last executing test programs: 18m31.623031063s ago: executing program 1 (id=152): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) close_range$auto(0x2, 0x8, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'wlan1\x00', 0x0}) sendmsg$auto_NL80211_CMD_GET_INTERFACE(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)={0x1c, r2, 0xb01, 0x70bd27, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000050}, 0x240088e4) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) 18m31.496818434s ago: executing program 1 (id=154): mkdir$auto(&(0x7f0000000080)='./file0\x00', 0x7ff) r0 = open$dir(&(0x7f0000000000)='./file0\x00', 0x10000, 0x6) openat$auto(r0, &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x7ff) unlinkat$auto(r0, &(0x7f00000001c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000000)='./file0\x00', 0x10000, 0x6) openat$auto(r1, &(0x7f00000000c0)='./file0\x00', 0x7fff, 0x7ff) unlinkat$auto(r1, &(0x7f00000001c0)='./file0\x00', 0x0) rmdir$auto(&(0x7f0000000040)='./file0\x00') 18m31.270400057s ago: executing program 1 (id=155): close_range$auto(0x2, 0x8, 0x0) r0 = socketcall$auto(0x8000, 0x0) r1 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xe0180, 0x0) ioctl$auto_KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$auto(0x3, 0xae60, 0x10000000000402) ioctl$auto(0x3, 0xae41, r0) r2 = openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, &(0x7f000000c340)='/proc/thread-self/pagemap\x00', 0x8000, 0x0) ioctl$auto_PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f000000c380)={0x60, 0x1, 0x100000, 0x7fffffffefff, 0xfffffffffffffffe, 0x4, 0x20, 0x0, 0x2c, 0x2d, 0x7, 0x3}) 18m31.047391478s ago: executing program 1 (id=158): close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x3, 0x6) lsm_list_modules$auto(0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x401c5820, 0x0) mkdir$auto(0x0, 0x353) 18m30.499570235s ago: executing program 1 (id=160): mmap$auto(0x0, 0x20009, 0x5, 0xeb2, 0x8, 0x1008000) r0 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000180)=ANY=[@ANYBLOB="f21e8858", @ANYBLOB="1e00df45"], 0x1ac}}, 0x4010) sendmsg$auto_NL80211_CMD_GET_REG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='R'], 0x1ac}}, 0x40000) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, 0x0, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB='\t\x00\x00\x00', @ANYBLOB="1e00df"], 0x1ac}, 0x1, 0x0, 0x0, 0x5}, 0x40000d0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="72010000", @ANYBLOB='f'], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc8}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x1f00) 18m29.768711566s ago: executing program 1 (id=165): mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) clock_gettime$auto(0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 18m29.275179726s ago: executing program 32 (id=165): mmap$auto(0x0, 0x2020009, 0x100003, 0x9000000eb1, 0xfffffffffffffffa, 0x0) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) clock_gettime$auto(0x6, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 3m5.111958702s ago: executing program 3 (id=5723): r0 = socket(0x2, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = bpf$auto(0x5, &(0x7f00000003c0)=@task_fd_query={0x2, 0x2, 0x4, 0x0, 0x85, 0x7, 0x9, 0x6, 0x8001}, 0x101) r2 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) ioctl$auto(r2, 0x4b4d, 0x9) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x2, 0x3, 0xa) fcntl$auto(0x3, 0x8, 0x9ebfffffffffffff) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/devices/virtual/net/bond0/queues/rx-4/rps_cpus\x00', 0xa0666, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) writev$auto(0x3, &(0x7f0000000100)={0x0, 0x9}, 0x8) fcntl$getown(r3, 0x9) getsockopt$auto(r0, 0x0, 0xcd, 0x0, 0x0) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000080), r1) keyctl$auto(0x0, 0x0, 0x0, 0x0, 0x10000) sendmsg$auto_ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c5fcf00", @ANYRES16=r4, @ANYBLOB="01002dbd7000fedbdf250500000008000500ff03000008000500040000000500020080000000"], 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x20000000) 3m4.688785861s ago: executing program 3 (id=5727): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/virtual/net/bond0/bonding/ad_num_ports\x00', 0x0, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) socket(0xa, 0x1, 0x84) socket(0x10, 0x2, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/md_mod/parameters/new_array\x00', 0xa001, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) socket(0x10, 0x2, 0x0) socket(0x2, 0x1, 0x106) fanotify_init$auto(0x5, 0x2000000000002) socket(0x2, 0x801, 0x106) openat$auto_fb_fops_fb_chrdev(0xffffffffffffff9c, &(0x7f0000001c80)='/dev/fb0\x00', 0x20401, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000080)='/dev/tty12\x00', 0x101840, 0x0) r1 = socketpair$auto(0x1e, 0x4, 0x8000000000000000, 0x0) clone$auto(0x20003b46, 0x2, 0x0, 0x0, 0x2) ioctl$auto(r0, 0x541c, r1) 3m4.534723195s ago: executing program 3 (id=5728): mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) getgroups$auto(0x7fd, 0x0) sendfile$auto(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3) r0 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000300)='/dev/snd/controlC2\x00', 0x8100, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000040)=0x5) r1 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snd/controlC2\x00', 0x80, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000580)={{@raw=0x7fffffff, 0xf0ee, 0x20009, 0x3, "790eaa00ffff8eac2cdafc1f64010043eeb0b053030001ffff000e00"}, 0x4, 0x966, 0x3, @raw=0x404, @integer={0x800000000000400e, 0x2000000b752, 0x1}, "6cc1294d63a4f1b4285854c5368de438f8cc142ef6df12bf3373a1183bedbd31b642b4051b078fa1c1c61c329794e5311121c760cb9611c78e6947a99807bcc1"}) ioctl$auto_SNDRV_CTL_IOCTL_TLV_COMMAND(r1, 0xc008551c, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x22a02, 0x0) openat$auto_vmuser_fops_vmci_host(0xffffffffffffff9c, &(0x7f0000000080), 0xc0, 0x0) write$auto(r2, &(0x7f0000000140)='7\x00\\\xa0\x04|\x03\xcb\x12\xfa\b\x1c\xc7\xe6\x04\x8c\x83k', 0x1000000007e) mremap$auto(0x200001000000, 0x4, 0x4, 0x3, 0x100000000) 3m1.623478327s ago: executing program 3 (id=5741): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x810) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, 0x0, 0x20008810) close_range$auto(0x2, 0x8, 0x0) unshare$auto(0x40000080) r0 = socket(0x10, 0x2, 0x0) bpf$auto(0xff, &(0x7f00000004c0)=@bpf_attr_5={@target_fd, 0xffffffffffffffff, 0x4, 0x5, 0xffffffffffffffff, @relative_id=0x4, 0x400000000005}, 0x3fc) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000004c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB='f\x00'], 0x1ac}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) sendmmsg$auto(r0, &(0x7f0000000200)={{0x0, 0x0, &(0x7f0000000100)={0x0, 0xfc2}, 0x2, 0x0, 0x7, 0xa505}, 0x803}, 0x2004, 0x8) statmount$auto(&(0x7f0000000000)={0xbd, @raw=0x3, 0x3, 0xffffffffffffd4f2}, &(0x7f00000002c0)={0x2, 0x1, 0x6, 0x8, 0x1, 0x5d9, 0xfff, 0x3, 0x80, 0x1, 0x2, 0x9, 0x8000000000000001, 0x7, 0xfffffffffffff134, 0xc, 0x7, 0x9, 0x6, 0x1, 0x9, 0xa, 0x7, 0x7, 0x92c5, 0x9, 0x4, 0x1, 0x7, 0x2, 0x81, [0x6, 0x4, 0x7, 0x6, 0x6, 0xffff, 0x81, 0x1, 0xfffffffeffffffff, 0x80, 0xa, 0x69, 0x53d, 0xffffffffffffffff, 0x26, 0x1, 0x0, 0x5, 0x4, 0x1, 0x7, 0x7, 0x80, 0xffffffffffffffcc, 0x7fff, 0xc, 0x3, 0x7, 0xc488, 0xc286, 0x7fffffff, 0xf, 0x3, 0x0, 0x3ff, 0x6, 0xff, 0x85c, 0x100000001, 0x9, 0x20000000000, 0x1, 0x6], "f167256b4b90c6ca1a52dfcde084aef550f6ad8ed18caa4cf4b2e5c04b2ad7b9b34c7c7a3e9d117a7526a2c99af5108387b9161b2e5b1961a6adde788a98e241b6ae690547f0e0782cc4440e7f15fd8b8644179711a54a6254befc070dcfcc5e1d3aa61a829494222aca115d1213d1ab835cb429cc3b7491dde055783dd0f3d556d9804e59f8a493471f0f9633763322e113529d8e402401fa9115e92fe44b2a3dd3f240c42e5442c8daa6c8f3bb5b774e98b2ff1f5116351013598b8c4194e0"}, 0x8, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) socketpair$auto(0x0, 0x10, 0x6, 0x0) r1 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000080), 0x60d80, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f0000000280)={{0x3, 0x1000, 0x5, 0x1, 0x8}, "654c6dbc7a4d30983899a7e1325b6a29ba1e184410ba9f74e82a3fa6c3ccf1bf"}) r2 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000013c0)='/sys/kernel/notes\x00', 0x101700, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r2, &(0x7f0000000040)=""/4096, 0x1000) keyctl$auto(0xa, 0xfffffffffffffffd, 0x0, 0x0, 0xfffffffb) 3m0.272030769s ago: executing program 3 (id=5746): socket(0x11, 0x2, 0x6) openat$auto_nvram_misc_fops_nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000140)='/dev/bus/usb/006/001\x00', 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_dma_heap_fops_dma_heap(0xffffffffffffff9c, &(0x7f00000000c0), 0x222680, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/netfilter/nf_log/3\x00', 0x2a8380, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000000)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/mm/transparent_hugepage/hugepages-64kB/stats/nr_anon\x00', 0x0, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, &(0x7f0000000040), 0x109500, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x8, 0x7, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) ioctl$auto_TIOCSETD2(r1, 0x5423, 0x0) ioctl$auto_TCFLSH2(r0, 0x5408, 0x0) 2m59.780303515s ago: executing program 3 (id=5749): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYRES8, @ANYRES16, @ANYBLOB="df250c000000000000"], 0x14}}, 0x24048004) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), r2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/pppol2tp\x00', 0x0, 0x0) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0) madvise$auto(0x0, 0x200007, 0x19) 2m44.505760855s ago: executing program 33 (id=5749): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) listen$auto(0x3, 0x81) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x1, 0x6, 0x0, 0x3ff) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000040)=ANY=[@ANYRES8, @ANYRES16, @ANYBLOB="df250c000000000000"], 0x14}}, 0x24048004) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_nfsd(&(0x7f0000000180), r2) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000380)='/proc/thread-self/net/pppol2tp\x00', 0x0, 0x0) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) sendmsg$auto_NFSD_CMD_THREADS_SET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0xa8, r4, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NFSD_A_SERVER_SCOPE={0x81, 0x4, 'nfsf\x00\xd8\xef\xe4-\x13+r\xf3\fT1Z\xa7J[\x81\a\xcf-\xdf\x90\x1f\x8f\xc8\x13e\xe2R7D\x832j\xce}\xa3V\xb7\xa1o\\\xe6\x13\xbc\f\xe3\xae\xb8~\xd3\xd2+J\'\xc3\xec\xc9\fp\xc8a\xbe\xfe`\xa7\xa9AKDd\'\xa0\x01\xf6\x13y\xe8\xca\xf4Q\x9e\x03*]\xda\x1e\x11t\xe2\xd5uw+\x93\xfc\x04l\xd3\xa6t\x86k\x80\xd9\x14s\xec\xe2H\xc0=(\xf99\x8ac\xa7\x85\x99\x87'}, @NFSD_A_SERVER_LEASETIME={0x8, 0x3, 0x85}, @NFSD_A_SERVER_THREADS={0x8, 0x1, 0x2}]}, 0xa8}}, 0x4000) sendmsg$auto_NFSD_CMD_VERSION_GET(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x40000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000000}, 0x0) madvise$auto(0x0, 0x200007, 0x19) 2m29.800955122s ago: executing program 0 (id=5824): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$auto_ovs_vport(0x0, r0) sendmsg$auto_OVS_VPORT_CMD_SET(r0, 0x0, 0x4) write$auto(0xffffffffffffffff, 0x0, 0x400) ioctl$auto(0x3, 0xae41, 0xffffffffffffffff) read$auto_proc_reg_file_ops_compat_inode(0xffffffffffffffff, 0x0, 0x0) getsockopt$auto(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0) openat$auto_l2cap_debugfs_fops_(0xffffffffffffff9c, 0x0, 0x202801, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$auto(r1, 0x0, 0x20) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, 0x0, 0x802, 0x0) writev$auto(r2, &(0x7f0000000200)={0x0, 0x7}, 0x4) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$auto_ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_ETHTOOL_MSG_MODULE_EEPROM_GET(r3, &(0x7f0000001780)={0x0, 0x0, &(0x7f0000001740)={&(0x7f00000004c0)={0x34, r4, 0x789, 0x70bd27, 0x25dfdbff, {}, [@ETHTOOL_A_MODULE_EEPROM_LENGTH={0x8, 0x3, 0x5}, @ETHTOOL_A_MODULE_EEPROM_OFFSET={0x8, 0x2, 0xdc}, @ETHTOOL_A_MODULE_EEPROM_BANK={0x5, 0x5, 0xb}, @ETHTOOL_A_MODULE_EEPROM_PAGE={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000000}, 0x4004840) 2m29.632982929s ago: executing program 0 (id=5826): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, &(0x7f00000010c0)='/dev/snd/controlC0\x00', 0x802, 0x0) socket(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/irq.pressure\x00', 0x101102, 0x0) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x5, 0x8000000000000000, 0x0) open(0x0, 0x161342, 0x100) socket$nl_generic(0x10, 0x3, 0x10) getrandom$auto(0x0, 0x6000000, 0x3) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sda1\x00', 0x80900, 0x0) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) r0 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000180), 0x101002, 0x0) write$auto(r0, 0x0, 0xc3) 2m29.343153952s ago: executing program 0 (id=5827): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_mon_fops_binary_mon_bin(0xffffffffffffff9c, &(0x7f0000000000)='/dev/usbmon7\x00', 0x40080, 0x0) mmap$auto(0x0, 0x4000002, 0xfffffffffffffe01, 0x8051, 0x3, 0x0) close_range$auto(0x2, 0x8, 0x0) syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000012c0), 0xffffffffffffffff) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_SMC_NETLINK_REMOVE_UEID(r0, 0x0, 0x4000810) openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x10083, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket(0x11, 0x80003, 0x300) sendfile$auto(0x1, r2, 0x0, 0x8fb5) dup2$auto(0x0, 0x3) ioctl$auto(r1, 0x5760, 0x10000000000402) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) openat$auto_dfs_sched_itmt_fops_itmt(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/netdevsim/netdevsim6/bpf_bind_verifier_accept\x00', 0x81, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x4cb) write$auto(0x3, 0x0, 0x7fffffff) 2m28.222138415s ago: executing program 0 (id=5831): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/adsp1\x00', 0x0, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$auto_NL80211_CMD_GET_WIPHY(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20000084}, 0x0) sendmsg$auto_ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x40) sendmsg$auto_MACSEC_CMD_DEL_RXSC(0xffffffffffffffff, 0x0, 0x8844) read$auto(r0, 0x0, 0x20) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x101000, 0x0) symlink$auto(0x0, 0x0) socket(0xa, 0x1, 0x84) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) r2 = getpid() openat$auto_tracing_buffers_fops_trace(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/tracing/per_cpu/cpu1/trace_pipe_raw\x00', 0x1000, 0x0) process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0x20000001002}, 0x1, &(0x7f0000000040)={&(0x7f0000000080), 0xffffffff}, 0x4, 0x0) rename$auto(0x0, 0x0) 2m26.693492685s ago: executing program 0 (id=5837): socket(0x11, 0x80003, 0x300) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) socket(0x18, 0x3, 0x2) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x4, 0x0, 0x9a6, 0x6) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) fcntl$auto(0x0, 0x408, 0x100000) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x88542, 0x0) vmsplice$auto(0x1, 0x0, 0x6, 0x8) 2m25.341194467s ago: executing program 0 (id=5839): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8fg\x1b\x04\xad>\x96\xe9IG\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\x00\x00\x00\x00\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xees\xf0\xc2\xad\xae\x99\xeb\xc5\xf0\"\x92\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6\x00\x00\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x101, 0x103) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000600)={0x0, 0xb4}, 0x1, 0x0, 0x0, 0x20040000}, 0x20040094) madvise$auto(0x0, 0x8, 0x15) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5", 0x809) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) 2m9.93117937s ago: executing program 34 (id=5839): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x40000008000) mount$auto(0x0, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='nfsd\x00\xee\x1a\x8fg\x1b\x04\xad>\x96\xe9IG\xbe\xc8\x12\xae\xc3\xc0@[\x99\xec\xbf(\xec\xc3\xb2\xf2\x15Zi\xc4S6\'\x14\x05\t\x8c\xd5?