last executing test programs: 2m36.676215686s ago: executing program 3 (id=1262): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop3\x00', 0x9eb00, 0x0) ioctl$auto_BLKTRACETEARDOWN(r0, 0x1276, 0x0) r1 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000040)='ns/pid\x00') openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x6000, 0x0) (async) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x6000, 0x0) ioctl$auto_PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f00000000c0)={0x9, 0x2}) (async) ioctl$auto_PPPIOCGNPMODE(r2, 0xc008744c, &(0x7f00000000c0)={0x9, 0x2}) openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0xc0, 0x0) (async) r3 = openat$auto_ptdump_fops_(0xffffffffffffff9c, &(0x7f0000000100), 0xc0, 0x0) setsockopt$auto_SO_ATTACH_REUSEPORT_EBPF(r3, 0x3, 0x34, &(0x7f0000000140)='/dev/ppp\x00', 0x3) (async) setsockopt$auto_SO_ATTACH_REUSEPORT_EBPF(r3, 0x3, 0x34, &(0x7f0000000140)='/dev/ppp\x00', 0x3) r4 = socketpair$auto(0x400, 0x7, 0x7, &(0x7f0000000180)=0x6) bpf$auto_BPF_MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)=@bpf_attr_3={0x6, 0x3, 0x84e, 0x8166, 0x2, 0x4fd8d355, 0x8, 0x3, 0xf4d, "309577c1fed6e7d02eb3ee24d517a221", 0x0, 0x8, r1, 0x5, 0x5, 0x10001, 0x6, 0xffffffffffffff00, 0x3, 0x6, @attach_btf_obj_fd=r4, 0x7, 0x58f, 0x2, 0x9, 0x6, r3, r0}, 0x401) (async) bpf$auto_BPF_MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)=@bpf_attr_3={0x6, 0x3, 0x84e, 0x8166, 0x2, 0x4fd8d355, 0x8, 0x3, 0xf4d, "309577c1fed6e7d02eb3ee24d517a221", 0x0, 0x8, r1, 0x5, 0x5, 0x10001, 0x6, 0xffffffffffffff00, 0x3, 0x6, @attach_btf_obj_fd=r4, 0x7, 0x58f, 0x2, 0x9, 0x6, r3, r0}, 0x401) read$auto_proc_reg_file_ops_compat_inode(r7, &(0x7f0000000280)=""/152, 0x98) r9 = openat$auto_btrfs_dir_file_operations_inode(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0x4001, 0x0) ioctl$auto_BTRFS_IOC_SEND_32(r9, 0x40449426, &(0x7f0000000380)={@inferred=r4, 0x4, 0x7, 0x9b, 0x7, 0x3, "01ae1119c9b5a56808c58bf53b3e238dd19d9eb08af2c83a4c889bf0"}) (async) ioctl$auto_BTRFS_IOC_SEND_32(r9, 0x40449426, &(0x7f0000000380)={@inferred=r4, 0x4, 0x7, 0x9b, 0x7, 0x3, "01ae1119c9b5a56808c58bf53b3e238dd19d9eb08af2c83a4c889bf0"}) getsockopt$auto_SO_BINDTOIFINDEX(r2, 0xb, 0x3e, &(0x7f0000000400)='\x16-[!][\x00', &(0x7f0000000440)=0x8) pidfd_send_signal$auto_SIGCONT(r9, 0x12, &(0x7f0000000480)={@_si_pad}, 0x10) ioctl$auto_BLKTRACESETUP32(r6, 0xc0401273, &(0x7f0000000500)={"8b20ab61226b139e5f2f220ff83b65355db254609588ee1d70170bcc972738ba", 0x4, 0x7f, 0x6, 0x7, 0x8, 0x0}) r12 = prctl$auto(0x3, 0x7, r11, 0x9, 0x2) read$auto_ppp_device_fops_ppp_generic(r5, &(0x7f0000000580)=""/79, 0x4f) (async) read$auto_ppp_device_fops_ppp_generic(r5, &(0x7f0000000580)=""/79, 0x4f) r13 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000640), r12) sendmsg$auto_NL80211_CMD_GET_POWER_SAVE(r10, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x100080}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x24, r13, 0x400, 0x70bd2a, 0x25dfdbff, {}, [@NL80211_ATTR_KEY_SEQ={0xe, 0xa, "d81f4cf8180c770a7b7a"}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x20000040) r14 = syz_genetlink_get_family_id$auto_ipvs(&(0x7f0000000780), r7) shmctl$auto_SHM_STAT(0x7ff, 0xd, &(0x7f0000000980)={{0xfff, 0xffffffffffffffff, 0xffffffffffffffff, 0xc21, 0x8, 0x7, 0xfff9}, 0x7fff, 0x8, 0x1d0, 0x2d, @inferred=r11, @raw=0x80000001, 0xb, 0x0, &(0x7f00000007c0)="85cc1fc6f5c071fafdc23bb811da432344847304b0d44245aaa9fbbe76cf134b3438de32f6adac0883a9a3c3b3c82c46ce2b4788d404344caa1aa31cfc6c2de53cc2a9c6ce90e8c2e174bef01e0354cc2c2a4cfa3750862c680ca27f0e6ceb8935f806403b9599e4e2a63965c5cfef8d5e8badc168e2495f58fd14f434219f7e051b73fcd9b118bc4805441266c877240a48a53fc114f53ecde0cfe4b52a99", &(0x7f0000000880)="dbac0ec5c3a4452fca5a03b57223e49654343bcdf8cbd721143060fc5cb59eb887fa404a40df4feae5337ceeb5ade4ba93a5246c7d1b86b6e3c4c7158921b7dddb29bd230a95a0d2822ea4514af73b3a186d94c616f08718a52671298dd172b294caafbf15df26e1947c1675013e1b5b0aae393f43f854e46f3451a80175eb947a26ec063f88beddf17c3b725982b29ad13474e2b742006dfade40616f0949966ba11eb2d1fbf7c88447c6ff8dc46224e73dee1dc405fab2784cf6061da7779e634115a3"}) shmctl$auto_SHM_LOCK(0x4, 0xb, &(0x7f0000000b80)={{0x3, 0x0, 0x0, 0x2, 0x2, 0x6, 0x9}, 0xfffffffa, 0x0, 0x2468, 0x7fff, @raw=0x9, @raw=0xc, 0x5, 0x0, &(0x7f0000000a00)="788f1bf766f736938d14b72772e8ae7e47f5164683472793e7bab15b2940fb748cd653a58779deb18bec198b8f630ebffc75a2de52c6894e5728b6e9ba52478c32c6c546e88984a6f19423457f3312803ace5d2021facea2b54ac20b681e70fc7cf99754fb801250dc66195d52102406cb57a6ef422f17777f606afa8944a9fbdba02613ed22319b3ea2be55c2dcd9eb5fb27f38570eec92128854dd7ded76a6e3a372f13fd95e4635d56722fe6e3172a557ad9f6ea675fb171bf7e55fd399dc3afbd14fad614255fa6399d84d9232e01110f6bc5926b84cf117c213923d7ece661a06ae90aa68a9fa98b549068ca2cea9062017a62b3a975e", &(0x7f0000000b00)="be576a0ed7012c98e45ba00891f773e73e51942cec5368994b12c805d5a7876da45ff58e5b6c22a74345b2754d718ca8e7c6d2e43dd9e7304adf81386b8cf089657930e188de9a2c5e404ec4b97319167f2c6a6b7eaa1538885bdd989342a50a3243e6bebf913d3f3e7f3cbd7e0b6a3341f2e66c7a6f529d5b0813c73a8dbbe7"}) sendmsg$auto_IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001440)={&(0x7f0000000c00)={0x814, r14, 0x8, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x371, 0x1, 0x0, 0x1, [@nested={0xc, 0xc6, 0x0, 0x1, [@generic, @typed={0x8, 0x110, 0x0, 0x0, @u32=0xacc}]}, @typed={0x8, 0x104, 0x0, 0x0, @fd=r3}, @typed={0xb, 0xa8, 0x0, 0x0, @str='\x16-[!][\x00'}, @nested={0x1fb, 0x4d, 0x0, 0x1, [@generic="596e4ded7f52ccb0560bd426bd8b648b21a7c1871f03954edf12ce7fc6ab6bdb9fb1772e0e332ea66b05517a8e799bc36e43093b962b91e6d54fb420df839ba85ea5ffe914ff82b4", @typed={0x8, 0x64, 0x0, 0x0, @ipv4=@multicast2}, @nested={0x4, 0x98}, @generic="45c335dbb50f9e19a9f2c8b45a7405a2975f83622e47480e544831220fa3cb1f9a2098f5c293e7ac5db4e0a45dd42796806d349bb16dd32bcdc31f59081aee92ce02e5f9c3aca333c1046ccb73996bd75a846b0cb80632ae0c27a9becb19cab0edb2932b30bff49fe8489948d5840bbf2896e6d711e148e64905c0fde62aed4333b2a8159235e07c734ab5c2891a57861ae2f53a092c9d5fa2263779c073764c497f2d59325b37bfbc4f6dd80f6b68678953b5b07f05b6a05d15dbfb7b97ed3fe9c0da8b083def8e82f44368f9317b75fbb569e8418242d108a83c73ca6ea40d9006a1af77a58e578f8466346574270183d6b61509312ee9d048d1", @typed={0xa0, 0x14a, 0x0, 0x0, @binary="12c46cca9d75dab0d867d78506f1b6b46a2292dbba91ad26d99e97f23083efdbad1deecfb4cf6917bf01e5791cfb32a1fb764ee9449699e4e000b6cc654ca829784ea53f04aa8406dc6967fb92e975651f278c2d84558ddb08c1785cb3efdb3151c903cdb19bd8b8ab401c24229ef934c35ce314f5077b6b5667dafa92ae4234e9800f66cfb75ea75a5177a2838c7e796e49f96d9746947b177d9d92"}, @nested={0x4, 0x14b}, @nested={0x4, 0xe0}]}, @typed={0x14, 0x126, 0x0, 0x0, @ipv6=@private1}, @typed={0x8, 0x8b, 0x0, 0x0, @fd=r6}, @generic="9ee1993ba2c1634a7e6d537c5eeaeb5e18508614f6c9270765ae8ed4c11580d6a2676c140555a65cad5d0800fe6b1edb66c0952c6b918a173579148c2707750bb3ad5dbb05e4b00c777efff1301534c28417593f8fcdfd716b5d2d0e16a916e4fcd005c250f5f7c36f800a26f0", @nested={0xc5, 0x6d, 0x0, 0x1, [@generic="2892cde001222d9dd648f9147ec81954e2dec9927d9f21fbbee2362440a61135efc03fa4d84560b519e432e0e02111c4b953dca202d6d40e95441c1560b7432fbfd8d14d3a29545c9b473922ad2f4e65390bdf00527101099f1b4476d366440c0996b3dd31dee34a63f52af457f2c7c6793c5a53043bed14cd9674e7d8355a6e551ab7d097d54366f6b97de31d7461631b7d99bbfbfba41ea7a80e369a45e89bc33ee1cac8a76918b74babbdd4b31994e0751af63b4a683686", @nested={0x4, 0x7b}, @nested={0x4, 0x113}]}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6112}, @IPVS_CMD_ATTR_DAEMON={0x37a, 0x3, 0x0, 0x1, [@generic="1cd672fbbce7961e5163a6d1d1550f9a7fccfa060234ab213dc9abc8bdee25c895951a75e63a545915b92e0342a648d9a7348f8dfc633610a4d4e58f05a3301492517eaebde3422e75c60458d7fea5bdbf7cb04c852d562e0b555b5337bca3b8a33a5a3d6d946306f648d944deaeb7a224e74511ad5849395cd2bac6e6e8c1cbcdb5f87b4d953fd733f6a8e14f5e1d4e0305e95c2aee513b07bccdf4a7b1bade3580c30fcb5e68e89c2a25b3c212210e77c6f37532ec2d16e2f9a9b0f8b03898", @generic="ebcd6753fe90b235d7bfd2fa7fde2e83b603b63c01e5806b27b92d4d6940edc92615587862ba9e0f3a7c9687fec952406a10ff9b6846794de3a48b5229905cc08d30d261f0580b5ad3be4b8ee91e3426f810b3b1be26b61234a5936a", @generic="34661a0789527deb26b4c8bc5a44a3fc56afa151cbdf714b32438f69adbde45be1ec", @nested={0x237, 0x57, 0x0, 0x1, [@generic="65d71669d7ed4db03fa0e1233267eea7bca2bc4db60fd5224ef27ad6657a2880c61cfe8482ce5ae07fbf1fdaa725e0d0e43ffb303f252b21638d3eb184596488e2c68c982e9f8e3b510c23b6e78627a47d031de91b3c0b0f62ffc110a997aa878fedcbc4df242c15ab175b02f701fc3b766b130e2c97e01b7b7c1b0489b04b223aa22d23a061a1ce980b9a49e9b5f1b0dec94124aeab5ba803c75fbdc57bbd683b7d0d843e0eed8ed2d10fb9c60a136bca65bf0cbe4d2d73", @typed={0x8, 0xf2, 0x0, 0x0, @ipv4=@multicast2}, @generic="17498b1c4a3b9d86f3f702d67fd2b6e467ca52062b2d2be1ddd3c7f644a089d06af4d4d5131aaa08a4863c0a6b54345c3f51aef27addd4908c6b9cd850108cd510d6d29c5d41887ff6d53b491125bf846b02a246b2f487778826899cc34feabbf760179e429353a0f0155b36746bbc23b4f538ee231c4d6dba7818ce882ca35b3cc53873ceb72789781b34443a5512e1bdb117107b8de62ce464fab3696e49923a1ab75a1447663a622ac94709327488320cf3f1a0e1a5b89e605eb124bb85e11a784d37e2ea717116f0ef", @nested={0x4, 0xb5}, @nested={0x4, 0x10e}, @typed={0xa0, 0x6b, 0x0, 0x0, @binary="76d62afdf7c37bd92c22e39158353fab7a4456f67412ef96d73815ffa423d23617c9a8fcc0f40a0d9805d226858d8389f3e54c4bbd2ee55a784a1ec1901d59f901322493e41090b131076dd97d747c53d0c586cbfbd51e6926ba1cc75d6680e3eec569e12d6f1b8c16691509624121d9704292b8b57a5887f208f849bd02dd56740e744b3d520b50aee49412b1e616bc880226416b31b385fb2b9ed3"}]}]}, @IPVS_CMD_ATTR_DEST={0xf8, 0x2, 0x0, 0x1, [@typed={0x8, 0x13d, 0x0, 0x0, @uid=r15}, @generic="5135f1780cbeebec8d8653c7ca3d1e8384865f0ce7588de0e5fbc759ef092f1b610e9e14fa59ec3883a5aceddab22cfe2f2e25dea5ee366ba8a341655a59f639f9bf8cdb659d4ceea17d791f9eb7bc62fcfe3025c2edc842af19361ee272c214f40f0e9cb4750ffd668bac110270e15f1bc2af68b5e97fe77e4d0973d5a3c3b41747283ddf809e4a1bb645d8834e10162b729261b47e844ec15ba4b116888c27f053db9c4a3fe8d2", @nested={0x41, 0x17, 0x0, 0x1, [@typed={0x8, 0x1b, 0x0, 0x0, @fd=r9}, @typed={0x8, 0x74, 0x0, 0x0, @fd=r8}, @generic="518cf57d930a548881ec7bf9a3c9cbef298b131dc30c38d1eabb4099ea53f62c492f43ae33", @typed={0x8, 0xf2, 0x0, 0x0, @uid=r16}]}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x814}, 0x1, 0x0, 0x0, 0x840}, 0x4010) (async) sendmsg$auto_IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f0000000740)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000001440)={&(0x7f0000000c00)={0x814, r14, 0x8, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_SERVICE={0x371, 0x1, 0x0, 0x1, [@nested={0xc, 0xc6, 0x0, 0x1, [@generic, @typed={0x8, 0x110, 0x0, 0x0, @u32=0xacc}]}, @typed={0x8, 0x104, 0x0, 0x0, @fd=r3}, @typed={0xb, 0xa8, 0x0, 0x0, @str='\x16-[!][\x00'}, @nested={0x1fb, 0x4d, 0x0, 0x1, [@generic="596e4ded7f52ccb0560bd426bd8b648b21a7c1871f03954edf12ce7fc6ab6bdb9fb1772e0e332ea66b05517a8e799bc36e43093b962b91e6d54fb420df839ba85ea5ffe914ff82b4", @typed={0x8, 0x64, 0x0, 0x0, @ipv4=@multicast2}, @nested={0x4, 0x98}, @generic="45c335dbb50f9e19a9f2c8b45a7405a2975f83622e47480e544831220fa3cb1f9a2098f5c293e7ac5db4e0a45dd42796806d349bb16dd32bcdc31f59081aee92ce02e5f9c3aca333c1046ccb73996bd75a846b0cb80632ae0c27a9becb19cab0edb2932b30bff49fe8489948d5840bbf2896e6d711e148e64905c0fde62aed4333b2a8159235e07c734ab5c2891a57861ae2f53a092c9d5fa2263779c073764c497f2d59325b37bfbc4f6dd80f6b68678953b5b07f05b6a05d15dbfb7b97ed3fe9c0da8b083def8e82f44368f9317b75fbb569e8418242d108a83c73ca6ea40d9006a1af77a58e578f8466346574270183d6b61509312ee9d048d1", @typed={0xa0, 0x14a, 0x0, 0x0, @binary="12c46cca9d75dab0d867d78506f1b6b46a2292dbba91ad26d99e97f23083efdbad1deecfb4cf6917bf01e5791cfb32a1fb764ee9449699e4e000b6cc654ca829784ea53f04aa8406dc6967fb92e975651f278c2d84558ddb08c1785cb3efdb3151c903cdb19bd8b8ab401c24229ef934c35ce314f5077b6b5667dafa92ae4234e9800f66cfb75ea75a5177a2838c7e796e49f96d9746947b177d9d92"}, @nested={0x4, 0x14b}, @nested={0x4, 0xe0}]}, @typed={0x14, 0x126, 0x0, 0x0, @ipv6=@private1}, @typed={0x8, 0x8b, 0x0, 0x0, @fd=r6}, @generic="9ee1993ba2c1634a7e6d537c5eeaeb5e18508614f6c9270765ae8ed4c11580d6a2676c140555a65cad5d0800fe6b1edb66c0952c6b918a173579148c2707750bb3ad5dbb05e4b00c777efff1301534c28417593f8fcdfd716b5d2d0e16a916e4fcd005c250f5f7c36f800a26f0", @nested={0xc5, 0x6d, 0x0, 0x1, [@generic="2892cde001222d9dd648f9147ec81954e2dec9927d9f21fbbee2362440a61135efc03fa4d84560b519e432e0e02111c4b953dca202d6d40e95441c1560b7432fbfd8d14d3a29545c9b473922ad2f4e65390bdf00527101099f1b4476d366440c0996b3dd31dee34a63f52af457f2c7c6793c5a53043bed14cd9674e7d8355a6e551ab7d097d54366f6b97de31d7461631b7d99bbfbfba41ea7a80e369a45e89bc33ee1cac8a76918b74babbdd4b31994e0751af63b4a683686", @nested={0x4, 0x7b}, @nested={0x4, 0x113}]}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6112}, @IPVS_CMD_ATTR_DAEMON={0x37a, 0x3, 0x0, 0x1, [@generic="1cd672fbbce7961e5163a6d1d1550f9a7fccfa060234ab213dc9abc8bdee25c895951a75e63a545915b92e0342a648d9a7348f8dfc633610a4d4e58f05a3301492517eaebde3422e75c60458d7fea5bdbf7cb04c852d562e0b555b5337bca3b8a33a5a3d6d946306f648d944deaeb7a224e74511ad5849395cd2bac6e6e8c1cbcdb5f87b4d953fd733f6a8e14f5e1d4e0305e95c2aee513b07bccdf4a7b1bade3580c30fcb5e68e89c2a25b3c212210e77c6f37532ec2d16e2f9a9b0f8b03898", @generic="ebcd6753fe90b235d7bfd2fa7fde2e83b603b63c01e5806b27b92d4d6940edc92615587862ba9e0f3a7c9687fec952406a10ff9b6846794de3a48b5229905cc08d30d261f0580b5ad3be4b8ee91e3426f810b3b1be26b61234a5936a", @generic="34661a0789527deb26b4c8bc5a44a3fc56afa151cbdf714b32438f69adbde45be1ec", @nested={0x237, 0x57, 0x0, 0x1, [@generic="65d71669d7ed4db03fa0e1233267eea7bca2bc4db60fd5224ef27ad6657a2880c61cfe8482ce5ae07fbf1fdaa725e0d0e43ffb303f252b21638d3eb184596488e2c68c982e9f8e3b510c23b6e78627a47d031de91b3c0b0f62ffc110a997aa878fedcbc4df242c15ab175b02f701fc3b766b130e2c97e01b7b7c1b0489b04b223aa22d23a061a1ce980b9a49e9b5f1b0dec94124aeab5ba803c75fbdc57bbd683b7d0d843e0eed8ed2d10fb9c60a136bca65bf0cbe4d2d73", @typed={0x8, 0xf2, 0x0, 0x0, @ipv4=@multicast2}, @generic="17498b1c4a3b9d86f3f702d67fd2b6e467ca52062b2d2be1ddd3c7f644a089d06af4d4d5131aaa08a4863c0a6b54345c3f51aef27addd4908c6b9cd850108cd510d6d29c5d41887ff6d53b491125bf846b02a246b2f487778826899cc34feabbf760179e429353a0f0155b36746bbc23b4f538ee231c4d6dba7818ce882ca35b3cc53873ceb72789781b34443a5512e1bdb117107b8de62ce464fab3696e49923a1ab75a1447663a622ac94709327488320cf3f1a0e1a5b89e605eb124bb85e11a784d37e2ea717116f0ef", @nested={0x4, 0xb5}, @nested={0x4, 0x10e}, @typed={0xa0, 0x6b, 0x0, 0x0, @binary="76d62afdf7c37bd92c22e39158353fab7a4456f67412ef96d73815ffa423d23617c9a8fcc0f40a0d9805d226858d8389f3e54c4bbd2ee55a784a1ec1901d59f901322493e41090b131076dd97d747c53d0c586cbfbd51e6926ba1cc75d6680e3eec569e12d6f1b8c16691509624121d9704292b8b57a5887f208f849bd02dd56740e744b3d520b50aee49412b1e616bc880226416b31b385fb2b9ed3"}]}]}, @IPVS_CMD_ATTR_DEST={0xf8, 0x2, 0x0, 0x1, [@typed={0x8, 0x13d, 0x0, 0x0, @uid=r15}, @generic="5135f1780cbeebec8d8653c7ca3d1e8384865f0ce7588de0e5fbc759ef092f1b610e9e14fa59ec3883a5aceddab22cfe2f2e25dea5ee366ba8a341655a59f639f9bf8cdb659d4ceea17d791f9eb7bc62fcfe3025c2edc842af19361ee272c214f40f0e9cb4750ffd668bac110270e15f1bc2af68b5e97fe77e4d0973d5a3c3b41747283ddf809e4a1bb645d8834e10162b729261b47e844ec15ba4b116888c27f053db9c4a3fe8d2", @nested={0x41, 0x17, 0x0, 0x1, [@typed={0x8, 0x1b, 0x0, 0x0, @fd=r9}, @typed={0x8, 0x74, 0x0, 0x0, @fd=r8}, @generic="518cf57d930a548881ec7bf9a3c9cbef298b131dc30c38d1eabb4099ea53f62c492f43ae33", @typed={0x8, 0xf2, 0x0, 0x0, @uid=r16}]}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}]}, 0x814}, 0x1, 0x0, 0x0, 0x840}, 0x4010) setxattrat$auto(r4, &(0x7f00000014c0)='./file0\x00', 0x7, &(0x7f0000001500)='/dev/loop3\x00', &(0x7f0000001540)={0x100, 0x95c, 0x7fff}, 0x6) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/security/tomoyo/version\x00', 0xa80, 0x0) (async) r17 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000001580)='/sys/kernel/security/tomoyo/version\x00', 0xa80, 0x0) close_range$auto(r4, r17, 0x1) fcntl$auto_F_SETFL(r2, 0x4, 0x10000) ioctl$auto_FIOCLEX(r17, 0x5451, 0x1) ioctl$auto_MON_IOCQ_RING_SIZE(r8, 0x9205, 0x0) write$auto(r2, &(0x7f00000015c0)='(]K[,{\x00', 0x4) (async) write$auto(r2, &(0x7f00000015c0)='(]K[,{\x00', 0x4) 2m36.542106959s ago: executing program 2 (id=1263): r0 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/mem\x00', 0x101181, 0x0) readv$auto(0x3, &(0x7f00000001c0)={0x0, 0x7fffffffefff}, 0x7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mremap$auto(0x4000, 0xb8, 0x13fd4, 0x3, 0xfffff000) writev$auto(r0, &(0x7f0000000180)={0x0, 0x3}, 0x8) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) bpf$auto(0x0, &(0x7f0000000100)=@task_fd_query={0x2, 0x4, 0x81fe, 0x2, 0x8, 0xc, 0xe3, 0x4000000002, 0x2000000003}, 0x6f4) r1 = clone$auto(0x81, 0x9, &(0x7f0000000200)=0x400, &(0x7f0000000240)=0x597dfa1c, 0xffffffff) pidfd_open$auto(r1, 0x7) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0xaa102, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0xc0000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000300)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/capabilities/ff\x00', 0x300, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x800008000) r2 = socket(0xa, 0x3, 0x3a) getsockopt$auto(r2, 0x29, 0xce, 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) setuid$auto(0x800000000008) pwrite64$auto(r0, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x82) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x80000002, 0x1d, 0x3000, 0xfffffff8, 0x7, 0x400a, 0xffffffffffffffff, [], {0x6, 0x6, 0x6, 0x29c, 0x1, 0x7f, 0x0, 0x6, 0x1}, {0x10100, 0x1, 0x52, 0x85, 0x2, 0x1a7b870a, 0x76c5, 0x8, 0x100000000}}) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0x5}, 0x5, 0x80000000) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) select$auto(0x0, 0x0, 0x0, 0x0, 0x0) madvise$auto(0x2000000000000000, 0x80000001, 0x19) write$auto(0x3, 0x0, 0xfdef) 2m36.457279367s ago: executing program 3 (id=1264): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/thread-self/clear_refs\x00', 0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) sysfs$auto(0x2, 0x3, 0x0) fsopen$auto(0x0, 0x1) socket(0x2, 0x80002, 0x73) bind$auto(r0, &(0x7f0000000040)=@hci={0x1f, 0x3, 0x3}, 0x6a) socket(0x21, 0x2, 0x2) shutdown$auto(0x200000003, 0x2) setsockopt$auto(0x3, 0x1000000110, 0x2, 0xffffffffffffffff, 0x1) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) 2m36.09012874s ago: executing program 3 (id=1265): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_smc_pnetid(&(0x7f0000000080), r0) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x1, 0x8000) (async) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000640)='/sys/devices/LNXSYSTM:00/LNXPWRBN:00/input/input0/capabilities/snd\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x7) (async) r3 = openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0x1e1500, 0x0) ioctl$auto_IOCTL_VMCI_VERSION2(r3, 0x7a7, 0x0) (async) io_uring_setup$auto(0x1d48, &(0x7f0000000480)={0x7fffffff, 0xd, 0x8000, 0xe, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x8, 0x5, 0x80000000, 0x100, 0x83, 0x101, 0x6, 0x8000000000000001}, {0x100, 0x1, 0x10052, 0x5, 0xfffffffc, 0x8, 0x876c5, 0xc9, 0xcc}}) ioctl$auto_IOCTL_VMCI_INIT_CONTEXT(r3, 0x7a0, 0x6) (async) ioctl$auto_IOCTL_VMCI_NOTIFICATIONS_RECEIVE(r3, 0x7a6, 0x0) (async, rerun: 64) sendmsg$auto_SMC_PNETID_ADD(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r1, 0x1, 0x70bd29, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x44c0) (rerun: 64) 2m35.705142372s ago: executing program 3 (id=1268): socket(0xa, 0x1, 0x0) (async) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/loop13\x00', 0x60742, 0x0) write$auto(r0, &(0x7f0000000040)='//\xf2\x00', 0x80000000) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) timer_create$auto(0x0, 0x0, 0x0) (async) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) mmap$auto(0x0, 0x2020006, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) madvise$auto(0x1, 0x2, 0x17) (async, rerun: 64) unshare$auto(0x40000080) (async, rerun: 64) mmap$auto(0x0, 0x2020009, 0x2, 0xeb1, 0xfffffffffffffffa, 0x8000) (async) r2 = socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) io_uring_register$auto(0x2, 0x11, &(0x7f0000000180), 0x83) (async, rerun: 32) sendmsg$auto_NL80211_CMD_LEAVE_OCB(r2, 0x0, 0x40000) (async, rerun: 32) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async, rerun: 32) mmap$auto(0x0, 0x4, 0x4000000000e3, 0x40eb1, 0x401, 0x300000000000) (rerun: 32) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) socketpair$auto(0x4, 0x2, 0x8000000000000000, 0x0) (async) getsockopt$auto(r3, 0x1, 0x4c, 0x0, 0x0) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/vivid.0/video4linux/video42/power/control\x00', 0xc2902, 0x0) read$auto(r4, 0x0, 0x20) (async) close_range$auto(0x2, 0xa, 0x0) (async) socket(0x2, 0x1, 0x106) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/module/kvm/parameters/nx_huge_pages\x00', 0x80302, 0x0) write$auto(0x3, 0x0, 0xffd8) (async) mbind$auto(0x8000, 0xfa9d, 0x2, &(0x7f0000000280)=0x20000000000000fb, 0x3, 0x1) set_mempolicy_home_node$auto(0x0, 0x2010001, 0x0, 0x0) mmap$auto(0x0, 0xa, 0xdb, 0x9b72, 0x5, 0x8000) 2m35.229152416s ago: executing program 2 (id=1270): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_ila(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$auto_ILA_CMD_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x4010}, 0x0) r3 = syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000240), r0) sendmsg$auto_NETDEV_CMD_DEV_GET2(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x14, r3, 0x300, 0x70bd26, 0x25dfdbff, {}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x2000c854}, 0x80) sendmsg$auto_ILA_CMD_FLUSH(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r2, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@ILA_ATTR_CSUM_MODE={0x5, 0x7, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x5}, 0x40008c4) r4 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/event2\x00', 0x101040, 0x0) read$auto_evdev_fops_evdev(r4, &(0x7f0000000040)=""/5, 0x5) 2m34.775358243s ago: executing program 2 (id=1273): close_range$auto(0x0, 0xfffffffffffff000, 0x0) bpf$auto(0x0, &(0x7f00000001c0)=@bpf_attr_0={0xa, 0xb8, 0x10, 0x4, 0x4, 0xffffffffffffffff, 0xa, "2af051b26b658a20d8dc6b36c83ce63f", 0x0, 0xffffffffffffffff, 0x5, 0x7, 0x7, 0x6, 0xffffffffffffffff, 0xffffffffffffffff}, 0xf) bpf$auto(0x19, &(0x7f0000000380)=@token_create, 0x92) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000040), r1) sendmsg$auto_NL80211_CMD_EPCS_CFG(r0, &(0x7f00000002c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000080)={0x120, r2, 0x100, 0x70bd2a, 0x25dfdbfc, {}, [@NL80211_ATTR_TIMEOUT_REASON={0x8, 0xf8, 0x3ff}, @NL80211_ATTR_FILS_CACHE_ID={0x103, 0xfd, "a2de885034c6b81911eb5cd9cf38b75300d8c507533b6ff16ee8855b5f3d44ed60b92a33ae31a49b8129d393923119ef4161c9c9b7a102c6add01140e1d710c624e05d68722b6c56785ede1aa5c40ec814350f4894608ee99f60a793e1382bd05b9be8f651f75d57dd5b3e8f96c60bfedb694f3d138371e9310e3d258ac87ba3350b72844d179c46425072074d62c574ff30fef73bebac8b69989c3f68f3f13541b400735175f5a5541af370bd22b66effb0036b9b9884f924a5b738f9a6ff14b38a1e56aece62a85fc9db1e4128cba09c9ebb7f3645300631177009885066ed53b2d57f5c135397ef8bf1453c7c2ac3b0cc09dae354a447a87a73873f096c"}]}, 0x120}, 0x1, 0x0, 0x0, 0x4000000}, 0x4000000) socket(0x10, 0x2, 0xc) 2m34.44754387s ago: executing program 3 (id=1276): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_i2cdev_fops_i2c_dev(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$auto_I2C_RDWR(r0, 0x707, &(0x7f0000000100)="4da3199edf02fa5b159b76f574f06a3a34167530e3997e1c8b144676") r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000200), 0xffffffffffffffff) stat$auto(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x4, 0x5, 0x8, 0xfff, 0xee01, 0xffffffffffffffff, 0x0, 0x2, 0x5da, 0x40, 0x5, 0x4, 0x23, 0x2, 0xeba, 0x18}) sendmsg$auto_NL80211_CMD_GET_PROTOCOL_FEATURES(r1, &(0x7f0000000540)={&(0x7f00000001c0), 0xc, &(0x7f0000000500)={&(0x7f0000000340)={0x1a0, r2, 0x10, 0x70bd25, 0x25dfdbfd, {}, [@NL80211_ATTR_TDLS_PEER_CAPABILITY={0x8, 0xcb, 0x4}, @NL80211_ATTR_DISABLE_EHT={0x4}, @NL80211_ATTR_TXQ_MEMORY_LIMIT={0x8, 0x10b, 0xf}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x6}, @NL80211_ATTR_CENTER_FREQ1_OFFSET={0x8, 0x123, 0x43d1}, @NL80211_ATTR_KEY={0x167, 0x50, 0x0, 0x1, [@generic="9f017799c141b01dd6ff25865de9c0046e7e6bcefac9abf4c3075211bdeae7e18fa0681a6ffdbc315a59bab87c86b25f47c0f1f1b5cc5f72610bcd32d57e705dd10370927225b3b93b9c4ff680db9b09a33aa14a7157cd8d5d0808c82e24eee87aac7fdeeba2b6ffac0636c0ee3be89db58f5032db3a385dda79ab423de08e468e0f1f0b993e249ce5d3f067add7765a086b2d2fee73a463b28378623de0b607e0ba3bd0ceaf6732511c40afbaa856b68a142b1ab298727fc6", @typed={0x8, 0x12b, 0x0, 0x0, @uid=r3}, @typed={0x8, 0x153, 0x0, 0x0, @u32=0xfff}, @typed={0x4, 0xa8}, @typed={0x14, 0x32, 0x0, 0x0, @ipv6=@loopback}, @generic="ff60347812f039451a666be09e565f603295d2f2fc30855e11300201c543dbb2d8209246f10b578716a2e0b7f807d751a5364669c0dec93cf998a9d5aaeab4c982508450bb8555ea89c00f62545959fa55bbe1615c2d2dbc1018aad6123455e6adb24166e4c167a4cf08e80a918a6dde287db8c2d10fafdf97567fc511c295a8e1a1"]}]}, 0x1a0}, 0x1, 0x0, 0x0, 0x48090}, 0x80) r4 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(r4, &(0x7f0000000040)='//\xf2\x00', 0x80000000) r5 = socket(0x15, 0x5, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r6 = socket(0x848000000015, 0x5, 0x0) r7 = socket(0x10, 0x2, 0x0) sendmmsg$auto(r7, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000000)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x800}, 0x24, 0x4008) syz_genetlink_get_family_id$auto_ovs_datapath(&(0x7f0000000580), r7) bind$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xfd}}, 0x6b) r8 = socket(0x2000000000000021, 0x2, 0x10000000000002) setsockopt$auto(r8, 0x110, 0x1, 0x0, 0x275d) connect$auto(0x3, &(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0xff, 0x0}}, 0x55) sendmsg$auto_NL80211_CMD_GET_MPATH(r6, 0x0, 0x100000) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @loopback}, 0x6a) ustat$auto(0x801, 0x0) sendmsg$auto(r5, &(0x7f0000000180)={&(0x7f0000000040), 0x7fc, 0x0, 0x8, 0x0, 0x1, 0x4}, 0x0) 2m34.387992042s ago: executing program 2 (id=1277): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) mmap$auto(0x0, 0x202000a, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x4, 0xa00006, 0x2, 0x100000000040eb1, r0, 0x300000000000) rseq$auto(&(0x7f0000000580)={0x5, 0x85, 0x9416, 0x4, 0xe, 0x6}, 0x80000002, 0x8, 