s ago: executing program 3 (id=3261): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000480), r0) openat$auto_tracing_mark_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/tracing/trace_marker\x00', 0x201, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x7, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x6, 0x84) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) io_uring_setup$auto(0x401, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000003fc0)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20a02, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, 0x0, 0xa2741, 0x0) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(0x0, 0xffffffffffffffff) seccomp$auto(0x6, 0x5, &(0x7f0000000280)="d4e2ebcea40463216631d4cd096286e8a022b80488f13d58d6ef7aacda1e0adfa33eee358d12387067055b946bfa474fe58da8f14460e6aa73e0bcf12982c625") bind$auto(0xffffffffffffffff, 0x0, 0x68) sendmsg$auto_HWSIM_CMD_NEW_RADIO(0xffffffffffffffff, 0x0, 0x4008800) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x20080, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r1 = io_uring_setup$auto(0x6, 0x0) r2 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x802, 0x0) ioctl$auto(r2, 0xc1205531, r1) 6.231165433s ago: executing program 3 (id=3262): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0x2, 0x10000000004, 0x9) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sda\x00', 0x200000, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r1, 0x8000) mprotect$auto(0xfff, 0x5, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(r1, 0x8, 0x7d) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = socket(0x10, 0x80002, 0x8) close_range$auto(r2, r2, 0x0) pipe$auto(0x0) splice$auto(r2, 0x0, 0x2, 0x0, 0x3fb, 0x9) write$auto(r2, 0x0, 0x40) dup2$auto(0x5, 0x4) setreuid$auto(0xffffffffffffffff, 0xffffffffffffffff) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000000, 0x9) mmap$auto(0x0, 0x2020009, 0xd, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r3 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) 5.944433057s ago: executing program 6 (id=3263): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b3a, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/teql0/statistics/tx_aborted_errors\x00', 0x0, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0) read$auto(r2, 0x0, 0x85) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) r3 = socket(0xa, 0xa, 0x3) setsockopt$auto_SO_WIFI_STATUS(r3, 0x0, 0x30, 0x0, 0x8f) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/geneve0/drop_unicast_in_l2_multicast\x00', 0xc1e13b61f74943c7, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x21, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x5, 0x4, 0x6, 0x17) madvise$auto(0x0, 0x2003f2, 0x15) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x309801, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, 0x0, 0xfffffdef) mseal$auto(0x0, 0x7dda, 0x0) write$auto(r4, 0x0, 0x8) ioctl$auto_USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) 5.625617094s ago: executing program 5 (id=3264): mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x7) mmap$auto(0x2, 0x20009, 0x2, 0x3e, 0xffffffffffffffff, 0x8000) r0 = socket(0x23, 0x2, 0x0) shmctl$auto_SHM_INFO(0xfffffff8, 0xe, 0x0) ioctl$auto(r0, 0x89ef, 0x74) mmap$auto(0x0, 0x400008, 0x1ff, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth1_to_batadv/router_solicitation_delay\x00', 0x40802, 0x0) sendfile$auto(r1, r1, 0x0, 0x8000000400003) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) readv$auto(0x4, &(0x7f0000000100)={0x0, 0x1000}, 0x8) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x3, 0x100) fremovexattr$auto(0xffffffffffffffff, &(0x7f00000002c0)='system.posix_acl_access\x00e\xd8\v\x1b\x02\xd5q?\x8c\xf1\x8f\x89\x7f\xd47\x84dG\xb3\xf1\xa6\x1b\x03\x18s8G \x950\xf0\xe0H!\x86,\xd1{\xf0\vX-c\xfd\xc4\xf24\xdd\xac\xea\x1f1\xc2+0\xc7gA\xa8\xc6B\xc9f\'_]\xe5.\xc6X\xe0c\xbbtzB\xe7\x9383\xdf\xf7x\x18\xd8\xfb(\xae\xb6\xc3\x02;mlG\x14\xdf\x9f\xea\xbf\x93\xae\xa5.\xfd\xe2a\xa4\x1bK\xbbZA\xb8\xc4\x9f\x93\xff\x86l\xd2\a7\xba=LC\xc4\xdc3\xf3%\xef\x7f\x81\x9eB\x9ak\a\xa3\xea?\x11\xd8LuY\x9b\xa8\xe2j\x98\\\xd0\xd72_c\b\xb3\xd1\xa6g,5\b|\x95\x98\xb0c\x90\xfd\x12\x1f\x1c!)(\xae\xfe\xc4\xec\x8f\xa1\x98\te\'\xc8\x97\xda\xe4&)\xe5\xa3)@\x13In\x1e0\xe5\xff\xcbv\xd2B\xd5\xaf+\xc8T\xc2\xb1\xd3\xaan\xfe}\x17\xcd\xebD[\xba\x9d\'\xb0') setxattr$auto(&(0x7f00000001c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', &(0x7f00000002c0), &(0x7f00000004c0), 0x3, 0x2) bpf$auto(0x0, 0x0, 0x6f3) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x23, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) write$auto(0xca, &(0x7f00000001c0)='\x04\x13\xac\x04\x00\x00\x00\x00\x00\x00\x00\x01\n\xdc\x10\x00\x00\xef\xab\xe1ME:\xab \x87|\xe0Z\x1b\x9eZ\xa8\xff\x92+\xc9\x9fs\xbf\xd8\f\x00\x00\x00\xa5V\b\xf1Ne\xc6l\xd0\xdd7\x96gf\xb2\xa0\xf2cN\x8b\x95\xeb\xf3(\x9eM-\xdc\x84N\xc3\tts%\xe9\xbf<\xf1\xdav\xe0n\x04\xb33\x97\xd5\xb4\x02\x94B\xbb\x995\x1e\xf7@\xd8\xca\x8d\a0 \xfa\x87V\xeb1\xe4M%\xdd\xfd\xf6\x8d\xb4\xc7\x9b\x9d\xf5\xd9^\xcdL@\x0f\xd4\x15F,\xc1\xd1i\xa4f/{\xfa\xd5\n\xe1\x95l[\x91\xbfX\xea2\x1b\x8a\x85\t\x00\x05m\x1e\x9b\xca\xfb\x81\x9d{\x19S\xff\xe4\xd2k\x1b/wJ&\x03+{\x84R\xa8\x92\xad\xec\x1b\xb1\xe9\xa7XUo\x93\xd5\xfb\x94\xc4\xdf\x8e\xdd\x97\xfc\x00\x13\xd6\x80g\x7fR;\x88\xf7bm\x8f\xb5\x89\x1a\xb63\x98\xaa\xcc\xbf\x94\xbf#u\xb9', 0x2b) 5.53321704s ago: executing program 2 (id=3265): close_range$auto(0x0, 0x5, 0x0) fanotify_init$auto(0x5, 0x2000000000002) inotify_init1$auto(0x3000000000000) socket(0x15, 0x5, 0x0) getsockopt$auto(0x2, 0x114, 0x8, 0xfffffffffffffffc, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) setresuid$auto(0x8, 0x8, 0x0) r0 = setfsuid$auto(0xee00) setreuid$auto(r0, 0x0) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000540), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'netdevsim0\x00'}) sendmsg$auto_NET_SHAPER_CMD_DELETE(0xffffffffffffffff, 0x0, 0xc050) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_SET_HW_TIMESTAMP(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200029bd7000fbdbdf25990008009e000000000008001f01ffff0000d61bd1809691b4995d3e396af3d44538a8bd0000"], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x20000000) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) clone3$auto(0x0, 0xfffffffffffffff8) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) fsconfig$auto(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) move_pages$auto(0x0, 0x7, &(0x7f00000004c0)=&(0x7f0000000400), &(0x7f0000000500)=0x1, &(0x7f0000000540)=0x8, 0x2) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, 0x0, 0x942282, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) setpriority$auto_PRIO_USER(0x2, r0, 0x3ff) io_uring_setup$auto(0x59, 0x0) socket(0xa, 0x3, 0x3a) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) open(0x0, 0x0, 0x154) 4.894808645s ago: executing program 5 (id=3266): mlockall$auto(0x1) (async) mprotect$auto(0x1ffffffff000, 0x100004, 0x6) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/block/ram6/queue/max_hw_sectors_kb\x00', 0x80000, 0x0) read$auto(r0, 0x0, 0x20) (async) r1 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r1, &(0x7f0000000200)={0x0, 0x7}, 0x3) (async, rerun: 32) inotify_init1$auto(0x3000000000000) (async, rerun: 32) r2 = gettid() rt_sigqueueinfo$auto(r2, 0xb, &(0x7f00000001c0)={@siginfo_0_0={0x3, 0x401, 0xfffffffb, @_timer={r2, 0xd, @sival_ptr=0x0, 0x62}}}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_usbfs_devices_fops_usb(0xffffffffffffff9c, 0x0, 0x28400, 0x0) (async) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r3) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="05082dbd7008b4b2ff02aec169000d5c67181f84aba62aaffceb747a915235de5fb639"], 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) unshare$auto(0x20000) (async) close_range$auto(0x2, 0x8, 0x0) (async) openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000100)='/proc/self/mem\x00', 0x20401, 0x0) (async) r5 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000400), 0x189002, 0x0) ioctl$auto_PPPIOCSMRU(r5, 0xc004743e, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0x40047440, 0x0) (async) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20240, 0x0) (async) socket(0xa, 0x5, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f00000012c0)={{@inferred, 0x1, 0x2, 0x6, "0582a820061b5c51a65a6dd72b0b15addbdf55cb4b0f2381f2673e3a1ebe21e1bf1b26f0db7b620200f764f9", @raw=0x1000}, 0x0, @integer64=@value_ptr=0x0, "528d458095d42b72adda0cac2d45bdaacf03000000000000008bf00ab57d5d73b094925aa92857fd2f672f85343275f80841c6cac1ba3023ab4510269ed959a79a789527276d90375018fc08050559d8936b8d72087a5689d4338da78b8b8bdcea8133ca43202fb78dacb3fea1258074885c899d75cd52751f9be959d90fa5c2"}) 4.405744266s ago: executing program 6 (id=3267): mmap$auto(0x0, 0x2e985, 0xdf, 0xebb, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) syz_clone(0x10110200, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) mmap$auto(0xc00000002, 0x400008, 0x2000000, 0x10, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x80802, 0x0) openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x400000, 0x0) r1 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), r0) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f00000001c0)=ANY=[@ANYBLOB, @ANYRES16=r1], 0x2c}, 0x1, 0x0, 0x0, 0x2001}, 0x4040044) socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) unshare$auto(0x40000080) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x43102, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$auto_nbd(&(0x7f0000000340), 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000240), r4) sendmsg$auto_CTRL_CMD_GETFAMILY(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r5, 0x6a9, 0x70bd2a, 0x25dfdbfe, {}, [@CTRL_ATTR_FAMILY_NAME={0x6, 0x2, '\\\x00'}]}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x880) sendmsg$auto_NBD_CMD_CONNECT(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0x14, r3, 0x1, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x40080}, 0x20040000) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) munlock$auto(0x10000000000ffff, 0xffffffdffffdfffe) mlockall$auto(0x7) 4.310036469s ago: executing program 2 (id=3268): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x8}, 0x6, 0x3, 0x4, 0x2a) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x4, 0x9f, 0x8000000008012, r1, 0x8000) mprotect$auto(0x1, 0x8, 0x3) mmap$auto(0x0, 0x202000a, 0x5, 0xfffffffffffffffb, 0xfffffffffffffffa, 0x2) readlinkat$auto(0xffffffffffffffff, 0x0, 0x0, 0x0) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x15, 0x5, 0x0) rt_sigsuspend$auto(0x0, 0x8) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x20000) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\x84q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa24X@\xadD\xf8\x9d\xf3 \xd2]\xc4\x13G\x1d\x04!\xc1\xeb.e$\xfb\xa3KU\xcf\xc1\x7fFD\x99\xf5v\v\x9dS\xc11P\xa3\xe9\xb0SqL\x85\xea\xb2\x9cY\x83.I\xca\x92\x1c\xc4\x13CV=\x92\x17c\x87iOt\x14On\x15=\v\xf0 \xc5\x8b~\xd6\xd4\xc7\xa3a\x1c\x06\x17\xb3\x88\x8c\xf1L\xba\x89a\xfd\xa5\xc6\x7fU\x00\xe5\x9b', 0x5) syz_open_procfs$namespace(0x0, &(0x7f0000000440)='ns/cgroup\x00') openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/asound/card1/timer_source\x00', 0x20080, 0x0) mmap$auto(0xffffffffffffff88, 0x4020009, 0xdf, 0xeb1, 0x401, 0x7ffd) close_range$auto(0x0, 0x5, 0x0) sysfs$auto(0x2, 0x49, 0x0) fsopen$auto(0x0, 0x1) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/net/sit0/statistics/tx_compressed\x00', 0x80000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/devices/virtual/fcloop/ctl/del_remote_port\x00', 0xa001, 0x0) r3 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x20000, 0x0) ioctl$auto_TCFLSH2(r3, 0x5453, 0x0) ioctl$auto(0x3, 0x5415, r2) unshare$auto(0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8001, 0x0) 3.729576578s ago: executing program 3 (id=3269): unshare$auto(0x4) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/queues\x00', 0x20000, 0x0) mmap$auto(0x0, 0x1, 0x8000000000000001, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = socket(0x2d, 0x2, 0x0) ioctl$auto(0x3, 0x89e0, 0x91) read$auto_proc_reg_file_ops_compat_inode(r0, &(0x7f00000001c0)=""/218, 0xda) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_START_AP(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000600)={&(0x7f0000000440)=ANY=[@ANYBLOB="9445ce4e", @ANYRES16=r2, @ANYBLOB="02002cbd7000fcdbdf250f00000004004601040044000600b40002000000a300d700075770f5ecb0b503f2a4f734c16c5833d4ae72d49f58aabd7723a5d21aaebb762e3a69d6b310b4241bb5ac398ad95b64580383448a10aa9351fc42ddbc138e74ca88f010d6489a56822c0c6dddbbcb254628bc2d22d325f1e6828e6a637dd75c92762d7e63c62371427a04ef0042006795c9683c84a73619f0ab16563fa56651341ff429bb6837797e4b50ee7097f1bf26884bf2f915a29f57b9f9f2846a660008006b0007000000be004580960037803a0070002f7379732f646576696365732f7669727475616c2f626c6f636b2f6c6f6f7031342f71756575652f646d615f616c69676e6d656e74000000b1b400141df56f330be3dacea8a060712f1318687625761086986611fb30c40915bcbec85bfd7c9044eb51e7e3dbb7e26e486123e9e8e7f27357f838f50e7f2048923beb7e561f364cd30c004400080000000000000000000559ee5a92d24b022b4eb80e0e2fdc65"], 0x194}, 0x1, 0x0, 0x0, 0x24}, 0x4) sendmsg$auto_NL80211_CMD_FRAME_WAIT_CANCEL(r1, 0x0, 0x40800) write$auto(r1, 0x0, 0x7c) clone$auto(0x73f, 0xa0, &(0x7f0000000040)=0x8, &(0x7f0000000180)=0x98d, 0xfffffffffffffff8) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r3 = openat$auto_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) openat$auto_trace_options_fops_trace(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/tracing/options/test_nop_refuse\x00', 0x440200, 0x0) pread64$auto(r3, 0x0, 0xffffffffeffffffe, 0x1000003) write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c\f\xb6,NS\xa2(Q\xcc', 0x7f) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, r3, 0x8000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x260000, 0x0) r5 = openat$auto_ftrace_system_enable_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/events/vmalloc/enable\x00', 0x0, 0x0) read$auto_ftrace_system_enable_fops_trace_events(r5, 0x0, 0x0) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x140082, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) fanotify_init$auto(0x602, 0x1) r6 = open(&(0x7f0000000000)=':-.\x00', 0x1652c2, 0xe1d2b27bdc14aa98) setfsuid$auto(0xee01) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r6, 0x0) mmap$auto(0x0, 0xf340, 0xe2, 0x1e, r4, 0x8000) close_range$auto(0x2, 0x8, 0x0) 3.016736174s ago: executing program 3 (id=3270): mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x7) mmap$auto(0x2, 0x20009, 0x2, 0x3e, 0xffffffffffffffff, 0x8000) r0 = socket(0x23, 0x2, 0x0) shmctl$auto_SHM_INFO(0xfffffff8, 0xe, 0x0) ioctl$auto(r0, 0x89ef, 0x74) mmap$auto(0x0, 0x400008, 0x1ff, 0x9b72, 0x2, 0x8000) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/veth1_to_batadv/router_solicitation_delay\x00', 0x40802, 0x0) sendfile$auto(r1, r1, 0x0, 0x8000000400003) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) readv$auto(0x4, &(0x7f0000000100)={0x0, 0x1000}, 0x8) mknod$auto(&(0x7f00000003c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5', 0x3, 0x100) fremovexattr$auto(0xffffffffffffffff, &(0x7f00000002c0)='system.posix_acl_access\x00e\xd8\v\x1b\x02\xd5q?\x8c\xf1\x8f\x89\x7f\xd47\x84dG\xb3\xf1\xa6\x1b\x03\x18s8G \x950\xf0\xe0H!\x86,\xd1{\xf0\vX-c\xfd\xc4\xf24\xdd\xac\xea\x1f1\xc2+0\xc7gA\xa8\xc6B\xc9f\'_]\xe5.\xc6X\xe0c\xbbtzB\xe7\x9383\xdf\xf7x\x18\xd8\xfb(\xae\xb6\xc3\x02;mlG\x14\xdf\x9f\xea\xbf\x93\xae\xa5.\xfd\xe2a\xa4\x1bK\xbbZA\xb8\xc4\x9f\x93\xff\x86l\xd2\a7\xba=LC\xc4\xdc3\xf3%\xef\x7f\x81\x9eB\x9ak\a\xa3\xea?\x11\xd8LuY\x9b\xa8\xe2j\x98\\\xd0\xd72_c\b\xb3\xd1\xa6g,5\b|\x95\x98\xb0c\x90\xfd\x12\x1f\x1c!)(\xae\xfe\xc4\xec\x8f\xa1\x98\te\'\xc8\x97\xda\xe4&)\xe5\xa3)@\x13In\x1e0\xe5\xff\xcbv\xd2B\xd5\xaf+\xc8T\xc2\xb1\xd3\xaan\xfe}\x17\xcd\xebD[\xba\x9d\'\xb0') setxattr$auto(&(0x7f00000001c0)=':,\x00\xbd\x80\xd6\x002\xb37\xff\x1a\x9e99\xda\xd1v\'\xc6\xd2Fw;\x00v\xdce\xad\xf4\xdb\xc7\x946\xe4\f\x9el]L+\x06\x130V\x1b,d\x8f\xa0\xabDUdk\xac\x82\\tyQ\xd8j\a\x1a[\xdb\x96\x1f{2\x04\xc5Y\xc1@\x0e\xeeWZ\x94N\xd4\xc8q=\x9b\xd1\x7fR3\xb6`\x00\xb3\xe5|1\xba\r\x85\x89\xfe\xed\xe1\xad`\x92\xc7\x9c\xd7\xd8\x15\t&\xb7\xfc\x82\xc4\xd3J\xae\x810\x19\x14\t\xc2\xa5V\xaa\x8d\x04\xf5\xf3\xd6\xd1\xe9k\xaf\x1a\xc6u\x96\xf7\xaa\x84\x92\x995m\xf9O\xc0\x1e\xa05\xdb\xa5\xae\r\x06\xe6\xc3\xd0\xf8:\xf7\xc5u\x91\xf8\x91\xee\xd8y\xb8\xc1)\xad\x05\xeb\xe9\xab\r\x9a@\aa(\x1a\xa4\xc1\xcf\\\xf0\xc3~\xbbd\x94\x9c\x02\xd4\xfc\xd2`\xd9\x83{-\x81zY\\\xac!#\xea\xba\x86)\xe9\xbc\x82\xf6\xd2\x7f\xdb\xa1\xd5\x89|\xa0O\xfcqZ\x85@A\x90\"\x11L\xdd\xa5\x9f\xf5\x00', &(0x7f00000002c0), &(0x7f00000004c0), 0x3, 0x2) bpf$auto(0x0, 0x0, 0x6f3) mmap$auto(0x0, 0x9, 0x3ff57696, 0x9b72, 0x2, 0x8000000000008000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0x23, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) write$auto(0x3, 0x0, 0xfdef) write$auto(0xca, &(0x7f00000001c0)='\x04\x13\xac\x04\x00\x00\x00\x00\x00\x00\x00\x01\n\xdc\x10\x00\x00\xef\xab\xe1ME:\xab \x87|\xe0Z\x1b\x9eZ\xa8\xff\x92+\xc9\x9fs\xbf\xd8\f\x00\x00\x00\xa5V\b\xf1Ne\xc6l\xd0\xdd7\x96gf\xb2\xa0\xf2cN\x8b\x95\xeb\xf3(\x9eM-\xdc\x84N\xc3\tts%\xe9\xbf<\xf1\xdav\xe0n\x04\xb33\x97\xd5\xb4\x02\x94B\xbb\x995\x1e\xf7@\xd8\xca\x8d\a0 \xfa\x87V\xeb1\xe4M%\xdd\xfd\xf6\x8d\xb4\xc7\x9b\x9d\xf5\xd9^\xcdL@\x0f\xd4\x15F,\xc1\xd1i\xa4f/{\xfa\xd5\n\xe1\x95l[\x91\xbfX\xea2\x1b\x8a\x85\t\x00\x05m\x1e\x9b\xca\xfb\x81\x9d{\x19S\xff\xe4\xd2k\x1b/wJ&\x03+{\x84R\xa8\x92\xad\xec\x1b\xb1\xe9\xa7XUo\x93\xd5\xfb\x94\xc4\xdf\x8e\xdd\x97\xfc\x00\x13\xd6\x80g\x7fR;\x88\xf7bm\x8f\xb5\x89\x1a\xb63\x98\xaa\xcc\xbf\x94\xbf#u\xb9', 0x2b) 2.559788144s ago: executing program 5 (id=3271): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000015c0), r0) sendmsg$auto_NL80211_CMD_GET_STATION(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000001880)={&(0x7f0000000740)={0x14, r1, 0x4bcedae9142a5f4d, 0x70bd28, 0x25dfdbfd, {}, [@NL80211_ATTR_MLO_LINKS={0xc, 0x138, 0x0, 0x1, [{0x8, 0x0, 0x0, 0x1, [@NL80211_ATTR_VHT_CAPABILITY={0x4}]}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4001c005}, 0x800) 2.350510943s ago: executing program 5 (id=3272): r0 = semctl$auto_GETPID(0x19, 0x8, 0xb, 0x5) r1 = openat$auto_trace_options_core_fops_trace(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/tracing/options/printk-msg-only\x00', 0xd8100, 0x0) mmap$auto(0x0, 0x80, 0x4000000000df, 0x10011, 0x401, 0x2) r2 = getpgrp(r0) kcmp$auto(0x0, r2, 0x9, 0xffffffffffffffff, r1) syz_open_procfs$namespace(r2, &(0x7f0000000000)='ns/uts\x00') socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r3) sendmsg$auto_NL80211_CMD_RELOAD_REGDB(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000", @ANYRES16=r4, @ANYBLOB="05083dbd7000fbdbdf257e000000"], 0x14}, 0x1, 0x0, 0x0, 0x4004044}, 0x8000) ioctl$auto(0xffffffffffffffff, 0xc0305302, 0x38) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x20000004}, 0x20004010) r5 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r5, 0xc0481273, &(0x7f00000000c0)={"ef65ce6c00cf81000000ffffffffffffff291d000000000700000000000300", 0x3ff, 0x408, 0xfff, 0x400004, 0x200000000040000d}) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) r6 = memfd_secret$auto(0x0) mmap$auto(0x0, 0x9, 0x5446161c, 0x8000000008011, 0x3, 0x10000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sysfs$auto(0x2, 0x23, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/pm_debug_messages\x00', 0xa001, 0x0) r7 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/tracing/set_event\x00', 0x22201, 0x0) write$auto(r7, 0x0, 0x4) mmap$auto(0x0, 0x4000002020009, 0x3, 0x10, 0xfffffffffffffffa, 0x8000) syz_genetlink_get_family_id$auto_nlctrl(&(0x7f0000000280), r6) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) r8 = io_uring_setup$auto(0x3, 0x0) sync_file_range$auto(r8, 0x5, 0x0, 0x3) kcmp$auto_KCMP_EPOLL_TFD(0x0, 0x0, 0x7, 0xffffffffffffffff, 0x9) 2.183079099s ago: executing program 2 (id=3273): ioperm$auto(0x9, 0x80001, 0x3) bpf$auto(0x0, 0x0, 0x6f4) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) r0 = waitid$auto_P_PGID(0x2, 0x0, &(0x7f0000000040)={@_si_pad}, 0x3, &(0x7f00000000c0)={{0x4, 0x59b}, {0xa, 0x8000}, 0x6, 0x8, 0x0, 0x7, 0x7, 0x3, 0x400, 0x3b7, 0x10000, 0x2, 0x5, 0x6, 0xfff, 0xfd20}) prctl$auto_PR_SET_MM_START_CODE(0x4, 0x1, r0, 0x8, 0x2b0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/module/ueagle_atm/parameters/sync_wait\x00', 0x1e2142, 0x0) prctl$auto(0x16, 0x1, 0xffffffffffffffff, 0x7, 0x32) bpf$auto(0x0, &(0x7f0000000380)=@task_fd_query={0x12, 0x3, 0x4, 0x2f, 0x8, 0xfff, r1, 0x2e, 0x7ff}, 0x6f5) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x3, 0xeb2, 0xfffffffffffffffb, 0x8000) statmount$auto(0x0, 0x0, 0x9, 0xd) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) r2 = socket(0x15, 0x5, 0x0) setsockopt$auto(r2, 0x114, 0x2, 0x0, 0x4) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) socket(0x1, 0x5, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2c, 0x3, 0x0) openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, 0x0, 0x408800, 0x0) setsockopt$auto_SO_REUSEPORT(r4, 0x5, 0xf, &(0x7f0000000080)='*\xb1\x00', 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'dummy0\x00'}) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001ff, 0x7, 0x0, 0x20, 0x9687, 0x100000000000003, 0x1, 0x6, 0x3, 0x64, 0x5, 0x7, 0x6d3f, 0x6, 0xa, 0xfffffffffffffffe]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x6, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x2, 0x8000000000000006]}, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x88282, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) close_range$auto(0x0, 0xfffffffffffff000, 0x2) pidfd_open$auto(0x1, 0x0) 1.912504156s ago: executing program 3 (id=3274): syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f0000000680), 0xffffffffffffffff) ioctl$auto_TIOCGDEV2(0xffffffffffffffff, 