\xa0\x00\xd8\xe4\xafW\xcc\xa3\xce\t\xf8p\xc6\x00\x00\x00\x00\xb9\xac\xde\x0e\x90\x18\xf1\x13I\x95\xe12\xaclJ\xba\xeb\xe4\x83Z\xaev\xd7\xd9\xdd\x14\x81\xbe\xab\xed\xd5MI\x830_\xc2\x14O\x84\xaa\x13W\xb7\x06\'fvQ\x95\xc5\xd1\x98\xe3T\xees\xf0\xc2\xad\xae\x99\xeb\xc5\xf0\"\x92\xcdfk\xc7\xe9\x96\r\x91\xb0\xc46\xf2\xfc\xef\xfe\xa0\xc9d\xb3h$\xeb\xad\xa4P\x8f\xc3bM{4RQ\x00\x9d)_\xd81(\x03\xca1\x88|\xe5\x1e\x10\x89X\x01\xe9\xf6g\x95xx\xaf\xa9~m\x05\xa2\xe4\x81\xb9\x92\xda\x13\xfe5\xfb\xc6\xd8>\x01\xd4\x14\x94o\x1b[\xa8]\x9b\x03\x95\xc3\xad\xad\x1d#oi|\x04\x93N\xfa\x17\xf3b\xf6\x00\x00\x00', 0x0, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x101, 0x103) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000600)={0x0, 0xb4}, 0x1, 0x0, 0x0, 0x20040000}, 0x20040094) madvise$auto(0x0, 0x8, 0x15) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r1 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000800)='/dev/tty0\x00', 0x102, 0x0) write$auto_console_fops_tty_io(r1, &(0x7f0000001bc0)="51426572911c17e9dd66bf94ea32689283bb895dbc0a97721ed6e250c974356905898b7d48acecddf280cf6dd4ba18c1aa3928071c6585025ceab0e2f34f37ddec138ea587fc4def825608b0ab2a6ecac42062bd3c58ba606307b7471b20a40ffa168b91dde6727571c4ec94bfbde1df90ccb265ffda374c98ffb1ee22069af38a3f200532dbbe5e98f4455170e9a137517b9b7b8840359940ab00f37125c2bec0ac36606b6c69edb35967d723fb81a15faea2bd280d1581ad1ef597bb4dc09f6a5d53aaff1877b77c4e425761dc09d34498c1fce72c0ba1041a99b8748a37597b9567cda1de2cbf6962798e5ee11bf7cb2c70a9502f33c43b8e5dc54de743a2e24cb94c22d669b434888a7ce4cb16cd77b324258e07af32adc0cb38f8c622085783f6804edc3913fb9e98c55713fa0bf8101ad0f6f43407ce4be0001d1bb201bec283ade79ab23484c1076e703864629ac9a6031533dc956f705f89f0e0ef7d3109e46859d1f2ad1b8cb3cfcedf868a3be101e8b9acd75e39e6a27a541aa9fe86ad3119b7049c3fad2a901222eb948cabb4b5c3e5ba6ffc02a15bf7d550b00ab0f3dd3002924f7bd0701269ae293c4cb231b9127d1f6b38dd6fbb3429905384eed7eed9330a9c5e732bdd510169d9ca3e420ea2102be3770a0ab598c037b8f01e8910cf8b0942aafb156ac90724cf552df158a7f59c26e62f3fcf32d860c2259cb1b3118a773ff3cfbaf9c5b068dade5cd7778f1ea98700629b62534735fef3071c30afa6ea26f7e651ec140936c07d9e90f1c9faef3e05376b1e121af6a6691616c10e19fd4f16b1858b44d99e597908cda0e8fa8c21d8b700987d7723a4b5a4ff3c371f2d1cb9fb2f054abc58727239ba67a173f1431083fedc7c4304488c13c75e4995a58ac9de085377356ddc5338aeb44e7f3d06f82a5e0c846159c881a0395a3dbf32a9f2530a520721431a752b13b01a89bdf2b38387b72e8a533936623ec396f6ef94ddfcca047bf20a6fe450a03dedb36a57355e2519ff579b5c63095f48407ece8a7c6c4f5b2582616f0a6bba059810c0a28355fb08dceec9e290026452c3135f8ad93f9617f22e590122d43f6fdc1ea0f9ec12c551b5127108443bb081f7a89660034ea4f3c4305108428cc91918dbb28c2a117f09609e40903b13055e92a727afa767b1f97df335ee729686c0113e4cc18aa50f4ad82b1d403cc6c11ac3bf63415560417d7d488df01b69c925ca3fce60ca7ac767fd11df61caf62f3ab67dad043faf1cc334903e0f419c2e97553ecaad5814bf097192e76e9a16bc5c9be932718aba32cd7dbcc6bc634a463c6f709cc81963b39442e710c14c7e107b0aeb7b6a0e3f3757860d10dd741863277c43ce4dcec49f4558959b08f59182baf4f250aa045fee383ceaec280817bf222dfbeeca8c1ec8473176326c1ffd49ea072b5f3c73f36865b6052a1595c1bb76cfe37f976848fbcb408381ddeff9c318a2e6bbfe6c18ef16531fec3c47874a5391238c0d6b0e033db3fce94127cc9c98a4211e5d873f7b4810846d96be2d6cac532fce0ddee737e4d1ddb65b8b2449984a897e4090449ed4fb4006fb9d133e51396d4664a3f0c395c5b24781f8389979ccb565c6461b66db7134d15cff5ae8f935a5bcb23caace2edd2b37a726575e3cb0528de05edd9f03e30feb617767b6a557280a0a288b52af44a1607b6063867e5c9d8d56c44968fd509b5983fa06e6b1eefb2f8cee0c1cb49b8b569cf13b77adbc22ce972cd718167ac571ee41a446d13931f849d5636c729996b36ec84171fde260a4e01e9770cf687591a79833ae6473c51e12c0faab96ef093e6178d485526dbf775c94324c76bd4af2652e9036b1cc0d3df05c9232ee6eef7c4f46a6cf8ad160ad087aba6928bf156bf3ade1d135a965c4a2b283485737da67fe99227f2fbfb3baa74d75fe29122adfd82fcb9325b7ea826a52559654e76d494a374d9535facfcd4ab248e388c516bb8a0dc151b1557e418fd7c625c67ab1c50d6f05b97ba15c55631aeea44b21131aa93ead176f7bfd1418856e38782f004f272738827a64bb695f6b6a08cff8d1917be52a8851bd2bfd57d08bb0660e2ffc23792a419c2e9b006e3b0ad05044d99b97391fd2cceb86cf26acebe089a861340b04fd01e1baa70583032a30ea2e605217b80f7ee16d7e28be43d12bb2b67937dd26a8aeb84fef2f2d52f75232a400e7b279dcfc01953b0c46203477a50b5853e8f7b14b2ba31db742504bca6ed95b18846706c9fd85bf2a3a2642029b9ff2828bf0f7cbd96109a237961be8fe5c62f0fcc04c994f123f4a22f048403eac9308cfd2f2e4350c72e9ef83416ce973d3aa90d281a0275886dd3858b5869784ae58e257aa5af6d373dcc9cf520e364be748833adbb10daa6f6a334b51d27529d86ea5ce874562f9f93da45d244224b936fced3b658abbe7aa1f0d502fffce823f528ab47ea3540722f144733666229ae08cfc7e61247742ea4e3c180938ae7c7b81c1ee975c831f79672e044cefc49894c2ab73bba2580ac476cc0e56b6748b8edbb37a3f8dda7ffad4ec07abce7c4d10fc32e40d5a9db37f7b1e3a6eabedbefa9dd8eef189b92363d3391d384af26b7d47958d3d82845c9b668da5bcbd64058dc9e1c6d903ab5d2aa049d197116a11309a1abe9e5b3f9e7f1c623242b1d8089bc369d145a7070e8a9bdf543dbffe899ff9366009a3b0424a634681b530dad9ef23f136a10c7287068e57f3c2de45adf0a105c328e0035b97168f4c17aa4610b2e6e1a6ba0b71c06417b7a9497be4a009b19d7162adfd4d7b6490faf3782a920281333ad09b848ab5f4d15534b8c4e43dc9604b0630f8d349b2c80a98fde04693c31cbed7d460edfc0138dcc5", 0x809) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) 1m10.985817329s ago: executing program 2 (id=6116): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, 0x0, 0x189400, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cgroup.threads\x00', 0x80302, 0x0) preadv$auto(0x3, 0x0, 0x3, 0xf8, 0xffffffffffffffff) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) readv$auto(0x3, 0x0, 0x1) io_uring_setup$auto(0x59, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) clock_adjtime$auto(0x354d, 0x0) syz_clone3(&(0x7f0000000100)={0x2100000, 0x0, 0x0, 0x0, {0x21}, 0x0, 0x0, 0x0, 0x0}, 0x58) mmap$auto(0x0, 0x40009, 0xe2, 0x9b72, 0x7, 0x28000) rt_sigsuspend$auto(0x0, 0x8) 1m9.994175474s ago: executing program 2 (id=6119): socket$nl_generic(0x10, 0x3, 0x10) socket(0x15, 0x5, 0x0) mmap$auto(0x0, 0x20009, 0xe2, 0xeb1, 0x405, 0x8000) userfaultfd$auto(0x1) socketpair$auto(0x1, 0x1, 0x8000000000000000, 0x0) socket(0xa, 0x801, 0x84) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1, 0x1, 0x1) timerfd_create$auto(0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket(0xa, 0x801, 0x84) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) socket(0xa, 0x2, 0x3a) r1 = io_uring_setup$auto(0x6, 0x0) r2 = socket(0xa, 0x2, 0x88) close_range$auto(0x0, 0xfffffffffffff000, 0x2) bpf$auto(0x0, &(0x7f0000000000)=@link_update={r2, @new_prog_fd=r0, 0x4, @old_map_fd=r1}, 0xa3) bpf$auto(0x3, &(0x7f0000000040)=@query={@target_ifindex, 0x4, 0x7, 0x9, 0x7f, @prog_cnt=0x4, 0x0, 0x0, 0xc, 0xb, 0x9}, 0x7) 1m9.793809866s ago: executing program 2 (id=6122): mlock$auto(0xfff, 0xde7f) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) r0 = gettid() futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kill$auto(r0, 0x11) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x1ff, 0x20000000) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x6, 0x0) 1m7.461866396s ago: executing program 2 (id=6126): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x2, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) sigaltstack$auto(&(0x7f0000000100)={&(0x7f0000000080)="a5b254f5e0a2123cdbc6f4cb5e1785391b648c8408707303caa986a53de211cd82d5d2e7bb1a5b23ac22e31153c334c9757fb208a57f99ac4c40f778a639e2d47bf2b42228a3935a62c455bb963e967727d86c3714696df2e471e720", 0x9, 0x10000}, &(0x7f0000000180)={&(0x7f0000000140)="149c53238833c3fec7ee21b1bd52a86393d5c70b8ca5c7552ab3a6f4eae517e6e739ffa1db30f26b46e4dee5ade28f78bce068fb8ae6f0940035d0", 0x1000, 0x1}) unshare$auto(0x40000080) mmap$auto(0x0, 0x9, 0xffb, 0x8000000008011, 0x3, 0x0) move_pages$auto(0x0, 0x1002, 0x0, 0x0, 0x0, 0x2) getsockopt$auto_SO_PEERPIDFD(r0, 0xfffffff6, 0x4d, &(0x7f0000000000)='/dev/bus/usb/001/001\x00', 0x0) msgget$auto(0xc, 0x9) socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x3, 0x0) mmap$auto(0x0, 0x80, 0x4000000000de, 0xeb2, 0xffffffffffffffff, 0x8000) openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) io_uring_setup$auto(0x1, 0x0) openat$auto_proc_pagemap_operations_internal(0xffffffffffffff9c, 0x0, 0x0, 0x0) close_range$auto(0x2, 0x8, 0x0) ioctl$auto_KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 1m6.905296969s ago: executing program 2 (id=6127): semctl$auto(0x7, 0x2, 0x13, 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = openat$auto_proc_clear_refs_operations_internal(0xffffffffffffff9c, &(0x7f0000000600)='/proc/self/clear_refs\x00', 0x2, 0x0) r1 = socket(0x10, 0x2, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYBLOB="1200", @ANYBLOB=']'], 0x1ac}}, 0x40000) recvmmsg$auto(r1, &(0x7f0000000140)={{0x0, 0x3, &(0x7f0000000080)={0x0, 0x400}, 0x5, 0x0, 0x2000000200002, 0x8}, 0x803}, 0xfffffff9, 0x10, 0x0) write$auto_proc_clear_refs_operations_internal(r0, 0x0, 0xffffff4b) setsockopt$auto(0xffffffffffffffff, 0x107, 0x8, 0x0, 0x6) r2 = getpid() syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_readv$auto(r2, &(0x7f0000000000)={0x0, 0xfff}, 0x40000000001, &(0x7f0000000180)={0x0, 0x40000000001243}, 0xa, 0x0) mmap$auto(0x0, 0xfff, 0xdf, 0x9b72, 0x400, 0x28000) close_range$auto(0x2, 0x8, 0x0) close_range$auto(0x2, 0xa, 0x0) r3 = openat$auto_rtc_dev_fops_dev(0xffffffffffffff9c, &(0x7f00000000c0), 0x101000, 0x0) ioctl$auto_RTC_UIE_ON(r3, 0x7003, 0x0) read$auto(0xffffffffffffffff, 0x0, 0x91e2) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) 1m5.485565524s ago: executing program 2 (id=6134): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x24, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4008800) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000180)={0x24, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NETDEV_A_QUEUE_ID={0x8, 0x1, 0x1000}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x7) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06', &(0x7f0000000140)='nfsd\x00', 0x10000, 0x0) mount$auto(&(0x7f0000000000), &(0x7f0000000080)='}[,&*}\x00', 0x0, 0x7fffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mlockall$auto(0x7) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0xffffffffffffffff, 0x8000) mlock$auto(0xfbe8, 0x4) mlock$auto(0xcecc, 0xd325) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404c091}, 0x40000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_ENABLE_HS_LIMITATION(r0, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xb8, 0x0, 0x8, 0x70bd26, 0x25dfdbff, {}, "7bb41aa183144ae6129ceae2958bcda1c1365290d41204a03ceb77a3c6117b158dd2e20bff9b8138191b1dfeaf340eb22e2004014797d6598d419e52048f4bcbc5b9ea490e9f76a535ae025b939a6c4beb6df43f4e069fd1418d5a56cc55bd3c42655b85e91519160df6fd3dc0fe088f68928d1054dfb0887d533b8a4da6bf22ed2a217e713b720d3a724380286cbbffa1c586addfb7f33c3cf943222f8c265a4a367e"}, 0xb8}, 0x1, 0x0, 0x0, 0x40000}, 0x40040824) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) 50.321026868s ago: executing program 35 (id=6134): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x22004840}, 0x4001) sendmsg$auto_BATADV_CMD_TP_METER(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x24, 0x0, 0x300, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4c894}, 0x4008800) sendmmsg$auto(0x3, 0x0, 0x3, 0x0) sendmsg$auto_NETDEV_CMD_QUEUE_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000003000)={&(0x7f0000000180)={0x24, 0x0, 0x1, 0x70bd2c, 0x25dfdbfb, {}, [@NETDEV_A_QUEUE_ID={0x8, 0x1, 0x1000}, @NETDEV_A_QUEUE_ID={0x8, 0x1, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x20008810) mkdir$auto(&(0x7f0000000100)='}[,&*}\x00', 0x7) mount$auto(0x0, &(0x7f0000000040)='}[,&*}\x00\x0e\x15F\xf7\x1a\xd1K+\xedy\xc6\x9bb\x94\xb4^\xc2\x83%\xfbw}\xfb_P\"\x19\xdfi\xe9hA|Q\x8a_F\x04:Q\x90\'\x06', &(0x7f0000000140)='nfsd\x00', 0x10000, 0x0) mount$auto(&(0x7f0000000000), &(0x7f0000000080)='}[,&*}\x00', 0x0, 0x7fffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) mlockall$auto(0x7) mmap$auto(0x0, 0x40000b, 0xde, 0x9b72, 0xffffffffffffffff, 0x8000) mlock$auto(0xfbe8, 0x4) mlock$auto(0xcecc, 0xd325) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000040)={0x1c, r1, 0x1, 0x70bd2a, 0x25dfdbfd, {}, [@HWSIM_ATTR_REG_CUSTOM_REG={0x8, 0xc, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404c091}, 0x40000) r2 = socket(0x10, 0x2, 0x0) sendmsg$auto_SMC_NETLINK_ENABLE_HS_LIMITATION(r0, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000400)={&(0x7f0000000340)={0xb8, 0x0, 0x8, 0x70bd26, 0x25dfdbff, {}, "7bb41aa183144ae6129ceae2958bcda1c1365290d41204a03ceb77a3c6117b158dd2e20bff9b8138191b1dfeaf340eb22e2004014797d6598d419e52048f4bcbc5b9ea490e9f76a535ae025b939a6c4beb6df43f4e069fd1418d5a56cc55bd3c42655b85e91519160df6fd3dc0fe088f68928d1054dfb0887d533b8a4da6bf22ed2a217e713b720d3a724380286cbbffa1c586addfb7f33c3cf943222f8c265a4a367e"}, 0xb8}, 0x1, 0x0, 0x0, 0x40000}, 0x40040824) sendmmsg$auto(r2, &(0x7f0000000080)={{0x0, 0x8002, &(0x7f00000002c0)={0x0, 0xc4}, 0x2, 0x0, 0x0, 0x1}, 0x5}, 0x3, 0x0) 18.681303118s ago: executing program 6 (id=6261): socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r0, &(0x7f0000000180)=""/178, 0xb2) io_uring_setup$auto(0x59, &(0x7f0000000080)={0x7fffffff, 0xfffffeff, 0x2, 0x6, 0x7, 0x8, 0xffffffffffffffff, [], {0x6, 0x6, 0xf, 0x29f, 0x2, 0x83, 0x101, 0x17f, 0xffff}, {0xff, 0x1, 0x52, 0x5, 0x1, 0x40, 0x4, 0x8, 0x100000004}}) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, 0x0, 0xc040810) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r1, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000000000008000) mmap$auto(0x0, 0x2000c, 0xdf, 0x20eb1, 0xffffffffffffffff, 0x8000) select$auto(0x8, 0x0, 0x0, 0x0, 0x0) 13.115893821s ago: executing program 6 (id=6276): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/zswap/parameters/compressor\x00', 0xc0002, 0x0) write$auto_ocfs2_control_fops_stack_user(r0, &(0x7f0000003900)='\t', 0x1) socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x9, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000001b80), r1) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000340)='/sys/module/zswap/parameters/enabled\x00', 0x62, 0x0) write$auto(r3, &(0x7f0000000440)='ON\xa6\xcc\r\x91QU\x9dI\xda\x1b\xad\xb1\x9e\xc8Tt\xa8\x94\x9c\x8a\xe2\xc7cOM\xb6\xa3,!o\x9e\xb0\xadT\xfbR\xa1Y\x94V[8\x04c\xdf:]\xd9\x94\xf0F\xbb\xa2\xbb>\xade\x18\xbd\xe2\x1c\x89OO]e[\xbb\xf9\xcd\xc0\xc9\x00\xda\xac\xdd\x1a\xdd\xdd\xb9o\x1a\xab\xd5\xef\xc0\x04z\xd0I>\x8f\x00\xe5\x1c*\xed`\xfd\x15\x88\x0f\x9a\xd5\xa7\x14\f};\xabt\xd1ak\xe5\x98\xea\xe3}\x10\xab\f_\x19\x9b\x11\xb25VUK\x93\xcdd\x17\xe4\xacA\xa5[\b\xb8;\x02tcf\x06\xfbD\x91\xcaG\xdaa:k[r\x06\xeb\xf0\xc4\xcb\x10\xae\xc8\xe9u\x9f\xdeK\xa5\x8e\xd6\x8f\xd0UV\x11\xcb\xdd\x81\xbe\xdeL/\xed\'\x1d\xa5\xc5\x9b\xb2\x96\x05`\xe7\xd5Y\a\xc1\xe9(\x95\xdfH\xf4\v\xf3CRnz\xc2\x13<\xf0\v\x1f\x14\xf3\xd0\xf2\xd1L!\x81\xea\x83\xa0\r|%\xbf\x02trg\x9a\xe7)\a\xf4\xaa\x05\xc0\xa0r\xd2\x85\x8dH\xd0>\xca\xfc5\x01\x95O4\xca\x95\x1d\x83\xec\nD\x8e\xfb\xce\xd1w\x15:\xe9\x81/B#\xc6\xa1\xfa-\x1b\x8cr\x92nM\xa1\xbb\xe4pd$\xd7\x1b\v\x82\rd\xd2\xaa\v!