last executing test programs: 9.108049689s ago: executing program 2 (id=3185): r0 = socket(0x11, 0x80003, 0x300) mmap$auto(0xffffffffffffffff, 0x20009, 0x200009, 0x40000000000eb1, r0, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x9, 0x8, 0x800000003, 0xeb1, 0xfffffffffffffffa, 0x4000000) socket(0xa, 0x1, 0x84) pipe2$auto(0x0, 0x80) socket(0xa, 0x801, 0x84) mmap$auto(0x0, 0x20006, 0x4000000000db, 0xeb5, r0, 0x6) r1 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sg0\x00', 0x28641, 0x0) write$auto(r1, 0x0, 0x101) ioctl$auto_SG_GET_NUM_WAITING(r1, 0x227d, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xd, 0x0, 0x8) socket(0x18, 0x3, 0x2) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_enter$auto(0xffffffffffffffff, 0x7, 0x2, 0x10, 0x0, 0xf2a7214) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) open(&(0x7f0000000040)='./file0\x00', 0x202100, 0x6) fcntl$auto(0x0, 0x408, 0x100000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) 7.804849502s ago: executing program 0 (id=3191): openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x48140, 0x0) io_uring_setup$auto(0x1, 0x0) sendfile$auto(0x1, 0x3, 0x0, 0xa) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) mmap$auto(0x0, 0x30009, 0x4000000000df, 0x4000eb1, 0x401, 0x8000) unshare$auto(0x40000080) r1 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/geneve0/disable_policy\x00', 0x40180, 0x0) close_range$auto(0x2, 0x8, 0x0) semctl$auto(0xa, 0x2, 0x13, 0xde) r2 = socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x4c, 0x0, 0x9) recvmmsg$auto(0x3, 0x0, 0x80000401, 0x4000, 0x0) write$auto(r1, 0x0, 0x5) r3 = socket(0x11, 0xa, 0x9) bind$auto(r3, &(0x7f0000000140)=@in={0x2, 0x4e21, @dev={0xac, 0x14, 0x14, 0x38}}, 0x9) sendmsg$auto_OVS_FLOW_CMD_SET(r2, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x90}, 0x10) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_generic(0xffffffffffffff9c, &(0x7f0000000000)='/proc/kpagecount\x00', 0x0, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x1000}, 0x100000007) select$auto(0x4, 0x0, 0x0, 0x0, 0x0) r4 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000180)='/dev/bus/usb/036/001\x00', 0xa901, 0x0) ioctl$auto_USBDEVFS_SUBMITURB(r4, 0x8038550a, &(0x7f0000000300)={0x2, 0x0, 0x8000004, 0x81, &(0x7f0000000040), 0x100400, 0x2d, 0x9, @number_of_packets=0xfffffff7, 0x456, 0x0, 0x0}) close_range$auto(0x2, 0x8, 0x0) 7.595089895s ago: executing program 2 (id=3192): r0 = openat$auto_sg_fops_sg(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/sg0\x00', 0x20ca00, 0x0) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000040)) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000180)='/proc/thread-self/oom_adj\x00', 0x48402, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x400004, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, r3) mmap$auto(0x2000, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) r4 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r4, 0xc0606610, &(0x7f000000c380)={0x60, 0x0, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x1, 0x8, 0xbff, 0x2c, 0x2c, 0x3, 0x2}) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r1, 0x40045010, &(0x7f0000000080)) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x8001, 0x0) write$auto(r5, &(0x7f0000000100)='d>*\xd2x\xc7\xbf\xff\x9a\xc01(\x00iM\x9c\bAa\x9e\xe98\xee\x15\xd3\xc5v\x99\f|\xe3\xbf\xd9\xf4C\x14A\xe6k\x105\xee\xc5\xaa$\x16\t?g\xb8b\x12\v*\xf9@B\xd0\xd2\x99{\x8b^\xff@\x83\x02Tvt\xc1_\x98\x9f\x16\xd5Is', 0x100000a3da) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) mlockall$auto(0x800000000000005) msync$auto(0x1ffff000, 0x1800000ff000000, 0x400000004) r6 = openat$auto_proc_pid_smaps_operations_internal(0xffffffffffffff9c, &(0x7f0000000b00)='/proc/self/smaps\x00', 0x42000, 0x0) read$auto_proc_pid_smaps_operations_internal(r6, &(0x7f00000002c0)=""/190, 0xfffffe39) ioctl$auto_SCSI_IOCTL_SEND_COMMAND2(r0, 0x1, &(0x7f0000000000)="1404000000000000a5") 6.318138618s ago: executing program 0 (id=3196): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0xfc000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x15, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) waitid$auto_P_PID(0x1, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0xff) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) setgroups$auto(0xe32, 0x0) 5.325469876s ago: executing program 3 (id=3198): mmap$auto(0x0, 0x1, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card0\x00', 0x0, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/nbd12\x00', 0x6600, 0x0) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder0\x00', 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) socket(0x2, 0x2, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x181040, 0x0) openat$auto_tracing_saved_cmdlines_fops_trace(0xffffffffffffff9c, 0x0, 0x48400, 0x0) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0) pipe$auto(0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_udc.0/udc/dummy_udc.0/maximum_speed\x00', 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x669400, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/net/route\x00', 0x8a080, 0x0) socketpair$auto(0x800001, 0x2, 0x615e, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = socket(0xa, 0x801, 0x84) getsockopt$auto(r1, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r0) 5.324635773s ago: executing program 1 (id=3206): r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x400000000000001, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) madvise$auto(0x0, 0x200007, 0x19) io_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x1, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) socketpair$auto(0x6517, 0xfc, 0x404, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000140)="3318cb") write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004810}, 0x800) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x1, 0x84) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) openat$auto_msr_fops_msr(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cpu/0/msr\x00', 0xf82, 0x0) pipe$auto(0x0) unshare$auto(0x40000080) setsockopt$auto(0x3, 0x10000000084, 0x7b, 0x0, 0xd) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x4, 0x0, 0x4, 0x0, 0x5, 0x7}, 0x8}, 0x4000000, 0x4b) open(0x0, 0x80a40, 0x9e) 5.240274668s ago: executing program 0 (id=3199): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) msgctl$auto_MSG_STAT(0x2, 0xb, &(0x7f00000002c0)={{0x4, 0x0, 0x0, 0x9, 0x5, 0xffffff68, 0x4}, &(0x7f00000001c0)=0x9, &(0x7f0000000200)=0x8, 0x10, 0x7, 0x3, 0x46, 0x7, 0x6, 0x9f5, 0x22f3, @raw=0xffff7fff, @raw=0x64}) setresuid$auto(0x0, 0x0, r1) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto(r6, &(0x7f0000000240)=',-\t', 0x2000008008) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r5, @ANYBLOB="0108"], 0x18}, 0x1, 0x0, 0x0, 0x40014}, 0x0) getpgid$auto(0x0) r7 = socket(0x2, 0x801, 0x106) setsockopt$auto(r7, 0x6, 0x12, 0x0, 0xa1) r8 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x8203, 0x0) write$auto_fops_u32_ro_(r3, &(0x7f0000000340)="94a41b209e6c5b7129366690078107967414885026d57de7480d4fb9d07ffd27684d264fe71cd1b16add3e8e35349360441319de1828b9d89d92c52c81ce6a333509ae957ff6a041eb3aae5c6291013031250b218b60c0baeb8f6fc02e15566a03655edd535fbf76ded6497c4366473061ebea3066c21813a69ad85e97297601a699c13287b2c44e7c42b985230cd83d89f9932e2ac902d4572b880a93231b5603d5569b4ead8f6c960fe0576c396cf844ae2e4b9cfd1f842e9e38365fb12681eb870bde", 0xc4) ioctl$auto(r8, 0x80046f45, 0x38) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) r9 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r9, &(0x7f0000000100), 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 4.918266572s ago: executing program 3 (id=3200): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x4, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_tomoyo_self_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000100), 0x50800, 0x0) prctl$auto_PR_SET_MM_ARG_START(0x800, 0x8, 0x0, 0x100, 0x1a799b5b) r0 = epoll_create$auto(0x3e) epoll_ctl$auto(r0, 0x1, 0x8000000000000000, 0x0) read$auto(r0, 0x0, 0x8080) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/binder/parameters/stop_on_user_error\x00', 0x2, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, &(0x7f0000000100)='1', 0x1) unshare$auto(0x40000080) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/firmware/memmap/2/type\x00', 0x18b740, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000000)=""/112, 0x70) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) mmap$auto(0x0, 0x2020006, 0xa, 0xeb1, 0xfffffffffffffffa, 0x8000) r3 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x0, 0x0) ioctl$auto_OSS_GETVERSION2(r3, 0x80044d76, &(0x7f0000000080)) r4 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0xc0000, 0x0) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)={0x408000, 0x110, 0x8}, 0x18) statx$auto(r5, 0x0, 0x1000, 0x8, 0x0) pread64$auto(r4, 0x0, 0x7ff, 0x800) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) statmount$auto(0x0, &(0x7f0000000180)={0x8, 0x3, 0x1ff, 0x1001, 0x1, 0x717e, 0x0, 0x7, 0xf6b, 0xd, 0x2, 0x4080001, 0x4, 0x1ffffffffffd, 0x224a, 0xfffffffffffffffe, 0x7, 0x6, 0x7f, 0x3ff, 0x1, 0xa, 0x4, 0x200, 0x6, 0x84, 0x3, 0x0, 0x0, 0x0, 0xfffffffc, [0x56, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0xffffffff80000000, 0x0, 0x42, 0xfffffffffffffffe, 0x4, 0x0, 0x0, 0x8, 0x4, 0x400, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x5, 0x14, 0x0, 0x1000000, 0x0, 0x0, 0xfffffffffffffffc, 0x83, 0x1, 0x6, 0x0, 0x0, 0x7, 0x6, 0xffffffffffffffff, 0x3]}, 0x1fe, 0xd) r6 = openat$auto__ctl_fops_dm_ioctl(0xffffffffffffff9c, &(0x7f00000003c0), 0x1541, 0x0) ioctl$auto__ctl_fops_dm_ioctl(r6, 0xfffffffffffffd03, 0x0) 4.546497333s ago: executing program 2 (id=3201): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) msgctl$auto_MSG_STAT(0x2, 0xb, &(0x7f00000002c0)={{0x4, 0x0, 0x0, 0x9, 0x5, 0xffffff68, 0x4}, &(0x7f00000001c0)=0x9, &(0x7f0000000200)=0x8, 0x10, 0x7, 0x3, 0x46, 0x7, 0x6, 0x9f5, 0x22f3, @raw=0xffff7fff, @raw=0x64}) setresuid$auto(0x0, 0x0, r1) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto(r6, &(0x7f0000000240)=',-\t', 0x2000008008) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r5, @ANYBLOB="0108"], 0x18}, 0x1, 0x0, 0x0, 0x40014}, 0x0) getpgid$auto(0x0) r7 = socket(0x2, 0x801, 0x106) setsockopt$auto(r7, 0x6, 0x12, 0x0, 0xa1) r8 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x8203, 0x0) write$auto_fops_u32_ro_(r3, &(0x7f0000000340)="94a41b209e6c5b7129366690078107967414885026d57de7480d4fb9d07ffd27684d264fe71cd1b16add3e8e35349360441319de1828b9d89d92c52c81ce6a333509ae957ff6a041eb3aae5c6291013031250b218b60c0baeb8f6fc02e15566a03655edd535fbf76ded6497c4366473061ebea3066c21813a69ad85e97297601a699c13287b2c44e7c42b985230cd83d89f9932e2ac902d4572b880a93231b5603d5569b4ead8f6c960fe0576c396cf844ae2e4b9cfd1f842e9e38365fb12681eb870bde", 0xc4) ioctl$auto(r8, 0x80046f45, 0x38) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) msync$auto(0x1ffff091, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) r9 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r9, &(0x7f0000000100), 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 4.283745538s ago: executing program 1 (id=3202): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x460805, 0x0) writev$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r1 = epoll_create$auto(0x70c) epoll_ctl$auto(r1, 0x1, 0xffffffffffffffff, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x40006) arch_prctl$auto_ARCH_MAP_VDSO_64(0x2003, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2ac842, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x400000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={0x0, 0x1000}, 0x3) 4.015245731s ago: executing program 3 (id=3203): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) setsockopt$auto(0x3, 0x0, 0x28, 0xfffffffffffffffc, 0x70) write$auto(0x3, 0x0, 0x1) write$auto(0x3, 0x0, 0xfffffdef) setresuid$auto(0x0, 0x0, 0xee01) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nfsd(0x0, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r1 = fanotify_init$auto(0x5, 0x0) fanotify_mark$auto(r1, 0x205, 0xa, 0x4, 0x0) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x7111}, 0x8) r2 = socket(0x10, 0x2, 0x0) r3 = openat$auto_bdi_debug_stats_fops_(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/bdi/43:256/stats\x00', 0x20002, 0x0) read$auto_bdi_debug_stats_fops_(r3, &(0x7f0000000040)=""/69, 0x45) bind$auto(r2, 0x0, 0x6b) prctl$auto_PR_TASK_PERF_EVENTS_DISABLE(0x1f, 0x5, 0x7000000000, 0x978f, 0x7) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) write$auto(0x3, 0x0, 0x100000000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) 3.815713069s ago: executing program 0 (id=3204): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x106) bind$auto(0x3, 0x0, 0x8) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x28, 0x5, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x1, 0x1, 0x25, &(0x7f0000000000)='\x00', 0x4) shutdown$auto(0x200000003, 0x400002) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) prctl$auto(0x43, 0xe, 0x0, 0x0, 0x0) mlockall$auto(0x7) bind$auto(r0, &(0x7f0000000040)=@in={0x2, 0x3, @multicast2}, 0x6a) prctl$auto(0x23, 0x2, 0x7fffffffefff, 0x0, 0x0) sendmsg$auto_L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1400000053"], 0x14}, 0x1, 0x0, 0x0, 0x40000}, 0x400c004) read$auto_snd_seq_f_ops_seq_clientmgr(r1, &(0x7f00000000c0), 0x0) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x10, 0x2, 0x0) semctl$auto(0x1ff, 0x2, 0x13, 0x1) openat$auto_zero_fops_mem(0xffffffffffffff9c, &(0x7f0000000000), 0x60000, 0x0) 3.785336434s ago: executing program 2 (id=3205): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0x27, 0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[], 0x14}}, 0x24048004) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/pagemap\x00', 0x0, 0x0) r2 = getpid() io_getevents$auto(0x24, 0xffffffff, 0x4, 0x0, 0xfffffffffffffffd) r3 = socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x4, 0x5, 0xebe, 0xfffffffffffffffa, 0x8000) futex_wake$auto(0x0, 0x9, 0xffffffff, 0xa) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_LINKINFO_GET(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000300)={0x14, r4, 0x820, 0x70bd26, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x4044054) waitid$auto_P_PID(0x1, r2, 0x0, 0x1, &(0x7f0000000340)={{0x1, 0x8}, {0x8000000, 0x9}, 0x8, 0x6, 0x8, 0x1, 0x9, 0x6, 0x69, 0x3, 0x6, 0x0, 0x2, 0x37, 0x4, 0x6}) mmap$auto(0x0, 0x200006, 0x2, 0x40eb1, 0x602, 0x300000000000) madvise$auto(0x0, 0xffffffffffff0005, 0x19) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/self/smaps_rollup\x00', 0x40000, 0x0) 3.469361523s ago: executing program 3 (id=3207): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/pci0000:00/0000:00:03.0/resource1\x00', 0x0, 0x0) mmap$auto(0x0, 0x3, 0x1000000000001, 0x8000000008011, 0x3, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x2b, 0x1, 0x0) listen$auto(0x3, 0x81) ioctl$auto(0x3, 0x8905, 0x38) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x3, 0x3ff) madvise$auto(0x0, 0x240007, 0x19) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={0x0}}, 0x24048084) madvise$auto(0x0, 0x200007, 0x19) userfaultfd$auto(0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0xc0400, 0x0) openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) close_range$auto(0x2, 0x8, 0x0) 3.169043292s ago: executing program 1 (id=3208): r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000200)='/dev/tty17\x00', 0x20001, 0x0) write$auto_tty_fops_tty_io(r0, &(0x7f0000000380)="976f09bd68850edbe36136c8dda8a7f1165cca065833fd9b640f0000000000f6c02b55fba44503225c5a3b744483659ef0c4613e29c45e81dc254bfbf94d8d9ee2ab6b2bd118171e0f8b5196a37d4a987e883f68f01b0da50221d5e9bc0b0d91a686f83437ebf120bea1748257fd60f911f4", 0x72) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14ab3f) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0xe1d2b27bdc14aabc) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/bus/pci/resource_alignment\x00', 0x8ea182, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/block/loop10/mq/0/nr_tags\x00', 0x20000, 0x0) mount_setattr$auto(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000640)={0x10002c, 0x7f, 0x0, @inferred=r1}, 0x287) close_range$auto(0x0, 0xffffffffffffffff, 0x2) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto_BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000040)=@bpf_attr_7={@start_id=0x7, 0x2, 0x10000, r2}, 0xac) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x8000, 0x0) close_range$auto(r3, r3, 0x6) r4 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/icmp/ratemask\x00', 0xa0202, 0x0) sendfile$auto(r4, r4, 0x0, 0x1) socket(0x2, 0x801, 0x106) unshare$auto(0x40000080) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/usb/usbmon/9t\x00', 0xa00, 0x0) openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/debug/usb/usbmon/36u\x00', 0x26040, 0x0) 2.809798372s ago: executing program 1 (id=3209): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x460805, 0x0) writev$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r1 = epoll_create$auto(0x70c) epoll_ctl$auto(r1, 0x1, 0xffffffffffffffff, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x40006) arch_prctl$auto_ARCH_MAP_VDSO_64(0x2003, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2ac842, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x400000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={0x0, 0x1000}, 0x3) 2.103947316s ago: executing program 2 (id=3210): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x460805, 0x0) writev$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000340)=""/42, 0x2a) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r1 = epoll_create$auto(0x70c) epoll_ctl$auto(r1, 0x1, 0xffffffffffffffff, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x40006) arch_prctl$auto_ARCH_MAP_VDSO_64(0x2003, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2ac842, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x400000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={0x0, 0x1000}, 0x3) 1.831890989s ago: executing program 1 (id=3211): r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/mtrr\x00', 0x301000, 0x0) socket(0x22, 0x3, 0x0) ioctl$auto(r1, 