0x80045432, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) landlock_create_ruleset$auto(0x0, 0x0, 0x10000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x1000) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x5) sendmsg$auto_CTRL_CMD_GETPOLICY(r0, 0x0, 0x0) mmap$auto(0x0, 0x128009, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) r1 = openat$auto_uhid_fops_uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0) socket(0x21, 0x2, 0xa) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) write$auto_uhid_fops_uhid(r1, 0x0, 0xfccd) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) mkdir$auto(&(0x7f0000000040)='./file0\x00', 0x2) openat$dir(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x8000, 0x70) 1.293371153s ago: executing program 5 (id=3275): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x4000000000000c8, 0x800454cf, 0x3) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r0, 0x4b3a, 0x1) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/teql0/statistics/tx_aborted_errors\x00', 0x0, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/seq/clients\x00', 0xc0100, 0x0) read$auto(r2, 0x0, 0x85) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) r3 = socket(0xa, 0xa, 0x3) setsockopt$auto_SO_WIFI_STATUS(r3, 0x0, 0x30, 0x0, 0x8f) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv4/conf/geneve0/drop_unicast_in_l2_multicast\x00', 0xc1e13b61f74943c7, 0x0) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x21, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x5, 0x4, 0x6, 0x17) madvise$auto(0x0, 0x2003f2, 0x15) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x309801, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) write$auto(r4, 0x0, 0xfffffdef) mseal$auto(0x0, 0x7dda, 0x0) write$auto(r4, 0x0, 0x8) ioctl$auto_USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, 0x0) 1.016497397s ago: executing program 6 (id=3276): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) ioctl$auto_BTRFS_IOC_SCAN_DEV(0xffffffffffffffff, 0x50009404, &(0x7f00000012c0)={@raw=0x401, "1401afb87f9822c701902dcecbf9b0ded75b4062bea43d9666a69569a2cb3a693c9120c671eddba6bf39ff0eaaef5c8c410142b53bedc9539f25008b7840ac8c3475147fa7e42c98131d658051c80ea188aa6d7b6a5b327bef214ec7f83a7ed558c20c72d32fcc10432678db99cfa4898545532162114adb0c5ecd8e8aea904b7ee0e2a9a60a76b423f6d5b1ff228a6462b48d577c921df5557ee4e71ce42af802b85f9caedb65e750b544c01830350c285dd497ac2debcdac1ac71ccf85484375b34af3416e90172a39832343f5a56b1250cb067d36e640c8153940638728ebf0f1642fee15575526575245c9d7f8acb718c1508cf1be7ad318ca08142895948cb8a11b091a3b5281bc2a1a71d83214424113c152b3014e9cf1ce14bf3446cd1fd85b77f6bdd88145e9295637f0e1ab29ca6a37b8561d6bec199cf0bd4963ec2c0aacc5832435fdfe4fac6fb2466322561d2eac673f22d620b90f091e8f4dd2193cd650d9bc5baf3ba0090d5f7fb9a0b15fb261b1818d4ebe5d9f763ed8c84244109d002cf38f95bec03d849869cbf911a6d209c81b9d40bc175f688d724478f3ada27bf8205ff383987429554a10f5f3da8842850f50699a399a8e6df9ad2f04c406468472857de7a76d10076d76d6abafe8a59ca14aa6e2d1f0089b1d1a43d00b74a9adc3352a322c325a54f9ab7d4a279ec010d087d42fa9bd9d5f7bd2d01afd20ef43143d07d6a4fe39124148a84af1448c36750d642d8438ff88a09570ab61571629f405e37529c73e5458ac572f83940a1fc9c6855919fa49714536cca3edfacf7e43b830c8bcea9b20ad076be21351b3983205fe7845279244c747782405d6ae458a0723674d87da03ce6e252d5a9e94f51753c255d109abd89ae8f531d226234f8c274d87bd6b49659a640a4487c6d9eef6472fbabe4cb5c444f5ff6e25267aeef4b4b15d2298b1319b13cd2360290cd72a9c4f15d1606d63d42069b7004d5b725220948f1315345d1283337558e56857cf4e91dcb435f7fb98b8f5b68e588faf13566e9db882ef2a26817cf75d62f13ccab98ba817144f3e7ef1ae35a9c44c9b76b7d78a746ad6ce9487fb2eef95cd1c2ee1ea219dc0cebe5b84be5c94e486fac78c389eb1a77bf52e0ca7c07667d44d0f35cef8ae692ac67d439d4994b3831f761eedddac5fc4206af1ede4653e86c03dbd8c4893c4fec4b6419424832f5bcdd38586baa35f996b77db8ab938c7286146d8a3143561470e4a9c8dfd89d29551cd9998ab7f27419cba4611bf9c09df796cf8146624ae2893c9879114f04c4afe23f4457e672dfefc28674c1d9dd28eb910cbd46a6c2bb6417e6d2d0af9b103c933dad7ef1edebfec1c74d2c96962fedd00a0def12e89530c2554c7441259125ce7650d521939cd60c691ca9c899820aa4d531286fc200f616f9e742a9ad95a119bbe3c231d41699a4e74e588bdec4a5cecdf51102402d7cf7bc48cbf3436193fa2acc9918eaec83c3531306d453a8027456d6f098eb943990f71dcb234201498833a67fb2a08be2471fa8dc4e755c453a64a4d979b4abe3ff23b0cea0555819bfd44933047ccd7400d5e8b85680f66d0db38b20bf2a3e73a01e787eb104ff01d67294eccdc74b69fbba1cc119193f15e1853f3b2a6c89986d286e9ffb96b8822319cc0d050bfced59a346aa466a3e47c03216c8aa6f972c543a08b52f44b1718c0333221f2472f85afa49b87a88ea61b1df52fa8f9cab759d411a6a4ef8db18b044d279c5d77efee712f984e0aeb4708a31620cc9ecefd1256c600efc20386155efeb1341fae51ab753dc1d553a7b085aeebd40e838aa53dbab82be6d5195f9c7c816e6526595fe952af39e4a49d8ee98e33887ec686a960f52ae8bec5d4ea947db30a278c7ee4691a8c683a15265cdf520ee37f0f7a473c152030378834f03a0a7ed4c101711853c7ee69fc7fd271b07ce86630f1158b33c4cbbb206aee0a2d5d13d664b36e981546a9a7fd52e59c00523622fc36073b33e258eb61c514b3677c06319f116ae90478bf6a4f3d402cc6dfbee554954f8484172f58eed3c171b8028adb10e94065e9a1ce59c4191cad5ef1644868833a5579213da124593ddf74b4b5a0afd03a6671a0e5d142aece061d8319b34b4a860bb8760244899b54e96afce89487f99ccb267aa3e39ec250bc97e132691e60d6efd019a247bb865670e35f86dbf2ec4376c2b18c819548d4f65f3c5b739cee7965853e1af34b3db6fa754e9b85a2b794e76ff2bfc67157e67e37e7903a07479bdf54078eb602137038f89e8f3200c0781496b1fba8ee23d290dd1a5c8ef9c3d940941753ad9e329912145c467af5dfb952c164f538005aeb154f9acc1c651ef607a886235bdc1e677d203bba314c05f42bac2e701dd2b68a675ab2ca9dcceacfaadc3f85aa6fa4bedb2a0b72ee2c216c8f91e3a2b5c0fe39924df1b595ceb3d17a66d129b969130a3915873f3125dd3ad9111bee4f33b84a9cf8c7a767477769c139f789e48aae37f038ba44e9030b195ca5ede0a6ab2d80d1ec8c69733a816c620ec605f5d7e9da697dca14545c65905b9e74b529f0492d728dd98f2fd4bca39d4bd457317022f960fbac64f8d114de68d6b4d769fe3685bf9d8b6e672470b5a73e35f2af8974ddfcdd3699c559b699475492c96309aac4f5e6e4729db68b65b6ce4edde17e07826f0d5f88c1b45223c393435038523cc082a047e5c4417b881a47eb4db3fed5457f9303a5f3a8e3025f2134ef5e71027b47cf2e1e3940c74c3141cd5ea7a606a7c572d8868b9e3d022271caa9812a42166f581271a3df42ac9f545d9fc31fae0867ef60c819493c4ce6c10f78270c4eb00b8c4ba93b672c186ebc6a064f14486cb118fef94678b2616e3af862d922cbdafdd0f7a0987e528f9e73d545ce7a6d9e38d477687a5c7ae65604dd1fca0ff497385ae2137dd896bb097ddb16da822d28a226437a3eff0f23153d31a59adf3f2917e3145fb042571f97ded8f960045320efbc8620f561c13cdb21e1199072d93174dd0fa0b7262fa56960f7d985ea601aa8556cbf6489f90127685bcf722a52fee2ab69d324b02eb8a801ae369b75093636d13bcd877bd563f70c06b2be0be4547c67243dad3b44c35767b0eaf272e13b74e55e611ff9b9dce2e23c754ccb799685dfcf67804f777e963ac57847b4c3542acb9e8c668299946e044995a01e0ac45702bc7d2d373f44f46de56b554573ccd046467df6415c58c59c2c87d8059fb0c663e29bc531485c3dadbfa3d27de1a7040842e5ccbaeae22181168a06ccb4ffeb29890d362d2df54d272d9689dd1a2eacc09913385a1270cc256b2b4993ccc9216acdabc1b669d15c0dc7153048173062d228fd63bb5bb3c584bf7fa48d84240d7c25f95a76cd234ba127d7f17a4c43ae3ff264fd1cb68b44de1620cace18d2a881e59b93212d974cfbc08c3f9523b2f98e0f61a4398e978f5cd81735d2fbc8d4c23fa2f2f8307da12dfeb63b33e8e031b300e99663d58b18e93114f49c36d7215857fc17aa5f6fab31bf1ef3544ee8a4e467901bd3723a12d98afdca837546f472b063cde20bb3db5951fd94756389585ba7b026103a9f66295c43dd58c0bb9cff657fbdbe8d8d9992fbd42ddfac64229eea6e3a03336bce075641cd14945000167ae6c50e678a367e21d9a9b5d51bef4cf1a256737a14b65da054a3d88e25baf86ad57b6572802c362bbb3f92ff7ee21f6314247317d70b556fa038fb2215005972c17cb64bf9269ac98dfa122cbdf984e49f56d55d242828c1f1e6e511859d91526f3c94d7c00820f4f0a2f7f7baf9ecfb239ba34442d57da05a6c7fbf3b960deebfa3fb5825756856391c88f2eb845ae23504b3340b9f82468f2815645dbe4154b710c6093eec0fc3b6ff55b6de2c8d17bc8511ac87d706003248465230930db78c414a8b1a3cc0102673d4baab17303f38dfa34503bfe20b100878c9e0f07d9855ec6ad4910716144eb5be9334a0fb608579779a7070d607489fa6763143f2056abeb181caa5947f9ef69168be1b9ea3e1685ea3d58e7f14c1f8b3792d1dacc91fda95b76f819cc9f59a17a55e6c00766116d8bd381d58be04c0de42c5e2c5bb28456cd05485cbf8421e19a3271d423f3e7b67986c7b3c25cf5aaf1118e682911bcd84caab4b56be4bcf0014be4637a58bca4e04a4e5744b3e836fc11825c697bdda0474a14f9c93d1a383af220dbf0b517bffae1daa34e8fbc6a0adff67aa543dacd2d77fadc65937097458129db0a551d4c6514e1d022f8d8417285f601129abdeb2a8f982989240c86cf94bbfa36e5bc5d0e11b7714d745f96e9c8e6d57d331300f21e630be984743f159fa93f1672fb9c1f6ec7a382b08eaec95b58df8f77830d9e745a12ff5fb9dee8f1a16aa83213e30ec94a430924a226bd75d30cc0271c374117e2ee07ca8365b3dd288c55df03014351e98dddfa64e5ad2425ed180341fa46557ca192debe36d436564cd33f52b79d89f5cdb0cc656b369a33e9829054de2f1cfeb9c16ce842fcb0164d824e78e48988108ecaa62245d26ceb7b00c21f03dcf30da102f8bd082eea43788dbbb31f2db80f6bf3dcbccc698af7c7f808708c6f8d5b873c2e20df35da6844b4aaa1209f6ffa76fb8401d1bfaf6a4f01fe1e5ab875a6e12f3d2857cd2214b5c35c44f23f57e7723f2ffbf88a79059ad6212561ef65783ce4ef3cdeb5921e9508cd7e5641bc069764dc05da74e173ce7a877f6c300e3fb3dee2a5ea1cac243a4b57d89dd60be4ba1623e42ef1f2228cd37c46cc94b2854b456051edc17ee8d7005e1140977d1613af08421ff3b2e4f211b495b04a53c34ac2b9565e28f723dbf57faabb915d52dd262cd925a9f86576938f2a6ad437d33dc7a0257bf728542e1799163f0b7804eff5d0e82fe5de9ae2ef7fe7d46b7191dd1e24579c9bc92cf2e1223f9ae75ed899815f06a1348d169f3b120280247604bef015ce570edb6f2bcbdfceea0337412dd431d921f0b44281566182eddb4425566bb874131da402d497be930e9506cceb95076424694f8e8e21910c8c4c4451a0bf595826eaab54f64ffde11053ca08b6bc914947aebc1cc3d8d39a9bce3c986c3ae5735b5baecc7e1397c3e47111de62bca734286002bd46c50933032d6e356dee22aaa3b3bdec69629fc944de5c33d2cfa4f74bb6a854560a235f136efa790f98233767afacf1fb751d40a51f01f745fb51681fb971c6b353788d392ffb60523ceffbb2175b531da8b76229342e7adc5279c6e2e1da35244523d06756fe660cba8936ac0d1e5ae0b1e2813b26450f6fd78309f4b0b1b64506232c85e053f06b684f95dad78ac9e9de8dd9a00a1a33c57b6580f4e132b4e1bc10bdedf6f1e1028acc84d5d20701d4dfcf561c65ebd2e00c8dfe5670092f13a6a6b26001a2a7dfe4521f931ebcc80c39e4b02a444bb0458d6c15c1b1e2734d0eb07a409daf4144e4ed707f2216f0c17e7a0429fbb8b393f03cb7330ab5edce7c31e28c5a17f30d9fd4fef15a74c870a309fb625b04d0749dda1b252cc948c28a8801a8ba468918b20c83bcedd53d5d23787990cf6591eddbadfdbc49236b7c82e47970b35ec5d638a13b74cbddac120b3c06534514a58676110efda449d83689ef7406ebc979c04cb4578851daa13572567467d47d0215050c993a6ee2107ca54792cb8ee99fd2292dd122fbe49dabb4b0decdd34331268831753fd33cf16d68f8f8b"}) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322ddc) r1 = open_by_handle_at$auto(r0, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) sendfile$auto(r1, r0, 0x0, 0x2) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x2000, 0x0) read$auto_proc_sys_file_operations_proc_sysctl(r2, 0x0, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/vtconsole/vtcon1/bind\x00', 0x182b02, 0x0) sendfile$auto(r3, r1, 0x0, 0xa) listen$auto(r3, 0xfffffffa) r4 = socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) syz_open_procfs$namespace(0x0, 0x0) recvfrom$auto(0x4, 0x0, 0x101d0, 0x3ffffd, 0x0, 0x0) syz_clone(0x80000080, &(0x7f0000000040)="3434a5d958d0845368a5a39b0f42c223618d3af76ca76f80992c2de4569ae69abdb655aea5a4ecdca6755ac8cbae5fb37e98d8a2977584daed7821735c6210be1308bdf7873c9b9e8349c84ebda321d53fd85df704fa6633a83583f05a58b1cb1e7bf51a1b5ce769bd9e842d5116b099b7ed4f30b680224c096da2393869cc45c4502412cda9fe943b6523469b514081efc614d465a95a44f1ed2dce675c1005", 0xa0, &(0x7f0000000100), &(0x7f0000000180), &(0x7f00000001c0)) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) socket(0x2, 0x80002, 0x1) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$auto_l2tp(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01002dbd7000f6dbdf250100000008000a0008000000050007003b000000080009009c781e0106000200d900000000000000", @ANYRES32=r4, @ANYBLOB], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48080) io_uring_setup$auto(0x406, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x1, 0x10000, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) 950.418803ms ago: executing program 2 (id=3277): mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x100) setsockopt$auto(0x400000000000003, 0x29, 0x1b, 0x0, 0x56b) setsockopt$auto(0x400000000000003, 0x29, 0x1c, 0x0, 0x56b) r0 = socket(0x15, 0x5, 0x0) bind$auto(r0, &(0x7f0000000080)=@in={0x2, 0x4e22, @remote}, 0x6b) sendmsg$auto_NL802154_CMD_SET_SEC_PARAMS(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000d80)=ANY=[@ANYBLOB="05000000", @ANYRES16=0x0, @ANYBLOB="010025bd7000ffdbdf25150000000500120010000000080027000c000000380b2b80330b248004008080ba89ebda4be9067b59c90d50dab4ba175b1b13d15e19ee0f5bf6c6d2095efcc719c8e137b7ec6062c6c768e512acd0f1208ee2be2b891868abd1934bd95a54945e649a2afd1272f72e8fffb57e3ba1c8fb306ce2ba95180cf54dcca46ab950e626ff31022afd57f1306ee00962cb60c30a9946d642a00256ed0006ec8364307874f7c763c6e9af0222943721fb4fa5b1cecfe3a908b1fd515dad1e0ca0998fa55ca4bbf9412855250567f1b98186d8597ab6fb715cef224b510a7ccc4cae047b6d4ab94775e1158d87be4806455bbd76baaa3a656ed5f316b17a5a27a6ec9904006d80460a8e80b634a4b1ce57b5a586e945eb157cc566d02bed93630b901c93d3fde23606aa3e80e4d0644fef266741cf5f2879924594cd388ed548e2dea74f9d72af19edad4a810af64d79eaa131b2afaca3f428fd83499d9c7a99dfd9a24cbd9bf5b0f0446521fcf1f416f83791795dc86d63c7a05e38c547e208be35b17fb8aa1fa57ea4ac59aac09a5bfb9f08a6d02e58d5040324f4241a9eb63d5a1e48cff0ed3e97c4af9506ca950ce9d115d242277c614a27a77df014ced1df35f069b42113bc6bf5427f9c1ba6924ec8bafc11ba6d9303461e92e3c3e1b4d5b2954d259654ee2bab0385e3b106c4a93525200ce6e3f1e9f6d4b87b61583abced950ff97dade7ebde309c78d4f1ddbff5cb5c3fd141cbb4e56a97183f705019716cf6d6f300c9677b6f14b2b8d708b675b5c4f2357d9c22dd6bba1195ba295a5f713ac28f043cc671fc7b43fb9b40bf17766c79d698dd68d0e385e926971a18a3c3687c3c8202b806432be62b3030a2c9e31da55a6cd98165f7439f9a09508b8c4b9c5ea32aaf1f7c4246ea8700aaccaf476d9cd5e3b2340d17f13ba40c8fdaf4aa4c4b8763fd86d35bda9aab03e3a252d7e4aea01cdad1fad040b29a9e92ee1fd8c010c30b4cc69917cee531e42efa59c735fe8159a292f57fa7a4600e6833032846d87a515d9803770eb4db6712bce7b51fc2f0eff8a292023a8c7c1544c6e53012f9fe13aa8caf795caccfa4ff2321116a86938e2b782e7a57fe5cbff8df11b0bc86d691a7a8df0cc9486c4898e8bafd0b374798ecdba9af994890465f435d5e6408dd9ddd96df1673098864522e964b565d69882198a999ee41c980dafdf3538400c81ad57dc970a72b75d75850913452021a4dfe885342c4e5c33dbcd801b10866908de67b13c5dc4fb51dce74dae4c4c27413c00b50c8e18d1dcfe28974fee5df4cefd05f7e8e21e8881ef7300ca75af8ef7c8cfa0a1cf8771444e3bd449f957fa4500c1f371ccc31a7b196ca809935887d26d3ed24d2dc16c83aa263abd880df1d27d8463e4f29673fbb0a073caaf975314f5660bdf89c285291a46ddb2f8410b02e86bc522808052288fe16dbb7733976605ed2342c69717ba18334138bc68c994ffa20bbad1672a4ee0dc19a0ec177f36995edc671ef8d29211e4b7d0723a18c36c398df2e924a4f55ef95687e6a4aebcf86d36a9791d561c2203fc4a545d30a5173ffc84612c333a73fd0c84f92554294cfbbe86088e79bc6f1c9bc880b4502e4b47af767f47dbccbf4318ec6a33ee42cafc3e6ced6720adf772de614a754c7b0d93208cb0bdd285e8ff9ffe078bb782a57a14204784880a3379af47423967bf134933d350324a845e7aca06245efec7dd272177bbb663bf83c23161cf7d8b32d45502f6bbc6416720652aa197556c3cf5be55e2f8ace74ce95feb288f681d92ed529bb9892472c3633f744bfde252c8b00808d92daa2a3b4771eee9cc83745c326f8ea02119b55a99bddfc498948e53ce2efa0635276810d2211e9e0e63bc850029865d525cbf43cde05009dca149084d9569a1abb0e5f941bd5c67a77685e965b354dc744617960e642512f2cd86236c9a1938f4e799cc0e09beb23791f446e822b86518185d668e7e93daec7b1a9f53034aeabc7c7bf52deefbf5e2a90b085c41c0f528ff2cf81dbc1c28ed95ad75fd65c0e0d793d7111dce84883cbf60cd55e025b824d84e141d54da72111ea2fed1fd8f3c9cf47763ee47a7988d5021ac661641ee95ea9c9d57dd2f8e537f3cb71830a6c1608dadf6beb7339961811f8da34f8fb7b5190f9c146942fda73801812ed6bffa1a60c80e5fd6528e045b40fa78c10f37797d93f827539aa389d59c48254397ff7b72325465d18b04acac619d9d5f80d46b57d28a76fbe83203ecacb91328b145ebbe356178a1eb1c09101fe785c98aab93485ae7b4217412b7ea31fdd965eaaf78d3ab4eec8bc689062b738c002fd94f9cd18bbc5285c57854f9092e85d90ec205f43fcc9d27cd6041fb73ed3164e7f2cb3ea694b89a1879f8cbcdbffdab4b277d0fa3dba5061952d266b2f3821f79cd2b3bf107c6250e711c9ddba407c9ed323d2dfda23d5a4088f8199d1cbb311a1b051da8d792299f471f0ca7fd7925695acaf01e7ad022d96dfb30e66d551fb37522baf2ea71cc5a6416124ee2138c3f2fb5cca4b71eb9d3571deebc898b62406f416caa3fcd732f9661548d8b7ec74bc94d9dcc92b0048abc2b358c0007a905c9513affbd873a368e0b5872a2f4cdc4bb8602ad3ec77cba3e150c8993f5fc88ac7e6b2642f4660486d5823482aae8f90ee7913abdb064398cebe5946c2920d7d99935571f9b1eeb4529373538e699dda91425660a1010a4cf7e9a10713f57fa1d601467ec51ad5153bd94582320ff55380ca7efefacf62f822b948cb3b93f68978f248639c51ac97e3f56bcca9990839ee01df9773b22cf261310d4b3c6b03ef54a9a848c10d1252d0412a8f01ff61bd6978112d6b69e2f71e02a04f43f3a1a8259f7e83c26fc5bc703a8b6d3d325f08b08f9dc10b8f654871386ef94d2493463f7f3d0b20bf93be475b0ed9e870aaedd63b8d08877651bace68300e3a1b0a5d1a3da2b246fef82de3b57eca440ae7a7656ff31ae74cad3a80f1ae615f2747589d4859ec1981a6a5176168db86ab5f6930d4679762956e408d2268cad53aa10727c8b8952114b17c352782dc9afc120535bcb99bcf1161397f19ac4d288677e48f0e6bfdcf5f852a8bc1b432399f0ade5db9585e09e4cc96a63dd7bddecbbaae880678f94111108d76c5d825629a3eee16b2a6362c59ba3cf99a2e2bcfa62d010706bca5c0d009b141f1c3f6a9cc58234f97a5721a3ee31772877ffda5507f8e7053e15cb60df08184dbdd9f2af7a618781fdd39d32404f3e2dc6ac48f35ce31bc70a019235b7776114ef2ae75ebf7b7191e5a61e1c5c82340e12dd98cf9125a3fb1c8062a206ac2aa98e708a190b1b70d1c2450b47394d8e1f21c541b3f4139d2159e9a37acf2ee9ba5e0cf99221a43b46793cad7b7b71784032a0092abb25380fa77646f948ed456d6fa1fb749f736e10491e39569c073308ee782562a59a719e4b8910f737a41ee0644db9905d22f44bae257749b03667b535af492012ad1c50f1d88a46a2c3aeeca86026c6e5ca8289bb153ff85aade4bd00b9bb87017d7816c24a0e71b0d0dcf6dedbc956c81bf445d665da7cb1c009be2f8d7eb286e2e2595166b8df0541ff0b80ab20d9ba30058ef52dc2c1905133bcca7193320811e0bc083798b80bce7e84ea9135d976fbc339b0814cb4f4dd9a71f9a2f1a78da4c60c1671b6ef41798646a702fd9eeb67bd250df336f0c1889c54be82bfc4238d6568ca0e7bf7a3005126d605a867b47f2c96fd6a92a9cf463270a9e2df32c6959c2f272b48a6b76fe7393dc12713c99888e0d03ffdac04f5d3c87e5343bc1a6127484b6d7e18e97a329ae582b8c3dd1be170cff9fdebcadfb339c67a303e15d6f779da6fbd91b401ac8e32fe1a0f16b5aa52ca7801d12aaba5c57945b3d0e768370e031d268b101df06ceaca597ca754d933b08f3b248548d267cbb16430c5110cdaf5b36bc2cf6a7c24f143277f606cbe77ef320505986fa5dc876e87ec74a2c06d0e893ed3da67cd814f209b3720e98d1b2f6afd245bcb6"], 0xb5c}, 0x1, 0x0, 0x0, 0x20000000}, 0x48880) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "abe6de3d6468fe8000"}, 0x55) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800007ffe) close_range$auto(0x2, 0x8, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80c40, 0xb5d1af1605322c68) mmap$auto(0x401, 0x2a, 0x0, 0x9b71, r1, 0x2) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x3, 0x800005411, 0x38) socket(0x2, 0x80002, 0x73) connect$auto(0xffffffffffffffff, &(0x7f0000000080)=@l2tp={0x2, 0x0, @broadcast, 0x4}, 0x51) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(0xffffffffffffffff, 0x40345410, &(0x7f00000000c0)={{0x0, 0x2, 0x200800, 0xffffffff, 0xfffffffb}, "0dd7fd004929347eeeccdf0732f77b1f6de0d6d51768a257a97ca5e9ca6310ea"}) r3 = socket(0x11, 0x3, 0x6) sendmmsg$auto(r3, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5a7, &(0x7f0000000100)={&(0x7f0000000180)="e9fa8901070d"}, 0x5, 0x0, 0x0, 0x1001}, 0x7}, 0x2, 0x140) openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x1a6b75d63882a712, 0x0) r4 = open_by_handle_at$auto(r2, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) sendfile$auto(r4, r2, 0x0, 0x2) r5 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/net/dummy0/ifalias\x00', 0x8041, 0x0) write$auto(r5, &(0x7f0000000500)='%[.