\xb1}\x92\x89\x8d\xcd\x1e\xc7N\xeeO\x8dO\xe9\xfc\x91\xa1\xa8=R+\a\xb7R\t\f+\x7f\xd5H\x90G=\x9a\r\xb10\x17n\x1b\xf8\v\x11\v\xbb', 0xb8c5) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r1, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001dc0)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010027bd7000fbdbdf250400000008001700080000008d3563429c4e72d87930f270eacc96fc58b2d7c8df268c68bb5e55d7e68056d6e39eb99a8de29719acfde6da28b91d5fd671c5f6bed408d93eb71e8386ed7b5918a6bc5ad97f0847348f46f72cd07ea77043ff229b55fdf96ad6cbb9dec661014132e604d84f11da010400"/139], 0x1c}, 0x1, 0x0, 0x0, 0x220000c1}, 0xc0) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, r1, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x141400, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r4, &(0x7f0000003e80)=""/238, 0xee) openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = epoll_create$auto(0x5806) r6 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/radio18\x00', 0x18a041, 0x0) epoll_ctl$auto(r5, 0x1, r6, 0x0) 11.825308327s ago: executing program 6 (id=6277): mlock$auto(0xfff, 0xde7f) mmap$auto(0x0, 0x20009, 0x10000000000df, 0xeb2, 0x8000000401, 0x8000) io_uring_setup$auto(0x1, 0x0) futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) r0 = gettid() futex$auto(0x0, 0x6, 0x8, 0x0, 0x0, 0x80000001) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) kill$auto(r0, 0x11) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x1ff, 0x20000000) mmap$auto(0x0, 0x2020009, 0x6, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0006, 0x17) madvise$auto(0x0, 0xffffffffffff0001, 0x15) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x400053, 0x9) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid$auto_P_PGID(0x2, 0x0, 0x0, 0x6, 0x0) 8.332376614s ago: executing program 6 (id=6283): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) unshare$auto(0x40000080) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x745100, 0x0) r0 = openat$auto_snd_timer_f_ops_timer(0xffffffffffffff9c, &(0x7f0000000200), 0x101802, 0x0) ioctl$auto_SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0189436, 0x0) ioctl$auto_MEMREADOOB(0xffffffffffffffff, 0xc0104d04, &(0x7f00000002c0)={0xfff, 0x52ec301b, &(0x7f0000000280)='\x00'}) openat$auto_mousedev_fops_mousedev(0xffffffffffffff9c, &(0x7f0000001140)='/dev/psaux\x00', 0x42000, 0x0) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000d00), 0x0, 0x0) shmctl$auto_IPC_SET(0x8, 0x1, 0x0) select$auto(0xf, 0x0, 0x0, &(0x7f0000000580)={[0x1ff, 0x8000, 0xd, 0x1, 0x948d, 0x7, 0x10015f4da0a, 0x2, 0x7, 0x64c1, 0x8000001f, 0x81, 0x6d41, 0xc, 0x2, 0x3]}, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x0, 0x2003f2, 0x15) syz_genetlink_get_family_id$auto_ethtool(0x0, 0xffffffffffffffff) madvise$auto(0x0, 0x200007, 0x19) open(&(0x7f0000000000)='./file0\x00', 0x4242, 0x0) 6.820993772s ago: executing program 7 (id=6291): openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/net/fib_trie\x00', 0x0, 0x0) mmap$auto(0xfffffffffffffffc, 0x2020009, 0x10, 0xfffffffffffffff8, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ptycf\x00', 0x800, 0x0) openat$auto_dvb_frontend_fops_dvb_frontend(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) socket(0x11, 0x80003, 0x300) socket(0x1d, 0x2, 0x7) socket(0x2, 0x3, 0x1) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) open(&(0x7f0000000100)='.\x00', 0x0, 0x408) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000000)='/dev/tty12\x00', 0x800, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video43\x00', 0x129900, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f00000001c0)={{0x0, 0x1aa, 0x0, 0x6, 0x0, 0x5, 0x1001}, 0x5}, 0x2, 0x100) bpf$auto(0x9, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x71c, 0xfaae, 0x468, 0x2, 0x8000000000000001, 0x80, 0x7, 0x1, 0x1fc, 0xff, 0xb5, 0x4, 0x40004, 0xd9ee}, 0xe3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x7e) 6.346827169s ago: executing program 7 (id=6293): mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) io_uring_setup$auto(0x1, 0x0) openat$auto_cec_devnode_fops_cec_priv(0xffffffffffffff9c, 0x0, 0x400, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) clock_gettime$auto(0x3, 0x0) syz_genetlink_get_family_id$auto_tipcv2(0x0, 0xffffffffffffffff) sendmsg$auto_TIPC_NL_BEARER_GET(r0, 0x0, 0x0) getpid() r1 = getpid() process_vm_readv$auto(r1, 0x0, 0x1, 0x0, 0x6, 0x0) write$auto(0x3, 0x0, 0x100082) unshare$auto(0x40000080) io_uring_setup$auto(0x1, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r2 = socket(0x11, 0x80003, 0x300) sendmsg$auto_IPVS_CMD_GET_SERVICE(0xffffffffffffffff, 0x0, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, 0x0, 0x40000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/platform/dummy_hcd.1/usb2/idProduct\x00', 0x100000, 0x0) setsockopt$auto(r2, 0x107, 0x2, 0x0, 0x28) 4.939773097s ago: executing program 4 (id=6296): mq_timedsend$auto(0xffffffffffffffff, &(0x7f00000000c0)='\xcf\x8d\xb6\xaa\x80\xd5\xb4_:A\xacz\xdc\xa0\x1d', 0x2, 0x6, 0x0) r0 = syz_genetlink_get_family_id$auto_vdpa(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$auto_VDPA_CMD_MGMTDEV_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="5cfa37d1b3a1b955b6c40c7f313435a834f39ae4e978f888835de6a0db95fdd134dea08c2007ec36a93bd41a7bebc2479a54c514ba7e32e40c8f5618f8ef870b6b40904d2079fe652d86a277070000000000000079cbdb1ead8ace0def7b06d16eaa7faff3b6dba2fa0e07e1c19fa6040cce441c805a4a7c2101d98366fc88839dfffee9be9063732eb7452a57b609dd5ca88eb5559c9780e767e5646fed", @ANYRES16=r0, @ANYBLOB="08002cbd7000fbdbdf2502000000140002006e723000"/34], 0x28}, 0x1, 0x0, 0x0, 0x14}, 0x24000400) mmap$auto(0x0, 0x2020009, 0x7, 0xeb1, 0xffffffffffffffff, 0x8000) r1 = openat$auto_proc_iter_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000080)='/proc/pagetypeinfo\x00', 0x43102, 0x0) read$auto_proc_iter_file_ops_compat_inode(r1, &(0x7f0000000180)=""/178, 0xb2) sendmsg$auto_ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x2000c840) close_range$auto(0x2, 0x8, 0x0) r2 = io_uring_setup$auto(0x59, 0x0) io_uring_register$auto(0x2, 0x20, 0x0, 0x0) sendmsg$auto_CTRL_CMD_GETPOLICY(r2, 0x0, 0xc040810) madvise$auto(0x110c230000, 0x1, 0x9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xc0002, 0x0) close_range$auto(0x2, 0x8, 0x0) madvise$auto(0x0, 0xffffffffffff0001, 0x15) prctl$auto(0x1000000003b, 0x1, 0x4, 0x5, 0x7) msync$auto(0x110c230000, 0x200001, 0x6) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) io_uring_setup$auto(0x6, 0x0) 4.848964134s ago: executing program 5 (id=6297): mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0xffffffffffffffff, 0x8000) r0 = socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) r1 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0xe8, 0x9, 0x2, 0x1, 0x5, 0x4, 0x15f4da0e, 0x8, 0x9, 0x100000000000000c, 0x8, 0x1, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) pwrite64$auto(0xc8, &(0x7f0000000140)='\vX\xb5n\x91p\xe6\x1eRNM\x99\x86\xdde\x1cJ\x99\x00\x00\x00\x00,\x00\xfd\xfd\xd3\xd3\x1d\xf8\xbe\x01\x00\x00\x00\'\x03\x00\x00\x9f\x1e\xf9\xa4*\x01\x00\x00\x00^B\xb8\xe4j\t,\xe4\x90\xcc\x9d\xc5\x0fo\x84\xf4\x89\v\xea\x1b\x95\xafQ;CL\"\x01@\x00\x00\x00\x00\f\x00\xc0\x13\xc8\xe2\xae\xf5\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8d\x81\x81O*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,8\x93\xba\x88\x93\x9d\xb6\x1a\x7f\xc0%\xb0\x83ROJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd6eWj\xdc\xac\x88\xf0\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\xff\xff\x00'/242, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) bind$auto(r0, &(0x7f0000000240)=@sco, 0xfffffffb) getsockopt$auto_SO_RCVMARK(r1, 0x0, 0x4b, &(0x7f0000000000)='}\'.^\x00', &(0x7f00000000c0)=0x7) mmap$auto(0x0, 0x40009, 0x36, 0x9b72, 0x7, 0x28000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x6, 0x0) mlockall$auto(0x7) migrate_pages$auto(0x0, 0xa, &(0x7f0000000000)=0x5, &(0x7f0000000140)=0x2) 4.786396599s ago: executing program 7 (id=6298): mmap$auto(0x0, 0x400008, 0x4, 0x40009b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x89, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) r1 = socket(0x2b, 0x1, 0x1) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)) munmap$auto(0x8000, 0xffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) 3.715076929s ago: executing program 4 (id=6299): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) io_uring_setup$auto(0x2, 0x0) socket(0x2, 0x1, 0x0) sysfs$auto(0x2, 0x7, 0x2) r0 = epoll_create$auto(0x7) r1 = socket$nl_generic(0x10, 0x3, 0x10) epoll_ctl$auto(0x5, 0x1, r1, 0x0) epoll_wait$auto(r0, 0x0, 0xe007, 0xe8a4e409) syz_genetlink_get_family_id$auto_nl80211(&(0x7f0000000100), r1) close_range$auto(0x2, 0x8, 0x0) r2 = socket(0x10, 0x2, 0x4) close_range$auto(0x2, 0x8, 0x0) r3 = socket(0x10, 0x2, 0xc) r4 = getpid() process_vm_readv$auto(r4, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000080), 0xffffffff}, 0x6, 0x0) mprotect$auto(0x200000000000, 0x806121, 0x6) sendmsg$auto_NL80211_CMD_TRIGGER_SCAN(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x1c, 0x0, 0xd0d58b333228212f, 0x70bd2c, 0x25dfdbfc, {}, [@NL80211_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x4000000) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="18000000", @ANYRES8=r3, @ANYBLOB="01"], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x80) write$auto(r2, &(0x7f0000000000)='-\x00', 0xfdef) 3.204402665s ago: executing program 5 (id=6300): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) r0 = socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000780)='/proc/self/net/rpc/auth.rpcsec.init/channel\x00', 0x441, 0x0) write$auto(r1, &(0x7f0000000080)='\\x7fF&\xb5\x8d\xddEl/trac_notrace_pid\x00\x00\x00\x00', 0x7) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) r2 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) ioctl$auto_BTRFS_IOC_SCRUB_PROGRESS(r2, 0xc400941d, &(0x7f0000000500)={0x40a, 0x3, 0x3ac, 0x8, {0x1, 0x4, 0xb, 0x3, 0x9, 0x4, 0x9, 0x2, 0xe, 0xa5, 0x1, 0x4, 0x0, 0xf, 0xff}}) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) ioctl$auto_BTRFS_IOC_QGROUP_CREATE(r2, 0x4010942a, &(0x7f0000000040)={0x10, 0x3}) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/thread-self/net/netfilter/nf_log\x00', 0x101000, 0x0) r3 = openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x2000, 0x0) ioctl$auto_SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc4c85512, &(0x7f00000006c0)={{@raw=0x9, 0x2, 0x2, 0x1, "162629e6b2259bee9878f8e7b039aa20b33e487d34917b4a9acce903cb72dd4cd8dde6d41c914d63af7a9de9"}, 0x0, @integer=@value=[0x400000000009, 0x12d800000000000, 0x179, 0xfffffffffffff8ad, 0x5, 0x7, 0x4, 0x8, 0x4, 0x7, 0x6, 0x7, 0x100000001, 0x3, 0x9, 0x5, 0x7f, 0x9f, 0x8, 0x9, 0xb1, 0x0, 0x3, 0x8, 0xffffffff, 0x10001, 0x1, 0x80000000, 0x8000, 0x9, 0x0, 0x80000000, 0xf, 0xfffffffffffffffe, 0x4, 0x1, 0x3, 0x7f, 0x800, 0x7, 0x3, 0x4f3, 0xc, 0x4, 0x7, 0x0, 0xe4, 0x5, 0x6, 0x81, 0x401, 0x400000000004, 0xa, 0xfffffffffffffffd, 0x6, 0x800, 0x0, 0x7, 0x101, 0x82, 0xc9d, 0x3fe, 0x9, 0x706, 0x640c, 0x3, 0x1000, 0x6, 0x201, 0x0, 0xec31, 0x9, 0x1ff, 0x0, 0xfff0000000000000, 0x4, 0xbd2a, 0x903, 0x80007, 0x7fffffffffffffff, 0x5, 0x1, 0xfffffffffffffffe, 0x0, 0x7eda8566, 0x800000007, 0x8000000000000001, 0x7, 0x401, 0xfffffffffffffff7, 0x9, 0x14000000000000, 0x6, 0xfffffffffffffffe, 0x0, 0x1, 0x8000000000000001, 0x5, 0x1ff, 0x1, 0x40, 0x5, 0x7, 0x2, 0x3, 0x10000000008, 0x1f, 0x8001, 0xc13, 0x6, 0xbf5, 0x2, 0xff, 0x7, 0xf, 0xe0, 0x3, 0x8, 0x3, 0x80000000, 0x6, 0x2, 0x1, 0xa, 0x5, 0x2, 0x100, 0xffff], "54a5f1d1dd2f17b169e8263c3a740d6611142f4b3c69d0f6e967c91125d235ac53e1b00d9fddc53d8f56969329274a57d5f4213fb46616a4faa700873d91426befc561500a5391d522c480bd37f8e7f0050cedfc627c6702978a8f018ad9a7b04711dc3a5c6a755e7a506645ea28e2baa4a6786ca43b3d5d976157eb07c3cdb8"}) write$auto(r0, &(0x7f00000000c0)='/dev/snapshot\x00', 0x1ff) io_uring_setup$auto(0x6, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000200), 0x400, 0x3f) 3.125697368s ago: executing program 6 (id=6301): socket(0x2, 0x3, 0xa) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x0, 0xf4, 0xdf, 0xeb1, 0x69a5, 0xa800000000000000) sysfs$auto(0x2, 0x41, 0x0) mmap$auto(0x0, 0xe983, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) socket(0xa, 0x2, 0x3a) sendmsg$auto_NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc000}, 0x2404c800) mmap$auto(0x0, 0x4020009, 0xdf, 0xeb1, 0x401, 0x8000) close_range$auto(0x2, 0x8, 0x0) sendmsg$auto_NETDEV_CMD_DEV_GET(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x48000}, 0x0) io_uring_setup$auto(0x6, 0x0) io_uring_register$auto(0x2, 0x0, &(0x7f0000000000), 0x3) mmap$auto(0x0, 0x200004, 0x4000000000e3, 0x40eb2, 0xd, 0x300000000000) semctl$auto_SEM_INFO(0x0, 0xfffffffd, 0x13, 0x1) kexec_load$auto(0x5, 0x2, &(0x7f0000000040)={@kbuf=0x0, 0x800c000, 0x4800c000, 0x800c000}, 0x4) 2.884189569s ago: executing program 4 (id=6302): openat$auto_snd_ctl_f_ops_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) setresuid$auto(0xffffffffffffffff, 0x0, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r1 = prctl$auto(0x1000000003b, 0x1, 0x0, 0x5, 0x5) socket$nl_generic(0x10, 0x3, 0x10) madvise$auto(0x0, 0x2003f2, 0x15) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_ETHTOOL_MSG_FEATURES_SET(r1, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x1) syslog$auto(0x3, &(0x7f0000000080)='..\x00k\xac\x8c\x1d\x0e\x98\x80\xd2\xaf\xa1\xf2\x1e\xe1R1\xa2\x8e\xce\xa0\x17\bI3\'\xc5tw\xd7\x1d\xa6\xf4#+\xfa\xd7\x01\xb9j<\v\xf47\n\xa7\xd2\x8b\x11e1\xb3\xfdd\x04\xa9 1q\x97\xc4,\xa9^\xc1\xb6\xa1q\x0f\xd1\x013\x87l\xb9\x1e\x05\x90\xa2', 0x5) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000840)='/dev/ttyS1\x00', 0x20000, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x4000000000009b72, 0x2, 0x8000) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, &(0x7f0000002040)='/dev/snd/pcmC1D1c\x00', 0x80, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) select$auto(0x10, 0x0, 0x0, &(0x7f0000000140)={[0x1ff, 0x4, 0x3f, 0x5, 0x2000000000948b, 0x3, 0x800295f4da0a, 0x2, 0x3, 0x62, 0x80000001, 0x50a7, 0x6d3f, 0x9, 0x3, 0xfffffffffffffffe]}, 0x0) 2.313537267s ago: executing program 7 (id=6303): mmap$auto(0x0, 0x4, 0x4000000000df, 0x40eb1, 0x401, 0x300000000000) openat$auto_proc_mounts_operations_mnt_namespace(0xffffffffffffff9c, 0x0, 0x105442, 0x0) socket(0xa, 0x3, 0x3b) connect$auto(0x3, &(0x7f0000000000)=@generic={0xa, "0000e100"}, 0x58) r0 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/mac80211_hwsim/hwsim1/net/wlan1/statistics/rx_crc_errors\x00', 0x0, 0x0) mmap$auto(0x0, 0x400, 0xdf, 0xeb1, 0x401, 0x8000) recvmmsg$auto(0x3, 0x0, 0x10000, 0x0, 0x0) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x54) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) ioctl$auto_SNDRV_PCM_IOCTL_INFO(r0, 0x81204101, &(0x7f0000001200)={0x9, 0xfff, 0x3ff, 0x6, "d0b5e9742783bed89b6be52b58b0063615e565f7cad9c6697b568081594847026c814f659db07c04e8577a4f403ae6cab4e6f041d1f2ed3d9e1819156154c517", "93b1aedaeb445ff30f58aaad5478af4c6d9ad70a17ecfd21718b009d7adb70d1e951f08c80f08cec162d15ee328b172a02e064ed033af95c0683c38e04ec0b0ef7df8784aa475e46afe24ea064e8cd7d", "05520fce609f945404e368d0a8a5a69c913a8d984960cd95866bf6a9a26b88b1", 0x5, 0x8000, 0x7, 0x8, '\x00', "a034bcc3c3a10b3e5c43308211ff20245bfd61dd50b36c76475bff2a84759105fea989c4d001c8d3cfb61e63ab866d361b908f304c2df5c4ccfa72cdff4e877f"}) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) close_range$auto(0x0, 0xfffffffffffff001, 0x2) r1 = socket(0x1e, 0x1, 0x0) socketpair$auto(0x8, 0x1, 0x8000000000000000, 0x0) r2 = openat$auto_v4l2_fops_v4l2_dev(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vbi0\x00', 0x80382, 0x0) ioctl$auto(r2, 0xc0045627, r1) close_range$auto(0x0, 0xfffffffffffff000, 0x2) ioctl$auto_USB_RAW_IOCTL_EP0_READ(0xffffffffffffffff, 0xc0085504, &(0x7f0000001100)={0x0, 0x1}) 1.887776529s ago: executing program 5 (id=6304): sendmsg$auto_ETHTOOL_MSG_PHY_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022bbd7000fcdbdf252d000000"], 0x14}, 0x1, 0x0, 0x0, 0x4000810}, 0x20008004) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="1b000000", @ANYBLOB="1e00"], 0x1ac}, 0x1, 0x0, 0x0, 0x40}, 0x40000) socket(0x2, 0xa, 0x0) mmap$auto(0x0, 0x8, 0x3, 0x9b72, 0x2, 0x8000) getsockopt$auto(0x3, 0x200000000001, 0x19, 0x0, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000200)={{0x0, 0x0, 0x0, 0x2, &(0x7f00000001c0), 0x7, 0xa505}, 0x800}, 0x7, 0x4008) ioctl$auto(0xc8, 0x400454ce, 0x5c8d) syz_genetlink_get_family_id$auto_net_shaper(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$auto(0x3, 0x10e, 0x8, 0xfffffffffffffffc, 0x3) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) r0 = openat$auto_proc_oom_adj_operations_base(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/oom_adj\x00', 0x0, 0x0) r1 = pidfd_open$auto(0x1, 0x800) read$auto_rng_chrdev_ops_core(r1, 0x0, 0x0) read$auto(r0, 0x0, 0x4) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000240)={0x0, 0x7}, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/cpu.stat.local\x00', 0x101000, 0x0) 1.848877488s ago: executing program 7 (id=6305): r0 = open(&(0x7f0000000000)='./file0\x00', 0x161342, 0x130) fallocate$auto(r0, 0x0, 0x9, 0x2) r1 = timerfd_create$auto(0x9, 0x0) fallocate$auto(0x8000000000000003, 0x0, 0x9, 0x4cbd5d) fallocate$auto(0xffffffffffffffff, 0x1, 0x820, 0x7fff) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14fa02, 0x0) ioctl$auto_SNDCTL_DSP_SPEED(r1, 0xc0045002, 0x0) mmap$auto(0x0, 0xb9f, 0xdf, 0x9b72, 0xffffffffffffffff, 0x8000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) memfd_secret$auto(0x0) openat$auto_snd_pcm_f_ops_pcm1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) prctl$auto(0x3e, 0x4, 0x0, 0x9643, 0x0) write$auto(r2, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) msync$auto(0x1ffff000, 0x180000000000000, 0x400000004) readv$auto(0xffffffffffffffff, &(0x7f0000001c00)={0x0, 0x9873}, 0x6) cachestat$auto(r0, &(0x7f0000000240)={0x8, 0x4000000000008}, 0x0, 0x0) io_uring_setup$auto(0x7fffffff, &(0x7f0000000040)={0x9, 0x8, 0xfffffff4, 0xff, 0x8, 0x585, r0, [0x5, 0x2, 0x1], {0x3, 0x3, 0xe, 0x1, 0x10000, 0x7, 0x1, 0x1ff, 0x9}, {0x0, 0x8, 0x7f, 0xffff, 0x63120751, 0xa, 0x80000001, 0xae9d}}) 1.369776953s ago: executing program 5 (id=6306): mount$auto(0x0, &(0x7f00000000c0)='.