0xfd) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) openat$auto_vsock_device_ops_af_vsock(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_udc.0/udc/dummy_udc.0/maximum_speed\x00', 0x61a882, 0x0) socketpair$auto(0x1b, 0x9, 0x8000000000000000, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) openat$auto_ocfs2_control_fops_stack_user(0xffffffffffffff9c, &(0x7f0000000040), 0x669400, 0x0) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8a180, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/sys/net/ipv6/conf/batadv_slave_0/proxy_ndp\x00', 0x382, 0x0) inotify_init1$auto(0x3000000000000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xffffffffffffffff, 0x0) open(0x0, 0x22240, 0x55) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2, 0x0) r2 = socket(0xa, 0x801, 0x84) getsockopt$auto(r2, 0x84, 0x82, 0x0, 0x0) ioctl$auto(0x3, 0x80106f53, r1) 2m33.728570367s ago: executing program 2 (id=1279): r0 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/conf/team0/bc_forwarding\x00', 0x2102, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0x11, 0x80003, 0x300) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) epoll_create$auto(0x4) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) r1 = fcntl$auto(0x0, 0x408, 0x100000) close_range$auto(0x2, 0xa, 0x0) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000031c0)='/sys/devices/pci0000:00/0000:00:03.0/virtio0/vendor\x00', 0x101000, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000003200)=""/64, 0x40) r3 = socket(0x18, 0xa, 0x1) r4 = getsid$auto(0xffffffffffffffff) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r1, 0xc4c85512, &(0x7f00000001c0)={{@raw, 0x2, 0x8, 0x7, "b3863a26a4aa0825c08f66d0b84f0202e45bca246825be865a10bab1ae3e01489647b634ebf710fca11da1eb", @inferred=r4}, 0x0, @iec958={"f7efc51815983cc4485488d517caa5e1dbebc63fb2dddbb4", "0f40dce8597160a270f99725e03993adda968c2f86bddf511838cfee997990a326783977c77fadeb822e7d779b36e7364eb256c1e23e3506157514a7cc9a4021aada95646505b9ae56946d348bd4dc0b05ea47df5bb1335fd4e97c7d777f79c7e7bc0e6671891f2a6ec2d4d83ffafd79251ca54cd8a7983301330431da577786ece238cb40601543bf8b8143eaa4c56f16b1d3", 0x0, "1a380436"}, "67773b0b31c6fc6824abd539e241bfcce787b0f2535d48a85ad05915f20cc5fd0ce986de75863cdae1c513ccb996a445b69f364a491e0e3f026534f920b147dd37285654c1d5fa42f9b2e9194a490c987c47efd4edfda93b564c45ac6f564702da46a9cb920d023c5c1e0d912355b321560e081315e1996bd0b5de8937f2f12a"}) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/kernel/hung_task_check_interval_secs\x00', 0x88542, 0x0) mmap$auto(0x0, 0x400007, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) mmap$auto(0x0, 0x4, 0xdf, 0x9b72, 0x2, 0x8000) r5 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f00000000c0), r3) sendmsg$auto_NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x1c, r5, 0xa05, 0x70bd27, 0x25dfdbff, {}, [@NL80211_ATTR_TSID={0x5, 0xd2, 0x96}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x4010) vmsplice$auto(0x1, &(0x7f0000000000)={0x0, 0x5}, 0x6, 0x8) r6 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/ip_local_port_range\x00', 0x20202, 0x0) sendfile$auto(r0, r6, 0x0, 0x1) 2m32.436081156s ago: executing program 2 (id=1282): sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002cbd7000fedbdf663387257f0000000600960012ff04000800a50001080000f3894825ea55640aec0711daf24c8763f1a1ada4d47838d0f67a3c913578a3a27c6dbebc7c8b9dcbc152492c643b292682386e1b02872fddd98b6530d5"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x10) r0 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x24008001) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) setitimer$auto(0x2, &(0x7f0000000080)={{0x2, 0x5}, {0x0, 0x8}}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x1c, r1, 0x9, 0x70bd2c, 0x25dfdbfb, {}, [@IOAM6_ATTR_NS_ID={0x6, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x808) r3 = socket(0x2, 0x3, 0xa) connect$auto(r3, &(0x7f0000000080)=@l2tp={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}, 0x6aafe8b6) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101a82, 0x0) write$auto(r4, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(0x3, 0x0, 0xfffffdef) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, r3, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r8 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/uid_map\x00', 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r8, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r7, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) madvise$auto(0x100, 0x200007, 0xf529) 2m31.573464851s ago: executing program 3 (id=1284): r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getdents$auto(r0, &(0x7f0000000000)={0xff, 0x4, 0x9, "260c2bc824f8ef07e359e42132e42f4f0760ed00b50ec466625d2ff440ab34e4054e3b1fddfbcc7281354ccbc8311e1d91d3bc2a4e5db30f0c90a8f8ca8d1d6a48d487e78f9b5937be250a5da4994ab44efd7420f356df37b61d0bde521e5df8"}, 0x979) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r3 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r3, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x2f, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r2, @ANYBLOB="01002cbd7000fddbdf2502000000810004007e66736600d8efe42d132b72f30c54315aa74a5b8107cf2ddf901f8fc81365e252374483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}}, 0x4000) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 2m17.124510894s ago: executing program 32 (id=1282): sendmsg$auto_NL80211_CMD_EXTERNAL_AUTH(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="10002cbd7000fedbdf663387257f0000000600960012ff04000800a50001080000f3894825ea55640aec0711daf24c8763f1a1ada4d47838d0f67a3c913578a3a27c6dbebc7c8b9dcbc152492c643b292682386e1b02872fddd98b6530d5"], 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x10) r0 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NFSD_CMD_THREADS_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r0, 0x800, 0x70bd28, 0x25dfdbfd, {}, ["", "", "", "", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x24008001) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000600), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) setitimer$auto(0x2, &(0x7f0000000080)={{0x2, 0x5}, {0x0, 0x8}}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) init_module$auto(0x0, 0xffff9, 0x0) sendmsg$auto_IOAM6_CMD_DEL_NAMESPACE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)={0x1c, r1, 0x9, 0x70bd2c, 0x25dfdbfb, {}, [@IOAM6_ATTR_NS_ID={0x6, 0x1, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x40000}, 0x808) r3 = socket(0x2, 0x3, 0xa) connect$auto(r3, &(0x7f0000000080)=@l2tp={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x2}, 0x6aafe8b6) r4 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x101a82, 0x0) write$auto(r4, &(0x7f0000000040)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(0x3, 0x0, 0xfffffdef) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, r3, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r8 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000002c0)='/proc/self/uid_map\x00', 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r8, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r7, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) madvise$auto(0x100, 0x200007, 0xf529) 2m16.158937115s ago: executing program 33 (id=1284): r0 = socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) getdents$auto(r0, &(0x7f0000000000)={0xff, 0x4, 0x9, "260c2bc824f8ef07e359e42132e42f4f0760ed00b50ec466625d2ff440ab34e4054e3b1fddfbcc7281354ccbc8311e1d91d3bc2a4e5db30f0c90a8f8ca8d1d6a48d487e78f9b5937be250a5da4994ab44efd7420f356df37b61d0bde521e5df8"}, 0x979) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000340), 0xffffffffffffffff) r3 = openat$auto_proc_uid_map_operations_base(0xffffffffffffff9c, &(0x7f00000013c0)='/proc/self/uid_map\x00', 0x8006, 0x0) write$auto_proc_uid_map_operations_base(r3, 0x0, 0x0) sendmsg$auto_NFSD_CMD_THREADS_SET(r1, &(0x7f0000000480)={0x0, 0x2f, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[@ANYBLOB="a8000000", @ANYRES16=r2, @ANYBLOB="01002cbd7000fddbdf2502000000810004007e66736600d8efe42d132b72f30c54315aa74a5b8107cf2ddf901f8fc81365e252374483326ace7da356b7a16f5ce613bc0ce3aeb87ed3d22b4a27c3ecc90c70c861befe60a7a9414b446427a001f61379e8caf4519e032a5dda1e1174e2d575772b93fc046cd3a674866b80d91473ece248c03d28f9398a63a785998700000008000300850000000800010002000000"], 0xa8}}, 0x4000) madvise$auto(0x0, 0x200007, 0x19) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f0000000300)='/proc/thread-self/pagemap\x00', 0x404001, 0x0) mmap$auto(0x0, 0x420009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0xb74, 0x66a) madvise$auto(0x0, 0xffffffffffff0001, 0x15) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x3b}}, 0x54) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 7.054357713s ago: executing program 5 (id=1810): r0 = socket$nl_generic(0x10, 0x3, 0x10) mknod$auto(&(0x7f0000000040)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00'/263, 0x4dd8, 0x5) r1 = open(&(0x7f0000000400)='\xfd\x90\x8f2\x14\x92\x00\xbf\xdf\xcf\x9a\xae}\xd9\xf95\xc5gV\x82\f\xe5h\xfe\x83\xe4\xbe\x8c\x1f\xa5\xf1_T\xde\xf7\xd4\x83D\x9eXS\xd6\x90T\xc1v\xad#\xc4q\x8b\xed2\xadW:0\xef\x9c.=\xba\x0fy\x8f\xcd\xd6\xde\xa9i\xec\xe8\xca\x9f\xf3\x82b\xa2y\xa87J\xfc \xc5\xd8\x80\xba\xaaV\x8f{\x1f\x1b\xb0\n\x97\\\xa7\xe3\xdf\xc29-*;#r\xc8\xd1\x14RcF\x87\xe4\x1c\x1fGL\xa5\x19\x90\xd6\x8d*\xe6\b(\x1a\xea\x95\xdc\xa6)5\xae&yAl\x1e\xe3j Lp\x91\r\xed%\xafZ\xf8w\xf2}\xcdGS\xce\xb9\xdck\x86\x00.6\xe6{\xc1\x00\x1bW5\x81\xda!\xcb.O\xa9\xf3\xa7\x88+\xb9\xf3\x9a7\xa4\xe6)<\xa79\xa4\x87\\\xb4\xbf\v\x03\x87\xac\x87r\x02\x05\xdb\xe4\xde,V\xb6G\xba.WR\xe2<~\xdd\xb2\xe53hj_;\xa5qm\x92\xc7P\xc9.\x82w8\x1f\xfcX\xe4\x14\xc72cC\xd3\x00', 0x400040, 0x4) mmap$auto(0x0, 0x20009, 0x809, 0xeb1, 0x401, 0x80000000008000) r2 = syz_genetlink_get_family_id$auto_netdev(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$auto_NETDEV_CMD_BIND_RX(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000100)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010026bd7000fcdbdf250d00000008000300", @ANYRES32, @ANYBLOB="0400028008000100"], 0x28}, 0x1, 0x0, 0x0, 0x4800}, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) close_range$auto(0x2, 0x8, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000080), 0x68b82, 0x0) r6 = getsockopt$auto(r5, 0x4, 0x80000001, &(0x7f0000000000)='macsec\x00', &(0x7f0000000180)=0x4) sendmsg$auto_ETHTOOL_MSG_RINGS_SET(0xffffffffffffffff, &(0x7f0000001dc0)={0x0, 0x0, &(0x7f0000001d80)={&(0x7f0000000340)={0x34, 0x0, 0x1, 0x70bd2a, 0x25dfdc01, {}, [@ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}, @ETHTOOL_A_RINGS_RX_JUMBO={0x8, 0x8, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x90}, 0x80000) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'ip6gretap0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'team_slave_0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'geneve0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'batadv_slave_1\x00', 0x0}) shmctl$auto_IPC_RMID(0x81, 0x0, &(0x7f0000000680)={{0x100, 0xee01, 0x0, 0x7, 0xe5, 0x1, 0xfff}, 0x9, 0x3, 0x3, 0x6, @inferred, @inferred, 0x2, 0x0, &(0x7f0000000540)="027f7bb04e633b64b8284941d759cfc2cc081ecc5f1e006ea0f03b72d1b4c93ae1c4eca12bd7ade4a56e946c36b0c69c56b48ed65fff5fb7f5a6e2799095d898c06987e93416b9ea279d2aed44e41b428bb7db9ead5f3a4de80eadbe3f369d7dbbcd3f55441e8910c68cb4db6d6c2205ff08dbd17636f95275edef842eddc2e180126d6ee404d31a86fd39a060ec7b023796dddb85fdb77c6444775ed331725558f4071040f9e6a4053c22e00091720c69edd9881d11b3fe4e11a1f60c20f83376c36dba900bbe47f1e632dee5f2de3e71d33142af6988", &(0x7f0000000640)="b6114ad76a87dc24919569d033deaec326559c6020f8"}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000700)={'nr0\x00', 0x0}) sendmsg$auto_ETHTOOL_MSG_PRIVFLAGS_SET(r3, &(0x7f0000000cc0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000c80)={&(0x7f0000000740)={0x50c, 0x0, 0x200, 0x70bd2c, 0x25dfdbff, {}, [@ETHTOOL_A_PRIVFLAGS_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfffff000}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x6}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r9}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'rose0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @ETHTOOL_A_PRIVFLAGS_FLAGS={0x46c, 0x2, 0x0, 0x1, [@typed={0x4, 0xf3}, @nested={0x20f, 0x3b, 0x0, 0x1, [@generic="bf2464421a4797b8f256a1c5ea008b062de923b180a08d69c13b427b812cbb4bca2df560", @generic="f7d6e70cb9c3174760c86d1eb4d7dae65e502dbe426e7741e4ed21bd4d4edbeb88fc1d2cb25aaf8c419ff566f7d3b6b997ce85c3e9ca727ca2b8661a2c8b054a76f6c67ba5ff03d1e0a913a944d093e715ad7f2bc24107e8c85d61cecc6a9e3e7e675efddc6fb40eed80858f9d533b0faeba6d31cce46d8ce85d208dbb609dd318784d4b3194241f0bb0f6601a8c2c1e00cdd2c21604118213a133db7f8cc01c0eeb39dcc1a89c668fa1819438d7c38c6ae78ecb546b3ba36775bed8f53af41628a2bff3462c74b0f659660e217413cc", @nested={0x4, 0xd5}, @nested={0x4, 0xc4}, @generic="2ea5a722fb90d00c9b0f9bbe2e345a8cd34582d439238533184f9ff7128866644014e55b594a0014443414f173f503ba223e5c2af1fc7441e023843dbbaef073557d88a9a65cadf06d0439a615e00ae46affbec85422f46e7eac87930783b5fdb63ba11f720a69d83c7818c97eff1aa3f91ce70e7d22d2a26ece103062aaa0659aaa3b5db5be207e56b39748fd0854ff2827837daba422feaf26b7b049773ec8491f0ee05f2cf7024a79cd314335f01d3a4e725a602f8c898ba5f3b30f6eb8d3af704f37a8a077b98482a893b77966ef23c63af965dd25285c54d1475edde8f098c449ae94ab548eeb6f4bd88c901bc8c0700fbc76535d", @typed={0x4, 0x9c}, @typed={0x14, 0x39, 0x0, 0x0, @ipv6=@rand_addr=' \x01\x00'}]}, @nested={0x5c, 0x13d, 0x0, 0x1, [@typed={0xd, 0x90, 0x0, 0x0, @str='/dev/kvm\x00'}, @typed={0xb, 0xdf, 0x0, 0x0, @str='macsec\x00'}, @generic="34cb9291bd75701018167f199714a2ecebc1a345a85f5bdb6b00e196ea98e8e17ad5c382d73fe7ca0f89af70498168977ffd293acf135f24", @nested={0x4, 0x67}]}, @nested={0x1f7, 0x38, 0x0, 0x1, [@typed={0x8, 0xf, 0x0, 0x0, @uid=r11}, @generic="0a7a510b9493e7d7440361f693a1749500ccfa3def8a46cbc69f638c0a20a40273aa1c8cd8b9900f026f3a868ca174f2d679d48f1301acca1aa75f0920417372368acc960758b6e54471f1e49ffe22388befd3be6652884d0c2bf570ea186281cbd0b155d451e288246344492cc0c15a578e22cb3ee1f341409eddf2128836d359bc00cb4da6c91487e27dadc61b3de7ff2b84f8241e4ea529189c780fdf0db4fc248e34e30bba98204794c853534c9515cefb7ddc8c01bf1c34f99d9c676b1b65e6859b27bac9", @generic="cfebc5186fe8203cadbf5b225fa3a0f55cb092801ab58d015e54eaf368ebb5333b2ad4f03e7ddd59ecf7009917d1148b772f97e839942e3665a4671dba4a9577c9944e46070960", @nested={0x4, 0xf6}, @generic="e0bc6c4405bc3bd3eb636af661d72a4346c378c320bd28e58bae1315aeefbf78821a62fda6496cb74e7561d4c094e03702778678d5406ffe3e8d4f39ba188b03bab942aba40e92d7b8f8240eab7121397c9de684f8fa97ababb14bf16c63168cdec1c8f77f5e3d0f96bc7b2162ca943d60e4b8ff2b953884568fb0dd960c84261a9d9ff5d26671b5b4263eea82246143f5c79e23c2b92128f0d6dbacff6f6600b386e3fedda93c1bc39e3dd80238f2e186f42b2b7239769427ece70b50aabc3b4f693b962a9c448aff21852008c91f7684edcf13fe", @nested={0x4, 0x11b}]}]}, @ETHTOOL_A_PRIVFLAGS_HEADER={0x14, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0xfd}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}]}, 0x50c}, 0x1, 0x0, 0x0, 0x40000}, 0x5) r13 = ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r5) ioctl$auto(0x3, 0xae41, r4) openat$auto_stat_fops_per_vm_kvm_main(0xffffffffffffff9c, &(0x7f0000000300)='/sys/kernel/debug/kvm/insn_emulation_fail\x00', 0xa2540, 0x0) r14 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/self/net/rpc/auth.unix.ip/channel\x00', 0x8f3b7a51b8162d21, 0x0) write$auto_proc_reg_file_ops_compat_inode(r14, 0x0, 0x0) read$auto_stat_fops_per_vm_kvm_main(r13, 0x0, 0x0) r15 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000000300), r3) sendmsg$auto_MACSEC_CMD_UPD_TXSA(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002300)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r15, @ANYBLOB="010029bd7000fcdbdf250600000008000100", @ANYRES32=0x0, @ANYBLOB="04000000"], 0x20}, 0x1, 0x0, 0x0, 0x8002}, 0x8010) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) 6.522204889s ago: executing program 5 (id=1813): write$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffffff, 0x0, 0x0) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r0, &(0x7f0000000280)={0x0, 0x80000000}, 0x6, 0x3, 0x4, 0x2e) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$auto_lru_gen_rw_fops_vmscan(0xffffffffffffff9c, 0x0, 0x42, 0x0) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0) read$auto(r1, &(0x7f0000000100)='^$\x00', 0x1) 6.018388105s ago: executing program 1 (id=1817): r0 = openat$auto_blk_mq_debugfs_fops_blk_mq_debugfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/block/loop9/hctx0/tags\x00', 0x169100, 0x0) pread64$auto(r0, 0x0, 0x5000f42a, 0x1f5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) setuid$auto(0x0) r1 = socket(0x2, 0x4, 0x5) r2 = getsockopt$auto(r1, 0x11c, 0x4, 0xfffffffffffffffe, 0xfffffffffffffffd) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00", @raw=0x1}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800000000000400e, 0x2000000b752, 0x100000001}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, &(0x7f0000000080)={{@raw=0xfff, 0x0, 0x7f, 0x7, "26d718b7d3ee6d350eb3def9df764b2c04bd12e3c7ee1900308b8a7d09b0a707f7045e6d165b196ca83379bb"}, 0x40007, 0xfffffffc, 0x4, @raw=0x1, @reserved="f9025918195113f99fba07a2670c13b4a7ff5ee86628c28a3b375921b40e18de1c6f96e31febc4aafa431babffeee9a5c210db5145ddef476f6d06da90e2b03f6de4d403b71fa7c60c76a420764511b51652e71edf6e1856ca3ec48280f207538fe36daf8bc4b07dfb85d5a71715f229df639056b6fab400", "18a801006a0900000000000000c4bd5359eeadc8357752b72fa176254d8797cdffd02555ac83a07983eedddd24b626f54ad9d763dcdc9120af8b7c848ceb55a7"}) close_range$auto(0x0, 0xfffffffffffff000, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) r3 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_nl80211(0x0, 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, 0x0) sendmsg$auto_NL80211_CMD_DEL_PMK(r4, 0x0, 0x800) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x2, 0x88) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, 0x0) sendmsg$auto_ETHTOOL_MSG_WOL_GET(r4, 0x0, 0x4000000) write$auto_console_fops_tty_io(r3, &(0x7f0000000000)="c80d1b5d399b39", 0xfdef) close_range$auto(0x2, 0x8, 0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/pcmC0D0c\x00', 0x8100, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) 5.699535089s ago: executing program 0 (id=1818): unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sendmsg$auto_HSR_C_GET_NODE_STATUS(0xffffffffffffffff, &(0x7f0000000700)={&(0x7f0000000600)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f00000006c0)={&(0x7f0000000640)={0x44, 0x0, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@HSR_A_IF1_SEQ={0x6, 0x6, 0x1}, @HSR_A_NODE_ADDR_B={0xa, 0x5, @random="f13f79888059"}, @HSR_A_IF2_SEQ={0x6, 0x7, 0x400}, @HSR_A_NODE_ADDR={0xa, 0x1, @local}, @HSR_A_IF2_SEQ={0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x800}, 0x800) clock_gettime$auto(0xa, 0x0) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) migrate_pages$auto(0xffffffffffffffff, 0x5, 0x0, 0x0) (async) socket(0xa, 0x5, 0x0) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D2\x00', 0x40001, 0x0) (async) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000000), 0x400, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) (async) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/platform/dummy_udc.3/driver_override\x00', 0xe2685, 0x0) close_range$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x2) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x8, 0xd, 0x7d48, 0x948b, 0x4, 0x15f4da0c, 0x1, 0x3, 0x0, 0x80000001, 0x7, 0x4, 0x5, 0x2, 0x1]}, 0x0) (async) add_key$auto_KEY_SPEC_REQUESTOR_KEYRING(&(0x7f0000000080)='/dev/dri/card0\x00', &(0x7f00000000c0)='\x00', &(0x7f0000000100)="15a04f062022613d1994ad4977093f5eb88b7c12e24a81f344bdb316d4d9d8802b8abcacbca4303e95109e4ea589bfb4f571b7d37bd2171a703655fd8329806745c351d7f7d3a1db6eca", 0x653, 0xfffffffffffffff8) (async) madvise$auto(0x0, 0x7, 0x13) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x1) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x4000, 0x0) (async) clock_nanosleep$auto(0x8, 0x0, &(0x7f00000000c0)={0x3, 0x2}, 0x0) (async) adjtimex$auto(&(0x7f0000000480)={0x8101, 0x0, 0x1, 0x1, 0x7, 0x7f, 0x860, 0x0, 0x1, 0x45079941, 0x8, {0x47a8, 0x7}, 0x7, 0x3, 0x10009, 0x9000000, 0x0, 0x8, 0x8, 0xffffffffffffffff, 0xb4, 0x800, 0xf9}) madvise$auto(0x0, 0xffffffffffff0005, 0x19) (async) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) socket(0x2, 0x80002, 0x73) mmap$auto(0x0, 0x101, 0x4000000000df, 0xeb1, 0x200000401, 0x8000) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_tipcv2(&(0x7f0000000040), 0xffffffffffffffff) close_range$auto(0x2, 0x8, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_force_wakeup_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/bluetooth/hci5/force_wakeup\x00', 0x2000, 0x0) (async) writev$auto(0x3, &(0x7f0000000080)={0x0, 0x1}, 0x3) (async) sendmsg$auto_TIPC_NL_BEARER_SET(r0, &(0x7f0000002040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="14000000", @ANYRES16=r1, @ANYBLOB="01002dbd7100fefadf2505000000"], 0x14}, 0x1, 0x0, 0x0, 0x44}, 0x40044) 5.653368839s ago: executing program 1 (id=1820): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x32f1c0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) socket(0x2a, 0x2, 0x8001) socket(0x27, 0x1, 0x40000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@in={0x2, 0x4e22, @remote}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/memory_tiering/memory_tier4/nodelist\x00', 0x22100, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xa, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x990, 0xffffffffffffffff, 0x1, 0x948b, 0x4002a1, 0x95f4da0a, 0xfffffffffffffffe, 0x3, 0x62, 0x80000001, 0x6, 0x0, 0xc, 0x3, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x11, 0x1, 0x7ff, 0x2003, 0x15f4da0a, 0x2000000000000003, 0x3, 0x62, 0x80000023, 0x7, 0x6d3e, 0xc, 0x2495dae0, 0x6]}, 0x0) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) r2 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x60001, 0x0) read$auto_dynamic_events_ops_trace_dynevent(r2, &(0x7f0000000340)=""/128, 0x80) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x1102, 0x0) acct$auto(&(0x7f0000000100)='/dev/psaux\x00') openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x101501, 0x0) socket(0x21, 0x3, 0x5e57) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) ioctl$auto_SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, 0x0) 5.080757817s ago: executing program 5 (id=1821): mmap$auto(0x0, 0x5, 0xdf, 0x9b72, 0x2, 0x8000) (async) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) (async) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000040)='/dev/snd/midiC2D0\x00', 0x0, 0x0) (async) r0 = openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7ffffffc, 0x8, 0x3000, 0x6, 0x7, 0x400b, r0, [], {0x6, 0x6, 0x8c48, 0x29a, 0x9, 0x80, 0x104, 0x6, 0x4}, {0x100, 0x1, 0x101, 0x85, 0x2, 0x24, 0xfe000000, 0x8, 0x3}}) (async) r1 = openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$auto_PTRACE_SECCOMP_GET_METADATA(0x420d, r2, 0x7, 0x4) read$auto_vhci_fops_hci_vhci(r1, &(0x7f0000000d40)=""/16, 0x10) (async) select$auto(0xe, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x200948d, 0x3, 0x10015f4da0a, 0xd, 0x7, 0x6, 0x8000001f, 0x8, 0x6d3e, 0xc, 0x2, 0x2]}, 0x0) (async) mmap$auto(0x0, 0x2020009, 0x8000000000000003, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x17) (async) madvise$auto(0x0, 0xffffffffffff0001, 0x15) (async) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) (async) madvise$auto(0x0, 0xffffffffffff0005, 0x19) request_key$auto_KEY_SPEC_GROUP_KEYRING(0x0, 0x0, 0x0, 0xfffffffffffffffa) (async) ioctl$auto(0x3, 0x8905, 0x38) madvise$auto(0x0, 0x2003f2, 0x15) (async) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x8000, 0x0) (async) pipe2$auto(0x0, 0x4800) (async) splice$auto(0x4, 0x0, 0x2, 0x0, 0x1000, 0xf) 4.249376549s ago: executing program 1 (id=1823): close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xffffffffffffffaf, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) connect$auto(0x3, &(0x7f0000000080)=@nl=@proc={0x10, 0x0, 0x25dfdbfe, 0x4}, 0x81) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_binder_fops_binder_internal(0xffffffffffffff9c, &(0x7f0000002340)='/dev/binderfs/binder1\x00', 0x0, 0x0) r2 = dup$auto(r1) r3 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto(r3, 0x81004523, r2) close_range$auto(0x2, 0x8, 0x0) r4 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000180)='/proc/interrupts\x00', 0x18b202, 0x0) pread64$auto(r4, 0x0, 0x400100000001, 0x1ff) readv$auto(0x3, 0x0, 0x4) unshare$auto(0x40000080) r5 = socket(0x10, 0x3, 0x6) mmap$auto(0x0, 0x7f, 0x1, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) lstat$auto(0x0, &(0x7f0000000180)={0x4, 0x9, 0x6, 0x63, 0x0, 0x0, 0x0, 0xac, 0x200, 0x2, 0x40000402, 0x9, 0x9, 0xffffffffffffffff, 0x6, 0x6, 0x200000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB="13"], 0x1ac}, 0x1, 0x0, 0x0, 0x2000c000}, 0x4004) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(0x8000000000000003, 0x0, 0x2, 0x4cbd5d) ptrace$auto(0x5, 0x0, 0xfffffffffffffffa, 0x8) mmap$auto(0xf22, 0x6, 0xfd5, 0x9d, r5, 0x71) openat$auto_tracing_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/tracing/buffer_size_kb\x00', 0x8082, 0x0) 3.884424659s ago: executing program 0 (id=1824): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_OVS_DP_CMD_DEL(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x20040c04}, 0xc0804) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x90}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) mmap$auto(0x2, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_clone(0x20008000, 0x0, 0x0, 0x0, 0x0, 0x0) rt_sigqueueinfo$auto(0x0, 0xffff7b6f, &(0x7f0000000000)={@siginfo_0_0={0x8, 0xd, 0x6, @_rt={r1, 0x0, @sival_ptr=0x0}}}) r3 = socket(0x11, 0x3, 0x9) pwrite64$auto(0xc8, &(0x7f0000000200)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00\x00\x00\xfd\xfd\xd3\xd3\x1d\x00^\x0fo\x97\xfc\x89\v\xea\xc2\x95\xafQ;C>\x15L\x90\xad\xa4\x1648W\t\x00\x00\x001\x00\x00\x00@X\xb9_\xdd\xa6\xa2E\xd8?\'\x8dg\x81h*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&%`_[\xde\x7f\xde8\xf7\xc1\x94\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\xee\xa9\x0eX\x01\xa3g\xba\x9cc\x90\xe3\xae\xa9\xde\x00\x00\x00B\xb4\xf2&\x00\xe2\xead\xd0\"\x16\x84v\n\xcdN\xb6\xa4\xe0\xb7e\x97 ?