0x40104d01, r1) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f0000000340), 0x189400, 0x0) pwrite64$auto(r0, &(0x7f0000000000)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x88\xa8s\x1c\b\x06\x8a>)\x14\r>\x94\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xf9\xa4\xf8\x15\x02l@\x18*\xc0\xc1\xf2\x14^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2', 0x4e, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r2 = openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/usbmon0\x00', 0x0, 0x0) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, 0x0) ioctl$auto_MON_IOCX_MFETCH(r2, 0xc0109207, &(0x7f0000000100)={0x0, 0x2000004, 0x7}) pread64$auto(r2, 0x0, 0x7ff, 0xd) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/037/001\x00', 0x20882, 0x0) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/virtual/block/ram4/queue/nr_zones\x00', 0x17003, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r3, &(0x7f0000000000)='\x00', 0x1) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x17) 1.324797755s ago: executing program 3 (id=3212): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, 0x0, 0x50) r0 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) r1 = socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(r1, r0, 0x5) mlockall$auto(0x7) mmap$auto(0x0, 0x6, 0x2, 0x40eb2, 0xffffffffffffffff, 0x308000000000) r2 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/net/ipv6/conf/dummy0/addr_gen_mode\x00', 0x1, 0x0) pwrite64$auto(r2, 0x0, 0x0, 0x2000000000040007) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) tgkill$auto(0x0, 0x0, 0x11) readv$auto(0x3, 0x0, 0x7) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x2003f2, 0x15) 1.122694707s ago: executing program 1 (id=3213): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0xa, 0xfc000000) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) sysfs$auto(0x2, 0x15, 0x0) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) waitid$auto_P_PID(0x1, 0x0, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0xff) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r1 = socket(0x1e, 0x4, 0x0) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r1, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r1, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) setgroups$auto(0xe32, 0x0) 975.219928ms ago: executing program 2 (id=3214): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ram5\x00', 0x1eba02, 0x0) msgctl$auto_MSG_STAT(0x2, 0xb, &(0x7f00000002c0)={{0x4, 0x0, 0x0, 0x9, 0x5, 0xffffff68, 0x4}, &(0x7f00000001c0)=0x9, &(0x7f0000000200)=0x8, 0x10, 0x7, 0x3, 0x46, 0x7, 0x6, 0x9f5, 0x22f3, @raw=0xffff7fff, @raw=0x64}) setresuid$auto(0x0, 0x0, r1) ioctl$auto_BLKALIGNOFF(r0, 0x127a, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r3 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/devices/virtual/mtd/mtd0/bitflip_threshold\x00', 0x2062, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000002680), 0xffffffffffffffff) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/module/block2mtd/parameters/block2mtd\x00', 0x601, 0x0) write$auto(r6, &(0x7f0000000240)=',-\t', 0x2000008008) sendmsg$auto_IPVS_CMD_DEL_DAEMON(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="18000000", @ANYRES16=r5, @ANYBLOB="0108"], 0x18}, 0x1, 0x0, 0x0, 0x40014}, 0x0) getpgid$auto(0x0) r7 = socket(0x2, 0x801, 0x106) setsockopt$auto(r7, 0x6, 0x12, 0x0, 0xa1) r8 = openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000080), 0x8203, 0x0) write$auto_fops_u32_ro_(r3, &(0x7f0000000340)="94a41b209e6c5b7129366690078107967414885026d57de7480d4fb9d07ffd27684d264fe71cd1b16add3e8e35349360441319de1828b9d89d92c52c81ce6a333509ae957ff6a041eb3aae5c6291013031250b218b60c0baeb8f6fc02e15566a03655edd535fbf76ded6497c4366473061ebea3066c21813a69ad85e97297601a699c13287b2c44e7c42b985230cd83d89f9932e2ac902d4572b880a93231b5603d5569b4ead8f6c960fe0576c396cf844ae2e4b9cfd1f842e9e38365fb12681eb870bde", 0xc4) ioctl$auto(r8, 0x80046f45, 0x38) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) mmap$auto(0x0, 0x7f, 0xdf, 0x9b72, 0x2, 0x8000) r9 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, 0x0, 0x2, 0x0) write$auto_tomoyo_operations_securityfs_if(r9, &(0x7f0000000100), 0x0) sendfile$auto(0x3, 0x3, 0x0, 0x400000000006) 775.515416ms ago: executing program 0 (id=3215): mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) openat$auto_tap_fops_tap(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000004240)={0x0, 0x0, &(0x7f0000004200)={&(0x7f0000000140)={0x20, 0x0, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@HWSIM_ATTR_PMSR_SUPPORT={0xc, 0x1a, 0x0, 0x1, [@NL80211_PMSR_ATTR_TYPE_CAPA={0x8, 0x4, 0x0, 0x1, [@NL80211_PMSR_TYPE_FTM={0x4}]}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40c8}, 0x4048000) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) ioctl$auto(r1, 0x4018620d, 0x9) openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000000000)='/dev/binderfs/binder1\x00', 0x1, 0x0) socket(0x10, 0x2, 0x6) socketpair$auto(0x5, 0x5, 0x6, 0x0) close_range$auto(0x2, 0x8, 0x0) open(0x0, 0x22240, 0x55) socket(0x2, 0x3, 0xa) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x8) connect$auto(0x3, &(0x7f00000018c0)=@l2tp={0x2, 0x0, @multicast1}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0xe000) setrlimit$auto(0xb, 0x0) getpid() openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.2/usb3/3-0:1.0/authorized\x00', 0x220080, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x2) fanotify_init$auto(0x400, 0x2000000000002) r2 = open(&(0x7f0000000000)='./file0\x00', 0x165b42, 0xe1d2b27bdc14aa98) fanotify_mark$auto(0x400000000000, 0x105, 0xf2b, r2, 0x0) 438.019656ms ago: executing program 3 (id=3216): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x460805, 0x0) writev$auto(r0, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(r0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r1 = epoll_create$auto(0x70c) epoll_ctl$auto(r1, 0x1, 0xffffffffffffffff, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x40006) arch_prctl$auto_ARCH_MAP_VDSO_64(0x2003, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2ac842, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x400000) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r3, &(0x7f0000000080)={0x0, 0x1000}, 0x3) 0s ago: executing program 0 (id=3217): writev$auto(0xffffffffffffffff, 0x0, 0x3) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) read$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffffff, &(0x7f0000000340)=""/42, 0x2a) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) socketpair$auto(0x1e, 0x2, 0x8000000000000000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) sendfile$auto(0x1, 0x3, 0x0, 0x7ffff000) r0 = epoll_create$auto(0x70c) epoll_ctl$auto(r0, 0x1, 0xffffffffffffffff, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x40006) arch_prctl$auto_ARCH_MAP_VDSO_64(0x2003, 0x8) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x2ac842, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) move_pages$auto(0x0, 0x4, 0x0, 0x0, 0x0, 0x400000) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/system/node/node1/compact\x00', 0xc2481, 0x0) writev$auto(r2, &(0x7f0000000080)={0x0, 0x1000}, 0x3) kernel console output (not intermixed with test programs): 8 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 195.178760][ T7461] RSP: 002b:00007f95f81b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 195.178789][ T7461] RAX: ffffffffffffffda RBX: 00007f95f7615fa0 RCX: 00007f95f739c819 [ 195.178809][ T7461] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 195.178827][ T7461] RBP: 00007f95f7432c91 R08: 0000000000000000 R09: 0000000000000000 [ 195.178844][ T7461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 195.178861][ T7461] R13: 00007f95f7616038 R14: 00007f95f7615fa0 R15: 00007ffe56466cb8 [ 195.178903][ T7461] [ 196.801675][ T7488] netlink: 93 bytes leftover after parsing attributes in process `syz.3.353'. [ 198.048403][ T7507] netlink: 12 bytes leftover after parsing attributes in process `syz.0.367'. [ 198.275424][ T7510] hub 1-0:1.0: USB hub found [ 198.284250][ T7510] hub 1-0:1.0: 1 port detected [ 199.134991][ T7522] netlink: 93 bytes leftover after parsing attributes in process `syz.3.363'. [ 199.325459][ T7526] netlink: 93 bytes leftover after parsing attributes in process `syz.3.364'. [ 199.449419][ T7528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.365'. [ 199.503075][ T7528] netlink: 'syz.2.365': attribute type 2 has an invalid length. [ 199.542538][ T7528] netlink: 'syz.2.365': attribute type 3 has an invalid length. [ 199.551168][ T7528] netlink: 51505 bytes leftover after parsing attributes in process `syz.2.365'. [ 199.562518][ T7528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.365'. [ 201.093116][ T5831] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 201.303876][ T7569] netlink: 93 bytes leftover after parsing attributes in process `syz.3.374'. [ 201.798949][ T7577] netlink: 93 bytes leftover after parsing attributes in process `syz.2.376'. [ 204.577518][ T7629] netlink: 93 bytes leftover after parsing attributes in process `syz.3.389'. [ 204.748637][ T5831] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 205.945291][ T7658] netlink: 93 bytes leftover after parsing attributes in process `syz.1.396'. [ 206.503927][ T7667] netlink: 93 bytes leftover after parsing attributes in process `syz.1.399'. [ 211.672293][ T7757] netlink: 93 bytes leftover after parsing attributes in process `syz.3.419'. [ 212.097154][ T5144] Bluetooth: hci2: command 0x0406 tx timeout [ 212.105512][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 212.111712][ T5841] Bluetooth: hci3: command 0x0406 tx timeout [ 212.118093][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 212.552796][ T7772] netlink: 25 bytes leftover after parsing attributes in process `syz.2.423'. [ 213.082069][ T7780] random: crng reseeded on system resumption [ 213.505596][ T7779] zswap: compressor not available [ 213.637525][ T7791] netlink: 28 bytes leftover after parsing attributes in process `syz.2.427'. [ 213.723830][ T7791] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 213.775506][ T7791] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 213.924757][ T7791] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 213.998752][ T7791] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 214.034904][ T7799] netlink: 93 bytes leftover after parsing attributes in process `syz.0.429'. [ 214.064398][ T7801] netlink: 202 bytes leftover after parsing attributes in process `syz.1.430'. [ 214.471045][ T7813] netlink: 4 bytes leftover after parsing attributes in process `syz.3.434'. [ 214.512358][ T7813] netlink: 354 bytes leftover after parsing attributes in process `syz.3.434'. [ 216.795411][ T7842] FAULT_INJECTION: forcing a failure. [ 216.795411][ T7842] name failslab, interval 1, probability 0, space 0, times 0 [ 216.812927][ T7842] CPU: 0 UID: 0 PID: 7842 Comm: syz.3.440 Not tainted syzkaller #0 PREEMPT(full) [ 216.812965][ T7842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 216.812981][ T7842] Call Trace: [ 216.812991][ T7842] [ 216.813003][ T7842] dump_stack_lvl+0x100/0x190 [ 216.813058][ T7842] should_fail_ex.cold+0x5/0xa [ 216.813096][ T7842] ? drm_atomic_state_init+0xf4/0x490 [ 216.813136][ T7842] should_failslab+0xc2/0x120 [ 216.813171][ T7842] __kmalloc_noprof+0xe0/0x850 [ 216.813228][ T7842] drm_atomic_state_init+0xf4/0x490 [ 216.813270][ T7842] ? kasan_save_track+0x14/0x30 [ 216.813303][ T7842] drm_atomic_state_alloc+0xd3/0x120 [ 216.813357][ T7842] drm_client_modeset_commit_atomic+0xcc/0x7e0 [ 216.813407][ T7842] ? trace_contention_end+0x140/0x180 [ 216.813454][ T7842] ? __mutex_lock+0x26a/0x1b90 [ 216.813489][ T7842] ? __mutex_lock+0x26a/0x1b90 [ 216.813523][ T7842] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 216.813572][ T7842] ? drm_master_internal_acquire+0x21/0x80 [ 216.813659][ T7842] drm_client_modeset_commit_locked+0x14d/0x580 [ 216.813714][ T7842] drm_client_modeset_commit+0x4f/0x80 [ 216.813764][ T7842] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 216.813819][ T7842] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 216.813869][ T7842] drm_fbdev_client_restore+0x1b/0x30 [ 216.813908][ T7842] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 216.813947][ T7842] drm_client_dev_restore+0x205/0x2a0 [ 216.814002][ T7842] drm_release+0x2c6/0x360 [ 216.814048][ T7842] ? __pfx_drm_release+0x10/0x10 [ 216.814089][ T7842] __fput+0x3ff/0xb40 [ 216.814138][ T7842] task_work_run+0x150/0x240 [ 216.814185][ T7842] ? __pfx_task_work_run+0x10/0x10 [ 216.814244][ T7842] exit_to_user_mode_loop+0x100/0x4a0 [ 216.814287][ T7842] do_syscall_64+0x668/0xf80 [ 216.814324][ T7842] ? clear_bhb_loop+0x40/0x90 [ 216.814362][ T7842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.814392][ T7842] RIP: 0033:0x7f95f739c819 [ 216.814416][ T7842] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 216.814442][ T7842] RSP: 002b:00007f95f8195028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 216.814468][ T7842] RAX: 0000000000000000 RBX: 00007f95f7616090 RCX: 00007f95f739c819 [ 216.814485][ T7842] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 216.814501][ T7842] RBP: 00007f95f7432c91 R08: 0000000000000000 R09: 0000000000000000 [ 216.814519][ T7842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 216.814536][ T7842] R13: 00007f95f7616128 R14: 00007f95f7616090 R15: 00007ffe56466cb8 [ 216.814579][ T7842] [ 217.680939][ T7850] netlink: 93 bytes leftover after parsing attributes in process `syz.0.442'. [ 217.901805][ T7852] netlink: 93 bytes leftover after parsing attributes in process `syz.0.444'. [ 218.158832][ T7857] netlink: 28 bytes leftover after parsing attributes in process `syz.0.445'. [ 218.207118][ T7857] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.250986][ T7857] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.318349][ T7857] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.487165][ T7857] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 220.378457][ T7888] netlink: 93 bytes leftover after parsing attributes in process `syz.2.452'. [ 220.805749][ T7894] netlink: 93 bytes leftover after parsing attributes in process `syz.1.453'. [ 224.450309][ T7944] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 227.002578][ T8001] can: request_module (can-proto-5) failed. [ 227.096362][ T8001] netlink: 186 bytes leftover after parsing attributes in process `syz.2.478'. [ 227.547405][ T8015] futex_wake_op: syz.2.480 tries to shift op by -2048; fix this program [ 227.851400][ T8022] netlink: 93 bytes leftover after parsing attributes in process `syz.0.482'. [ 228.199975][ T8029] netlink: 4 bytes leftover after parsing attributes in process `syz.0.484'. [ 228.229258][ T8029] netlink: 'syz.0.484': attribute type 2 has an invalid length. [ 228.247628][ T8029] netlink: 'syz.0.484': attribute type 3 has an invalid length. [ 228.265650][ T8029] netlink: 51505 bytes leftover after parsing attributes in process `syz.0.484'. [ 228.286150][ T8029] netlink: 4 bytes leftover after parsing attributes in process `syz.0.484'. [ 229.102247][ T8046] netlink: 93 bytes leftover after parsing attributes in process `syz.2.489'. [ 229.779078][ T8051] netlink: 8 bytes leftover after parsing attributes in process `syz.2.491'. [ 230.012781][ T8057] netlink: 93 bytes leftover after parsing attributes in process `syz.2.493'. [ 230.649474][ T30] audit: type=1800 audit(1775464033.901:7): pid=8066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.496" name="lu_gp_id" dev="configfs" ino=18304 res=0 errno=0 [ 230.651222][ T8066] kstrtoul() returned -22 for lu_gp_id [ 231.219309][ T8076] netlink: 4 bytes leftover after parsing attributes in process `syz.3.497'. [ 231.269391][ T8076] netlink: 'syz.3.497': attribute type 1 has an invalid length. [ 231.287561][ T8076] netlink: 'syz.3.497': attribute type 6 has an invalid length. [ 231.533169][ T8080] netlink: 4 bytes leftover after parsing attributes in process `syz.3.499'. [ 231.575039][ T8080] netlink: 'syz.3.499': attribute type 2 has an invalid length. [ 231.587239][ T8080] netlink: 'syz.3.499': attribute type 3 has an invalid length. [ 232.474602][ T8093] __nla_validate_parse: 1 callbacks suppressed [ 232.474628][ T8093] netlink: 93 bytes leftover after parsing attributes in process `syz.3.504'. [ 234.789788][ T8134] netlink: 93 bytes leftover after parsing attributes in process `syz.0.513'. [ 236.110737][ T8161] netlink: 25 bytes leftover after parsing attributes in process `syz.2.518'. [ 236.779117][ T8171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.520'. [ 236.890286][ T8174] netlink: 354 bytes leftover after parsing attributes in process `syz.1.520'. [ 241.928080][ T8248] futex_wake_op: syz.3.536 tries to shift op by -2048; fix this program [ 243.841935][ T8278] netlink: zone id is out of range [ 243.888301][ T8278] netlink: zone id is out of range [ 243.917100][ T8278] netlink: zone id is out of range [ 243.922624][ T8278] netlink: zone id is out of range [ 243.927397][ T8281] netlink: zone id is out of range [ 243.933249][ T8281] netlink: zone id is out of range [ 243.938692][ T8281] netlink: zone id is out of range [ 243.944320][ T8281] netlink: zone id is out of range [ 243.950335][ T8278] netlink: zone id is out of range [ 243.958905][ T8281] netlink: zone id is out of range [ 245.636707][ T51] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 246.803429][ T8337] random: crng reseeded on system resumption [ 247.431980][ T8358] futex_wake_op: syz.1.561 tries to shift op by -2048; fix this program [ 247.448288][ T8357] futex_wake_op: syz.3.562 tries to shift op by -2048; fix this program [ 251.691409][ T8413] futex_wake_op: syz.0.574 tries to shift op by -2048; fix this program [ 251.784117][ T8415] netlink: 93 bytes leftover after parsing attributes in process `syz.3.575'. [ 251.812601][ T8404] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 252.088318][ T8421] netlink: 93 bytes leftover after parsing attributes in process `syz.1.577'. [ 252.645033][ T8432] futex_wake_op: syz.0.580 tries to shift op by -2048; fix this program [ 254.960830][ T8468] netlink: 93 bytes leftover after parsing attributes in process `syz.1.589'. [ 255.284053][ T8477] futex_wake_op: syz.1.591 tries to shift op by -2048; fix this program [ 256.100807][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.107469][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 259.561718][ T8540] netlink: 93 bytes leftover after parsing attributes in process `syz.0.606'. [ 260.302856][ T8549] futex_wake_op: syz.0.609 tries to shift op by -2048; fix this program [ 260.507192][ T8555] netlink: 93 bytes leftover after parsing attributes in process `syz.3.611'. [ 262.351442][ T8600] netlink: 93 bytes leftover after parsing attributes in process `syz.3.621'. [ 263.552206][ T8618] Process accounting resumed [ 264.196592][ T8633] netlink: 330 bytes leftover after parsing attributes in process `syz.3.627'. [ 264.455765][ T8642] futex_wake_op: syz.3.629 tries to shift op by -2048; fix this program [ 264.689528][ T8648] netlink: 93 bytes leftover after parsing attributes in process `syz.0.630'. [ 265.011022][ T8662] futex_wake_op: syz.1.635 tries to shift op by -2048; fix this program [ 267.154293][ T8684] futex_wake_op: syz.2.640 tries to shift op by -2048; fix this program [ 267.571490][ T8691] netlink: 93 bytes leftover after parsing attributes in process `syz.1.642'. [ 267.701886][ T8694] futex_wake_op: syz.1.643 tries to shift op by -2048; fix this program [ 267.749038][ T8696] futex_wake_op: syz.2.644 tries to shift op by -2048; fix this program [ 268.101658][ T8702] netlink: 20 bytes leftover after parsing attributes in process `syz.2.645'. [ 268.405484][ T8715] futex_wake_op: syz.1.650 tries to shift op by -2048; fix this program [ 268.960513][ T8723] futex_wake_op: syz.1.651 tries to shift op by -2048; fix this program [ 269.417759][ T8732] netlink: 'syz.3.654': attribute type 1 has an invalid length. [ 269.426181][ T8732] netlink: 9 bytes leftover after parsing attributes in process `syz.3.654'. [ 269.557041][ T8735] futex_wake_op: syz.0.655 tries to shift op by -2048; fix this program [ 269.711268][ T8738] futex_wake_op: syz.1.656 tries to shift op by -2048; fix this program [ 269.787467][ T8740] netlink: 20 bytes leftover after parsing attributes in process `syz.3.657'. [ 270.145380][ T8747] futex_wake_op: syz.1.660 tries to shift op by -2048; fix this program [ 270.302997][ T8750] futex_wake_op: syz.3.661 tries to shift op by -2048; fix this program [ 270.627553][ T5833] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 270.637456][ T5833] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 270.647104][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: kworker/u9:3 Tainted: G L syzkaller #0 PREEMPT(full) [ 270.647143][ T5833] Tainted: [L]=SOFTLOCKUP [ 270.647149][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 270.647164][ T5833] Workqueue: hci1 hci_rx_work [ 270.647196][ T5833] Call Trace: [ 270.647202][ T5833] [ 270.647209][ T5833] dump_stack_lvl+0x100/0x190 [ 270.647246][ T5833] sysfs_warn_dup.cold+0x1c/0x28 [ 270.647272][ T5833] sysfs_create_dir_ns+0x24b/0x2b0 [ 270.647299][ T5833] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 270.647325][ T5833] ? find_held_lock+0x2b/0x80 [ 270.647344][ T5833] ? kobject_add_internal+0x25f/0x930 [ 270.647368][ T5833] ? kobject_add_internal+0x25f/0x930 [ 270.647392][ T5833] ? do_raw_spin_unlock+0x145/0x1e0 [ 270.647422][ T5833] kobject_add_internal+0x2c8/0x930 [ 270.647449][ T5833] kobject_add+0x16a/0x1e0 [ 270.647472][ T5833] ? __pfx_kobject_add+0x10/0x10 [ 270.647493][ T5833] ? class_to_subsys+0x10f/0x150 [ 270.647523][ T5833] ? kobject_put+0xb9/0x640 [ 270.647543][ T5833] ? _raw_spin_unlock+0x28/0x50 [ 270.647577][ T5833] device_add+0x294/0x1950 [ 270.647601][ T5833] ? __pfx_dev_set_name+0x10/0x10 [ 270.647630][ T5833] ? __pfx_device_add+0x10/0x10 [ 270.647655][ T5833] ? mgmt_send_event_skb+0x2fb/0x460 [ 270.647690][ T5833] hci_conn_add_sysfs+0x1a3/0x260 [ 270.647709][ T5833] le_conn_complete_evt+0x11eb/0x1f60 [ 270.647743][ T5833] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 270.647768][ T5833] ? irqentry_exit+0x180/0x670 [ 270.647793][ T5833] hci_le_conn_complete_evt+0x23c/0x3a0 [ 270.647822][ T5833] ? skb_pull_data+0x15f/0x1e0 [ 270.647848][ T5833] hci_le_meta_evt+0x34a/0x5f0 [ 270.647877][ T5833] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 270.647915][ T5833] hci_event_packet+0x51c/0xcd0 [ 270.647942][ T5833] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 270.647971][ T5833] ? __pfx_hci_event_packet+0x10/0x10 [ 270.648001][ T5833] ? kcov_remote_start+0x374/0x660 [ 270.648019][ T5833] ? lockdep_hardirqs_on+0x78/0x100 [ 270.648043][ T5833] hci_rx_work+0x451/0xfc0 [ 270.648075][ T5833] process_one_work+0xa23/0x19a0 [ 270.648113][ T5833] ? __pfx_process_one_work+0x10/0x10 [ 270.648147][ T5833] ? __pfx_hci_rx_work+0x10/0x10 [ 270.648178][ T5833] worker_thread+0x5ef/0xe50 [ 270.648214][ T5833] ? kthread+0x13a/0x450 [ 270.648237][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 270.648262][ T5833] kthread+0x370/0x450 [ 270.648288][ T5833] ? __pfx_kthread+0x10/0x10 [ 270.648315][ T5833] ret_from_fork+0x754/0xd80 [ 270.648344][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 270.648372][ T5833] ? rcu_is_watching+0x12/0xc0 [ 270.648401][ T5833] ? __switch_to+0x7b4/0x1120 [ 270.648421][ T5833] ? __pfx_kthread+0x10/0x10 [ 270.648447][ T5833] ret_from_fork_asm+0x1a/0x30 [ 270.648480][ T5833] [ 270.648579][ T5833] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 270.942860][ T5833] Bluetooth: hci1: failed to register connection device [ 271.256560][ T8766] futex_wake_op: syz.3.666 tries to shift op by -2048; fix this program [ 271.774851][ T8776] netlink: 93 bytes leftover after parsing attributes in process `syz.2.668'. [ 272.410729][ T8785] futex_wake_op: syz.2.671 tries to shift op by -2048; fix this program [ 275.370708][ T8826] netlink: 504 bytes leftover after parsing attributes in process `syz.2.679'. [ 276.215106][ T8846] netlink: 93 bytes leftover after parsing attributes in process `syz.1.684'. [ 276.540330][ T8851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.685'. [ 279.009854][ T8883] futex_wake_op: syz.1.691 tries to shift op by -2048; fix this program [ 279.594615][ T8894] futex_wake_op: syz.0.694 tries to shift op by -2048; fix this program [ 281.148323][ T8907] futex_wake_op: syz.1.698 tries to shift op by -2048; fix this program [ 286.425735][ T8994] futex_wake_op: syz.2.713 tries to shift op by -2048; fix this program [ 287.050436][ T9008] netlink: 93 bytes leftover after parsing attributes in process `syz.2.715'. [ 288.342228][ T9028] tipc: Started in network mode [ 288.357249][ T9028] tipc: Node identity ffffffff, cluster identity 4711 [ 288.377200][ T9028] tipc: Node number set to 4294967295 [ 289.089642][ T9054] futex_wake_op: syz.1.724 tries to shift op by -2048; fix this program [ 290.808138][ T9076] ptrace attach of "./syz-executor exec"[5823] was attempted by ""[9076] [ 290.852340][ T9076] netlink: 4 bytes leftover after parsing attributes in process `syz.2.729'. [ 291.100418][ T30] audit: type=1800 audit(1775464094.351:8): pid=9080 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.730" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 294.037498][ T9131] netlink: 93 bytes leftover after parsing attributes in process `syz.1.742'. [ 294.350252][ T9136] netlink: 93 bytes leftover after parsing attributes in process `syz.1.743'. [ 296.405578][ T9166] netlink: 93 bytes leftover after parsing attributes in process `syz.2.751'. [ 296.633411][ T9168] futex_wake_op: syz.3.753 tries to shift op by -2048; fix this program [ 299.120310][ T9212] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 299.805848][ T9225] netlink: 4 bytes leftover after parsing attributes in process `syz.1.765'. [ 299.846374][ T9225] netlink: 'syz.1.765': attribute type 1 has an invalid length. [ 299.858530][ T9225] netlink: 342 bytes leftover after parsing attributes in process `syz.1.765'. [ 299.888104][ T9227] netlink: 25 bytes leftover after parsing attributes in process `syz.3.764'. [ 300.098877][ T9229] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 300.115616][ T9229] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 300.145319][ T9229] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 300.185065][ T9229] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 300.216195][ T9229] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 300.252104][ T9229] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 300.356692][ T9229] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 300.404127][ T9229] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 300.425863][ T9229] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 300.481624][ T9229] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 300.497974][ T9229] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 301.470782][ T9261] netlink: 93 bytes leftover after parsing attributes in process `syz.1.773'. [ 302.178023][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 302.235754][ T9270] FAULT_INJECTION: forcing a failure. [ 302.235754][ T9270] name failslab, interval 1, probability 0, space 0, times 0 [ 302.261283][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 302.360457][ T9270] CPU: 0 UID: 0 PID: 9270 Comm: syz.2.774 Tainted: G L syzkaller #0 PREEMPT(full) [ 302.360512][ T9270] Tainted: [L]=SOFTLOCKUP [ 302.360523][ T9270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 302.360541][ T9270] Call Trace: [ 302.360552][ T9270] [ 302.360564][ T9270] dump_stack_lvl+0x100/0x190 [ 302.360619][ T9270] should_fail_ex.cold+0x5/0xa [ 302.360657][ T9270] should_failslab+0xc2/0x120 [ 302.360694][ T9270] __kmalloc_cache_noprof+0x7a/0x6f0 [ 302.360736][ T9270] ? rtnl_newlink+0x126/0x2380 [ 302.360771][ T9270] ? __pfx_rtnl_newlink+0x10/0x10 [ 302.360803][ T9270] rtnl_newlink+0x126/0x2380 [ 302.360856][ T9270] ? __pfx_rtnl_newlink+0x10/0x10 [ 302.360886][ T9270] ? rcu_is_watching+0x12/0xc0 [ 302.360933][ T9270] ? kasan_quarantine_put+0x104/0x240 [ 302.360983][ T9270] ? lockdep_hardirqs_on+0x78/0x100 [ 302.361021][ T9270] ? kfree_skbmem+0x19a/0x210 [ 302.361059][ T9270] ? kmem_cache_free+0x124/0x6a0 [ 302.361110][ T9270] ? __lock_acquire+0x4a5/0x2630 [ 302.361157][ T9270] ? find_held_lock+0x2b/0x80 [ 302.361201][ T9270] ? find_held_lock+0x2b/0x80 [ 302.361231][ T9270] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 302.361261][ T9270] ? rtnetlink_rcv_msg+0x93a/0xe90 [ 302.361294][ T9270] ? __pfx_rtnl_newlink+0x10/0x10 [ 302.361327][ T9270] rtnetlink_rcv_msg+0x95e/0xe90 [ 302.361361][ T9270] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 302.361403][ T9270] ? ref_tracker_free+0x37e/0x6c0 [ 302.361454][ T9270] netlink_rcv_skb+0x159/0x420 [ 302.361489][ T9270] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 302.361523][ T9270] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 302.361571][ T9270] ? netlink_deliver_tap+0x1ae/0xcc0 [ 302.361611][ T9270] netlink_unicast+0x5aa/0x870 [ 302.361649][ T9270] ? __pfx_netlink_unicast+0x10/0x10 [ 302.361697][ T9270] netlink_sendmsg+0x8b0/0xda0 [ 302.361761][ T9270] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.361800][ T9270] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 302.361841][ T9270] __sys_sendto+0x468/0x4b0 [ 302.361894][ T9270] ? __pfx_netlink_sendmsg+0x10/0x10 [ 302.361929][ T9270] ? __pfx___sys_sendto+0x10/0x10 [ 302.361988][ T9270] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 302.362023][ T9270] ? count_memcg_events_mm.constprop.0+0xfa/0x2a0 [ 302.362084][ T9270] __x64_sys_sendto+0xe0/0x1c0 [ 302.362130][ T9270] ? do_syscall_64+0x95/0xf80 [ 302.362161][ T9270] ? lockdep_hardirqs_on+0x78/0x100 [ 302.362193][ T9270] do_syscall_64+0x106/0xf80 [ 302.362223][ T9270] ? clear_bhb_loop+0x40/0x90 [ 302.362262][ T9270] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 302.362294][ T9270] RIP: 0033:0x7f109295d04e [ 302.362322][ T9270] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 302.362350][ T9270] RSP: 002b:00007f109384ce88 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 302.362382][ T9270] RAX: ffffffffffffffda RBX: 00007f109384e6c0 RCX: 00007f109295d04e [ 302.362402][ T9270] RDX: 000000000000001c RSI: 00007f109384d000 RDI: 0000000000000003 [ 302.362420][ T9270] RBP: 0000000000000000 R08: 00007f109384cf04 R09: 000000000000000c [ 302.362438][ T9270] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 302.362455][ T9270] R13: 00007f109384cf58 R14: 00007f109384d000 R15: 0000000000000000 [ 302.362496][ T9270] [ 302.702110][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 302.708309][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 303.371819][ T9280] futex_wake_op: syz.0.778 tries to shift op by -2048; fix this program [ 303.802235][ T9291] futex_wake_op: syz.2.781 tries to shift op by -2048; fix this program [ 304.257133][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 304.347144][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 304.440565][ T9304] futex_wake_op: syz.1.785 tries to shift op by -2048; fix this program [ 304.737164][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 304.743348][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 305.925400][ T9323] netlink: 93 bytes leftover after parsing attributes in process `syz.2.791'. [ 306.284939][ T9330] futex_wake_op: syz.2.793 tries to shift op by -2048; fix this program [ 306.337095][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 306.417135][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 307.225848][ T9341] netlink: 93 bytes leftover after parsing attributes in process `syz.2.795'. [ 307.478535][ T9343] futex_wake_op: syz.2.796 tries to shift op by -2048; fix this program [ 308.417008][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 308.713134][ T9359] netlink: 93 bytes leftover after parsing attributes in process `syz.2.801'. [ 310.496340][ T9390] netlink: 93 bytes leftover after parsing attributes in process `syz.3.806'. [ 310.695189][ T9394] futex_wake_op: syz.3.807 tries to shift op by -2048; fix this program [ 310.758755][ T9397] QAT: Stopping all acceleration devices. [ 311.157343][ T9401] QAT: Invalid ioctl 35077 [ 311.421647][ T9407] netlink: 93 bytes leftover after parsing attributes in process `syz.1.810'. [ 313.098782][ T5833] Bluetooth: hci1: unexpected event 0x12 length: 440 > 8 [ 313.466181][ T9433] netlink: 93 bytes leftover after parsing attributes in process `syz.0.816'. [ 313.752276][ T9435] futex_wake_op: syz.0.817 tries to shift op by -2048; fix this program [ 313.824909][ T9437] futex_wake_op: syz.1.818 tries to shift op by -2048; fix this program [ 314.017609][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 314.255176][ T9441] futex_wake_op: syz.1.819 tries to shift op by -2048; fix this program [ 316.317462][ T30] audit: type=1804 audit(1775464119.571:9): pid=9470 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.825" name="/newroot/210/file0" dev="tmpfs" ino=1110 res=1 errno=0 [ 316.803462][ T9483] futex_wake_op: syz.1.827 tries to shift op by -2048; fix this program [ 316.892014][ T9485] futex_wake_op: syz.2.828 tries to shift op by -2048; fix this program [ 317.347288][ T9497] netlink: 16 bytes leftover after parsing attributes in process `syz.3.831'. [ 317.431921][ T9497] mac80211_hwsim hwsim3 wlan1: entered promiscuous mode [ 317.463054][ T9497] mac80211_hwsim hwsim3 wlan1: entered allmulticast mode [ 317.547850][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.554333][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.836554][ T9527] futex_wake_op: syz.0.837 tries to shift op by -2048; fix this program [ 318.874825][ T9526] netlink: 'syz.3.836': attribute type 1 has an invalid length. [ 318.883325][ T9526] netlink: 9 bytes leftover after parsing attributes in process `syz.3.836'. [ 319.121886][ T9531] futex_wake_op: syz.3.838 tries to shift op by -2048; fix this program [ 319.200404][ T9535] futex_wake_op: syz.1.839 tries to shift op by -2048; fix this program [ 320.677908][ T9566] futex_wake_op: syz.3.846 tries to shift op by -2048; fix this program [ 321.020928][ T9576] futex_wake_op: syz.2.849 tries to shift op by -2048; fix this program [ 321.257469][ T9580] futex_wake_op: syz.3.850 tries to shift op by -2048; fix this program [ 321.551880][ T9584] futex_wake_op: syz.2.851 tries to shift op by -2048; fix this program [ 322.316117][ T9596] Invalid ELF header magic: != ELF [ 323.256907][ T9613] Process accounting resumed [ 323.423563][ T9618] netlink: 93 bytes leftover after parsing attributes in process `syz.1.860'. [ 325.243924][ T9660] netlink: 93 bytes leftover after parsing attributes in process `syz.3.870'. [ 327.104042][ T9698] futex_wake_op: syz.3.879 tries to shift op by -2048; fix this program [ 327.173306][ T9701] netlink: 93 bytes leftover after parsing attributes in process `syz.2.880'. [ 328.720270][ T9731] netlink: 4 bytes leftover after parsing attributes in process `syz.3.888'. [ 328.768162][ T9731] netlink: 354 bytes leftover after parsing attributes in process `syz.3.888'. [ 329.055993][ T9737] netlink: 93 bytes leftover after parsing attributes in process `syz.3.890'. [ 329.289705][ T9743] futex_wake_op: syz.1.891 tries to shift op by -2048; fix this program [ 330.942485][ T9779] netlink: 93 bytes leftover after parsing attributes in process `syz.1.900'. [ 331.179207][ T9784] netlink: 93 bytes leftover after parsing attributes in process `syz.1.901'. [ 331.289384][ T9788] futex_wake_op: syz.0.903 tries to shift op by -2048; fix this program [ 332.449789][ T9798] Invalid ELF header magic: != ELF [ 333.037921][ T9814] futex_wake_op: syz.2.909 tries to shift op by -2048; fix this program [ 334.372432][ T9830] futex_wake_op: syz.2.914 tries to shift op by -2048; fix this program [ 334.631184][ T9836] futex_wake_op: syz.0.915 tries to shift op by -2048; fix this program [ 335.121826][ T9846] futex_wake_op: syz.2.919 tries to shift op by -2048; fix this program [ 336.180948][ T9873] futex_wake_op: syz.2.924 tries to shift op by -2048; fix this program [ 336.658611][ T9880] netlink: 8 bytes leftover after parsing attributes in process `syz.2.926'. [ 337.771596][ T9900] netlink: 4 bytes leftover after parsing attributes in process `syz.1.931'. [ 337.794824][ T9900] netlink: 354 bytes leftover after parsing attributes in process `syz.1.931'. [ 338.006447][ T9905] netlink: 93 bytes leftover after parsing attributes in process `syz.2.933'. [ 338.109179][ T9910] futex_wake_op: syz.1.935 tries to shift op by -2048; fix this program [ 338.526554][ T9918] netlink: 8 bytes leftover after parsing attributes in process `syz.3.936'. [ 339.464720][ T9914] netlink: 12 bytes leftover after parsing attributes in process `syz.3.936'. [ 340.542534][ T9957] netlink: 93 bytes leftover after parsing attributes in process `syz.2.945'. [ 340.587896][ T9948] netlink: 'syz.1.943': attribute type 2 has an invalid length. [ 340.595775][ T9948] netlink: 5 bytes leftover after parsing attributes in process `syz.1.943'. [ 340.710719][ T9932] netlink: 12 bytes leftover after parsing attributes in process `syz.0.940'. [ 340.795105][ T9962] futex_wake_op: syz.1.947 tries to shift op by -2048; fix this program [ 341.442577][ T9975] netlink: 330 bytes leftover after parsing attributes in process `syz.1.949'. [ 341.509932][ T9975] mac80211_hwsim hwsim7 ›: renamed from wlan0 (while UP) [ 342.323741][ T9987] netlink: 93 bytes leftover after parsing attributes in process `syz.1.954'. [ 342.535694][ T9994] futex_wake_op: syz.1.956 tries to shift op by -2048; fix this program [ 342.787449][T10002] futex_wake_op: syz.2.959 tries to shift op by -2048; fix this program [ 343.425587][T10013] futex_wake_op: syz.2.963 tries to shift op by -2048; fix this program [ 343.866403][T10017] netlink: 93 bytes leftover after parsing attributes in process `syz.3.964'. [ 343.914870][T10019] netlink: 93 bytes leftover after parsing attributes in process `syz.2.965'. [ 344.296358][T10031] futex_wake_op: syz.1.969 tries to shift op by -2048; fix this program [ 344.349589][T10033] netlink: 4 bytes leftover after parsing attributes in process `syz.2.970'. [ 344.683617][T10042] netlink: 93 bytes leftover after parsing attributes in process `syz.2.973'. [ 344.743918][T10048] netlink: 93 bytes leftover after parsing attributes in process `syz.2.973'. [ 344.891704][T10056] netlink: 93 bytes leftover after parsing attributes in process `syz.3.975'. [ 344.932484][T10058] netlink: 93 bytes leftover after parsing attributes in process `syz.2.976'. [ 345.765950][T10075] netlink: 4 bytes leftover after parsing attributes in process `syz.0.981'. [ 346.770529][T10100] netlink: 93 bytes leftover after parsing attributes in process `syz.3.986'. [ 346.903164][T10104] futex_wake_op: syz.0.988 tries to shift op by -2048; fix this program [ 347.341832][T10122] __nla_validate_parse: 1 callbacks suppressed [ 347.341858][T10122] netlink: 4 bytes leftover after parsing attributes in process `syz.0.992'. [ 347.447081][T10112] netlink: 342 bytes leftover after parsing attributes in process `syz.1.990'. [ 348.426806][T10114] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 348.453612][T10114] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 348.480242][T10126] [U] ^@ [ 348.486205][T10114] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 348.500302][T10114] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 348.527389][T10131] workqueue: Failed to create a rescuer kthread for wq "nfc2_nci_tx_wq": -EINTR [ 349.162973][T10155] netlink: 93 bytes leftover after parsing attributes in process `syz.2.998'. [ 349.697091][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 349.724236][T10162] netlink: 93 bytes leftover after parsing attributes in process `syz.3.999'. [ 350.072623][T10167] futex_wake_op: syz.2.1000 tries to shift op by -2048; fix this program [ 350.497176][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 350.503319][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 350.577243][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 350.596043][T10172] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1002'. [ 350.691905][T10179] futex_wake_op: syz.3.1003 tries to shift op by -2048; fix this program [ 351.054735][T10171] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1002'. [ 352.385086][T10196] futex_wake_op: syz.3.1008 tries to shift op by -2048; fix this program [ 352.543126][T10199] netlink: 93 bytes leftover after parsing attributes in process `syz.1.1009'. [ 352.582406][T10201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1010'. [ 352.669002][T10201] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1010'. [ 352.931611][T10212] futex_wake_op: syz.0.1013 tries to shift op by -2048; fix this program [ 354.322132][T10231] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1024'. [ 354.332215][T10231] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1024'. [ 355.371161][T10257] netlink: 'syz.2.1021': attribute type 1 has an invalid length. [ 355.447085][T10257] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1021'. [ 355.836750][T10267] futex_wake_op: syz.2.1022 tries to shift op by -2048; fix this program [ 355.937806][T10271] futex_wake_op: syz.0.1023 tries to shift op by -2048; fix this program [ 356.394703][T10281] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1026'. [ 356.618184][T10285] netlink: 93 bytes leftover after parsing attributes in process `syz.2.1027'. [ 356.755189][T10293] netlink: 93 bytes leftover after parsing attributes in process `syz.0.1029'. [ 360.172764][T10355] netlink: 93 bytes leftover after parsing attributes in process `syz.1.1039'. [ 360.303511][T10360] futex_wake_op: syz.3.1040 tries to shift op by -2048; fix this program [ 360.438008][T10344] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 360.449780][T10344] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 360.486082][T10344] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 360.507762][T10344] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 360.969805][T10375] netlink: 93 bytes leftover after parsing attributes in process `syz.2.1047'. [ 361.054600][T10381] futex_wake_op: syz.1.1049 tries to shift op by -2048; fix this program [ 361.114389][T10384] futex_wake_op: syz.3.1048 tries to shift op by -2048; fix this program [ 361.274986][T10388] netlink: 93 bytes leftover after parsing attributes in process `syz.2.1050'. [ 361.478826][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 362.117498][T10405] futex_wake_op: syz.2.1053 tries to shift op by -2048; fix this program [ 362.508278][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 362.508314][ T5833] Bluetooth: hci0: command 0x0406 tx timeout [ 362.587073][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 363.027649][T10424] futex_wake_op: syz.0.1065 tries to shift op by -2048; fix this program [ 363.566877][T10434] netlink: 93 bytes leftover after parsing attributes in process `syz.0.1058'. [ 363.684548][T10436] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1059'. [ 363.730847][T10438] futex_wake_op: syz.1.1061 tries to shift op by -2048; fix this program [ 363.922245][T10440] netlink: 93 bytes leftover after parsing attributes in process `syz.0.1071'. [ 364.030256][T10428] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 364.036691][T10428] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 364.076223][T10428] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 364.084447][T10428] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 364.218270][T10452] futex_wake_op: syz.1.1064 tries to shift op by -2048; fix this program [ 365.387112][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 365.491556][T10476] netlink: 93 bytes leftover after parsing attributes in process `syz.1.1072'. [ 365.531772][T10478] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1073'. [ 365.705979][T10483] futex_wake_op: syz.0.1074 tries to shift op by -2048; fix this program [ 365.718714][T10484] futex_wake_op: syz.1.1075 tries to shift op by -2048; fix this program [ 366.078541][T10488] Process accounting resumed [ 366.099343][ T5833] Bluetooth: hci3: command 0x0406 tx timeout [ 366.105432][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 366.111709][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 366.544555][T10502] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1078'. [ 366.772125][T10504] netlink: 93 bytes leftover after parsing attributes in process `syz.3.1080'. [ 367.670773][T10494] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1078'. [ 368.419111][T10537] futex_wake_op: syz.3.1084 tries to shift op by -2048; fix this program [ 368.434477][T10516] Process accounting resumed [ 368.850599][T10546] netlink: 93 bytes leftover after parsing attributes in process `syz.2.1089'. [ 369.239836][T10557] netlink: 93 bytes leftover after parsing attributes in process `syz.1.1093'. [ 369.279663][T10559] futex_wake_op: syz.2.1092 tries to shift op by -2048; fix this program [ 369.329017][T10561] futex_wake_op: syz.0.1094 tries to shift op by -2048; fix this program [ 369.469910][T10565] Process accounting resumed [ 369.890453][T10572] tipc: Started in network mode [ 369.895474][T10572] tipc: Node identity ffffffff, cluster identity 4711 [ 369.903610][T10572] tipc: Node number set to 4294967295 [ 370.010321][T10555] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1091'. [ 370.060776][T10555] ipvlan1: entered promiscuous mode [ 370.085504][T10555] ipvlan1: entered allmulticast mode [ 370.096520][T10555] veth0_vlan: entered allmulticast mode [ 371.961475][T10607] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1099'. [ 372.296441][T10610] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1100'. [ 372.337538][T10617] futex_wake_op: syz.3.1104 tries to shift op by -2048; fix this program [ 372.622725][T10620] futex_wake_op: syz.3.1106 tries to shift op by -2048; fix this program [ 372.634804][T10603] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1102'. [ 372.681587][T10603] input input11: cannot allocate more than FF_MAX_EFFECTS effects [ 376.122944][T10629] Process accounting resumed [ 376.442233][T10676] futex_wake_op: syz.3.1117 tries to shift op by -2048; fix this program [ 377.412046][T10682] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1119'. [ 378.227470][T10711] futex_wake_op: syz.2.1125 tries to shift op by -2048; fix this program [ 378.869447][T10730] futex_wake_op: syz.3.1129 tries to shift op by -2048; fix this program [ 378.981245][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.993455][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.342216][T10722] Process accounting resumed [ 379.418646][T10743] futex_wake_op: syz.2.1132 tries to shift op by -2048; fix this program [ 379.900869][T10756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1142'. [ 379.911166][T10756] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1142'. [ 380.726506][T10774] futex_wake_op: syz.1.1138 tries to shift op by -2048; fix this program [ 380.904012][T10769] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1136'. [ 382.052481][T10801] futex_wake_op: syz.2.1143 tries to shift op by -2048; fix this program [ 382.564577][T10798] Process accounting resumed [ 384.698161][T10836] futex_wake_op: syz.0.1149 tries to shift op by -2048; fix this program [ 385.008646][T10841] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1151'. [ 386.527174][T10876] [U] [ 386.530184][T10876] [U] [ 386.532997][T10876] [U] [ 386.535705][T10876] [U] [ 386.556812][T10879] futex_wake_op: syz.0.1158 tries to shift op by -2048; fix this program [ 386.565858][T10876] [U] [ 386.568623][T10876] [U] [ 386.571366][T10876] [U] [ 386.574108][T10876] [U] [ 386.645688][T10876] [U] [ 386.648520][T10876] [U] [ 386.651231][T10876] [U] [ 386.653954][T10876] [U] [ 386.708813][T10876] [U] [ 386.711603][T10876] [U] [ 386.714333][T10876] [U] [ 386.717033][T10876] [U] [ 386.757470][T10876] [U] [ 386.760340][T10876] [U] [ 386.763084][T10876] [U] [ 386.766000][T10876] [U] [ 386.777613][T10876] [U] [ 386.780462][T10876] [U] [ 386.783231][T10876] [U] [ 386.786021][T10876] [U] [ 386.803663][T10876] [U] [ 386.806539][T10876] [U] [ 386.809372][T10876] [U] [ 386.812157][T10876] [U] [ 386.824773][T10876] [U] [ 386.827578][T10876] [U] [ 386.830363][T10876] [U] [ 386.833137][T10876] [U] [ 386.837209][T10876] [U] [ 386.840052][T10876] [U] [ 386.842869][T10876] [U] [ 386.845594][T10876] [U] [ 386.905728][T10876] [U] [ 386.908512][T10876] [U] [ 386.911325][T10876] [U] [ 386.914110][T10876] [U] [ 386.994159][T10876] [U] [ 386.996952][T10876] [U] [ 386.999701][T10876] [U] [ 387.002731][T10876] [U] [ 387.007339][T10876] [U] [ 387.010103][T10876] [U] [ 387.012847][T10876] [U] [ 387.015579][T10876] [U] [ 387.097681][T10876] [U] [ 387.100477][T10876] [U] [ 387.103327][T10876] [U] [ 387.106071][T10876] [U] [ 387.107407][T10888] futex_wake_op: syz.3.1161 tries to shift op by -2048; fix this program [ 387.117681][T10876] [U] [ 387.120418][T10876] [U] [ 387.123122][T10876] [U] [ 387.125929][T10876] [U] [ 387.158291][T10876] [U] [ 387.161176][T10876] [U] [ 387.163925][T10876] [U] [ 387.166668][T10876] [U] [ 387.170317][T10876] [U] [ 387.173145][T10876] [U] [ 387.176038][T10876] [U] [ 387.178839][T10876] [U] [ 387.195228][T10876] [U] [ 387.197995][T10876] [U] [ 387.200699][T10876] [U] [ 387.203487][T10876] [U] [ 387.210945][T10876] [U] [ 387.213730][T10876] [U] [ 387.216612][T10876] [U] [ 387.219314][T10876] [U] [ 387.259047][T10876] [U] [ 387.261852][T10876] [U] [ 387.264601][T10876] [U] [ 387.267320][T10876] [U] [ 387.500748][T10876] [U] [ 387.503609][T10876] [U] [ 387.506354][T10876] [U] [ 387.509105][T10876] [U] [ 387.539301][T10876] [U] [ 387.542167][T10876] [U] [ 387.544949][T10876] [U] [ 387.547685][T10876] [U] [ 387.550780][T10876] [U] [ 387.553517][T10876] [U] [ 387.556256][T10876] [U] [ 387.558994][T10876] [U] [ 387.710324][T10876] [U] [ 387.713104][T10876] [U] [ 387.715867][T10876] [U] [ 387.718614][T10876] [U] [ 387.744115][T10876] [U] [ 387.746985][T10876] [U] [ 387.749877][T10876] [U] [ 387.752588][T10876] [U] [ 387.880793][T10876] [U] [ 387.883584][T10876] [U] [ 387.886405][T10876] [U] [ 387.889122][T10876] [U] [ 388.007722][T10876] [U] [ 388.010500][T10876] [U] [ 388.013252][T10876] [U] [ 388.016003][T10876] [U] [ 388.060383][T10876] [U] [ 388.063167][T10876] [U] [ 388.065999][T10876] [U] [ 388.068782][T10876] [U] [ 388.097374][T10876] [U] [ 388.100246][T10876] [U] [ 388.102987][T10876] [U] [ 388.105751][T10876] [U] [ 388.109361][T10876] [U] [ 388.112100][T10876] [U] [ 388.114795][T10876] [U] [ 388.117492][T10876] [U] [ 388.164468][T10876] [U] [ 388.167261][T10876] [U] [ 388.169998][T10876] [U] [ 388.172710][T10876] [U] [ 388.226063][T10876] [U] [ 388.228827][T10876] [U] [ 388.231675][T10876] [U] [ 388.234396][T10876] [U] [ 388.371583][T10876] [U] [ 388.374334][T10876] [U] [ 388.377142][T10876] [U] [ 388.379969][T10876] [U] [ 388.382710][T10876] [U] [ 388.415719][T10876] [U] [ 388.418651][T10876] [U] [ 388.421444][T10876] [U] [ 388.424135][T10876] [U] [ 388.447054][T10876] [U] [ 388.449822][T10876] [U] [ 388.452610][T10876] [U] [ 388.455325][T10876] [U] [ 388.511022][T10876] [U] [ 388.513763][T10876] [U] [ 388.516466][T10876] [U] [ 388.519166][T10876] [U] [ 388.540922][T10876] [U] [ 388.543710][T10876] [U] [ 388.546449][T10876] [U] [ 388.549201][T10876] [U] [ 388.572951][T10876] [U] [ 388.575833][T10876] [U] [ 388.578608][T10876] [U] [ 388.581330][T10876] [U] [ 388.621256][T10876] [U] [ 388.623993][T10876] [U] [ 388.626692][T10876] [U] [ 388.629480][T10876] [U] [ 388.647797][T10876] [U] [ 388.650667][T10876] [U] [ 388.653408][T10876] [U] [ 388.656310][T10876] [U] [ 388.709161][T10876] [U] [ 388.712024][T10876] [U] [ 388.714831][T10876] [U] [ 388.717560][T10876] [U] [ 388.816688][T10876] [U] [ 388.819594][T10876] [U] [ 388.822428][T10876] [U] [ 388.825156][T10876] [U] [ 388.885658][T10876] [U] [ 388.888418][T10876] [U] [ 388.891213][T10876] [U] [ 388.893905][T10876] [U] [ 388.927183][T10876] [U] [ 388.929967][T10876] [U] [ 388.932730][T10876] [U] [ 388.935471][T10876] [U] [ 388.977255][T10876] [U] [ 388.980051][T10876] [U] [ 388.982812][T10876] [U] [ 388.985578][T10876] [U] [ 389.100528][T10876] [U] [ 389.103310][T10876] [U] [ 389.106050][T10876] [U] [ 389.108760][T10876] [U] [ 389.128230][T10876] [U] [ 389.130972][T10876] [U] [ 389.133681][T10876] [U] [ 389.136482][T10876] [U] [ 389.144719][T10876] [U] [ 389.147490][T10876] [U] [ 389.150233][T10876] [U] [ 389.152970][T10876] [U] [ 389.157560][T10876] [U] [ 389.160359][T10876] [U] [ 389.163293][T10876] [U] [ 389.166052][T10876] [U] [ 389.173367][T10876] [U] [ 389.176233][T10876] [U] [ 389.178980][T10876] [U] [ 389.181698][T10876] [U] [ 389.214032][T10876] [U] [ 389.216814][T10876] [U] [ 389.219531][T10876] [U] [ 389.222235][T10876] [U] [ 389.238474][T10911] futex_wake_op: syz.0.1168 tries to shift op by -2048; fix this program [ 389.262001][T10876] [U] [ 389.264777][T10876] [U] [ 389.267486][T10876] [U] [ 389.270191][T10876] [U] [ 389.281817][T10911] futex_wake_op: syz.0.1168 tries to shift op by -2048; fix this program [ 389.310062][T10911] 0x000000000001-0x000000020000 : "" [ 389.319906][T10876] [U] [ 389.322648][T10876] [U] [ 389.325344][T10876] [U] [ 389.328050][T10876] [U] [ 389.348272][T10911] ftl_cs: FTL header corrupt! [ 389.390013][T10876] [U] [ 389.392945][T10876] [U] [ 389.395643][T10876] [U] [ 389.398433][T10876] [U] [ 389.438722][T10876] [U] [ 389.441469][T10876] [U] [ 389.444177][T10876] [U] [ 389.446888][T10876] [U] [ 389.510166][T10876] [U] [ 389.513032][T10876] [U] [ 389.515726][T10876] [U] [ 389.518473][T10876] [U] [ 389.522273][T10876] [U] [ 389.525110][T10876] [U] [ 389.527940][T10876] [U] [ 389.530685][T10876] [U] [ 389.551538][T10876] [U] [ 389.992937][T10927] futex_wake_op: syz.0.1172 tries to shift op by -2048; fix this program [ 393.367194][T10986] futex_wake_op: syz.0.1181 tries to shift op by -2048; fix this program [ 393.808090][T10993] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1185'. [ 395.426636][T11015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1190'. [ 396.665634][T11033] futex_wake_op: syz.1.1194 tries to shift op by -2048; fix this program [ 396.687706][T11033] futex_wake_op: syz.1.1194 tries to shift op by -2048; fix this program [ 398.061690][T11059] Process accounting resumed [ 398.234928][T11064] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1201'. [ 398.244901][T11064] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1201'. [ 398.919868][T11073] futex_wake_op: syz.1.1206 tries to shift op by -2048; fix this program [ 400.158734][T11094] Process accounting resumed [ 400.434890][T11116] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1213'. [ 401.171151][T11137] futex_wake_op: syz.1.1218 tries to shift op by -2048; fix this program [ 401.331815][ T5833] Bluetooth: hci3: unexpected event 0x10 length: 440 > 1 [ 401.333053][ T5833] Bluetooth: hci3: hardware error 0x00 [ 401.784695][T11140] FAULT_INJECTION: forcing a failure. [ 401.784695][T11140] name fail_futex, interval 1, probability 0, space 0, times 0 [ 401.839767][T11140] CPU: 1 UID: 0 PID: 11140 Comm: syz.0.1220 Tainted: G L syzkaller #0 PREEMPT(full) [ 401.839819][T11140] Tainted: [L]=SOFTLOCKUP [ 401.839831][T11140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 401.839858][T11140] Call Trace: [ 401.839868][T11140] [ 401.839880][T11140] dump_stack_lvl+0x100/0x190 [ 401.839933][T11140] should_fail_ex.cold+0x5/0xa [ 401.839971][T11140] get_futex_key+0x1d2/0x1620 [ 401.840015][T11140] ? __pfx_get_futex_key+0x10/0x10 [ 401.840053][T11140] ? find_held_lock+0x2b/0x80 [ 401.840083][T11140] ? futex_wake+0x456/0x530 [ 401.840139][T11140] futex_wake+0xea/0x530 [ 401.840188][T11140] ? __pfx_futex_wait+0x10/0x10 [ 401.840242][T11140] ? __pfx_futex_wake+0x10/0x10 [ 401.840308][T11140] do_futex+0x32b/0x350 [ 401.840351][T11140] ? __pfx_do_futex+0x10/0x10 [ 401.840394][T11140] ? bpf_lsm_capable+0x9/0x10 [ 401.840427][T11140] ? security_capable+0x80/0x260 [ 401.840464][T11140] __x64_sys_futex+0x34f/0x4d0 [ 401.840512][T11140] ? __pfx___x64_sys_futex+0x10/0x10 [ 401.840570][T11140] do_syscall_64+0x106/0xf80 [ 401.840601][T11140] ? clear_bhb_loop+0x40/0x90 [ 401.840639][T11140] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 401.840670][T11140] RIP: 0033:0x7f5bc099c819 [ 401.840696][T11140] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 401.840724][T11140] RSP: 002b:00007f5bc18f40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 401.840754][T11140] RAX: ffffffffffffffda RBX: 00007f5bc0c15fa8 RCX: 00007f5bc099c819 [ 401.840773][T11140] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f5bc0c15fac [ 401.840791][T11140] RBP: 00007f5bc0c15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 401.840809][T11140] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 401.840826][T11140] R13: 00007f5bc0c16038 R14: 00007ffd780ede80 R15: 00007ffd780edf68 [ 401.840875][T11140] [ 402.942640][T11159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1223'. [ 403.402178][ T5833] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 404.727616][T11197] futex_wake_op: syz.3.1230 tries to shift op by -2048; fix this program [ 405.171328][T11205] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1232'. [ 405.783510][T11219] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1233'. [ 407.065105][T11246] futex_wake_op: syz.1.1241 tries to shift op by -2048; fix this program [ 409.292044][T11263] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1244'. [ 410.571548][T11281] futex_wake_op: syz.1.1249 tries to shift op by -2048; fix this program [ 410.602933][T11281] futex_wake_op: syz.1.1249 tries to shift op by -2048; fix this program [ 412.092612][T11271] program syz.2.1246 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 412.816123][T11303] futex_wake_op: syz.3.1252 tries to shift op by -2048; fix this program [ 412.882530][T11293] Process accounting resumed [ 413.391214][T11318] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1255'. [ 416.126237][T11349] Invalid ELF header magic: != ELF [ 416.666052][T11355] Invalid ELF header magic: != ELF [ 417.867588][T11361] futex_wake_op: syz.1.1272 tries to shift op by -2048; fix this program [ 418.616542][T11375] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1267'. [ 418.708172][T11375] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1267'. [ 419.834095][T11394] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1274'. [ 420.322138][T11407] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1277'. [ 420.367298][T11407] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1277'. [ 421.051933][T11401] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1275'. [ 421.671155][T11414] Process accounting resumed [ 423.274145][T11451] futex_wake_op: syz.2.1286 tries to shift op by -2048; fix this program [ 423.317156][T11451] futex_wake_op: syz.2.1286 tries to shift op by -2048; fix this program [ 423.347110][T11451] 0x000000000001-0x000000020000 : "" [ 423.387997][T11451] ftl_cs: FTL header corrupt! [ 424.335862][T11465] Invalid ELF header magic: != ELF [ 425.366987][T11480] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1294'. [ 425.377270][T11480] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1294'. [ 426.354964][T11494] futex_wake_op: syz.3.1297 tries to shift op by -2048; fix this program [ 427.298903][T11512] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1304'. [ 427.329109][T11512] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1304'. [ 427.558978][T11505] FAULT_INJECTION: forcing a failure. [ 427.558978][T11505] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 427.637044][T11505] CPU: 1 UID: 0 PID: 11505 Comm: syz.2.1301 Tainted: G L syzkaller #0 PREEMPT(full) [ 427.637096][T11505] Tainted: [L]=SOFTLOCKUP [ 427.637107][T11505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 427.637123][T11505] Call Trace: [ 427.637133][T11505] [ 427.637146][T11505] dump_stack_lvl+0x100/0x190 [ 427.637201][T11505] should_fail_ex.cold+0x5/0xa [ 427.637240][T11505] _copy_from_iter+0x1f4/0x1690 [ 427.637291][T11505] ? policy_nodemask+0xed/0x4f0 [ 427.637325][T11505] ? __pfx__copy_from_iter+0x10/0x10 [ 427.637367][T11505] ? alloc_pages_mpol+0x25a/0x550 [ 427.637404][T11505] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 427.637449][T11505] copy_page_from_iter+0xde/0x180 [ 427.637494][T11505] anon_pipe_write+0xae4/0x1d40 [ 427.637544][T11505] ? __pfx_anon_pipe_write+0x10/0x10 [ 427.637579][T11505] ? __pfx_autoremove_wake_function+0x10/0x10 [ 427.637621][T11505] ? bpf_lsm_file_permission+0x9/0x10 [ 427.637651][T11505] ? security_file_permission+0x76/0x210 [ 427.637695][T11505] ? rw_verify_area+0xce/0x6d0 [ 427.637756][T11505] vfs_write+0x6ac/0x1070 [ 427.637788][T11505] ? __pfx_anon_pipe_write+0x10/0x10 [ 427.637824][T11505] ? __pfx_vfs_write+0x10/0x10 [ 427.637852][T11505] ? find_held_lock+0x2b/0x80 [ 427.637911][T11505] ksys_write+0x1f8/0x250 [ 427.637942][T11505] ? __pfx_ksys_write+0x10/0x10 [ 427.637986][T11505] do_syscall_64+0x106/0xf80 [ 427.638019][T11505] ? clear_bhb_loop+0x40/0x90 [ 427.638057][T11505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 427.638090][T11505] RIP: 0033:0x7f109299c819 [ 427.638117][T11505] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 427.638145][T11505] RSP: 002b:00007f109386f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 427.638176][T11505] RAX: ffffffffffffffda RBX: 00007f1092c15fa0 RCX: 00007f109299c819 [ 427.638197][T11505] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000001 [ 427.638214][T11505] RBP: 00007f1092a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 427.638232][T11505] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 427.638249][T11505] R13: 00007f1092c16038 R14: 00007f1092c15fa0 R15: 00007ffc6323e248 [ 427.638290][T11505] [ 428.696932][T11514] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1303'. [ 429.170809][T11546] futex_wake_op: syz.0.1309 tries to shift op by -2048; fix this program [ 429.956425][T11547] Process accounting resumed [ 430.800713][T11575] Process accounting paused [ 431.852373][T11601] futex_wake_op: syz.1.1320 tries to shift op by -2048; fix this program [ 433.489175][T11639] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1327'. [ 433.511177][T11639] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1327'. [ 433.677688][T11620] Process accounting resumed [ 434.104233][T11655] futex_wake_op: syz.1.1331 tries to shift op by -2048; fix this program [ 434.218572][T11658] futex_wake_op: syz.0.1332 tries to shift op by -2048; fix this program [ 434.411257][T11662] futex_wake_op: syz.1.1333 tries to shift op by -2048; fix this program [ 434.915335][T11670] FAULT_INJECTION: forcing a failure. [ 434.915335][T11670] name failslab, interval 1, probability 0, space 0, times 0 [ 434.937299][T11670] CPU: 0 UID: 0 PID: 11670 Comm: syz.2.1336 Tainted: G L syzkaller #0 PREEMPT(full) [ 434.937349][T11670] Tainted: [L]=SOFTLOCKUP [ 434.937359][T11670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 434.937376][T11670] Call Trace: [ 434.937386][T11670] [ 434.937398][T11670] dump_stack_lvl+0x100/0x190 [ 434.937450][T11670] should_fail_ex.cold+0x5/0xa [ 434.937498][T11670] should_failslab+0xc2/0x120 [ 434.937534][T11670] __kmalloc_cache_noprof+0x7a/0x6f0 [ 434.937573][T11670] ? device_add+0xd3a/0x1950 [ 434.937623][T11670] device_add+0xd3a/0x1950 [ 434.937662][T11670] ? dev_set_name+0xc7/0x100 [ 434.937707][T11670] ? __pfx_dev_set_name+0x10/0x10 [ 434.937752][T11670] ? __pfx_device_add+0x10/0x10 [ 434.937810][T11670] __add_disk+0x518/0xe40 [ 434.937846][T11670] ? find_held_lock+0x2b/0x80 [ 434.937882][T11670] add_disk_fwnode+0x3d4/0x5c0 [ 434.937923][T11670] zram_add+0x4d2/0x610 [ 434.937964][T11670] ? __pfx_zram_add+0x10/0x10 [ 434.938031][T11670] ? find_held_lock+0x2b/0x80 [ 434.938058][T11670] ? sysfs_file_kobj+0xe4/0x290 [ 434.938101][T11670] ? __pfx_hot_add_show+0x10/0x10 [ 434.938145][T11670] hot_add_show+0x21/0x80 [ 434.938187][T11670] class_attr_show+0x72/0xa0 [ 434.938228][T11670] ? __pfx_class_attr_show+0x10/0x10 [ 434.938265][T11670] sysfs_kf_seq_show+0x217/0x3a0 [ 434.938317][T11670] seq_read_iter+0x32f/0x1270 [ 434.938394][T11670] kernfs_fop_read_iter+0x46c/0x610 [ 434.938432][T11670] ? rw_verify_area+0xce/0x6d0 [ 434.938478][T11670] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 434.938525][T11670] vfs_read+0x825/0xb30 [ 434.938561][T11670] ? __pfx_vfs_read+0x10/0x10 [ 434.938620][T11670] ksys_read+0x12a/0x250 [ 434.938649][T11670] ? __pfx_ksys_read+0x10/0x10 [ 434.938691][T11670] do_syscall_64+0x106/0xf80 [ 434.938724][T11670] ? clear_bhb_loop+0x40/0x90 [ 434.938761][T11670] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 434.938792][T11670] RIP: 0033:0x7f109299c819 [ 434.938818][T11670] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 434.938845][T11670] RSP: 002b:00007f109386f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 434.938873][T11670] RAX: ffffffffffffffda RBX: 00007f1092c15fa0 RCX: 00007f109299c819 [ 434.938893][T11670] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000006 [ 434.938911][T11670] RBP: 00007f1092a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 434.938928][T11670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 434.938945][T11670] R13: 00007f1092c16038 R14: 00007f1092c15fa0 R15: 00007ffc6323e248 [ 434.938988][T11670] [ 435.518072][T11679] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1339'. [ 435.818977][T11687] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1341'. [ 436.149407][ T5833] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 436.860992][T11708] futex_wake_op: syz.0.1344 tries to shift op by -2048; fix this program [ 437.434798][ T5833] block nbd0: Receive control failed (result -32) [ 437.479193][T11720] futex_wake_op: syz.2.1347 tries to shift op by -2048; fix this program [ 437.518760][T11718] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1349'. [ 437.915885][ T5833] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 438.090212][T11727] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1352'. [ 438.623795][ T30] audit: type=1800 audit(1775464241.871:10): pid=11747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1358" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 439.023985][T11756] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1359'. [ 439.232665][T11759] futex_wake_op: syz.3.1360 tries to shift op by -2048; fix this program [ 439.640307][T11765] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1362'. [ 439.678948][T11765] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1362'. [ 440.432614][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.444925][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.728595][T11804] futex_wake_op: syz.2.1371 tries to shift op by -2048; fix this program [ 441.154253][T11781] Process accounting resumed [ 441.188401][T11812] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1373'. [ 441.594355][T11814] zswap: compressor not available [ 441.946471][T11834] nvme_fabrics: missing parameter 'transport=%s' [ 441.996391][T11834] nvme_fabrics: missing parameter 'nqn=%s' [ 443.289639][T11871] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1385'. [ 444.461892][T11892] futex_wake_op: syz.1.1389 tries to shift op by -2048; fix this program [ 444.558993][T11894] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1390'. [ 444.872093][T11896] binder: 11889:11896 ioctl c00c620f 2000000001c0 returned -22 [ 445.362096][T11913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1395'. [ 445.740334][T11915] zswap: compressor not available [ 446.008070][T11927] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1399'. [ 446.142987][T11927] bridge_slave_1: left allmulticast mode [ 446.149905][T11927] bridge_slave_1: left promiscuous mode [ 446.172110][T11927] bridge0: port 2(bridge_slave_1) entered disabled state [ 446.231387][T11927] bridge_slave_0: left allmulticast mode [ 446.264987][T11927] bridge_slave_0: left promiscuous mode [ 446.272175][T11927] bridge0: port 1(bridge_slave_0) entered disabled state [ 446.584686][T11940] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1401'. [ 446.628552][T11940] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1401'. [ 446.925522][T11949] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1404'. [ 447.837661][T11963] futex_wake_op: syz.3.1407 tries to shift op by -2048; fix this program [ 448.064565][T11966] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1408'. [ 448.104500][T11966] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1408'. [ 449.124024][T11993] futex_wake_op: syz.2.1412 tries to shift op by -2048; fix this program [ 449.550822][T11999] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1414'. [ 449.608096][T12001] futex_wake_op: syz.0.1415 tries to shift op by -2048; fix this program [ 450.266839][T12024] futex_wake_op: syz.1.1419 tries to shift op by -2048; fix this program [ 450.715964][T12013] workqueue: Failed to create a rescuer kthread for wq "nfc3_nci_rx_wq": -EINTR [ 450.894668][T12037] futex_wake_op: syz.1.1422 tries to shift op by -2048; fix this program [ 450.944460][T12013] Process accounting resumed [ 451.393943][T12048] Process accounting resumed [ 451.478176][T12052] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1425'. [ 451.767810][T12060] futex_wake_op: syz.1.1429 tries to shift op by -2048; fix this program [ 451.817950][T12058] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1428'. [ 451.887367][T12062] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1428'. [ 452.111862][T12066] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1431'. [ 452.285016][T12072] futex_wake_op: syz.0.1433 tries to shift op by -2048; fix this program [ 452.822125][T12095] futex_wake_op: syz.0.1437 tries to shift op by -2048; fix this program [ 453.412600][T12073] Process accounting resumed [ 453.469560][T12109] futex_wake_op: syz.3.1440 tries to shift op by -2048; fix this program [ 453.928542][T12120] program syz.2.1442 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 454.126746][T12124] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1443'. [ 454.823741][T12143] futex_wake_op: syz.2.1450 tries to shift op by -2048; fix this program [ 454.864735][T12145] futex_wake_op: syz.0.1448 tries to shift op by -2048; fix this program [ 455.752782][T12165] Process accounting resumed [ 455.963864][T12169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1455'. [ 456.008975][T12169] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1455'. [ 457.237169][T12194] futex_wake_op: syz.1.1461 tries to shift op by -2048; fix this program [ 458.018638][ T1149] netdevsim netdevsim100 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 459.285894][T12210] Process accounting resumed [ 460.024640][T12233] Invalid ELF header magic: != ELF [ 460.737575][T12253] futex_wake_op: syz.3.1471 tries to shift op by -2048; fix this program [ 462.747443][T12282] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1478'. [ 462.749942][T12285] futex_wake_op: syz.1.1477 tries to shift op by -2048; fix this program [ 464.064566][T12302] futex_wake_op: syz.1.1484 tries to shift op by -2048; fix this program [ 465.107509][T12329] futex_wake_op: syz.0.1489 tries to shift op by -2048; fix this program [ 465.325004][T12307] Process accounting resumed [ 465.536138][T12337] futex_wake_op: syz.0.1490 tries to shift op by -2048; fix this program [ 466.653045][T12338] Process accounting resumed [ 466.857696][T12363] futex_wake_op: syz.0.1495 tries to shift op by -2048; fix this program [ 467.515597][T12384] futex_wake_op: syz.1.1498 tries to shift op by -2048; fix this program [ 468.708073][T12397] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1500'. [ 469.039793][T12405] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1503'. [ 469.582855][T12418] futex_wake_op: syz.2.1506 tries to shift op by -2048; fix this program [ 469.864058][T12426] futex_wake_op: syz.3.1507 tries to shift op by -2048; fix this program [ 469.988860][T12427] FAULT_INJECTION: forcing a failure. [ 469.988860][T12427] name failslab, interval 1, probability 0, space 0, times 0 [ 470.003372][T12427] CPU: 1 UID: 0 PID: 12427 Comm: syz.0.1515 Tainted: G L syzkaller #0 PREEMPT(full) [ 470.003429][T12427] Tainted: [L]=SOFTLOCKUP [ 470.003439][T12427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 470.003456][T12427] Call Trace: [ 470.003467][T12427] [ 470.003478][T12427] dump_stack_lvl+0x100/0x190 [ 470.003530][T12427] should_fail_ex.cold+0x5/0xa [ 470.003568][T12427] should_failslab+0xc2/0x120 [ 470.003603][T12427] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 470.003650][T12427] ? __d_alloc+0x34/0xa80 [ 470.003684][T12427] ? security_inode_alloc+0xcf/0x2c0 [ 470.003725][T12427] __d_alloc+0x34/0xa80 [ 470.003757][T12427] ? __ns_ref_active_get+0x9f/0x1b0 [ 470.003799][T12427] path_from_stashed+0x427/0x750 [ 470.003831][T12427] ? do_raw_spin_unlock+0x145/0x1e0 [ 470.003883][T12427] ns_get_path+0x60/0x80 [ 470.003916][T12427] proc_ns_get_link+0x121/0x230 [ 470.003959][T12427] ? __pfx_proc_ns_get_link+0x10/0x10 [ 470.004008][T12427] ? atime_needs_update+0x8b/0x6b0 [ 470.004056][T12427] pick_link+0xd17/0x13c0 [ 470.004100][T12427] ? __pfx_proc_ns_get_link+0x10/0x10 [ 470.004149][T12427] step_into_slowpath+0x9ba/0xf90 [ 470.004204][T12427] ? __pfx_step_into_slowpath+0x10/0x10 [ 470.004249][T12427] ? find_held_lock+0x2b/0x80 [ 470.004293][T12427] path_openat+0xf95/0x31a0 [ 470.004345][T12427] ? __pfx_path_openat+0x10/0x10 [ 470.004393][T12427] do_file_open+0x20e/0x430 [ 470.004438][T12427] ? __pfx_do_file_open+0x10/0x10 [ 470.004500][T12427] ? alloc_fd+0x476/0x790 [ 470.004535][T12427] ? do_getname+0x191/0x390 [ 470.004578][T12427] do_sys_openat2+0x10d/0x1e0 [ 470.004620][T12427] ? __pfx_do_sys_openat2+0x10/0x10 [ 470.004663][T12427] ? __fget_files+0x21f/0x3d0 [ 470.004703][T12427] __x64_sys_openat+0x12d/0x210 [ 470.004746][T12427] ? __pfx___x64_sys_openat+0x10/0x10 [ 470.004804][T12427] do_syscall_64+0x106/0xf80 [ 470.004836][T12427] ? clear_bhb_loop+0x40/0x90 [ 470.004872][T12427] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.004903][T12427] RIP: 0033:0x7f5bc095d04e [ 470.004928][T12427] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 470.004956][T12427] RSP: 002b:00007f5bc18d2ec8 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 470.004984][T12427] RAX: ffffffffffffffda RBX: 00007f5bc18d36c0 RCX: 00007f5bc095d04e [ 470.005002][T12427] RDX: 0000000000000002 RSI: 00007f5bc18d2f90 RDI: ffffffffffffff9c [ 470.005020][T12427] RBP: 00007f5bc0a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 470.005037][T12427] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 470.005050][T12427] R13: 00007f5bc0c16128 R14: 00007f5bc0c16090 R15: 00007ffd780edf68 [ 470.005081][T12427] [ 471.393144][T12434] Invalid ELF header magic: != ELF [ 471.460931][T12453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1511'. [ 472.771955][T12475] futex_wake_op: syz.0.1518 tries to shift op by -2048; fix this program [ 475.302260][T12526] futex_wake_op: syz.2.1527 tries to shift op by -2048; fix this program [ 475.603194][T12533] futex_wake_op: syz.3.1529 tries to shift op by -2048; fix this program [ 475.923032][T12539] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1531'. [ 475.966596][T12542] futex_wake_op: syz.3.1540 tries to shift op by -2048; fix this program [ 476.550527][T12560] Invalid ELF header magic: != ELF [ 477.069132][T12546] Process accounting resumed [ 477.211553][T12570] zram: Removed device: zram0 [ 479.001185][T12590] futex_wake_op: syz.3.1541 tries to shift op by -2048; fix this program [ 479.324735][T12593] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1542'. [ 480.938566][T12630] Invalid ELF header magic: != ELF [ 481.583023][T12642] futex_wake_op: syz.1.1552 tries to shift op by -2048; fix this program [ 481.790444][T12644] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1554'. [ 487.106299][T12720] zswap: compressor not available [ 487.683794][T12725] nvme_fabrics: missing parameter 'transport=%s' [ 487.707929][T12725] nvme_fabrics: missing parameter 'nqn=%s' [ 488.581151][T12745] Process accounting resumed [ 489.113604][T12752] Invalid ELF header magic: != ELF [ 490.216088][T12767] futex_wake_op: syz.0.1578 tries to shift op by -2048; fix this program [ 490.294044][T12766] Invalid ELF header magic: != ELF [ 496.103583][T12848] Process accounting resumed [ 496.780543][T12857] Kernel: The 'panic_print' parameter is now deprecated. Please use 'panic_sys_info' and 'panic_console_replay' instead. [ 498.142019][T12879] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1599'. [ 500.619046][T12914] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1605'. [ 500.690475][T12914] netlink: 354 bytes leftover after parsing attributes in process `syz.0.1605'. [ 500.805559][T12919] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1606'. [ 500.920542][T12919] team0: Port device team_slave_0 removed [ 500.944739][T12923] Invalid ELF header magic: != ELF [ 501.291876][T12930] FAULT_INJECTION: forcing a failure. [ 501.291876][T12930] name failslab, interval 1, probability 0, space 0, times 0 [ 501.356914][T12930] CPU: 1 UID: 0 PID: 12930 Comm: syz.0.1617 Tainted: G L syzkaller #0 PREEMPT(full) [ 501.356970][T12930] Tainted: [L]=SOFTLOCKUP [ 501.356981][T12930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 501.356997][T12930] Call Trace: [ 501.357006][T12930] [ 501.357018][T12930] dump_stack_lvl+0x100/0x190 [ 501.357067][T12930] should_fail_ex.cold+0x5/0xa [ 501.357097][T12930] should_failslab+0xc2/0x120 [ 501.357118][T12930] __kmalloc_cache_noprof+0x7a/0x6f0 [ 501.357143][T12930] ? vhost_task_create+0xee/0x370 [ 501.357170][T12930] ? __kasan_kmalloc+0xaa/0xb0 [ 501.357187][T12930] ? __pfx_vhost_worker_killed+0x10/0x10 [ 501.357217][T12930] ? __pfx_vhost_run_work_list+0x10/0x10 [ 501.357247][T12930] vhost_task_create+0xee/0x370 [ 501.357279][T12930] ? __pfx_vhost_task_create+0x10/0x10 [ 501.357315][T12930] ? __pfx_vhost_task_fn+0x10/0x10 [ 501.357365][T12930] ? snprintf+0xc7/0x100 [ 501.357396][T12930] vhost_task_worker_create+0x8d/0x260 [ 501.357426][T12930] ? __pfx_vhost_task_worker_create+0x10/0x10 [ 501.357445][T12930] ? lockdep_init_map_type+0x5c/0x250 [ 501.357471][T12930] ? lockdep_init_map_type+0x5c/0x250 [ 501.357500][T12930] vhost_worker_create+0x243/0x310 [ 501.357538][T12930] ? __pfx_vhost_worker_create+0x10/0x10 [ 501.357574][T12930] vhost_dev_set_owner+0x719/0xa30 [ 501.357599][T12930] vhost_net_ioctl+0xfa3/0x1910 [ 501.357618][T12930] ? do_vfs_ioctl+0x226/0x13e0 [ 501.357645][T12930] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 501.357673][T12930] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 501.357697][T12930] ? find_held_lock+0x2b/0x80 [ 501.357715][T12930] ? __fget_files+0x215/0x3d0 [ 501.357733][T12930] ? hook_file_ioctl_common+0x146/0x410 [ 501.357761][T12930] ? __fget_files+0x21f/0x3d0 [ 501.357783][T12930] ? __pfx_vhost_net_ioctl+0x10/0x10 [ 501.357802][T12930] __x64_sys_ioctl+0x18e/0x210 [ 501.357832][T12930] do_syscall_64+0x106/0xf80 [ 501.357850][T12930] ? clear_bhb_loop+0x40/0x90 [ 501.357872][T12930] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.357891][T12930] RIP: 0033:0x7f5bc099c819 [ 501.357906][T12930] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 501.357924][T12930] RSP: 002b:00007f5bc18d3028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 501.357942][T12930] RAX: ffffffffffffffda RBX: 00007f5bc0c16090 RCX: 00007f5bc099c819 [ 501.357953][T12930] RDX: 0000000000000005 RSI: 000000000000af01 RDI: 0000000000000008 [ 501.357964][T12930] RBP: 00007f5bc0a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 501.357974][T12930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 501.357984][T12930] R13: 00007f5bc0c16128 R14: 00007f5bc0c16090 R15: 00007ffd780edf68 [ 501.358008][T12930] [ 501.967981][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.977017][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 503.947003][T12962] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1612'. [ 505.305627][T12987] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1621'. [ 507.049618][T12999] Invalid ELF header magic: != ELF [ 508.216805][T12965] Process accounting paused [ 511.787527][T13062] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1635'. [ 512.146510][T13071] netlink: 'syz.2.1637': attribute type 1 has an invalid length. [ 512.169701][T13071] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1637'. [ 512.706705][T13079] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1640'. [ 514.011621][T13095] Invalid ELF header magic: != ELF [ 514.246046][T13103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1647'. [ 515.174936][T13113] netlink: 330 bytes leftover after parsing attributes in process `syz.3.1649'. [ 517.685113][T13143] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1656'. [ 517.705724][T13143] netlink: 354 bytes leftover after parsing attributes in process `syz.1.1656'. [ 519.217323][ T5833] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 519.400470][T13174] FAULT_INJECTION: forcing a failure. [ 519.400470][T13174] name failslab, interval 1, probability 0, space 0, times 0 [ 519.416521][T13176] QAT: Stopping all acceleration devices. [ 519.418545][T13174] CPU: 1 UID: 0 PID: 13174 Comm: syz.0.1669 Tainted: G L syzkaller #0 PREEMPT(full) [ 519.418589][T13174] Tainted: [L]=SOFTLOCKUP [ 519.418598][T13174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 519.418614][T13174] Call Trace: [ 519.418623][T13174] [ 519.418634][T13174] dump_stack_lvl+0x100/0x190 [ 519.418680][T13174] should_fail_ex.cold+0x5/0xa [ 519.418714][T13174] should_failslab+0xc2/0x120 [ 519.418746][T13174] __kmalloc_cache_noprof+0x7a/0x6f0 [ 519.418780][T13174] ? newseg+0x269/0xed0 [ 519.418814][T13174] ? __lock_acquire+0x4a5/0x2630 [ 519.418853][T13174] newseg+0x269/0xed0 [ 519.418894][T13174] ? __pfx_newseg+0x10/0x10 [ 519.418929][T13174] ? find_held_lock+0x2b/0x80 [ 519.418956][T13174] ? ipcget+0x8aa/0xf50 [ 519.418997][T13174] ipcget+0x909/0xf50 [ 519.419032][T13174] ? do_futex+0x192/0x350 [ 519.419078][T13174] ? __pfx_ipcget+0x10/0x10 [ 519.419115][T13174] ? __x64_sys_futex+0x34f/0x4d0 [ 519.419148][T13174] ? __x64_sys_futex+0x358/0x4d0 [ 519.419187][T13174] __x64_sys_shmget+0x13b/0x1b0 [ 519.419224][T13174] ? __pfx___x64_sys_shmget+0x10/0x10 [ 519.419270][T13174] do_syscall_64+0x106/0xf80 [ 519.419297][T13174] ? clear_bhb_loop+0x40/0x90 [ 519.419330][T13174] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 519.419356][T13174] RIP: 0033:0x7f5bc099c819 [ 519.419378][T13174] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 519.419403][T13174] RSP: 002b:00007f5bc18b2028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 519.419429][T13174] RAX: ffffffffffffffda RBX: 00007f5bc0c16180 RCX: 00007f5bc099c819 [ 519.419446][T13174] RDX: 00000000568d1aef RSI: 0000000000010564 RDI: 0000000000000008 [ 519.419462][T13174] RBP: 00007f5bc0a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 519.419478][T13174] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 519.419493][T13174] R13: 00007f5bc0c16218 R14: 00007f5bc0c16180 R15: 00007ffd780edf68 [ 519.419537][T13174] [ 520.029217][T13189] QAT: Invalid ioctl 35077 [ 520.155493][T13187] zswap: compressor not available [ 522.737758][ T5833] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 524.823154][T13273] Process accounting resumed [ 531.411205][T13382] Process accounting resumed [ 532.135045][T13393] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1706'. [ 533.772408][T13425] Process accounting resumed [ 534.039912][ T5833] block nbd1: Receive control failed (result -32) [ 534.502319][T13452] netlink: 330 bytes leftover after parsing attributes in process `syz.2.1720'. [ 541.614534][T13575] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1743'. [ 542.773833][ T30] audit: type=1800 audit(1775464346.021:11): pid=13594 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1747" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 547.797831][ T5833] Bluetooth: hci2: ISO packet for unknown connection handle 0 [ 549.855383][T13704] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1766'. [ 550.002503][T13711] zswap: compressor not available [ 550.623086][T13730] Invalid ELF header magic: != ELF [ 551.310304][T13735] FAULT_INJECTION: forcing a failure. [ 551.310304][T13735] name failslab, interval 1, probability 0, space 0, times 0 [ 551.323305][T13735] CPU: 0 UID: 0 PID: 13735 Comm: syz.3.1774 Tainted: G L syzkaller #0 PREEMPT(full) [ 551.323335][T13735] Tainted: [L]=SOFTLOCKUP [ 551.323341][T13735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 551.323352][T13735] Call Trace: [ 551.323361][T13735] [ 551.323368][T13735] dump_stack_lvl+0x100/0x190 [ 551.323403][T13735] should_fail_ex.cold+0x5/0xa [ 551.323426][T13735] should_failslab+0xc2/0x120 [ 551.323448][T13735] __kmalloc_cache_node_noprof+0x7d/0x770 [ 551.323467][T13735] ? blkg_alloc+0xbd/0xae0 [ 551.323491][T13735] ? __xa_insert+0x20b/0x320 [ 551.323516][T13735] blkg_alloc+0xbd/0xae0 [ 551.323544][T13735] ? __alloc_disk_node+0x2d4/0x6b0 [ 551.323567][T13735] blkcg_init_disk+0x51/0x580 [ 551.323596][T13735] __alloc_disk_node+0x2f6/0x6b0 [ 551.323621][T13735] __blk_alloc_disk+0xd2/0x170 [ 551.323642][T13735] ? __pfx___blk_alloc_disk+0x10/0x10 [ 551.323677][T13735] ? __pfx_idr_alloc+0x10/0x10 [ 551.323695][T13735] ? lockdep_init_map_type+0x5c/0x250 [ 551.323722][T13735] ? __raw_spin_lock_init+0x3a/0x110 [ 551.323752][T13735] ? __pfx_hot_add_show+0x10/0x10 [ 551.323780][T13735] zram_add+0x1bf/0x610 [ 551.323807][T13735] ? __pfx_zram_add+0x10/0x10 [ 551.323849][T13735] ? find_held_lock+0x2b/0x80 [ 551.323867][T13735] ? sysfs_file_kobj+0xe4/0x290 [ 551.323894][T13735] ? __pfx_hot_add_show+0x10/0x10 [ 551.323922][T13735] hot_add_show+0x21/0x80 [ 551.323949][T13735] class_attr_show+0x72/0xa0 [ 551.323974][T13735] ? __pfx_class_attr_show+0x10/0x10 [ 551.323997][T13735] sysfs_kf_seq_show+0x217/0x3a0 [ 551.324025][T13735] seq_read_iter+0x32f/0x1270 [ 551.324065][T13735] kernfs_fop_read_iter+0x46c/0x610 [ 551.324088][T13735] ? rw_verify_area+0xce/0x6d0 [ 551.324114][T13735] ? __pfx_kernfs_fop_read_iter+0x10/0x10 [ 551.324148][T13735] vfs_read+0x825/0xb30 [ 551.324168][T13735] ? __pfx_vfs_read+0x10/0x10 [ 551.324201][T13735] ksys_read+0x12a/0x250 [ 551.324219][T13735] ? __pfx_ksys_read+0x10/0x10 [ 551.324244][T13735] do_syscall_64+0x106/0xf80 [ 551.324264][T13735] ? clear_bhb_loop+0x40/0x90 [ 551.324287][T13735] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 551.324306][T13735] RIP: 0033:0x7f95f739c819 [ 551.324322][T13735] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 551.324339][T13735] RSP: 002b:00007f95f81b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 551.324357][T13735] RAX: ffffffffffffffda RBX: 00007f95f7615fa0 RCX: 00007f95f739c819 [ 551.324369][T13735] RDX: 0000000000001000 RSI: 0000200000000ec0 RDI: 0000000000000006 [ 551.324382][T13735] RBP: 00007f95f7432c91 R08: 0000000000000000 R09: 0000000000000000 [ 551.324392][T13735] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 551.324402][T13735] R13: 00007f95f7616038 R14: 00007f95f7615fa0 R15: 00007ffe56466cb8 [ 551.324426][T13735] [ 551.926558][T13735] zram: Error allocating disk structure for device 0 [ 553.284702][T13760] Invalid ELF header magic: != ELF [ 554.319966][T13776] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1779'. [ 557.333379][T13832] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1792'. [ 557.343350][T13832] bridge_slave_1: left allmulticast mode [ 557.349269][T13832] bridge_slave_1: left promiscuous mode [ 557.355212][T13832] bridge0: port 2(bridge_slave_1) entered disabled state [ 557.366805][T13832] bridge_slave_0: left allmulticast mode [ 557.379490][T13832] bridge_slave_0: left promiscuous mode [ 557.379788][T13832] bridge0: port 1(bridge_slave_0) entered disabled state [ 558.089424][T13845] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1795'. [ 558.341013][T13848] Invalid ELF header magic: != ELF [ 559.136181][T13856] zswap: compressor not available [ 560.838321][T13872] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1808'. [ 561.474195][T13887] zswap: compressor not available [ 561.659833][T13900] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1804'. [ 561.688156][T13900] bridge_slave_1: left allmulticast mode [ 561.823106][T13900] bridge_slave_1: left promiscuous mode [ 561.862211][T13900] bridge0: port 2(bridge_slave_1) entered disabled state [ 561.888119][T13900] bridge_slave_0: left allmulticast mode [ 561.895050][T13900] bridge_slave_0: left promiscuous mode [ 561.911904][T13900] bridge0: port 1(bridge_slave_0) entered disabled state [ 562.254171][T13889] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1801'. [ 563.300971][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.308431][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 564.396480][T13922] zswap: compressor not available [ 566.214978][T13942] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1812'. [ 566.359023][T13960] Invalid ELF header magic: != ELF [ 566.444406][T13951] FAULT_INJECTION: forcing a failure. [ 566.444406][T13951] name failslab, interval 1, probability 0, space 0, times 0 [ 566.502390][T13951] CPU: 1 UID: 0 PID: 13951 Comm: syz.3.1814 Tainted: G L syzkaller #0 PREEMPT(full) [ 566.502430][T13951] Tainted: [L]=SOFTLOCKUP [ 566.502436][T13951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 566.502447][T13951] Call Trace: [ 566.502453][T13951] [ 566.502461][T13951] dump_stack_lvl+0x100/0x190 [ 566.502495][T13951] should_fail_ex.cold+0x5/0xa [ 566.502518][T13951] should_failslab+0xc2/0x120 [ 566.502539][T13951] __kmalloc_cache_noprof+0x7a/0x6f0 [ 566.502566][T13951] ? newseg+0x269/0xed0 [ 566.502590][T13951] ? __lock_acquire+0x4a5/0x2630 [ 566.502616][T13951] newseg+0x269/0xed0 [ 566.502645][T13951] ? __pfx_newseg+0x10/0x10 [ 566.502670][T13951] ? find_held_lock+0x2b/0x80 [ 566.502688][T13951] ? ipcget+0x8aa/0xf50 [ 566.502717][T13951] ipcget+0x909/0xf50 [ 566.502742][T13951] ? do_futex+0x192/0x350 [ 566.502772][T13951] ? __pfx_ipcget+0x10/0x10 [ 566.502799][T13951] ? __x64_sys_futex+0x34f/0x4d0 [ 566.502823][T13951] ? __x64_sys_futex+0x358/0x4d0 [ 566.502851][T13951] __x64_sys_shmget+0x13b/0x1b0 [ 566.502877][T13951] ? __pfx___x64_sys_shmget+0x10/0x10 [ 566.502910][T13951] do_syscall_64+0x106/0xf80 [ 566.502929][T13951] ? clear_bhb_loop+0x40/0x90 [ 566.502951][T13951] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.502970][T13951] RIP: 0033:0x7f95f739c819 [ 566.502986][T13951] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 566.503003][T13951] RSP: 002b:00007f95f8195028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 566.503021][T13951] RAX: ffffffffffffffda RBX: 00007f95f7616090 RCX: 00007f95f739c819 [ 566.503032][T13951] RDX: 00000000568d1aef RSI: 0000000000010564 RDI: 0000000000000008 [ 566.503042][T13951] RBP: 00007f95f7432c91 R08: 0000000000000000 R09: 0000000000000000 [ 566.503053][T13951] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 566.503063][T13951] R13: 00007f95f7616128 R14: 00007f95f7616090 R15: 00007ffe56466cb8 [ 566.503085][T13951] [ 571.704941][T14055] sctp: [Deprecated]: syz.1.1832 (pid 14055) Use of int in maxseg socket option. [ 571.704941][T14055] Use struct sctp_assoc_value instead [ 573.076733][T14086] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1835'. [ 573.119839][T14086] bridge_slave_1: left allmulticast mode [ 573.130015][T14086] bridge_slave_1: left promiscuous mode [ 573.135855][T14086] bridge0: port 2(bridge_slave_1) entered disabled state [ 573.168715][T14086] bridge_slave_0: left allmulticast mode [ 573.177286][T14086] bridge_slave_0: left promiscuous mode [ 573.194527][T14086] bridge0: port 1(bridge_slave_0) entered disabled state [ 574.850863][T14109] FAULT_INJECTION: forcing a failure. [ 574.850863][T14109] name failslab, interval 1, probability 0, space 0, times 0 [ 574.907201][T14109] CPU: 0 UID: 0 PID: 14109 Comm: syz.3.1841 Tainted: G L syzkaller #0 PREEMPT(full) [ 574.907248][T14109] Tainted: [L]=SOFTLOCKUP [ 574.907258][T14109] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 574.907278][T14109] Call Trace: [ 574.907288][T14109] [ 574.907299][T14109] dump_stack_lvl+0x100/0x190 [ 574.907357][T14109] should_fail_ex.cold+0x5/0xa [ 574.907390][T14109] should_failslab+0xc2/0x120 [ 574.907421][T14109] __kmalloc_cache_noprof+0x7a/0x6f0 [ 574.907457][T14109] ? newseg+0x269/0xed0 [ 574.907493][T14109] ? __lock_acquire+0x4a5/0x2630 [ 574.907532][T14109] newseg+0x269/0xed0 [ 574.907573][T14109] ? __pfx_newseg+0x10/0x10 [ 574.907607][T14109] ? find_held_lock+0x2b/0x80 [ 574.907634][T14109] ? ipcget+0x8aa/0xf50 [ 574.907675][T14109] ipcget+0x909/0xf50 [ 574.907709][T14109] ? do_futex+0x192/0x350 [ 574.907752][T14109] ? __pfx_ipcget+0x10/0x10 [ 574.907789][T14109] ? __x64_sys_futex+0x34f/0x4d0 [ 574.907820][T14109] ? __x64_sys_futex+0x358/0x4d0 [ 574.907860][T14109] __x64_sys_shmget+0x13b/0x1b0 [ 574.907897][T14109] ? __pfx___x64_sys_shmget+0x10/0x10 [ 574.907944][T14109] do_syscall_64+0x106/0xf80 [ 574.907991][T14109] ? clear_bhb_loop+0x40/0x90 [ 574.908026][T14109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 574.908053][T14109] RIP: 0033:0x7f95f739c819 [ 574.908076][T14109] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 574.908101][T14109] RSP: 002b:00007f95f8195028 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 574.908126][T14109] RAX: ffffffffffffffda RBX: 00007f95f7616090 RCX: 00007f95f739c819 [ 574.908142][T14109] RDX: 00000000568d1aef RSI: 0000000000010564 RDI: 0000000000000008 [ 574.908157][T14109] RBP: 00007f95f7432c91 R08: 0000000000000000 R09: 0000000000000000 [ 574.908173][T14109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 574.908188][T14109] R13: 00007f95f7616128 R14: 00007f95f7616090 R15: 00007ffe56466cb8 [ 574.908228][T14109] [ 575.545781][T14129] input: f¬ as /devices/virtual/input/input14 [ 576.912691][T14165] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input15 [ 577.115539][T14165] input: failed to attach handler evdev to device input15, error: -4 [ 581.749149][T14240] FAULT_INJECTION: forcing a failure. [ 581.749149][T14240] name failslab, interval 1, probability 0, space 0, times 0 [ 581.778707][T14240] CPU: 0 UID: 0 PID: 14240 Comm: syz.2.1870 Tainted: G L syzkaller #0 PREEMPT(full) [ 581.778759][T14240] Tainted: [L]=SOFTLOCKUP [ 581.778769][T14240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 581.778786][T14240] Call Trace: [ 581.778796][T14240] [ 581.778807][T14240] dump_stack_lvl+0x100/0x190 [ 581.778857][T14240] should_fail_ex.cold+0x5/0xa [ 581.778891][T14240] ? tomoyo_realpath_from_path+0xb6/0x690 [ 581.778934][T14240] should_failslab+0xc2/0x120 [ 581.778971][T14240] __kmalloc_noprof+0xe0/0x850 [ 581.779028][T14240] tomoyo_realpath_from_path+0xb6/0x690 [ 581.779095][T14240] tomoyo_check_open_permission+0x2af/0x3c0 [ 581.779138][T14240] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 581.779222][T14240] ? do_raw_spin_lock+0x128/0x260 [ 581.779275][T14240] ? path_get+0x61/0x80 [ 581.779316][T14240] tomoyo_file_open+0x6b/0x90 [ 581.779355][T14240] security_file_open+0xb5/0x1e0 [ 581.779399][T14240] do_dentry_open+0x5aa/0x1660 [ 581.779436][T14240] ? security_inode_permission+0xbf/0x250 [ 581.779482][T14240] vfs_open+0x82/0x3f0 [ 581.779530][T14240] path_openat+0x208c/0x31a0 [ 581.779579][T14240] ? __pfx_path_openat+0x10/0x10 [ 581.779631][T14240] do_file_open+0x20e/0x430 [ 581.779670][T14240] ? __pfx_do_file_open+0x10/0x10 [ 581.779736][T14240] ? alloc_fd+0x476/0x790 [ 581.779774][T14240] ? do_getname+0x191/0x390 [ 581.779820][T14240] do_sys_openat2+0x10d/0x1e0 [ 581.779863][T14240] ? __pfx_do_sys_openat2+0x10/0x10 [ 581.779921][T14240] __x64_sys_openat+0x12d/0x210 [ 581.779967][T14240] ? __pfx___x64_sys_openat+0x10/0x10 [ 581.780009][T14240] ? ksys_read+0x1ac/0x250 [ 581.780054][T14240] do_syscall_64+0x106/0xf80 [ 581.780094][T14240] ? clear_bhb_loop+0x40/0x90 [ 581.780126][T14240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.780145][T14240] RIP: 0033:0x7f109299c819 [ 581.780162][T14240] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 581.780180][T14240] RSP: 002b:00007f109386f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 581.780198][T14240] RAX: ffffffffffffffda RBX: 00007f1092c15fa0 RCX: 00007f109299c819 [ 581.780209][T14240] RDX: 0000000000000000 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 581.780220][T14240] RBP: 00007f1092a32c91 R08: 0000000000000000 R09: 0000000000000000 [ 581.780231][T14240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 581.780241][T14240] R13: 00007f1092c16038 R14: 00007f1092c15fa0 R15: 00007ffc6323e248 [ 581.780264][T14240] [ 581.782434][T14240] ERROR: Out of memory at tomoyo_realpath_from_path. [ 585.118079][T14288] QAT: Stopping all acceleration devices. [ 585.823849][T14288] QAT: Invalid ioctl 35077 [ 588.336898][ T5833] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 589.060840][T14365] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 590.091526][T14374] sctp: [Deprecated]: syz.2.1896 (pid 14374) Use of int in maxseg socket option. [ 590.091526][T14374] Use struct sctp_assoc_value instead [ 591.331542][T14392] Invalid ELF header magic: != ELF [ 595.176332][T14454] zswap: compressor not available [ 597.800434][T14510] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1927'. [ 600.401823][T14562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1936'. [ 600.441047][T14562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1936'. [ 603.587056][T14619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1949'. [ 603.631838][T14619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1949'. [ 603.885904][T14623] ======================================================= [ 603.885904][T14623] WARNING: The mand mount option has been deprecated and [ 603.885904][T14623] and is ignored by this kernel. Remove the mand [ 603.885904][T14623] option from the mount to silence this warning. [ 603.885904][T14623] ======================================================= [ 605.584252][T14664] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1959'. [ 605.667990][T14665] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1959'. [ 606.199832][T14670] Process accounting resumed [ 608.414202][T14737] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1970'. [ 608.424098][T14737] netlink: 354 bytes leftover after parsing attributes in process `syz.2.1970'. [ 609.242255][T14756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1975'. [ 609.254020][T14756] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1975'. [ 617.258657][T14884] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2002'. [ 617.561222][T14887] Invalid ELF header magic: != ELF [ 617.851006][T14898] netlink: 'syz.2.2007': attribute type 1 has an invalid length. [ 617.887296][T14898] netlink: 33 bytes leftover after parsing attributes in process `syz.2.2007'. [ 620.121413][T14929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2012'. [ 620.138286][T14929] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2012'. [ 620.231265][T14919] Process accounting resumed [ 620.903332][ T5833] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 621.017896][T14951] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 621.038570][T14951] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 621.049560][T14951] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 622.212451][T14960] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 622.284063][T14968] Process accounting resumed [ 622.320764][T14970] netlink: 'syz.3.2022': attribute type 1 has an invalid length. [ 622.337510][T14970] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2022'. [ 622.695198][T14977] Process accounting resumed [ 623.061408][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 623.061447][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 623.068514][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 624.749638][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 624.756247][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 624.796640][T15015] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2034'. [ 624.807684][T15015] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2034'. [ 624.998370][T15019] vhci_hcd vhci_hcd.2: invalid port number 135 [ 625.012530][T15019] vhci_hcd vhci_hcd.2: invalid port number 135 [ 626.410005][T15036] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 627.578861][T15062] capability: warning: `syz.0.2045' uses 32-bit capabilities (legacy support in use) [ 628.540922][T15065] Unable to find swap-space signature [ 628.977471][ T51] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 629.258432][ T51] Bluetooth: hci1: unexpected event 0x3e length: 508 > 260 [ 629.258476][ T51] Bluetooth: hci1: unexpected subevent 0x02 length: 507 > 260 [ 629.275837][ T51] Bluetooth: hci1: Dropping invalid advertising data [ 629.283913][ T51] Bluetooth: hci1: unknown advertising packet type: 0xe9 [ 629.285759][ T51] Bluetooth: hci1: unknown advertising packet type: 0x07 [ 629.293253][ T51] Bluetooth: hci1: Dropping invalid advertising data [ 629.307744][ T51] Bluetooth: hci1: Malformed LE Event: 0x02 [ 630.703430][T15114] Process accounting resumed [ 634.285953][T15174] Process accounting resumed [ 635.206962][T15185] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 636.781818][T15219] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 636.790179][T15219] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 636.821149][T15219] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 637.631479][T15231] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2088'. [ 637.641415][T15231] netlink: 354 bytes leftover after parsing attributes in process `syz.0.2088'. [ 638.646047][T15254] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input16 [ 638.826947][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 638.833619][T14984] Bluetooth: hci1: command 0x0406 tx timeout [ 638.897271][ T51] Bluetooth: hci2: command 0x0406 tx timeout [ 639.032302][T15258] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input17 [ 641.030136][T15296] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2092'. [ 641.069555][T15296] netlink: 2 bytes leftover after parsing attributes in process `syz.1.2092'. [ 641.420617][T15279] Process accounting resumed [ 641.609980][T15299] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 643.490294][T15326] netlink: 17 bytes leftover after parsing attributes in process `syz.2.2099'. [ 645.846436][T15374] Process accounting resumed [ 647.076155][T15414] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2113'. [ 647.089931][T15414] netlink: 3 bytes leftover after parsing attributes in process `syz.0.2113'. [ 649.750822][T15447] can: request_module (can-proto-4) failed. [ 650.328680][T15448] Process accounting paused [ 654.630081][T15541] can: request_module (can-proto-4) failed. [ 657.219287][T15592] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2148'. [ 658.592880][ T51] Bluetooth: hci2: unexpected event 0x3e length: 508 > 260 [ 658.592911][ T51] Bluetooth: hci2: unexpected subevent 0x02 length: 507 > 260 [ 658.608471][ T51] Bluetooth: hci2: Dropping invalid advertising data [ 658.616362][ T51] Bluetooth: hci2: unknown advertising packet type: 0xe9 [ 658.616387][ T51] Bluetooth: hci2: unknown advertising packet type: 0x07 [ 658.623730][ T51] Bluetooth: hci2: Dropping invalid advertising data [ 658.638002][ T51] Bluetooth: hci2: Malformed LE Event: 0x02 [ 661.416291][T15643] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2157'. [ 663.034704][T15671] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2164'. [ 666.959273][T15718] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2174'. [ 669.453532][T15754] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2182'. [ 670.483531][T15775] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2186'. [ 675.088238][T15842] Process accounting resumed [ 676.323312][T15850] Process accounting paused [ 678.633185][T15891] Process accounting resumed [ 680.780558][T15908] Process accounting resumed [ 686.197980][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.204414][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 687.688319][T16039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2244'. [ 687.980025][T16043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2245'. [ 688.521665][T16051] ovs_: entered promiscuous mode [ 690.428507][T16081] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2256'. [ 690.816085][T16091] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2258'. [ 693.644692][T16129] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2266'. [ 694.421418][T16147] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2269'. [ 694.694289][T16147] netlink: 334 bytes leftover after parsing attributes in process `syz.0.2269'. [ 696.934417][T16185] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2276'. [ 697.535365][T16204] FAULT_INJECTION: forcing a failure. [ 697.535365][T16204] name failslab, interval 1, probability 0, space 0, times 0 [ 697.658608][T16204] CPU: 1 UID: 0 PID: 16204 Comm: syz.3.2279 Tainted: G L syzkaller #0 PREEMPT(full) [ 697.658642][T16204] Tainted: [L]=SOFTLOCKUP [ 697.658649][T16204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 697.658661][T16204] Call Trace: [ 697.658667][T16204] [ 697.658675][T16204] dump_stack_lvl+0x100/0x190 [ 697.658708][T16204] should_fail_ex.cold+0x5/0xa [ 697.658731][T16204] should_failslab+0xc2/0x120 [ 697.658753][T16204] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 697.658782][T16204] ? alloc_vfsmnt+0x23/0x6a0 [ 697.658807][T16204] ? find_held_lock+0x2b/0x80 [ 697.658826][T16204] ? clone_mnt+0x19a/0x930 [ 697.658855][T16204] alloc_vfsmnt+0x23/0x6a0 [ 697.658881][T16204] clone_mnt+0x4b/0x930 [ 697.658907][T16204] ? is_subdir+0x1a8/0x3e0 [ 697.658933][T16204] copy_tree+0x329/0xbf0 [ 697.658959][T16204] copy_mnt_ns+0x2bd/0xc30 [ 697.658981][T16204] ? create_new_namespaces+0x30/0xac0 [ 697.659001][T16204] ? rcu_is_watching+0x12/0xc0 [ 697.659032][T16204] create_new_namespaces+0xd3/0xac0 [ 697.659059][T16204] ? bpf_lsm_capable+0x9/0x10 [ 697.659079][T16204] ? security_capable+0x80/0x260 [ 697.659100][T16204] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 697.659124][T16204] ksys_unshare+0x473/0xad0 [ 697.659150][T16204] ? __pfx_ksys_unshare+0x10/0x10 [ 697.659184][T16204] __x64_sys_unshare+0x31/0x40 [ 697.659208][T16204] do_syscall_64+0x106/0xf80 [ 697.659228][T16204] ? clear_bhb_loop+0x40/0x90 [ 697.659250][T16204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.659269][T16204] RIP: 0033:0x7f95f739c819 [ 697.659284][T16204] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 697.659302][T16204] RSP: 002b:00007f95f51f4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 697.659320][T16204] RAX: ffffffffffffffda RBX: 00007f95f7616270 RCX: 00007f95f739c819 [ 697.659331][T16204] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000020000 [ 697.659341][T16204] RBP: 00007f95f7432c91 R08: 0000000000000000 R09: 0000000000000000 [ 697.659352][T16204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 697.659362][T16204] R13: 00007f95f7616308 R14: 00007f95f7616270 R15: 00007ffe56466cb8 [ 697.659385][T16204] [ 704.163278][T16299] futex_wake_op: syz.2.2299 tries to shift op by -2048; fix this program [ 704.875097][T16308] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2300'. [ 705.879459][T16324] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2302'. [ 706.450947][T16324] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2302'. [ 706.633288][T16334] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2304'. [ 706.790593][T16336] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2305'. [ 706.955807][T16329] Process accounting resumed [ 707.805777][T16355] futex_wake_op: syz.1.2309 tries to shift op by -2048; fix this program [ 710.728569][T16414] futex_wake_op: syz.3.2319 tries to shift op by -2048; fix this program [ 710.905867][T16418] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2318'. [ 711.893710][T16438] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2324'. [ 716.167577][T16518] Process accounting resumed [ 716.744818][ T51] Bluetooth: hci0: unexpected event 0x3e length: 508 > 260 [ 716.744860][ T51] Bluetooth: hci0: unexpected subevent 0x02 length: 507 > 260 [ 716.760365][ T51] Bluetooth: hci0: Dropping invalid advertising data [ 716.768798][ T51] Bluetooth: hci0: unknown advertising packet type: 0xe9 [ 716.768831][ T51] Bluetooth: hci0: unknown advertising packet type: 0x07 [ 716.776265][ T51] Bluetooth: hci0: Dropping invalid advertising data [ 716.791060][ T51] Bluetooth: hci0: Malformed LE Event: 0x02 [ 717.301937][T16561] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2344'. [ 717.637503][T16565] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2354'. [ 719.003208][T16595] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2352'. [ 719.056245][T16595] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2352'. [ 720.779302][T16636] futex_wake_op: syz.0.2361 tries to shift op by -2048; fix this program [ 720.797146][T16636] futex_wake_op: syz.0.2361 tries to shift op by -2048; fix this program [ 720.820328][T16636] 0x000000000001-0x000000020000 : "" [ 720.913084][T16636] ftl_cs: FTL header corrupt! [ 723.646072][T16686] futex_wake_op: syz.3.2372 tries to shift op by -2048; fix