\x00', 0x0, 0x0, 0x0) fspick$auto(0xffffffffffffffff, 0x0, 0x9) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) open(0x0, 0x161342, 0x130) r0 = openat$auto_mon_fops_text_t_mon_text(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/usb/usbmon/9t\x00', 0x0, 0x0) pread64$auto(r0, 0x0, 0x101, 0x103) read$auto_mon_fops_text_t_mon_text(r0, 0x0, 0x0) openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000000040)='/dev/bus/usb/009/001\x00', 0xa101, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d7) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x2062, 0x0) sendmsg$auto_ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, 0x0, 0x20040094) write$auto(r1, 0x0, 0x98c7) madvise$auto(0x0, 0x8, 0x15) unshare$auto(0x40000080) mmap$auto(0x0, 0x2000d, 0x7, 0xeb1, 0x404, 0x10008000) r2 = openat$auto_console_fops_tty_io(0xffffffffffffff9c, 0x0, 0x102, 0x0) write$auto_console_fops_tty_io(r2, 0x0, 0x0) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) close_range$auto(0x2, 0x8, 0x0) 1.031490085s ago: executing program 4 (id=6307): openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000001940), 0x101000, 0x0) socket(0x2, 0x801, 0x100) connect$auto(0x3, 0x0, 0x51) setsockopt$auto(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)='\x98\x00', 0xb559) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages\x00', 0xe8202, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x1, 0x0) openat$auto_lowpan_enable_fops_(0xffffffffffffff9c, 0x0, 0x109500, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) sysfs$auto(0x2, 0x14, 0x0) r0 = fsopen$auto(0x0, 0x1) fsconfig$auto(r0, 0x8, 0x0, 0x0, 0x0) write$auto(0xffffffffffffffff, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(\xfaI\xe2\xae,\x95k8\x83\xcf\xc5D\xcc', 0x100000a3d9) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0x68e00, 0x0) r1 = openat$auto_uinput_fops_uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x101001, 0x0) ioctl$auto_UI_DEV_SETUP(r1, 0x405c5503, &(0x7f00000000c0)={{0x9, 0xf2cf, 0x8, 0x80}, "6a034a07c7b82d90b69a39e32576f893fb4a3836d61c9100fefbbabea6ef9368c7996e841f3f1561d4992f726b0a6c36b0b2fd1678e816201cf562367fe6596824588a2e3d84ba165f00", 0xa}) ioctl$auto_UI_DEV_CREATE(r1, 0x5501, 0x0) writev$auto(r1, &(0x7f0000000340)={0x0, 0xda7e}, 0x9) 1.008407208s ago: executing program 6 (id=6308): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xfffffffffffffffe, 0x8000) madvise$auto(0x0, 0x2003f0, 0x15) openat$auto_debugfs_full_proxy_file_operations_internal(0xffffffffffffff9c, 0x0, 0x220880, 0x0) write$auto(0x3, 0x0, 0xfdef) write$auto(0x3, 0x0, 0xfdef) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0xffffffffffff0005, 0x17) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) madvise$auto(0x108000, 0x2, 0x5) unshare$auto(0x40000080) syz_clone3(&(0x7f0000000280)={0x1e02c856826e0653, 0x0, 0x0, 0x0, {0xc}, 0x0, 0x0, 0x0, 0x0}, 0x58) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, 0x0, 0x14be02, 0x0) mlock$auto(0x8a84, 0xff) mlock$auto(0x7c88, 0x1ae) close_range$auto(0x2, 0x8, 0x0) r0 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000040)='/dev/input/event0\x00', 0x2000, 0x0) ioctl$auto_EVIOCGMASK(r0, 0x80104592, &(0x7f0000000000)={0x2000, 0x800004, 0x105}) ioctl$auto(0x3, 0x80004509, 0x10000000000402) mmap$auto(0x800000, 0x2020009, 0x7, 0xeb1, 0xfffffffffffffffa, 0x8000) 723.006662ms ago: executing program 4 (id=6309): close_range$auto(0x2, 0x8, 0x0) socket(0x2, 0x80002, 0x73) socket(0xa, 0x1, 0x84) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @loopback}, 0x54) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) write$auto(0x3, 0x0, 0xfdef) shutdown$auto(0x200000003, 0x2) write$auto(0x3, 0x0, 0xfdef) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$auto_ioam6(&(0x7f0000000040), 0xffffffffffffffff) mmap$auto(0x0, 0xe983, 0x6, 0xeb1, 0xffffffffffffffff, 0x8000) r2 = socket(0xa, 0x1, 0x84) getsockopt$auto(r2, 0x0, 0x482, 0x0, &(0x7f0000000040)=0x8) sendmsg$auto_GTP_CMD_NEWPDP(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x54, 0x0, 0x200, 0x70bd28, 0x25dfdbfe, {}, [@GTPA_FLOW={0x6, 0x6, 0x5}, @GTPA_VERSION={0x8, 0x2, 0x3}, @GTPA_PEER_ADDRESS={0x8, 0x4, @rand_addr=0x64010101}, @GTPA_FLOW={0x6, 0x6, 0xfc00}, @GTPA_LINK={0x8, 0x1, 0x80000007}, @GTPA_LINK={0x8, 0x1, 0x80000001}, @GTPA_I_TEI={0x8, 0x8, 0x5e}, @GTPA_MS_ADDRESS={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x29}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4040080}, 0x20000040) sendmsg$auto_IOAM6_CMD_DUMP_NAMESPACES(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000080)={0x14, r1, 0x70b, 0x70bd24, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4040041}, 0xc840) write$auto(r0, &(0x7f0000000200)='+(@!\x00', 0x800) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000440)='./cgroup.net/net_prio.ifpriomap\x00', 0x10b142, 0x0) sendfile$auto(r3, r3, 0x0, 0x5) 663.019504ms ago: executing program 5 (id=6310): mmap$auto(0x0, 0x2020009, 0x3, 0x9000000eb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x1, 0x84) r0 = eventfd$auto(0x80) readv$auto(r0, &(0x7f0000000380)={0x0, 0x8}, 0x8) read$auto(r0, 0x0, 0xcc9c) write$auto(r0, &(0x7f0000000400)='\'\x00', 0x8) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendto$auto(0x3, 0x0, 0x2000f, 0x101, &(0x7f0000000000)=@in={0x2, 0x4e22, @loopback}, 0x1c) shutdown$auto(0x200000003, 0x2) r1 = openat$auto_usbdev_file_operations_usb(0xffffffffffffff9c, &(0x7f0000001a80)='/dev/bus/usb/001/001\x00', 0x29202, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r2 = open(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x101840, 0x33903f3ada88772b) read$auto(r2, 0x0, 0x1) statmount$auto(&(0x7f0000000080)={0x6, @inferred, 0x3599, 0x4, 0x2}, &(0x7f00000000c0)={0x43bb, 0x3, 0x8, 0x5, 0x1, 0x3, 0x8, 0x7fff, 0x7fffffffffffffff, 0x5, 0x6, 0x24, 0x9, 0xff, 0x7ff, 0x800, 0x9, 0x8000, 0x5, 0xede2, 0x2, 0xad1, 0x6cf, 0x9, 0x2, 0x4, 0x101, 0x9, 0x7ff, 0x7a, 0x1000, [0x101, 0x4, 0x2, 0x921, 0x7, 0x30b2bf97, 0x4b, 0x100000000, 0xaac, 0x9, 0xfffffffffffffff9, 0x13b, 0x9, 0x5, 0xffffffff80000000, 0x8000000000000000, 0x80, 0x8, 0x5, 0x98c, 0xa, 0x7, 0x100000000, 0x6, 0x6bf, 0x2c, 0x1, 0x7ba, 0x8, 0x7, 0x6, 0x5, 0x10000, 0x979, 0xa62e, 0x2, 0xb, 0x3, 0x9, 0x8000, 0x4f7, 0x7fffffffffffffff, 0x5], "0299e436936bd2985ac26530bfa7c4637a78996ffe7923e23c026734832d344fa532303156c94f343b84d0cb75373f609c053adea3aa6888913f926ebfe62bf70c282548c6881358aa4edfc739769a3c07fba03bd58eb4389995ef2aa2c66700f97515bfae081b5e9491e921999a4399620b122e13f245bf78fe7ca4889c954f0a504e46ff004de15b4d2a808cd8b4dff1ac81a45bb3d1cc49"}, 0xffff, 0x595) write$auto(0xffffffffffffffff, 0x0, 0x5) socket(0x1f, 0x800, 0x0) openat$auto_snd_seq_f_ops_seq_clientmgr(0xffffffffffffff9c, &(0x7f00000011c0), 0xa2741, 0x0) mmap$auto(0xffff8000, 0x280009, 0xb, 0x8000000008011, r1, 0x0) clone$auto(0x40100000100023, 0x8000002000000000, 0xfffffffffffffffe, 0xfffffffffffffffd, 0xfffffffffffffbff) 37.920145ms ago: executing program 5 (id=6311): mmap$auto(0x0, 0x400008, 0x4, 0x40009b72, 0x2, 0x8000) r0 = io_uring_setup$auto(0x89, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0xffffffffffffffff, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) write$auto(0x3, 0x0, 0x7fffffff) write$auto(0x1, 0x0, 0x80000000) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xfffffff9}, 0x6, 0xe27c, 0x8) r1 = socket(0x2b, 0x1, 0x1) r2 = openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) ioctl$auto_PPPIOCSMRU(r2, 0xc004743e, 0x0) mmap$auto(0x0, 0x2020009, 0x5, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000001480)={'veth0_virt_wifi\x00'}) ioctl$auto_SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000040)) munmap$auto(0x8000, 0xffffffff) remap_file_pages$auto(0x6a27, 0x1000, 0x0, 0x3, 0x4) bpf$auto(0x0, &(0x7f00000001c0)=@task_fd_query={0x19, 0x4, 0x4, 0x880b, 0x8, 0xd, 0x66b, 0x4, 0x7ff}, 0x6f4) ioctl$auto(0x4000000000000c8, 0x400454d9, 0x3) 36.95901ms ago: executing program 7 (id=6319): mmap$auto(0x0, 0x5, 0x2, 0x40eb2, 0x401, 0x300000000000) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) socket(0x2, 0x2, 0x0) bind$auto(0x3, &(0x7f0000000100)=@in={0x2, 0x3, @empty}, 0x6a) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @dev={0xac, 0x14, 0x14, 0x10}}, 0x50) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) recvmmsg$auto(0x3, 0x0, 0x10000, 0x700, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer\x00', 0x801, 0x0) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) select$auto(0x4, 0x0, 0x0, &(0x7f0000000100)={[0x1ff, 0x7, 0x2, 0x1, 0x948b, 0x1000000000000004, 0x15f4da0a, 0x39, 0x3, 0x2fffffffffffffe, 0x80000002, 0x7a142c64, 0x6d3c, 0x5, 0x80, 0xfb]}, 0x0) openat$auto_snd_pcm_f_ops_pcm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/pcmC1D1p\x00', 0x2480, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000280)='/sys/fs/ocfs2/loaded_cluster_plugins\x00', 0x800, 0x0) syz_clone(0x4000, &(0x7f00000002c0)="f03f0b0be4f2597d8b11ed14dfa636bad65cae9c0d21", 0x16, 0x0, 0x0, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/i8042/serio1/rate\x00', 0x2, 0x0) write$auto(0xca, &(0x7f0000000040)='\x04>\x01\r\xfb\xff\xf6OL\xc8\xbe\x94\xf2\xa2\x00\x00', 0x2d9) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x9, 0x2, 0x1d2c, 0x3, 0x4, 0x15f4da0e, 0x6, 0x9, 0x100000000000000c, 0x8, 0x4, 0xfca, 0x9, 0x2, 0x4000000000000d]}, 0x0) pwrite64$auto(0xc8, 0x0, 0xfdf0, 0x39) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x7000000) 0s ago: executing program 4 (id=6312): unshare$auto(0x40000080) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) r0 = socket(0x2, 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x37}}, 0x6e) sendmmsg$auto(r0, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0xb}, 0x800009}, 0x9, 0x20000000) mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x40000000000a5, 0x8000) r1 = socket(0x2b, 0x1, 0x1) ioctl$auto(r1, 0x89a0, 0x4) socketpair$auto(0x1e, 0x5, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x3e, 0x0, 0x9) sendmsg$auto_NL80211_CMD_GET_REG(r0, 0x0, 0x8) unshare$auto(0x40000080) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/self/net/afs/cells\x00', 0x4a801, 0x0) sendto$auto(0x3, 0x0, 0x100000000, 0x40000008, 0x0, 0x19) mmap$auto(0x0, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x8000) lstat$auto(0x0, 0x0) kernel console output (not intermixed with test programs): 64_sys_sendmmsg+0x9c/0x100 [ 538.654851][T15687] ? lockdep_hardirqs_on+0x78/0x100 [ 538.654885][T15687] do_syscall_64+0xc9/0xf80 [ 538.654923][T15687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 538.654953][T15687] RIP: 0033:0x7fc68a59aeb9 [ 538.654976][T15687] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 538.655006][T15687] RSP: 002b:00007fc68b44f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 538.655034][T15687] RAX: ffffffffffffffda RBX: 00007fc68a815fa0 RCX: 00007fc68a59aeb9 [ 538.655054][T15687] RDX: 00000000000009a6 RSI: 0000000000000000 RDI: 0000000000000003 [ 538.655072][T15687] RBP: 00007fc68a608c1f R08: 0000000000000000 R09: 0000000000000000 [ 538.655090][T15687] R10: 0000000007000000 R11: 0000000000000246 R12: 0000000000000000 [ 538.655108][T15687] R13: 00007fc68a816038 R14: 00007fc68a815fa0 R15: 00007ffcc5d15788 [ 538.655146][T15687] [ 540.863835][T15719] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3303'. [ 545.295098][T15789] netlink: 338 bytes leftover after parsing attributes in process `syz.2.3324'. [ 546.410624][T15814] netlink: 'syz.4.3334': attribute type 35 has an invalid length. [ 547.259256][T15830] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3338'. [ 547.299018][T15830] bridge_slave_1: left allmulticast mode [ 547.333505][T15830] bridge_slave_1: left promiscuous mode [ 547.339330][T15830] bridge0: port 2(bridge_slave_1) entered disabled state [ 547.437542][T15830] bridge_slave_0: left allmulticast mode [ 547.464168][T15830] bridge_slave_0: left promiscuous mode [ 547.471765][T15830] bridge0: port 1(bridge_slave_0) entered disabled state [ 547.627945][T15836] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3342'. [ 547.677021][T15841] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3343'. [ 549.549002][T15873] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3354'. [ 549.635111][T15873] : left promiscuous mode [ 549.671111][T15873] bridge0: port 2() entered disabled state [ 549.754694][T15873] bridge_slave_0: left allmulticast mode [ 549.774497][T15873] bridge_slave_0: left promiscuous mode [ 549.792592][T15877] FAULT_INJECTION: forcing a failure. [ 549.792592][T15877] name failslab, interval 1, probability 0, space 0, times 0 [ 549.797753][T15873] bridge0: port 1(bridge_slave_0) entered disabled state [ 549.863459][T15877] CPU: 1 UID: 0 PID: 15877 Comm: syz.4.3356 Tainted: G U L syzkaller #0 PREEMPT(full) [ 549.863506][T15877] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 549.863518][T15877] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 549.863533][T15877] Call Trace: [ 549.863543][T15877] [ 549.863554][T15877] dump_stack_lvl+0x100/0x190 [ 549.863593][T15877] should_fail_ex.cold+0x5/0xa [ 549.863638][T15877] should_failslab+0xc2/0x120 [ 549.863680][T15877] ? __seq_open_private+0x22/0xd0 [ 549.863705][T15877] __kmalloc_noprof+0xf6/0x9c0 [ 549.863746][T15877] ? __seq_open_private+0x22/0xd0 [ 549.863771][T15877] __seq_open_private+0x22/0xd0 [ 549.863808][T15877] sysvipc_proc_open+0x2b/0x5b0 [ 549.863835][T15877] ? __pfx_sysvipc_proc_open+0x10/0x10 [ 549.863864][T15877] proc_reg_open+0x137/0x5f0 [ 549.863910][T15877] do_dentry_open+0x73e/0x1570 [ 549.863944][T15877] ? __pfx_proc_reg_open+0x10/0x10 [ 549.863986][T15877] ? security_inode_permission+0xbf/0x250 [ 549.864034][T15877] vfs_open+0x82/0x3f0 [ 549.864078][T15877] path_openat+0x21dc/0x3120 [ 549.864124][T15877] ? __pfx_path_openat+0x10/0x10 [ 549.864173][T15877] do_filp_open+0x1f7/0x420 [ 549.864208][T15877] ? __pfx_do_filp_open+0x10/0x10 [ 549.864264][T15877] ? _raw_spin_unlock+0x28/0x50 [ 549.864293][T15877] ? alloc_fd+0x476/0x790 [ 549.864336][T15877] do_sys_openat2+0x12e/0x220 [ 549.864380][T15877] ? __pfx_do_sys_openat2+0x10/0x10 [ 549.864436][T15877] __x64_sys_openat+0x12d/0x210 [ 549.864480][T15877] ? __pfx___x64_sys_openat+0x10/0x10 [ 549.864536][T15877] do_syscall_64+0xc9/0xf80 [ 549.864573][T15877] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 549.864603][T15877] RIP: 0033:0x7fbafed9aeb9 [ 549.864626][T15877] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 549.864654][T15877] RSP: 002b:00007fbafcff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 549.864682][T15877] RAX: ffffffffffffffda RBX: 00007fbaff015fa0 RCX: 00007fbafed9aeb9 [ 549.864701][T15877] RDX: 0000000000000000 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 549.864717][T15877] RBP: 00007fbafee08c1f R08: 0000000000000000 R09: 0000000000000000 [ 549.864733][T15877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 549.864749][T15877] R13: 00007fbaff016038 R14: 00007fbaff015fa0 R15: 00007fff8987a6d8 [ 549.864793][T15877] [ 559.870044][T16056] netlink: 186 bytes leftover after parsing attributes in process `syz.0.3419'. [ 560.498670][T16065] FAULT_INJECTION: forcing a failure. [ 560.498670][T16065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 560.546311][T16065] CPU: 0 UID: 0 PID: 16065 Comm: syz.3.3422 Tainted: G U L syzkaller #0 PREEMPT(full) [ 560.546364][T16065] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 560.546376][T16065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 560.546394][T16065] Call Trace: [ 560.546405][T16065] [ 560.546416][T16065] dump_stack_lvl+0x100/0x190 [ 560.546459][T16065] should_fail_ex.cold+0x5/0xa [ 560.546506][T16065] _copy_from_user+0x2e/0xd0 [ 