\xb5\xa1E=t\x96\xbd\xfd\xc5\xebn\xb7\n\xc2\xbc\xa2\xa8\x04#\x84\xa7R|\xed\x8f\x03\x01\x10wLT\vay\x12\xb63\x9e\a\x8e\xbd\x18y<\xb3\v\x14\x82\x97&\xfcm\x86\x10o\xdc\xf3x\xfd\x06\x87t\xb9$\x94,f\x9b0\xcd\xd3\r\xb1e\'\x19\xc1\xe7>*\xad\xa5+\xa8\x1c\x88\xa1\x0e[\x99\xb6LKZ\x9e\r\xd0r\xe2Ct\xc1\x99\x1b/\xc5P.aUdq\x97\x94\xb9\xa8qU\xae*g\x86\xc9\xa4\xe7\n\vh-v\"o.\xbf6\x13\tFK\x8e\xc6&&\x13\x81\x00\x8c7PS\x9c\xa3\xfb\x1d\xa9\x98\xd47\n\xa7\xd1\x10\xb3i\xd2\xa8\x18f\xb3K\x9b\x9b\x8c\xe8\x84\xa3,5-\xd6\xae\xbd\x1d\xf2o\x99\x02\x1azw9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x04\bl\x042\x935\x9e\xeeH\x87\xda\x10\x8f^1\x89L`\xf4[\x06\xf6\xc7\xd0#\xdb\xb1\\\xc3\xb1\xb8\xe8\xde2\xbb\xf8I\x9c\x17KI\x8c\f\x1d\xaa\xa0\xdb\xc7\x9e\x81\x90CTe\xfa\x8dq&\x17\x908\xc9T\xffm\x930\x1d\x91\xf8|t\xfd\x18\xd5\xb0\xcbH\xa7\xb6T\n\x11%\xba\x16o\r\xf6\x90k\xfb\a\xa1\x15\x0e\xe1\xce0Q\xd0\x00\xc1\x1a\x1f\xaa8\xfbo)rtYK\"c\xe2c\xbeM\x9bT\x05\xf3\xccC\x8c\x00\xdf\x8c\x1b+\xca\x80', 0x84, 0xe83) sendmmsg$auto(r3, &(0x7f00000001c0)={{&(0x7f0000000000), 0x5ac, &(0x7f0000000100)={&(0x7f0000000200), 0x35}, 0x5, 0x0, 0x5, 0xe}, 0x5}, 0x2, 0x100) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0xccc8, 0xa, 0x3, 0x14, 0xfffffffffffffffa, 0x8000) r4 = socket$nl_generic(0x10, 0x3, 0x10) socket(0x2, 0x3, 0x1) mmap$auto(0x0, 0x3, 0xdf, 0x9b72, 0x2, 0x8000) setreuid$auto(0x0, 0x20000000004) ioctl$auto(0x3, 0x8916, 0x91) close_range$auto(0x0, 0x5, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) epoll_create$auto(0x20003f) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) fcntl$auto(r4, 0x410, r2) mq_open$auto(&(0x7f00000000c0)='\x12\xe6D\b\x9e\x00\x80\x8d\f\xb9w-\xbd!\x9eb\xed\xfb\x0f\xe5\x9dZ\xc2\xd1\x01wBV\x91\x8f_\xc0.\x84\xfe\x84\xd1se\x01\x06\x00\xb3\x13_Y&\xa9\x88\xe4\xa2\xb0V\x85\x92<\xb6\xdcT \\\xf2\v\xb1\xe2\xd8\xfa\xd8V\xe5\x00\xfa\xe9!\xc5<\xce\x18=\x06\xdagq\xb5\r\t\xb2\xde\x99\xd50\xbb\x192\x1c4\x86\xc0\xc1-\xd5\x10\xc3\xfc*[8\x89h\xc5\xba\xff\xc8u5f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0xffffffffffffffff, 0x400008, 0xdf, 0x17, r0, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) openat$auto_show_traces_fops_trace(0xffffffffffffff9c, 0x0, 0x826c0, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bpf$auto(0x8000000, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x5, 0x9, 0x3, 0x80, 0x8, 0x4, 0x1, 0x200, 0x8, 0x401, 0x2, 0xe2, 0x4, 0xc28}, 0x0) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f0000000340)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dT\xbab.B^\xe9\xd1J\xc7\xc0\'\xddV\xd4\xee\xc2\xdd\xa7\xd6\xc7\xca\"E\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\a\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4mt\xa7\x88@\x00!\xdc\x9a\x1c\xf5\xec\x03\x1e\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x95\x99K\x00\x00\x00\x00\x00\x00K\fE\a\xca\xd36\xe8\xcb?C\x0f\xdfm\xaa\xa4\x7f$\x1d\xd2\xa1mZ\xdd\x00\'\xeb3\xf3\x83:\x02X\xad^\xe8\f\xf5\xa7\x10\x1b\x94\xfe\xe6\xfb\x12\x94\xd4_\v\xf9\x1a\xdd!\xfb\xe25\xbaN\xf7F\x1f\xf8\xdbu:\x90\xf2\xc6W8\xfa\x85\x19\x188\x8f1\xd1\x9f\x83\vI\xc8\x91?0}\xd06\x87\xc7\xc7', 0x100100a3d4) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/platform/i8042/serio0/scroll\x00', 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(r2, 0x0, 0x24000000) write$auto(r3, &(0x7f00000001c0)='1\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7k', 0x81) write$auto(r3, 0x0, 0x98c7) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020005, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) r4 = syz_clone(0x4001000, 0x0, 0x0, 0x0, 0x0, 0x0) socket(0xa, 0x3, 0x3b) socket(0xa, 0x3, 0x3b) pidfd_send_signal$auto_PIDFD_SELF_THREAD_GROUP(0xffffffffffffb1e0, 0x4, &(0x7f0000000240)={@siginfo_0_0={0xffffd034, 0x4, 0xfffffffe, @_timer={r4, 0x0, @sival_int=0xa3, 0xd5ba}}}, 0x1) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, 0x0, 0x8a240, 0x0) socketpair$auto(0x1, 0x5, 0x2a340, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x1ff, 0x3, 0x1, 0x7, 0xfffffffffffffffb, 0x15f4da05, 0x10, 0x1000, 0x3, 0x4000008000001f, 0x6, 0x6d3e, 0x8cfb7, 0x9, 0x6]}, 0x0) wait4$auto(r4, 0x0, 0x80000001, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv6/conf/all/forwarding\x00', 0x42a81, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/hugetlb.1GB.limit_in_bytes\x00', 0x10b142, 0x0) 3.57117065s ago: executing program 4 (id=1826): socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket(0x11, 0x3, 0x2) socket(0x21, 0x2, 0xa) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socketpair$auto(0x3, 0x5, 0x7, 0x0) getsockopt$auto(0x6, 0x110, 0x6, 0xffffffffffffffff, 0x0) close_range$auto(0x0, 0xffffffffffffffff, 0x4) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/mm/ksm/sleep_millisecs\x00', 0x200, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000040)=""/195, 0xc3) r1 = socket(0xa, 0x2, 0x0) openat$auto_tracing_iter_fops_trace(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/kernel/debug/tracing/trace_options\x00', 0x2, 0x0) cachestat$auto(r1, &(0x7f0000000000)={0x9, 0x7fc}, &(0x7f0000000040)={0x2, 0xfffffffffffffffc, 0xd2, 0xfffffffffffffffd, 0x1}, 0x0) 3.313210833s ago: executing program 4 (id=1827): openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/binder/parameters/stop_on_user_error\x00', 0x2, 0x0) close_range$auto(0x0, 0x5, 0x0) openat$auto_ep0_operations_inode(0xffffffffffffff9c, &(0x7f0000000000), 0x8a001, 0x0) epoll_create$auto(0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/security/tomoyo/manager\x00', 0x20002, 0x0) r0 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) socket(0x10, 0x2, 0x0) mmap$auto(0x100, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r1 = prctl$auto(0x3d, 0x1, 0x0, 0x1, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) mmap$auto(0x20000000000000, 0x4, 0x2, 0x40eb1, r0, 0x300000000000) r2 = openat$auto_vhost_vsock_fops_vsock(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) poll$auto(&(0x7f0000000180)={r2, 0xfff7, 0x9816}, 0x7f, 0x9) r4 = syz_open_procfs$namespace(0x0, &(0x7f0000000080)) fchdir$auto(r4) rename$auto(&(0x7f0000000000)='./cgroup\x00', &(0x7f0000000080)='./cgroup\x00') ioctl$auto_VHOST_SET_OWNER(r3, 0xaf01, 0x0) openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000000), 0x2400, 0x0) mmap$auto(0x0, 0xa00006, 0x2, 0x40eb1, 0x602, 0x300000000000) migrate_pages$auto(0x0, 0xa, &(0x7f0000000100)=0x5, &(0x7f0000000140)=0x2) ioctl$auto_VHOST_SET_LOG_FD2(r2, 0x4004af07, &(0x7f00000003c0)) r5 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="f2000000", @ANYBLOB='.\x00', @ANYRES8=r5], 0x1ac}, 0x1, 0x0, 0x0, 0x24040840}, 0x94) sendmmsg$auto(r5, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080), 0xfc2}, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r6 = openat$auto_tracing_total_entries_fops_trace(0xffffffffffffff9c, &(0x7f0000000340)='/sys/kernel/tracing/buffer_total_size_kb\x00', 0x20801, 0x0) read$auto_tracing_total_entries_fops_trace(r6, 0x0, 0x0) prctl$auto_PR_GET_CHILD_SUBREAPER(0x25, 0x8, 0xfffffffffffffffa, 0x9, 0xfffffffffffffbff) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000140)='/sys/devices/platform/dummy_hcd.5/usb6/idVendor\x00', 0x80000, 0x0) read$auto(r7, &(0x7f0000000100)='\xcb%)\x00', 0x7) 3.151424442s ago: executing program 1 (id=1828): syslog$auto_SYSLOG_ACTION_CONSOLE_ON(0x9, &(0x7f0000000000)='\xa1{%]@[)@#\'+\x00', 0x1) mmap$auto(0x0, 0x400008, 0x8001, 0x20000009b72, 0xffffffffffffffff, 0x5) socket(0x10, 0x2, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS0\x00', 0x800, 0x0) ioctl$auto_TIOCSWINSZ2(r1, 0x5414, &(0x7f00000001c0)) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) sendmsg$auto_NL80211_CMD_SET_MESH_CONFIG(0xffffffffffffffff, 0x0, 0x4008100) mmap$auto(0x0, 0x8020009, 0xe2, 0xcb1, 0x401, 0x8040001008000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) openat$auto_proc_single_file_operations_base(0xffffffffffffff9c, 0x0, 0x222800, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000001c0)={'wlan0\x00'}) mmap$auto(0x0, 0x20008, 0xdf, 0xeb1, 0x401, 0x8000) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) ioctl$auto(0x3, 0x8905, 0x38) get_robust_list$auto(0x0, 0x0, 0x0) setsockopt$auto(r2, 0x10f, 0x87, 0x0, 0x14) setsockopt$auto(0x3, 0x10f, 0x87, 0x0, 0x14) recvmmsg$auto(r2, &(0x7f0000000200)={{0x0, 0x2, &(0x7f0000000140)={0x0, 0x4da}, 0x6, 0x0, 0x8, 0x7ff}, 0x1000}, 0xffffffff, 0x4, 0x0) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x230) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) 3.089284078s ago: executing program 5 (id=1829): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r0 = pipe$auto(0x0) close_range$auto(r0, r0, 0x0) open(0x0, 0x22240, 0x155) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyr2\x00', 0x0, 0x0) prctl$auto(0x1, 0x9, 0xffffffffffffffff, 0x0, 0x8) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TCFLSH2(r1, 0x5408, 0x0) (fail_nth: 3) 2.606349238s ago: executing program 4 (id=1830): mmap$auto(0x0, 0x20004, 0x1ff, 0xeb1, 0x8000000000000024, 0x8000) r0 = pipe$auto(0x0) close_range$auto(r0, r0, 0x0) r1 = open(0x0, 0x2240, 0x155) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ptyr2\x00', 0x0, 0x0) unshare$auto(0x40000080) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/mtdblock0\x00', 0x14fe02, 0x0) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) preadv2$auto(r2, &(0x7f0000000040)={0x0, 0x80000003}, 0x6, 0xffffffffffffffff, 0x8000000000000, 0x2f) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r4 = prctl$auto(0x2, 0x0, 0x0, 0x3, 0x80e) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptypc\x00', 0x52cc3124f17e2787, 0x0) close_range$auto(0xffffffffffffffff, 0xa, 0x0) mmap$auto(0x8001, 0x5, 0x3, 0x11, 0x7, 0x1) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) openat$auto_fops_atomic_t_(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/fail_futex/space\x00', 0x101001, 0x0) r5 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_MEMGETINFO(r5, 0x80204d01, 0x0) ioctl$auto(r2, 0x2, r1) r6 = openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x40200, 0x0) read$auto(0x3, 0x0, 0xfffffdef) syz_genetlink_get_family_id$auto_batadv(&(0x7f00000001c0), r0) syz_genetlink_get_family_id$auto_seg6(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, r4, 0x8000) getsockopt$auto_SO_SNDBUF(r6, 0x73, 0x7, &(0x7f0000000100)='\x00\xe5\xff\xff\x1f', &(0x7f0000000140)=0x5) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mbind$auto(0x1c0000, 0x800097, 0x1, 0x0, 0x3, 0x1) mbind$auto(0x0, 0x800605, 0x1, &(0x7f0000000500)=0xffff, 0xa, 0x8) 2.5841731s ago: executing program 5 (id=1831): sendmsg$auto_NFSD_CMD_THREADS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x80) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) prctl$auto(0x3b, 0x5, 0x0, 0x7fffffff, 0x7ffffffffdffffff) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ram13\x00', 0x10d080, 0x0) mmap$auto(0x0, 0x238, 0x1000, 0x12, r0, 0x28000) r1 = openat$auto_proc_mem_operations_base(0xffffffffffffff9c, &(0x7f0000001640)='/proc/self/mem\x00', 0x401, 0x0) write$auto_proc_mem_operations_base(r1, &(0x7f00000003c0)="dc7727d59cf6e27a2521d0ebe5e5f6cd9dfde0ffd6935b95658a620e5f58a0e6998af138c793673f4dd84aa27c86cb68d71a3f6948f09f13a239fd47f1b2b6c38fc215788c3614427ff0e9696c10db2cf9ad7cdae9ff875557ef86e50513af9eafe41d0c05429e6780db98b07830a8a30a1e886140096699a37dc68ee211c662d84c3d9364097df86f0a5949dbd7751e731e5468bf06d7cc78542b3c05d28b89747735c7e27a23208f52f8f2452e8d66254237245e5a8d3b8e66bcc0a06e4f9905d7bc3ee131d9deeaf14077f0f34ec99fc3d0e62d6a4797da2dd07589419e841a3de517c0f4952840ca514df2d0e3f0e90f3319677458c06ccf4f3d87f4d12451fab2308f590febc37f671c70e667716a046dc788ced734295f91130e039d62572d9bd720c20f8190d0c153e39a99e0fc4c9b7f824b7295c3f638adf0cf36356bb447dee5aa6250fd37", 0xfffffd9a) mmap$auto(0xfffffffffffffffe, 0xff26, 0x6, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_batadv(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) bind$auto(0x3, 0x0, 0x6a) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r2, 0x0, 0x20) openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) syz_clone(0x2360411, 0x0, 0x0, 0x0, 0x0, 0x0) mknod$auto(&(0x7f0000000080)='}[,&*}\x00', 0xe6c, 0x17) mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) madvise$auto(0x0, 0xfffffffffffeffff, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) mmap$auto(0x0, 0x2020009, 0x203, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) timer_getoverrun$auto(0x5) llistxattr$auto(&(0x7f0000000040)='}[,&*}\x00', 0x0, 0x7) close_range$auto(0x2, 0xffffffffffffffff, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x3, 0x3a) 2.090666109s ago: executing program 1 (id=1832): mmap$auto(0x0, 0x4, 0xffffffffffffffff, 0x400eb1, 0xfffffffffffffffa, 0x8000) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='/sys/devices/virtual/block/nbd3/queue/iosched/front_merges\x00', 0x2041, 0x0) mmap$auto(0x0, 0x10005, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x15, 0x5, 0x0) getsockopt$auto(r0, 0x114, 0x2718, 0xfffffffffffffffc, 0x0) socket(0x2, 0x1, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r1, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc3\xdd\xa7\xee$\xf5\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xe6\x06g\x1a\xfc\xa8\x02\vw\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) r2 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/loop2\x00', 0x24040, 0x0) ioctl$auto_BLKTRACESETUP(r2, 0xc0481273, &(0x7f0000000240)={"ef65ce6c0000000000001000", 0x3ff, 0x408, 0xc, 0x400004, 0x200000000040000d}) ioctl$auto_BLKTRACETEARDOWN(r2, 0x1276, 0x0) madvise$auto(0x0, 0x5, 0x15) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) r3 = openat$auto_xfs_dir_file_operations_xfs_file(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/bluetooth/hci1/power\x00', 0x217102, 0x0) recvmmsg$auto(r3, 0x0, 0xd, 0xc, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) write$auto(0xca, 0x0, 0x2d9) sendmsg$auto_HWSIM_CMD_DEL_RADIO(0xffffffffffffffff, 0x0, 0x40800) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x2, 0x8544, 0xaa) madvise$auto(0x0, 0x200007, 0x19) prctl$auto(0x43, 0x0, 0x0, 0xfffffffffffffffe, 0x5) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/mnt\x00') mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socket(0x2, 0x1, 0x0) bind$auto(0x3, 0x0, 0x6a) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/fs/ext4/sda1/mb_stats\x00', 0x88000, 0x0) 1.412071598s ago: executing program 0 (id=1833): mmap$auto(0x3, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) socket(0x29, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) (async) socket$nl_generic(0x10, 0x3, 0x10) keyctl$auto(0x16, 0xfffffbfffffffffe, 0x2, 0x32, 0xfff) (async) keyctl$auto(0x16, 0xfffffbfffffffffe, 0x2, 0x32, 0xfff) ioctl$auto(0x3, 0x89e2, 0x91) socket(0xa, 0x2, 0x88) mmap$auto(0x0, 0x8, 0xdf, 0x29b72, 0x2, 0x8000) getsockopt$auto(0x6, 0x40000000029, 0x2, 0xfffffffffffffffe, 0x0) 1.355544949s ago: executing program 4 (id=1834): r0 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self/net/tcp\x00', 0x181800, 0x0) read$auto(r0, &(0x7f0000000100)='^$\x00', 0x1) fsconfig$auto_SHMEM_HUGE_NEVER(r0, 0x5, &(0x7f0000000000)='%{\x00', &(0x7f0000000040)="2410b0fb596305c4c5e17742ad1421cd776cebbb74d5ff953038af062edd", 0x0) 1.25310986s ago: executing program 0 (id=1835): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x32f1c0, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) openat$auto_mISDN_fops_timerdev(0xffffffffffffff9c, &(0x7f0000000200), 0x101000, 0x0) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0x40000000000a5, 0x8000) socket(0x2a, 0x2, 0x8001) socket(0x27, 0x1, 0x40000000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) r1 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/snd/midiC2D0\x00', 0x1, 0x0) bind$auto(0xffffffffffffffff, &(0x7f0000000000)=@in={0x2, 0x4e22, @remote}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/virtual/memory_tiering/memory_tier4/nodelist\x00', 0x22100, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) select$auto(0xa, 0x0, 0x0, &(0x7f0000000180)={[0x1ff, 0x990, 0xffffffffffffffff, 0x1, 0x948b, 0x4002a1, 0x95f4da0a, 0xfffffffffffffffe, 0x3, 0x62, 0x80000001, 0x6, 0x0, 0xc, 0x3, 0xfffffffffffffffe]}, 0x0) write$auto(r1, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x11, 0x1, 0x7ff, 0x2003, 0x15f4da0a, 0x2000000000000003, 0x3, 0x62, 0x80000023, 0x7, 0x6d3e, 0xc, 0x2495dae0, 0x6]}, 0x0) write$auto_console_fops_tty_io(0xffffffffffffffff, 0x0, 0x0) r2 = openat$auto_dynamic_events_ops_trace_dynevent(0xffffffffffffff9c, &(0x7f0000000240)='/sys/kernel/debug/tracing/dynamic_events\x00', 0x60001, 0x0) read$auto_dynamic_events_ops_trace_dynevent(r2, &(0x7f0000000340)=""/128, 0x80) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) unshare$auto(0x40000080) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/input/mouse0\x00', 0x1102, 0x0) acct$auto(&(0x7f0000000100)='/dev/psaux\x00') openat$auto_tracing_fops_trace(0xffffffffffffff9c, 0x0, 0x101501, 0x0) socket(0x21, 0x3, 0x5e57) close_range$auto(0x2, 0x8, 0x0) openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, 0x0, 0x48402, 0x0) ioctl$auto_SNAPSHOT_AVAIL_SWAP_SIZE(r0, 0x80083313, 0x0) 1.025236772s ago: executing program 1 (id=1836): r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mtdblock0\x00', 0x14f602, 0x0) ioctl$auto_BLKGETDISKSEQ(r0, 0x80081280, &(0x7f0000000480)=0x302) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0xa, 0x0) socket(0x2, 0x1, 0x106) migrate_pages$auto(0x0, 0x99, 0x0, &(0x7f00000001c0)=0x6) r1 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio1\x00', 0x80e42, 0x0) ioctl$auto_SNDCTL_DSP_CHANNELS(r1, 0xc0045006, &(0x7f00000001c0)) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/adsp1\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SYNC(r2, 0x5001, 0x0) write$auto(0x3, 0x0, 0x100082) open_tree_attr$auto(0xffffffffffffffff, 0x0, 0x9000, &(0x7f0000000480)={0x6, 0xc753, 0x400}, 0x4756) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_tracing_pipe_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/tracing/trace_pipe\x00', 0x20c01, 0x0) select$auto(0x11, 0x0, 0x0, &(0x7f00000002c0)={[0x10000000000001fc, 0x7, 0xd3e, 0x1, 0x9687, 0x100000000000003, 0x95f4da0a, 0x6, 0x3, 0x62, 0x5, 0x5, 0x6d3f, 0x7, 0x6, 0x6]}, 0x0) close_range$auto(0x2, 0x8, 0x0) 969.628041ms ago: executing program 4 (id=1837): r0 = socket(0x29, 0x800, 0x0) r1 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r1, 0x65, 0x1, 0x0, 0x4) r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000040)) fcntl$auto(r2, 0x402, 0x2) openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/maps\x00', 0x40302, 0x0) close_range$auto(0x2, 0xa, 0x0) mmap$auto(0x0, 0x6, 0x80dc, 0x18, 0x401, 0x8006) sendmsg$auto_TCP_METRICS_CMD_GET(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="e200360000", @ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}}, 0x40000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/loop12\x00', 0x351cc1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x25, 0x5, 0x2) sendmsg$auto_NL80211_CMD_COLOR_CHANGE_REQUEST(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="180000006fa4610121459f272df4748219cabcc573c62a76f5cf08a91fc9e754464dd5965bb77f5c98d489c7164157829f9a", @ANYRES16=0x0, @ANYBLOB="01002dbd7000fcdbdf258e00000004008300"], 0x18}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r3, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) io_uring_setup$auto(0x946, 0x0) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0xd3e, 0x1, 0x948b, 0x3, 0x800295f4da0a, 0x2, 0x3, 0x62, 0x80000001, 0x50a7, 0x6d3f, 0x9, 0x2, 0xfffffffffffffffe]}, 0x0) openat$auto_vhost_net_fops_net(0xffffffffffffff9c, &(0x7f0000000340), 0x600000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7f, 0xd, 0x1, 0x948f, 0x1005, 0xffff, 0x7, 0xfffffffffffffff4, 0x7, 0x9, 0x7a0, 0x6, 0x100000000000000, 0xfffffffffffffffe, 0xf]}, 0x0) open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) write$auto(0x3, 0x0, 0x7fffffff) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_vdpa(0x0, 0xffffffffffffffff) connect$auto(0x3, 0x0, 0x55) 210.94604ms ago: executing program 4 (id=1838): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) syz_genetlink_get_family_id$auto_ovs_packet(0x0, 0xffffffffffffffff) ioctl$auto(0xffffffffffffffff, 0xab07, 0xffffffffffffffff) r0 = openat$auto_component_list_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x440000, 0x0) io_uring_register$auto_IORING_REGISTER_NAPI(r0, 0x1b, 0x0, 0x36e) io_uring_register$auto(r0, 0xffff, &(0x7f0000000080)="5602971859f1d31d82614f89c1e7bee5c559b6a64be47947abdf306216b19bc218ef4fe96b0bbe3cfeecffef0444765a4d85ac010d0a70e1b561dc084bc5c05d9e9ad108cad27b147e17a5d5878adb8342a4fe46a4935fcab82cc85c2aa23cdf37349c009b92ed379dbb32f557c8453d1810f74897031637cd26a84f423bd9182d92cd87ca95d0", 0x9) (async) r1 = openat$auto_ubi_ctrl_cdev_operations_ubi(0xffffffffffffff9c, &(0x7f0000000180), 0xc0900, 0x0) ioctl$auto_UBI_IOCATT(r1, 0x40186f40, 0x0) (async) ioctl$auto_UBI_IOCDET(r1, 0x40046f41, 0x0) 118.907191ms ago: executing program 0 (id=1839): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x20009, 0xdf, 0x20000000000e31, 0x40000000000a5, 0x8000) ioctl$auto_TIOCSETD2(0xffffffffffffffff, 0x5423, 0x0) bpf$auto(0x3, &(0x7f0000000180)=@task_fd_query={0x0, 0xffffffffffffffff, 0x8, 0xffffff81, 0x1, 0x5, 0xffffffffffffffff, 0x100000000, 0x5f6}, 0xe967) close_range$auto(0x2, 0x8, 0x0) socket(0x10, 0x2, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000000), 0x103080, 0x0) close_range$auto(0x2, 0x8, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0x6ab82, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae41, r1) ioctl$auto_KVM_GET_MSRS(r0, 0x4008ae89, &(0x7f0000000100)={0x2, 0x0, [{0x40000010, 0x400, 0x718c1257}, {0x42, 0x8, 0x3}]}) r2 = socket(0x2, 0x5, 0xc) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x406a) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) move_pages$auto(0x1, 0x2000000000003, 0x0, 0x0, 0x0, 0x8000400000000000) ioctl$auto_EVIOCGEFFECTS(0xffffffffffffffff, 0x80044584, &(0x7f0000000000)=0xfffffff9) setuid$auto(0xe) ioctl$auto(0x3, 0x400454ca, 0x38) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_setup$auto(0x1, 0x0) setsockopt$auto(0x3, 0x10000000084, 0xb, 0x0, 0x8) sendmmsg$auto(r2, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x1fff8}, 0x7, 0x0, 0x2, 0xb}, 0xfff}, 0x5, 0x311) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) mbind$auto(0x0, 0x100000004, 0x100000000, 0x0, 0x6, 0x2) madvise$auto(0x0, 0xffffffffffff0006, 0x17) msync$auto(0x1ffff000, 0x1800000000000fe, 0x400000004) mmap$auto(0x1, 0x8d4, 0x6, 0x6f52, 0xffffffffffffffff, 0x8000) lstat$auto(0x0, 0x0) 0s ago: executing program 5 (id=1840): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/pci0000:00/pci_bus/0000:00/rescan\x00', 0xc2801, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket(0x10, 0x2, 0x0) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r1, 0x0, 0x20) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, 0x0, 0x101001, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) r2 = pidfd_open$auto(0x1, 0x0) setns(r2, 0x6002008c) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/bus/pci/drivers/vmwgfx/new_id\x00', 0xa001, 0x0) r3 = openat$auto_proc_tid_children_operations_internal(0xffffffffffffff9c, &(0x7f0000000080), 0x41180, 0x0) read$auto(r3, 0x0, 0x58b22256) r4 = socket(0x11, 0x2, 0x6) capset$auto(0x0, &(0x7f0000000000)={0x5, 0x37, 0x10000}) sendmmsg$auto(r4, &(0x7f00000001c0)={{&(0x7f0000000000), 0x1aa, &(0x7f0000000100)={&(0x7f00000003c0), 0x49}, 0x5, &(0x7f0000000180), 0x5, 0x1000}, 0x5}, 0x2, 0x100) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0x9) write$auto(r0, 0x0, 0x6) futex$auto(0x0, 0x8c, 0x1, 0x0, 0x0, 0x1) kernel console output (not intermixed with test programs): 49.699398][T10612] input: jJ׸-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input10 [ 349.914186][T10615] Invalid ELF header magic: != ELF [ 350.685169][T10630] FAULT_INJECTION: forcing a failure. [ 350.685169][T10630] name failslab, interval 1, probability 0, space 0, times 0 [ 350.715746][T10630] CPU: 1 UID: 0 PID: 10630 Comm: syz.0.1086 Tainted: G L syzkaller #0 PREEMPT(full) [ 350.715801][T10630] Tainted: [L]=SOFTLOCKUP [ 350.715812][T10630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 350.715829][T10630] Call Trace: [ 350.715840][T10630] [ 350.715852][T10630] dump_stack_lvl+0x100/0x190 [ 350.715894][T10630] should_fail_ex.cold+0x5/0xa [ 350.715946][T10630] should_failslab+0xc2/0x120 [ 350.715999][T10630] kmem_cache_alloc_noprof+0x83/0x780 [ 350.716038][T10630] ? __kernfs_new_node+0xd2/0x960 [ 350.716089][T10630] ? __kernfs_new_node+0xd2/0x960 [ 350.716142][T10630] __kernfs_new_node+0xd2/0x960 [ 350.716182][T10630] ? kernfs_add_one+0x583/0x850 [ 350.716233][T10630] ? __pfx___kernfs_new_node+0x10/0x10 [ 350.716284][T10630] ? find_held_lock+0x2b/0x80 [ 350.716314][T10630] ? kernfs_root+0xee/0x2a0 [ 350.716352][T10630] ? kernfs_root+0xee/0x2a0 [ 350.716402][T10630] kernfs_new_node+0x11b/0x1a0 [ 350.716456][T10630] __kernfs_create_file+0x53/0x350 [ 350.716516][T10630] sysfs_add_file_mode_ns+0x207/0x3c0 [ 350.716569][T10630] sysfs_create_file_ns+0x145/0x1e0 [ 350.716615][T10630] ? __pfx_sysfs_create_file_ns+0x10/0x10 [ 350.716663][T10630] ? __pfx___up_read+0x10/0x10 [ 350.716729][T10630] ? acpi_device_notify+0x464/0x500 [ 350.716766][T10630] ? kobject_put+0xb9/0x640 [ 350.716826][T10630] device_create_file+0xf2/0x1d0 [ 350.716880][T10630] device_add+0x2cb/0x1950 [ 350.716923][T10630] ? __pfx_dev_set_name+0x10/0x10 [ 350.716967][T10630] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 350.716999][T10630] ? __pfx_device_add+0x10/0x10 [ 350.717049][T10630] ? lockdep_init_map_type+0x5c/0x250 [ 350.717091][T10630] ? __init_waitqueue_head+0xca/0x150 [ 350.717148][T10630] netdev_register_kobject+0x1a9/0x3d0 [ 350.717186][T10630] register_netdevice+0x12b3/0x21d0 [ 350.717225][T10630] ? __pfx_register_netdevice+0x10/0x10 [ 350.717274][T10630] ? alloc_netdev_mqs+0x1163/0x14f0 [ 350.717325][T10630] ? __pfx_loopback_net_init+0x10/0x10 [ 350.717356][T10630] register_netdev+0x34/0x50 [ 350.717384][T10630] loopback_net_init+0x7a/0x170 [ 350.717415][T10630] ? __pfx_loopback_net_init+0x10/0x10 [ 350.717443][T10630] ops_init+0x1e2/0x5f0 [ 350.717507][T10630] setup_net+0x118/0x3a0 [ 350.717537][T10630] ? __pfx_setup_net+0x10/0x10 [ 350.717579][T10630] ? lockdep_init_map_type+0x5c/0x250 [ 350.717629][T10630] ? mutex_init_lockep+0x110/0x150 [ 350.717690][T10630] copy_net_ns+0x46f/0x7c0 [ 350.717726][T10630] create_new_namespaces+0x3ea/0xab0 [ 350.717771][T10630] unshare_nsproxy_namespaces+0xc3/0x1f0 [ 350.717811][T10630] ksys_unshare+0x455/0xab0 [ 350.717860][T10630] ? __pfx_ksys_unshare+0x10/0x10 [ 350.717903][T10630] ? xfd_validate_state+0x129/0x190 [ 350.717966][T10630] __x64_sys_unshare+0x31/0x40 [ 350.718009][T10630] do_syscall_64+0xc9/0xf80 [ 350.718052][T10630] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 350.718084][T10630] RIP: 0033:0x7f4ba079aeb9 [ 350.718111][T10630] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 350.718142][T10630] RSP: 002b:00007f4ba16e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 350.718173][T10630] RAX: ffffffffffffffda RBX: 00007f4ba0a15fa0 RCX: 00007f4ba079aeb9 [ 350.718192][T10630] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 350.718210][T10630] RBP: 00007f4ba0808c1f R08: 0000000000000000 R09: 0000000000000000 [ 350.718228][T10630] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 350.718245][T10630] R13: 00007f4ba0a16038 R14: 00007f4ba0a15fa0 R15: 00007ffe79d6aba8 [ 350.718287][T10630] [ 351.552124][T10644] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1089'. [ 352.548965][T10672] netlink: 'syz.3.1098': attribute type 27 has an invalid length. [ 352.561407][T10672] netlink: 146 bytes leftover after parsing attributes in process `syz.3.1098'. [ 353.388771][T10690] Format for unlinking a device is "netnsfd:ifidx" (int uint). [ 353.905769][T10714] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1104'. [ 354.725041][T10728] binder: 10725:10728 ioctl 80405600 38 returned -22 [ 354.753236][T10723] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1107'. [ 355.280753][T10747] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1113'. [ 357.082290][T10786] FAULT_INJECTION: forcing a failure. [ 357.082290][T10786] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 357.118859][T10786] CPU: 1 UID: 0 PID: 10786 Comm: syz.2.1122 Tainted: G L syzkaller #0 PREEMPT(full) [ 357.118905][T10786] Tainted: [L]=SOFTLOCKUP [ 357.118915][T10786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 357.118930][T10786] Call Trace: [ 357.118939][T10786] [ 357.118949][T10786] dump_stack_lvl+0x100/0x190 [ 357.118988][T10786] should_fail_ex.cold+0x5/0xa [ 357.119033][T10786] _copy_to_user+0x32/0xd0 [ 357.119077][T10786] simple_read_from_buffer+0xcb/0x170 [ 357.119110][T10786] proc_fail_nth_read+0x1af/0x230 [ 357.119146][T10786] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 357.119181][T10786] ? rw_verify_area+0xce/0x6d0 [ 357.119208][T10786] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 357.119240][T10786] vfs_read+0x1e4/0xb30 [ 357.119275][T10786] ? __pfx_vfs_read+0x10/0x10 [ 357.119301][T10786] ? find_held_lock+0x2b/0x80 [ 357.119331][T10786] ? __fget_files+0x215/0x3d0 [ 357.119368][T10786] ? __fget_files+0x21f/0x3d0 [ 357.119409][T10786] ksys_read+0x12a/0x250 [ 357.119440][T10786] ? __pfx_ksys_read+0x10/0x10 [ 357.119493][T10786] do_syscall_64+0xc9/0xf80 [ 357.119529][T10786] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.119557][T10786] RIP: 0033:0x7f665bb5b78e [ 357.119579][T10786] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 357.119606][T10786] RSP: 002b:00007f665c9defe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 357.119633][T10786] RAX: ffffffffffffffda RBX: 00007f665c9df6c0 RCX: 00007f665bb5b78e [ 357.119652][T10786] RDX: 000000000000000f RSI: 00007f665c9df0a0 RDI: 0000000000000001 [ 357.119668][T10786] RBP: 00007f665c9df090 R08: 0000000000000000 R09: 0000000000000000 [ 357.119684][T10786] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 357.119700][T10786] R13: 00007f665be16038 R14: 00007f665be15fa0 R15: 00007fff4ba0e128 [ 357.119741][T10786] [ 357.905754][T10805] usb usb36: usbfs: process 10805 (syz.0.1126) did not claim interface 0 before use [ 358.390886][T10814] netlink: 218 bytes leftover after parsing attributes in process `syz.2.1128'. [ 359.509189][T10815] FAULT_INJECTION: forcing a failure. [ 359.509189][T10815] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 359.531545][T10815] CPU: 1 UID: 0 PID: 10815 Comm: syz.2.1128 Tainted: G L syzkaller #0 PREEMPT(full) [ 359.531592][T10815] Tainted: [L]=SOFTLOCKUP [ 359.531602][T10815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 359.531618][T10815] Call Trace: [ 359.531628][T10815] [ 359.531638][T10815] dump_stack_lvl+0x100/0x190 [ 359.531679][T10815] should_fail_ex.cold+0x5/0xa [ 359.531720][T10815] ? prepare_alloc_pages+0x16d/0x5f0 [ 359.531766][T10815] should_fail_alloc_page+0xeb/0x140 [ 359.531808][T10815] prepare_alloc_pages+0x1f0/0x5f0 [ 359.531858][T10815] __alloc_frozen_pages_noprof+0x193/0x2410 [ 359.531902][T10815] ? __up_read+0x2c5/0x700 [ 359.531946][T10815] ? __pfx___up_read+0x10/0x10 [ 359.531987][T10815] ? __rmap_walk_file+0x5c5/0x680 [ 359.532031][T10815] ? __rmap_walk_file+0x5c5/0x680 [ 359.532078][T10815] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 359.532118][T10815] ? __rmap_walk_file+0x50f/0x680 [ 359.532166][T10815] ? rmap_walk_file+0x1dd/0x2a0 [ 359.532223][T10815] __folio_alloc_noprof+0x13/0x2f0 [ 359.532256][T10815] alloc_migration_target+0x1d7/0x640 [ 359.532304][T10815] migrate_pages_batch+0x4f2/0x4530 [ 359.532353][T10815] ? __pfx_alloc_migration_target+0x10/0x10 [ 359.532412][T10815] ? walk_pgd_range+0x1115/0x1eb0 [ 359.532449][T10815] ? __pfx_migrate_pages_batch+0x10/0x10 [ 359.532536][T10815] migrate_pages_sync+0x12c/0x880 [ 359.532585][T10815] ? __pfx_alloc_migration_target+0x10/0x10 [ 359.532641][T10815] ? __pfx_migrate_pages_sync+0x10/0x10 [ 359.532683][T10815] ? __pfx_queue_pages_test_walk+0x10/0x10 [ 359.532735][T10815] ? walk_page_range_mm_unsafe+0x32c/0xad0 [ 359.532779][T10815] migrate_pages+0x1a5b/0x2810 [ 359.532830][T10815] ? __pfx_alloc_migration_target+0x10/0x10 [ 359.532881][T10815] ? __pfx_migrate_pages+0x10/0x10 [ 359.532924][T10815] ? queue_pages_range+0x11e/0x180 [ 359.532963][T10815] ? __up_read+0x2c5/0x700 [ 359.533027][T10815] ? __pfx___up_read+0x10/0x10 [ 359.533069][T10815] ? do_migrate_pages+0x451/0x740 [ 359.533109][T10815] ? do_migrate_pages+0x451/0x740 [ 359.533160][T10815] do_migrate_pages+0x488/0x740 [ 359.533214][T10815] ? __pfx_do_migrate_pages+0x10/0x10 [ 359.533262][T10815] ? rcu_is_watching+0x12/0xc0 [ 359.533291][T10815] ? get_task_mm+0xc2/0xf0 [ 359.533327][T10815] ? security_capable+0xbd/0x260 [ 359.533370][T10815] kernel_migrate_pages+0x560/0x700 [ 359.533412][T10815] ? __pfx_kernel_migrate_pages+0x10/0x10 [ 359.533458][T10815] ? syscall_user_dispatch+0x76/0x130 [ 359.533518][T10815] __x64_sys_migrate_pages+0x96/0x100 [ 359.533564][T10815] do_syscall_64+0xc9/0xf80 [ 359.533605][T10815] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.533635][T10815] RIP: 0033:0x7f665bb9aeb9 [ 359.533662][T10815] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 359.533692][T10815] RSP: 002b:00007f665c9be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 [ 359.533721][T10815] RAX: ffffffffffffffda RBX: 00007f665be16090 RCX: 00007f665bb9aeb9 [ 359.533741][T10815] RDX: 0000200000000100 RSI: 000000000000000a RDI: 0000000000000000 [ 359.533758][T10815] RBP: 00007f665bc08c1f R08: 0000000000000000 R09: 0000000000000000 [ 359.533776][T10815] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000000 [ 359.533793][T10815] R13: 00007f665be16128 R14: 00007f665be16090 R15: 00007fff4ba0e128 [ 359.533834][T10815] [ 359.964815][T10845] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input12 [ 360.276619][T10852] input: jJǸ-¶š9ã%vø“û¨lÐQ  J86Ö‘ as /devices/virtual/input/input13 [ 362.595284][T10929] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1155'. [ 362.636847][T10929] netlink: 25 bytes leftover after parsing attributes in process `syz.0.1155'. [ 362.829023][T10923] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input14 [ 362.874029][ T7497] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 364.094439][T10962] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1163'. [ 364.117117][T10962] veth0_macvtap: left promiscuous mode [ 364.126162][T10962] macvtap0: entered promiscuous mode [ 364.142135][T10962] macvtap0: entered allmulticast mode [ 366.261146][ T30] audit: type=1800 audit(1769897182.350:6): pid=11022 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1177" name="dbroot" dev="configfs" ino=35780 res=0 errno=0 [ 366.352431][T11024] tipc: Started in network mode [ 366.357552][T11024] tipc: Node identity ffffffff, cluster identity 4711 [ 366.370270][T11024] tipc: Node number set to 4294967295 [ 366.527594][T11029] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1178'. [ 366.567822][T11030] netlink: 338 bytes leftover after parsing attributes in process `syz.2.1178'. [ 366.587562][T11031] vhci_hcd vhci_hcd.1: invalid port number 37 [ 366.600626][T11031] vhci_hcd vhci_hcd.1: default hub control req: 600d v002b i0025 l1 [ 367.309818][T11035] FAULT_INJECTION: forcing a failure. [ 367.309818][T11035] name failslab, interval 1, probability 0, space 0, times 0 [ 367.336582][T11035] CPU: 0 UID: 0 PID: 11035 Comm: syz.1.1180 Tainted: G L syzkaller #0 PREEMPT(full) [ 367.336631][T11035] Tainted: [L]=SOFTLOCKUP [ 367.336642][T11035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 367.336659][T11035] Call Trace: [ 367.336668][T11035] [ 367.336680][T11035] dump_stack_lvl+0x100/0x190 [ 367.336715][T11035] should_fail_ex.cold+0x5/0xa [ 367.336755][T11035] should_failslab+0xc2/0x120 [ 367.336791][T11035] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 367.336822][T11035] ? dquot_alloc_inode+0x51b/0xb10 [ 367.336855][T11035] ? __d_alloc+0x34/0xa80 [ 367.336888][T11035] ? __d_alloc+0x34/0xa80 [ 367.336913][T11035] __d_alloc+0x34/0xa80 [ 367.336945][T11035] d_alloc_pseudo+0x1c/0xc0 [ 367.336980][T11035] alloc_file_pseudo+0xcf/0x230 [ 367.337022][T11035] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 367.337064][T11035] __shmem_file_setup+0x1a3/0x330 [ 367.337092][T11035] shmem_zero_setup+0x93/0x1b0 [ 367.337124][T11035] __mmap_region+0x2101/0x2820 [ 367.337156][T11035] ? __pfx___mmap_region+0x10/0x10 [ 367.337210][T11035] ? finish_task_switch.isra.0+0x204/0xb70 [ 367.337240][T11035] ? finish_task_switch.isra.0+0x2c5/0xb70 [ 367.337326][T11035] ? mm_get_unmapped_area_vmflags+0xd7/0x130 [ 367.337362][T11035] ? rcu_is_watching+0x12/0xc0 [ 367.337393][T11035] mmap_region+0x180/0x3e0 [ 367.337427][T11035] do_mmap+0xc63/0x12f0 [ 367.337474][T11035] ? __pfx_do_mmap+0x10/0x10 [ 367.337508][T11035] ? __pfx_down_write_killable+0x10/0x10 [ 367.337547][T11035] vm_mmap_pgoff+0x29e/0x470 [ 367.337588][T11035] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 367.337630][T11035] ? __x64_sys_futex+0x34f/0x4d0 [ 367.337663][T11035] ? __x64_sys_futex+0x358/0x4d0 [ 367.337700][T11035] ksys_mmap_pgoff+0x7d/0x5b0 [ 367.337739][T11035] __x64_sys_mmap+0x125/0x190 [ 367.337767][T11035] do_syscall_64+0xc9/0xf80 [ 367.337799][T11035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 367.337822][T11035] RIP: 0033:0x7fe9cab9aeb9 [ 367.337841][T11035] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 367.337863][T11035] RSP: 002b:00007fe9cba9d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 367.337887][T11035] RAX: ffffffffffffffda RBX: 00007fe9cae15fa0 RCX: 00007fe9cab9aeb9 [ 367.337903][T11035] RDX: 0000000000000003 RSI: 0000000002020009 RDI: 0000000000000000 [ 367.337917][T11035] RBP: 00007fe9cac08c1f R08: fffffffffffffffa R09: 0000000000008000 [ 367.337931][T11035] R10: 0000000000000eb1 R11: 0000000000000246 R12: 0000000000000000 [ 367.337945][T11035] R13: 00007fe9cae16038 R14: 00007fe9cae15fa0 R15: 00007ffd6cd0cda8 [ 367.337977][T11035] [ 367.697709][T11038] futex_wake_op: syz.0.1181 tries to shift op by -2048; fix this program [ 367.765253][T11038] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 368.052172][T11053] netlink: 334 bytes leftover after parsing attributes in process `syz.0.1185'. [ 368.441936][T11058] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 368.454948][T11058] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 368.468610][T11058] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 368.476067][T11058] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 368.496050][T11058] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 368.795904][T11071] FAULT_INJECTION: forcing a failure. [ 368.795904][T11071] name failslab, interval 1, probability 0, space 0, times 0 [ 368.808825][T11071] CPU: 1 UID: 0 PID: 11071 Comm: syz.0.1188 Tainted: G L syzkaller #0 PREEMPT(full) [ 368.808876][T11071] Tainted: [L]=SOFTLOCKUP [ 368.808887][T11071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 368.808904][T11071] Call Trace: [ 368.808915][T11071] [ 368.808927][T11071] dump_stack_lvl+0x100/0x190 [ 368.808969][T11071] should_fail_ex.cold+0x5/0xa [ 368.809020][T11071] should_failslab+0xc2/0x120 [ 368.809065][T11071] kmem_cache_alloc_noprof+0x83/0x780 [ 368.809101][T11071] ? d_instantiate+0x90/0xb0 [ 368.809137][T11071] ? alloc_empty_file+0x55/0x1c0 [ 368.809188][T11071] ? alloc_empty_file+0x55/0x1c0 [ 368.809229][T11071] alloc_empty_file+0x55/0x1c0 [ 368.809274][T11071] alloc_file_pseudo+0x13a/0x230 [ 368.809321][T11071] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 368.809371][T11071] ? __pfx_pipe_lock_cmp_fn+0x10/0x10 [ 368.809416][T11071] create_pipe_files+0x360/0x970 [ 368.809459][T11071] do_pipe2+0xbd/0x1e0 [ 368.809501][T11071] ? __pfx_do_pipe2+0x10/0x10 [ 368.809538][T11071] ? xfd_validate_state+0x129/0x190 [ 368.809599][T11071] __x64_sys_pipe+0x33/0x50 [ 368.809637][T11071] do_syscall_64+0xc9/0xf80 [ 368.809677][T11071] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 368.809707][T11071] RIP: 0033:0x7f4ba079aeb9 [ 368.809733][T11071] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 368.809763][T11071] RSP: 002b:00007f4ba16c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000016 [ 368.809793][T11071] RAX: ffffffffffffffda RBX: 00007f4ba0a16090 RCX: 00007f4ba079aeb9 [ 368.809813][T11071] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000100 [ 368.809831][T11071] RBP: 00007f4ba0808c1f R08: 0000000000000000 R09: 0000000000000000 [ 368.809848][T11071] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 368.809866][T11071] R13: 00007f4ba0a16128 R14: 00007f4ba0a16090 R15: 00007ffe79d6aba8 [ 368.809906][T11071] [ 370.494770][T11110] netlink: 4704 bytes leftover after parsing attributes in process `syz.2.1199'. [ 370.522354][ T7497] Bluetooth: hci2: command 0x0c1a tx timeout [ 370.523900][T11109] ptrace attach of "./syz-executor exec"[5827] was attempted by "./syz-executor exec"[11109] [ 370.528493][ T7497] Bluetooth: hci3: command 0x0c1a tx timeout [ 370.546921][ T9256] Bluetooth: hci1: command 0x0c1a tx timeout [ 370.553813][ T9256] Bluetooth: hci0: command 0x0c1a tx timeout [ 370.675664][T11107] openvswitch: ovs_: Dropping previously announced user features [ 372.063817][T11159] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 372.074599][T11159] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 372.088949][T11159] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 372.204122][T11159] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 372.314651][T11159] futex_wake_op: syz.0.1212 tries to shift op by -2048; fix this program [ 372.484920][T11169] kvm: kvm [11168]: vcpu2, guest rIP: 0xfff0 Unhandled RDMSR(0x40000085) [ 372.903562][T11187] FAULT_INJECTION: forcing a failure. [ 372.903562][T11187] name fail_futex, interval 1, probability 0, space 0, times 0 [ 372.942626][T11187] CPU: 0 UID: 0 PID: 11187 Comm: syz.0.1218 Tainted: G L syzkaller #0 PREEMPT(full) [ 372.942677][T11187] Tainted: [L]=SOFTLOCKUP [ 372.942688][T11187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 372.942704][T11187] Call Trace: [ 372.942713][T11187] [ 372.942724][T11187] dump_stack_lvl+0x100/0x190 [ 372.942763][T11187] should_fail_ex.cold+0x5/0xa [ 372.942813][T11187] get_futex_key+0x1d2/0x1620 [ 372.942853][T11187] ? __pfx_get_futex_key+0x10/0x10 [ 372.942885][T11187] ? uart_ioctl+0x2ad/0x2f00 [ 372.942919][T11187] ? __pfx_uart_ioctl+0x10/0x10 [ 372.942970][T11187] futex_wake+0xea/0x530 [ 372.943020][T11187] ? __pfx_futex_wake+0x10/0x10 [ 372.943063][T11187] ? tty_jobctrl_ioctl+0x152/0xce0 [ 372.943097][T11187] ? __pfx_uart_ioctl+0x10/0x10 [ 372.943137][T11187] ? tty_ioctl+0x345/0x1690 [ 372.943196][T11187] do_futex+0x32b/0x350 [ 372.943239][T11187] ? __pfx_do_futex+0x10/0x10 [ 372.943280][T11187] ? find_held_lock+0x2b/0x80 [ 372.943314][T11187] __x64_sys_futex+0x34f/0x4d0 [ 372.943355][T11187] ? __fget_files+0x21f/0x3d0 [ 372.943385][T11187] ? __pfx___x64_sys_futex+0x10/0x10 [ 372.943432][T11187] ? fput+0x79/0x100 [ 372.943477][T11187] do_syscall_64+0xc9/0xf80 [ 372.943515][T11187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 372.943544][T11187] RIP: 0033:0x7f4ba079aeb9 [ 372.943567][T11187] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 372.943589][T11187] RSP: 002b:00007f4ba16e70e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 372.943612][T11187] RAX: ffffffffffffffda RBX: 00007f4ba0a15fa8 RCX: 00007f4ba079aeb9 [ 372.943628][T11187] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f4ba0a15fac [ 372.943642][T11187] RBP: 00007f4ba0a15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 372.943656][T11187] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 372.943669][T11187] R13: 00007f4ba0a16038 R14: 00007ffe79d6aac0 R15: 00007ffe79d6aba8 [ 372.943700][T11187] [ 373.225677][T11193] input input17: cannot allocate more than FF_MAX_EFFECTS effects [ 373.600949][T11202] openvswitch: netlink: Flow key attribute not present in set flow. [ 374.015745][T11211] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input18 [ 374.122188][T11111] Bluetooth: hci3: command 0x0c1a tx timeout [ 374.128431][ T7481] Bluetooth: hci1: command 0x0c1a tx timeout [ 374.134754][ T7497] Bluetooth: hci0: command 0x0c1a tx timeout [ 374.282643][T11111] Bluetooth: hci2: command 0x0c1a tx timeout [ 374.660016][T11224] netlink: 684 bytes leftover after parsing attributes in process `syz.3.1227'. [ 374.717225][T11224] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 374.783744][T11224] FAULT_INJECTION: forcing a failure. [ 374.783744][T11224] name failslab, interval 1, probability 0, space 0, times 0 [ 374.904772][T11224] CPU: 0 UID: 0 PID: 11224 Comm: syz.3.1227 Tainted: G L syzkaller #0 PREEMPT(full) [ 374.904814][T11224] Tainted: [L]=SOFTLOCKUP [ 374.904823][T11224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 374.904838][T11224] Call Trace: [ 374.904846][T11224] [ 374.904857][T11224] dump_stack_lvl+0x100/0x190 [ 374.904893][T11224] should_fail_ex.cold+0x5/0xa [ 374.904934][T11224] should_failslab+0xc2/0x120 [ 374.904974][T11224] ? lsm_blob_alloc+0x68/0x90 [ 374.905001][T11224] __kmalloc_noprof+0xf6/0x9c0 [ 374.905037][T11224] ? lsm_blob_alloc+0x68/0x90 [ 374.905064][T11224] lsm_blob_alloc+0x68/0x90 [ 374.905092][T11224] security_sk_alloc+0x2d/0x290 [ 374.905139][T11224] sk_prot_alloc+0x1d1/0x2a0 [ 374.905166][T11224] sk_alloc+0x36/0xe80 [ 374.905195][T11224] qrtr_create+0x84/0x1d0 [ 374.905232][T11224] __sock_create+0x339/0x860 [ 374.905269][T11224] __sys_socket+0x14d/0x260 [ 374.905300][T11224] ? __pfx___sys_socket+0x10/0x10 [ 374.905331][T11224] ? xfd_validate_state+0x129/0x190 [ 374.905371][T11224] ? __task_pid_nr_ns+0x1f5/0x500 [ 374.905420][T11224] __x64_sys_socket+0x72/0xb0 [ 374.905450][T11224] ? lockdep_hardirqs_on+0x78/0x100 [ 374.905484][T11224] do_syscall_64+0xc9/0xf80 [ 374.905520][T11224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 374.905550][T11224] RIP: 0033:0x7f487939aeb9 [ 374.905573][T11224] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 374.905600][T11224] RSP: 002b:00007f487a1f7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 374.905629][T11224] RAX: ffffffffffffffda RBX: 00007f4879615fa0 RCX: 00007f487939aeb9 [ 374.905649][T11224] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 000000000000002a [ 374.905665][T11224] RBP: 00007f4879408c1f R08: 0000000000000000 R09: 0000000000000000 [ 374.905683][T11224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 374.905699][T11224] R13: 00007f4879616038 R14: 00007f4879615fa0 R15: 00007fffd1032878 [ 374.905738][T11224] [ 376.113266][T11260] binder: 11259:11260 ioctl 4018620d ffffffffffffffff returned -22 [ 377.449456][T11289] netlink: 334 bytes leftover after parsing attributes in process `syz.3.1240'. [ 377.965742][T11265] Process accounting paused [ 379.623938][T11329] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1250'. [ 380.017638][T11339] ubi0: detaching mtd0 [ 380.064196][T11345] Bluetooth: hci4: Frame reassembly failed (-84) [ 380.085702][T11339] ubi0: mtd0 is detached [ 380.102222][T11342] netlink: 318 bytes leftover after parsing attributes in process `syz.0.1253'. [ 380.205772][T11352] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1254'. [ 380.274957][T11354] FAULT_INJECTION: forcing a failure. [ 380.274957][T11354] name failslab, interval 1, probability 0, space 0, times 0 [ 380.289507][T11354] CPU: 1 UID: 0 PID: 11354 Comm: syz.1.1254 Tainted: G L syzkaller #0 PREEMPT(full) [ 380.289554][T11354] Tainted: [L]=SOFTLOCKUP [ 380.289564][T11354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 380.289581][T11354] Call Trace: [ 380.289591][T11354] [ 380.289602][T11354] dump_stack_lvl+0x100/0x190 [ 380.289645][T11354] should_fail_ex.cold+0x5/0xa [ 380.289694][T11354] should_failslab+0xc2/0x120 [ 380.289732][T11354] ? tomoyo_realpath_from_path+0xb6/0x690 [ 380.289762][T11354] __kmalloc_noprof+0xf6/0x9c0 [ 380.289790][T11354] ? kfree+0x2a9/0x690 [ 380.289829][T11354] ? tomoyo_realpath_from_path+0xb6/0x690 [ 380.289860][T11354] tomoyo_realpath_from_path+0xb6/0x690 [ 380.289899][T11354] tomoyo_check_open_permission+0x2af/0x3c0 [ 380.289945][T11354] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 380.290031][T11354] ? do_raw_spin_lock+0x128/0x260 [ 380.290076][T11354] ? path_get+0x61/0x80 [ 380.290117][T11354] tomoyo_file_open+0x6b/0x90 [ 380.290165][T11354] security_file_open+0xb5/0x1e0 [ 380.290194][T11354] do_dentry_open+0x58c/0x1570 [ 380.290233][T11354] ? security_inode_permission+0xbf/0x250 [ 380.290284][T11354] vfs_open+0x82/0x3f0 [ 380.290333][T11354] path_openat+0x21dc/0x3120 [ 380.290381][T11354] ? __pfx_path_openat+0x10/0x10 [ 380.290433][T11354] do_filp_open+0x1f7/0x420 [ 380.290471][T11354] ? __pfx_do_filp_open+0x10/0x10 [ 380.290539][T11354] ? _raw_spin_unlock+0x28/0x50 [ 380.290567][T11354] ? alloc_fd+0x476/0x790 [ 380.290613][T11354] do_sys_openat2+0x12e/0x220 [ 380.290658][T11354] ? __pfx_do_sys_openat2+0x10/0x10 [ 380.290723][T11354] __x64_sys_openat+0x12d/0x210 [ 380.290769][T11354] ? __pfx___x64_sys_openat+0x10/0x10 [ 380.290814][T11354] ? xfd_validate_state+0x129/0x190 [ 380.290877][T11354] do_syscall_64+0xc9/0xf80 [ 380.290917][T11354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 380.290948][T11354] RIP: 0033:0x7fe9cab9aeb9 [ 380.290973][T11354] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 380.291001][T11354] RSP: 002b:00007fe9cba7c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 380.291031][T11354] RAX: ffffffffffffffda RBX: 00007fe9cae16090 RCX: 00007fe9cab9aeb9 [ 380.291051][T11354] RDX: 0000000000101840 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 380.291070][T11354] RBP: 00007fe9cac08c1f R08: 0000000000000000 R09: 0000000000000000 [ 380.291088][T11354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 380.291106][T11354] R13: 00007fe9cae16128 R14: 00007fe9cae16090 R15: 00007ffd6cd0cda8 [ 380.291155][T11354] [ 380.291168][T11354] ERROR: Out of memory at tomoyo_realpath_from_path. [ 380.889714][T11358] can: request_module (can-proto-3) failed. [ 381.167373][T11367] FAULT_INJECTION: forcing a failure. [ 381.167373][T11367] name failslab, interval 1, probability 0, space 0, times 0 [ 381.239407][T11367] CPU: 0 UID: 0 PID: 11367 Comm: syz.0.1257 Tainted: G L syzkaller #0 PREEMPT(full) [ 381.239440][T11367] Tainted: [L]=SOFTLOCKUP [ 381.239446][T11367] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 381.239457][T11367] Call Trace: [ 381.239463][T11367] [ 381.239471][T11367] dump_stack_lvl+0x100/0x190 [ 381.239497][T11367] should_fail_ex.cold+0x5/0xa [ 381.239526][T11367] should_failslab+0xc2/0x120 [ 381.239553][T11367] ? tomoyo_realpath_from_path+0xb6/0x690 [ 381.239571][T11367] __kmalloc_noprof+0xf6/0x9c0 [ 381.239589][T11367] ? kfree+0x2a9/0x690 [ 381.239610][T11367] ? tomoyo_realpath_from_path+0xb6/0x690 [ 381.239628][T11367] tomoyo_realpath_from_path+0xb6/0x690 [ 381.239651][T11367] tomoyo_check_open_permission+0x2af/0x3c0 [ 381.239680][T11367] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 381.239727][T11367] ? do_raw_spin_lock+0x128/0x260 [ 381.239757][T11367] ? path_get+0x61/0x80 [ 381.239783][T11367] tomoyo_file_open+0x6b/0x90 [ 381.239805][T11367] security_file_open+0xb5/0x1e0 [ 381.239823][T11367] do_dentry_open+0x58c/0x1570 [ 381.239846][T11367] ? security_inode_permission+0xbf/0x250 [ 381.239876][T11367] vfs_open+0x82/0x3f0 [ 381.239904][T11367] path_openat+0x21dc/0x3120 [ 381.239932][T11367] ? __pfx_path_openat+0x10/0x10 [ 381.239961][T11367] do_filp_open+0x1f7/0x420 [ 381.239984][T11367] ? __pfx_do_filp_open+0x10/0x10 [ 381.240021][T11367] ? _raw_spin_unlock+0x28/0x50 [ 381.240038][T11367] ? alloc_fd+0x476/0x790 [ 381.240064][T11367] do_sys_openat2+0x12e/0x220 [ 381.240099][T11367] ? __pfx_do_sys_openat2+0x10/0x10 [ 381.240134][T11367] __x64_sys_openat+0x12d/0x210 [ 381.240163][T11367] ? __pfx___x64_sys_openat+0x10/0x10 [ 381.240200][T11367] do_syscall_64+0xc9/0xf80 [ 381.240223][T11367] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.240242][T11367] RIP: 0033:0x7f4ba079aeb9 [ 381.240257][T11367] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 381.240274][T11367] RSP: 002b:00007f4ba16e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 381.240292][T11367] RAX: ffffffffffffffda RBX: 00007f4ba0a15fa0 RCX: 00007f4ba079aeb9 [ 381.240304][T11367] RDX: 0000000000000100 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 381.240314][T11367] RBP: 00007f4ba0808c1f R08: 0000000000000000 R09: 0000000000000000 [ 381.240325][T11367] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 381.240335][T11367] R13: 00007f4ba0a16038 R14: 00007f4ba0a15fa0 R15: 00007ffe79d6aba8 [ 381.240357][T11367] [ 381.240365][T11367] ERROR: Out of memory at tomoyo_realpath_from_path. [ 381.611791][T11376] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f004e5d3 pfn:0x78000 [ 381.758789][T11376] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 381.889944][T11376] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 381.959871][T11376] raw: 00000007f004e5d3 0000000000000000 0000000400000002 0000000000000000 [ 381.991382][T11376] page dumped because: unmovable page [ 382.005663][T11376] page_owner tracks the page as allocated [ 382.077196][T11376] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 92758054086, free_ts 92500227407 [ 382.218926][T11376] post_alloc_hook+0x1e1/0x250 [ 382.224266][T11376] get_page_from_freelist+0xe3d/0x2e10 [ 382.294720][T11376] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 382.339650][T11376] alloc_pages_mpol+0x1fb/0x550 [ 382.409024][T11376] alloc_pages_noprof+0x131/0x390 [ 382.440473][T11376] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 382.446544][T11376] vmalloc_user_noprof+0x9e/0xe0 [ 382.474521][T11376] kcov_ioctl+0x4c/0x720 [ 382.491626][T11376] __x64_sys_ioctl+0x18e/0x210 [ 382.531384][T11376] do_syscall_64+0xc9/0xf80 [ 382.557586][T11376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.573382][T11376] page last free pid 5811 tgid 5811 stack trace: [ 382.591251][T11376] free_unref_folios+0xb2a/0x1760 [ 382.596362][T11376] folios_put_refs+0x53c/0x840 [ 382.603932][T11376] free_pages_and_swap_cache+0x242/0x480 [ 382.619928][T11376] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 382.631325][T11376] tlb_finish_mmu+0x1b0/0x810 [ 382.636118][T11376] vms_clear_ptes+0x55c/0x790 [ 382.650476][T11376] vms_complete_munmap_vmas+0x1cf/0x970 [ 382.660779][T11376] do_vmi_align_munmap+0x44f/0x5f0 [ 382.667582][T11376] do_vmi_munmap+0x1f8/0x3e0 [ 382.672744][T11376] __vm_munmap+0x196/0x390 [ 382.677315][T11376] __x64_sys_munmap+0x59/0x80 [ 382.684974][T11376] do_syscall_64+0xc9/0xf80 [ 382.689675][T11376] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.844101][T11391] netlink: 334 bytes leftover after parsing attributes in process `syz.2.1261'. [ 383.072315][T11399] GUP no longer grows the stack in syz.2.1263 (11399): 5000-401000 (4000) [ 383.090862][T11399] CPU: 1 UID: 0 PID: 11399 Comm: syz.2.1263 Tainted: G L syzkaller #0 PREEMPT(full) [ 383.090912][T11399] Tainted: [L]=SOFTLOCKUP [ 383.090922][T11399] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 383.090938][T11399] Call Trace: [ 383.090948][T11399] [ 383.090958][T11399] dump_stack_lvl+0x100/0x190 [ 383.091000][T11399] gup_vma_lookup.cold+0x83/0x96 [ 383.091042][T11399] __get_user_pages+0x241/0x34d0 [ 383.091096][T11399] ? find_held_lock+0x2b/0x80 [ 383.091125][T11399] ? mtree_load+0x311/0xa40 [ 383.091156][T11399] ? __pfx___get_user_pages+0x10/0x10 [ 383.091214][T11399] get_user_pages_remote+0x3d2/0xb10 [ 383.091266][T11399] ? __pfx_get_user_pages_remote+0x10/0x10 [ 383.091325][T11399] ? noop_dirty_folio+0x98/0x160 [ 383.091379][T11399] __access_remote_vm+0x3ba/0xa70 [ 383.091429][T11399] ? __pfx___access_remote_vm+0x10/0x10 [ 383.091480][T11399] mem_rw+0x20a/0x640 [ 383.091517][T11399] ? __pfx_mem_write+0x10/0x10 [ 383.091543][T11399] vfs_writev+0x5ea/0xe10 [ 383.091584][T11399] ? __pfx_vfs_writev+0x10/0x10 [ 383.091611][T11399] ? fdget_pos+0x2aa/0x380 [ 383.091674][T11399] ? __fget_files+0x21f/0x3d0 [ 383.091719][T11399] ? do_writev+0x13e/0x340 [ 383.091747][T11399] do_writev+0x13e/0x340 [ 383.091780][T11399] ? __pfx_do_writev+0x10/0x10 [ 383.091824][T11399] do_syscall_64+0xc9/0xf80 [ 383.091864][T11399] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.091894][T11399] RIP: 0033:0x7f665bb9aeb9 [ 383.091918][T11399] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 383.091947][T11399] RSP: 002b:00007f665c9df028 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 383.091975][T11399] RAX: ffffffffffffffda RBX: 00007f665be15fa0 RCX: 00007f665bb9aeb9 [ 383.091994][T11399] RDX: 0000000000000008 RSI: 0000200000000180 RDI: 0000000000000003 [ 383.092012][T11399] RBP: 00007f665bc08c1f R08: 0000000000000000 R09: 0000000000000000 [ 383.092029][T11399] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 383.092047][T11399] R13: 00007f665be16038 R14: 00007f665be15fa0 R15: 00007fff4ba0e128 [ 383.092089][T11399] [ 383.846178][T11418] __vm_enough_memory: pid: 11418, comm: syz.1.1267, bytes: 4398046511104 not enough memory for the allocation [ 384.057017][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 384.063571][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 384.687561][T11444] netlink: 334 bytes leftover after parsing attributes in process `syz.1.1272'. [ 384.908414][ T30] audit: type=1800 audit(1769897201.000:7): pid=11449 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1274" name="version" dev="configfs" ino=38671 res=0 errno=0 [ 385.190131][T11449] zswap: compressor û not available [ 385.324371][T11462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1276'. [ 387.415716][T11492] Invalid ELF header magic: != ELF [ 387.437207][T11497] FAULT_INJECTION: forcing a failure. [ 387.437207][T11497] name failslab, interval 1, probability 0, space 0, times 0 [ 387.605458][T11497] CPU: 1 UID: 0 PID: 11497 Comm: syz.2.1282 Tainted: G L syzkaller #0 PREEMPT(full) [ 387.605509][T11497] Tainted: [L]=SOFTLOCKUP [ 387.605519][T11497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 387.605537][T11497] Call Trace: [ 387.605547][T11497] [ 387.605558][T11497] dump_stack_lvl+0x100/0x190 [ 387.605597][T11497] should_fail_ex.cold+0x5/0xa [ 387.605642][T11497] should_failslab+0xc2/0x120 [ 387.605681][T11497] ? tomoyo_realpath_from_path+0xb6/0x690 [ 387.605710][T11497] __kmalloc_noprof+0xf6/0x9c0 [ 387.605740][T11497] ? kfree+0x2a9/0x690 [ 387.605776][T11497] ? tomoyo_realpath_from_path+0xb6/0x690 [ 387.605804][T11497] tomoyo_realpath_from_path+0xb6/0x690 [ 387.605841][T11497] tomoyo_check_open_permission+0x2af/0x3c0 [ 387.605884][T11497] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 387.605966][T11497] ? do_raw_spin_lock+0x128/0x260 [ 387.606009][T11497] ? path_get+0x61/0x80 [ 387.606050][T11497] tomoyo_file_open+0x6b/0x90 [ 387.606082][T11497] security_file_open+0xb5/0x1e0 [ 387.606110][T11497] do_dentry_open+0x58c/0x1570 [ 387.606147][T11497] ? security_inode_permission+0xbf/0x250 [ 387.606200][T11497] vfs_open+0x82/0x3f0 [ 387.606257][T11497] path_openat+0x21dc/0x3120 [ 387.606304][T11497] ? __pfx_path_openat+0x10/0x10 [ 387.606351][T11497] do_filp_open+0x1f7/0x420 [ 387.606388][T11497] ? __pfx_do_filp_open+0x10/0x10 [ 387.606450][T11497] ? _raw_spin_unlock+0x28/0x50 [ 387.606480][T11497] ? alloc_fd+0x476/0x790 [ 387.606527][T11497] do_sys_openat2+0x12e/0x220 [ 387.606574][T11497] ? __pfx_do_sys_openat2+0x10/0x10 [ 387.606636][T11497] __x64_sys_openat+0x12d/0x210 [ 387.606680][T11497] ? __pfx___x64_sys_openat+0x10/0x10 [ 387.606723][T11497] ? xfd_validate_state+0x129/0x190 [ 387.606786][T11497] do_syscall_64+0xc9/0xf80 [ 387.606827][T11497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 387.606858][T11497] RIP: 0033:0x7f665bb9aeb9 [ 387.606883][T11497] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 387.606912][T11497] RSP: 002b:00007f665c9be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 387.606942][T11497] RAX: ffffffffffffffda RBX: 00007f665be16090 RCX: 00007f665bb9aeb9 [ 387.606962][T11497] RDX: 0000000000000001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 387.606980][T11497] RBP: 00007f665bc08c1f R08: 0000000000000000 R09: 0000000000000000 [ 387.606996][T11497] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 387.607010][T11497] R13: 00007f665be16128 R14: 00007f665be16090 R15: 00007fff4ba0e128 [ 387.607044][T11497] [ 387.607054][T11497] ERROR: Out of memory at tomoyo_realpath_from_path. [ 388.545841][T11517] Invalid ELF header magic: != ELF [ 389.511773][T11529] FAULT_INJECTION: forcing a failure. [ 389.511773][T11529] name failslab, interval 1, probability 0, space 0, times 0 [ 389.565688][T11529] CPU: 0 UID: 0 PID: 11529 Comm: syz.1.1288 Tainted: G L syzkaller #0 PREEMPT(full) [ 389.565743][T11529] Tainted: [L]=SOFTLOCKUP [ 389.565753][T11529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 389.565770][T11529] Call Trace: [ 389.565781][T11529] [ 389.565794][T11529] dump_stack_lvl+0x100/0x190 [ 389.565835][T11529] should_fail_ex.cold+0x5/0xa [ 389.565884][T11529] should_failslab+0xc2/0x120 [ 389.565926][T11529] kmem_cache_alloc_noprof+0x83/0x780 [ 389.565969][T11529] ? mas_alloc_nodes+0x280/0x390 [ 389.566007][T11529] ? mas_alloc_nodes+0x280/0x390 [ 389.566034][T11529] mas_alloc_nodes+0x280/0x390 [ 389.566067][T11529] mas_preallocate+0x39c/0xf10 [ 389.566114][T11529] ? __pfx_mas_preallocate+0x10/0x10 [ 389.566164][T11529] ? __asan_memset+0x23/0x50 [ 389.566197][T11529] ? init_multi_vma_prep+0x33c/0x650 [ 389.566233][T11529] commit_merge+0x3e3/0xbd0 [ 389.566272][T11529] ? __pfx_commit_merge+0x10/0x10 [ 389.566304][T11529] ? __tlb_batch_free_encoded_pages+0x157/0x280 [ 389.566353][T11529] ? tlb_finish_mmu+0x2bf/0x810 [ 389.566392][T11529] vma_expand+0x7c3/0xd50 [ 389.566430][T11529] ? __pfx_vms_clear_ptes+0x10/0x10 [ 389.566463][T11529] ? __pfx_vma_expand+0x10/0x10 [ 389.566499][T11529] ? can_vma_merge_right+0xa5/0x530 [ 389.566539][T11529] vma_merge_new_range+0x2ce/0xa30 [ 389.566572][T11529] ? __sanitizer_cov_trace_const_cmp2+0x1/0x20 [ 389.566613][T11529] __mmap_region+0x85d/0x2820 [ 389.566656][T11529] ? __pfx___mmap_region+0x10/0x10 [ 389.566721][T11529] ? finish_task_switch.isra.0+0x204/0xb70 [ 389.566756][T11529] ? lockdep_hardirqs_on+0x78/0x100 [ 389.566790][T11529] ? finish_task_switch.isra.0+0x204/0xb70 [ 389.566896][T11529] ? rcu_is_watching+0x12/0xc0 [ 389.566939][T11529] mmap_region+0x180/0x3e0 [ 389.566984][T11529] do_mmap+0xc63/0x12f0 [ 389.567036][T11529] ? __pfx_do_mmap+0x10/0x10 [ 389.567080][T11529] ? __pfx_down_write_killable+0x10/0x10 [ 389.567131][T11529] vm_mmap_pgoff+0x29e/0x470 [ 389.567185][T11529] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 389.567231][T11529] ? __fget_files+0x21f/0x3d0 [ 389.567270][T11529] ? __x64_sys_futex+0x34f/0x4d0 [ 389.567315][T11529] ? __x64_sys_futex+0x358/0x4d0 [ 389.567358][T11529] ksys_mmap_pgoff+0x7d/0x5b0 [ 389.567405][T11529] __x64_sys_mmap+0x125/0x190 [ 389.567438][T11529] do_syscall_64+0xc9/0xf80 [ 389.567474][T11529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 389.567504][T11529] RIP: 0033:0x7fe9cab9aeb9 [ 389.567530][T11529] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 389.567557][T11529] RSP: 002b:00007fe9cba9d028 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 389.567586][T11529] RAX: ffffffffffffffda RBX: 00007fe9cae15fa0 RCX: 00007fe9cab9aeb9 [ 389.567606][T11529] RDX: 00000000000000df RSI: 0000000000000007 RDI: 0000000000000000 [ 389.567624][T11529] RBP: 00007fe9cac08c1f R08: 0000000000000002 R09: 0000000000008000 [ 389.567641][T11529] R10: 0000000000009b72 R11: 0000000000000246 R12: 0000000000000000 [ 389.567657][T11529] R13: 00007fe9cae16038 R14: 00007fe9cae15fa0 R15: 00007ffd6cd0cda8 [ 389.567698][T11529] [ 390.401380][T11111] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 392.736511][T11557] netlink: 342 bytes leftover after parsing attributes in process `syz.1.1296'. [ 394.920608][T11605] zram0: detected capacity change from 0 to 8 [ 395.127770][T11615] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1312'. [ 395.978816][T11623] FAULT_INJECTION: forcing a failure. [ 395.978816][T11623] name failslab, interval 1, probability 0, space 0, times 0 [ 395.993197][T11623] CPU: 0 UID: 0 PID: 11623 Comm: syz.0.1314 Tainted: G L syzkaller #0 PREEMPT(full) [ 395.993231][T11623] Tainted: [L]=SOFTLOCKUP [ 395.993237][T11623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 395.993256][T11623] Call Trace: [ 395.993263][T11623] [ 395.993270][T11623] dump_stack_lvl+0x100/0x190 [ 395.993296][T11623] should_fail_ex.cold+0x5/0xa [ 395.993327][T11623] should_failslab+0xc2/0x120 [ 395.993353][T11623] ? constrain_params_by_rules+0x175/0xcc0 [ 395.993377][T11623] __kmalloc_noprof+0xf6/0x9c0 [ 395.993395][T11623] ? __kernel_text_address+0xd/0x30 [ 395.993423][T11623] ? unwind_get_return_address+0x59/0xa0 [ 395.993445][T11623] ? look_up_lock_class+0x55/0x120 [ 395.993470][T11623] ? constrain_params_by_rules+0x175/0xcc0 [ 395.993501][T11623] constrain_params_by_rules+0x175/0xcc0 [ 395.993549][T11623] ? __pfx_stack_trace_save+0x10/0x10 [ 395.993589][T11623] ? __pfx_constrain_params_by_rules+0x10/0x10 [ 395.993631][T11623] ? __mutex_lock+0x26a/0x1b90 [ 395.993654][T11623] ? snd_interval_refine+0x2d0/0x580 [ 395.993673][T11623] snd_pcm_hw_refine+0x7e7/0xad0 [ 395.993701][T11623] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 395.993731][T11623] ? do_raw_spin_lock+0x128/0x260 [ 395.993761][T11623] ? mark_held_locks+0x40/0x70 [ 395.993787][T11623] snd_pcm_hw_params+0x3f1/0x1cb0 [ 395.993813][T11623] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 395.993839][T11623] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 395.993864][T11623] ? snd_pcm_hw_param_near.constprop.0+0x573/0x850 [ 395.993886][T11623] ? snd_pcm_hw_param_near.constprop.0+0x578/0x850 [ 395.993912][T11623] ? __pfx_snd_pcm_hw_param_near.constprop.0+0x10/0x10 [ 395.993938][T11623] snd_pcm_kernel_ioctl+0x167/0x2e0 [ 395.993967][T11623] snd_pcm_oss_change_params_locked+0x1973/0x39f0 [ 395.994004][T11623] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 395.994044][T11623] snd_pcm_oss_make_ready_locked+0xb7/0x130 [ 395.994069][T11623] snd_pcm_oss_sync+0x265/0x840 [ 395.994095][T11623] snd_pcm_oss_release+0x238/0x300 [ 395.994117][T11623] ? __pfx_snd_pcm_oss_release+0x10/0x10 [ 395.994140][T11623] __fput+0x3ff/0xb40 [ 395.994170][T11623] task_work_run+0x150/0x240 [ 395.994198][T11623] ? __pfx_task_work_run+0x10/0x10 [ 395.994232][T11623] exit_to_user_mode_loop+0x100/0x4b0 [ 395.994266][T11623] ? rcu_is_watching+0x12/0xc0 [ 395.994285][T11623] do_syscall_64+0x4ea/0xf80 [ 395.994310][T11623] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 395.994329][T11623] RIP: 0033:0x7f4ba079aeb9 [ 395.994345][T11623] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 395.994362][T11623] RSP: 002b:00007f4ba16e7028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 395.994380][T11623] RAX: 0000000000000000 RBX: 00007f4ba0a15fa0 RCX: 00007f4ba079aeb9 [ 395.994391][T11623] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 395.994401][T11623] RBP: 00007f4ba0808c1f R08: 0000000000000000 R09: 0000000000000000 [ 395.994411][T11623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 395.994422][T11623] R13: 00007f4ba0a16038 R14: 00007f4ba0a15fa0 R15: 00007ffe79d6aba8 [ 395.994444][T11623] [ 397.079313][T11654] FAULT_INJECTION: forcing a failure. [ 397.079313][T11654] name failslab, interval 1, probability 0, space 0, times 0 [ 397.092968][T11654] CPU: 1 UID: 0 PID: 11654 Comm: syz.0.1323 Tainted: G L syzkaller #0 PREEMPT(full) [ 397.093020][T11654] Tainted: [L]=SOFTLOCKUP [ 397.093031][T11654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 397.093048][T11654] Call Trace: [ 397.093059][T11654] [ 397.093070][T11654] dump_stack_lvl+0x100/0x190 [ 397.093112][T11654] should_fail_ex.cold+0x5/0xa [ 397.093157][T11654] should_failslab+0xc2/0x120 [ 397.093207][T11654] kmem_cache_alloc_noprof+0x83/0x780 [ 397.093246][T11654] ? getname_flags.part.0+0x4c/0x540 [ 397.093297][T11654] ? getname_flags.part.0+0x4c/0x540 [ 397.093339][T11654] getname_flags.part.0+0x4c/0x540 [ 397.093384][T11654] getname_flags+0x93/0xf0 [ 397.093415][T11654] do_sys_openat2+0xc5/0x220 [ 397.093458][T11654] ? __pfx_do_sys_openat2+0x10/0x10 [ 397.093516][T11654] __x64_sys_openat+0x12d/0x210 [ 397.093562][T11654] ? __pfx___x64_sys_openat+0x10/0x10 [ 397.093605][T11654] ? xfd_validate_state+0x129/0x190 [ 397.093663][T11654] do_syscall_64+0xc9/0xf80 [ 397.093701][T11654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.093730][T11654] RIP: 0033:0x7f4ba079aeb9 [ 397.093755][T11654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 397.093783][T11654] RSP: 002b:00007f4ba16e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 397.093812][T11654] RAX: ffffffffffffffda RBX: 00007f4ba0a15fa0 RCX: 00007f4ba079aeb9 [ 397.093832][T11654] RDX: 0000000000000080 RSI: 0000200000000280 RDI: ffffffffffffff9c [ 397.093849][T11654] RBP: 00007f4ba0808c1f R08: 0000000000000000 R09: 0000000000000000 [ 397.093867][T11654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 397.093884][T11654] R13: 00007f4ba0a16038 R14: 00007f4ba0a15fa0 R15: 00007ffe79d6aba8 [ 397.093926][T11654] [ 398.622698][T11700] FAULT_INJECTION: forcing a failure. [ 398.622698][T11700] name failslab, interval 1, probability 0, space 0, times 0 [ 398.652752][T11700] CPU: 0 UID: 0 PID: 11700 Comm: syz.0.1329 Tainted: G L syzkaller #0 PREEMPT(full) [ 398.652800][T11700] Tainted: [L]=SOFTLOCKUP [ 398.652810][T11700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 398.652825][T11700] Call Trace: [ 398.652835][T11700] [ 398.652847][T11700] dump_stack_lvl+0x100/0x190 [ 398.652888][T11700] should_fail_ex.cold+0x5/0xa [ 398.652934][T11700] should_failslab+0xc2/0x120 [ 398.652975][T11700] kmem_cache_alloc_noprof+0x83/0x780 [ 398.653025][T11700] ? d_instantiate+0x90/0xb0 [ 398.653060][T11700] ? alloc_empty_file+0x55/0x1c0 [ 398.653108][T11700] ? alloc_empty_file+0x55/0x1c0 [ 398.653148][T11700] alloc_empty_file+0x55/0x1c0 [ 398.653199][T11700] alloc_file_pseudo+0x13a/0x230 [ 398.653245][T11700] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 398.653287][T11700] ? alloc_fd+0x476/0x790 [ 398.653327][T11700] sock_alloc_file+0x50/0x210 [ 398.653375][T11700] __sys_socket+0x1c0/0x260 [ 398.653409][T11700] ? __pfx___sys_socket+0x10/0x10 [ 398.653454][T11700] __x64_sys_socket+0x72/0xb0 [ 398.653485][T11700] ? lockdep_hardirqs_on+0x78/0x100 [ 398.653519][T11700] do_syscall_64+0xc9/0xf80 [ 398.653555][T11700] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 398.653584][T11700] RIP: 0033:0x7f4ba079aeb9 [ 398.653609][T11700] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 398.653636][T11700] RSP: 002b:00007f4ba16a5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 398.653664][T11700] RAX: ffffffffffffffda RBX: 00007f4ba0a16180 RCX: 00007f4ba079aeb9 [ 398.653683][T11700] RDX: 0000000000000088 RSI: 0000000000000002 RDI: 000000000000000a [ 398.653698][T11700] RBP: 00007f4ba0808c1f R08: 0000000000000000 R09: 0000000000000000 [ 398.653716][T11700] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 398.653732][T11700] R13: 00007f4ba0a16218 R14: 00007f4ba0a16180 R15: 00007ffe79d6aba8 [ 398.653759][T11700] [ 400.980711][ T7542] [drm:drm_crtc_add_crc_entry] *ERROR* Overflow of CRC buffer, userspace reads too slow. [ 402.724117][T11721] zswap: compressor not available [ 402.774833][ T7481] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 402.785863][ T7481] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 402.794815][ T7481] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 402.803020][ T7481] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 402.812386][ T7481] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 403.278894][T11729] chnl_net:caif_netlink_parms(): no params data found [ 403.608662][T11729] bridge0: port 1(bridge_slave_0) entered blocking state [ 403.646090][T11729] bridge0: port 1(bridge_slave_0) entered disabled state [ 403.674188][T11729] bridge_slave_0: entered allmulticast mode [ 403.707733][T11729] bridge_slave_0: entered promiscuous mode [ 403.754493][T11729] bridge0: port 2(bridge_slave_1) entered blocking state [ 403.778039][T11729] bridge0: port 2(bridge_slave_1) entered disabled state [ 403.791418][T11729] bridge_slave_1: entered allmulticast mode [ 403.809238][T11111] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 403.813729][T11729] bridge_slave_1: entered promiscuous mode [ 403.831587][T11111] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 403.842111][T11111] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 403.850397][T11111] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 403.861462][T11111] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 403.937637][T11729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 403.993195][T11729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 404.152256][T11729] team0: Port device team_slave_0 added [ 404.227052][T11729] team0: Port device team_slave_1 added [ 404.338072][T11729] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 404.351949][T11729] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 404.407825][T11729] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 404.439518][T11729] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 404.455740][T11729] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 404.523520][T11729] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 404.686550][T11729] hsr_slave_0: entered promiscuous mode [ 404.703557][T11729] hsr_slave_1: entered promiscuous mode [ 404.745545][T11729] debugfs: 'hsr0' already exists in 'hsr' [ 404.765488][T11729] Cannot create hsr debugfs directory [ 404.841373][T11111] Bluetooth: hci4: command tx timeout [ 405.185225][T11742] chnl_net:caif_netlink_parms(): no params data found [ 405.757177][T11742] bridge0: port 1(bridge_slave_0) entered blocking state [ 405.771377][T11742] bridge0: port 1(bridge_slave_0) entered disabled state [ 405.778684][T11742] bridge_slave_0: entered allmulticast mode [ 405.803372][T11742] bridge_slave_0: entered promiscuous mode [ 405.858501][T11742] bridge0: port 2(bridge_slave_1) entered blocking state [ 405.882161][T11742] bridge0: port 2(bridge_slave_1) entered disabled state [ 405.889578][T11742] bridge_slave_1: entered allmulticast mode [ 405.905697][T11742] bridge_slave_1: entered promiscuous mode [ 405.961814][T11111] Bluetooth: hci5: command tx timeout [ 406.139468][T11742] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 406.166036][T11742] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 406.278165][T11729] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 406.315479][T11729] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 406.348638][T11742] team0: Port device team_slave_0 added [ 406.486364][T11729] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 406.516676][T11742] team0: Port device team_slave_1 added [ 406.544431][T11729] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 406.677997][T11742] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 406.697581][T11742] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 406.758105][T11742] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 406.807785][T11742] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 406.834770][T11742] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 406.862753][T11742] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 406.921427][T11111] Bluetooth: hci4: command tx timeout [ 407.067802][T11742] hsr_slave_0: entered promiscuous mode [ 407.088984][T11742] hsr_slave_1: entered promiscuous mode [ 407.120239][T11742] debugfs: 'hsr0' already exists in 'hsr' [ 407.129348][T11742] Cannot create hsr debugfs directory [ 407.567206][T11729] 8021q: adding VLAN 0 to HW filter on device bond0 [ 407.685421][T11729] 8021q: adding VLAN 0 to HW filter on device team0 [ 407.736039][T10584] bridge0: port 1(bridge_slave_0) entered blocking state [ 407.743290][T10584] bridge0: port 1(bridge_slave_0) entered forwarding state [ 407.756017][T10584] bridge0: port 2(bridge_slave_1) entered blocking state [ 407.763316][T10584] bridge0: port 2(bridge_slave_1) entered forwarding state [ 407.904632][T11742] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 408.041783][T11111] Bluetooth: hci5: command tx timeout [ 408.046605][T11742] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 408.129081][T11742] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 408.164770][T11742] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 408.567725][T11742] 8021q: adding VLAN 0 to HW filter on device bond0 [ 408.736808][T11742] 8021q: adding VLAN 0 to HW filter on device team0 [ 408.833813][T10584] bridge0: port 1(bridge_slave_0) entered blocking state [ 408.841057][T10584] bridge0: port 1(bridge_slave_0) entered forwarding state [ 408.869886][ T7542] bridge0: port 2(bridge_slave_1) entered blocking state [ 408.877127][ T7542] bridge0: port 2(bridge_slave_1) entered forwarding state [ 408.982299][T11729] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 409.003716][T11111] Bluetooth: hci4: command tx timeout [ 409.022842][T11824] syz.0.1353 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 410.108129][T11742] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 410.126167][T11111] Bluetooth: hci5: command tx timeout [ 410.410513][T11729] veth0_vlan: entered promiscuous mode [ 410.435470][T11729] veth1_vlan: entered promiscuous mode [ 410.498278][T11729] veth0_macvtap: entered promiscuous mode [ 410.627074][T11729] veth1_macvtap: entered promiscuous mode [ 410.689672][T11729] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 410.728705][T11729] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 410.852690][ T7516] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.872992][ T7516] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.904275][ T7516] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 410.933532][ T7516] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.082985][T11111] Bluetooth: hci4: command tx timeout [ 411.199932][T11742] veth0_vlan: entered promiscuous mode [ 411.273486][ T7516] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.297283][ T7516] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.334782][T11742] veth1_vlan: entered promiscuous mode [ 411.400696][T10581] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 411.415347][T10581] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 411.456983][T11742] veth0_macvtap: entered promiscuous mode [ 411.468831][T11742] veth1_macvtap: entered promiscuous mode [ 411.503660][T11742] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 411.533731][T11742] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 411.715923][T10584] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.740159][T10584] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.858771][T10584] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.884563][T10584] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 