[`T\n&\xc1\x1e\xae\xb8\xd7\x95\x17\xa3\x7f\xa3\xa7\xf2M\xd1(h\xa51T\x9fQG0\xe8\xd1\xd7m\xafF\x04\"h\xe6\x10\f)\x7f\x83\xcc\xb4\xa4:R\f\xe7\xe6\xb1I\x03\x9a\xca\x8f\x8c\xbb\xe1*\x9d\x11\x9a\x04F9\"\xe3\xc2\x0f\xc5\xcf\x0f\xb1,w\xfe\x06h\xff\x03\x00\x00E\x8b}\xa2\xb9g\xa3\xbe|l3\xda\x9bzl\x8c\x8b\xce\x12*=`\x11\xef2\xf3 \xec\xbe:h\x9e\xc8\xf1\x15\xfa\x90\x9d\xeec\xbf\xf9\xf2\xcc\xf5\xa3F\xc2', 0x400) madvise$auto(0x0, 0xffffffffffff0001, 0x15) 0s ago: executing program 2 (id=3278): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000040)={0x0, 0x80000000}, 0x6, 0x2, 0x10000000004, 0x9) ioctl$auto_BLKFLSBUF(r0, 0x1261, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/sda\x00', 0x200000, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008012, r1, 0x8000) mprotect$auto(0xfff, 0x5, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(r1, 0x8, 0x7d) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) r2 = socket(0x10, 0x80002, 0x8) close_range$auto(r2, r2, 0x0) pipe$auto(0x0) splice$auto(r2, 0x0, 0x2, 0x0, 0x3fb, 0x9) write$auto(r2, 0x0, 0x40) dup2$auto(0x5, 0x4) setreuid$auto(0xffffffffffffffff, 0xffffffffffffffff) splice$auto(0x4, 0x0, 0x2, 0x0, 0x80000000, 0x9) mmap$auto(0x0, 0x2020009, 0xd, 0xeb1, 0xfffffffffffffffa, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80802, 0x0) r3 = socket(0x2b, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x11}}, 0x6a) sendmmsg$auto(r3, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x3, 0x20000000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) kernel console output (not intermixed with test programs): all_64+0x115/0x840 [ 1045.227434][T17928] ? clear_bhb_loop+0x40/0x90 [ 1045.232137][T17928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1045.238039][T17928] RIP: 0033:0x7f2b4c99ce59 [ 1045.242460][T17928] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1045.262074][T17928] RSP: 002b:00007f2b4d8e4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1045.270498][T17928] RAX: ffffffffffffffda RBX: 00007f2b4cc16090 RCX: 00007f2b4c99ce59 [ 1045.278477][T17928] RDX: 0000000000000003 RSI: 0000200000000240 RDI: 0000000000000004 [ 1045.286451][T17928] RBP: 00007f2b4ca32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1045.294429][T17928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1045.302412][T17928] R13: 00007f2b4cc16128 R14: 00007f2b4cc16090 R15: 00007ffcc4105e38 [ 1045.310402][T17928] [ 1046.108934][T16365] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1046.117136][T16365] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 1046.128938][T16365] CPU: 0 UID: 0 PID: 16365 Comm: kworker/u11:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 1046.128976][T16365] Tainted: [L]=SOFTLOCKUP [ 1046.128985][T16365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1046.129003][T16365] Workqueue: hci3 hci_rx_work [ 1046.129037][T16365] Call Trace: [ 1046.129045][T16365] [ 1046.129054][T16365] dump_stack_lvl+0x100/0x190 [ 1046.129082][T16365] sysfs_warn_dup.cold+0x1c/0x28 [ 1046.129124][T16365] sysfs_create_dir_ns+0x24b/0x2b0 [ 1046.129152][T16365] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1046.129177][T16365] ? find_held_lock+0x2b/0x80 [ 1046.129208][T16365] ? kobject_add_internal+0x25f/0x930 [ 1046.129233][T16365] ? kobject_add_internal+0x25f/0x930 [ 1046.129260][T16365] ? do_raw_spin_unlock+0x145/0x1e0 [ 1046.129290][T16365] kobject_add_internal+0x2c8/0x930 [ 1046.129320][T16365] kobject_add+0x16a/0x1e0 [ 1046.129343][T16365] ? __pfx_kobject_add+0x10/0x10 [ 1046.129366][T16365] ? class_to_subsys+0x10f/0x150 [ 1046.129401][T16365] ? kobject_put+0xb9/0x640 [ 1046.129438][T16365] ? _raw_spin_unlock+0x28/0x50 [ 1046.129477][T16365] device_add+0x294/0x1950 [ 1046.129504][T16365] ? __pfx_dev_set_name+0x10/0x10 [ 1046.129547][T16365] ? __pfx_device_add+0x10/0x10 [ 1046.129574][T16365] ? mgmt_send_event_skb+0x2fb/0x460 [ 1046.129613][T16365] hci_conn_add_sysfs+0x1a3/0x260 [ 1046.129651][T16365] le_conn_complete_evt+0x11eb/0x1f60 [ 1046.129690][T16365] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1046.129720][T16365] ? __pfx_bt_warn+0x10/0x10 [ 1046.129763][T16365] hci_le_conn_complete_evt+0x23c/0x3a0 [ 1046.129795][T16365] ? skb_pull_data+0x15f/0x1e0 [ 1046.129836][T16365] hci_le_meta_evt+0x34a/0x5f0 [ 1046.129870][T16365] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1046.129906][T16365] hci_event_packet+0x51c/0xcd0 [ 1046.129937][T16365] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1046.129972][T16365] ? __pfx_hci_event_packet+0x10/0x10 [ 1046.130006][T16365] ? kcov_remote_start+0x374/0x660 [ 1046.130040][T16365] ? lockdep_hardirqs_on+0x78/0x100 [ 1046.130080][T16365] hci_rx_work+0x451/0xfc0 [ 1046.130116][T16365] process_one_work+0xa0e/0x1980 [ 1046.130171][T16365] ? __pfx_process_one_work+0x10/0x10 [ 1046.130204][T16365] ? __pfx_hci_rx_work+0x10/0x10 [ 1046.130238][T16365] worker_thread+0x5ef/0xe50 [ 1046.130269][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1046.130294][T16365] ? kthread+0x13a/0x450 [ 1046.130329][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1046.130351][T16365] kthread+0x370/0x450 [ 1046.130388][T16365] ? __pfx_kthread+0x10/0x10 [ 1046.130428][T16365] ret_from_fork+0x72b/0xd50 [ 1046.130455][T16365] ? __pfx_ret_from_fork+0x10/0x10 [ 1046.130483][T16365] ? __switch_to+0x800/0x1100 [ 1046.130515][T16365] ? __switch_to_asm+0x39/0x70 [ 1046.130547][T16365] ? __pfx_kthread+0x10/0x10 [ 1046.130586][T16365] ret_from_fork_asm+0x1a/0x30 [ 1046.130633][T16365] [ 1046.130679][T16365] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1046.441721][T16365] Bluetooth: hci3: failed to register connection device [ 1046.449766][T16365] Bluetooth: hci3: ISO packet for unknown connection handle 5 [ 1048.491055][T16387] Bluetooth: hci3: command 0x2016 tx timeout [ 1050.562038][T16365] Bluetooth: hci3: command 0x2016 tx timeout [ 1050.908536][T17988] Process accounting resumed [ 1051.574231][T18011] FAULT_INJECTION: forcing a failure. [ 1051.574231][T18011] name failslab, interval 1, probability 0, space 0, times 0 [ 1051.608214][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 1051.624907][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 1051.665830][T18011] CPU: 0 UID: 0 PID: 18011 Comm: syz.3.2462 Tainted: G L syzkaller #0 PREEMPT(full) [ 1051.665869][T18011] Tainted: [L]=SOFTLOCKUP [ 1051.665877][T18011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1051.665892][T18011] Call Trace: [ 1051.665900][T18011] [ 1051.665910][T18011] dump_stack_lvl+0x100/0x190 [ 1051.665939][T18011] should_fail_ex.cold+0x5/0xa [ 1051.665969][T18011] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1051.666004][T18011] should_failslab+0xc2/0x120 [ 1051.666033][T18011] __kmalloc_noprof+0xe0/0x850 [ 1051.666054][T18011] ? kfree+0x1dd/0x6c0 [ 1051.666092][T18011] tomoyo_realpath_from_path+0xb6/0x690 [ 1051.666134][T18011] tomoyo_path_number_perm+0x23c/0x580 [ 1051.666163][T18011] ? tomoyo_path_number_perm+0x22e/0x580 [ 1051.666194][T18011] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1051.666253][T18011] ? find_held_lock+0x2b/0x80 [ 1051.666283][T18011] ? __fget_files+0x215/0x3d0 [ 1051.666312][T18011] ? hook_file_ioctl_common+0x149/0x410 [ 1051.666343][T18011] ? __fget_files+0x215/0x3d0 [ 1051.666376][T18011] ? __fget_files+0x21f/0x3d0 [ 1051.666409][T18011] security_file_ioctl+0xd3/0x230 [ 1051.666440][T18011] __x64_sys_ioctl+0xb7/0x210 [ 1051.666475][T18011] do_syscall_64+0x115/0x840 [ 1051.666512][T18011] ? clear_bhb_loop+0x40/0x90 [ 1051.666541][T18011] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1051.666566][T18011] RIP: 0033:0x7fc42679ce59 [ 1051.666585][T18011] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1051.666610][T18011] RSP: 002b:00007fc427694028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1051.666633][T18011] RAX: ffffffffffffffda RBX: 00007fc426a15fa0 RCX: 00007fc42679ce59 [ 1051.666649][T18011] RDX: 0000200000000040 RSI: 00000000805c6103 RDI: 0000000000000003 [ 1051.666664][T18011] RBP: 00007fc427694090 R08: 0000000000000000 R09: 0000000000000000 [ 1051.666678][T18011] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1051.666692][T18011] R13: 00007fc426a16038 R14: 00007fc426a15fa0 R15: 00007fff2bd64de8 [ 1051.666723][T18011] [ 1051.666750][T18011] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1053.831534][T18048] cifs: Unknown parameter 'no+ 1§• Ö`ÑørêsFn)ÈøaõH†šÄ¿¡h`àØÝë9k¤A}€žŠ1\D@‹Ç.ÁäZÔCg^‚' [ 1054.626063][T18064] FAULT_INJECTION: forcing a failure. [ 1054.626063][T18064] name failslab, interval 1, probability 0, space 0, times 0 [ 1054.683968][T18064] CPU: 0 UID: 0 PID: 18064 Comm: syz.5.2471 Tainted: G L syzkaller #0 PREEMPT(full) [ 1054.684008][T18064] Tainted: [L]=SOFTLOCKUP [ 1054.684017][T18064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1054.684033][T18064] Call Trace: [ 1054.684042][T18064] [ 1054.684052][T18064] dump_stack_lvl+0x100/0x190 [ 1054.684082][T18064] should_fail_ex.cold+0x5/0xa [ 1054.684123][T18064] ? tomoyo_encode2+0xfb/0x3c0 [ 1054.684158][T18064] should_failslab+0xc2/0x120 [ 1054.684188][T18064] __kmalloc_noprof+0xe0/0x850 [ 1054.684210][T18064] ? d_absolute_path+0x136/0x1b0 [ 1054.684239][T18064] tomoyo_encode2+0xfb/0x3c0 [ 1054.684278][T18064] tomoyo_encode+0x29/0x50 [ 1054.684312][T18064] tomoyo_realpath_from_path+0x18c/0x690 [ 1054.684356][T18064] tomoyo_check_open_permission+0x2af/0x3c0 [ 1054.684389][T18064] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1054.684432][T18064] ? hook_file_open+0x24e/0x7a0 [ 1054.684486][T18064] ? path_get+0x61/0x80 [ 1054.684524][T18064] tomoyo_file_open+0x6b/0x90 [ 1054.684548][T18064] security_file_open+0xb5/0x1e0 [ 1054.684583][T18064] do_dentry_open+0x588/0x14d0 [ 1054.684622][T18064] vfs_open+0x82/0x3f0 [ 1054.684662][T18064] path_openat+0x208c/0x31a0 [ 1054.684703][T18064] ? __pfx_path_openat+0x10/0x10 [ 1054.684746][T18064] do_file_open+0x20e/0x430 [ 1054.684780][T18064] ? __pfx_do_file_open+0x10/0x10 [ 1054.684849][T18064] ? alloc_fd+0x476/0x790 [ 1054.684882][T18064] ? do_getname+0x191/0x390 [ 1054.684926][T18064] do_sys_openat2+0x10d/0x1e0 [ 1054.684965][T18064] ? __pfx_do_sys_openat2+0x10/0x10 [ 1054.685015][T18064] __x64_sys_openat+0x12d/0x210 [ 1054.685055][T18064] ? __pfx___x64_sys_openat+0x10/0x10 [ 1054.685094][T18064] ? ksys_write+0x1ac/0x250 [ 1054.685128][T18064] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1054.685167][T18064] ? syscall_user_dispatch+0x76/0x130 [ 1054.685199][T18064] do_syscall_64+0x115/0x840 [ 1054.685235][T18064] ? clear_bhb_loop+0x40/0x90 [ 1054.685265][T18064] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1054.685290][T18064] RIP: 0033:0x7f55ccd9ce59 [ 1054.685309][T18064] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1054.685333][T18064] RSP: 002b:00007f55cdb78028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1054.685357][T18064] RAX: ffffffffffffffda RBX: 00007f55cd016090 RCX: 00007f55ccd9ce59 [ 1054.685374][T18064] RDX: 00000000000c8042 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1054.685390][T18064] RBP: 00007f55cce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1054.685405][T18064] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1054.685420][T18064] R13: 00007f55cd016128 R14: 00007f55cd016090 R15: 00007ffdc98599e8 [ 1054.685451][T18064] [ 1055.569090][T18079] ubi0: attaching mtd0 [ 1055.574828][T18079] ubi0: scanning is finished [ 1055.590615][T18079] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1055.781418][T18079] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1055.908546][T18064] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1055.951888][T18088] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1056.049380][T18089] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1057.799736][T18112] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1058.468535][T18120] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2485'. [ 1058.939807][T18131] RDS: rds_bind could not find a transport for ::ffff:172.20.20.187, load rds_tcp or rds_rdma? [ 1059.040730][T18135] netlink: 'syz.0.2489': attribute type 1 has an invalid length. [ 1059.087187][T18125] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1060.571106][T18122] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1062.467068][T18186] ubi0: attaching mtd0 [ 1062.591811][T18186] ubi0: scanning is finished [ 1062.718235][T18186] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1063.156944][T18186] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1064.421942][T16365] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1064.444014][T16365] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1064.456216][T16365] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1064.468676][T16365] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1064.480220][T16365] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1065.883184][T12330] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1066.261369][T12330] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1066.494108][T12330] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1066.566114][T16365] Bluetooth: hci1: command tx timeout [ 1067.671893][T12330] bridge_slave_1: left allmulticast mode [ 1067.710529][T12330] bridge_slave_1: left promiscuous mode [ 1067.774140][T12330] bridge0: port 2(bridge_slave_1) entered disabled state [ 1067.833488][T12330] bridge_slave_0: left allmulticast mode [ 1067.879368][T12330] bridge_slave_0: left promiscuous mode [ 1067.926125][T12330] bridge0: port 1(bridge_slave_0) entered disabled state [ 1067.972456][T16365] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1067.980888][T16365] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 1067.990385][T16365] CPU: 0 UID: 0 PID: 16365 Comm: kworker/u11:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 1067.990424][T16365] Tainted: [L]=SOFTLOCKUP [ 1067.990433][T16365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1067.990449][T16365] Workqueue: hci3 hci_rx_work [ 1067.990483][T16365] Call Trace: [ 1067.990493][T16365] [ 1067.990502][T16365] dump_stack_lvl+0x100/0x190 [ 1067.990530][T16365] sysfs_warn_dup.cold+0x1c/0x28 [ 1067.990568][T16365] sysfs_create_dir_ns+0x24b/0x2b0 [ 1067.990596][T16365] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1067.990621][T16365] ? find_held_lock+0x2b/0x80 [ 1067.990652][T16365] ? kobject_add_internal+0x25f/0x930 [ 1067.990677][T16365] ? kobject_add_internal+0x25f/0x930 [ 1067.990704][T16365] ? do_raw_spin_unlock+0x145/0x1e0 [ 1067.990733][T16365] kobject_add_internal+0x2c8/0x930 [ 1067.990763][T16365] kobject_add+0x16a/0x1e0 [ 1067.990787][T16365] ? __pfx_kobject_add+0x10/0x10 [ 1067.990822][T16365] ? class_to_subsys+0x10f/0x150 [ 1067.990854][T16365] ? kobject_put+0xb9/0x640 [ 1067.990910][T16365] ? _raw_spin_unlock+0x28/0x50 [ 1067.990948][T16365] device_add+0x294/0x1950 [ 1067.990976][T16365] ? __pfx_dev_set_name+0x10/0x10 [ 1067.991008][T16365] ? __pfx_device_add+0x10/0x10 [ 1067.991035][T16365] ? mgmt_send_event_skb+0x2fb/0x460 [ 1067.991076][T16365] hci_conn_add_sysfs+0x1a3/0x260 [ 1067.991115][T16365] le_conn_complete_evt+0x11eb/0x1f60 [ 1067.991155][T16365] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1067.991186][T16365] ? __pfx_bt_warn+0x10/0x10 [ 1067.991238][T16365] hci_le_conn_complete_evt+0x23c/0x3a0 [ 1067.991271][T16365] ? skb_pull_data+0x15f/0x1e0 [ 1067.991308][T16365] hci_le_meta_evt+0x34a/0x5f0 [ 1067.991344][T16365] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1067.991381][T16365] hci_event_packet+0x51c/0xcd0 [ 1067.991414][T16365] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1067.991450][T16365] ? __pfx_hci_event_packet+0x10/0x10 [ 1067.991485][T16365] ? kcov_remote_start+0x374/0x660 [ 1067.991519][T16365] ? lockdep_hardirqs_on+0x78/0x100 [ 1067.991561][T16365] hci_rx_work+0x451/0xfc0 [ 1067.991612][T16365] process_one_work+0xa0e/0x1980 [ 1067.991647][T16365] ? __pfx_process_one_work+0x10/0x10 [ 1067.991698][T16365] ? __pfx_hci_rx_work+0x10/0x10 [ 1067.991732][T16365] worker_thread+0x5ef/0xe50 [ 1067.991764][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1067.991789][T16365] ? kthread+0x13a/0x450 [ 1067.991824][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1067.991846][T16365] kthread+0x370/0x450 [ 1067.991882][T16365] ? __pfx_kthread+0x10/0x10 [ 1067.991922][T16365] ret_from_fork+0x72b/0xd50 [ 1067.991949][T16365] ? __pfx_ret_from_fork+0x10/0x10 [ 1067.991976][T16365] ? __switch_to+0x800/0x1100 [ 1067.992009][T16365] ? __switch_to_asm+0x39/0x70 [ 1067.992052][T16365] ? __pfx_kthread+0x10/0x10 [ 1067.992090][T16365] ret_from_fork_asm+0x1a/0x30 [ 1067.992135][T16365] [ 1067.992178][T16365] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1068.313788][T16365] Bluetooth: hci3: failed to register connection device [ 1068.532116][T18248] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1068.654964][T16365] Bluetooth: hci1: command tx timeout [ 1068.949707][T16365] Bluetooth: hci2: unexpected event for opcode 0x7c89 [ 1069.190911][T12330] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1069.238071][T12330] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1069.278764][T12330] bond0 (unregistering): Released all slaves [ 1069.711057][T18260] dlm: plock device version mismatch: kernel (1.2.0), user (1489226698.240317300.1121487582) [ 1069.721817][ T5293] 8021q: adding VLAN 0 to HW filter on device eth9 [ 1070.387870][T16365] Bluetooth: hci3: command 0x2016 tx timeout [ 1070.521145][T12330] hsr_slave_0: left promiscuous mode [ 1070.551685][T12330] hsr_slave_1: left promiscuous mode [ 1070.582311][T12330] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1070.631171][T12330] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1070.690022][T12330] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1070.706308][T16387] Bluetooth: hci1: command tx timeout [ 1070.733758][T12330] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1070.833866][T12330] veth1_macvtap: left promiscuous mode [ 1070.876002][T12330] veth0_macvtap: left promiscuous mode [ 1070.907849][T12330] veth1_vlan: left promiscuous mode [ 1070.933317][T12330] veth0_vlan: left promiscuous mode [ 1072.034257][T12330] team0 (unregistering): Port device team_slave_1 removed [ 1072.092880][T12330] team0 (unregistering): Port device team_slave_0 removed [ 1072.458112][T16387] Bluetooth: hci3: command 0x2016 tx timeout [ 1072.638312][ T5293] 8021q: adding VLAN 0 to HW filter on device eth10 [ 1072.778308][T16387] Bluetooth: hci1: command tx timeout [ 1072.803097][T18204] bridge0: port 1(bridge_slave_0) entered blocking state [ 1072.835584][T18204] bridge0: port 1(bridge_slave_0) entered disabled state [ 1072.876579][T18204] bridge_slave_0: entered allmulticast mode [ 1072.901336][T18301] FAULT_INJECTION: forcing a failure. [ 1072.901336][T18301] name failslab, interval 1, probability 0, space 0, times 0 [ 1072.925779][T18204] bridge_slave_0: entered promiscuous mode [ 1072.947234][T18301] CPU: 0 UID: 0 PID: 18301 Comm: syz.5.2511 Tainted: G L syzkaller #0 PREEMPT(full) [ 1072.947271][T18301] Tainted: [L]=SOFTLOCKUP [ 1072.947279][T18301] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1072.947295][T18301] Call Trace: [ 1072.947303][T18301] [ 1072.947312][T18301] dump_stack_lvl+0x100/0x190 [ 1072.947345][T18301] should_fail_ex.cold+0x5/0xa [ 1072.947376][T18301] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1072.947414][T18301] should_failslab+0xc2/0x120 [ 1072.947445][T18301] __kmalloc_noprof+0xe0/0x850 [ 1072.947467][T18301] ? kfree+0x1dd/0x6c0 [ 1072.947506][T18301] tomoyo_realpath_from_path+0xb6/0x690 [ 1072.947548][T18301] tomoyo_check_open_permission+0x2af/0x3c0 [ 1072.947580][T18301] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1072.947622][T18301] ? hook_file_open+0x24e/0x7a0 [ 1072.947673][T18301] ? path_get+0x61/0x80 [ 1072.947709][T18301] tomoyo_file_open+0x6b/0x90 [ 1072.947733][T18301] security_file_open+0xb5/0x1e0 [ 1072.947767][T18301] do_dentry_open+0x588/0x14d0 [ 1072.947804][T18301] vfs_open+0x82/0x3f0 [ 1072.947843][T18301] path_openat+0x208c/0x31a0 [ 1072.947884][T18301] ? __pfx_path_openat+0x10/0x10 [ 1072.947931][T18301] do_file_open+0x20e/0x430 [ 1072.947964][T18301] ? __pfx_do_file_open+0x10/0x10 [ 1072.948016][T18301] ? alloc_fd+0x476/0x790 [ 1072.948049][T18301] ? do_getname+0x191/0x390 [ 1072.948087][T18301] do_sys_openat2+0x10d/0x1e0 [ 1072.948125][T18301] ? __pfx_do_sys_openat2+0x10/0x10 [ 1072.948173][T18301] __x64_sys_openat+0x12d/0x210 [ 1072.948212][T18301] ? __pfx___x64_sys_openat+0x10/0x10 [ 1072.948249][T18301] ? ksys_write+0x1ac/0x250 [ 1072.948281][T18301] ? rcu_is_watching+0x12/0xc0 [ 1072.948313][T18301] do_syscall_64+0x115/0x840 [ 1072.948349][T18301] ? clear_bhb_loop+0x40/0x90 [ 1072.948379][T18301] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1072.948404][T18301] RIP: 0033:0x7f55ccd9ce59 [ 1072.948423][T18301] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1072.948448][T18301] RSP: 002b:00007f55cdb99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1072.948471][T18301] RAX: ffffffffffffffda RBX: 00007f55cd015fa0 RCX: 00007f55ccd9ce59 [ 1072.948491][T18301] RDX: 00000000000c8042 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1072.948506][T18301] RBP: 00007f55cce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1072.948522][T18301] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1072.948536][T18301] R13: 00007f55cd016038 R14: 00007f55cd015fa0 R15: 00007ffdc98599e8 [ 1072.948567][T18301] [ 1072.948586][T18301] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1073.455054][T18204] bridge0: port 2(bridge_slave_1) entered blocking state [ 1073.475919][T18204] bridge0: port 2(bridge_slave_1) entered disabled state [ 1073.512680][T18204] bridge_slave_1: entered allmulticast mode [ 1073.556063][T18204] bridge_slave_1: entered promiscuous mode [ 1073.801271][T18204] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1073.886526][T18204] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1074.076402][T18204] team0: Port device team_slave_0 added [ 1074.136970][T18204] team0: Port device team_slave_1 added [ 1074.183647][T18318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2513'. [ 1074.316269][T18204] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1074.363685][T18204] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1074.486381][T18204] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1074.556620][T18204] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1074.590930][T18204] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1074.725184][T18204] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1075.068952][T18204] hsr_slave_0: entered promiscuous mode [ 1075.094628][T18204] hsr_slave_1: entered promiscuous mode [ 1075.124275][T18204] debugfs: 'hsr0' already exists in 'hsr' [ 1075.148506][T18204] Cannot create hsr debugfs directory [ 1075.368886][ T5293] 8021q: adding VLAN 0 to HW filter on device eth11 [ 1076.363253][T18346] FAULT_INJECTION: forcing a failure. [ 1076.363253][T18346] name failslab, interval 1, probability 0, space 0, times 0 [ 1076.458846][T18346] CPU: 0 UID: 0 PID: 18346 Comm: syz.5.2517 Tainted: G L syzkaller #0 PREEMPT(full) [ 1076.458884][T18346] Tainted: [L]=SOFTLOCKUP [ 1076.458896][T18346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1076.458911][T18346] Call Trace: [ 1076.458919][T18346] [ 1076.458928][T18346] dump_stack_lvl+0x100/0x190 [ 1076.458958][T18346] should_fail_ex.cold+0x5/0xa [ 1076.458988][T18346] ? tracepoint_add_func+0x3a8/0x1150 [ 1076.459024][T18346] should_failslab+0xc2/0x120 [ 1076.459054][T18346] __kmalloc_noprof+0xe0/0x850 [ 1076.459080][T18346] ? __pfx_trace_event_raw_event_nfsd_file_open_class+0x10/0x10 [ 1076.459137][T18346] tracepoint_add_func+0x3a8/0x1150 [ 1076.459171][T18346] ? __pfx_trace_event_raw_event_nfsd_file_open_class+0x10/0x10 [ 1076.459205][T18346] ? __pfx_trace_event_raw_event_nfsd_file_open_class+0x10/0x10 [ 1076.459233][T18346] tracepoint_probe_register+0xc4/0x110 [ 1076.459270][T18346] ? __pfx_tracepoint_probe_register+0x10/0x10 [ 1076.459307][T18346] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1076.459344][T18346] ? __pfx_trace_event_raw_event_nfsd_file_open_class+0x10/0x10 [ 1076.459381][T18346] trace_event_reg+0x209/0x350 [ 1076.459419][T18346] __ftrace_event_enable_disable+0x211/0x6f0 [ 1076.459460][T18346] __ftrace_set_clr_event_nolock+0x390/0xc30 [ 1076.459510][T18346] ftrace_set_clr_event+0x1b7/0x3f0 [ 1076.459539][T18346] ? __pfx_ftrace_set_clr_event+0x10/0x10 [ 1076.459566][T18346] ? trace_get_user+0x3ae/0xa70 [ 1076.459608][T18346] ftrace_event_write+0x259/0x2c0 [ 1076.459636][T18346] ? __pfx_ftrace_event_write+0x10/0x10 [ 1076.459680][T18346] vfs_write+0x2aa/0x1070 [ 1076.459710][T18346] ? __pfx_ftrace_event_write+0x10/0x10 [ 1076.459740][T18346] ? __pfx_vfs_write+0x10/0x10 [ 1076.459767][T18346] ? __fget_files+0x215/0x3d0 [ 1076.459802][T18346] ? __fget_files+0x21f/0x3d0 [ 1076.459838][T18346] ksys_write+0x12a/0x250 [ 1076.459866][T18346] ? __pfx_ksys_write+0x10/0x10 [ 1076.459897][T18346] ? rcu_is_watching+0x12/0xc0 [ 1076.459928][T18346] do_syscall_64+0x115/0x840 [ 1076.459962][T18346] ? clear_bhb_loop+0x40/0x90 [ 1076.459991][T18346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1076.460015][T18346] RIP: 0033:0x7f55ccd9ce59 [ 1076.460035][T18346] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1076.460058][T18346] RSP: 002b:00007f55cdb99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1076.460080][T18346] RAX: ffffffffffffffda RBX: 00007f55cd015fa0 RCX: 00007f55ccd9ce59 [ 1076.460096][T18346] RDX: 0000000000000af0 RSI: 0000000000000000 RDI: 0000000000000007 [ 1076.460111][T18346] RBP: 00007f55cce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1076.460126][T18346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1076.460144][T18346] R13: 00007f55cd016038 R14: 00007f55cd015fa0 R15: 00007ffdc98599e8 [ 1076.460196][T18346] [ 1077.380497][T18372] random: crng reseeded on system resumption [ 1077.466277][T18375] kAFS: unparsable volume name [ 1077.920469][T18346] event trace: Could not enable event nfsd_file_open [ 1079.086248][T18385] netlink: 28 bytes leftover after parsing attributes in process `syz.5.2523'. [ 1079.620509][T18204] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1079.660585][T18204] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1079.767025][T18204] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1079.821788][T18204] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1079.859504][T18204] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1079.916546][T18204] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1079.966886][T18204] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1080.020218][T18204] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1080.749553][T18435] ecryptfs_miscdev_write: Dropping miscdev message of unrecognized type [0] [ 1081.154807][T18204] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1081.701488][T18204] 8021q: adding VLAN 0 to HW filter on device team0 [ 1081.722638][T18435] ubi0: attaching mtd0 [ 1081.831164][T18435] ubi0: scanning is finished [ 1081.908741][T18435] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1082.015677][T11888] bridge0: port 1(bridge_slave_0) entered blocking state [ 1082.022921][T11888] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1082.227028][T18464] random: crng reseeded on system resumption [ 1082.269695][T11888] bridge0: port 2(bridge_slave_1) entered blocking state [ 1082.276898][T11888] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1082.387530][T18435] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1083.513980][T18486] FAULT_INJECTION: forcing a failure. [ 1083.513980][T18486] name failslab, interval 1, probability 0, space 0, times 0 [ 1083.727425][T18486] CPU: 0 UID: 0 PID: 18486 Comm: syz.5.2535 Tainted: G L syzkaller #0 PREEMPT(full) [ 1083.727459][T18486] Tainted: [L]=SOFTLOCKUP [ 1083.727468][T18486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1083.727482][T18486] Call Trace: [ 1083.727490][T18486] [ 1083.727499][T18486] dump_stack_lvl+0x100/0x190 [ 1083.727530][T18486] should_fail_ex.cold+0x5/0xa [ 1083.727559][T18486] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1083.727594][T18486] should_failslab+0xc2/0x120 [ 1083.727622][T18486] __kmalloc_noprof+0xe0/0x850 [ 1083.727642][T18486] ? kfree+0x1dd/0x6c0 [ 1083.727679][T18486] tomoyo_realpath_from_path+0xb6/0x690 [ 1083.727719][T18486] tomoyo_path_number_perm+0x23c/0x580 [ 1083.727753][T18486] ? tomoyo_path_number_perm+0x22e/0x580 [ 1083.727784][T18486] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1083.727840][T18486] ? find_held_lock+0x2b/0x80 [ 1083.727869][T18486] ? __fget_files+0x215/0x3d0 [ 1083.727894][T18486] ? hook_file_ioctl_common+0x149/0x410 [ 1083.727923][T18486] ? __fget_files+0x215/0x3d0 [ 1083.727954][T18486] ? __fget_files+0x21f/0x3d0 [ 1083.727986][T18486] security_file_ioctl+0xd3/0x230 [ 1083.728027][T18486] __x64_sys_ioctl+0xb7/0x210 [ 1083.728051][T18486] do_syscall_64+0x115/0x840 [ 1083.728082][T18486] ? clear_bhb_loop+0x40/0x90 [ 1083.728108][T18486] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1083.728130][T18486] RIP: 0033:0x7f55ccd9ce59 [ 1083.728148][T18486] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1083.728169][T18486] RSP: 002b:00007f55cdb99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1083.728189][T18486] RAX: ffffffffffffffda RBX: 00007f55cd015fa0 RCX: 00007f55ccd9ce59 [ 1083.728204][T18486] RDX: 0000000000000038 RSI: 000000000000541b RDI: 0000000000000003 [ 1083.728217][T18486] RBP: 00007f55cdb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1083.728231][T18486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1083.728243][T18486] R13: 00007f55cd016038 R14: 00007f55cd015fa0 R15: 00007ffdc98599e8 [ 1083.728289][T18486] [ 1083.955669][T18492] ubi0: attaching mtd0 [ 1083.961243][T18492] ubi0: scanning is finished [ 1083.965988][T18492] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1083.976215][T18486] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1084.513830][T18492] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1085.193912][T18204] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1085.648913][T18204] veth0_vlan: entered promiscuous mode [ 1085.731645][T18523] ubi0: attaching mtd0 [ 1085.798095][T18523] ubi0: scanning is finished [ 1085.845144][T18523] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1085.873184][T18204] veth1_vlan: entered promiscuous mode [ 1086.023589][T18523] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1087.356293][T18204] veth0_macvtap: entered promiscuous mode [ 1087.413868][T18204] veth1_macvtap: entered promiscuous mode [ 1087.560036][T18204] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1087.651571][T18204] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1087.752008][T14560] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.810250][T14560] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.892206][T14560] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.948363][T14560] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1087.996870][T18554] netlink: 'syz.3.2541': attribute type 22 has an invalid length. [ 1088.133114][T18554] netlink: 330 bytes leftover after parsing attributes in process `syz.3.2541'. [ 1088.394194][T11888] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1088.457874][T11888] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1088.627305][T14560] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1088.667007][T14560] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1089.854402][T18584] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1091.604041][T18563] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1092.357770][T18608] random: crng reseeded on system resumption [ 1092.428422][T18605] NFSD: Failed to start, no listeners configured. [ 1093.057213][T18612] wlan1: mtu less than device minimum [ 1094.272568][T16365] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1094.289612][T16365] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1094.304638][T16365] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1094.313571][T16365] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1094.322611][T16365] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1095.555342][T16365] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1096.347077][T16365] Bluetooth: hci0: command tx timeout [ 1096.660926][T11891] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.179242][T11891] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.447371][T11891] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.624552][T16387] Bluetooth: hci1: command 0x2016 tx timeout [ 1097.771742][T11891] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1098.417151][T16365] Bluetooth: hci0: command tx timeout [ 1098.909506][T11891] bridge_slave_1: left allmulticast mode [ 1098.968364][T11891] bridge_slave_1: left promiscuous mode [ 1099.017972][T11891] bridge0: port 2(bridge_slave_1) entered disabled state [ 1099.100160][T11891] bridge_slave_0: left allmulticast mode [ 1099.142151][T11891] bridge_slave_0: left promiscuous mode [ 1099.174740][T11891] bridge0: port 1(bridge_slave_0) entered disabled state [ 1099.697644][T16365] Bluetooth: hci1: command 0x2016 tx timeout [ 1100.030423][T11891] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1100.072664][T11891] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1100.110815][T11891] bond0 (unregistering): Released all slaves [ 1100.279708][T11891] ovs_ÿþ: left promiscuous mode [ 1100.486570][T16387] Bluetooth: hci0: command tx timeout [ 1100.588944][T11891] tipc: Left network mode [ 1101.205483][ T5293] 8021q: adding VLAN 0 to HW filter on device eth9 [ 1101.229389][T18622] bridge0: port 1(bridge_slave_0) entered blocking state [ 1101.257334][T18622] bridge0: port 1(bridge_slave_0) entered disabled state [ 1101.281519][T18622] bridge_slave_0: entered allmulticast mode [ 1101.312002][T18622] bridge_slave_0: entered promiscuous mode [ 1101.460660][T18622] bridge0: port 2(bridge_slave_1) entered blocking state [ 1101.487892][T18622] bridge0: port 2(bridge_slave_1) entered disabled state [ 1101.515862][T18622] bridge_slave_1: entered allmulticast mode [ 1101.537958][T18622] bridge_slave_1: entered promiscuous mode [ 1101.911997][T18622] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1102.049633][T18622] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1102.177609][T11891] hsr_slave_0: left promiscuous mode [ 1102.204026][T11891] hsr_slave_1: left promiscuous mode [ 1102.212588][T16387] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1102.243070][T11891] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1102.277942][T11891] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1102.321864][T11891] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1102.361856][T11891] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1102.433187][T11891] veth1_macvtap: left promiscuous mode [ 1102.460144][T11891] veth0_macvtap: left promiscuous mode [ 1102.495985][T11891] veth1_vlan: left promiscuous mode [ 1102.508478][T11891] veth0_vlan: left promiscuous mode [ 1102.557934][T16365] Bluetooth: hci0: command tx timeout [ 1102.733004][T18691] kexec: Could not allocate control_code_buffer [ 1103.244689][T18728] ubi0: attaching mtd0 [ 1103.304344][T18728] ubi0: scanning is finished [ 1103.337956][T18728] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1103.684051][T18728] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1104.032180][ T5293] 8021q: adding VLAN 0 to HW filter on device eth10 [ 1104.111945][T18622] team0: Port device team_slave_0 added [ 1104.144883][T18622] team0: Port device team_slave_1 added [ 1104.230006][T16365] Bluetooth: hci1: command 0x2016 tx timeout [ 1104.685105][T18622] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1104.728383][T18622] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1104.895818][T18622] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1104.921219][T16387] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1104.997766][T18622] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1105.049084][T18622] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1105.212261][T18622] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1106.120842][T18622] hsr_slave_0: entered promiscuous mode [ 1106.145539][T18622] hsr_slave_1: entered promiscuous mode [ 1106.176624][T18622] debugfs: 'hsr0' already exists in 'hsr' [ 1106.200328][T18622] Cannot create hsr debugfs directory [ 1106.299373][T11908] Bluetooth: hci1: command 0x2016 tx timeout [ 1106.506055][ T5293] 8021q: adding VLAN 0 to HW filter on device eth11 [ 1109.537592][T16365] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1109.545548][T16365] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 1109.558460][T16365] CPU: 0 UID: 0 PID: 16365 Comm: kworker/u11:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 1109.558501][T16365] Tainted: [L]=SOFTLOCKUP [ 1109.558510][T16365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1109.558534][T16365] Workqueue: hci4 hci_rx_work [ 1109.558571][T16365] Call Trace: [ 1109.558579][T16365] [ 1109.558590][T16365] dump_stack_lvl+0x100/0x190 [ 1109.558620][T16365] sysfs_warn_dup.cold+0x1c/0x28 [ 1109.558657][T16365] sysfs_create_dir_ns+0x24b/0x2b0 [ 1109.558686][T16365] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1109.558712][T16365] ? find_held_lock+0x2b/0x80 [ 1109.558743][T16365] ? kobject_add_internal+0x25f/0x930 [ 1109.558769][T16365] ? kobject_add_internal+0x25f/0x930 [ 1109.558796][T16365] ? do_raw_spin_unlock+0x145/0x1e0 [ 1109.558850][T16365] kobject_add_internal+0x2c8/0x930 [ 1109.558881][T16365] kobject_add+0x16a/0x1e0 [ 1109.558906][T16365] ? __pfx_kobject_add+0x10/0x10 [ 1109.558929][T16365] ? class_to_subsys+0x10f/0x150 [ 1109.558970][T16365] ? kobject_put+0xb9/0x640 [ 1109.559008][T16365] ? _raw_spin_unlock+0x28/0x50 [ 1109.559048][T16365] device_add+0x294/0x1950 [ 1109.559076][T16365] ? __pfx_dev_set_name+0x10/0x10 [ 1109.559110][T16365] ? __pfx_device_add+0x10/0x10 [ 1109.559138][T16365] ? mgmt_send_event_skb+0x2fb/0x460 [ 1109.559179][T16365] hci_conn_add_sysfs+0x1a3/0x260 [ 1109.559218][T16365] le_conn_complete_evt+0x11eb/0x1f60 [ 1109.559259][T16365] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1109.559295][T16365] ? __pfx_bt_warn+0x10/0x10 [ 1109.559340][T16365] hci_le_conn_complete_evt+0x23c/0x3a0 [ 1109.559374][T16365] ? skb_pull_data+0x15f/0x1e0 [ 1109.559411][T16365] hci_le_meta_evt+0x34a/0x5f0 [ 1109.559454][T16365] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1109.559497][T16365] hci_event_packet+0x51c/0xcd0 [ 1109.559535][T16365] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1109.559571][T16365] ? __pfx_hci_event_packet+0x10/0x10 [ 1109.559607][T16365] ? kcov_remote_start+0x374/0x660 [ 1109.559641][T16365] ? lockdep_hardirqs_on+0x78/0x100 [ 1109.559695][T16365] hci_rx_work+0x451/0xfc0 [ 1109.559731][T16365] process_one_work+0xa0e/0x1980 [ 1109.559769][T16365] ? __pfx_process_one_work+0x10/0x10 [ 1109.559807][T16365] ? __pfx_hci_rx_work+0x10/0x10 [ 1109.559846][T16365] worker_thread+0x5ef/0xe50 [ 1109.559877][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1109.559902][T16365] ? kthread+0x13a/0x450 [ 1109.559938][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1109.559960][T16365] kthread+0x370/0x450 [ 1109.560001][T16365] ? __pfx_kthread+0x10/0x10 [ 1109.560041][T16365] ret_from_fork+0x72b/0xd50 [ 1109.560074][T16365] ? __pfx_ret_from_fork+0x10/0x10 [ 1109.560108][T16365] ? __switch_to+0x800/0x1100 [ 1109.560141][T16365] ? __switch_to_asm+0x39/0x70 [ 1109.560172][T16365] ? __pfx_kthread+0x10/0x10 [ 1109.560212][T16365] ret_from_fork_asm+0x1a/0x30 [ 1109.560258][T16365] [ 1109.560312][T16365] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1109.881436][T16365] Bluetooth: hci4: failed to register connection device [ 1109.951076][T16365] Bluetooth: hci4: unexpected event 0x04 length: 83 > 10 [ 1109.951111][T16365] Bluetooth: unknown link type 153 [ 1109.965439][T16365] Bluetooth: hci4: connection err: -111 [ 1110.118134][T18820] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1110.995867][T18622] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1111.052033][T18622] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1111.093206][T18622] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1111.379475][T18622] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1111.562297][T18622] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1111.616565][T18622] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1111.848818][T18622] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1111.919653][T18622] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1111.954039][T16365] Bluetooth: hci4: command 0x2016 tx timeout [ 1112.751159][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 1112.760830][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 1113.375432][T18622] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1113.925036][T18622] 8021q: adding VLAN 0 to HW filter on device team0 [ 1114.026635][T11908] Bluetooth: hci4: command 0x2016 tx timeout [ 1114.257944][T14560] bridge0: port 1(bridge_slave_0) entered blocking state [ 1114.265178][T14560] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1114.469246][T14560] bridge0: port 2(bridge_slave_1) entered blocking state [ 1114.476485][T14560] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1115.374145][T18897] FAULT_INJECTION: forcing a failure. [ 1115.374145][T18897] name failslab, interval 1, probability 0, space 0, times 0 [ 1115.579346][T18897] CPU: 0 UID: 0 PID: 18897 Comm: syz.3.2588 Tainted: G L syzkaller #0 PREEMPT(full) [ 1115.579385][T18897] Tainted: [L]=SOFTLOCKUP [ 1115.579394][T18897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1115.579409][T18897] Call Trace: [ 1115.579418][T18897] [ 1115.579428][T18897] dump_stack_lvl+0x100/0x190 [ 1115.579459][T18897] should_fail_ex.cold+0x5/0xa [ 1115.579491][T18897] should_failslab+0xc2/0x120 [ 1115.579522][T18897] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1115.579562][T18897] ? __proc_create+0x2cb/0x8c0 [ 1115.579600][T18897] __proc_create+0x2cb/0x8c0 [ 1115.579634][T18897] ? __pfx___proc_create+0x10/0x10 [ 1115.579671][T18897] ? find_held_lock+0x2b/0x80 [ 1115.579702][T18897] ? inet_ctl_sock_create+0x1ab/0x230 [ 1115.579811][T18897] proc_create_reg+0x75/0x170 [ 1115.579848][T18897] proc_create_net_data+0x8e/0x1c0 [ 1115.579883][T18897] ? __pfx_proc_create_net_data+0x10/0x10 [ 1115.579919][T18897] ? ndisc_net_init+0x1b1/0x230 [ 1115.579992][T18897] ? __pfx_ndisc_net_init+0x10/0x10 [ 1115.580033][T18897] igmp6_net_init+0x214/0x430 [ 1115.580089][T18897] ? __pfx_igmp6_net_init+0x10/0x10 [ 1115.580126][T18897] ops_init+0x1e2/0x5f0 [ 1115.580156][T18897] setup_net+0x118/0x3a0 [ 1115.580184][T18897] ? __pfx_setup_net+0x10/0x10 [ 1115.580217][T18897] ? mutex_init_lockdep+0xf1/0x120 [ 1115.580247][T18897] copy_net_ns+0x46f/0x7c0 [ 1115.580280][T18897] create_new_namespaces+0x3ea/0xac0 [ 1115.580319][T18897] unshare_nsproxy_namespaces+0xf2/0x220 [ 1115.580354][T18897] ksys_unshare+0x438/0xab0 [ 1115.580395][T18897] ? __pfx_ksys_unshare+0x10/0x10 [ 1115.580429][T18897] ? xfd_validate_state+0x129/0x190 [ 1115.580456][T18897] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 1115.580495][T18897] ? syscall_user_dispatch+0x76/0x130 [ 1115.580525][T18897] __x64_sys_unshare+0x31/0x40 [ 1115.580560][T18897] do_syscall_64+0x115/0x840 [ 1115.580595][T18897] ? clear_bhb_loop+0x40/0x90 [ 1115.580626][T18897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1115.580653][T18897] RIP: 0033:0x7fc42679ce59 [ 1115.580674][T18897] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1115.580699][T18897] RSP: 002b:00007fc427694028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 1115.580723][T18897] RAX: ffffffffffffffda RBX: 00007fc426a15fa0 RCX: 00007fc42679ce59 [ 1115.580741][T18897] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 1115.580756][T18897] RBP: 00007fc426832d6f R08: 0000000000000000 R09: 0000000000000000 [ 1115.580771][T18897] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1115.580787][T18897] R13: 00007fc426a16038 R14: 00007fc426a15fa0 R15: 00007fff2bd64de8 [ 1115.580818][T18897] [ 1116.973426][T11908] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1117.014024][T16365] Bluetooth: hci1: unexpected event 0x04 length: 83 > 10 [ 1117.014060][T16365] Bluetooth: unknown link type 153 [ 1117.035891][T16365] Bluetooth: hci1: connection err: -111 [ 1117.591080][T18622] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1118.557205][T18622] veth0_vlan: entered promiscuous mode [ 1118.657336][T18622] veth1_vlan: entered promiscuous mode [ 1118.945400][T18947] futex_wake_op: syz.3.2593 tries to shift op by -2048; fix this program [ 1118.993174][T18947] 0x000000000001-0x000000020000 : "" [ 1119.039053][T16365] Bluetooth: hci1: command 0x2016 tx timeout [ 1119.052379][T18947] ftl_cs: FTL header corrupt! [ 1119.117176][T18622] veth0_macvtap: entered promiscuous mode [ 1119.246238][T18622] veth1_macvtap: entered promiscuous mode [ 1119.717108][T18622] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1119.789744][T18622] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1119.966451][T11888] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.020167][T11888] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.183274][T11888] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1120.257787][T11888] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1121.066775][T18987] ICMPv6: process `syz.5.2597' is using deprecated sysctl (syscall) net.ipv6.neigh.team0.base_reachable_time - use net.ipv6.neigh.team0.base_reachable_time_ms instead [ 1121.110427][T16365] Bluetooth: hci1: command 0x2016 tx timeout [ 1121.618423][T14560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1121.654352][T14560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1122.028946][T11891] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1122.068991][T11891] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1124.374751][T16365] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1124.383255][T16365] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:0' [ 1124.394488][T16365] CPU: 0 UID: 0 PID: 16365 Comm: kworker/u11:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 1124.394526][T16365] Tainted: [L]=SOFTLOCKUP [ 1124.394536][T16365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1124.394553][T16365] Workqueue: hci3 hci_rx_work [ 1124.394588][T16365] Call Trace: [ 1124.394596][T16365] [ 1124.394611][T16365] dump_stack_lvl+0x100/0x190 [ 1124.394640][T16365] sysfs_warn_dup.cold+0x1c/0x28 [ 1124.394681][T16365] sysfs_create_dir_ns+0x24b/0x2b0 [ 1124.394709][T16365] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1124.394735][T16365] ? find_held_lock+0x2b/0x80 [ 1124.394766][T16365] ? kobject_add_internal+0x25f/0x930 [ 1124.394791][T16365] ? kobject_add_internal+0x25f/0x930 [ 1124.394823][T16365] ? do_raw_spin_unlock+0x145/0x1e0 [ 1124.394853][T16365] kobject_add_internal+0x2c8/0x930 [ 1124.394883][T16365] kobject_add+0x16a/0x1e0 [ 1124.394906][T16365] ? __pfx_kobject_add+0x10/0x10 [ 1124.394933][T16365] ? class_to_subsys+0x10f/0x150 [ 1124.394967][T16365] ? kobject_put+0xb9/0x640 [ 1124.395005][T16365] ? _raw_spin_unlock+0x28/0x50 [ 1124.395043][T16365] device_add+0x294/0x1950 [ 1124.395071][T16365] ? __pfx_dev_set_name+0x10/0x10 [ 1124.395104][T16365] ? __pfx_device_add+0x10/0x10 [ 1124.395132][T16365] ? mgmt_send_event_skb+0x2fb/0x460 [ 1124.395173][T16365] hci_conn_add_sysfs+0x1a3/0x260 [ 1124.395211][T16365] le_conn_complete_evt+0x11eb/0x1f60 [ 1124.395252][T16365] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1124.395282][T16365] ? __pfx_bt_warn+0x10/0x10 [ 1124.395327][T16365] hci_le_conn_complete_evt+0x23c/0x3a0 [ 1124.395362][T16365] ? skb_pull_data+0x15f/0x1e0 [ 1124.395398][T16365] hci_le_meta_evt+0x34a/0x5f0 [ 1124.395432][T16365] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1124.395469][T16365] hci_event_packet+0x51c/0xcd0 [ 1124.395502][T16365] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1124.395538][T16365] ? __pfx_hci_event_packet+0x10/0x10 [ 1124.395573][T16365] ? kcov_remote_start+0x374/0x660 [ 1124.395613][T16365] ? lockdep_hardirqs_on+0x78/0x100 [ 1124.395655][T16365] hci_rx_work+0x451/0xfc0 [ 1124.395692][T16365] process_one_work+0xa0e/0x1980 [ 1124.395730][T16365] ? __pfx_process_one_work+0x10/0x10 [ 1124.395763][T16365] ? __pfx_hci_rx_work+0x10/0x10 [ 1124.395797][T16365] worker_thread+0x5ef/0xe50 [ 1124.395828][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1124.395854][T16365] ? kthread+0x13a/0x450 [ 1124.395889][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1124.395911][T16365] kthread+0x370/0x450 [ 1124.395947][T16365] ? __pfx_kthread+0x10/0x10 [ 1124.395986][T16365] ret_from_fork+0x72b/0xd50 [ 1124.396013][T16365] ? __pfx_ret_from_fork+0x10/0x10 [ 1124.396041][T16365] ? __switch_to+0x800/0x1100 [ 1124.396074][T16365] ? __switch_to_asm+0x39/0x70 [ 1124.396106][T16365] ? __pfx_kthread+0x10/0x10 [ 1124.396145][T16365] ret_from_fork_asm+0x1a/0x30 [ 1124.396192][T16365] [ 1124.396241][T16365] kobject: kobject_add_internal failed for hci3:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1124.710747][T16365] Bluetooth: hci3: failed to register connection device [ 1124.750991][T16365] Bluetooth: hci3: unexpected event 0x04 length: 83 > 10 [ 1124.751026][T16365] Bluetooth: unknown link type 153 [ 1124.768660][T16365] Bluetooth: hci3: connection err: -111 [ 1124.792137][T11891] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1125.019029][T16365] Bluetooth: hci4: command 0x2016 tx timeout [ 1125.190849][T19022] Format for adding new port is "id [perm_addr]" (uint MAC). [ 1125.256954][T19024] Format for adding new port is "id [perm_addr]" (uint MAC). [ 1125.694257][T19042] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1126.677540][T11908] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1126.709411][T11908] Bluetooth: hci0: unexpected event 0x04 length: 83 > 10 [ 1126.709445][T11908] Bluetooth: unknown link type 153 [ 1126.724718][T11908] Bluetooth: hci0: connection err: -111 [ 1126.764157][T16387] Bluetooth: hci3: command 0x2016 tx timeout [ 1128.017873][T16387] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1128.025393][T16387] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1128.355749][T19086] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2620'. [ 1128.755359][T16387] Bluetooth: hci0: command 0x2016 tx timeout [ 1128.834924][T16387] Bluetooth: hci3: command 0x2016 tx timeout [ 1129.175995][T19095] ubi0: attaching mtd0 [ 1129.329552][T19095] ubi0: scanning is finished [ 1129.460239][T19095] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1129.526734][T19104] nfs: Unknown parameter '£m?¥ŒÁLH>®ï½¢^Ñe„°àko}* »' [ 1130.316438][T19095] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1130.408535][T19100] ubi0: attaching mtd0 [ 1130.521035][T19100] ubi0: scanning is finished [ 1130.635997][T19100] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1130.827775][T16387] Bluetooth: hci0: command 0x2016 tx timeout [ 1131.235650][T19100] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1131.817031][T19127] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 1135.361134][T16365] Bluetooth: hci3: ISO packet for unknown connection handle 32 [ 1135.547386][T16365] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1137.648974][T19201] ubi0: attaching mtd0 [ 1137.735603][T19201] ubi0: scanning is finished [ 1137.859370][T19201] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1138.488429][T19201] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1140.369890][T19234] nbd: socks must be embedded in a SOCK_ITEM attr [ 1140.846761][T19232] bond0: invalid ARP target specified [ 1142.438422][T19254] zswap: compressor not available [ 1145.337520][T19303] ubi0: attaching mtd0 [ 1145.447999][T19303] ubi0: scanning is finished [ 1145.514970][T19303] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1145.711665][T19308] random: crng reseeded on system resumption [ 1146.014759][T19303] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1148.216669][T19336] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2673'. [ 1148.558894][T19341] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2674'. [ 1148.644693][T19341] netlink: 25 bytes leftover after parsing attributes in process `syz.0.2674'. [ 1148.764034][T19345] binder: 19344:19345 ioctl 541b 0 returned -22 [ 1149.080335][T16365] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1149.088000][T16365] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1151.909138][T19397] FAULT_INJECTION: forcing a failure. [ 1151.909138][T19397] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1151.976044][T19397] CPU: 0 UID: 0 PID: 19397 Comm: syz.0.2688 Tainted: G L syzkaller #0 PREEMPT(full) [ 1151.976084][T19397] Tainted: [L]=SOFTLOCKUP [ 1151.976092][T19397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1151.976107][T19397] Call Trace: [ 1151.976115][T19397] [ 1151.976124][T19397] dump_stack_lvl+0x100/0x190 [ 1151.976156][T19397] should_fail_ex.cold+0x5/0xa [ 1151.976187][T19397] _copy_from_user+0x2e/0xd0 [ 1151.976224][T19397] input_event_from_user+0xb9/0x290 [ 1151.976329][T19397] ? __pfx_input_event_from_user+0x10/0x10 [ 1151.976354][T19397] ? __pfx___might_resched+0x10/0x10 [ 1151.976380][T19397] ? input_inject_event+0x1a6/0x390 [ 1151.976408][T19397] evdev_write+0x27a/0x430 [ 1151.976453][T19397] ? __pfx_evdev_write+0x10/0x10 [ 1151.976478][T19397] ? bpf_lsm_file_permission+0x9/0x10 [ 1151.976501][T19397] ? security_file_permission+0x76/0x210 [ 1151.976535][T19397] ? rw_verify_area+0xce/0x6d0 [ 1151.976563][T19397] vfs_write+0x2aa/0x1070 [ 1151.976591][T19397] ? __pfx_evdev_write+0x10/0x10 [ 1151.976611][T19397] ? rcu_preempt_deferred_qs_irqrestore+0x4fd/0xb90 [ 1151.976653][T19397] ? __pfx_vfs_write+0x10/0x10 [ 1151.976678][T19397] ? rcu_is_watching+0x12/0xc0 [ 1151.976713][T19397] ? __rcu_read_unlock+0x27f/0x5e0 [ 1151.976754][T19397] ? __fget_files+0x21f/0x3d0 [ 1151.976790][T19397] ksys_write+0x1f8/0x250 [ 1151.976817][T19397] ? __pfx_ksys_write+0x10/0x10 [ 1151.976847][T19397] ? rcu_is_watching+0x12/0xc0 [ 1151.976878][T19397] do_syscall_64+0x115/0x840 [ 1151.976912][T19397] ? clear_bhb_loop+0x40/0x90 [ 1151.976941][T19397] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1151.976966][T19397] RIP: 0033:0x7f6ac5d9ce59 [ 1151.976986][T19397] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1151.977010][T19397] RSP: 002b:00007f6ac6cec028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1151.977033][T19397] RAX: ffffffffffffffda RBX: 00007f6ac6015fa0 RCX: 00007f6ac5d9ce59 [ 1151.977050][T19397] RDX: 0000000000010001 RSI: 0000200000000040 RDI: 0000000000000003 [ 1151.977067][T19397] RBP: 00007f6ac6cec090 R08: 0000000000000000 R09: 0000000000000000 [ 1151.977082][T19397] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1151.977097][T19397] R13: 00007f6ac6016038 R14: 00007f6ac6015fa0 R15: 00007fffee9721e8 [ 1151.977127][T19397] [ 1153.456530][T19415] openvswitch: netlink: Flow key attribute not present in set flow. [ 1153.661817][T19379] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1153.867603][T19423] netlink: 'syz.3.2696': attribute type 27 has an invalid length. [ 1153.917600][T19423] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2696'. [ 1154.674656][T16365] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1154.682207][T16365] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1155.576633][T19455] ovs_ÿþ: entered promiscuous mode [ 1157.049499][T19480] random: crng reseeded on system resumption [ 1158.240563][T19499] netlink: 342 bytes leftover after parsing attributes in process `syz.5.2716'. [ 1160.899808][T19540] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1164.139745][T19562] kexec: Could not allocate control_code_buffer [ 1166.494388][T19605] random: crng reseeded on system resumption [ 1171.039086][T16365] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1171.046848][T16365] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1171.883812][T19681] FAULT_INJECTION: forcing a failure. [ 1171.883812][T19681] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1171.946436][T19681] CPU: 0 UID: 0 PID: 19681 Comm: syz.3.2755 Tainted: G L syzkaller #0 PREEMPT(full) [ 1171.946476][T19681] Tainted: [L]=SOFTLOCKUP [ 1171.946485][T19681] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1171.946499][T19681] Call Trace: [ 1171.946507][T19681] [ 1171.946517][T19681] dump_stack_lvl+0x100/0x190 [ 1171.946546][T19681] should_fail_ex.cold+0x5/0xa [ 1171.946577][T19681] _copy_from_user+0x2e/0xd0 [ 1171.946613][T19681] copy_msghdr_from_user+0x9f/0x4f0 [ 1171.946649][T19681] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 1171.946697][T19681] ___sys_sendmsg+0x106/0x1e0 [ 1171.946732][T19681] ? __pfx____sys_sendmsg+0x10/0x10 [ 1171.946798][T19681] __sys_sendmsg+0x170/0x220 [ 1171.946823][T19681] ? __pfx___sys_sendmsg+0x10/0x10 [ 1171.946860][T19681] ? rcu_is_watching+0x12/0xc0 [ 1171.946893][T19681] do_syscall_64+0x115/0x840 [ 1171.946930][T19681] ? clear_bhb_loop+0x40/0x90 [ 1171.946959][T19681] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1171.946984][T19681] RIP: 0033:0x7fc42679ce59 [ 1171.947003][T19681] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1171.947028][T19681] RSP: 002b:00007fc427694028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1171.947051][T19681] RAX: ffffffffffffffda RBX: 00007fc426a15fa0 RCX: 00007fc42679ce59 [ 1171.947068][T19681] RDX: 0000000004000000 RSI: 0000200000005240 RDI: 0000000000000003 [ 1171.947082][T19681] RBP: 00007fc427694090 R08: 0000000000000000 R09: 0000000000000000 [ 1171.947097][T19681] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1171.947111][T19681] R13: 00007fc426a16038 R14: 00007fc426a15fa0 R15: 00007fff2bd64de8 [ 1171.947141][T19681] [ 1172.621023][T19687] block2mtd: illegal erase size [ 1172.651598][T19686] block2mtd: illegal erase size [ 1173.904785][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 1173.911497][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 1174.364142][T16365] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1175.088855][T19724] random: crng reseeded on system resumption [ 1175.203559][T19724] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1178.637431][T19767] FAULT_INJECTION: forcing a failure. [ 1178.637431][T19767] name failslab, interval 1, probability 0, space 0, times 0 [ 1178.695945][T19767] CPU: 0 UID: 0 PID: 19767 Comm: syz.5.2777 Tainted: G L syzkaller #0 PREEMPT(full) [ 1178.695985][T19767] Tainted: [L]=SOFTLOCKUP [ 1178.695994][T19767] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1178.696009][T19767] Call Trace: [ 1178.696018][T19767] [ 1178.696029][T19767] dump_stack_lvl+0x100/0x190 [ 1178.696060][T19767] should_fail_ex.cold+0x5/0xa [ 1178.696092][T19767] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1178.696138][T19767] should_failslab+0xc2/0x120 [ 1178.696168][T19767] __kmalloc_noprof+0xe0/0x850 [ 1178.696191][T19767] ? kfree+0x1dd/0x6c0 [ 1178.696230][T19767] tomoyo_realpath_from_path+0xb6/0x690 [ 1178.696274][T19767] tomoyo_check_open_permission+0x2af/0x3c0 [ 1178.696309][T19767] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1178.696352][T19767] ? hook_file_open+0x24e/0x7a0 [ 1178.696403][T19767] ? path_get+0x61/0x80 [ 1178.696441][T19767] tomoyo_file_open+0x6b/0x90 [ 1178.696465][T19767] security_file_open+0xb5/0x1e0 [ 1178.696509][T19767] do_dentry_open+0x588/0x14d0 [ 1178.696549][T19767] vfs_open+0x82/0x3f0 [ 1178.696590][T19767] path_openat+0x208c/0x31a0 [ 1178.696632][T19767] ? __pfx_path_openat+0x10/0x10 [ 1178.696675][T19767] do_file_open+0x20e/0x430 [ 1178.696723][T19767] ? __pfx_do_file_open+0x10/0x10 [ 1178.696776][T19767] ? alloc_fd+0x476/0x790 [ 1178.696810][T19767] ? do_getname+0x191/0x390 [ 1178.696850][T19767] do_sys_openat2+0x10d/0x1e0 [ 1178.696890][T19767] ? __pfx_do_sys_openat2+0x10/0x10 [ 1178.696940][T19767] __x64_sys_openat+0x12d/0x210 [ 1178.696980][T19767] ? __pfx___x64_sys_openat+0x10/0x10 [ 1178.697018][T19767] ? ksys_write+0x1ac/0x250 [ 1178.697050][T19767] ? rcu_is_watching+0x12/0xc0 [ 1178.697082][T19767] do_syscall_64+0x115/0x840 [ 1178.697123][T19767] ? clear_bhb_loop+0x40/0x90 [ 1178.697153][T19767] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1178.697179][T19767] RIP: 0033:0x7f55ccd9ce59 [ 1178.697200][T19767] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1178.697224][T19767] RSP: 002b:00007f55cdb99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1178.697249][T19767] RAX: ffffffffffffffda RBX: 00007f55cd015fa0 RCX: 00007f55ccd9ce59 [ 1178.697266][T19767] RDX: 00000000000c8042 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1178.697282][T19767] RBP: 00007f55cce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1178.697297][T19767] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1178.697312][T19767] R13: 00007f55cd016038 R14: 00007f55cd015fa0 R15: 00007ffdc98599e8 [ 1178.697343][T19767] [ 1179.236401][T19767] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1179.635077][T19775] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1186.169068][T16365] Bluetooth: hci1: command 0x2016 tx timeout [ 1189.331746][T16387] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1189.339326][T16387] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1194.044608][T19932] FAULT_INJECTION: forcing a failure. [ 1194.044608][T19932] name failslab, interval 1, probability 0, space 0, times 0 [ 1194.109633][T19932] CPU: 0 UID: 0 PID: 19932 Comm: syz.2.2811 Tainted: G L syzkaller #0 PREEMPT(full) [ 1194.109670][T19932] Tainted: [L]=SOFTLOCKUP [ 1194.109678][T19932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1194.109693][T19932] Call Trace: [ 1194.109701][T19932] [ 1194.109710][T19932] dump_stack_lvl+0x100/0x190 [ 1194.109744][T19932] should_fail_ex.cold+0x5/0xa [ 1194.109775][T19932] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 1194.109810][T19932] should_failslab+0xc2/0x120 [ 1194.109840][T19932] __kmalloc_noprof+0xe0/0x850 [ 1194.109869][T19932] kernfs_fop_write_iter+0x26a/0x5f0 [ 1194.109908][T19932] vfs_write+0x6ac/0x1070 [ 1194.109936][T19932] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 1194.109974][T19932] ? __pfx_vfs_write+0x10/0x10 [ 1194.110020][T19932] ksys_write+0x12a/0x250 [ 1194.110047][T19932] ? __pfx_ksys_write+0x10/0x10 [ 1194.110077][T19932] ? rcu_is_watching+0x12/0xc0 [ 1194.110117][T19932] do_syscall_64+0x115/0x840 [ 1194.110152][T19932] ? clear_bhb_loop+0x40/0x90 [ 1194.110182][T19932] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1194.110207][T19932] RIP: 0033:0x7fd36a39ce59 [ 1194.110226][T19932] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1194.110250][T19932] RSP: 002b:00007fd36b1c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1194.110273][T19932] RAX: ffffffffffffffda RBX: 00007fd36a615fa0 RCX: 00007fd36a39ce59 [ 1194.110289][T19932] RDX: 0000000000007fff RSI: 0000200000000000 RDI: 0000000000000003 [ 1194.110303][T19932] RBP: 00007fd36b1c5090 R08: 0000000000000000 R09: 0000000000000000 [ 1194.110317][T19932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1194.110332][T19932] R13: 00007fd36a616038 R14: 00007fd36a615fa0 R15: 00007fff1eefc3b8 [ 1194.110363][T19932] [ 1197.554915][ T30] audit: type=1800 audit(2317332931.284:12): pid=19956 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2816" name="dbroot" dev="configfs" ino=85844 res=0 errno=0 [ 1199.501406][T19971] random: crng reseeded on system resumption [ 1201.917238][T16387] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1201.925493][T16387] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1204.302689][T20021] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1204.548206][T20016] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1205.611875][T16365] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1205.626424][T16365] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1205.638797][T16365] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1205.661336][T16365] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1205.677021][T16365] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1207.644013][T20058] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1207.745572][T16365] Bluetooth: hci2: command tx timeout [ 1209.766500][T20035] bridge0: port 1(bridge_slave_0) entered blocking state [ 1209.812390][T16365] Bluetooth: hci2: command tx timeout [ 1209.822332][T20035] bridge0: port 1(bridge_slave_0) entered disabled state [ 1209.870773][T20035] bridge_slave_0: entered allmulticast mode [ 1209.916338][T20035] bridge_slave_0: entered promiscuous mode [ 1209.960737][T20035] bridge0: port 2(bridge_slave_1) entered blocking state [ 1210.012176][T20035] bridge0: port 2(bridge_slave_1) entered disabled state [ 1210.052414][T20035] bridge_slave_1: entered allmulticast mode [ 1210.100488][T20035] bridge_slave_1: entered promiscuous mode [ 1210.514485][T20035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1210.725849][T20035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1211.701018][T20035] team0: Port device team_slave_0 added [ 1211.883310][T16365] Bluetooth: hci2: command tx timeout [ 1212.140594][T20035] team0: Port device team_slave_1 added [ 1212.257960][T20094] FAULT_INJECTION: forcing a failure. [ 1212.257960][T20094] name failslab, interval 1, probability 0, space 0, times 0 [ 1212.441822][T20035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1212.481206][T20035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1212.530192][T20094] CPU: 0 UID: 0 PID: 20094 Comm: syz.2.2841 Tainted: G L syzkaller #0 PREEMPT(full) [ 1212.530231][T20094] Tainted: [L]=SOFTLOCKUP [ 1212.530240][T20094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1212.530255][T20094] Call Trace: [ 1212.530263][T20094] [ 1212.530272][T20094] dump_stack_lvl+0x100/0x190 [ 1212.530301][T20094] should_fail_ex.cold+0x5/0xa [ 1212.530332][T20094] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1212.530369][T20094] should_failslab+0xc2/0x120 [ 1212.530399][T20094] __kmalloc_noprof+0xe0/0x850 [ 1212.530420][T20094] ? kfree+0x1dd/0x6c0 [ 1212.530458][T20094] tomoyo_realpath_from_path+0xb6/0x690 [ 1212.530500][T20094] tomoyo_path_number_perm+0x23c/0x580 [ 1212.530529][T20094] ? tomoyo_path_number_perm+0x22e/0x580 [ 1212.530561][T20094] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1212.530620][T20094] ? find_held_lock+0x2b/0x80 [ 1212.530649][T20094] ? __fget_files+0x215/0x3d0 [ 1212.530677][T20094] ? hook_file_ioctl_common+0x149/0x410 [ 1212.530710][T20094] ? __fget_files+0x215/0x3d0 [ 1212.530742][T20094] ? __fget_files+0x21f/0x3d0 [ 1212.530775][T20094] security_file_ioctl+0xd3/0x230 [ 1212.530805][T20094] __x64_sys_ioctl+0xb7/0x210 [ 1212.530831][T20094] do_syscall_64+0x115/0x840 [ 1212.530865][T20094] ? clear_bhb_loop+0x40/0x90 [ 1212.530894][T20094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1212.530925][T20094] RIP: 0033:0x7fd36a39ce59 [ 1212.530943][T20094] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1212.530972][T20094] RSP: 002b:00007fd36b1c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1212.530994][T20094] RAX: ffffffffffffffda RBX: 00007fd36a615fa0 RCX: 00007fd36a39ce59 [ 1212.531011][T20094] RDX: 0000000000000000 RSI: 0000000000004b68 RDI: 0000000000000003 [ 1212.531025][T20094] RBP: 00007fd36b1c5090 R08: 0000000000000000 R09: 0000000000000000 [ 1212.531039][T20094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1212.531054][T20094] R13: 00007fd36a616038 R14: 00007fd36a615fa0 R15: 00007fff1eefc3b8 [ 1212.531084][T20094] [ 1212.533796][T20094] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1212.814905][T20035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1212.859762][T20035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1212.866746][T20035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1212.970905][T20035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1213.206886][T20035] hsr_slave_0: entered promiscuous mode [ 1213.223502][T20035] hsr_slave_1: entered promiscuous mode [ 1213.253613][T20035] debugfs: 'hsr0' already exists in 'hsr' [ 