560.546551][T16065] post_copy_siginfo_from_user.isra.0+0x16e/0x300 [ 560.546597][T16065] ? __pfx_post_copy_siginfo_from_user.isra.0+0x10/0x10 [ 560.546642][T16065] ? find_held_lock+0x2b/0x80 [ 560.546691][T16065] __x64_sys_rt_tgsigqueueinfo+0x151/0x210 [ 560.546734][T16065] ? __pfx___x64_sys_rt_tgsigqueueinfo+0x10/0x10 [ 560.546794][T16065] do_syscall_64+0xc9/0xf80 [ 560.546833][T16065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 560.546862][T16065] RIP: 0033:0x7fc68a59aeb9 [ 560.546886][T16065] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 560.546916][T16065] RSP: 002b:00007fc68b44f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 560.546951][T16065] RAX: ffffffffffffffda RBX: 00007fc68a815fa0 RCX: 00007fc68a59aeb9 [ 560.546971][T16065] RDX: 000000000000527b RSI: 0000000000000883 RDI: 0000000000000882 [ 560.546989][T16065] RBP: 00007fc68a608c1f R08: 0000000000000000 R09: 0000000000000000 [ 560.547008][T16065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 560.547026][T16065] R13: 00007fc68a816038 R14: 00007fc68a815fa0 R15: 00007ffcc5d15788 [ 560.547065][T16065] [ 561.593804][T16085] : entered promiscuous mode [ 564.431542][T16128] netlink: 330 bytes leftover after parsing attributes in process `syz.0.3447'. [ 566.412892][T16159] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3456'. [ 566.608846][T16159] team0 (unregistering): Port device team_slave_0 removed [ 566.688504][T16159] team0 (unregistering): Port device team_slave_1 removed [ 567.090357][T16171] netlink: 'syz.4.3461': attribute type 19 has an invalid length. [ 567.098312][T16171] netlink: 226 bytes leftover after parsing attributes in process `syz.4.3461'. [ 567.174170][T16169] syz.2.3460 (16169) used greatest stack depth: 19688 bytes left [ 567.254772][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 567.267976][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 567.481736][T16173] __vm_enough_memory: pid: 16173, comm: syz.3.3462, bytes: 4398046511104 not enough memory for the allocation [ 568.274269][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807ba54400: rx timeout, send abort [ 568.395659][T16206] netlink: 354 bytes leftover after parsing attributes in process `syz.3.3471'. [ 568.780222][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807ba54400: abort rx timeout. Force session deactivation [ 570.122231][T16229] FAULT_INJECTION: forcing a failure. [ 570.122231][T16229] name failslab, interval 1, probability 0, space 0, times 0 [ 570.144550][T16229] CPU: 1 UID: 0 PID: 16229 Comm: syz.3.3480 Tainted: G U L syzkaller #0 PREEMPT(full) [ 570.144599][T16229] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 570.144609][T16229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 570.144625][T16229] Call Trace: [ 570.144634][T16229] [ 570.144645][T16229] dump_stack_lvl+0x100/0x190 [ 570.144683][T16229] should_fail_ex.cold+0x5/0xa [ 570.144727][T16229] should_failslab+0xc2/0x120 [ 570.144765][T16229] __kmalloc_cache_noprof+0x80/0x810 [ 570.144797][T16229] ? drm_atomic_helper_setup_commit+0x56f/0x14f0 [ 570.144840][T16229] ? drm_atomic_helper_setup_commit+0x56f/0x14f0 [ 570.144880][T16229] drm_atomic_helper_setup_commit+0x56f/0x14f0 [ 570.144933][T16229] drm_atomic_helper_commit+0xa9/0x380 [ 570.144971][T16229] ? __pfx_drm_atomic_helper_commit+0x10/0x10 [ 570.145008][T16229] drm_atomic_commit+0x230/0x300 [ 570.145043][T16229] ? __pfx_drm_atomic_commit+0x10/0x10 [ 570.145077][T16229] ? __pfx___drm_printfn_info+0x10/0x10 [ 570.145137][T16229] ? drm_client_rotation+0x451/0x6a0 [ 570.145179][T16229] drm_client_modeset_commit_atomic+0x6a6/0x7e0 [ 570.145230][T16229] ? __pfx_drm_client_modeset_commit_atomic+0x10/0x10 [ 570.145311][T16229] drm_client_modeset_commit_locked+0x14d/0x580 [ 570.145357][T16229] drm_client_modeset_commit+0x4f/0x80 [ 570.145398][T16229] __drm_fb_helper_restore_fbdev_mode_unlocked.part.0+0x137/0x160 [ 570.145442][T16229] drm_fb_helper_restore_fbdev_mode_unlocked+0x93/0xc0 [ 570.145491][T16229] drm_fbdev_client_restore+0x1b/0x30 [ 570.145524][T16229] ? __pfx_drm_fbdev_client_restore+0x10/0x10 [ 570.145555][T16229] drm_client_dev_restore+0x205/0x2a0 [ 570.145602][T16229] drm_release+0x2c6/0x360 [ 570.145639][T16229] ? __pfx_drm_release+0x10/0x10 [ 570.145676][T16229] __fput+0x3ff/0xb40 [ 570.145729][T16229] task_work_run+0x150/0x240 [ 570.145776][T16229] ? __pfx_task_work_run+0x10/0x10 [ 570.145832][T16229] exit_to_user_mode_loop+0x100/0x4b0 [ 570.145872][T16229] ? rcu_is_watching+0x12/0xc0 [ 570.145903][T16229] do_syscall_64+0x4ea/0xf80 [ 570.145946][T16229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 570.145975][T16229] RIP: 0033:0x7fc68a59aeb9 [ 570.145999][T16229] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 570.146027][T16229] RSP: 002b:00007fc68b44f028 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 570.146055][T16229] RAX: 0000000000000000 RBX: 00007fc68a815fa0 RCX: 00007fc68a59aeb9 [ 570.146074][T16229] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 0000000000000002 [ 570.146099][T16229] RBP: 00007fc68a608c1f R08: 0000000000000000 R09: 0000000000000000 [ 570.146117][T16229] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 570.146134][T16229] R13: 00007fc68a816038 R14: 00007fc68a815fa0 R15: 00007ffcc5d15788 [ 570.146176][T16229] [ 571.628425][ T30] audit: type=1107 audit(1770633100.347:12): pid=16252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 571.676132][ T30] audit: type=1107 audit(1770633100.377:13): pid=16252 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 572.079107][T16272] FAULT_INJECTION: forcing a failure. [ 572.079107][T16272] name failslab, interval 1, probability 0, space 0, times 0 [ 572.141743][T16272] CPU: 1 UID: 0 PID: 16272 Comm: syz.3.3494 Tainted: G U L syzkaller #0 PREEMPT(full) [ 572.141792][T16272] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 572.141804][T16272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 572.141821][T16272] Call Trace: [ 572.141831][T16272] [ 572.141843][T16272] dump_stack_lvl+0x100/0x190 [ 572.141884][T16272] should_fail_ex.cold+0x5/0xa [ 572.141929][T16272] should_failslab+0xc2/0x120 [ 572.141969][T16272] __kmalloc_cache_noprof+0x80/0x810 [ 572.142001][T16272] ? smaps_rollup_open+0x4c/0x170 [ 572.142041][T16272] ? smaps_rollup_open+0x4c/0x170 [ 572.142074][T16272] smaps_rollup_open+0x4c/0x170 [ 572.142109][T16272] do_dentry_open+0x73e/0x1570 [ 572.142149][T16272] ? __pfx_smaps_rollup_open+0x10/0x10 [ 572.142185][T16272] ? security_inode_permission+0xbf/0x250 [ 572.142235][T16272] vfs_open+0x82/0x3f0 [ 572.142280][T16272] path_openat+0x21dc/0x3120 [ 572.142326][T16272] ? __pfx_path_openat+0x10/0x10 [ 572.142373][T16272] do_filp_open+0x1f7/0x420 [ 572.142404][T16272] ? __pfx_do_filp_open+0x10/0x10 [ 572.142444][T16272] ? __pfx_kfree_link+0x10/0x10 [ 572.142497][T16272] ? _raw_spin_unlock+0x28/0x50 [ 572.142526][T16272] ? alloc_fd+0x476/0x790 [ 572.142569][T16272] do_sys_openat2+0x12e/0x220 [ 572.142612][T16272] ? __pfx_do_sys_openat2+0x10/0x10 [ 572.142658][T16272] ? __fget_files+0x21f/0x3d0 [ 572.142697][T16272] __x64_sys_openat+0x12d/0x210 [ 572.142742][T16272] ? __pfx___x64_sys_openat+0x10/0x10 [ 572.142783][T16272] ? xfd_validate_state+0x129/0x190 [ 572.142840][T16272] do_syscall_64+0xc9/0xf80 [ 572.142878][T16272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 572.142906][T16272] RIP: 0033:0x7fc68a59aeb9 [ 572.142930][T16272] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 572.142957][T16272] RSP: 002b:00007fc68b44f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 572.142986][T16272] RAX: ffffffffffffffda RBX: 00007fc68a815fa0 RCX: 00007fc68a59aeb9 [ 572.143006][T16272] RDX: 0000000000000840 RSI: 0000200000000180 RDI: ffffffffffffff9c [ 572.143022][T16272] RBP: 00007fc68a608c1f R08: 0000000000000000 R09: 0000000000000000 [ 572.143039][T16272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 572.143056][T16272] R13: 00007fc68a816038 R14: 00007fc68a815fa0 R15: 00007ffcc5d15788 [ 572.143092][T16272] [ 572.763379][T16277] netlink: 330 bytes leftover after parsing attributes in process `syz.4.3496'. [ 573.131280][T16283] netlink: 13 bytes leftover after parsing attributes in process `syz.4.3498'. [ 575.110039][T16323] netlink: 'syz.0.3516': attribute type 10 has an invalid length. [ 575.118087][T16323] netlink: 'syz.0.3516': attribute type 13 has an invalid length. [ 575.332426][T16329] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3518'. [ 577.392626][T16378] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3534'. [ 577.772493][T16384] netlink: 'syz.2.3535': attribute type 15 has an invalid length. [ 577.822225][T16384] netlink: 'syz.2.3535': attribute type 16 has an invalid length. [ 577.868888][T16384] netlink: 194 bytes leftover after parsing attributes in process `syz.2.3535'. [ 578.600662][T16391] netlink: 186 bytes leftover after parsing attributes in process `syz.3.3538'. [ 578.987277][ T52] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 580.359283][T16422] netlink: 334 bytes leftover after parsing attributes in process `syz.2.3548'. [ 581.814722][T16442] kmem.tcp.limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 582.243194][T16461] netlink: 226 bytes leftover after parsing attributes in process `syz.2.3562'. [ 582.294459][T16461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3562'. [ 582.318031][T16461] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 582.834410][T16472] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3565'. [ 583.484225][T16485] netlink: 62 bytes leftover after parsing attributes in process `syz.0.3569'. [ 584.631695][ T5833] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 584.757666][T16513] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3576'. [ 585.766313][T16535] netlink: 62 bytes leftover after parsing attributes in process `syz.4.3586'. [ 585.968507][T16534] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3594'. [ 585.977753][T16534] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 586.143638][T16534] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 586.253282][ T52] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 586.665703][T16551] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3592'. [ 587.055268][T16564] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x5f4 pfn:0x78000 [ 587.086604][T16564] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 587.093789][T16564] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 587.154618][T16564] raw: 00000000000005f4 0000000000000000 00000001ffffffff 0000000000000000 [ 587.183709][T16564] page dumped because: unmovable page [ 587.193865][T16564] page_owner tracks the page as allocated [ 587.203954][T16564] page last allocated via order 0, migratetype Unmovable, gfp_mask 0xd02(GFP_NOIO|__GFP_HIGHMEM|__GFP_ZERO), pid 6390, tgid 6390 (syz.3.175), ts 113993678289, free_ts 109964541710 [ 587.264291][T16564] post_alloc_hook+0x1e1/0x250 [ 587.274126][T16564] get_page_from_freelist+0xe3d/0x2e10 [ 587.304167][T16564] __alloc_frozen_pages_noprof+0x26c/0x2410 [ 587.323718][T16564] alloc_pages_mpol+0x1fb/0x550 [ 587.340748][T16564] alloc_pages_noprof+0x131/0x390 [ 587.354588][T16564] brd_submit_bio+0x116a/0x20d0 [ 587.371130][T16564] __submit_bio+0x32f/0x6c0 [ 587.381473][T16564] submit_bio_noacct_nocheck+0x6fc/0xbb0 [ 587.401445][T16564] submit_bio_noacct+0xb5c/0x1e80 [ 587.421749][T16564] __block_write_full_folio+0x77f/0xee0 [ 587.431994][T16564] block_write_full_folio+0x3b5/0x4e0 [ 587.452508][T16564] blkdev_writepages+0xc7/0x150 [ 587.458953][T16564] do_writepages+0x278/0x600 [ 587.465145][T16564] filemap_writeback+0x22d/0x2e0 [ 587.470217][T16564] filemap_write_and_wait_range+0xa6/0x130 [ 587.476669][T16564] bdev_release+0x4d3/0x6d0 [ 587.481300][T16564] page last free pid 6292 tgid 6290 stack trace: [ 587.489408][T16564] __free_frozen_pages+0x822/0x1130 [ 587.495060][T16564] kimage_free_page_list+0x130/0x240 [ 587.500581][T16564] kimage_alloc_control_pages+0x3f2/0xa20 [ 587.507934][T16564] do_kexec_load+0x275/0x810 [ 587.533571][T16564] __x64_sys_kexec_load+0x1bf/0x230 [ 587.542860][T16564] do_syscall_64+0xc9/0xf80 [ 587.561101][T16564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 588.144092][T16580] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3600'. [ 588.628953][ T52] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 589.555963][T16607] netlink: 62 bytes leftover after parsing attributes in process `syz.3.3607'. [ 589.859192][T16612] netlink: 338 bytes leftover after parsing attributes in process `syz.4.3609'. [ 590.967072][T16626] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3614'. [ 590.983655][T16626] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 591.093541][T16626] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 592.008328][T16642] netlink: 62 bytes leftover after parsing attributes in process `syz.2.3618'. [ 593.371387][T16661] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3626'. [ 593.396399][T16661] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 593.491584][T16661] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 594.073082][T16665] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3637'. [ 594.152721][T16678] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3628'. [ 595.411269][T16708] random: crng reseeded on system resumption [ 596.319234][T16714] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3643'. [ 596.323634][T16707] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3642'. [ 596.331175][T16714] netlink: 252 bytes leftover after parsing attributes in process `syz.0.3643'. [ 596.834405][T16723] FAULT_INJECTION: forcing a failure. [ 596.834405][T16723] name failslab, interval 1, probability 0, space 0, times 0 [ 596.865178][T16723] CPU: 0 UID: 0 PID: 16723 Comm: syz.3.3648 Tainted: G U L syzkaller #0 PREEMPT(full) [ 596.865227][T16723] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 596.865239][T16723] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 596.865257][T16723] Call Trace: [ 596.865267][T16723] [ 596.865278][T16723] dump_stack_lvl+0x100/0x190 [ 596.865316][T16723] should_fail_ex.cold+0x5/0xa [ 596.865362][T16723] should_failslab+0xc2/0x120 [ 596.865401][T16723] kmem_cache_alloc_noprof+0x83/0x780 [ 596.865437][T16723] ? __kernfs_new_node+0xd2/0x960 [ 596.865480][T16723] ? __kernfs_new_node+0xd2/0x960 [ 596.865516][T16723] __kernfs_new_node+0xd2/0x960 [ 596.865556][T16723] ? __pfx___kernfs_new_node+0x10/0x10 [ 596.865600][T16723] ? find_held_lock+0x2b/0x80 [ 596.865627][T16723] ? kernfs_root+0xee/0x2a0 [ 596.865662][T16723] ? kernfs_root+0xee/0x2a0 [ 596.865706][T16723] kernfs_new_node+0x11b/0x1a0 [ 596.865753][T16723] __kernfs_create_file+0x53/0x350 [ 596.865784][T16723] sysfs_add_file_mode_ns+0x207/0x3c0 [ 596.865824][T16723] internal_create_group+0x593/0xf40 [ 596.865875][T16723] ? __pfx_internal_create_group+0x10/0x10 [ 596.865923][T16723] ? kernfs_create_link+0x1bd/0x240 [ 596.865962][T16723] internal_create_groups+0x9d/0x150 [ 596.866006][T16723] device_add+0xf5b/0x1950 [ 596.866060][T16723] ? __pfx_device_add+0x10/0x10 [ 596.866101][T16723] ? lockdep_init_map_type+0x5c/0x250 [ 596.866142][T16723] ? __init_waitqueue_head+0xca/0x150 [ 596.866194][T16723] netdev_register_kobject+0x1a9/0x3d0 [ 596.866230][T16723] register_netdevice+0x12b3/0x21d0 [ 596.866266][T16723] ? __pfx_register_netdevice+0x10/0x10 [ 596.866304][T16723] __tun_chr_ioctl+0x1ded/0x47c0 [ 596.866346][T16723] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 596.866398][T16723] ? __pfx___tun_chr_ioctl+0x10/0x10 [ 596.866441][T16723] ? find_held_lock+0x2b/0x80 [ 596.866464][T16723] ? hook_file_ioctl_common+0x146/0x410 [ 596.866512][T16723] ? __fget_files+0x21f/0x3d0 [ 596.866550][T16723] ? __pfx_tun_chr_ioctl+0x10/0x10 [ 596.866595][T16723] __x64_sys_ioctl+0x18e/0x210 [ 596.866643][T16723] do_syscall_64+0xc9/0xf80 [ 596.866682][T16723] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 596.866712][T16723] RIP: 0033:0x7fc68a59aeb9 [ 596.866738][T16723] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 596.866766][T16723] RSP: 002b:00007fc68b44f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 596.866795][T16723] RAX: ffffffffffffffda RBX: 00007fc68a815fa0 RCX: 00007fc68a59aeb9 [ 596.866815][T16723] RDX: 