this program [ 723.667190][T16686] futex_wake_op: syz.3.2372 tries to shift op by -2048; fix this program [ 723.686328][T16686] 0x000000000001-0x000000020000 : "" [ 723.719920][T16686] ftl_cs: FTL header corrupt! [ 730.122802][T16840] Process accounting resumed [ 732.862025][T16892] futex_wake_op: syz.3.2419 tries to shift op by -2048; fix this program [ 733.449326][T16911] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2424'. [ 735.000392][T16939] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2429'. [ 735.682316][T16950] Process accounting resumed [ 737.466205][T16981] FAULT_INJECTION: forcing a failure. [ 737.466205][T16981] name failslab, interval 1, probability 0, space 0, times 0 [ 737.543712][T16981] CPU: 1 UID: 0 PID: 16981 Comm: syz.3.2439 Tainted: G L syzkaller #0 PREEMPT(full) [ 737.543772][T16981] Tainted: [L]=SOFTLOCKUP [ 737.543782][T16981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 737.543799][T16981] Call Trace: [ 737.543809][T16981] [ 737.543821][T16981] dump_stack_lvl+0x100/0x190 [ 737.543870][T16981] should_fail_ex.cold+0x5/0xa [ 737.543905][T16981] ? tomoyo_realpath_from_path+0xb6/0x690 [ 737.543949][T16981] should_failslab+0xc2/0x120 [ 737.543979][T16981] __kmalloc_noprof+0xe0/0x850 [ 737.544033][T16981] tomoyo_realpath_from_path+0xb6/0x690 [ 737.544087][T16981] tomoyo_check_open_permission+0x2af/0x3c0 [ 737.544125][T16981] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 737.544198][T16981] ? __fget_files+0x215/0x3d0 [ 737.544245][T16981] tomoyo_file_fcntl+0x9e/0xc0 [ 737.544276][T16981] security_file_fcntl+0x9b/0x230 [ 737.544320][T16981] __x64_sys_fcntl+0x108/0x200 [ 737.544367][T16981] do_syscall_64+0x106/0xf80 [ 737.544397][T16981] ? clear_bhb_loop+0x40/0x90 [ 737.544432][T16981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 737.544463][T16981] RIP: 0033:0x7f95f739c819 [ 737.544489][T16981] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 737.544519][T16981] RSP: 002b:00007f95f81b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000048 [ 737.544549][T16981] RAX: ffffffffffffffda RBX: 00007f95f7615fa0 RCX: 00007f95f739c819 [ 737.544580][T16981] RDX: 000000000000a553 RSI: 0000000000000004 RDI: 0000000000000003 [ 737.544597][T16981] RBP: 00007f95f7432c91 R08: 0000000000000000 R09: 0000000000000000 [ 737.544615][T16981] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 737.544633][T16981] R13: 00007f95f7616038 R14: 00007f95f7615fa0 R15: 00007ffe56466cb8 [ 737.544676][T16981] [ 737.544687][T16981] ERROR: Out of memory at tomoyo_realpath_from_path. [ 740.510560][T17052] netlink: 25 bytes leftover after parsing attributes in process `syz.3.2453'. [ 741.050061][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 741.381052][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 741.759723][T17075] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2458'. [ 746.363243][T17150] Process accounting paused [ 747.623544][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.630488][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 751.659401][T17273] Process accounting resumed [ 755.982414][T17372] Process accounting resumed [ 761.991545][T17517] FAULT_INJECTION: forcing a failure. [ 761.991545][T17517] name failslab, interval 1, probability 0, space 0, times 0 [ 762.025950][T17517] CPU: 1 UID: 0 PID: 17517 Comm: syz.3.2539 Tainted: G L syzkaller #0 PREEMPT(full) [ 762.026005][T17517] Tainted: [L]=SOFTLOCKUP [ 762.026016][T17517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 762.026033][T17517] Call Trace: [ 762.026044][T17517] [ 762.026057][T17517] dump_stack_lvl+0x100/0x190 [ 762.026110][T17517] should_fail_ex.cold+0x5/0xa [ 762.026148][T17517] should_failslab+0xc2/0x120 [ 762.026179][T17517] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 762.026223][T17517] ? __pmd_alloc+0xbf/0x950 [ 762.026265][T17517] __pmd_alloc+0xbf/0x950 [ 762.026302][T17517] ? mt_find+0x687/0x8e0 [ 762.026339][T17517] huge_pte_alloc+0x5ee/0x730 [ 762.026387][T17517] hugetlb_fault+0x363/0x1450 [ 762.026435][T17517] ? __pfx_hugetlb_fault+0x10/0x10 [ 762.026494][T17517] ? find_vma+0xbf/0x140 [ 762.026527][T17517] ? __pfx_find_vma+0x10/0x10 [ 762.026566][T17517] handle_mm_fault+0x5f1/0xa20 [ 762.026618][T17517] do_user_addr_fault+0x74c/0x12f0 [ 762.026663][T17517] exc_page_fault+0x6f/0xd0 [ 762.026697][T17517] asm_exc_page_fault+0x26/0x30 [ 762.026727][T17517] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 762.026771][T17517] Code: c4 10 c3 cc cc cc cc 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 fd 93 04 00 66 66 [ 762.026798][T17517] RSP: 0018:ffffc9001043fd30 EFLAGS: 00050202 [ 762.026824][T17517] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000004 [ 762.026842][T17517] RDX: 0000000000000001 RSI: 0000000000000000 RDI: ffffc9001043fda0 [ 762.026861][T17517] RBP: 0000000000000004 R08: 0000000000000001 R09: fffff52002087fb4 [ 762.026887][T17517] R10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000 [ 762.026904][T17517] R13: ffffc9001043fda0 R14: 0000000000000000 R15: 0000000000000000 [ 762.026944][T17517] _copy_from_user+0x98/0xd0 [ 762.026986][T17517] do_sock_getsockopt+0x30b/0x3d0 [ 762.027029][T17517] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 762.027091][T17517] __sys_getsockopt+0x133/0x1d0 [ 762.027154][T17517] ? __x64_sys_getsockopt+0xbd/0x160 [ 762.027203][T17517] __x64_sys_getsockopt+0xbd/0x160 [ 762.027250][T17517] ? do_syscall_64+0x95/0xf80 [ 762.027281][T17517] ? lockdep_hardirqs_on+0x78/0x100 [ 762.027313][T17517] do_syscall_64+0x106/0xf80 [ 762.027344][T17517] ? clear_bhb_loop+0x40/0x90 [ 762.027383][T17517] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 762.027416][T17517] RIP: 0033:0x7f95f739c819 [ 762.027443][T17517] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 762.027471][T17517] RSP: 002b:00007f95f81b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 762.027499][T17517] RAX: ffffffffffffffda RBX: 00007f95f7615fa0 RCX: 00007f95f739c819 [ 762.027519][T17517] RDX: 000000000000006d RSI: 0000000000000084 RDI: 0000000000000004 [ 762.027536][T17517] RBP: 00007f95f7432c91 R08: 0000000000000000 R09: 0000000000000000 [ 762.027555][T17517] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 762.027572][T17517] R13: 00007f95f7616038 R14: 00007f95f7615fa0 R15: 00007ffe56466cb8 [ 762.027616][T17517] [ 762.791598][T17532] futex_wake_op: syz.0.2542 tries to shift op by -2048; fix this program [ 764.338896][T17565] FAULT_INJECTION: forcing a failure. [ 764.338896][T17565] name failslab, interval 1, probability 0, space 0, times 0 [ 764.401736][T17565] CPU: 0 UID: 0 PID: 17565 Comm: syz.3.2547 Tainted: G L syzkaller #0 PREEMPT(full) [ 764.401786][T17565] Tainted: [L]=SOFTLOCKUP [ 764.401797][T17565] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 764.401814][T17565] Call Trace: [ 764.401824][T17565] [ 764.401836][T17565] dump_stack_lvl+0x100/0x190 [ 764.401873][T17565] should_fail_ex.cold+0x5/0xa [ 764.401896][T17565] should_failslab+0xc2/0x120 [ 764.401917][T17565] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 764.401948][T17565] ? shmem_alloc_inode+0x25/0x50 [ 764.401972][T17565] ? __pfx_shmem_alloc_inode+0x10/0x10 [ 764.401995][T17565] shmem_alloc_inode+0x25/0x50 [ 764.402016][T17565] alloc_inode+0x68/0x250 [ 764.402043][T17565] new_inode+0x22/0x1c0 [ 764.402070][T17565] shmem_get_inode+0x212/0x1040 [ 764.402098][T17565] ? __pfx_shmem_get_inode+0x10/0x10 [ 764.402122][T17565] ? d_add+0x443/0x850 [ 764.402147][T17565] ? do_raw_spin_unlock+0x145/0x1e0 [ 764.402180][T17565] shmem_mknod+0x20c/0x470 [ 764.402207][T17565] ? __pfx_shmem_mknod+0x10/0x10 [ 764.402230][T17565] ? bpf_lsm_inode_create+0x9/0x10 [ 764.402261][T17565] ? __pfx_shmem_create+0x10/0x10 [ 764.402287][T17565] lookup_open.isra.0+0xc47/0x11b0 [ 764.402321][T17565] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 764.402354][T17565] ? __pfx___might_resched+0x10/0x10 [ 764.402381][T17565] ? mnt_get_write_access+0x52/0x2f0 [ 764.402412][T17565] ? __pfx_down_write+0x10/0x10 [ 764.402432][T17565] ? mnt_get_write_access+0x1e9/0x2f0 [ 764.402462][T17565] path_openat+0x2291/0x31a0 [ 764.402486][T17565] ? entry_SYSCALL_64_after_hwframe+0x48/0x7f [ 764.402508][T17565] ? __pfx_path_openat+0x10/0x10 [ 764.402536][T17565] do_file_open+0x20e/0x430 [ 764.402558][T17565] ? __pfx_do_file_open+0x10/0x10 [ 764.402594][T17565] ? _raw_spin_unlock+0x28/0x50 [ 764.402630][T17565] ? alloc_fd+0x476/0x790 [ 764.402655][T17565] do_sys_openat2+0x10d/0x1e0 [ 764.402682][T17565] ? __pfx_do_sys_openat2+0x10/0x10 [ 764.402734][T17565] __x64_sys_open+0xfe/0x1d0 [ 764.402771][T17565] ? __pfx___x64_sys_open+0x10/0x10 [ 764.402812][T17565] do_syscall_64+0x106/0xf80 [ 764.402831][T17565] ? clear_bhb_loop+0x40/0x90 [ 764.402853][T17565] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 764.402875][T17565] RIP: 0033:0x7f95f739c819 [ 764.402891][T17565] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 764.402908][T17565] RSP: 002b:00007f95f81b6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000002 [ 764.402927][T17565] RAX: ffffffffffffffda RBX: 00007f95f7615fa0 RCX: 00007f95f739c819 [ 764.402938][T17565] RDX: 0000000000000154 RSI: 0000000000022240 RDI: 0000200000000800 [ 764.402949][T17565] RBP: 00007f95f7432c91 R08: 0000000000000000 R09: 0000000000000000 [ 764.402960][T17565] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 764.402970][T17565] R13: 00007f95f7616038 R14: 00007f95f7615fa0 R15: 00007ffe56466cb8 [ 764.402993][T17565] [ 765.619057][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 770.748401][T17718] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 776.952859][T17818] Process accounting resumed [ 778.578377][T17857] syz.2.2596(17857): Attempt to set a LOCK_MAND lock via flock(2). This support has been removed and the request ignored. [ 778.918724][T17859] NFSD: Failed to start, no listeners configured. [ 782.160013][ T51] Bluetooth: hci2: ACL packet for unknown connection handle 0 [ 784.036534][T17977] futex_wake_op: syz.2.2622 tries to shift op by -2048; fix this program [ 784.195604][ T51] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 784.538428][ T51] Bluetooth: hci0: unexpected event 0x3e length: 726 > 260 [ 784.548433][ T51] Bluetooth: hci0: unexpected subevent 0x0d length: 725 > 260 [ 784.564442][ T51] Bluetooth: hci0: Unknown advertising packet type: 0x7f [ 784.564479][ T51] Bluetooth: hci0: adv larger than maximum supported [ 784.571605][ T51] Bluetooth: hci0: adv larger than maximum supported [ 784.578605][ T51] Bluetooth: hci0: Malformed LE Event: 0x0d [ 784.830273][T17996] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2626'. [ 784.847417][T17993] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2626'. [ 785.153716][T18002] Unable to find swap-space signature [ 785.231200][T18007] netlink: 326 bytes leftover after parsing attributes in process `syz.2.2628'. [ 787.093728][T18046] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2636'. [ 788.504990][T18091] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2646'. [ 788.868461][ T51] Bluetooth: hci0: ACL packet for unknown connection handle 0 [ 792.075279][T18179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2661'. [ 792.278847][T18174] netlink: 334 bytes leftover after parsing attributes in process `syz.3.2661'. [ 793.878293][T18216] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2667'. [ 793.953978][T18214] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2667'. [ 796.636320][T18274] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2677'. [ 796.661925][T18268] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2677'. [ 798.342250][T18312] futex_wake_op: syz.2.2685 tries to shift op by -2048; fix this program [ 799.023848][T18320] netlink: 326 bytes leftover after parsing attributes in process `syz.1.2686'. [ 799.703530][T18318] Bluetooth: hci1: ACL packet for unknown connection handle 0 [ 801.832555][T18321] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 803.681662][T18318] Bluetooth: hci1: unexpected event 0x1c length: 725 > 5 [ 803.758310][T18398] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2698'. [ 803.878631][T18318] Bluetooth: hci1: unexpected event 0x3e length: 726 > 260 [ 803.878676][T18318] Bluetooth: hci1: unexpected subevent 0x0d length: 725 > 260 [ 803.894448][T18318] Bluetooth: hci1: Unknown advertising packet type: 0x7f [ 803.894511][T18318] Bluetooth: hci1: adv larger than maximum supported [ 803.906944][T18318] Bluetooth: hci1: Unknown advertising packet type: 0x52 [ 803.913809][T18318] Bluetooth: hci1: Unknown advertising packet type: 0x72 [ 803.921989][T18318] Bluetooth: hci1: Malformed LE Event: 0x0d [ 806.312703][T18463] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2710'. [ 806.435078][T18457] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2710'. [ 807.141126][T18460] Process accounting paused [ 807.829390][T18489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2716'. [ 807.865426][T18489] netlink: 354 bytes leftover after parsing attributes in process `syz.1.2716'. [ 809.059349][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 809.065735][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 809.203121][T18520] futex_wake_op: syz.0.2722 tries to shift op by -2048; fix this program [ 821.084477][T18727] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2762'. [ 821.118631][T18725] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2762'. [ 822.015941][ T30] audit: type=1800 audit(2147483882.630:12): pid=18745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2761" name="SYSV00000008" dev="hugetlbfs" ino=0 res=0 errno=0 [ 823.554891][T18775] futex_wake_op: syz.3.2770 tries to shift op by -2048; fix this program [ 823.962622][T18788] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2772'. [ 824.085645][T18784] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2772'. [ 826.273425][T18326] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 826.974070][T18828] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2781'. [ 829.240960][T18888] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2791'. [ 829.297417][T18879] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2791'. [ 829.322409][T18885] netlink: 93 bytes leftover after parsing attributes in process `syz.2.2791'. [ 831.391155][T18940] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2801'. [ 831.434173][T18943] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2801'. [ 832.136791][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 832.849670][T18985] futex_wake_op: syz.1.2808 tries to shift op by -2048; fix this program [ 833.922225][T19008] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2811'. [ 833.963985][T19003] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2811'. [ 834.004799][T19005] netlink: 93 bytes leftover after parsing attributes in process `syz.3.2811'. [ 834.496306][T19024] netlink: 25 bytes leftover after parsing attributes in process `syz.1.2814'. [ 837.480189][T19085] futex_wake_op: syz.2.2823 tries to shift op by -2048; fix this program [ 838.184164][T19087] Process accounting resumed [ 839.558869][T19122] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2832'. [ 848.067544][T19297] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2867'. [ 854.524898][T19410] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2892'. [ 854.592143][T19416] netlink: 93 bytes leftover after parsing attributes in process `syz.0.2892'. [ 859.828092][T19516] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2916'. [ 859.862201][T19519] netlink: 93 bytes leftover after parsing attributes in process `syz.1.2916'. [ 861.424344][T19542] serio: Serial port pty6 [ 868.046003][T19654] serio: Serial port pty6 [ 869.369378][T19661] Process accounting paused [ 870.524419][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 870.531030][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 872.817081][T19730] netlink: 186 bytes leftover after parsing attributes in process `syz.3.2963'. [ 872.934106][ T30] audit: type=1800 audit(2147483933.550:13): pid=19721 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.2962" name="lu_gp_id" dev="configfs" ino=75658 res=0 errno=0 [ 872.935635][T19721] kstrtoul() returned -22 for lu_gp_id [ 873.052943][T19724] zswap: compressor not available [ 874.958900][T19774] dlm: non-version read from control device 255 [ 875.089266][T19790] netlink: 1 bytes leftover after parsing attributes in process `syz.3.2975'. [ 878.367060][T19835] futex_wake_op: syz.0.2985 tries to shift op by -2048; fix this program [ 881.805439][T19925] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3002'. [ 885.494027][T20010] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3019'. [ 892.421829][T20142] futex_wake_op: syz.3.3048 tries to shift op by -2048; fix this program [ 895.146063][T20192] NFSD: Failed to start, no listeners configured. [ 898.219076][T20254] NFSD: Failed to start, no listeners configured. [ 899.813084][T20298] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3076'. [ 900.353583][T20289] Process accounting resumed [ 904.319433][T20393] serio: Serial port pty6 [ 909.173288][T20464] futex_wake_op: syz.2.3117 tries to shift op by -2048; fix this program [ 919.486861][ T0] NOHZ tick-stop error: local softirq work is pending, handler #82!!! [ 925.835857][T20736] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3169'. [ 927.991967][T20780] can: request_module (can-proto-0) failed. [ 930.437131][T20822] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3186'. [ 930.969484][T20824] Process accounting paused [ 931.079200][T20829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3189'. [ 931.093219][T20829] netlink: 13 bytes leftover after parsing attributes in process `syz.0.3189'. [ 931.356806][ T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!! [ 931.964531][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.971008][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 933.889620][T20878] block2mtd: illegal erase size [ 934.267085][T20883] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(3) [ 934.580939][T20888] block2mtd: illegal erase size [ 938.128223][T20943] block2mtd: illegal erase size [ 939.227084][ T996] unregister_netdevice: waiting for gretap0 to become free. Usage count = 3