1213.275745][T20035] Cannot create hsr debugfs directory [ 1213.811849][T20096] binder: BINDER_SET_CONTEXT_MGR already set [ 1213.870110][T20096] binder: 20095:20096 ioctl 40046207 0 returned -16 [ 1213.952860][T16365] Bluetooth: hci2: command tx timeout [ 1215.147027][T20113] ubi0: attaching mtd0 [ 1215.251673][T20113] ubi0: scanning is finished [ 1215.322504][T20113] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1215.754047][T20035] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1215.808167][T20035] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 1215.830658][T20113] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1215.860296][T20035] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1215.926104][T20035] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 1216.194342][T20035] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1216.254140][T20035] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 1216.300170][T20035] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1216.354474][T20035] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 1216.748409][T16387] Bluetooth: hci0: command 0x2016 tx timeout [ 1218.513704][T20035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1218.645355][T20035] 8021q: adding VLAN 0 to HW filter on device team0 [ 1218.705118][T11886] bridge0: port 1(bridge_slave_0) entered blocking state [ 1218.712336][T11886] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1218.815831][T11886] bridge0: port 2(bridge_slave_1) entered blocking state [ 1218.823033][T11886] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1220.868035][T16365] Bluetooth: hci3: unexpected event 0x1d length: 6 > 5 [ 1221.434180][T20035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1221.595215][T16365] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1221.604899][T16365] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 1223.286815][T20035] veth0_vlan: entered promiscuous mode [ 1223.409713][T20035] veth1_vlan: entered promiscuous mode [ 1223.645706][T20035] veth0_macvtap: entered promiscuous mode [ 1223.729388][T20035] veth1_macvtap: entered promiscuous mode [ 1223.867603][T20035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1223.954782][T20035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1224.043078][T11875] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.107067][T11875] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.163600][T11875] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.235299][T11875] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1224.700632][T14560] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1224.769744][T14560] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1225.007145][T11890] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1225.054299][T11890] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1227.211638][T12330] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1227.265964][T16365] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1227.275152][T16365] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1227.986342][T20242] netlink: 696 bytes leftover after parsing attributes in process `syz.5.2865'. [ 1228.260607][T12330] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1228.945767][T12330] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1229.204831][T20258] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1229.358384][T20252] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1229.784538][T20261] QAT: Stopping all acceleration devices. [ 1230.621300][T12330] bridge_slave_1: left allmulticast mode [ 1230.659110][T12330] bridge_slave_1: left promiscuous mode [ 1230.701550][T12330] bridge0: port 2(bridge_slave_1) entered disabled state [ 1230.797468][T12330] bridge_slave_0: left allmulticast mode [ 1230.832747][T12330] bridge_slave_0: left promiscuous mode [ 1230.867026][T12330] bridge0: port 1(bridge_slave_0) entered disabled state [ 1232.163582][T12330] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1232.263013][T12330] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1232.322301][T12330] bond0 (unregistering): Released all slaves [ 1233.318313][ T5293] 8021q: adding VLAN 0 to HW filter on device eth9 [ 1233.513363][T12330] hsr_slave_0: left promiscuous mode [ 1233.539813][T12330] hsr_slave_1: left promiscuous mode [ 1233.562145][T12330] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1233.592941][T12330] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1233.634835][T12330] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1233.660975][T12330] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1233.715167][T12330] veth1_macvtap: left promiscuous mode [ 1233.738459][T12330] veth0_macvtap: left promiscuous mode [ 1233.759268][T12330] veth1_vlan: left promiscuous mode [ 1233.778061][T12330] veth0_vlan: left promiscuous mode [ 1234.694498][T12330] team0 (unregistering): Port device team_slave_1 removed [ 1234.781095][T12330] team0 (unregistering): Port device team_slave_0 removed [ 1234.957050][T20323] nbd: must specify at least one socket [ 1235.062331][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 1235.069464][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 1237.819904][T16365] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1238.339312][ T5293] 8021q: adding VLAN 0 to HW filter on device eth10 [ 1242.657062][ T5293] 8021q: adding VLAN 0 to HW filter on device eth11 [ 1245.265754][T20438] bond0: option lp_interval: invalid value () [ 1245.384757][T20438] bond0: option lp_interval: allowed values 1 - 2147483647 [ 1246.551289][ T5293] 8021q: adding VLAN 0 to HW filter on device eth12 [ 1248.529285][T20491] device-mapper: ioctl: Invalid new mapped device name or uuid string supplied. [ 1251.486429][T20514] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1251.532603][T16365] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1251.540981][T16365] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci4/hci4:0' [ 1251.552008][T16365] CPU: 0 UID: 0 PID: 16365 Comm: kworker/u11:2 Tainted: G L syzkaller #0 PREEMPT(full) [ 1251.552050][T16365] Tainted: [L]=SOFTLOCKUP [ 1251.552060][T16365] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1251.552077][T16365] Workqueue: hci4 hci_rx_work [ 1251.552113][T16365] Call Trace: [ 1251.552121][T16365] [ 1251.552133][T16365] dump_stack_lvl+0x100/0x190 [ 1251.552161][T16365] sysfs_warn_dup.cold+0x1c/0x28 [ 1251.552199][T16365] sysfs_create_dir_ns+0x24b/0x2b0 [ 1251.552233][T16365] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1251.552259][T16365] ? find_held_lock+0x2b/0x80 [ 1251.552290][T16365] ? kobject_add_internal+0x25f/0x930 [ 1251.552315][T16365] ? kobject_add_internal+0x25f/0x930 [ 1251.552343][T16365] ? do_raw_spin_unlock+0x145/0x1e0 [ 1251.552373][T16365] kobject_add_internal+0x2c8/0x930 [ 1251.552403][T16365] kobject_add+0x16a/0x1e0 [ 1251.552427][T16365] ? __pfx_kobject_add+0x10/0x10 [ 1251.552454][T16365] ? class_to_subsys+0x10f/0x150 [ 1251.552488][T16365] ? kobject_put+0xb9/0x640 [ 1251.552525][T16365] ? _raw_spin_unlock+0x28/0x50 [ 1251.552563][T16365] device_add+0x294/0x1950 [ 1251.552591][T16365] ? __pfx_dev_set_name+0x10/0x10 [ 1251.552624][T16365] ? __pfx_device_add+0x10/0x10 [ 1251.552652][T16365] ? mgmt_send_event_skb+0x2fb/0x460 [ 1251.552693][T16365] hci_conn_add_sysfs+0x1a3/0x260 [ 1251.552732][T16365] le_conn_complete_evt+0x11eb/0x1f60 [ 1251.552772][T16365] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1251.552803][T16365] ? __pfx_bt_warn+0x10/0x10 [ 1251.552849][T16365] hci_le_conn_complete_evt+0x23c/0x3a0 [ 1251.552883][T16365] ? skb_pull_data+0x15f/0x1e0 [ 1251.552919][T16365] hci_le_meta_evt+0x34a/0x5f0 [ 1251.552955][T16365] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1251.552992][T16365] hci_event_packet+0x51c/0xcd0 [ 1251.553025][T16365] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1251.553061][T16365] ? __pfx_hci_event_packet+0x10/0x10 [ 1251.553097][T16365] ? kcov_remote_start+0x374/0x660 [ 1251.553133][T16365] ? lockdep_hardirqs_on+0x78/0x100 [ 1251.553175][T16365] hci_rx_work+0x451/0xfc0 [ 1251.553217][T16365] process_one_work+0xa0e/0x1980 [ 1251.553255][T16365] ? __pfx_process_one_work+0x10/0x10 [ 1251.553288][T16365] ? __pfx_hci_rx_work+0x10/0x10 [ 1251.553322][T16365] worker_thread+0x5ef/0xe50 [ 1251.553353][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1251.553379][T16365] ? kthread+0x13a/0x450 [ 1251.553414][T16365] ? __pfx_worker_thread+0x10/0x10 [ 1251.553437][T16365] kthread+0x370/0x450 [ 1251.553473][T16365] ? __pfx_kthread+0x10/0x10 [ 1251.553512][T16365] ret_from_fork+0x72b/0xd50 [ 1251.553541][T16365] ? __pfx_ret_from_fork+0x10/0x10 [ 1251.553569][T16365] ? __switch_to+0x800/0x1100 [ 1251.553602][T16365] ? __switch_to_asm+0x39/0x70 [ 1251.553634][T16365] ? __pfx_kthread+0x10/0x10 [ 1251.553673][T16365] ret_from_fork_asm+0x1a/0x30 [ 1251.553720][T16365] [ 1251.553772][T16365] kobject: kobject_add_internal failed for hci4:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1251.870893][T16365] Bluetooth: hci4: failed to register connection device [ 1252.526429][T20519] FAULT_INJECTION: forcing a failure. [ 1252.526429][T20519] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1252.655170][T20519] CPU: 0 UID: 0 PID: 20519 Comm: syz.3.2912 Tainted: G L syzkaller #0 PREEMPT(full) [ 1252.655209][T20519] Tainted: [L]=SOFTLOCKUP [ 1252.655217][T20519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1252.655231][T20519] Call Trace: [ 1252.655239][T20519] [ 1252.655248][T20519] dump_stack_lvl+0x100/0x190 [ 1252.655278][T20519] should_fail_ex.cold+0x5/0xa [ 1252.655309][T20519] _copy_from_user+0x2e/0xd0 [ 1252.655346][T20519] input_event_from_user+0xb9/0x290 [ 1252.655374][T20519] ? __pfx_input_event_from_user+0x10/0x10 [ 1252.655399][T20519] ? __pfx___might_resched+0x10/0x10 [ 1252.655426][T20519] ? input_inject_event+0x1a6/0x390 [ 1252.655453][T20519] evdev_write+0x27a/0x430 [ 1252.655479][T20519] ? __pfx_evdev_write+0x10/0x10 [ 1252.655503][T20519] ? bpf_lsm_file_permission+0x9/0x10 [ 1252.655525][T20519] ? security_file_permission+0x76/0x210 [ 1252.655559][T20519] ? rw_verify_area+0xce/0x6d0 [ 1252.655586][T20519] vfs_write+0x2aa/0x1070 [ 1252.655615][T20519] ? __pfx_evdev_write+0x10/0x10 [ 1252.655639][T20519] ? __pfx_vfs_write+0x10/0x10 [ 1252.655664][T20519] ? find_held_lock+0x2b/0x80 [ 1252.655694][T20519] ? __fget_files+0x215/0x3d0 [ 1252.655722][T20519] ? __fget_files+0x215/0x3d0 [ 1252.655754][T20519] ? __fget_files+0x21f/0x3d0 [ 1252.655790][T20519] ksys_write+0x1f8/0x250 [ 1252.655818][T20519] ? __pfx_ksys_write+0x10/0x10 [ 1252.655848][T20519] ? rcu_is_watching+0x12/0xc0 [ 1252.655880][T20519] do_syscall_64+0x115/0x840 [ 1252.655914][T20519] ? clear_bhb_loop+0x40/0x90 [ 1252.655943][T20519] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1252.655968][T20519] RIP: 0033:0x7fc42679ce59 [ 1252.655987][T20519] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1252.656011][T20519] RSP: 002b:00007fc427694028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1252.656034][T20519] RAX: ffffffffffffffda RBX: 00007fc426a15fa0 RCX: 00007fc42679ce59 [ 1252.656050][T20519] RDX: 0000000000010001 RSI: 0000200000000040 RDI: 0000000000000003 [ 1252.656065][T20519] RBP: 00007fc427694090 R08: 0000000000000000 R09: 0000000000000000 [ 1252.656079][T20519] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1252.656094][T20519] R13: 00007fc426a16038 R14: 00007fc426a15fa0 R15: 00007fff2bd64de8 [ 1252.656124][T20519] [ 1253.926493][T16387] Bluetooth: hci4: command 0x2016 tx timeout [ 1254.888875][T16365] Bluetooth: hci3: hcon ffff88805310c000 sent 0 < count 256 [ 1255.426203][T20557] random: crng reseeded on system resumption [ 1255.996067][T16387] Bluetooth: hci4: command 0x2016 tx timeout [ 1258.636172][T20610] nbd: must specify a device to reconfigure [ 1259.491468][T20621] random: crng reseeded on system resumption [ 1264.183043][T20703] random: crng reseeded on system resumption [ 1264.911236][T16365] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1264.919131][T16365] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1269.310225][T20772] random: crng reseeded on system resumption [ 1269.924801][T16365] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1269.935794][T16365] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1270.455194][T20791] openvswitch: ovs_ÿþ: Dropping previously announced user features [ 1272.476724][T20825] random: crng reseeded on system resumption [ 1274.255113][T20842] FAULT_INJECTION: forcing a failure. [ 1274.255113][T20842] name failslab, interval 1, probability 0, space 0, times 0 [ 1274.349760][T20842] CPU: 0 UID: 0 PID: 20842 Comm: syz.5.2974 Tainted: G L syzkaller #0 PREEMPT(full) [ 1274.349799][T20842] Tainted: [L]=SOFTLOCKUP [ 1274.349808][T20842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1274.349822][T20842] Call Trace: [ 1274.349831][T20842] [ 1274.349840][T20842] dump_stack_lvl+0x100/0x190 [ 1274.349872][T20842] should_fail_ex.cold+0x5/0xa [ 1274.349903][T20842] should_failslab+0xc2/0x120 [ 1274.349933][T20842] kmem_cache_alloc_node_noprof+0x81/0x6f0 [ 1274.349974][T20842] ? __alloc_skb+0x140/0x710 [ 1274.350071][T20842] ? __alloc_skb+0x5b7/0x710 [ 1274.350097][T20842] __alloc_skb+0x140/0x710 [ 1274.350117][T20842] ? __alloc_skb+0x5b7/0x710 [ 1274.350138][T20842] ? __pfx___alloc_skb+0x10/0x10 [ 1274.350168][T20842] netlink_alloc_large_skb+0x69/0x150 [ 1274.350205][T20842] netlink_sendmsg+0x680/0xda0 [ 1274.350244][T20842] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1274.350282][T20842] ? __import_iovec+0x1d2/0x640 [ 1274.350328][T20842] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 1274.350359][T20842] ____sys_sendmsg+0x9e1/0xb70 [ 1274.350390][T20842] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1274.350424][T20842] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1274.350492][T20842] ___sys_sendmsg+0x190/0x1e0 [ 1274.350527][T20842] ? __pfx____sys_sendmsg+0x10/0x10 [ 1274.350594][T20842] __sys_sendmsg+0x170/0x220 [ 1274.350619][T20842] ? __pfx___sys_sendmsg+0x10/0x10 [ 1274.350657][T20842] ? rcu_is_watching+0x12/0xc0 [ 1274.350688][T20842] do_syscall_64+0x115/0x840 [ 1274.350722][T20842] ? clear_bhb_loop+0x40/0x90 [ 1274.350751][T20842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1274.350776][T20842] RIP: 0033:0x7f55ccd9ce59 [ 1274.350796][T20842] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1274.350820][T20842] RSP: 002b:00007f55cdb99028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1274.350843][T20842] RAX: ffffffffffffffda RBX: 00007f55cd015fa0 RCX: 00007f55ccd9ce59 [ 1274.350860][T20842] RDX: 0000000004000000 RSI: 0000200000005240 RDI: 0000000000000003 [ 1274.350874][T20842] RBP: 00007f55cdb99090 R08: 0000000000000000 R09: 0000000000000000 [ 1274.350889][T20842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1274.350903][T20842] R13: 00007f55cd016038 R14: 00007f55cd015fa0 R15: 00007ffdc98599e8 [ 1274.350934][T20842] [ 1276.089765][T20859] random: crng reseeded on system resumption [ 1277.552126][T20887] FAULT_INJECTION: forcing a failure. [ 1277.552126][T20887] name failslab, interval 1, probability 0, space 0, times 0 [ 1277.596248][T20887] CPU: 0 UID: 0 PID: 20887 Comm: syz.5.2986 Tainted: G L syzkaller #0 PREEMPT(full) [ 1277.596288][T20887] Tainted: [L]=SOFTLOCKUP [ 1277.596297][T20887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1277.596313][T20887] Call Trace: [ 1277.596321][T20887] [ 1277.596331][T20887] dump_stack_lvl+0x100/0x190 [ 1277.596361][T20887] should_fail_ex.cold+0x5/0xa [ 1277.596393][T20887] ? tomoyo_encode2+0xfb/0x3c0 [ 1277.596428][T20887] should_failslab+0xc2/0x120 [ 1277.596458][T20887] __kmalloc_noprof+0xe0/0x850 [ 1277.596480][T20887] ? d_absolute_path+0x136/0x1b0 [ 1277.596509][T20887] tomoyo_encode2+0xfb/0x3c0 [ 1277.596549][T20887] tomoyo_encode+0x29/0x50 [ 1277.596591][T20887] tomoyo_realpath_from_path+0x18c/0x690 [ 1277.596636][T20887] tomoyo_check_open_permission+0x2af/0x3c0 [ 1277.596669][T20887] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 1277.596713][T20887] ? hook_file_open+0x24e/0x7a0 [ 1277.596764][T20887] ? path_get+0x61/0x80 [ 1277.596804][T20887] tomoyo_file_open+0x6b/0x90 [ 1277.596829][T20887] security_file_open+0xb5/0x1e0 [ 1277.596864][T20887] do_dentry_open+0x588/0x14d0 [ 1277.596902][T20887] vfs_open+0x82/0x3f0 [ 1277.596942][T20887] path_openat+0x208c/0x31a0 [ 1277.596983][T20887] ? __pfx_path_openat+0x10/0x10 [ 1277.597026][T20887] do_file_open+0x20e/0x430 [ 1277.597061][T20887] ? __pfx_do_file_open+0x10/0x10 [ 1277.597113][T20887] ? alloc_fd+0x476/0x790 [ 1277.597146][T20887] ? do_getname+0x191/0x390 [ 1277.597186][T20887] do_sys_openat2+0x10d/0x1e0 [ 1277.597224][T20887] ? __pfx_do_sys_openat2+0x10/0x10 [ 1277.597274][T20887] __x64_sys_openat+0x12d/0x210 [ 1277.597313][T20887] ? __pfx___x64_sys_openat+0x10/0x10 [ 1277.597352][T20887] ? ksys_write+0x1ac/0x250 [ 1277.597384][T20887] ? rcu_is_watching+0x12/0xc0 [ 1277.597417][T20887] do_syscall_64+0x115/0x840 [ 1277.597453][T20887] ? clear_bhb_loop+0x40/0x90 [ 1277.597483][T20887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1277.597510][T20887] RIP: 0033:0x7f55ccd9ce59 [ 1277.597530][T20887] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1277.597555][T20887] RSP: 002b:00007f55cdb99028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1277.597578][T20887] RAX: ffffffffffffffda RBX: 00007f55cd015fa0 RCX: 00007f55ccd9ce59 [ 1277.597601][T20887] RDX: 00000000000c8042 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1277.597624][T20887] RBP: 00007f55cce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1277.597641][T20887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1277.597656][T20887] R13: 00007f55cd016038 R14: 00007f55cd015fa0 R15: 00007ffdc98599e8 [ 1277.597689][T20887] [ 1277.600863][T20887] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1278.063359][T20890] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1278.894526][T20904] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1279.935850][T16365] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1279.943454][T16365] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1280.125341][T16365] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1280.132973][T16365] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1287.277268][T21003] random: crng reseeded on system resumption [ 1287.658335][T21011] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1287.929231][T21013] ubi0: attaching mtd0 [ 1288.067109][T21013] ubi0: scanning is finished [ 1288.161748][T21013] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1288.767602][T21013] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1290.783117][T21039] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1294.340923][T21065] sysfs_service_op_store: Client not running :-5: [ 1296.215409][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 1296.225410][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 1298.486081][T16365] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1298.493555][T16365] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 1301.083828][T21121] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 1303.707337][ T30] audit: type=1804 audit(2317333037.933:13): pid=21177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3041" name="/newroot/99/file0" dev="tmpfs" ino=551 res=1 errno=0 [ 1303.854085][ T30] audit: type=1804 audit(2317333037.963:14): pid=21181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.3041" name="/newroot/99/file0" dev="tmpfs" ino=551 res=1 errno=0 [ 1304.978174][T16365] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1304.987410][T16365] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 1306.224375][T21218] ubi0: attaching mtd0 [ 1306.356357][T21218] ubi0: scanning is finished [ 1306.446852][T21218] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1307.856887][T21218] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1311.721870][T21263] random: crng reseeded on system resumption [ 1318.638309][T21316] FAULT_INJECTION: forcing a failure. [ 1318.638309][T21316] name failslab, interval 1, probability 0, space 0, times 0 [ 1318.807914][T21316] CPU: 0 UID: 0 PID: 21316 Comm: syz.5.3066 Tainted: G L syzkaller #0 PREEMPT(full) [ 1318.807962][T21316] Tainted: [L]=SOFTLOCKUP [ 1318.807972][T21316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1318.807987][T21316] Call Trace: [ 1318.807996][T21316] [ 1318.808005][T21316] dump_stack_lvl+0x100/0x190 [ 1318.808038][T21316] should_fail_ex.cold+0x5/0xa [ 1318.808071][T21316] should_failslab+0xc2/0x120 [ 1318.808103][T21316] __kmalloc_cache_noprof+0x7a/0x6f0 [ 1318.808140][T21316] ? snd_card_file_add+0x52/0x330 [ 1318.808266][T21316] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 1318.808291][T21316] snd_card_file_add+0x52/0x330 [ 1318.808328][T21316] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 1318.808353][T21316] snd_pcm_open+0xf1/0x710 [ 1318.808380][T21316] ? __pfx_snd_pcm_open+0x10/0x10 [ 1318.808434][T21316] ? __pfx_snd_pcm_playback_open+0x10/0x10 [ 1318.808459][T21316] snd_pcm_playback_open+0x86/0xe0 [ 1318.808486][T21316] snd_open+0x201/0x450 [ 1318.808519][T21316] ? __pfx_snd_open+0x10/0x10 [ 1318.808550][T21316] chrdev_open+0x234/0x6a0 [ 1318.808583][T21316] ? __pfx_apparmor_file_open+0x10/0x10 [ 1318.808613][T21316] ? __pfx_chrdev_open+0x10/0x10 [ 1318.808647][T21316] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1318.808687][T21316] do_dentry_open+0x6ab/0x14d0 [ 1318.808717][T21316] ? __pfx_chrdev_open+0x10/0x10 [ 1318.808755][T21316] vfs_open+0x82/0x3f0 [ 1318.808795][T21316] path_openat+0x208c/0x31a0 [ 1318.808836][T21316] ? __pfx_path_openat+0x10/0x10 [ 1318.808878][T21316] do_file_open+0x20e/0x430 [ 1318.808912][T21316] ? __pfx_do_file_open+0x10/0x10 [ 1318.808971][T21316] ? alloc_fd+0x476/0x790 [ 1318.809006][T21316] ? do_getname+0x191/0x390 [ 