0000000000000038 RSI: 00000000400454ca RDI: 0000000000000005 [ 596.866833][T16723] RBP: 00007fc68a608c1f R08: 0000000000000000 R09: 0000000000000000 [ 596.866851][T16723] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 596.866869][T16723] R13: 00007fc68a816038 R14: 00007fc68a815fa0 R15: 00007ffcc5d15788 [ 596.866910][T16723] [ 597.224581][T16720] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3645'. [ 598.920784][T16762] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3666'. [ 598.981141][T16762] netlink: 354 bytes leftover after parsing attributes in process `syz.4.3666'. [ 599.286913][T16765] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3659'. [ 599.301160][T16765] netlink: 25 bytes leftover after parsing attributes in process `syz.3.3659'. [ 599.560446][T16773] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3660'. [ 600.215287][T16788] FAULT_INJECTION: forcing a failure. [ 600.215287][T16788] name failslab, interval 1, probability 0, space 0, times 0 [ 600.262874][T16788] CPU: 0 UID: 0 PID: 16788 Comm: syz.3.3669 Tainted: G U L syzkaller #0 PREEMPT(full) [ 600.262918][T16788] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 600.262930][T16788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 600.262948][T16788] Call Trace: [ 600.262958][T16788] [ 600.262970][T16788] dump_stack_lvl+0x100/0x190 [ 600.263008][T16788] should_fail_ex.cold+0x5/0xa [ 600.263056][T16788] should_failslab+0xc2/0x120 [ 600.263097][T16788] __kmalloc_node_track_caller_noprof+0xf9/0x9d0 [ 600.263135][T16788] ? find_held_lock+0x2b/0x80 [ 600.263165][T16788] ? drm_edid_alloc+0x4d/0x120 [ 600.263212][T16788] ? kmemdup_noprof+0x29/0x60 [ 600.263245][T16788] kmemdup_noprof+0x29/0x60 [ 600.263282][T16788] drm_edid_alloc+0x4d/0x120 [ 600.263324][T16788] drm_edid_override_set+0x27/0x2c0 [ 600.263360][T16788] edid_write+0xe3/0x180 [ 600.263391][T16788] full_proxy_write+0x135/0x1a0 [ 600.263440][T16788] vfs_write+0x2aa/0x1070 [ 600.263474][T16788] ? __pfx_full_proxy_write+0x10/0x10 [ 600.263522][T16788] ? __pfx_vfs_write+0x10/0x10 [ 600.263551][T16788] ? find_held_lock+0x2b/0x80 [ 600.263581][T16788] ? __fget_files+0x215/0x3d0 [ 600.263629][T16788] ? __fget_files+0x21f/0x3d0 [ 600.263671][T16788] ksys_write+0x12a/0x250 [ 600.263705][T16788] ? __pfx_ksys_write+0x10/0x10 [ 600.263750][T16788] do_syscall_64+0xc9/0xf80 [ 600.263790][T16788] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 600.263820][T16788] RIP: 0033:0x7fc68a59aeb9 [ 600.263843][T16788] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 600.263872][T16788] RSP: 002b:00007fc68b44f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 600.263900][T16788] RAX: ffffffffffffffda RBX: 00007fc68a815fa0 RCX: 00007fc68a59aeb9 [ 600.263921][T16788] RDX: 00000000000005c8 RSI: 0000000000000000 RDI: 0000000000000003 [ 600.263938][T16788] RBP: 00007fc68a608c1f R08: 0000000000000000 R09: 0000000000000000 [ 600.263957][T16788] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 600.263974][T16788] R13: 00007fc68a816038 R14: 00007fc68a815fa0 R15: 00007ffcc5d15788 [ 600.264014][T16788] [ 601.929771][T16814] sp0: Synchronizing with TNC [ 601.961827][T16815] sp0: Found TNC [ 603.170084][T16836] zswap: compressor not available [ 608.233554][ T5833] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 608.243268][ T5833] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 608.601114][T16926] netlink: 'syz.3.3707': attribute type 35 has an invalid length. [ 610.185252][T16947] zswap: compressor not available [ 611.366423][T16964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3715'. [ 611.433615][T16964] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3715'. [ 611.557278][T16968] sp0: Synchronizing with TNC [ 618.721462][T17079] netlink: 'syz.3.3751': attribute type 7 has an invalid length. [ 618.744680][T17079] netlink: 17 bytes leftover after parsing attributes in process `syz.3.3751'. [ 618.919388][T17079] blkio.reset_stats is deprecated [ 624.586447][T17168] netlink: 186 bytes leftover after parsing attributes in process `syz.3.3787'. [ 628.443857][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 628.450329][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 631.070006][T17274] netlink: 50 bytes leftover after parsing attributes in process `syz.2.3817'. [ 635.755695][T17342] netlink: 'syz.3.3841': attribute type 19 has an invalid length. [ 635.785368][T17342] netlink: 226 bytes leftover after parsing attributes in process `syz.3.3841'. [ 636.009487][T17350] netlink: 504 bytes leftover after parsing attributes in process `syz.4.3842'. [ 637.171506][ T30] audit: type=1107 audit(1770633166.205:14): pid=17353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 637.210392][ T30] audit: type=1107 audit(1770633166.205:15): pid=17353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 639.937424][T17401] netlink: 330 bytes leftover after parsing attributes in process `syz.2.3859'. [ 640.981307][T17417] __vm_enough_memory: pid: 17417, comm: syz.2.3865, bytes: 4398046511104 not enough memory for the allocation [ 643.507509][T17466] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3880'. [ 643.690050][T17466] team0 (unregistering): Port device team_slave_0 removed [ 643.742487][T17466] team0 (unregistering): Port device team_slave_1 removed [ 651.326572][T17600] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3930'. [ 652.225241][T17620] netlink: 25 bytes leftover after parsing attributes in process `syz.2.3937'. [ 653.096093][T17641] netlink: 246 bytes leftover after parsing attributes in process `syz.3.3934'. [ 653.188419][T17642] netlink: 246 bytes leftover after parsing attributes in process `syz.4.3935'. [ 654.898978][ T30] audit: type=1107 audit(1770633184.008:16): pid=17651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 654.985721][ T30] audit: type=1107 audit(1770633184.028:17): pid=17651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 656.621777][T17687] netlink: 342 bytes leftover after parsing attributes in process `syz.3.3948'. [ 666.533916][T17843] netlink: 54 bytes leftover after parsing attributes in process `syz.2.3991'. [ 668.347350][T17869] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3998'. [ 668.387882][T17869] netlink: 25 bytes leftover after parsing attributes in process `syz.0.3998'. [ 668.572436][T17875] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4000'. [ 668.974222][ T30] audit: type=1107 audit(4294967335.379:18): pid=17876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 669.029685][ T30] audit: type=1107 audit(4294967335.379:19): pid=17876 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 669.403605][T17896] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4005'. [ 669.416705][T17896] netlink: 252 bytes leftover after parsing attributes in process `syz.4.4005'. [ 669.494760][T17891] netlink: 54 bytes leftover after parsing attributes in process `syz.3.4003'. [ 669.995257][ T30] audit: type=1107 audit(4294967336.353:20): pid=17900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 670.024985][ T30] audit: type=1107 audit(4294967336.353:21): pid=17900 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 670.672846][T17923] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4010'. [ 670.721956][T17923] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4010'. [ 672.151864][ T30] audit: type=1107 audit(4294967338.564:22): pid=17938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 672.190812][ T30] audit: type=1107 audit(4294967338.574:23): pid=17938 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='' [ 674.803625][T17983] Invalid ELF header magic: != ELF [ 675.402191][T17998] netlink: 252 bytes leftover after parsing attributes in process `syz.3.4033'. [ 675.415385][T17998] netlink: 252 bytes leftover after parsing attributes in process `syz.3.4033'. [ 676.020702][T18010] netlink: 'syz.2.4035': attribute type 10 has an invalid length. [ 676.119463][T18010] netlink: 230 bytes leftover after parsing attributes in process `syz.2.4035'. [ 678.440995][T18033] Invalid ELF header magic: != ELF [ 678.631072][T18040] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4044'. [ 678.671324][T18040] netlink: 252 bytes leftover after parsing attributes in process `syz.0.4044'. [ 679.065894][T18044] netlink: 62 bytes leftover after parsing attributes in process `syz.0.4046'. [ 679.862733][T18059] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4052'. [ 681.970093][T18076] netlink: 54 bytes leftover after parsing attributes in process `syz.4.4055'. [ 685.355352][T18136] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4075'. [ 685.653928][T18145] netlink: 'syz.4.4078': attribute type 10 has an invalid length. [ 685.671635][T18145] netlink: 230 bytes leftover after parsing attributes in process `syz.4.4078'. [ 685.885336][T18147] netlink: 62 bytes leftover after parsing attributes in process `syz.3.4080'. [ 688.654928][T18204] nfs: Unknown parameter 'nl802154' [ 689.563511][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 689.569952][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.627837][T18269] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 692.179874][T18287] netlink: 50 bytes leftover after parsing attributes in process `syz.0.4129'. [ 693.480759][T18312] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4136'. [ 693.600999][T18312] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 693.621886][T18312] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 694.568516][T18335] netlink: 'syz.4.4145': attribute type 28 has an invalid length. [ 694.601604][T18335] netlink: 'syz.4.4145': attribute type 3 has an invalid length. [ 694.639852][T18335] netlink: 306 bytes leftover after parsing attributes in process `syz.4.4145'. [ 697.918230][T18403] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4167'. [ 697.963002][T18403] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4167'. [ 698.401651][T18420] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 700.545483][T18446] netlink: 'syz.3.4179': attribute type 10 has an invalid length. [ 700.615537][T18446] netlink: 230 bytes leftover after parsing attributes in process `syz.3.4179'. [ 700.681147][T18446] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 702.381249][T18481] netlink: 25 bytes leftover after parsing attributes in process `syz.3.4189'. [ 702.695676][ T30] audit: type=1326 audit(4294967369.262:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18477 comm="syz.4.4188" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbafed9aeb9 code=0x0 [ 705.354764][T18534] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4206'. [ 705.411619][T18534] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 705.438534][T18534] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 712.328068][T18633] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4239'. [ 712.508346][T18633] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 712.532560][T18633] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 714.988662][ T52] Bluetooth: hci2: unexpected subevent 0x03 length: 253 > 9 [ 715.483869][T18681] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4264'. [ 716.386727][T18702] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4261'. [ 716.475125][T18702] gretap0: refused to change device tx_queue_len [ 717.627614][ T30] audit: type=1326 audit(4294967384.273:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18722 comm="syz.3.4267" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc68a59aeb9 code=0x0 [ 721.410266][T18763] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4280'. [ 721.466826][ T30] audit: type=1326 audit(4294967388.123:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18759 comm="syz.0.4278" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdbe6b9aeb9 code=0x0 [ 721.497411][T18765] netlink: 'syz.3.4280': attribute type 1 has an invalid length. [ 721.505775][T18765] netlink: 13 bytes leftover after parsing attributes in process `syz.3.4280'. [ 722.405076][T18785] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4286'. [ 724.992038][T18817] netlink: 62 bytes leftover after parsing attributes in process `syz.3.4298'. [ 725.017773][ T30] audit: type=1326 audit(4294967391.692:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18818 comm="syz.2.4296" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9fd2f9aeb9 code=0x0 [ 728.308849][ T30] audit: type=1326 audit(4294967394.989:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18869 comm="syz.4.4311" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbafed9aeb9 code=0x0 [ 728.466867][T18876] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4312'. [ 728.570329][T18876] gretap0: refused to change device tx_queue_len [ 732.673195][T18928] netlink: 330 bytes leftover after parsing attributes in process `syz.4.4322'. [ 732.719109][T18928] gretap0: refused to change device tx_queue_len [ 734.082080][T18941] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4329'. [ 734.118403][T18941] netlink: 'syz.3.4329': attribute type 1 has an invalid length. [ 734.151179][T18941] netlink: 13 bytes leftover after parsing attributes in process `syz.3.4329'. [ 735.930185][T18969] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4335'. [ 735.973203][T18969] netlink: 'syz.2.4335': attribute type 1 has an invalid length. [ 736.013554][T18969] netlink: 13 bytes leftover after parsing attributes in process `syz.2.4335'. [ 739.341473][T19009] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4347'. [ 739.447284][T19009] ipvlan1: entered promiscuous mode [ 739.457344][T19009] ipvlan1: entered allmulticast mode [ 739.462683][T19009] veth0_vlan: entered allmulticast mode [ 740.031775][T19029] netlink: 330 bytes leftover after parsing attributes in process `syz.2.4353'. [ 741.178278][T19044] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4358'. [ 742.951371][ T30] audit: type=1800 audit(4294967409.725:29): pid=19064 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4364" name="file0" dev="tmpfs" ino=5749 res=0 errno=0 [ 744.123184][T19089] netlink: 306 bytes leftover after parsing attributes in process `syz.3.4370'. [ 746.524488][T19132] netlink: 13 bytes leftover after parsing attributes in process `syz.3.4382'. [ 747.074293][T19141] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4387'. [ 749.142594][T19162] netlink: 354 bytes leftover after parsing attributes in process `syz.3.4395'. [ 750.231762][T19183] netlink: 'syz.4.4400': attribute type 5 has an invalid length. [ 750.245109][T19183] netlink: 'syz.4.4400': attribute type 1 has an invalid length. [ 750.307835][T19183] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4400'. [ 750.314785][T19184] netlink: 'syz.4.4400': attribute type 5 has an invalid length. [ 750.324831][T19184] netlink: 'syz.4.4400': attribute type 1 has an invalid length. [ 750.345074][T19184] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4400'. [ 750.682070][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 750.688794][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 751.463964][ T52] Bluetooth: hci2: unexpected subevent 0x01 length: 3 < 18 [ 753.219689][T19242] netlink: 'syz.4.4420': attribute type 27 has an invalid length. [ 753.245304][T19242] netlink: 'syz.4.4420': attribute type 28 has an invalid length. [ 753.248738][ T52] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 753.260873][ T52] Bluetooth: hci3: Ignoring HCI_Connection_Complete for existing connection [ 753.296438][T19242] netlink: 'syz.4.4420': attribute type 29 has an invalid length. [ 753.343119][T19242] netlink: 'syz.4.4420': attribute type 30 has an invalid length. [ 753.382409][T19242] netlink: 'syz.4.4420': attribute type 31 has an invalid length. [ 753.442995][T19242] netlink: 'syz.4.4420': attribute type 32 has an invalid length. [ 753.480641][T19242] netlink: 14 bytes leftover after parsing attributes in process `syz.4.4420'. [ 754.864734][T19269] netlink: 13 bytes leftover after parsing attributes in process `syz.2.4425'. [ 755.212860][T19281] netlink: 326 bytes leftover after parsing attributes in process `syz.4.4431'. [ 755.908373][T19298] netlink: 226 bytes leftover after parsing attributes in process `syz.4.4435'. [ 756.847997][T19314] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4442'. [ 