411.897434][T11872] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1361'. [ 412.202574][T11111] Bluetooth: hci5: command tx timeout [ 412.221011][T10581] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.245776][T10581] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 412.792370][T10583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 412.806848][T10583] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 413.284904][T11903] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 414.641839][T11925] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 414.668409][T11923] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f004e5d3 pfn:0x78000 [ 414.746225][T11923] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 414.772637][T11923] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 414.848381][T11923] raw: 00000007f004e5d3 0000000000000000 0000000400000002 0000000000000000 [ 414.872247][T11923] page dumped because: unmovable page [ 414.877688][T11923] page_owner tracks the page as allocated [ 414.951294][T11923] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 92758054086, free_ts 92500227407 [ 414.993312][T11923] post_alloc_hook+0x1e1/0x250 [ 414.998190][T11923] get_page_from_freelist+0xe3d/0x2e10 [ 415.031714][T11923] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 415.042131][T11923] alloc_pages_mpol+0x1fb/0x550 [ 415.091842][T11923] alloc_pages_noprof+0x131/0x390 [ 415.098716][T11923] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 415.105667][T11923] vmalloc_user_noprof+0x9e/0xe0 [ 415.111027][T11923] kcov_ioctl+0x4c/0x720 [ 415.116744][T11923] __x64_sys_ioctl+0x18e/0x210 [ 415.122113][T11923] do_syscall_64+0xc9/0xf80 [ 415.128364][T11923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.136062][T11923] page last free pid 5811 tgid 5811 stack trace: [ 415.182652][T11923] free_unref_folios+0xb2a/0x1760 [ 415.187944][T11923] folios_put_refs+0x53c/0x840 [ 415.193327][T11923] free_pages_and_swap_cache+0x242/0x480 [ 415.199219][T11923] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 415.214979][T11923] tlb_finish_mmu+0x1b0/0x810 [ 415.219863][T11923] vms_clear_ptes+0x55c/0x790 [ 415.226013][T11923] vms_complete_munmap_vmas+0x1cf/0x970 [ 415.232092][T11923] do_vmi_align_munmap+0x44f/0x5f0 [ 415.239196][T11923] do_vmi_munmap+0x1f8/0x3e0 [ 415.258327][T11923] __vm_munmap+0x196/0x390 [ 415.263678][T11923] __x64_sys_munmap+0x59/0x80 [ 415.268552][T11923] do_syscall_64+0xc9/0xf80 [ 415.273729][T11923] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.166652][T11960] FAULT_INJECTION: forcing a failure. [ 416.166652][T11960] name failslab, interval 1, probability 0, space 0, times 0 [ 416.201778][T11960] CPU: 0 UID: 0 PID: 11960 Comm: syz.1.1386 Tainted: G L syzkaller #0 PREEMPT(full) [ 416.201825][T11960] Tainted: [L]=SOFTLOCKUP [ 416.201835][T11960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 416.201917][T11960] Call Trace: [ 416.201925][T11960] [ 416.201933][T11960] dump_stack_lvl+0x100/0x190 [ 416.201959][T11960] should_fail_ex.cold+0x5/0xa [ 416.201990][T11960] should_failslab+0xc2/0x120 [ 416.202015][T11960] ? tomoyo_realpath_from_path+0xb6/0x690 [ 416.202034][T11960] __kmalloc_noprof+0xf6/0x9c0 [ 416.202058][T11960] ? tomoyo_realpath_from_path+0xb6/0x690 [ 416.202076][T11960] tomoyo_realpath_from_path+0xb6/0x690 [ 416.202102][T11960] tomoyo_path_number_perm+0x23c/0x580 [ 416.202129][T11960] ? tomoyo_path_number_perm+0x22e/0x580 [ 416.202157][T11960] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 416.202208][T11960] ? find_held_lock+0x2b/0x80 [ 416.202226][T11960] ? hook_file_ioctl_common+0x146/0x410 [ 416.202253][T11960] ? __fget_files+0x215/0x3d0 [ 416.202276][T11960] ? __fget_files+0x21f/0x3d0 [ 416.202299][T11960] security_file_ioctl+0xd3/0x230 [ 416.202328][T11960] __x64_sys_ioctl+0xb7/0x210 [ 416.202359][T11960] do_syscall_64+0xc9/0xf80 [ 416.202384][T11960] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 416.202402][T11960] RIP: 0033:0x7fe9cab9aeb9 [ 416.202417][T11960] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 416.202434][T11960] RSP: 002b:00007fe9cba7c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 416.202452][T11960] RAX: ffffffffffffffda RBX: 00007fe9cae16090 RCX: 00007fe9cab9aeb9 [ 416.202464][T11960] RDX: 0000000000000004 RSI: 0000000080106f53 RDI: 0000000000000003 [ 416.202474][T11960] RBP: 00007fe9cba7c090 R08: 0000000000000000 R09: 0000000000000000 [ 416.202485][T11960] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 416.202495][T11960] R13: 00007fe9cae16128 R14: 00007fe9cae16090 R15: 00007ffd6cd0cda8 [ 416.202518][T11960] [ 416.202525][T11960] ERROR: Out of memory at tomoyo_realpath_from_path. [ 416.557471][T11966] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1376'. [ 417.004936][T11968] could not allocate digest TFM handle [ 417.516619][T11985] page: refcount:3 mapcount:2 mapping:0000000000000000 index:0x7f004e5d3 pfn:0x78000 [ 417.604642][T11985] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 417.614527][T11985] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 417.624379][T11985] raw: 00000007f004e5d3 0000000000000000 0000000300000001 0000000000000000 [ 417.633611][T11985] page dumped because: unmovable page [ 417.639054][T11985] page_owner tracks the page as allocated [ 417.645836][T11985] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 92758054086, free_ts 92500227407 [ 417.692186][T11985] post_alloc_hook+0x1e1/0x250 [ 417.702970][T11985] get_page_from_freelist+0xe3d/0x2e10 [ 417.717295][T11985] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 417.732046][T11985] alloc_pages_mpol+0x1fb/0x550 [ 417.739706][T11985] alloc_pages_noprof+0x131/0x390 [ 417.768865][T11985] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 417.810999][T11985] vmalloc_user_noprof+0x9e/0xe0 [ 417.816201][T11985] kcov_ioctl+0x4c/0x720 [ 417.821046][T11985] __x64_sys_ioctl+0x18e/0x210 [ 417.831261][T11985] do_syscall_64+0xc9/0xf80 [ 417.835848][T11985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 417.851286][T11985] page last free pid 5811 tgid 5811 stack trace: [ 417.888923][T11985] free_unref_folios+0xb2a/0x1760 [ 417.896806][T11985] folios_put_refs+0x53c/0x840 [ 417.911331][T11985] free_pages_and_swap_cache+0x242/0x480 [ 417.921772][T11985] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 417.931500][T11985] tlb_finish_mmu+0x1b0/0x810 [ 417.938150][T11985] vms_clear_ptes+0x55c/0x790 [ 417.947004][T11985] vms_complete_munmap_vmas+0x1cf/0x970 [ 417.953362][T11985] do_vmi_align_munmap+0x44f/0x5f0 [ 417.958841][T11985] do_vmi_munmap+0x1f8/0x3e0 [ 417.964261][T11985] __vm_munmap+0x196/0x390 [ 417.969037][T11985] __x64_sys_munmap+0x59/0x80 [ 417.974524][T11985] do_syscall_64+0xc9/0xf80 [ 417.979292][T11985] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.504127][T12005] netlink: 4820 bytes leftover after parsing attributes in process `syz.4.1389'. [ 418.793182][T12021] FAULT_INJECTION: forcing a failure. [ 418.793182][T12021] name failslab, interval 1, probability 0, space 0, times 0 [ 418.814970][T12021] CPU: 1 UID: 0 PID: 12021 Comm: syz.0.1392 Tainted: G L syzkaller #0 PREEMPT(full) [ 418.815018][T12021] Tainted: [L]=SOFTLOCKUP [ 418.815028][T12021] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 418.815044][T12021] Call Trace: [ 418.815054][T12021] [ 418.815065][T12021] dump_stack_lvl+0x100/0x190 [ 418.815105][T12021] should_fail_ex.cold+0x5/0xa [ 418.815151][T12021] should_failslab+0xc2/0x120 [ 418.815191][T12021] ? tomoyo_encode2+0xfb/0x3c0 [ 418.815216][T12021] __kmalloc_noprof+0xf6/0x9c0 [ 418.815258][T12021] ? tomoyo_encode2+0xfb/0x3c0 [ 418.815282][T12021] tomoyo_encode2+0xfb/0x3c0 [ 418.815315][T12021] tomoyo_encode+0x29/0x50 [ 418.815342][T12021] tomoyo_realpath_from_path+0x18c/0x690 [ 418.815382][T12021] tomoyo_path_number_perm+0x23c/0x580 [ 418.815422][T12021] ? tomoyo_path_number_perm+0x22e/0x580 [ 418.815465][T12021] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 418.815549][T12021] ? find_held_lock+0x2b/0x80 [ 418.815582][T12021] ? hook_file_ioctl_common+0x146/0x410 [ 418.815622][T12021] ? __fget_files+0x215/0x3d0 [ 418.815661][T12021] ? __fget_files+0x21f/0x3d0 [ 418.815699][T12021] security_file_ioctl+0xd3/0x230 [ 418.815741][T12021] __x64_sys_ioctl+0xb7/0x210 [ 418.815788][T12021] do_syscall_64+0xc9/0xf80 [ 418.815825][T12021] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.815862][T12021] RIP: 0033:0x7f4ba079aeb9 [ 418.815887][T12021] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 418.815912][T12021] RSP: 002b:00007f4ba16c6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 418.815939][T12021] RAX: ffffffffffffffda RBX: 00007f4ba0a16090 RCX: 00007f4ba079aeb9 [ 418.815957][T12021] RDX: 0000000000000004 RSI: 0000000080106f53 RDI: 0000000000000003 [ 418.815975][T12021] RBP: 00007f4ba16c6090 R08: 0000000000000000 R09: 0000000000000000 [ 418.815991][T12021] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.816007][T12021] R13: 00007f4ba0a16128 R14: 00007f4ba0a16090 R15: 00007ffe79d6aba8 [ 418.816048][T12021] [ 418.819206][T12021] ERROR: Out of memory at tomoyo_realpath_from_path. [ 420.213290][T12054] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f004e5d3 pfn:0x78000 [ 420.262210][T12054] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 420.330107][T12054] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 420.391560][T12054] raw: 00000007f004e5d3 0000000000000000 0000000400000002 0000000000000000 [ 420.457143][T12054] page dumped because: unmovable page [ 420.489956][T12054] page_owner tracks the page as allocated [ 420.570357][T12054] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 92758054086, free_ts 92500227407 [ 420.608253][T12054] post_alloc_hook+0x1e1/0x250 [ 420.613151][T12054] get_page_from_freelist+0xe3d/0x2e10 [ 420.618756][T12054] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 420.625186][T12054] alloc_pages_mpol+0x1fb/0x550 [ 420.635481][T12054] alloc_pages_noprof+0x131/0x390 [ 420.640557][T12054] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 420.728894][T12054] vmalloc_user_noprof+0x9e/0xe0 [ 420.741328][T12054] kcov_ioctl+0x4c/0x720 [ 420.764525][T12054] __x64_sys_ioctl+0x18e/0x210 [ 420.784072][T12054] do_syscall_64+0xc9/0xf80 [ 420.798097][T12054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.810038][T12054] page last free pid 5811 tgid 5811 stack trace: [ 420.817112][T12066] sctp: [Deprecated]: syz.1.1399 (pid 12066) Use of struct sctp_assoc_value in delayed_ack socket option. [ 420.817112][T12066] Use struct sctp_sack_info instead [ 420.836114][T12054] free_unref_folios+0xb2a/0x1760 [ 420.842656][T12054] folios_put_refs+0x53c/0x840 [ 420.848607][T12054] free_pages_and_swap_cache+0x242/0x480 [ 420.869422][T12054] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 420.877654][T12054] tlb_finish_mmu+0x1b0/0x810 [ 420.883134][T12054] vms_clear_ptes+0x55c/0x790 [ 420.888015][T12054] vms_complete_munmap_vmas+0x1cf/0x970 [ 420.897072][T12054] do_vmi_align_munmap+0x44f/0x5f0 [ 420.902768][T12054] do_vmi_munmap+0x1f8/0x3e0 [ 420.907849][T12054] __vm_munmap+0x196/0x390 [ 420.917193][T12054] __x64_sys_munmap+0x59/0x80 [ 420.935715][T12054] do_syscall_64+0xc9/0xf80 [ 420.946999][T12054] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.852735][T12079] netlink: 4820 bytes leftover after parsing attributes in process `syz.5.1405'. [ 422.436468][T12087] FAULT_INJECTION: forcing a failure. [ 422.436468][T12087] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 422.488213][T12087] CPU: 1 UID: 0 PID: 12087 Comm: syz.4.1406 Tainted: G L syzkaller #0 PREEMPT(full) [ 422.488259][T12087] Tainted: [L]=SOFTLOCKUP [ 422.488270][T12087] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 422.488286][T12087] Call Trace: [ 422.488296][T12087] [ 422.488306][T12087] dump_stack_lvl+0x100/0x190 [ 422.488346][T12087] should_fail_ex.cold+0x5/0xa [ 422.488403][T12087] _copy_from_user+0x2e/0xd0 [ 422.488445][T12087] dvb_usercopy+0x27e/0x340 [ 422.488476][T12087] ? __pfx_dvb_frontend_do_ioctl+0x10/0x10 [ 422.488501][T12087] ? __pfx_dvb_usercopy+0x10/0x10 [ 422.488532][T12087] ? __fget_files+0x21f/0x3d0 [ 422.488556][T12087] dvb_frontend_ioctl+0x50/0x80 [ 422.488576][T12087] ? __pfx_dvb_frontend_ioctl+0x10/0x10 [ 422.488598][T12087] __x64_sys_ioctl+0x18e/0x210 [ 422.488629][T12087] do_syscall_64+0xc9/0xf80 [ 422.488654][T12087] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 422.488672][T12087] RIP: 0033:0x7f133dd9aeb9 [ 422.488687][T12087] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 422.488705][T12087] RSP: 002b:00007f133ec37028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 422.488723][T12087] RAX: ffffffffffffffda RBX: 00007f133e016090 RCX: 00007f133dd9aeb9 [ 422.488735][T12087] RDX: 0000000000000004 RSI: 0000000080106f53 RDI: 0000000000000003 [ 422.488745][T12087] RBP: 00007f133ec37090 R08: 0000000000000000 R09: 0000000000000000 [ 422.488767][T12087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 422.488778][T12087] R13: 00007f133e016128 R14: 00007f133e016090 R15: 00007ffe83313088 [ 422.488800][T12087] [ 422.851044][T12091] Invalid ELF header magic: != ELF [ 426.333425][T12138] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f004e5d3 pfn:0x78000 [ 426.412902][T12138] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 426.426095][T12138] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 426.435132][T12138] raw: 00000007f004e5d3 0000000000000000 0000000400000002 0000000000000000 [ 426.446768][T12138] page dumped because: unmovable page [ 426.452415][T12138] page_owner tracks the page as allocated [ 426.458397][T12138] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 92758054086, free_ts 92500227407 [ 426.481991][T12141] Invalid ELF header magic: != ELF [ 426.489100][T12138] post_alloc_hook+0x1e1/0x250 [ 426.494356][T12138] get_page_from_freelist+0xe3d/0x2e10 [ 426.500110][T12138] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 426.560441][T12138] alloc_pages_mpol+0x1fb/0x550 [ 426.565762][T12138] alloc_pages_noprof+0x131/0x390 [ 426.589176][T12138] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 426.639849][T12138] vmalloc_user_noprof+0x9e/0xe0 [ 426.678712][T12138] kcov_ioctl+0x4c/0x720 [ 426.703644][T12138] __x64_sys_ioctl+0x18e/0x210 [ 426.708650][T12138] do_syscall_64+0xc9/0xf80 [ 426.721310][T12138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 426.727273][T12138] page last free pid 5811 tgid 5811 stack trace: [ 426.802817][T12138] free_unref_folios+0xb2a/0x1760 [ 426.807975][T12138] folios_put_refs+0x53c/0x840 [ 426.890769][T12138] free_pages_and_swap_cache+0x242/0x480 [ 426.931418][T12138] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 426.952456][T12138] tlb_finish_mmu+0x1b0/0x810 [ 426.977636][T12138] vms_clear_ptes+0x55c/0x790 [ 426.991338][T12138] vms_complete_munmap_vmas+0x1cf/0x970 [ 427.011359][T12138] do_vmi_align_munmap+0x44f/0x5f0 [ 427.022925][T12138] do_vmi_munmap+0x1f8/0x3e0 [ 427.068766][T12138] __vm_munmap+0x196/0x390 [ 427.091244][T12138] __x64_sys_munmap+0x59/0x80 [ 427.096112][T12138] do_syscall_64+0xc9/0xf80 [ 427.100672][T12138] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.042989][T12178] sctp: [Deprecated]: syz.5.1430 (pid 12178) Use of struct sctp_assoc_value in delayed_ack socket option. [ 428.042989][T12178] Use struct sctp_sack_info instead [ 429.208711][T12203] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1436'. [ 431.575820][T12236] could not allocate digest TFM handle [ 431.656399][T12246] zram: Added device: zram1 [ 432.001928][T12252] FAULT_INJECTION: forcing a failure. [ 432.001928][T12252] name failslab, interval 1, probability 0, space 0, times 0 [ 432.041656][T12252] CPU: 1 UID: 0 PID: 12252 Comm: syz.1.1449 Tainted: G L syzkaller #0 PREEMPT(full) [ 432.041688][T12252] Tainted: [L]=SOFTLOCKUP [ 432.041694][T12252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 432.041705][T12252] Call Trace: [ 432.041711][T12252] [ 432.041718][T12252] dump_stack_lvl+0x100/0x190 [ 432.041744][T12252] should_fail_ex.cold+0x5/0xa [ 432.041782][T12252] should_failslab+0xc2/0x120 [ 432.041809][T12252] kmem_cache_alloc_noprof+0x83/0x780 [ 432.041832][T12252] ? __pud_alloc+0x575/0x760 [ 432.041859][T12252] ? __pmd_alloc+0xbf/0x9c0 [ 432.041889][T12252] ? __pmd_alloc+0xbf/0x9c0 [ 432.041915][T12252] __pmd_alloc+0xbf/0x9c0 [ 432.041941][T12252] ? __pud_alloc+0x57a/0x760 [ 432.041971][T12252] walk_to_pmd+0x3a3/0x4c0 [ 432.042001][T12252] __get_locked_pte+0x25/0xc0 [ 432.042033][T12252] map_ldt_struct+0x3b1/0xa50 [ 432.042058][T12252] ? __pfx_map_ldt_struct+0x10/0x10 [ 432.042078][T12252] ? alloc_pages_noprof+0x233/0x390 [ 432.042108][T12252] write_ldt+0x6d3/0xd40 [ 432.042131][T12252] ? __pfx_write_ldt+0x10/0x10 [ 432.042150][T12252] ? fput+0x79/0x100 [ 432.042174][T12252] ? xfd_validate_state+0x129/0x190 [ 432.042207][T12252] __x64_sys_modify_ldt+0xb1/0x170 [ 432.042228][T12252] do_syscall_64+0xc9/0xf80 [ 432.042252][T12252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.042270][T12252] RIP: 0033:0x7fe9cab9aeb9 [ 432.042285][T12252] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 432.042302][T12252] RSP: 002b:00007fe9cba9d028 EFLAGS: 00000246 ORIG_RAX: 000000000000009a [ 432.042321][T12252] RAX: ffffffffffffffda RBX: 00007fe9cae15fa0 RCX: 00007fe9cab9aeb9 [ 432.042332][T12252] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000001 [ 432.042342][T12252] RBP: 00007fe9cac08c1f R08: 0000000000000000 R09: 0000000000000000 [ 432.042352][T12252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 432.042362][T12252] R13: 00007fe9cae16038 R14: 00007fe9cae15fa0 R15: 00007ffd6cd0cda8 [ 432.042385][T12252] [ 432.382177][T12262] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1452'. [ 433.134762][T12277] sctp: [Deprecated]: syz.0.1456 (pid 12277) Use of struct sctp_assoc_value in delayed_ack socket option. [ 433.134762][T12277] Use struct sctp_sack_info instead [ 433.441432][T12280] zswap: compressor not available [ 433.779461][T12289] netlink: 'syz.4.1459': attribute type 1 has an invalid length. [ 435.097386][T12308] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1464'. [ 435.397047][T12310] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1466'. [ 435.982268][T12316] zram: Added device: zram2 [ 440.259520][T12392] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1487'. [ 440.791722][T12405] futex_wake_op: syz.0.1488 tries to shift op by -2048; fix this program [ 440.856422][T12405] futex_wake_op: syz.0.1488 tries to shift op by -2048; fix this program [ 443.918412][T12450] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1499'. [ 445.352587][T12477] vhci_hcd vhci_hcd.2: invalid port number 16 [ 445.358890][T12477] vhci_hcd vhci_hcd.2: invalid port number 16 [ 445.411080][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 445.417596][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 448.568283][T12526] bridge0: port 3(gretap0) entered blocking state [ 448.581707][T12526] bridge0: port 3(gretap0) entered disabled state [ 448.621497][T12526] gretap0: entered allmulticast mode [ 448.644253][T12526] gretap0: entered promiscuous mode [ 448.652333][T12526] bridge0: port 3(gretap0) entered blocking state [ 448.659075][T12526] bridge0: port 3(gretap0) entered forwarding state [ 448.822476][T12540] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1525'. [ 448.861404][T12540] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 449.759996][T12544] netlink: 330 bytes leftover after parsing attributes in process `syz.4.1527'. [ 449.836999][T12542] binder: 12541:12542 ioctl c018620c 0 returned -1 [ 452.090055][T12593] FAULT_INJECTION: forcing a failure. [ 452.090055][T12593] name failslab, interval 1, probability 0, space 0, times 0 [ 452.184059][T12593] CPU: 1 UID: 0 PID: 12593 Comm: syz.4.1536 Tainted: G L syzkaller #0 PREEMPT(full) [ 452.184099][T12593] Tainted: [L]=SOFTLOCKUP [ 452.184105][T12593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 452.184116][T12593] Call Trace: [ 452.184123][T12593] [ 452.184130][T12593] dump_stack_lvl+0x100/0x190 [ 452.184156][T12593] should_fail_ex.cold+0x5/0xa [ 452.184187][T12593] should_failslab+0xc2/0x120 [ 452.184213][T12593] __kvmalloc_node_noprof+0x101/0xac0 [ 452.184238][T12593] ? seq_read_iter+0x819/0x1270 [ 452.184256][T12593] ? aa_file_perm+0x268/0x1540 [ 452.184279][T12593] ? seq_read_iter+0x819/0x1270 [ 452.184304][T12593] seq_read_iter+0x819/0x1270 [ 452.184330][T12593] ? aa_file_perm+0x277/0x1540 [ 452.184374][T12593] seq_read+0x33b/0x4c0 [ 452.184405][T12593] ? __pfx_seq_read+0x10/0x10 [ 452.184440][T12593] ? lock_acquire+0x17c/0x330 [ 452.184471][T12593] ? rcu_is_watching+0x12/0xc0 [ 452.184492][T12593] ? __pfx_seq_read+0x10/0x10 [ 452.184510][T12593] proc_reg_read+0x240/0x330 [ 452.184537][T12593] ? __pfx_proc_reg_read+0x10/0x10 [ 452.184565][T12593] vfs_read+0x1e4/0xb30 [ 452.184588][T12593] ? __pfx_vfs_read+0x10/0x10 [ 452.184606][T12593] ? find_held_lock+0x2b/0x80 [ 452.184625][T12593] ? __fget_files+0x215/0x3d0 [ 452.184651][T12593] ? __fget_files+0x21f/0x3d0 [ 452.184677][T12593] ksys_read+0x12a/0x250 [ 452.184697][T12593] ? __pfx_ksys_read+0x10/0x10 [ 452.184724][T12593] do_syscall_64+0xc9/0xf80 [ 452.184748][T12593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 452.184767][T12593] RIP: 0033:0x7f133dd9aeb9 [ 452.184782][T12593] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 452.184800][T12593] RSP: 002b:00007f133ec58028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 452.184818][T12593] RAX: ffffffffffffffda RBX: 00007f133e015fa0 RCX: 00007f133dd9aeb9 [ 452.184829][T12593] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000003 [ 452.184840][T12593] RBP: 00007f133ec58090 R08: 0000000000000000 R09: 0000000000000000 [ 452.184850][T12593] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 452.184861][T12593] R13: 00007f133e016038 R14: 00007f133e015fa0 R15: 00007ffe83313088 [ 452.184892][T12593] [ 452.707503][T12600] vhci_hcd vhci_hcd.2: invalid port number 16 [ 452.734383][T12600] vhci_hcd vhci_hcd.2: invalid port number 16 [ 453.613684][T12619] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1542'. [ 453.986847][T12626] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1544'. [ 454.197945][T12625] futex_wake_op: syz.4.1543 tries to shift op by -2048; fix this program [ 454.261500][T12625] futex_wake_op: syz.4.1543 tries to shift op by -2048; fix this program [ 454.301980][T12625] 0x000000000001-0x000000020000 : "" [ 454.401232][T12625] ftl_cs: FTL header corrupt! [ 454.666893][T12633] Invalid ELF header magic: != ELF [ 455.431809][T12643] vhci_hcd vhci_hcd.2: invalid port number 16 [ 455.437947][T12643] vhci_hcd vhci_hcd.2: invalid port number 16 [ 455.604279][T12649] FAULT_INJECTION: forcing a failure. [ 455.604279][T12649] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 455.655911][T12649] CPU: 0 UID: 0 PID: 12649 Comm: syz.5.1549 Tainted: G L syzkaller #0 PREEMPT(full) [ 455.655953][T12649] Tainted: [L]=SOFTLOCKUP [ 455.655960][T12649] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 455.655970][T12649] Call Trace: [ 455.655976][T12649] [ 455.655983][T12649] dump_stack_lvl+0x100/0x190 [ 455.656010][T12649] should_fail_ex.cold+0x5/0xa [ 455.656044][T12649] _copy_to_iter+0x5a4/0x1720 [ 455.656093][T12649] ? __pfx__copy_to_iter+0x10/0x10 [ 455.656142][T12649] ? __local_bh_enable_ip+0x9e/0x120 [ 455.656178][T12649] ? lockdep_hardirqs_on+0x78/0x100 [ 455.656209][T12649] ? tcp_seq_stop+0x177/0x260 [ 455.656240][T12649] ? __local_bh_enable_ip+0x9e/0x120 [ 455.656269][T12649] seq_read_iter+0xdab/0x1270 [ 455.656316][T12649] seq_read+0x33b/0x4c0 [ 455.656346][T12649] ? __pfx_seq_read+0x10/0x10 [ 455.656382][T12649] ? lock_acquire+0x17c/0x330 [ 455.656429][T12649] ? rcu_is_watching+0x12/0xc0 [ 455.656464][T12649] ? __pfx_seq_read+0x10/0x10 [ 455.656494][T12649] proc_reg_read+0x240/0x330 [ 455.656535][T12649] ? __pfx_proc_reg_read+0x10/0x10 [ 455.656577][T12649] vfs_read+0x1e4/0xb30 [ 455.656617][T12649] ? __pfx_vfs_read+0x10/0x10 [ 455.656652][T12649] ? find_held_lock+0x2b/0x80 [ 455.656681][T12649] ? __fget_files+0x215/0x3d0 [ 455.656721][T12649] ? __fget_files+0x21f/0x3d0 [ 455.656765][T12649] ksys_read+0x12a/0x250 [ 455.656798][T12649] ? __pfx_ksys_read+0x10/0x10 [ 455.656851][T12649] do_syscall_64+0xc9/0xf80 [ 455.656890][T12649] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 455.656919][T12649] RIP: 0033:0x7fc39039aeb9 [ 455.656943][T12649] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 455.656969][T12649] RSP: 002b:00007fc3911ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 455.657012][T12649] RAX: ffffffffffffffda RBX: 00007fc390615fa0 RCX: 00007fc39039aeb9 [ 455.657032][T12649] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000003 [ 455.657049][T12649] RBP: 00007fc3911ca090 R08: 0000000000000000 R09: 0000000000000000 [ 455.657066][T12649] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 455.657082][T12649] R13: 00007fc390616038 R14: 00007fc390615fa0 R15: 00007ffceda44048 [ 455.657120][T12649] [ 457.525311][T12679] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1557'. [ 458.622443][T12675] bridge0: port 3(gretap0) entered blocking state [ 458.643462][T12675] bridge0: port 3(gretap0) entered disabled state [ 458.654788][T12675] gretap0: entered allmulticast mode [ 458.666794][T12675] gretap0: entered promiscuous mode [ 458.704287][T12675] bridge0: port 3(gretap0) entered blocking state [ 458.710854][T12675] bridge0: port 3(gretap0) entered forwarding state [ 458.803237][T12705] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1563'. [ 458.835087][T12707] FAULT_INJECTION: forcing a failure. [ 458.835087][T12707] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 458.881505][T12707] CPU: 0 UID: 0 PID: 12707 Comm: syz.4.1565 Tainted: G L syzkaller #0 PREEMPT(full) [ 458.881550][T12707] Tainted: [L]=SOFTLOCKUP [ 458.881558][T12707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 458.881574][T12707] Call Trace: [ 458.881582][T12707] [ 458.881591][T12707] dump_stack_lvl+0x100/0x190 [ 458.881637][T12707] should_fail_ex.cold+0x5/0xa [ 458.881680][T12707] _copy_to_user+0x32/0xd0 [ 458.881725][T12707] simple_read_from_buffer+0xcb/0x170 [ 458.881757][T12707] proc_fail_nth_read+0x1af/0x230 [ 458.881790][T12707] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 458.881824][T12707] ? rw_verify_area+0xce/0x6d0 [ 