1318.809046][T21316] do_sys_openat2+0x10d/0x1e0 [ 1318.809085][T21316] ? __pfx_do_sys_openat2+0x10/0x10 [ 1318.809126][T21316] ? __fget_files+0x21f/0x3d0 [ 1318.809163][T21316] __x64_sys_openat+0x12d/0x210 [ 1318.809202][T21316] ? __pfx___x64_sys_openat+0x10/0x10 [ 1318.809247][T21316] ? rcu_is_watching+0x12/0xc0 [ 1318.809280][T21316] do_syscall_64+0x115/0x840 [ 1318.809317][T21316] ? clear_bhb_loop+0x40/0x90 [ 1318.809348][T21316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1318.809374][T21316] RIP: 0033:0x7f55ccd9ce59 [ 1318.809395][T21316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1318.809421][T21316] RSP: 002b:00007f55caff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1318.809444][T21316] RAX: ffffffffffffffda RBX: 00007f55cd016180 RCX: 00007f55ccd9ce59 [ 1318.809461][T21316] RDX: 0000000000002100 RSI: 0000200000004ec0 RDI: ffffffffffffff9c [ 1318.809477][T21316] RBP: 00007f55cce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1318.809492][T21316] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1318.809508][T21316] R13: 00007f55cd016218 R14: 00007f55cd016180 R15: 00007ffdc98599e8 [ 1318.809539][T21316] [ 1324.987646][T11891] netdevsim netdevsim1335 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1325.415070][T21400] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 1325.995415][T21414] ubi0: attaching mtd0 [ 1326.091993][T21414] ubi0: scanning is finished [ 1326.179219][T21414] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1326.447055][T21421] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3088'. [ 1326.488403][T21420] netlink: 334 bytes leftover after parsing attributes in process `syz.5.3090'. [ 1326.831839][T21414] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1327.050216][T21421] random: crng reseeded on system resumption [ 1328.504259][T21447] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1328.785618][T21452] random: crng reseeded on system resumption [ 1328.858117][T16365] Bluetooth: hci2: command 0x0406 tx timeout [ 1331.284741][T21488] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1332.750532][T16387] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 1334.739770][T21532] ubi0: attaching mtd0 [ 1334.878498][T21532] ubi0: scanning is finished [ 1335.003499][T21532] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1335.516990][T21532] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1335.837379][T16387] Bluetooth: hci3: Received unexpected HCI Event 0x00 [ 1336.093016][T21548] random: crng reseeded on system resumption [ 1338.719811][T21581] netlink: 4332 bytes leftover after parsing attributes in process `syz.5.3131'. [ 1338.732824][T16387] Bluetooth: hci4: Received unexpected HCI Event 0x00 [ 1338.971868][T21586] random: crng reseeded on system resumption [ 1339.143049][T16387] Bluetooth: hci3: hcon ffff88805310c000 sent 0 < count 256 [ 1339.855530][T21575] Process accounting resumed [ 1340.653782][T16387] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 1340.664596][T16387] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 1340.674117][T16387] CPU: 0 UID: 0 PID: 16387 Comm: kworker/u11:4 Tainted: G L syzkaller #0 PREEMPT(full) [ 1340.674157][T16387] Tainted: [L]=SOFTLOCKUP [ 1340.674166][T16387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1340.674184][T16387] Workqueue: hci2 hci_rx_work [ 1340.674218][T16387] Call Trace: [ 1340.674227][T16387] [ 1340.674238][T16387] dump_stack_lvl+0x100/0x190 [ 1340.674265][T16387] sysfs_warn_dup.cold+0x1c/0x28 [ 1340.674302][T16387] sysfs_create_dir_ns+0x24b/0x2b0 [ 1340.674331][T16387] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1340.674356][T16387] ? find_held_lock+0x2b/0x80 [ 1340.674387][T16387] ? kobject_add_internal+0x25f/0x930 [ 1340.674413][T16387] ? kobject_add_internal+0x25f/0x930 [ 1340.674447][T16387] ? do_raw_spin_unlock+0x145/0x1e0 [ 1340.674477][T16387] kobject_add_internal+0x2c8/0x930 [ 1340.674506][T16387] kobject_add+0x16a/0x1e0 [ 1340.674531][T16387] ? __pfx_kobject_add+0x10/0x10 [ 1340.674553][T16387] ? class_to_subsys+0x10f/0x150 [ 1340.674589][T16387] ? kobject_put+0xb9/0x640 [ 1340.674627][T16387] ? _raw_spin_unlock+0x28/0x50 [ 1340.674665][T16387] device_add+0x294/0x1950 [ 1340.674693][T16387] ? __pfx_dev_set_name+0x10/0x10 [ 1340.674726][T16387] ? __pfx_device_add+0x10/0x10 [ 1340.674753][T16387] ? mgmt_send_event_skb+0x2fb/0x460 [ 1340.674795][T16387] hci_conn_add_sysfs+0x1a3/0x260 [ 1340.674834][T16387] le_conn_complete_evt+0x11eb/0x1f60 [ 1340.674874][T16387] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 1340.674905][T16387] ? __pfx_bt_warn+0x10/0x10 [ 1340.674950][T16387] hci_le_conn_complete_evt+0x23c/0x3a0 [ 1340.674985][T16387] ? skb_pull_data+0x15f/0x1e0 [ 1340.675022][T16387] hci_le_meta_evt+0x34a/0x5f0 [ 1340.675059][T16387] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 1340.675096][T16387] hci_event_packet+0x51c/0xcd0 [ 1340.675129][T16387] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 1340.675164][T16387] ? __pfx_hci_event_packet+0x10/0x10 [ 1340.675200][T16387] ? kcov_remote_start+0x374/0x660 [ 1340.675236][T16387] ? lockdep_hardirqs_on+0x78/0x100 [ 1340.675279][T16387] hci_rx_work+0x451/0xfc0 [ 1340.675315][T16387] process_one_work+0xa0e/0x1980 [ 1340.675353][T16387] ? __pfx_process_one_work+0x10/0x10 [ 1340.675386][T16387] ? __pfx_hci_rx_work+0x10/0x10 [ 1340.675427][T16387] worker_thread+0x5ef/0xe50 [ 1340.675458][T16387] ? __pfx_worker_thread+0x10/0x10 [ 1340.675486][T16387] ? kthread+0x13a/0x450 [ 1340.675521][T16387] ? __pfx_worker_thread+0x10/0x10 [ 1340.675544][T16387] kthread+0x370/0x450 [ 1340.675580][T16387] ? __pfx_kthread+0x10/0x10 [ 1340.675619][T16387] ret_from_fork+0x72b/0xd50 [ 1340.675647][T16387] ? __pfx_ret_from_fork+0x10/0x10 [ 1340.675675][T16387] ? __switch_to+0x800/0x1100 [ 1340.675708][T16387] ? __switch_to_asm+0x39/0x70 [ 1340.675740][T16387] ? __pfx_kthread+0x10/0x10 [ 1340.675779][T16387] ret_from_fork_asm+0x1a/0x30 [ 1340.675825][T16387] [ 1340.675880][T16387] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 1340.998875][T16387] Bluetooth: hci2: failed to register connection device [ 1341.812797][T21628] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3142'. [ 1343.029931][T16365] Bluetooth: hci2: command 0x0406 tx timeout [ 1343.054237][T21642] ubi0: attaching mtd0 [ 1343.119787][T21642] ubi0: scanning is finished [ 1343.235989][T21642] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1344.014209][T21642] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1344.883686][T21663] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3148'. [ 1345.097235][T16365] Bluetooth: hci2: command 0x0406 tx timeout [ 1346.988642][T21673] FAULT_INJECTION: forcing a failure. [ 1346.988642][T21673] name failslab, interval 1, probability 0, space 0, times 0 [ 1347.043140][T21673] CPU: 0 UID: 0 PID: 21673 Comm: syz.6.3152 Tainted: G L syzkaller #0 PREEMPT(full) [ 1347.043179][T21673] Tainted: [L]=SOFTLOCKUP [ 1347.043188][T21673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1347.043202][T21673] Call Trace: [ 1347.043210][T21673] [ 1347.043220][T21673] dump_stack_lvl+0x100/0x190 [ 1347.043250][T21673] should_fail_ex.cold+0x5/0xa [ 1347.043280][T21673] should_failslab+0xc2/0x120 [ 1347.043309][T21673] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1347.043348][T21673] ? ptlock_alloc+0x1f/0x70 [ 1347.043381][T21673] ? __thp_vma_allowable_orders+0x1d9/0xce0 [ 1347.043419][T21673] ptlock_alloc+0x1f/0x70 [ 1347.043454][T21673] pte_alloc_one+0x82/0x3d0 [ 1347.043487][T21673] do_huge_pmd_anonymous_page+0x805/0x16c0 [ 1347.043534][T21673] __handle_mm_fault+0x239e/0x2a00 [ 1347.043575][T21673] ? mt_find+0x45e/0x8e0 [ 1347.043612][T21673] ? __pfx___handle_mm_fault+0x10/0x10 [ 1347.043647][T21673] ? __pfx_mt_find+0x10/0x10 [ 1347.043686][T21673] ? __lock_acquire+0x4a5/0x2630 [ 1347.043732][T21673] ? pmdp_set_access_flags+0x12d/0x1a0 [ 1347.043774][T21673] handle_mm_fault+0x37b/0xa30 [ 1347.043815][T21673] __get_user_pages+0x1178/0x32a0 [ 1347.043857][T21673] ? __pfx___get_user_pages+0x10/0x10 [ 1347.043886][T21673] ? __gup_longterm_locked+0x109c/0x16f0 [ 1347.043917][T21673] ? __gup_longterm_locked+0x109c/0x16f0 [ 1347.043954][T21673] __gup_longterm_locked+0x87d/0x16f0 [ 1347.043990][T21673] ? lock_acquire+0x1b1/0x370 [ 1347.044034][T21673] ? __pfx___gup_longterm_locked+0x10/0x10 [ 1347.044070][T21673] ? find_held_lock+0x2b/0x80 [ 1347.044100][T21673] ? sanity_check_pinned_pages+0x4f2/0x8b0 [ 1347.044128][T21673] ? rcu_is_watching+0x12/0xc0 [ 1347.044162][T21673] gup_fast_fallback+0x16dc/0x2790 [ 1347.044212][T21673] ? __pfx_gup_fast_fallback+0x10/0x10 [ 1347.044247][T21673] ? lockdep_hardirqs_on+0x78/0x100 [ 1347.044284][T21673] ? rcu_is_watching+0x12/0xc0 [ 1347.044311][T21673] ? trace_sched_exit_tp+0x11c/0x160 [ 1347.044352][T21673] pin_user_pages_fast+0xa7/0xf0 [ 1347.044383][T21673] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 1347.044415][T21673] ? iov_iter_advance+0xac/0x6d0 [ 1347.044454][T21673] iov_iter_extract_pages+0xa0d/0x1ef0 [ 1347.044499][T21673] ? __pfx_iov_iter_extract_pages+0x10/0x10 [ 1347.044538][T21673] ? find_held_lock+0x2b/0x80 [ 1347.044567][T21673] ? rcu_preempt_deferred_qs_irqrestore+0x4fd/0xb90 [ 1347.044607][T21673] ? rcu_is_watching+0x12/0xc0 [ 1347.044634][T21673] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 1347.044666][T21673] ? iov_iter_revert+0x252/0x5b0 [ 1347.044697][T21673] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1347.044733][T21673] iov_iter_extract_bvecs+0x10b/0xa60 [ 1347.044778][T21673] ? __pfx_iov_iter_extract_bvecs+0x10/0x10 [ 1347.044811][T21673] ? bio_init+0x404/0x610 [ 1347.044908][T21673] ? bio_alloc_bioset+0x24a/0x1070 [ 1347.044939][T21673] bio_iov_iter_get_pages+0x26f/0x670 [ 1347.044979][T21673] blkdev_direct_IO+0x1302/0x1fb0 [ 1347.045057][T21673] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 1347.045109][T21673] blkdev_write_iter+0x703/0xd70 [ 1347.045154][T21673] vfs_write+0x6ac/0x1070 [ 1347.045183][T21673] ? __pfx_blkdev_write_iter+0x10/0x10 [ 1347.045224][T21673] ? __pfx_vfs_write+0x10/0x10 [ 1347.045250][T21673] ? find_held_lock+0x2b/0x80 [ 1347.045296][T21673] ksys_write+0x12a/0x250 [ 1347.045325][T21673] ? __pfx_ksys_write+0x10/0x10 [ 1347.045356][T21673] ? rcu_is_watching+0x12/0xc0 [ 1347.045387][T21673] do_syscall_64+0x115/0x840 [ 1347.045420][T21673] ? clear_bhb_loop+0x40/0x90 [ 1347.045450][T21673] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1347.045475][T21673] RIP: 0033:0x7fa42bb9ce59 [ 1347.045495][T21673] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1347.045520][T21673] RSP: 002b:00007fa42c99f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1347.045543][T21673] RAX: ffffffffffffffda RBX: 00007fa42be15fa0 RCX: 00007fa42bb9ce59 [ 1347.045559][T21673] RDX: 000000100000a3da RSI: 0000200000000480 RDI: 0000000000000003 [ 1347.045574][T21673] RBP: 00007fa42c99f090 R08: 0000000000000000 R09: 0000000000000000 [ 1347.045589][T21673] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1347.045603][T21673] R13: 00007fa42be16038 R14: 00007fa42be15fa0 R15: 00007ffdaae60518 [ 1347.045633][T21673] [ 1348.839810][T21689] netlink: 354 bytes leftover after parsing attributes in process `syz.6.3158'. [ 1348.930400][T21689] tipc: Can't bind to reserved service type 63 [ 1349.259293][T21699] FAULT_INJECTION: forcing a failure. [ 1349.259293][T21699] name failslab, interval 1, probability 0, space 0, times 0 [ 1349.412181][T21699] CPU: 0 UID: 0 PID: 21699 Comm: syz.5.3160 Tainted: G L syzkaller #0 PREEMPT(full) [ 1349.412223][T21699] Tainted: [L]=SOFTLOCKUP [ 1349.412232][T21699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1349.412247][T21699] Call Trace: [ 1349.412256][T21699] [ 1349.412266][T21699] dump_stack_lvl+0x100/0x190 [ 1349.412297][T21699] should_fail_ex.cold+0x5/0xa [ 1349.412330][T21699] should_failslab+0xc2/0x120 [ 1349.412364][T21699] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1349.412406][T21699] ? security_inode_alloc+0x3b/0x2c0 [ 1349.412434][T21699] ? lockdep_init_map_type+0x5c/0x250 [ 1349.412479][T21699] security_inode_alloc+0x3b/0x2c0 [ 1349.412508][T21699] inode_init_always_gfp+0xc77/0xfb0 [ 1349.412544][T21699] alloc_inode+0x8e/0x250 [ 1349.412583][T21699] new_inode+0x22/0x1c0 [ 1349.412624][T21699] shmem_get_inode+0x1e3/0xfb0 [ 1349.412662][T21699] ? __pfx_shmem_get_inode+0x10/0x10 [ 1349.412704][T21699] __shmem_file_setup+0x168/0x460 [ 1349.412741][T21699] ? __pfx___shmem_file_setup+0x10/0x10 [ 1349.412784][T21699] newseg+0x3c0/0xed0 [ 1349.412823][T21699] ? __pfx_newseg+0x10/0x10 [ 1349.412856][T21699] ? find_held_lock+0x2b/0x80 [ 1349.412911][T21699] ? ipcget+0x8aa/0xf50 [ 1349.413016][T21699] ipcget+0x909/0xf50 [ 1349.413049][T21699] ? do_futex+0x192/0x350 [ 1349.413083][T21699] ? __pfx_ipcget+0x10/0x10 [ 1349.413119][T21699] ? __x64_sys_futex+0x34f/0x4d0 [ 1349.413143][T21699] ? __x64_sys_futex+0x358/0x4d0 [ 1349.413173][T21699] __x64_sys_shmget+0x13b/0x1b0 [ 1349.413209][T21699] ? __pfx___x64_sys_shmget+0x10/0x10 [ 1349.413247][T21699] ? rcu_is_watching+0x12/0xc0 [ 1349.413279][T21699] do_syscall_64+0x115/0x840 [ 1349.413315][T21699] ? clear_bhb_loop+0x40/0x90 [ 1349.413345][T21699] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1349.413371][T21699] RIP: 0033:0x7f55ccd9ce59 [ 1349.413392][T21699] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1349.413417][T21699] RSP: 002b:00007f55cabd3028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 1349.413440][T21699] RAX: ffffffffffffffda RBX: 00007f55cd016270 RCX: 00007f55ccd9ce59 [ 1349.413457][T21699] RDX: 0000000000005300 RSI: 0000000000000001 RDI: 00000000000006a2 [ 1349.413472][T21699] RBP: 00007f55cce32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1349.413488][T21699] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1349.413503][T21699] R13: 00007f55cd016308 R14: 00007f55cd016270 R15: 00007ffdc98599e8 [ 1349.413535][T21699] [ 1350.021288][T21703] netlink: 346 bytes leftover after parsing attributes in process `syz.5.3160'. [ 1350.751055][T21711] ubi0: attaching mtd0 [ 1350.837328][T21711] ubi0: scanning is finished [ 1350.906110][T21711] ubi0 error: ubi_read_volume_table: the layout volume was not found [ 1351.613383][T21711] ubi0 error: ubi_attach_mtd_dev: failed to attach mtd0, error -22 [ 1352.944061][T16387] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 1352.951665][T16387] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 1357.370738][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 1357.378317][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 1358.270811][T21802] FAULT_INJECTION: forcing a failure. [ 1358.270811][T21802] name failslab, interval 1, probability 0, space 0, times 0 [ 1358.419103][T21802] CPU: 0 UID: 0 PID: 21802 Comm: syz.3.3177 Tainted: G L syzkaller #0 PREEMPT(full) [ 1358.419144][T21802] Tainted: [L]=SOFTLOCKUP [ 1358.419153][T21802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1358.419169][T21802] Call Trace: [ 1358.419177][T21802] [ 1358.419187][T21802] dump_stack_lvl+0x100/0x190 [ 1358.419218][T21802] should_fail_ex.cold+0x5/0xa [ 1358.419259][T21802] should_failslab+0xc2/0x120 [ 1358.419290][T21802] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 1358.419330][T21802] ? mas_preallocate+0x1105/0x14a0 [ 1358.419361][T21802] mas_preallocate+0x1105/0x14a0 [ 1358.419390][T21802] ? __pfx_mas_preallocate+0x10/0x10 [ 1358.419420][T21802] ? vm_area_alloc+0x1f/0x160 [ 1358.419460][T21802] ? lockdep_init_map_type+0x5c/0x250 [ 1358.419504][T21802] __mmap_region+0x124a/0x2dd0 [ 1358.419548][T21802] ? __pfx___mmap_region+0x10/0x10 [ 1358.419612][T21802] ? __lock_acquire+0x4a5/0x2630 [ 1358.419652][T21802] ? do_raw_spin_unlock+0x145/0x1e0 [ 1358.419681][T21802] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 1358.419729][T21802] ? rcu_is_watching+0x12/0xc0 [ 1358.419770][T21802] ? rcu_is_watching+0x12/0xc0 [ 1358.419798][T21802] ? finish_task_switch.isra.0+0x2cb/0x1010 [ 1358.419830][T21802] ? lockdep_hardirqs_on+0x78/0x100 [ 1358.419910][T21802] mmap_region+0x35d/0x620 [ 1358.419934][T21802] ? rcu_is_watching+0x12/0xc0 [ 1358.419962][T21802] ? __pfx_mmap_region+0x10/0x10 [ 1358.419989][T21802] ? cap_mmap_addr+0x4b/0x120 [ 1358.420013][T21802] ? bpf_lsm_mmap_addr+0x9/0x30 [ 1358.420036][T21802] ? security_mmap_addr+0x71/0x1e0 [ 1358.420069][T21802] ? __get_unmapped_area+0x255/0x3e0 [ 1358.420104][T21802] do_mmap+0xc63/0x12f0 [ 1358.420141][T21802] ? __pfx_do_mmap+0x10/0x10 [ 1358.420173][T21802] ? __pfx_down_write_killable+0x10/0x10 [ 1358.420219][T21802] vm_mmap_pgoff+0x29e/0x470 [ 1358.420261][T21802] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 1358.420295][T21802] ? do_futex+0x192/0x350 [ 1358.420321][T21802] ? __pfx_do_futex+0x10/0x10 [ 1358.420353][T21802] ksys_mmap_pgoff+0xe4/0x610 [ 1358.420384][T21802] ? __x64_sys_futex+0x358/0x4d0 [ 1358.420410][T21802] ? __pfx_ksys_mmap_pgoff+0x10/0x10 [ 1358.420440][T21802] ? xfd_validate_state+0x129/0x190 [ 1358.420463][T21802] ? ksys_write+0x1ac/0x250 [ 1358.420497][T21802] __x64_sys_mmap+0x125/0x190 [ 1358.420526][T21802] do_syscall_64+0x115/0x840 [ 1358.420560][T21802] ? clear_bhb_loop+0x40/0x90 [ 1358.420597][T21802] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1358.420623][T21802] RIP: 0033:0x7fc42679ce59 [ 1358.420644][T21802] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1358.420670][T21802] RSP: 002b:00007fc427694028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 1358.420694][T21802] RAX: ffffffffffffffda RBX: 00007fc426a15fa0 RCX: 00007fc42679ce59 [ 1358.420711][T21802] RDX: 0000000000008003 RSI: 000000000202000d RDI: 0000000000000000 [ 1358.420727][T21802] RBP: 00007fc426832d6f R08: fffffffffffffffa R09: 0000000000008000 [ 1358.420743][T21802] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 1358.420758][T21802] R13: 00007fc426a16038 R14: 00007fc426a15fa0 R15: 00007fff2bd64de8 [ 1358.420795][T21802] [ 1359.271797][T16365] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1359.279348][T16365] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 1364.737786][T16387] Bluetooth: hci0: Received unexpected HCI Event 0x00 [ 1365.845704][T21892] nbd: must specify at least one socket [ 1366.284517][T16387] Bluetooth: hci4: unexpected event 0x3e length: 726 > 260 [ 1366.284552][T16387] Bluetooth: hci4: unexpected subevent 0x06 length: 725 > 10 [ 1366.612078][T16387] Bluetooth: hci3: hcon ffff88805310c000 sent 0 < count 256 [ 1367.848015][T21920] FAULT_INJECTION: forcing a failure. [ 1367.848015][T21920] name failslab, interval 1, probability 0, space 0, times 0 [ 1368.062366][T21920] CPU: 0 UID: 0 PID: 21920 Comm: syz.6.3200 Tainted: G L syzkaller #0 PREEMPT(full) [ 1368.062404][T21920] Tainted: [L]=SOFTLOCKUP [ 1368.062412][T21920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1368.062426][T21920] Call Trace: [ 1368.062434][T21920] [ 1368.062444][T21920] dump_stack_lvl+0x100/0x190 [ 1368.062474][T21920] should_fail_ex.cold+0x5/0xa [ 1368.062504][T21920] ? tomoyo_realpath_from_path+0xb6/0x690 [ 1368.062539][T21920] should_failslab+0xc2/0x120 [ 1368.062573][T21920] __kmalloc_noprof+0xe0/0x850 [ 1368.062600][T21920] ? kfree+0x1dd/0x6c0 [ 1368.062647][T21920] tomoyo_realpath_from_path+0xb6/0x690 [ 1368.062689][T21920] tomoyo_path_number_perm+0x23c/0x580 [ 1368.062718][T21920] ? tomoyo_path_number_perm+0x22e/0x580 [ 1368.062750][T21920] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1368.062808][T21920] ? find_held_lock+0x2b/0x80 [ 1368.062838][T21920] ? __fget_files+0x215/0x3d0 [ 1368.062865][T21920] ? hook_file_ioctl_common+0x149/0x410 [ 1368.062895][T21920] ? __fget_files+0x215/0x3d0 [ 1368.062930][T21920] ? __fget_files+0x21f/0x3d0 [ 1368.062967][T21920] security_file_ioctl+0xd3/0x230 [ 1368.063000][T21920] __x64_sys_ioctl+0xb7/0x210 [ 1368.063027][T21920] do_syscall_64+0x115/0x840 [ 1368.063061][T21920] ? clear_bhb_loop+0x40/0x90 [ 1368.063091][T21920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1368.063116][T21920] RIP: 0033:0x7fa42bb9ce59 [ 1368.063139][T21920] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1368.063163][T21920] RSP: 002b:00007fa42c99f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1368.063191][T21920] RAX: ffffffffffffffda RBX: 00007fa42be15fa0 RCX: 00007fa42bb9ce59 [ 1368.063207][T21920] RDX: 0000200000000180 RSI: 0000000000000707 RDI: 0000000000000003 [ 1368.063221][T21920] RBP: 00007fa42c99f090 R08: 0000000000000000 R09: 0000000000000000 [ 1368.063236][T21920] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1368.063250][T21920] R13: 00007fa42be16038 R14: 00007fa42be15fa0 R15: 00007ffdaae60518 [ 1368.063281][T21920] [ 1368.506431][T21920] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1368.642846][T16387] Bluetooth: hci4: command 0x2016 tx timeout [ 1370.373010][T21948] netlink: 334 bytes leftover after parsing attributes in process `syz.6.3206'. [ 1372.666041][T21963] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1372.776363][T21963] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1373.021783][T21963] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1373.155248][T21963] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1373.247554][T21963] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1373.374337][T21963] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1373.439787][T21963] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1373.584329][T21963] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1373.736352][T21963] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1373.881783][T21963] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1374.000056][T21963] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1374.060436][T21963] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1374.216847][T21963] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1374.374156][T21963] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1374.440608][T21963] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1374.610967][T21963] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1374.718435][T16387] Bluetooth: hci3: command 0x2016 tx timeout [ 1374.754342][T21963] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1375.433783][T16387] Bluetooth: hci4: command 0x2016 tx timeout [ 1375.992221][T16387] Bluetooth: hci0: command 0x2016 tx timeout [ 1376.389350][T16387] Bluetooth: hci2: command 0x0406 tx timeout [ 1376.522607][T22006] random: crng reseeded on system resumption [ 1376.787729][T16387] Bluetooth: hci3: command 0x2016 tx timeout [ 1377.453944][T22010] FAULT_INJECTION: forcing a failure. [ 1377.453944][T22010] name failslab, interval 1, probability 0, space 0, times 0 [ 1377.505271][T16387] Bluetooth: hci4: command 0x2016 tx timeout [ 1377.582249][T22010] CPU: 0 UID: 0 PID: 22010 Comm: syz.2.3219 Tainted: G L syzkaller #0 PREEMPT(full) [ 1377.582289][T22010] Tainted: [L]=SOFTLOCKUP [ 1377.582297][T22010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1377.582312][T22010] Call Trace: [ 1377.582320][T22010] [ 1377.582330][T22010] dump_stack_lvl+0x100/0x190 [ 1377.582361][T22010] should_fail_ex.cold+0x5/0xa [ 1377.582392][T22010] should_failslab+0xc2/0x120 [ 1377.582423][T22010] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 1377.582464][T22010] ? __d_alloc+0x34/0xa40 [ 1377.582497][T22010] ? __pfx_find_ucounts+0x10/0x10 [ 1377.582538][T22010] __d_alloc+0x34/0xa40 [ 1377.582575][T22010] d_alloc_pseudo+0x1c/0xc0 [ 1377.582599][T22010] alloc_file_pseudo+0xcf/0x230 [ 1377.582638][T22010] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1377.582678][T22010] ? _raw_spin_unlock+0x28/0x50 [ 1377.582709][T22010] ? alloc_fd+0x476/0x790 [ 1377.582741][T22010] __anon_inode_getfile+0xe8/0x280 [ 1377.582782][T22010] __anon_inode_getfd+0x5c/0xe0 [ 1377.582823][T22010] do_inotify_init+0x483/0x5e0 [ 1377.582849][T22010] __x64_sys_inotify_init1+0x30/0x40 [ 1377.582874][T22010] do_syscall_64+0x115/0x840 [ 1377.582908][T22010] ? clear_bhb_loop+0x40/0x90 [ 1377.582939][T22010] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1377.582974][T22010] RIP: 0033:0x7fd36a39ce59 [ 1377.582994][T22010] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1377.583020][T22010] RSP: 002b:00007fd36b183028 EFLAGS: 00000246 ORIG_RAX: 0000000000000126 [ 1377.583044][T22010] RAX: ffffffffffffffda RBX: 00007fd36a616180 RCX: 00007fd36a39ce59 [ 1377.583061][T22010] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0003000000000000 [ 1377.583076][T22010] RBP: 00007fd36a432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1377.583091][T22010] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1377.583106][T22010] R13: 00007fd36a616218 R14: 00007fd36a616180 R15: 00007fff1eefc3b8 [ 1377.583137][T22010] [ 1378.157195][T16387] Bluetooth: hci0: command 0x2016 tx timeout [ 1378.496768][T16387] Bluetooth: hci2: command 0x0406 tx timeout [ 1378.857667][T16387] Bluetooth: hci3: command 0x2016 tx timeout [ 1379.447746][T22022] capability: warning: `syz.5.3221' uses deprecated v2 capabilities in a way that may be insecure [ 1379.576095][T16387] Bluetooth: hci4: command 0x2016 tx timeout [ 1379.610098][T22024] syz.5.3221 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 1380.214120][T16387] Bluetooth: hci0: command 0x2016 tx timeout [ 1380.529960][T16387] Bluetooth: hci2: command 0x0406 tx timeout [ 1380.928376][T16387] Bluetooth: hci3: command 0x2016 tx timeout [ 1381.409564][T16387] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 1381.644587][T16387] Bluetooth: hci4: command 0x2016 tx timeout [ 1381.669417][T22059] nbd: must specify at least one socket [ 1382.600106][T16387] Bluetooth: hci2: command 0x0406 tx timeout [ 1382.998387][T16387] Bluetooth: hci3: command 0x2016 tx timeout [ 1383.714852][T16387] Bluetooth: hci4: command 0x2016 tx timeout [ 1384.714351][T22082] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1384.780513][T22082] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1388.909086][T22138] random: crng reseeded on system resumption [ 1388.962599][T22138] FAULT_INJECTION: forcing a failure. [ 1388.962599][T22138] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1389.047518][T22138] CPU: 0 UID: 0 PID: 22138 Comm: syz.2.3245 Tainted: G L syzkaller #0 PREEMPT(full) [ 1389.047559][T22138] Tainted: [L]=SOFTLOCKUP [ 1389.047568][T22138] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1389.047584][T22138] Call Trace: [ 1389.047592][T22138] [ 1389.047602][T22138] dump_stack_lvl+0x100/0x190 [ 1389.047638][T22138] should_fail_ex.cold+0x5/0xa [ 1389.047665][T22138] ? prepare_alloc_pages+0x16d/0x5f0 [ 1389.047702][T22138] should_fail_alloc_page+0xeb/0x140 [ 1389.047734][T22138] prepare_alloc_pages+0x1f0/0x5f0 [ 1389.047771][T22138] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 1389.047817][T22138] ? __alloc_frozen_pages_noprof+0x2b1/0x2bc0 [ 1389.047867][T22138] ? stack_trace_save+0x8e/0xc0 [ 1389.047900][T22138] ? __pfx_stack_trace_save+0x10/0x10 [ 1389.047932][T22138] ? arch_stack_walk+0xa6/0xf0 [ 1389.047961][T22138] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1389.048005][T22138] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1389.048051][T22138] ? kasan_save_stack+0x30/0x50 [ 1389.048074][T22138] ? kasan_save_track+0x14/0x30 [ 1389.048098][T22138] ? __kasan_kmalloc+0xaa/0xb0 [ 1389.048121][T22138] ? memory_bm_create+0x14d/0xba0 [ 1389.048156][T22138] ? do_syscall_64+0x115/0x840 [ 1389.048191][T22138] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1389.048221][T22138] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1389.048258][T22138] ? policy_nodemask+0xed/0x4f0 [ 1389.048298][T22138] alloc_pages_mpol+0x1fb/0x540 [ 1389.048330][T22138] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1389.048361][T22138] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1389.048396][T22138] alloc_pages_noprof+0x1a/0x160 [ 1389.048432][T22138] get_zeroed_page_noprof+0x18/0xb0 [ 1389.048463][T22138] get_image_page+0x18/0x1a0 [ 1389.048495][T22138] alloc_rtree_node+0x3c/0xb0 [ 1389.048526][T22138] memory_bm_create+0x65e/0xba0 [ 1389.048570][T22138] create_basic_memory_bitmaps+0x10b/0x350 [ 1389.048609][T22138] snapshot_open+0x230/0x2a0 [ 1389.048645][T22138] ? __pfx_snapshot_open+0x10/0x10 [ 1389.048681][T22138] misc_open+0x26d/0x450 [ 1389.048790][T22138] ? __pfx_misc_open+0x10/0x10 [ 1389.048815][T22138] chrdev_open+0x234/0x6a0 [ 1389.048847][T22138] ? __pfx_apparmor_file_open+0x10/0x10 [ 1389.048875][T22138] ? __pfx_chrdev_open+0x10/0x10 [ 1389.048908][T22138] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 1389.048949][T22138] do_dentry_open+0x6ab/0x14d0 [ 1389.048978][T22138] ? __pfx_chrdev_open+0x10/0x10 [ 1389.049017][T22138] vfs_open+0x82/0x3f0 [ 1389.049057][T22138] path_openat+0x208c/0x31a0 [ 1389.049098][T22138] ? __pfx_path_openat+0x10/0x10 [ 1389.049141][T22138] do_file_open+0x20e/0x430 [ 1389.049175][T22138] ? __pfx_do_file_open+0x10/0x10 [ 1389.049229][T22138] ? alloc_fd+0x476/0x790 [ 1389.049262][T22138] ? do_getname+0x191/0x390 [ 1389.049308][T22138] do_sys_openat2+0x10d/0x1e0 [ 1389.049348][T22138] ? __pfx_do_sys_openat2+0x10/0x10 [ 1389.049389][T22138] ? __fget_files+0x21f/0x3d0 [ 1389.049425][T22138] __x64_sys_openat+0x12d/0x210 [ 1389.049466][T22138] ? __pfx___x64_sys_openat+0x10/0x10 [ 1389.049511][T22138] ? rcu_is_watching+0x12/0xc0 [ 1389.049544][T22138] do_syscall_64+0x115/0x840 [ 1389.049579][T22138] ? clear_bhb_loop+0x40/0x90 [ 1389.049610][T22138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1389.049636][T22138] RIP: 0033:0x7fd36a39ce59 [ 1389.049658][T22138] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1389.049682][T22138] RSP: 002b:00007fd36b1c5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 1389.049706][T22138] RAX: ffffffffffffffda RBX: 00007fd36a615fa0 RCX: 00007fd36a39ce59 [ 1389.049723][T22138] RDX: 0000000000008001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 1389.049739][T22138] RBP: 00007fd36a432d6f R08: 0000000000000000 R09: 0000000000000000 [ 1389.049754][T22138] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1389.049769][T22138] R13: 00007fd36a616038 R14: 00007fd36a615fa0 R15: 00007fff1eefc3b8 [ 1389.049801][T22138] [ 1393.521206][T22202] snd_aloop snd_aloop.0: Parsing timer source '' failed with -22 [ 1395.381912][T22229] netlink: 'syz.2.3260': attribute type 11 has an invalid length. [ 1397.057389][T16387] Bluetooth: hci3: hcon ffff88803f768000 sent 0 < count 256 [ 1398.482254][T22277] nbd: must specify at least one socket [ 1398.933766][T16387] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 1399.848380][T16387] Bluetooth: hci4: hcon ffff88805ed94000 sent 0 < count 256 [ 1400.235686][T22302] blktrace: Concurrent blktraces are not allowed on loop2 [ 1400.260813][ T30] audit: type=1326 audit(2317333134.937:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22300 comm="syz.2.3273" exe="/root/ci-qemu-gce-upstream-auto/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd36a39ce59 code=0x0 [ 1402.211156][T22329] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3276'. [ 1402.292120][T22327] ================================================================== [ 1402.292158][T22327] BUG: KASAN: slab-out-of-bounds in fbcon_prepare_logo+0x94e/0xc60 [ 1402.292288][T22327] Read of size 26 at addr ffff888079c78df0 by task syz.6.3276/22327 [ 1402.292310][T22327] [ 1402.292325][T22327] CPU: 0 UID: 0 PID: 22327 Comm: syz.6.3276 Tainted: G L syzkaller #0 PREEMPT(full) [ 1402.292360][T22327] Tainted: [L]=SOFTLOCKUP [ 1402.292369][T22327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1402.292386][T22327] Call Trace: [ 1402.292395][T22327] [ 1402.292405][T22327] dump_stack_lvl+0x100/0x190 [ 1402.292438][T22327] print_report+0x13d/0x4b0 [ 1402.292475][T22327] ? __virt_addr_valid+0x239/0x430 [ 1402.292515][T22327] ? fbcon_prepare_logo+0x94e/0xc60 [ 1402.292554][T22327] kasan_report+0xdf/0x1d0 [ 1402.292583][T22327] ? fbcon_prepare_logo+0x94e/0xc60 [ 1402.292627][T22327] kasan_check_range+0x10f/0x1e0 [ 1402.292660][T22327] __asan_memcpy+0x23/0x60 [ 1402.292698][T22327] fbcon_prepare_logo+0x94e/0xc60 [ 1402.292743][T22327] fbcon_init+0x1065/0x1830 [ 1402.292786][T22327] visual_init+0x320/0x620 [ 1402.292836][T22327] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1402.292871][T22327] store_bind+0x609/0x730 [ 1402.292903][T22327] ? __pfx_store_bind+0x10/0x10 [ 1402.292931][T22327] dev_attr_store+0x58/0x80 [ 1402.292958][T22327] ? __pfx_dev_attr_store+0x10/0x10 [ 1402.292984][T22327] sysfs_kf_write+0xf2/0x150 [ 1402.293024][T22327] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1402.293059][T22327] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1402.293101][T22327] iter_file_splice_write+0x830/0x10a0 [ 1402.293141][T22327] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1402.293177][T22327] ? __pfx_copy_splice_read+0x10/0x10 [ 1402.293216][T22327] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1402.293250][T22327] direct_splice_actor+0x192/0x6c0 [ 1402.293283][T22327] splice_direct_to_actor+0x345/0xa30 [ 1402.293316][T22327] ? __pfx_direct_splice_actor+0x10/0x10 [ 1402.293350][T22327] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1402.293387][T22327] do_splice_direct+0x174/0x240 [ 1402.293419][T22327] ? __pfx_do_splice_direct+0x10/0x10 [ 1402.293458][T22327] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1402.293490][T22327] ? rw_verify_area+0xce/0x6d0 [ 1402.293516][T22327] do_sendfile+0xadc/0xe20 [ 1402.293545][T22327] ? __pfx_do_sendfile+0x10/0x10 [ 1402.293574][T22327] ? __x64_sys_futex+0x34f/0x4d0 [ 1402.293599][T22327] ? __x64_sys_futex+0x358/0x4d0 [ 1402.293626][T22327] __x64_sys_sendfile64+0x1d8/0x220 [ 1402.293660][T22327] ? ksys_read+0x1ac/0x250 [ 1402.293686][T22327] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1402.293722][T22327] ? rcu_is_watching+0x12/0xc0 [ 1402.293752][T22327] do_syscall_64+0x115/0x840 [ 1402.293787][T22327] ? clear_bhb_loop+0x40/0x90 [ 1402.293816][T22327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1402.293843][T22327] RIP: 0033:0x7fa42bb9ce59 [ 1402.293863][T22327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1402.293889][T22327] RSP: 002b:00007fa42c97e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1402.293912][T22327] RAX: ffffffffffffffda RBX: 00007fa42be16090 RCX: 00007fa42bb9ce59 [ 1402.293930][T22327] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 1402.293945][T22327] RBP: 00007fa42bc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1402.293961][T22327] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000000 [ 1402.293977][T22327] R13: 00007fa42be16128 R14: 00007fa42be16090 R15: 00007ffdaae60518 [ 1402.294001][T22327] [ 1402.294011][T22327] [ 1402.294018][T22327] Allocated by task 11231: [ 1402.294067][T22327] kasan_save_stack+0x30/0x50 [ 1402.294092][T22327] kasan_save_track+0x14/0x30 [ 1402.294114][T22327] __kasan_kmalloc+0xaa/0xb0 [ 1402.294136][T22327] __kmalloc_node_noprof+0x307/0x850 [ 1402.294184][T22327] alloc_slab_obj_exts+0xae/0x270 [ 1402.294218][T22327] __memcg_slab_post_alloc_hook+0x3c2/0xff0 [ 1402.294251][T22327] kmem_cache_alloc_noprof+0x58a/0x6e0 [ 1402.294289][T22327] alloc_buffer_head+0x21/0x140 [ 1402.294322][T22327] folio_alloc_buffers+0x194/0x8e0 [ 1402.294343][T22327] create_empty_buffers+0x3a/0x660 [ 1402.294364][T22327] folio_create_buffers+0x13b/0x1a0 [ 1402.294389][T22327] __block_write_begin_int+0x393/0x19c0 [ 1402.294414][T22327] iomap_write_begin+0x1664/0x2340 [ 1402.294451][T22327] iomap_file_buffered_write+0x48b/0xac0 [ 1402.294483][T22327] blkdev_write_iter+0x575/0xd70 [ 1402.294521][T22327] vfs_write+0x6ac/0x1070 [ 1402.294546][T22327] ksys_write+0x12a/0x250 [ 1402.294571][T22327] do_syscall_64+0x115/0x840 [ 1402.294604][T22327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1402.294628][T22327] [ 1402.294634][T22327] Freed by task 22230: [ 1402.294646][T22327] kasan_save_stack+0x30/0x50 [ 1402.294668][T22327] kasan_save_track+0x14/0x30 [ 1402.294691][T22327] kasan_save_free_info+0x3b/0x70 [ 1402.294725][T22327] __kasan_slab_free+0x5f/0x80 [ 1402.294749][T22327] kfree+0x223/0x6c0 [ 1402.294780][T22327] __free_slab+0x13d/0x220 [ 1402.294813][T22327] qlist_free_all+0x47/0xf0 [ 1402.294833][T22327] kasan_quarantine_reduce+0x1a0/0x1f0 [ 1402.294856][T22327] __kasan_slab_alloc+0x69/0x90 [ 1402.294881][T22327] kmem_cache_alloc_noprof+0x241/0x6e0 [ 1402.294919][T22327] jbd2__journal_start+0x194/0x6a0 [ 1402.294953][T22327] __ext4_journal_start_sb+0x36d/0x670 [ 1402.294976][T22327] ext4_dirty_inode+0xa1/0x130 [ 1402.295002][T22327] __mark_inode_dirty+0x1f3/0x1720 [ 1402.295024][T22327] file_update_time_flags+0x46b/0x500 [ 1402.295061][T22327] ext4_page_mkwrite+0x324/0x1890 [ 1402.295088][T22327] do_page_mkwrite+0x17a/0x440 [ 1402.295111][T22327] do_fault+0x3b5/0x1750 [ 1402.295139][T22327] __handle_mm_fault+0x187d/0x2a00 [ 1402.295173][T22327] handle_mm_fault+0x37b/0xa30 [ 1402.295206][T22327] do_user_addr_fault+0x5a3/0x12f0 [ 1402.295233][T22327] exc_page_fault+0x6f/0xd0 [ 1402.295263][T22327] asm_exc_page_fault+0x26/0x30 [ 1402.295285][T22327] [ 1402.295292][T22327] The buggy address belongs to the object at ffff888079c78d00 [ 1402.295292][T22327] which belongs to the cache kmalloc-192 of size 192 [ 1402.295312][T22327] The buggy address is located 48 bytes to the right of [ 1402.295312][T22327] allocated 192-byte region [ffff888079c78d00, ffff888079c78dc0) [ 1402.295338][T22327] [ 1402.295344][T22327] The buggy address belongs to the physical page: [ 1402.295362][T22327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x79c78 [ 1402.295386][T22327] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 1402.295439][T22327] page_type: f5(slab) [ 1402.295461][T22327] raw: 00fff00000000000 ffff88813fe303c0 dead000000000100 dead000000000122 [ 1402.295484][T22327] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1402.295499][T22327] page dumped because: kasan: bad access detected [ 1402.295517][T22327] page_owner tracks the page as allocated [ 1402.295527][T22327] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd2cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5844, tgid 5840 (syz.2.12), ts 103270030687, free_ts 103263640928 [ 1402.295569][T22327] post_alloc_hook+0xfd/0x120 [ 1402.295604][T22327] get_page_from_freelist+0x11a6/0x3410 [ 1402.295642][T22327] __alloc_frozen_pages_noprof+0x27c/0x2bc0 [ 1402.295680][T22327] new_slab+0xa6/0x6c0 [ 1402.295710][T22327] refill_objects+0x277/0x420 [ 1402.295745][T22327] __pcs_replace_empty_main+0x375/0x650 [ 1402.295782][T22327] __kmalloc_node_track_caller_noprof+0x694/0x850 [ 1402.295807][T22327] kmemdup_noprof+0x29/0x60 [ 1402.295829][T22327] lowpan_frags_init_net+0x113/0x3a0 [ 1402.295866][T22327] ops_init+0x1e2/0x5f0 [ 1402.295888][T22327] setup_net+0x118/0x3a0 [ 1402.295911][T22327] copy_net_ns+0x46f/0x7c0 [ 1402.295937][T22327] create_new_namespaces+0x3ea/0xac0 [ 1402.295965][T22327] unshare_nsproxy_namespaces+0xf2/0x220 [ 1402.295993][T22327] ksys_unshare+0x438/0xab0 [ 1402.296026][T22327] __x64_sys_unshare+0x31/0x40 [ 1402.296066][T22327] page last free pid 5843 tgid 5843 stack trace: [ 1402.296079][T22327] __free_frozen_pages+0x794/0x10a0 [ 1402.296112][T22327] rcu_core+0x5a2/0x10d0 [ 1402.296133][T22327] handle_softirqs+0x1ea/0xa00 [ 1402.296160][T22327] __irq_exit_rcu+0x162/0x210 [ 1402.296187][T22327] irq_exit_rcu+0x9/0x30 [ 1402.296214][T22327] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 1402.296246][T22327] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1402.296272][T22327] [ 1402.296278][T22327] Memory state around the buggy address: [ 1402.296291][T22327] ffff888079c78c80: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 1402.296309][T22327] ffff888079c78d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1402.296326][T22327] >ffff888079c78d80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 1402.296340][T22327] ^ [ 1402.296355][T22327] ffff888079c78e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 1402.296372][T22327] ffff888079c78e80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 1402.296401][T22327] ================================================================== [ 1402.404891][T22327] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1402.404917][T22327] CPU: 0 UID: 0 PID: 22327 Comm: syz.6.3276 Tainted: G L syzkaller #0 PREEMPT(full) [ 1402.404954][T22327] Tainted: [L]=SOFTLOCKUP [ 1402.404964][T22327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 1402.404980][T22327] Call Trace: [ 1402.404989][T22327] [ 1402.404999][T22327] dump_stack_lvl+0x100/0x190 [ 1402.405028][T22327] vpanic+0x552/0x970 [ 1402.405052][T22327] ? __pfx_vpanic+0x10/0x10 [ 1402.405079][T22327] ? mark_held_locks+0x40/0x70 [ 1402.405120][T22327] ? fbcon_prepare_logo+0x94e/0xc60 [ 1402.405158][T22327] panic+0xd1/0xe0 [ 1402.405181][T22327] ? __pfx_panic+0x10/0x10 [ 1402.405206][T22327] ? fbcon_prepare_logo+0x94e/0xc60 [ 1402.405244][T22327] ? preempt_schedule_common+0x42/0xc0 [ 1402.405283][T22327] check_panic_on_warn.cold+0x19/0x34 [ 1402.405309][T22327] end_report.part.0+0x3a/0x90 [ 1402.405345][T22327] kasan_report.cold+0xe/0x18 [ 1402.405381][T22327] ? fbcon_prepare_logo+0x94e/0xc60 [ 1402.405431][T22327] kasan_check_range+0x10f/0x1e0 [ 1402.405466][T22327] __asan_memcpy+0x23/0x60 [ 1402.405504][T22327] fbcon_prepare_logo+0x94e/0xc60 [ 1402.405551][T22327] fbcon_init+0x1065/0x1830 [ 1402.405594][T22327] visual_init+0x320/0x620 [ 1402.405620][T22327] do_bind_con_driver.isra.0+0x636/0x9c0 [ 1402.405655][T22327] store_bind+0x609/0x730 [ 1402.405690][T22327] ? __pfx_store_bind+0x10/0x10 [ 1402.405718][T22327] dev_attr_store+0x58/0x80 [ 1402.405744][T22327] ? __pfx_dev_attr_store+0x10/0x10 [ 1402.405770][T22327] sysfs_kf_write+0xf2/0x150 [ 1402.405811][T22327] kernfs_fop_write_iter+0x3e0/0x5f0 [ 1402.405847][T22327] ? __pfx_sysfs_kf_write+0x10/0x10 [ 1402.405888][T22327] iter_file_splice_write+0x830/0x10a0 [ 1402.405929][T22327] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1402.405965][T22327] ? __pfx_copy_splice_read+0x10/0x10 [ 1402.406003][T22327] ? __pfx_iter_file_splice_write+0x10/0x10 [ 1402.406037][T22327] direct_splice_actor+0x192/0x6c0 [ 1402.406070][T22327] splice_direct_to_actor+0x345/0xa30 [ 1402.406103][T22327] ? __pfx_direct_splice_actor+0x10/0x10 [ 1402.406137][T22327] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 1402.406174][T22327] do_splice_direct+0x174/0x240 [ 1402.406206][T22327] ? __pfx_do_splice_direct+0x10/0x10 [ 1402.406238][T22327] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 1402.406270][T22327] ? rw_verify_area+0xce/0x6d0 [ 1402.406296][T22327] do_sendfile+0xadc/0xe20 [ 1402.406326][T22327] ? __pfx_do_sendfile+0x10/0x10 [ 1402.406355][T22327] ? __x64_sys_futex+0x34f/0x4d0 [ 1402.406380][T22327] ? __x64_sys_futex+0x358/0x4d0 [ 1402.406407][T22327] __x64_sys_sendfile64+0x1d8/0x220 [ 1402.406447][T22327] ? ksys_read+0x1ac/0x250 [ 1402.406474][T22327] ? __pfx___x64_sys_sendfile64+0x10/0x10 [ 1402.406510][T22327] ? rcu_is_watching+0x12/0xc0 [ 1402.406541][T22327] do_syscall_64+0x115/0x840 [ 1402.406577][T22327] ? clear_bhb_loop+0x40/0x90 [ 1402.406605][T22327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1402.406631][T22327] RIP: 0033:0x7fa42bb9ce59 [ 1402.406653][T22327] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1402.406678][T22327] RSP: 002b:00007fa42c97e028 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 1402.406703][T22327] RAX: ffffffffffffffda RBX: 00007fa42be16090 RCX: 00007fa42bb9ce59 [ 1402.406720][T22327] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000005 [ 1402.406736][T22327] RBP: 00007fa42bc32d6f R08: 0000000000000000 R09: 0000000000000000 [ 1402.406752][T22327] R10: 000000000000000a R11: 0000000000000246 R12: 0000000000000000 [ 1402.406768][T22327] R13: 00007fa42be16128 R14: 00007fa42be16090 R15: 00007ffdaae60518 [ 1402.406793][T22327] [ 1402.406873][T22327] Kernel Offset: disabled