757.035063][T19320] netlink: 25 bytes leftover after parsing attributes in process `syz.4.4444'. [ 758.948681][T19365] validate_nla: 5 callbacks suppressed [ 758.948708][T19365] netlink: 'syz.0.4458': attribute type 4 has an invalid length. [ 758.991967][T19365] netlink: 'syz.0.4458': attribute type 32 has an invalid length. [ 759.031813][T19365] netlink: 46 bytes leftover after parsing attributes in process `syz.0.4458'. [ 761.600598][T19247] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 761.608048][T19247] Bluetooth: hci2: Ignoring HCI_Connection_Complete for existing connection [ 763.897028][T19439] netlink: 186 bytes leftover after parsing attributes in process `syz.4.4476'. [ 764.029317][ T5833] Bluetooth: hci1: unexpected subevent 0x01 length: 3 < 18 [ 765.256366][ T5833] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 765.266935][ T5833] Bluetooth: hci0: Ignoring HCI_Connection_Complete for existing connection [ 765.409430][T19461] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4484'. [ 770.422516][ T30] audit: type=1800 audit(4294967437.328:30): pid=19546 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4507" name="file0" dev="tmpfs" ino=5555 res=0 errno=0 [ 771.343363][T19555] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4518'. [ 771.907715][T19567] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4514'. [ 771.950879][T19247] Bluetooth: hci3: unexpected subevent 0x01 length: 3 < 18 [ 771.966184][T19564] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4514'. [ 773.237618][ T30] audit: type=1800 audit(4294967440.163:31): pid=19588 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4522" name="file0" dev="tmpfs" ino=5924 res=0 errno=0 [ 775.476358][T19624] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4533'. [ 775.563532][T19624] netlink: 342 bytes leftover after parsing attributes in process `syz.2.4533'. [ 775.700574][T19627] netlink: 25 bytes leftover after parsing attributes in process `syz.0.4534'. [ 775.848013][T19631] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4535'. [ 775.898622][T19631] netlink: 13 bytes leftover after parsing attributes in process `syz.2.4535'. [ 778.131099][T19671] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4546'. [ 780.448730][T19704] netlink: 354 bytes leftover after parsing attributes in process `syz.0.4558'. [ 780.664334][T19709] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4560'. [ 780.709045][T19709] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4560'. [ 780.773075][T19715] netlink: 290 bytes leftover after parsing attributes in process `syz.0.4560'. [ 781.893298][T19733] netlink: 'syz.3.4567': attribute type 16 has an invalid length. [ 781.902132][T19733] netlink: 226 bytes leftover after parsing attributes in process `syz.3.4567'. [ 781.917847][T19733] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4567'. [ 784.653320][T19766] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4578'. [ 784.661444][T19770] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4577'. [ 787.008451][T19792] netlink: 354 bytes leftover after parsing attributes in process `syz.4.4585'. [ 787.976901][T19812] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4591'. [ 794.165003][T19929] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4630'. [ 794.212006][T19929] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 794.221323][T19929] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 794.941787][T19948] syz.3.4635 (19948): attempted to duplicate a private mapping with mremap. This is not supported. [ 797.009383][ T30] audit: type=1800 audit(4294967464.066:32): pid=19973 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4644" name="file0" dev="tmpfs" ino=5892 res=0 errno=0 [ 797.607207][T19991] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4650'. [ 797.647890][T19991] netlink: 338 bytes leftover after parsing attributes in process `syz.2.4650'. [ 797.744791][T19991] netlink: 250 bytes leftover after parsing attributes in process `syz.2.4650'. [ 799.869821][ T30] audit: type=1800 audit(4294967466.951:33): pid=20027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4657" name="file0" dev="tmpfs" ino=6149 res=0 errno=0 [ 801.226429][T20044] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4668'. [ 801.259869][T20044] netlink: 342 bytes leftover after parsing attributes in process `syz.0.4668'. [ 803.209884][T20084] netlink: 338 bytes leftover after parsing attributes in process `syz.0.4675'. [ 803.337122][T20058] kexec: Could not allocate control_code_buffer [ 806.323860][T20143] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4692'. [ 806.367588][T20143] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4692'. [ 806.782894][T19247] Bluetooth: hci1: Malformed Event: 0x02 [ 807.738605][T20130] kexec: Could not allocate control_code_buffer [ 811.805232][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 811.811807][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 811.850428][T20236] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4718'. [ 812.031109][T20244] netlink: 25 bytes leftover after parsing attributes in process `syz.2.4719'. [ 818.858753][T20361] netlink: 86 bytes leftover after parsing attributes in process `syz.2.4755'. [ 819.880801][T20380] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4760'. [ 819.902575][T20380] netlink: 354 bytes leftover after parsing attributes in process `syz.2.4760'. [ 821.625190][T20415] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4768'. [ 822.721355][T20431] netlink: 306 bytes leftover after parsing attributes in process `syz.2.4771'. [ 825.040317][T20470] netlink: 246 bytes leftover after parsing attributes in process `syz.2.4783'. [ 825.799869][T20481] netlink: 'syz.3.4786': attribute type 10 has an invalid length. [ 825.844302][T20481] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4786'. [ 826.291182][T20496] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4792'. [ 827.957977][T20525] netlink: 'syz.2.4800': attribute type 29 has an invalid length. [ 827.986040][T20525] netlink: 'syz.2.4800': attribute type 30 has an invalid length. [ 828.018751][T20525] netlink: 'syz.2.4800': attribute type 31 has an invalid length. [ 828.061020][T20525] netlink: 'syz.2.4800': attribute type 32 has an invalid length. [ 828.104453][T20525] netlink: 'syz.2.4800': attribute type 33 has an invalid length. [ 828.136538][T20525] netlink: 'syz.2.4800': attribute type 35 has an invalid length. [ 828.167148][T20525] netlink: 'syz.2.4800': attribute type 37 has an invalid length. [ 828.179069][T20525] netlink: 18 bytes leftover after parsing attributes in process `syz.2.4800'. [ 829.712205][T20562] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4809'. [ 835.410529][T20670] HfR: entered promiscuous mode [ 837.117810][T20699] netlink: 186 bytes leftover after parsing attributes in process `syz.3.4849'. [ 837.162213][T20697] netlink: 28 bytes leftover after parsing attributes in process `syz.2.4848'. [ 837.326541][T20694] netlink: 342 bytes leftover after parsing attributes in process `syz.4.4847'. [ 837.879156][T20701] netlink: 'syz.0.4858': attribute type 4 has an invalid length. [ 837.901979][T20701] netlink: 'syz.0.4858': attribute type 5 has an invalid length. [ 837.909770][T20701] netlink: 10 bytes leftover after parsing attributes in process `syz.0.4858'. [ 841.074289][T19247] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 841.086531][T19247] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:0' [ 841.096321][T19247] CPU: 0 UID: 0 PID: 19247 Comm: kworker/u9:1 Tainted: G U L syzkaller #0 PREEMPT(full) [ 841.096365][T19247] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 841.096376][T19247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 841.096406][T19247] Workqueue: hci1 hci_rx_work [ 841.096450][T19247] Call Trace: [ 841.096461][T19247] [ 841.096473][T19247] dump_stack_lvl+0x100/0x190 [ 841.096511][T19247] sysfs_warn_dup.cold+0x1c/0x28 [ 841.096550][T19247] sysfs_create_dir_ns+0x24b/0x2b0 [ 841.096589][T19247] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 841.096627][T19247] ? find_held_lock+0x2b/0x80 [ 841.096656][T19247] ? kobject_add_internal+0x25f/0x930 [ 841.096695][T19247] ? kobject_add_internal+0x25f/0x930 [ 841.096737][T19247] ? do_raw_spin_unlock+0x145/0x1e0 [ 841.096796][T19247] kobject_add_internal+0x2c8/0x930 [ 841.096842][T19247] kobject_add+0x16a/0x1e0 [ 841.096877][T19247] ? __pfx_kobject_add+0x10/0x10 [ 841.096908][T19247] ? class_to_subsys+0x10f/0x150 [ 841.096952][T19247] ? kobject_put+0xb9/0x640 [ 841.096985][T19247] ? _raw_spin_unlock+0x28/0x50 [ 841.097018][T19247] device_add+0x294/0x1950 [ 841.097055][T19247] ? __pfx_dev_set_name+0x10/0x10 [ 841.097078][T19247] ? __pfx_device_add+0x10/0x10 [ 841.097113][T19247] ? mgmt_send_event_skb+0x2fb/0x460 [ 841.097155][T19247] hci_conn_add_sysfs+0x1a3/0x260 [ 841.097194][T19247] le_conn_complete_evt+0x11cb/0x1f40 [ 841.097238][T19247] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 841.097271][T19247] ? __pfx_bt_warn+0x10/0x10 [ 841.097320][T19247] hci_le_conn_complete_evt+0x23c/0x3a0 [ 841.097357][T19247] ? skb_pull_data+0x15f/0x1e0 [ 841.097395][T19247] hci_le_meta_evt+0x34a/0x5f0 [ 841.097432][T19247] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 841.097470][T19247] hci_event_packet+0x682/0x11c0 [ 841.097505][T19247] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 841.097542][T19247] ? __pfx_hci_event_packet+0x10/0x10 [ 841.097578][T19247] ? kcov_remote_start+0x374/0x660 [ 841.097607][T19247] ? lockdep_hardirqs_on+0x78/0x100 [ 841.097649][T19247] hci_rx_work+0x451/0xfc0 [ 841.097691][T19247] process_one_work+0x9c2/0x1840 [ 841.097749][T19247] ? __pfx_process_one_work+0x10/0x10 [ 841.097813][T19247] ? assign_work+0x19c/0x250 [ 841.097856][T19247] worker_thread+0x5da/0xe40 [ 841.097910][T19247] ? __pfx_worker_thread+0x10/0x10 [ 841.097954][T19247] ? kthread+0x17d/0x730 [ 841.097990][T19247] ? __pfx_worker_thread+0x10/0x10 [ 841.098027][T19247] kthread+0x3b3/0x730 [ 841.098068][T19247] ? __pfx_kthread+0x10/0x10 [ 841.098106][T19247] ? ret_from_fork+0x79/0xaf0 [ 841.098132][T19247] ? ret_from_fork+0x79/0xaf0 [ 841.098159][T19247] ? rcu_is_watching+0x12/0xc0 [ 841.098188][T19247] ? __pfx_kthread+0x10/0x10 [ 841.098229][T19247] ret_from_fork+0x754/0xaf0 [ 841.098258][T19247] ? __pfx_ret_from_fork+0x10/0x10 [ 841.098289][T19247] ? __switch_to+0x7b9/0x10c0 [ 841.098325][T19247] ? __pfx_kthread+0x10/0x10 [ 841.098366][T19247] ret_from_fork_asm+0x1a/0x30 [ 841.098423][T19247] [ 841.098461][T19247] kobject: kobject_add_internal failed for hci1:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 841.413317][T19247] Bluetooth: hci1: failed to register connection device [ 842.703176][T20774] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4872'. [ 842.925608][T20773] netlink: 'syz.4.4871': attribute type 1 has an invalid length. [ 843.593212][T20789] netlink: 354 bytes leftover after parsing attributes in process `syz.3.4877'. [ 851.174601][T20886] netlink: 246 bytes leftover after parsing attributes in process `syz.0.4906'. [ 852.128172][ T5833] Bluetooth: hci0: unexpected event 0x20 length: 123 > 7 [ 853.967572][T20939] netlink: 330 bytes leftover after parsing attributes in process `syz.3.4922'. [ 854.369095][T20954] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4924'. [ 857.205604][ T5833] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 857.215925][ T5833] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci2/hci2:0' [ 857.225745][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: kworker/u9:4 Tainted: G U L syzkaller #0 PREEMPT(full) [ 857.225793][ T5833] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 857.225805][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 857.225824][ T5833] Workqueue: hci2 hci_rx_work [ 857.225861][ T5833] Call Trace: [ 857.225871][ T5833] [ 857.225882][ T5833] dump_stack_lvl+0x100/0x190 [ 857.225920][ T5833] sysfs_warn_dup.cold+0x1c/0x28 [ 857.225958][ T5833] sysfs_create_dir_ns+0x24b/0x2b0 [ 857.225997][ T5833] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 857.226032][ T5833] ? find_held_lock+0x2b/0x80 [ 857.226060][ T5833] ? kobject_add_internal+0x25f/0x930 [ 857.226106][ T5833] ? kobject_add_internal+0x25f/0x930 [ 857.226149][ T5833] ? do_raw_spin_unlock+0x145/0x1e0 [ 857.226194][ T5833] kobject_add_internal+0x2c8/0x930 [ 857.226238][ T5833] kobject_add+0x16a/0x1e0 [ 857.226276][ T5833] ? __pfx_kobject_add+0x10/0x10 [ 857.226310][ T5833] ? class_to_subsys+0x10f/0x150 [ 857.226356][ T5833] ? kobject_put+0xb9/0x640 [ 857.226390][ T5833] ? _raw_spin_unlock+0x28/0x50 [ 857.226429][ T5833] device_add+0x294/0x1950 [ 857.226468][ T5833] ? __pfx_dev_set_name+0x10/0x10 [ 857.226496][ T5833] ? __pfx_device_add+0x10/0x10 [ 857.226536][ T5833] ? mgmt_send_event_skb+0x2fb/0x460 [ 857.226581][ T5833] hci_conn_add_sysfs+0x1a3/0x260 [ 857.226623][ T5833] le_conn_complete_evt+0x11cb/0x1f40 [ 857.226669][ T5833] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 857.226702][ T5833] ? __pfx_bt_warn+0x10/0x10 [ 857.226752][ T5833] hci_le_conn_complete_evt+0x23c/0x3a0 [ 857.226789][ T5833] ? skb_pull_data+0x15f/0x1e0 [ 857.226828][ T5833] hci_le_meta_evt+0x34a/0x5f0 [ 857.226866][ T5833] ? __pfx_hci_le_conn_complete_evt+0x10/0x10 [ 857.226907][ T5833] hci_event_packet+0x682/0x11c0 [ 857.226943][ T5833] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 857.226984][ T5833] ? __pfx_hci_event_packet+0x10/0x10 [ 857.227024][ T5833] ? kcov_remote_start+0x374/0x660 [ 857.227054][ T5833] ? lockdep_hardirqs_on+0x78/0x100 [ 857.227104][ T5833] hci_rx_work+0x451/0xfc0 [ 857.227148][ T5833] process_one_work+0x9c2/0x1840 [ 857.227205][ T5833] ? __pfx_process_one_work+0x10/0x10 [ 857.227257][ T5833] ? assign_work+0x19c/0x250 [ 857.227298][ T5833] worker_thread+0x5da/0xe40 [ 857.227351][ T5833] ? kthread+0x17d/0x730 [ 857.227387][ T5833] ? __pfx_worker_thread+0x10/0x10 [ 857.227426][ T5833] kthread+0x3b3/0x730 [ 857.227467][ T5833] ? __pfx_kthread+0x10/0x10 [ 857.227503][ T5833] ? ret_from_fork+0x79/0xaf0 [ 857.227529][ T5833] ? ret_from_fork+0x79/0xaf0 [ 857.227556][ T5833] ? rcu_is_watching+0x12/0xc0 [ 857.227584][ T5833] ? __pfx_kthread+0x10/0x10 [ 857.227627][ T5833] ret_from_fork+0x754/0xaf0 [ 857.227656][ T5833] ? __pfx_ret_from_fork+0x10/0x10 [ 857.227685][ T5833] ? rcu_is_watching+0x12/0xc0 [ 857.227712][ T5833] ? __switch_to+0x7b9/0x10c0 [ 857.227745][ T5833] ? __pfx_kthread+0x10/0x10 [ 857.227783][ T5833] ret_from_fork_asm+0x1a/0x30 [ 857.227840][ T5833] [ 857.227871][ T5833] kobject: kobject_add_internal failed for hci2:0 with -EEXIST, don't try to register things with the same name in the same directory. [ 857.543223][ T5833] Bluetooth: hci2: failed to register connection device [ 858.911365][T21008] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4937'. [ 859.688102][T21022] HfR: entered promiscuous mode [ 860.514701][T21031] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4947'. [ 860.557188][T21031] netlink: 'syz.4.4947': attribute type 1 has an invalid length. [ 860.565380][T21031] netlink: 'syz.4.4947': attribute type 6 has an invalid length. [ 860.995337][T21041] netlink: 9 bytes leftover after parsing attributes in process `syz.2.4949'. [ 863.037375][T21081] netlink: 246 bytes leftover after parsing attributes in process `syz.4.4963'. [ 864.139601][T21092] netlink: 330 bytes leftover after parsing attributes in process `syz.0.4972'. [ 865.006201][T21109] netlink: 13 bytes leftover after parsing attributes in process `syz.0.4968'. [ 865.387676][T21115] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4970'. [ 865.844387][ T5833] Bluetooth: hci2: unexpected event 0x07 length: 435 > 255 [ 868.815974][T21167] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4991'. [ 870.163271][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 870.223883][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 870.233152][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 870.288494][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 870.324480][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 870.373544][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 870.406985][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 