458.881849][T12707] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 458.881881][T12707] vfs_read+0x1e4/0xb30 [ 458.881915][T12707] ? __pfx_vfs_read+0x10/0x10 [ 458.881943][T12707] ? find_held_lock+0x2b/0x80 [ 458.881971][T12707] ? __fget_files+0x215/0x3d0 [ 458.882006][T12707] ? __fget_files+0x21f/0x3d0 [ 458.882045][T12707] ksys_read+0x12a/0x250 [ 458.882073][T12707] ? __pfx_ksys_read+0x10/0x10 [ 458.882116][T12707] do_syscall_64+0xc9/0xf80 [ 458.882155][T12707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 458.882182][T12707] RIP: 0033:0x7f133dd5b78e [ 458.882205][T12707] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 458.882230][T12707] RSP: 002b:00007f133ec57fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 458.882257][T12707] RAX: ffffffffffffffda RBX: 00007f133ec586c0 RCX: 00007f133dd5b78e [ 458.882274][T12707] RDX: 000000000000000f RSI: 00007f133ec580a0 RDI: 0000000000000004 [ 458.882290][T12707] RBP: 00007f133ec58090 R08: 0000000000000000 R09: 0000000000000000 [ 458.882307][T12707] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 458.882323][T12707] R13: 00007f133e016038 R14: 00007f133e015fa0 R15: 00007ffe83313088 [ 458.882361][T12707] [ 460.542407][T12738] Invalid ELF header magic: != ELF [ 461.681718][T12749] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1572'. [ 464.016793][T12784] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1588'. [ 469.099767][T12866] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1597'. [ 470.322199][T12883] vhci_hcd vhci_hcd.2: invalid port number 16 [ 470.328657][T12883] vhci_hcd vhci_hcd.2: invalid port number 16 [ 470.485335][T12887] vhci_hcd vhci_hcd.2: invalid port number 16 [ 470.506019][T12887] vhci_hcd vhci_hcd.2: invalid port number 16 [ 470.975829][T12907] Invalid ELF header magic: != ELF [ 471.846048][T12928] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1609'. [ 472.402846][T12939] FAULT_INJECTION: forcing a failure. [ 472.402846][T12939] name fail_futex, interval 1, probability 0, space 0, times 0 [ 472.441643][T12939] CPU: 1 UID: 0 PID: 12939 Comm: syz.1.1611 Tainted: G L syzkaller #0 PREEMPT(full) [ 472.441693][T12939] Tainted: [L]=SOFTLOCKUP [ 472.441704][T12939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 472.441732][T12939] Call Trace: [ 472.441742][T12939] [ 472.441754][T12939] dump_stack_lvl+0x100/0x190 [ 472.441796][T12939] should_fail_ex.cold+0x5/0xa [ 472.441844][T12939] get_futex_key+0x1d2/0x1620 [ 472.441888][T12939] ? __pfx_get_futex_key+0x10/0x10 [ 472.441926][T12939] ? futex_wake+0x456/0x530 [ 472.441981][T12939] futex_wake+0xea/0x530 [ 472.442030][T12939] ? __pfx_futex_wake+0x10/0x10 [ 472.442081][T12939] ? __lock_acquire+0x4a5/0x2630 [ 472.442131][T12939] do_futex+0x32b/0x350 [ 472.442174][T12939] ? __pfx_do_futex+0x10/0x10 [ 472.442213][T12939] ? cap_capable+0x107/0x3f0 [ 472.442259][T12939] __x64_sys_futex+0x34f/0x4d0 [ 472.442302][T12939] ? kernel_migrate_pages+0xa2/0x700 [ 472.442348][T12939] ? __pfx___x64_sys_futex+0x10/0x10 [ 472.442406][T12939] do_syscall_64+0xc9/0xf80 [ 472.442448][T12939] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 472.442478][T12939] RIP: 0033:0x7fe9cab9aeb9 [ 472.442503][T12939] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 472.442532][T12939] RSP: 002b:00007fe9cba9d0e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 472.442561][T12939] RAX: ffffffffffffffda RBX: 00007fe9cae15fa8 RCX: 00007fe9cab9aeb9 [ 472.442580][T12939] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fe9cae15fac [ 472.442596][T12939] RBP: 00007fe9cae15fa0 R08: 0000000000000000 R09: 0000000000000000 [ 472.442613][T12939] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 472.442630][T12939] R13: 00007fe9cae16038 R14: 00007ffd6cd0ccc0 R15: 00007ffd6cd0cda8 [ 472.442671][T12939] [ 473.123114][T12949] vhci_hcd vhci_hcd.2: invalid port number 16 [ 473.129248][T12949] vhci_hcd vhci_hcd.2: invalid port number 16 [ 473.391238][T12953] netlink: 342 bytes leftover after parsing attributes in process `syz.0.1615'. [ 473.806027][T12965] sysfs: cannot create duplicate filename '/class/ieee80211/!PjE ùrõ£Ò„yù*›"¤l-ý¤ôy–ú„L̓÷ÓÄ]' [ 473.819908][T12965] CPU: 0 UID: 0 PID: 12965 Comm: syz.1.1618 Tainted: G L syzkaller #0 PREEMPT(full) [ 473.819952][T12965] Tainted: [L]=SOFTLOCKUP [ 473.819963][T12965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 473.819980][T12965] Call Trace: [ 473.819990][T12965] [ 473.820000][T12965] dump_stack_lvl+0x100/0x190 [ 473.820039][T12965] sysfs_warn_dup.cold+0x1c/0x28 [ 473.820078][T12965] sysfs_do_create_link_sd+0x113/0x140 [ 473.820121][T12965] sysfs_create_link+0x61/0xc0 [ 473.820160][T12965] device_add+0x675/0x1950 [ 473.820205][T12965] ? __pfx_device_add+0x10/0x10 [ 473.820243][T12965] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 473.820279][T12965] ? ieee80211_set_bitrate_flags+0x41b/0x6b0 [ 473.820327][T12965] wiphy_register+0x1e58/0x2d30 [ 473.820374][T12965] ? __rtnl_unlock+0xb9/0xf0 [ 473.820432][T12965] ? __pfx_wiphy_register+0x10/0x10 [ 473.820478][T12965] ? __asan_memset+0x23/0x50 [ 473.820510][T12965] ? minstrel_ht_alloc+0x5e6/0x7f0 [ 473.820568][T12965] ieee80211_register_hw+0x2c11/0x4040 [ 473.820634][T12965] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 473.820675][T12965] ? __pfx___debug_object_init+0x10/0x10 [ 473.820727][T12965] ? find_held_lock+0x2b/0x80 [ 473.820757][T12965] ? net_generic+0xea/0x2a0 [ 473.820793][T12965] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 473.820827][T12965] ? __hrtimer_setup+0x178/0x280 [ 473.820875][T12965] mac80211_hwsim_new_radio+0x2847/0x57c0 [ 473.820939][T12965] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 473.820988][T12965] ? __asan_memcpy+0x3c/0x60 [ 473.821024][T12965] hwsim_new_radio_nl+0xc1f/0x1340 [ 473.821065][T12965] ? genl_family_rcv_msg_attrs_parse.isra.0+0xc8/0x290 [ 473.821104][T12965] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 473.821164][T12965] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1aa/0x290 [ 473.821198][T12965] ? genl_family_rcv_msg_attrs_parse.isra.0+0x1b4/0x290 [ 473.821236][T12965] genl_family_rcv_msg_doit+0x214/0x300 [ 473.821273][T12965] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 473.821304][T12965] ? genl_get_cmd+0x3ef/0x720 [ 473.821342][T12965] ? bpf_lsm_capable+0x9/0x10 [ 473.821368][T12965] ? security_capable+0x80/0x260 [ 473.821405][T12965] ? ns_capable+0xd2/0xf0 [ 473.821441][T12965] genl_rcv_msg+0x560/0x800 [ 473.821474][T12965] ? __pfx_genl_rcv_msg+0x10/0x10 [ 473.821505][T12965] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 473.821556][T12965] netlink_rcv_skb+0x159/0x420 [ 473.821598][T12965] ? __pfx_genl_rcv_msg+0x10/0x10 [ 473.821630][T12965] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 473.821688][T12965] ? netlink_deliver_tap+0x1ae/0xcc0 [ 473.821748][T12965] genl_rcv+0x28/0x40 [ 473.821772][T12965] netlink_unicast+0x5aa/0x870 [ 473.821816][T12965] ? __pfx_netlink_unicast+0x10/0x10 [ 473.821855][T12965] ? __pfx___might_resched+0x10/0x10 [ 473.821894][T12965] ? __lock_acquire+0x4a5/0x2630 [ 473.821939][T12965] netlink_sendmsg+0x8b0/0xda0 [ 473.821986][T12965] ? __pfx_netlink_sendmsg+0x10/0x10 [ 473.822024][T12965] ? __import_iovec+0x1d2/0x640 [ 473.822067][T12965] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 473.822106][T12965] ____sys_sendmsg+0xa54/0xc30 [ 473.822139][T12965] ? __pfx_____sys_sendmsg+0x10/0x10 [ 473.822172][T12965] ? try_to_wake_up+0x644/0x1a60 [ 473.822208][T12965] ___sys_sendmsg+0x190/0x1e0 [ 473.822244][T12965] ? __pfx____sys_sendmsg+0x10/0x10 [ 473.822277][T12965] ? futex_private_hash_put+0x107/0x1c0 [ 473.822333][T12965] ? find_held_lock+0x2b/0x80 [ 473.822390][T12965] __sys_sendmsg+0x170/0x220 [ 473.822435][T12965] ? __pfx___sys_sendmsg+0x10/0x10 [ 473.822475][T12965] ? __x64_sys_futex+0x34f/0x4d0 [ 473.822539][T12965] do_syscall_64+0xc9/0xf80 [ 473.822579][T12965] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 473.822609][T12965] RIP: 0033:0x7fe9cab9aeb9 [ 473.822634][T12965] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 473.822662][T12965] RSP: 002b:00007fe9cba9d028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 473.822690][T12965] RAX: ffffffffffffffda RBX: 00007fe9cae15fa0 RCX: 00007fe9cab9aeb9 [ 473.822709][T12965] RDX: 0000000000040800 RSI: 00002000000000c0 RDI: 0000000000000004 [ 473.822736][T12965] RBP: 00007fe9cac08c1f R08: 0000000000000000 R09: 0000000000000000 [ 473.822754][T12965] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 473.822771][T12965] R13: 00007fe9cae16038 R14: 00007fe9cae15fa0 R15: 00007ffd6cd0cda8 [ 473.822814][T12965] [ 475.377282][T12992] vhci_hcd vhci_hcd.2: invalid port number 16 [ 475.391412][T12992] vhci_hcd vhci_hcd.2: invalid port number 16 [ 476.052841][T11111] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 476.060326][T11111] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 476.434782][T13006] snd_aloop snd_aloop.0: control 1:262152:7:ª¸èˆt:0 is already present [ 476.599592][ T7481] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 476.620846][ T7481] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:0' [ 476.630821][ T7481] CPU: 0 UID: 0 PID: 7481 Comm: kworker/u11:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 476.630852][ T7481] Tainted: [L]=SOFTLOCKUP [ 476.630859][ T7481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 476.630871][ T7481] Workqueue: hci0 hci_rx_work [ 476.630897][ T7481] Call Trace: [ 476.630903][ T7481] [ 476.630912][ T7481] dump_stack_lvl+0x100/0x190 [ 476.630937][ T7481] sysfs_warn_dup.cold+0x1c/0x28 [ 476.630960][ T7481] sysfs_create_dir_ns+0x24b/0x2b0 [ 476.630985][ T7481] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 476.631008][ T7481] ? find_held_lock+0x2b/0x80 [ 476.631026][ T7481] ? kobject_add_internal+0x25f/0x930 [ 476.631051][ T7481] ? kobject_add_internal+0x25f/0x930 [ 476.631077][ T7481] ? do_raw_spin_unlock+0x145/0x1e0 [ 476.631107][ T7481] kobject_add_internal+0x2c8/0x930 [ 476.631148][ T7481] kobject_add+0x16a/0x1e0 [ 476.631188][ T7481] ? __pfx_kobject_add+0x10/0x10 [ 476.631221][ T7481] ? class_to_subsys+0x10f/0x150 [ 476.631252][ T7481] ? kobject_put+0xb9/0x640 [ 476.631273][ T7481] ? _raw_spin_unlock+0x28/0x50 [ 476.631297][ T7481] device_add+0x294/0x1950 [ 476.631323][ T7481] ? __pfx_dev_set_name+0x10/0x10 [ 476.631352][ T7481] ? __pfx_device_add+0x10/0x10 [ 476.631377][ T7481] ? mgmt_send_event_skb+0x2fb/0x460 [ 476.631406][ T7481] hci_conn_add_sysfs+0x1a3/0x260 [ 476.631433][ T7481] le_conn_complete_evt+0x11cb/0x1f40 [ 476.631463][ T7481] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 476.631484][ T7481] ? __pfx_bt_warn+0x10/0x10 [ 476.631536][ T7481] hci_le_conn_complete_evt+0x23c/0x3a0 [ 476.631574][ T7481] ? skb_pull_data+0x15f/0x1e0 [ 476.631612][ T7481] hci_le_meta_evt+0x34a/0x5f0 [ 476.631637][ T7481] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 476.631663][ T7481] hci_event_packet+0x682/0x11c0 [ 476.631686][ T7481] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 476.631711][ T7481] ? __pfx_hci_event_packet+0x10/0x10 [ 476.631736][ T7481] ? kcov_remote_start+0x374/0x660 [ 476.631754][ T7481] ? lockdep_hardirqs_on+0x78/0x100 [ 476.631783][ T7481] hci_rx_work+0x451/0xfc0 [ 476.631810][ T7481] process_one_work+0x9c2/0x1840 [ 476.631847][ T7481] ? __pfx_process_one_work+0x10/0x10 [ 476.631881][ T7481] ? assign_work+0x19c/0x250 [ 476.631909][ T7481] worker_thread+0x5da/0xe40 [ 476.631945][ T7481] ? kthread+0x17d/0x730 [ 476.631968][ T7481] ? __pfx_worker_thread+0x10/0x10 [ 476.631994][ T7481] kthread+0x3b3/0x730 [ 476.632020][ T7481] ? __pfx_kthread+0x10/0x10 [ 476.632043][ T7481] ? ret_from_fork+0x79/0xaf0 [ 476.632059][ T7481] ? ret_from_fork+0x79/0xaf0 [ 476.632076][ T7481] ? rcu_is_watching+0x12/0xc0 [ 476.632093][ T7481] ? __pfx_kthread+0x10/0x10 [ 476.632119][ T7481] ret_from_fork+0x754/0xaf0 [ 476.632137][ T7481] ? __pfx_ret_from_fork+0x10/0x10 [ 476.632154][ T7481] ? rcu_is_watching+0x12/0xc0 [ 476.632171][ T7481] ? __switch_to+0x7b9/0x10c0 [ 476.632194][ T7481] ? __pfx_kthread+0x10/0x10 [ 476.632220][ T7481] ret_from_fork_asm+0x1a/0x30 [ 476.632258][ T7481] [ 476.979568][ T7481] kobject: kobject_add_internal failed for hci0:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 476.995512][ T7481] Bluetooth: hci0: failed to register connection device [ 477.159678][ T30] audit: type=1800 audit(1769897293.250:8): pid=13011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1629" name="dbroot" dev="configfs" ino=50574 res=0 errno=0 [ 477.975586][T13027] zswap: compressor not available [ 478.244730][T13032] vhci_hcd vhci_hcd.2: invalid port number 16 [ 478.250877][T13032] vhci_hcd vhci_hcd.2: invalid port number 16 [ 478.503864][T13039] vhci_hcd vhci_hcd.2: invalid port number 16 [ 478.541305][T13039] vhci_hcd vhci_hcd.2: invalid port number 16 [ 478.720356][ T7481] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 479.115383][ T30] audit: type=1800 audit(1769897295.210:9): pid=13043 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1645" name="dbroot" dev="configfs" ino=50858 res=0 errno=0 [ 481.448424][T13095] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1647'. [ 481.640928][T13100] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1648'. [ 481.705353][T13095] veth0_macvtap: left promiscuous mode [ 481.774715][T13095] macvtap0: entered promiscuous mode [ 481.797193][T13095] macvtap0: entered allmulticast mode [ 483.267063][T13111] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1649'. [ 483.590593][T13122] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1652'. [ 485.379563][T13141] blktrace: Concurrent blktraces are not allowed on loop2 [ 485.533222][T13144] ptp ptp0: new virtual clock ptp1 [ 485.582476][T13144] ptp ptp0: guarantee physical clock free running [ 485.589419][T13142] ptp ptp0: delete virtual clock ptp1 [ 485.657894][T13142] ptp ptp0: only physical clock in use now [ 485.840638][T13151] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1659'. [ 486.800751][T13165] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1661'. [ 487.018566][T13170] vhci_hcd vhci_hcd.2: invalid port number 16 [ 487.063774][T13170] vhci_hcd vhci_hcd.2: invalid port number 16 [ 489.221996][T13185] zswap: compressor not available [ 489.883585][T13198] FAULT_INJECTION: forcing a failure. [ 489.883585][T13198] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 489.953132][T13198] CPU: 0 UID: 0 PID: 13198 Comm: syz.0.1679 Tainted: G L syzkaller #0 PREEMPT(full) [ 489.953164][T13198] Tainted: [L]=SOFTLOCKUP [ 489.953171][T13198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 489.953182][T13198] Call Trace: [ 489.953188][T13198] [ 489.953195][T13198] dump_stack_lvl+0x100/0x190 [ 489.953222][T13198] should_fail_ex.cold+0x5/0xa [ 489.953251][T13198] _copy_from_user+0x2e/0xd0 [ 489.953281][T13198] get_bitmap+0x6d/0x110 [ 489.953304][T13198] get_nodes+0x1df/0x210 [ 489.953326][T13198] ? __pfx_get_nodes+0x10/0x10 [ 489.953355][T13198] kernel_migrate_pages+0xf2/0x700 [ 489.953382][T13198] ? __pfx_kernel_migrate_pages+0x10/0x10 [ 489.953415][T13198] __x64_sys_migrate_pages+0x96/0x100 [ 489.953442][T13198] ? lockdep_hardirqs_on+0x78/0x100 [ 489.953464][T13198] do_syscall_64+0xc9/0xf80 [ 489.953487][T13198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 489.953505][T13198] RIP: 0033:0x7f4ba079aeb9 [ 489.953520][T13198] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 489.953538][T13198] RSP: 002b:00007f4ba16e7028 EFLAGS: 00000246 ORIG_RAX: 0000000000000100 [ 489.953557][T13198] RAX: ffffffffffffffda RBX: 00007f4ba0a15fa0 RCX: 00007f4ba079aeb9 [ 489.953569][T13198] RDX: 0000000000000000 RSI: 0000000000000099 RDI: 0000000000000000 [ 489.953579][T13198] RBP: 00007f4ba0808c1f R08: 0000000000000000 R09: 0000000000000000 [ 489.953596][T13198] R10: 00002000000001c0 R11: 0000000000000246 R12: 0000000000000000 [ 489.953607][T13198] R13: 00007f4ba0a16038 R14: 00007f4ba0a15fa0 R15: 00007ffe79d6aba8 [ 489.953629][T13198] [ 490.997888][T13211] ovs_: entered promiscuous mode [ 490.998721][T13212] netlink: 4704 bytes leftover after parsing attributes in process `syz.4.1673'. [ 491.597854][T13225] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1677'. [ 491.642739][T13225] veth0_macvtap: left promiscuous mode [ 491.681520][T13225] macvtap0: entered promiscuous mode [ 491.686887][T13225] macvtap0: entered allmulticast mode [ 491.737236][T13230] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 491.756913][T13230] overlayfs: "check_copy_up" module option is obsolete [ 491.777695][ T7481] Bluetooth: hci3: unexpected event 0x3e length: 0 < 1 [ 492.823988][T13253] netlink: del zone limit has 8 unknown bytes [ 494.373493][T13281] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 494.379577][T13281] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 494.427539][T13281] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 494.485181][T13281] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 494.503282][T13281] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 494.549691][T13286] futex_wake_op: syz.5.1690 tries to shift op by -2048; fix this program [ 494.552475][T13281] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 494.740088][T13281] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 494.758745][T13281] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 494.820219][T13281] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 495.004185][T13281] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 495.219144][T13281] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 495.276787][T13281] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 495.352088][T13281] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 495.766632][T13312] ptp ptp0: new virtual clock ptp1 [ 495.795278][T13312] ptp ptp0: guarantee physical clock free running [ 495.871576][T13312] ptp ptp0: delete virtual clock ptp1 [ 495.965297][T13312] ptp ptp0: only physical clock in use now [ 496.151371][T13320] netlink: 186 bytes leftover after parsing attributes in process `syz.0.1699'. [ 496.441442][ T7481] Bluetooth: hci0: command 0x0c1a tx timeout [ 496.521410][ T7481] Bluetooth: hci3: command 0x0c1a tx timeout [ 496.527548][T11111] Bluetooth: hci1: command 0x0c1a tx timeout [ 496.610956][T13325] netlink: 'syz.1.1701': attribute type 1 has an invalid length. [ 496.772409][T11111] Bluetooth: hci4: command 0x0c1a tx timeout [ 496.779543][ T7481] Bluetooth: hci2: command 0x0c1a tx timeout [ 497.241692][T11111] Bluetooth: hci5: command 0x0c1a tx timeout [ 497.559880][T13341] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 497.638344][T13348] futex_wake_op: syz.4.1706 tries to shift op by -2048; fix this program [ 497.647707][T13341] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 497.673604][T13341] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 497.737802][T13341] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 497.789141][T13341] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 497.860249][T13341] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 498.780922][T13360] page: refcount:4 mapcount:3 mapping:0000000000000000 index:0x7f004e5d3 pfn:0x78000 [ 498.854902][T13360] flags: 0xfff18000000214(referenced|dirty|workingset|node=0|zone=1|lastcpupid=0x7ff) [ 498.881468][T13360] raw: 00fff18000000214 0000000000000000 dead000000000122 0000000000000000 [ 498.901243][T13360] raw: 00000007f004e5d3 0000000000000000 0000000400000002 0000000000000000 [ 498.945496][T13360] page dumped because: unmovable page [ 499.007828][T13360] page_owner tracks the page as allocated [ 499.059405][T13360] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x29c2(GFP_NOWAIT|__GFP_HIGHMEM|__GFP_IO|__GFP_FS|__GFP_ZERO), pid 5819, tgid 5819 (syz-executor), ts 92758054086, free_ts 92500227407 [ 499.114353][T13360] post_alloc_hook+0x1e1/0x250 [ 499.134785][T13360] get_page_from_freelist+0xe3d/0x2e10 [ 499.159119][T13360] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 499.254613][T13360] alloc_pages_mpol+0x1fb/0x550 [ 499.279039][T13360] alloc_pages_noprof+0x131/0x390 [ 499.310490][T13360] __vmalloc_node_range_noprof+0xe5c/0x1530 [ 499.345202][T13360] vmalloc_user_noprof+0x9e/0xe0 [ 499.381195][T13360] kcov_ioctl+0x4c/0x720 [ 499.405193][T13360] __x64_sys_ioctl+0x18e/0x210 [ 499.472176][T13360] do_syscall_64+0xc9/0xf80 [ 499.522700][T13360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.561729][T11111] Bluetooth: hci0: command 0x0c1a tx timeout [ 499.603360][T13360] page last free pid 5811 tgid 5811 stack trace: [ 499.681294][T13360] free_unref_folios+0xb2a/0x1760 [ 499.686416][T13360] folios_put_refs+0x53c/0x840 [ 499.721781][T11111] Bluetooth: hci3: command 0x0c1a tx timeout [ 499.727909][ T7481] Bluetooth: hci1: command 0x0c1a tx timeout [ 499.775640][T13360] free_pages_and_swap_cache+0x242/0x480 [ 499.801711][ T7481] Bluetooth: hci4: command 0x0c1a tx timeout [ 499.807909][T11111] Bluetooth: hci2: command 0x0c1a tx timeout [ 499.839253][T13360] __tlb_batch_free_encoded_pages+0xe9/0x280 [ 499.929654][ T7481] Bluetooth: hci5: command 0x0c1a tx timeout [ 499.980991][T13360] tlb_finish_mmu+0x1b0/0x810 [ 500.041428][T13360] vms_clear_ptes+0x55c/0x790 [ 500.114066][T13360] vms_complete_munmap_vmas+0x1cf/0x970 [ 500.119804][T13360] do_vmi_align_munmap+0x44f/0x5f0 [ 500.271262][T13360] do_vmi_munmap+0x1f8/0x3e0 [ 500.275954][T13360] __vm_munmap+0x196/0x390 [ 500.280964][T13360] __x64_sys_munmap+0x59/0x80 [ 500.351489][T13360] do_syscall_64+0xc9/0xf80 [ 500.356099][T13360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 501.647690][ T7481] Bluetooth: hci0: command 0x0c1a tx timeout [ 501.885354][ T7481] Bluetooth: hci4: command 0x0c1a tx timeout [ 501.961279][ T7481] Bluetooth: hci5: command 0x0c1a tx timeout [ 503.217754][T13454] __vm_enough_memory: pid: 13454, comm: syz.1.1729, bytes: 4398046511104 not enough memory for the allocation [ 503.566846][T13464] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 503.584776][T13467] overlayfs: "check_copy_up" module option is obsolete [ 503.748378][ T7481] Bluetooth: hci5: unexpected event 0x3e length: 0 < 1 [ 504.602395][T13480] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1733'. [ 506.025421][T13486] No such timeout policy "" [ 506.030297][T13486] netlink: Failed to associated timeout policy '' [ 506.847822][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 506.854217][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 507.103786][ T7808] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.437355][T11111] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 507.447061][T11111] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 507.465052][T11111] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 507.485470][ T7497] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 507.532949][ T7497] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 507.588510][ T7808] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.931717][ T7808] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.240427][ T7808] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.809071][ T7808] bridge_slave_1: left allmulticast mode [ 508.858175][ T7808] bridge_slave_1: left promiscuous mode [ 508.899769][ T7808] bridge0: port 2(bridge_slave_1) entered disabled state [ 508.986286][ T7808] bridge_slave_0: left allmulticast mode [ 509.031769][ T7808] bridge_slave_0: left promiscuous mode [ 509.040114][ T7808] bridge0: port 1(bridge_slave_0) entered disabled state [ 509.333487][T13531] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1744'. [ 509.643824][ T7497] Bluetooth: hci0: command tx timeout [ 509.644584][T13532] zram: Added device: zram3 [ 509.958622][T13520] kexec: Could not allocate control_code_buffer [ 510.089564][ T7808] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 510.123575][ T7808] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 510.137089][ T7808] bond0 (unregistering): Released all slaves [ 510.243735][T13510] chnl_net:caif_netlink_parms(): no params data found [ 511.028699][T13510] bridge0: port 1(bridge_slave_0) entered blocking state [ 511.044101][T13510] bridge0: port 1(bridge_slave_0) entered disabled state [ 511.078179][T13510] bridge_slave_0: entered allmulticast mode [ 511.130103][T13510] bridge_slave_0: entered promiscuous mode [ 511.315429][T13510] bridge0: port 2(bridge_slave_1) entered blocking state [ 511.332596][T13510] bridge0: port 2(bridge_slave_1) entered disabled state [ 511.352067][T13510] bridge_slave_1: entered allmulticast mode [ 511.370506][T13510] bridge_slave_1: entered promiscuous mode [ 511.615009][T13510] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 511.651059][T13510] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 511.731612][ T7497] Bluetooth: hci0: command tx timeout [ 511.938092][T13510] team0: Port device team_slave_0 added [ 512.056736][T13571] netlink: 302 bytes leftover after parsing attributes in process `syz.1.1757'. [ 512.079096][T13576] device-mapper: ioctl: ioctl interface mismatch: kernel(4.50.0), user(0.0.0), cmd(16) [ 512.081271][T13510] team0: Port device team_slave_1 added [ 512.092080][T13576] device-mapper: ioctl: Invalid data size in the ioctl structure: 0 [ 512.373685][T13584] delete_channel: no stack [ 512.463122][T13510] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 512.474530][T13510] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 512.502876][T13587] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1752'. [ 512.508701][T13510] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 512.582516][ T7808] hsr_slave_0: left promiscuous mode [ 512.597244][ T7808] hsr_slave_1: left promiscuous mode [ 512.623114][ T7808] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 512.649148][ T7808] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 512.675945][ T7808] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 512.694056][ T7808] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 512.718909][ T7808] veth1_macvtap: left allmulticast mode [ 512.746785][ T7808] veth1_macvtap: left promiscuous mode [ 512.766379][ T7808] veth0_macvtap: left promiscuous mode [ 512.791435][ T7808] veth1_vlan: left promiscuous mode [ 512.812230][ T7808] veth0_vlan: left promiscuous mode [ 513.801755][ T7497] Bluetooth: hci0: command tx timeout [ 514.087059][ T7808] team0 (unregistering): Port device team_slave_1 removed [ 514.165782][ T7808] team0 (unregistering): Port device team_slave_0 removed [ 515.329559][T13510] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 515.336688][T13510] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 515.371671][T13510] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 515.663049][T13510] hsr_slave_0: entered promiscuous mode [ 515.682786][T13510] hsr_slave_1: entered promiscuous mode [ 515.694264][T13510] debugfs: 'hsr0' already exists in 'hsr' [ 515.705390][T13510] Cannot create hsr debugfs directory [ 515.882851][ T7497] Bluetooth: hci0: command tx timeout [ 516.281530][T13633] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1760'. [ 517.667939][T13654] netlink: 302 bytes leftover after parsing attributes in process `syz.5.1761'. [ 518.340999][T13510] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 518.404064][T13510] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 518.438071][T13510] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 518.501781][T13658] No such timeout policy "" [ 518.505935][T13510] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 518.594483][T13658] netlink: Failed to associated timeout policy '' [ 519.377609][T13510] 8021q: adding VLAN 0 to HW filter on device bond0 [ 519.566872][T13510] 8021q: adding VLAN 0 to HW filter on device team0 [ 519.594966][T13694] binder: 13693:13694 ioctl 5380 2000000000c0 returned -22 [ 519.636833][T13694] sd 0:0:1:0: PR command failed: 1026 [ 519.657839][T13694] sd 0:0:1:0: Sense Key : Illegal Request [current] [ 519.680531][T13694] sd 0:0:1:0: Add. Sense: Invalid command operation code [ 519.749492][T10581] bridge0: port 1(bridge_slave_0) entered blocking state [ 519.756778][T10581] bridge0: port 1(bridge_slave_0) entered forwarding state [ 519.784461][T10581] bridge0: port 2(bridge_slave_1) entered blocking state [ 519.792195][T10581] bridge0: port 2(bridge_slave_1) entered forwarding state [ 521.269156][T13510] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 521.444449][T13510] veth0_vlan: entered promiscuous mode [ 521.499757][T13510] veth1_vlan: entered promiscuous mode [ 521.568260][T13723] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1771'. [ 521.654348][T13723] bond0: entered promiscuous mode [ 521.685425][T13723] bond_slave_0: entered promiscuous mode [ 521.719043][T13723] bond_slave_1: entered promiscuous mode [ 521.749023][T13723] bond0: entered allmulticast mode [ 521.761027][T13723] bond_slave_0: entered allmulticast mode [ 521.773292][T13723] bond_slave_1: entered allmulticast mode [ 521.815616][T13510] veth0_macvtap: entered promiscuous mode [ 521.904253][T13510] veth1_macvtap: entered promiscuous mode [ 521.982017][T13510] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 522.064041][T13510] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 522.431071][ T7753] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.450545][ T7753] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.502831][ T7753] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.541315][ T7753] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 522.757514][T13757] netlink: 186 bytes leftover after parsing attributes in process `syz.4.1775'. [ 523.131826][ T7753] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 523.168201][ T7753] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 523.348778][T10581] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 523.371578][T10581] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 523.662787][T13764] FAULT_INJECTION: forcing a failure. [ 523.662787][T13764] name failslab, interval 1, probability 0, space 0, times 0 [ 523.710817][T13764] CPU: 1 UID: 0 PID: 13764 Comm: syz.4.1776 Tainted: G L syzkaller #0 PREEMPT(full) [ 523.710863][T13764] Tainted: [L]=SOFTLOCKUP [ 523.710873][T13764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 523.710890][T13764] Call Trace: [ 523.710899][T13764] [ 523.710910][T13764] dump_stack_lvl+0x100/0x190 [ 523.710952][T13764] should_fail_ex.cold+0x5/0xa [ 523.711000][T13764] should_failslab+0xc2/0x120 [ 523.711040][T13764] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 523.711068][T13764] __kmalloc_noprof+0xf6/0x9c0 [ 523.711115][T13764] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 523.711143][T13764] kernfs_fop_write_iter+0x26a/0x5f0 [ 523.711184][T13764] vfs_write+0x6ac/0x1070 [ 523.711216][T13764] ? __pfx_kernfs_fop_write_iter+0x10/0x10 [ 523.711250][T13764] ? __pfx_vfs_write+0x10/0x10 [ 523.711278][T13764] ? find_held_lock+0x2b/0x80 [ 523.711331][T13764] ksys_write+0x12a/0x250 [ 523.711364][T13764] ? __pfx_ksys_write+0x10/0x10 [ 523.711419][T13764] do_syscall_64+0xc9/0xf80 [ 523.711456][T13764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.711487][T13764] RIP: 0033:0x7f133dd9aeb9 [ 523.711511][T13764] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 523.711538][T13764] RSP: 002b:00007f133ec58028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 523.711566][T13764] RAX: ffffffffffffffda RBX: 00007f133e015fa0 RCX: 00007f133dd9aeb9 [ 523.711586][T13764] RDX: 0000000000000001 RSI: 0000200000000100 RDI: 0000000000000003 [ 523.711604][T13764] RBP: 00007f133ec58090 R08: 0000000000000000 R09: 0000000000000000 [ 523.711621][T13764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 523.711638][T13764] R13: 00007f133e016038 R14: 00007f133e015fa0 R15: 00007ffe83313088 [ 523.711680][T13764] [ 524.179794][T13777] zram: Can't change algorithm for initialized device [ 525.122771][T13803] netlink: 'syz.1.1779': attribute type 2 has an invalid length. [ 526.793923][T13829] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1785'. [ 527.887738][T13851] zram: Can't change algorithm for initialized device [ 528.274257][T13868] netlink: 'syz.4.1796': attribute type 2 has an invalid length. [ 529.843700][T13891] netlink: 186 bytes leftover after parsing attributes in process `syz.5.1800'. [ 529.862340][T13895] ptrace attach of "./syz-executor exec"[11729] was attempted by "./syz-executor exec"[13895] [ 530.392453][T13898] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 530.398632][T13898] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 530.473429][T13898] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 530.530442][T13898] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 530.567431][T13898] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 530.621783][T13898] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 530.627827][T13898] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 530.685372][T13898] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 530.770333][T13907] netlink: 'syz.0.1805': attribute type 4 has an invalid length. [ 531.153619][T13918] zram: Can't change algorithm for initialized device [ 532.459295][ T7497] Bluetooth: hci3: command 0x0c1a tx timeout [ 532.465607][ T7497] Bluetooth: hci1: command 0x0c1a tx timeout [ 532.521536][ T7481] Bluetooth: hci2: command 0x0c1a tx timeout [ 532.601701][ T7497] Bluetooth: hci4: command 0x0c1a tx timeout [ 532.609340][ T7481] Bluetooth: hci5: command 0x0c1a tx timeout [ 532.681351][ T7481] Bluetooth: hci0: command 0x0c1a tx timeout [ 534.762724][ T7481] Bluetooth: hci0: command 0x0c1a tx timeout [ 535.551799][T14039] netlink: 186 bytes leftover after parsing attributes in process `syz.1.1823'. [ 536.274829][T14047] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input20 [ 536.504216][T14062] FAULT_INJECTION: forcing a failure. [ 536.504216][T14062] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 536.556582][T14062] CPU: 0 UID: 0 PID: 14062 Comm: syz.5.1829 Tainted: G L syzkaller #0 PREEMPT(full) [ 536.556626][T14062] Tainted: [L]=SOFTLOCKUP [ 536.556636][T14062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 536.556652][T14062] Call Trace: [ 536.556662][T14062] [ 536.556672][T14062] dump_stack_lvl+0x100/0x190 [ 536.556711][T14062] should_fail_ex.cold+0x5/0xa [ 536.556756][T14062] _copy_from_user+0x2e/0xd0 [ 536.556800][T14062] user_termio_to_kernel_termios+0x97/0x250 [ 536.556837][T14062] ? __pfx_user_termio_to_kernel_termios+0x10/0x10 [ 536.556874][T14062] ? set_termios+0x1e1/0x880 [ 536.556915][T14062] set_termios+0x5b3/0x880 [ 536.556952][T14062] ? __pfx_set_termios+0x10/0x10 [ 536.556985][T14062] ? __lock_acquire+0x4a5/0x2630 [ 536.557054][T14062] tty_mode_ioctl+0x7fd/0xd40 [ 536.557102][T14062] ? __pfx_tty_mode_ioctl+0x10/0x10 [ 536.557148][T14062] ? __pfx___ldsem_down_read_nested+0x10/0x10 [ 536.557188][T14062] ? __pfx_n_tty_ioctl+0x10/0x10 [ 536.557212][T14062] n_tty_ioctl_helper+0x47/0x2b0 [ 536.557250][T14062] n_tty_ioctl+0x53/0x370 [ 536.557281][T14062] ? __pfx_n_tty_ioctl+0x10/0x10 [ 536.557305][T14062] tty_ioctl+0x1204/0x1690 [ 536.557348][T14062] ? __pfx_tty_ioctl+0x10/0x10 [ 536.557403][T14062] ? find_held_lock+0x2b/0x80 [ 536.557429][T14062] ? hook_file_ioctl_common+0x146/0x410 [ 536.557478][T14062] ? __fget_files+0x21f/0x3d0 [ 536.557513][T14062] ? __pfx_tty_ioctl+0x10/0x10 [ 536.557553][T14062] __x64_sys_ioctl+0x18e/0x210 [ 536.557599][T14062] do_syscall_64+0xc9/0xf80 [ 536.557635][T14062] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.557661][T14062] RIP: 0033:0x7fc39039aeb9 [ 536.557683][T14062] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 536.557708][T14062] RSP: 002b:00007fc3911ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 536.557735][T14062] RAX: ffffffffffffffda RBX: 00007fc390615fa0 RCX: 00007fc39039aeb9 [ 536.557753][T14062] RDX: 0000000000000000 RSI: 0000000000005408 RDI: 0000000000000006 [ 536.557769][T14062] RBP: 00007fc3911ca090 R08: 0000000000000000 R09: 0000000000000000 [ 536.557785][T14062] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 536.557802][T14062] R13: 00007fc390616038 R14: 00007fc390615fa0 R15: 00007ffceda44048 [ 536.557840][T14062] [ 536.846507][ T7481] Bluetooth: hci0: command 0x0c1a tx timeout [ 537.211675][T14077] futex_wake_op: syz.4.1830 tries to shift op by -2048; fix this program [ 538.480801][T14092] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 539.400727][T14108] ubi0: attaching mtd0 [ 539.415499][T14108] ubi0: scanning is finished [ 539.481477][ T31] INFO: task syz.3.1284:11505 blocked for more than 143 seconds. [ 539.497178][ T31] Tainted: G L syzkaller #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 539.562461][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 539.601720][T14108] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 539.621556][ T31] task:syz.3.1284 state:D stack:24504 pid:11505 tgid:11501 ppid:5827 task_flags:0x400140 flags:0x00080002 [ 539.633840][T14108] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 539.661324][T14108] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 539.671199][ T31] Call Trace: [ 539.681219][ T31] [ 539.688891][T14108] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 539.699017][ T31] ? __schedule+0xf65/0x5e10 [ 539.721267][ T31] __schedule+0xfe4/0x5e10 [ 539.725775][ T31] ? __lock_acquire+0x4a5/0x2630 [ 539.761472][ T31] ? __pfx___schedule+0x10/0x10 [ 539.771198][T14108] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 539.771756][ T31] ? find_held_lock+0x2b/0x80 [ 539.814131][ T31] ? schedule+0x2bf/0x390 [ 539.826808][ T31] schedule+0xdd/0x390 [ 539.843777][ T31] schedule_preempt_disabled+0x13/0x30 [ 539.891212][ T31] __mutex_lock+0xc9a/0x1b90 [ 539.921290][T14108] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 539.941287][T14108] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 263946547 [ 539.962024][ T31] ? nfsd_nl_threads_set_doit+0x687/0xbc0 [ 539.969058][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 540.021002][T14108] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 540.041168][ T31] ? net_generic+0xea/0x2a0 [ 540.045885][ T31] ? net_generic+0xea/0x2a0 [ 540.050446][ T31] ? nfsd_nl_threads_set_doit+0x687/0xbc0 [ 540.131173][ T31] nfsd_nl_threads_set_doit+0x687/0xbc0 [ 540.136807][ T31] genl_family_rcv_msg_doit+0x214/0x300 [ 540.147850][T14109] ubi0: detaching mtd0 [ 540.160495][T14112] ubi0: background thread "ubi_bgt0d" started, PID 14112 [ 540.165369][ T31] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 540.191216][ T31] ? genl_get_cmd+0x3ef/0x720 [ 540.196409][ T31] ? bpf_lsm_capable+0x9/0x10 [ 540.221278][ T31] ? security_capable+0x80/0x260 [ 540.226403][ T31] genl_rcv_msg+0x560/0x800 [ 540.230954][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 540.238233][T14109] ubi0: mtd0 is detached [ 540.261217][ T31] ? __pfx_nfsd_nl_threads_set_doit+0x10/0x10 [ 540.267461][ T31] netlink_rcv_skb+0x159/0x420 [ 540.301242][ T31] ? __pfx_genl_rcv_msg+0x10/0x10 [ 540.306350][ T31] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 540.321191][ T31] ? netlink_deliver_tap+0x1ae/0xcc0 [ 540.326581][ T31] genl_rcv+0x28/0x40 [ 540.330616][ T31] netlink_unicast+0x5aa/0x870 [ 540.371430][ T31] ? __pfx_netlink_unicast+0x10/0x10 [ 540.378511][ T31] netlink_sendmsg+0x8b0/0xda0 [ 540.401210][ T31] ? __pfx_netlink_sendmsg+0x10/0x10 [ 540.406689][ T31] ? __import_iovec+0x1d2/0x640 [ 540.421512][ T31] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 540.427272][ T31] ____sys_sendmsg+0xa54/0xc30 [ 540.441891][ T31] ? __pfx_____sys_sendmsg+0x10/0x10 [ 540.447276][ T31] ? __pfx___futex_wait+0x10/0x10 [ 540.471228][ T31] ? __pfx_futex_wake_mark+0x10/0x10 [ 540.477935][ T31] ___sys_sendmsg+0x190/0x1e0 [ 540.491203][ T31] ? __pfx____sys_sendmsg+0x10/0x10 [ 540.496508][ T31] ? find_held_lock+0x2b/0x80 [ 540.511573][ T31] __sys_sendmsg+0x170/0x220 [ 540.516251][ T31] ? __pfx___sys_sendmsg+0x10/0x10 [ 540.531848][ T31] ? __x64_sys_futex+0x34f/0x4d0 [ 540.536887][ T31] do_syscall_64+0xc9/0xf80 [ 540.551561][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 540.557517][ T31] RIP: 0033:0x7f487939aeb9 [ 540.571557][ T31] RSP: 002b:00007f487a1b5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 540.581773][ T31] RAX: ffffffffffffffda RBX: 00007f4879616180 RCX: 00007f487939aeb9 [ 540.590457][ T31] RDX: 0000000000004000 RSI: 0000200000000480 RDI: 0000000000000005 [ 540.599421][ T31] RBP: 00007f4879408c1f R08: 0000000000000000 R09: 0000000000000000 [ 540.608030][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 540.616405][ T31] R13: 00007f4879616218 R14: 00007f4879616180 R15: 00007fffd1032878 [ 540.624700][ T31] [ 540.627850][ T31] [ 540.627850][ T31] Showing all locks held in the system: [ 540.642404][ T31] 1 lock held by khungtaskd/31: [ 540.647401][ T31] #0: ffffffff8e5e3120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 540.691501][ T31] 3 locks held by kworker/1:3/5868: [ 540.696769][ T31] #0: ffff88813fe15948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 540.751499][ T31] #1: ffffc9000ae1fc98 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 540.771204][ T31] #2: ffffffff8e5ef7c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 540.791206][ T31] 3 locks held by kworker/0:4/5875: [ 540.796753][ T31] #0: ffff88813fe15948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 540.841170][ T31] #1: ffffc9000aed7c98 (free_ipc_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 540.850980][ T31] #2: ffffffff8e5ef8f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x19e/0x3c0 [ 540.911217][ T31] 4 locks held by kworker/u10:3/7487: [ 540.916649][ T31] #0: ffff88801c29f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 540.951244][ T31] #1: ffffc9000b0b7c98 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 540.971472][ T31] #2: ffffffff903dcef0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xab/0x830 [ 540.980886][ T31] #3: ffffffff8e5ef7c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 541.011164][ T31] 2 locks held by syz.1.499/8010: [ 541.016505][ T31] #0: ffff88806128a0e0 (&type->s_umount_key#55){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 541.041192][ T31] #1: ffffffff8ea472a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 541.050899][ T31] 5 locks held by kworker/u10:26/10586: [ 541.071546][ T31] 2 locks held by syz.2.1282/11497: [ 541.076796][ T31] #0: ffffffff904a2690 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 541.101256][ T31] #1: ffffffff8ea472a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0 [ 541.122499][ T31] 2 locks held by syz.3.1284/11505: [ 541.127749][ T31] #0: ffffffff904a2690 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 541.161186][ T31] #1: ffffffff8ea472a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0 [ 541.181433][ T31] 2 locks held by getty/13699: [ 541.186251][ T31] #0: ffff88814d5a50a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 541.221225][ T31] #1: ffffc9000455b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 541.232742][ T31] 2 locks held by syz.0.1839/14113: [ 541.238010][ T31] [ 541.251271][ T31] ============================================= [ 541.251271][ T31] [ 541.259754][ T31] NMI backtrace for cpu 1 [ 541.259781][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 541.259821][ T31] Tainted: [L]=SOFTLOCKUP [ 541.259831][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 541.259847][ T31] Call Trace: [ 541.259857][ T31] [ 541.259869][ T31] dump_stack_lvl+0x100/0x190 [ 541.259909][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 541.259947][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 541.260011][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 541.260059][ T31] sys_info+0x141/0x190 [ 541.260097][ T31] watchdog+0xcc3/0xfe0 [ 541.260138][ T31] ? __pfx_watchdog+0x10/0x10 [ 541.260170][ T31] ? __kthread_parkme+0x18c/0x230 [ 541.260205][ T31] ? __pfx_watchdog+0x10/0x10 [ 541.260236][ T31] ? __pfx_watchdog+0x10/0x10 [ 541.260263][ T31] kthread+0x3b3/0x730 [ 541.260311][ T31] ? __pfx_kthread+0x10/0x10 [ 541.260347][ T31] ? ret_from_fork+0x79/0xaf0 [ 541.260372][ T31] ? ret_from_fork+0x79/0xaf0 [ 541.260398][ T31] ? rcu_is_watching+0x12/0xc0 [ 541.260426][ T31] ? __pfx_kthread+0x10/0x10 [ 541.260465][ T31] ret_from_fork+0x754/0xaf0 [ 541.260493][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 541.260524][ T31] ? __switch_to+0x7b9/0x10c0 [ 541.260559][ T31] ? __pfx_kthread+0x10/0x10 [ 541.260600][ T31] ret_from_fork_asm+0x1a/0x30 [ 541.260660][ T31] [ 541.260674][ T31] Sending NMI from CPU 1 to CPUs 0: [ 541.411200][ C0] NMI backtrace for cpu 0 [ 541.411223][ C0] CPU: 0 UID: 0 PID: 14113 Comm: syz.0.1839 Tainted: G L syzkaller #0 PREEMPT(full) [ 541.411256][ C0] Tainted: [L]=SOFTLOCKUP [ 541.411264][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 541.411277][ C0] RIP: 0010:kasan_save_track+0x27/0x30 [ 541.411318][ C0] Code: 90 90 90 0f 1f 40 d6 53 48 89 fb 89 f7 be 01 00 00 00 e8 5c ff ff ff 65 48 8b 15 ec 5c 74 11 8b 92 18 06 00 00 89 43 04 89 13 <5b> c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 541.411339][ C0] RSP: 0018:ffffc90000007958 EFLAGS: 00000282 [ 541.411359][ C0] RAX: 00000000004a0264 RBX: ffff88804b64bd70 RCX: ffff88805fdec250 [ 541.411374][ C0] RDX: 0000000000003721 RSI: 00000000fa2e064b RDI: 0000000000000002 [ 541.411388][ C0] RBP: 0000000000000001 R08: 0000000000102410 R09: 0000000095a10241 [ 541.411402][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: ffff88801f2ef000 [ 541.411415][ C0] R13: 0000000000000820 R14: 0000000000000001 R15: 00000000ffffffff [ 541.411429][ C0] FS: 00007f66d52346c0(0000) GS:ffff8881245e3000(0000) knlGS:0000000000000000 [ 541.411453][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 541.411468][ C0] CR2: 0000000000401000 CR3: 000000003297a000 CR4: 00000000003526f0 [ 541.411482][ C0] Call Trace: [ 541.411490][ C0] [ 541.411499][ C0] __kasan_slab_alloc+0x89/0x90 [ 541.411527][ C0] kmem_cache_alloc_node_noprof+0x303/0x880 [ 541.411557][ C0] ? __alloc_skb+0x156/0x410 [ 541.411584][ C0] ? mark_held_locks+0x40/0x70 [ 541.411614][ C0] ? __alloc_skb+0x156/0x410 [ 541.411639][ C0] __alloc_skb+0x156/0x410 [ 541.411673][ C0] ? __alloc_skb+0x35d/0x410 [ 541.411700][ C0] ? __pfx___alloc_skb+0x10/0x10 [ 541.411729][ C0] ? do_raw_spin_lock+0x128/0x260 [ 541.411770][ C0] skb_copy+0x1ca/0x3a0 [ 541.411810][ C0] mac80211_hwsim_tx_frame_no_nl.isra.0+0xbf6/0x1370 [ 541.411845][ C0] ? lock_acquire+0x17c/0x330 [ 541.411871][ C0] ? __pfx_mac80211_hwsim_tx_frame_no_nl.isra.0+0x10/0x10 [ 541.411904][ C0] ? mark_held_locks+0x40/0x70 [ 541.411932][ C0] ? read_tsc+0x9/0x20 [ 541.411958][ C0] ? mac80211_hwsim_monitor_rx+0x1f1/0x8b0 [ 541.411985][ C0] mac80211_hwsim_tx_frame+0x1f6/0x2a0 [ 541.412015][ C0] mac80211_hwsim_beacon_tx+0x57e/0xa00 [ 541.412049][ C0] __iterate_interfaces+0x2e6/0x650 [ 541.412079][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 541.412111][ C0] ? __pfx_mac80211_hwsim_beacon_tx+0x10/0x10 [ 541.412141][ C0] ieee80211_iterate_active_interfaces_atomic+0x71/0x1b0 [ 541.412174][ C0] mac80211_hwsim_beacon+0x105/0x1b0 [ 541.412198][ C0] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 541.412222][ C0] __hrtimer_run_queues+0x516/0x990 [ 541.412257][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 541.412288][ C0] ? ktime_get_update_offsets_now+0x2cd/0x4d0 [ 541.412327][ C0] hrtimer_run_softirq+0x17d/0x350 [ 541.412360][ C0] handle_softirqs+0x1ea/0x910 [ 541.412387][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 541.412415][ C0] __irq_exit_rcu+0xef/0x150 [ 541.412439][ C0] irq_exit_rcu+0x9/0x30 [ 541.412463][ C0] sysvec_apic_timer_interrupt+0xa3/0xc0 [ 541.412488][ C0] [ 541.412495][ C0] [ 541.412503][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 541.412526][ C0] RIP: 0010:smp_call_function_many_cond+0x57b/0x14a0 [ 541.412552][ C0] Code: 00 fc ff df 48 8b 54 24 10 49 89 d5 49 89 d4 49 c1 ed 03 41 83 e4 07 49 01 c5 41 83 c4 03 e8 ec 4f 0c 00 f3 90 41 0f b6 45 00 <41> 38 c4 7c 08 84 c0 0f 85 3f 0d 00 00 8b 45 08 31 ff 83 e0 01 41 [ 541.412572][ C0] RSP: 0018:ffffc90002e77760 EFLAGS: 00000246 [ 541.412588][ C0] RAX: 0000000000000000 RBX: 0000000000000001 RCX: ffffc9000c1bb000 [ 541.412602][ C0] RDX: 0000000000080000 RSI: ffffffff81f9fa94 RDI: ffff88802ba51e80 [ 541.412616][ C0] RBP: ffff8880b8540e00 R08: 0000000000000005 R09: 0000000000000000 [ 541.412630][ C0] R10: 0000000000000001 R11: 0000000000000000 R12: 0000000000000003 [ 541.412643][ C0] R13: ffffed10170a81c1 R14: 0000000000000001 R15: ffff8880b843c040 [ 541.412662][ C0] ? smp_call_function_many_cond+0x574/0x14a0 [ 541.412696][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 541.412720][ C0] ? find_held_lock+0x2b/0x80 [ 541.412741][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 541.412767][ C0] ? __lock_acquire+0x4a5/0x2630 [ 541.412794][ C0] ? is_bpf_text_address+0x94/0x1a0 [ 541.412827][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 541.412848][ C0] on_each_cpu_cond_mask+0x40/0x90 [ 541.412873][ C0] flush_tlb_mm_range+0x45f/0x1710 [ 541.412899][ C0] ? find_held_lock+0x2b/0x80 [ 541.412920][ C0] ? p4d_offset+0xb1/0xf0 [ 541.412943][ C0] ? free_pgd_range+0x2b5/0x11f0 [ 541.412970][ C0] ? __lock_acquire+0x4a5/0x2630 [ 541.412997][ C0] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 541.413022][ C0] tlb_finish_mmu+0x3fe/0x810 [ 541.413046][ C0] free_ldt_pgtables+0x151/0x1c0 [ 541.413070][ C0] ? __pfx_free_ldt_pgtables+0x10/0x10 [ 541.413092][ C0] ? __x64_sys_move_pages+0xe0/0x1c0 [ 541.413135][ C0] exit_mmap+0x121/0xae0 [ 541.413167][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 541.413201][ C0] ? rcu_is_watching+0x12/0xc0 [ 541.413222][ C0] ? kasan_quarantine_put+0x104/0x240 [ 541.413247][ C0] ? lockdep_hardirqs_on+0x78/0x100 [ 541.413280][ C0] __mmput+0x12a/0x410 [ 541.413312][ C0] mmput+0x67/0x80 [ 541.413336][ C0] kernel_move_pages+0xee0/0x13f0 [ 541.413369][ C0] ? do_futex+0x192/0x350 [ 541.413396][ C0] ? __pfx_do_futex+0x10/0x10 [ 541.413424][ C0] ? __pfx_kernel_move_pages+0x10/0x10 [ 541.413455][ C0] ? blkcg_maybe_throttle_current+0x5df/0xeb0 [ 541.413484][ C0] ? __x64_sys_futex+0x34f/0x4d0 [ 541.413511][ C0] ? __x64_sys_futex+0x358/0x4d0 [ 541.413539][ C0] ? __pfx_task_work_run+0x10/0x10 [ 541.413578][ C0] ? xfd_validate_state+0x129/0x190 [ 541.413612][ C0] __x64_sys_move_pages+0xe0/0x1c0 [ 541.413644][ C0] ? do_syscall_64+0x94/0xf80 [ 541.413668][ C0] ? lockdep_hardirqs_on+0x78/0x100 [ 541.413691][ C0] do_syscall_64+0xc9/0xf80 [ 541.413717][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.413739][ C0] RIP: 0033:0x7f66d439aeb9 [ 541.413757][ C0] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 541.413777][ C0] RSP: 002b:00007f66d5234028 EFLAGS: 00000246 ORIG_RAX: 0000000000000117 [ 541.413797][ C0] RAX: ffffffffffffffda RBX: 00007f66d4616090 RCX: 00007f66d439aeb9 [ 541.413811][ C0] RDX: 0000000000000000 RSI: 0002000000000003 RDI: 0000000000000001 [ 541.413824][ C0] RBP: 00007f66d4408c1f R08: 0000000000000000 R09: 8000400000000000 [ 541.413838][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 541.413851][ C0] R13: 00007f66d4616128 R14: 00007f66d4616090 R15: 00007fffe8001e48 [ 541.413874][ C0] [ 542.088341][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 542.095337][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 542.106026][ T31] Tainted: [L]=SOFTLOCKUP [ 542.110351][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 542.120406][ T31] Call Trace: [ 542.123689][ T31] [ 542.126621][ T31] dump_stack_lvl+0x100/0x190 [ 542.131336][ T31] vpanic+0x20d/0x630 [ 542.135344][ T31] panic+0xd1/0xd1 [ 542.139066][ T31] ? __pfx_panic+0x10/0x10 [ 542.143489][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 542.149659][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 542.155837][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 542.162024][ T31] ? watchdog.cold+0x198/0x1ca [ 542.166794][ T31] ? watchdog+0xcd3/0xfe0 [ 542.171137][ T31] watchdog.cold+0x1a9/0x1ca [ 542.175765][ T31] ? __pfx_watchdog+0x10/0x10 [ 542.180458][ T31] ? __kthread_parkme+0x18c/0x230 [ 542.185595][ T31] ? __pfx_watchdog+0x10/0x10 [ 542.190335][ T31] ? __pfx_watchdog+0x10/0x10 [ 542.195063][ T31] kthread+0x3b3/0x730 [ 542.199162][ T31] ? __pfx_kthread+0x10/0x10 [ 542.203760][ T31] ? ret_from_fork+0x79/0xaf0 [ 542.208440][ T31] ? ret_from_fork+0x79/0xaf0 [ 542.213119][ T31] ? rcu_is_watching+0x12/0xc0 [ 542.217893][ T31] ? __pfx_kthread+0x10/0x10 [ 542.222500][ T31] ret_from_fork+0x754/0xaf0 [ 542.227091][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 542.232216][ T31] ? __switch_to+0x7b9/0x10c0 [ 542.237029][ T31] ? __pfx_kthread+0x10/0x10 [ 542.241674][ T31] ret_from_fork_asm+0x1a/0x30 [ 542.246510][ T31] [ 542.249897][ T31] Kernel Offset: disabled [ 542.254237][ T31] Rebooting in 86400 seconds..