870.437307][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 870.469419][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 870.512246][T21188] netlink: 62 bytes leftover after parsing attributes in process `syz.4.5000'. [ 872.924251][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 872.930664][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 873.122743][T21141] delete_channel: no stack [ 873.176244][T21239] netlink: 'syz.2.5014': attribute type 1 has an invalid length. [ 873.447203][ T30] audit: type=1326 audit(2147483706.482:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21232 comm="syz.3.5013" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc68a59aeb9 code=0x0 [ 876.270894][T21271] __nla_validate_parse: 6 callbacks suppressed [ 876.270921][T21271] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5023'. [ 876.712279][T21285] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5028'. [ 876.762483][T21285] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5028'. [ 881.985443][T21387] futex_wake_op: syz.4.5054 tries to shift op by -2048; fix this program [ 882.087113][T21387] futex_wake_op: syz.4.5054 tries to shift op by -2048; fix this program [ 884.552928][T21423] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5063'. [ 884.571356][T21423] netlink: 252 bytes leftover after parsing attributes in process `syz.2.5063'. [ 885.088825][T21432] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5067'. [ 885.169274][T21432] netlink: 354 bytes leftover after parsing attributes in process `syz.2.5067'. [ 885.526788][T21437] netlink: 'syz.2.5069': attribute type 1 has an invalid length. [ 885.536093][T21437] netlink: 9 bytes leftover after parsing attributes in process `syz.2.5069'. [ 886.961686][T21458] netlink: 252 bytes leftover after parsing attributes in process `syz.0.5074'. [ 887.026585][T21458] netlink: 252 bytes leftover after parsing attributes in process `syz.0.5074'. [ 887.053279][T21463] netlink: 338 bytes leftover after parsing attributes in process `syz.4.5076'. [ 890.024176][T21504] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5085'. [ 890.073337][T21504] veth1_macvtap: entered allmulticast mode [ 890.679344][T21516] __vm_enough_memory: pid: 21516, comm: syz.2.5089, bytes: 4398046511104 not enough memory for the allocation [ 891.470877][T21529] netlink: 'syz.0.5094': attribute type 4 has an invalid length. [ 891.478812][T21529] netlink: 'syz.0.5094': attribute type 5 has an invalid length. [ 891.486651][T21529] netlink: 10 bytes leftover after parsing attributes in process `syz.0.5094'. [ 896.487144][T21621] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5119'. [ 899.165560][ T5833] Bluetooth: hci3: unexpected event 0x3e length: 726 > 260 [ 899.165608][ T5833] Bluetooth: hci3: unexpected subevent 0x03 length: 725 > 9 [ 899.443877][T21669] futex_wake_op: syz.2.5134 tries to shift op by -2048; fix this program [ 899.471822][T21669] futex_wake_op: syz.2.5134 tries to shift op by -2048; fix this program [ 899.801025][T21677] netlink: 330 bytes leftover after parsing attributes in process `syz.4.5136'. [ 900.335959][T21685] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5139'. [ 900.439308][T21688] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5139'. [ 901.279012][T21701] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5145'. [ 904.210198][T21737] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5156'. [ 904.224439][T21737] veth1_macvtap: entered allmulticast mode [ 904.448168][T21749] netlink: 28 bytes leftover after parsing attributes in process `syz.0.5160'. [ 907.055127][T21779] could not allocate digest TFM handle [ 908.768720][T21822] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5180'. [ 908.789682][T21822] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5180'. [ 912.317303][T21885] openvswitch: HfR: Dropping previously announced user features [ 912.760072][T21902] ======================================================= [ 912.760072][T21902] WARNING: The mand mount option has been deprecated and [ 912.760072][T21902] and is ignored by this kernel. Remove the mand [ 912.760072][T21902] option from the mount to silence this warning. [ 912.760072][T21902] ======================================================= [ 914.974185][T21932] Dead loop on virtual device ip6_vti0, fix it urgently! [ 915.031506][T21932] Dead loop on virtual device ip6_vti0, fix it urgently! [ 915.093667][T21932] Dead loop on virtual device ip6_vti0, fix it urgently! [ 915.114923][T21932] Dead loop on virtual device ip6_vti0, fix it urgently! [ 915.144393][T21932] Dead loop on virtual device ip6_vti0, fix it urgently! [ 915.214013][T21932] Dead loop on virtual device ip6_vti0, fix it urgently! [ 915.259791][T21932] Dead loop on virtual device ip6_vti0, fix it urgently! [ 918.096730][T21986] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5226'. [ 918.164633][T21989] netlink: 354 bytes leftover after parsing attributes in process `syz.2.5226'. [ 923.798717][T22059] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5248'. [ 923.835075][T22059] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5248'. [ 924.296949][T22059] i: entered promiscuous mode [ 924.323095][T22062] openvswitch: HfR: Dropping previously announced user features [ 925.410916][T22070] HfR: entered promiscuous mode [ 925.753372][T22080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5262'. [ 925.764333][T22080] netlink: 'syz.2.5262': attribute type 1 has an invalid length. [ 925.772304][T22080] netlink: 'syz.2.5262': attribute type 6 has an invalid length. [ 926.389576][T22092] netlink: 'syz.0.5257': attribute type 33 has an invalid length. [ 926.397663][T22092] netlink: 322 bytes leftover after parsing attributes in process `syz.0.5257'. [ 931.684419][T22171] netlink: 186 bytes leftover after parsing attributes in process `syz.0.5278'. [ 931.755021][T22169] can: request_module (can-proto-5) failed. [ 934.046198][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 934.052620][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 934.832009][T22206] netlink: 'syz.3.5287': attribute type 1 has an invalid length. [ 934.929556][T22206] netlink: 17 bytes leftover after parsing attributes in process `syz.3.5287'. [ 935.011391][T22208] netlink: 9 bytes leftover after parsing attributes in process `syz.2.5288'. [ 937.521739][T22243] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5299'. [ 938.499068][T22255] netlink: 2468 bytes leftover after parsing attributes in process `syz.0.5302'. [ 939.102571][T22253] netlink: 504 bytes leftover after parsing attributes in process `syz.2.5301'. [ 939.160210][T22253] netlink: 350 bytes leftover after parsing attributes in process `syz.2.5301'. [ 942.599103][T22320] netlink: 354 bytes leftover after parsing attributes in process `syz.0.5319'. [ 945.863293][T22371] netlink: 350 bytes leftover after parsing attributes in process `syz.4.5330'. [ 948.802820][T22407] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5343'. [ 949.101772][T22407] i: entered promiscuous mode [ 949.169428][T22410] openvswitch: HfR: Dropping previously announced user features [ 949.296589][T22411] ptrace attach of "./syz-executor exec"[5822] was attempted by ""[22411] [ 957.375102][T22500] netlink: 25 bytes leftover after parsing attributes in process `syz.0.5373'. [ 959.042344][T22537] sctp: [Deprecated]: syz.0.5377 (pid 22537) Use of struct sctp_assoc_value in delayed_ack socket option. [ 959.042344][T22537] Use struct sctp_sack_info instead [ 960.084045][T22555] netlink: 158 bytes leftover after parsing attributes in process `syz.0.5384'. [ 960.481156][T22569] netlink: 'syz.0.5387': attribute type 3 has an invalid length. [ 960.496600][T22569] netlink: 306 bytes leftover after parsing attributes in process `syz.0.5387'. [ 961.191843][ T5833] Bluetooth: hci1: Malformed Event: 0x13 [ 961.719035][T22590] netlink: 330 bytes leftover after parsing attributes in process `syz.0.5395'. [ 965.130511][T22646] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5411'. [ 965.916330][T22674] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5419'. [ 965.937660][T22674] netlink: 354 bytes leftover after parsing attributes in process `syz.2.5419'. [ 968.213926][T22702] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5426'. [ 968.337545][T22715] openvswitch: HfR: Dropping previously announced user features [ 971.546417][T22764] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5442'. [ 971.583758][T22764] i: entered promiscuous mode [ 971.780509][T22770] HfR: entered promiscuous mode [ 971.819158][T22772] netlink: 186 bytes leftover after parsing attributes in process `syz.3.5444'. [ 972.182130][T22777] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5446'. [ 974.494297][T22807] sctp: [Deprecated]: syz.4.5454 (pid 22807) Use of struct sctp_assoc_value in delayed_ack socket option. [ 974.494297][T22807] Use struct sctp_sack_info instead [ 974.788050][T22815] futex_wake_op: syz.3.5458 tries to shift op by -2048; fix this program [ 975.166841][T22822] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5459'. [ 975.185633][T22822] netlink: 354 bytes leftover after parsing attributes in process `syz.3.5459'. [ 979.483501][T22903] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5481'. [ 981.277720][T22939] netlink: 13 bytes leftover after parsing attributes in process `syz.4.5492'. [ 987.852592][T23048] netlink: 'syz.0.5521': attribute type 12 has an invalid length. [ 990.843063][T23096] futex_wake_op: syz.0.5534 tries to shift op by -2048; fix this program [ 992.550166][T23116] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5537'. [ 992.677085][T23116] hsr_slave_0 (unregistering): left promiscuous mode [ 993.372555][T23138] futex_wake_op: syz.4.5544 tries to shift op by -2048; fix this program [ 995.170798][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 995.177477][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 997.486902][T23184] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5557'. [ 999.095252][T23220] HSR: entered promiscuous mode [ 1001.053417][T23252] netlink: 'syz.2.5574': attribute type 4 has an invalid length. [ 1001.081929][T23252] netlink: 314 bytes leftover after parsing attributes in process `syz.2.5574'. [ 1003.302564][T23290] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5587'. [ 1003.513390][T23282] delete_channel: no stack [ 1009.231468][T23364] netlink: 62 bytes leftover after parsing attributes in process `syz.0.5609'. [ 1009.553022][T23369] vcan0: tx drop: invalid sa for name 0x00000000000000fd [ 1009.679038][T23372] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5612'. [ 1013.806381][T23438] netlink: 17 bytes leftover after parsing attributes in process `syz.0.5629'. [ 1019.624406][T23500] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5649'. [ 1019.654024][T23500] bond0: entered promiscuous mode [ 1019.669990][T23500] bond_slave_0: entered promiscuous mode [ 1019.686411][T23500] bond_slave_1: entered promiscuous mode [ 1019.726740][T23500] bond0: entered allmulticast mode [ 1019.739154][T23500] bond_slave_0: entered allmulticast mode [ 1019.755942][T23500] bond_slave_1: entered allmulticast mode [ 1019.785633][T23500] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1020.223539][T23511] Invalid ELF header magic: != ELF [ 1020.230337][T23509] delete_channel: no stack [ 1020.663623][T23522] netlink: 50 bytes leftover after parsing attributes in process `syz.0.5653'. [ 1021.640936][T23534] Invalid ELF header magic: != ELF [ 1023.661099][T23566] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5665'. [ 1024.954786][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805b406000: rx timeout, send abort [ 1025.366028][T23587] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5670'. [ 1025.460613][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805b406000: abort rx timeout. Force session deactivation [ 1028.016350][T23629] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5682'. [ 1028.089811][T23629] IPv6: Can't replace route, no match found [ 1028.122267][T23633] netlink: 342 bytes leftover after parsing attributes in process `syz.4.5682'. [ 1028.131427][T23633] IPv6: Can't replace route, no match found [ 1030.341887][T23666] netlink: 25 bytes leftover after parsing attributes in process `syz.3.5692'. [ 1031.664286][ T5833] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 1031.671752][ T5833] Bluetooth: hci1: Ignoring HCI_Connection_Complete for existing connection [ 1033.735394][T23690] kexec: Could not allocate control_code_buffer [ 1034.418883][T23740] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5712'. [ 1034.477553][T23740] netlink: 354 bytes leftover after parsing attributes in process `syz.4.5712'. [ 1035.368270][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802aa99400: rx timeout, send abort [ 1035.376659][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802aa99400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1035.562764][T23750] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5716'. [ 1036.668370][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802aa9ac00: rx timeout, send abort [ 1036.676805][ C1] vcan0: j1939_tp_rxtimer: 0xffff88802aa99c00: rx timeout, send abort [ 1036.685363][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802aa9ac00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1036.701051][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802aa99c00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1038.976061][T23807] netlink: 'syz.2.5734': attribute type 64 has an invalid length. [ 1038.983919][T23807] netlink: 74 bytes leftover after parsing attributes in process `syz.2.5734'. [ 1039.380265][T23786] kexec: Could not allocate control_code_buffer [ 1041.159264][T23837] netlink: 186 bytes leftover after parsing attributes in process `syz.4.5742'. [ 1041.246674][T23837] netlink: 186 bytes leftover after parsing attributes in process `syz.4.5742'. [ 1041.563320][T23850] netlink: 17 bytes leftover after parsing attributes in process `syz.4.5745'. [ 1043.887168][T23888] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5754'. [ 1056.290678][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1056.297122][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1057.660188][T19247] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1057.670512][T19247] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1057.680147][T19247] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1057.689008][T19247] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1057.697098][T19247] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1057.963983][T23907] chnl_net:caif_netlink_parms(): no params data found [ 1058.018099][T23920] netlink: 9 bytes leftover after parsing attributes in process `syz.4.5762'. [ 1058.195563][T23907] bridge0: port 1(bridge_slave_0) entered blocking state [ 1058.233344][T23907] bridge0: port 1(bridge_slave_0) entered disabled state [ 1058.242020][T23907] bridge_slave_0: entered allmulticast mode [ 1058.249953][T23907] bridge_slave_0: entered promiscuous mode [ 1058.259094][T23907] bridge0: port 2(bridge_slave_1) entered blocking state [ 1058.285590][T23907] bridge0: port 2(bridge_slave_1) entered disabled state [ 1058.313220][T23907] bridge_slave_1: entered allmulticast mode [ 1058.332857][T23907] bridge_slave_1: entered promiscuous mode [ 1058.391553][T23930] tipc: Started in network mode [ 1058.424015][T23930] tipc: Node identity ffffffff, cluster identity 4711 [ 1058.448384][T23930] tipc: Node number set to 4294967295 [ 1058.511407][T23907] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1058.567067][T23907] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1058.763811][T23907] team0: Port device team_slave_0 added [ 1058.847231][T23907] team0: Port device team_slave_1 added [ 1059.067460][T23907] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1059.081482][T23907] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1059.130410][T23907] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1059.196088][T23907] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1059.212542][T23907] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1059.242068][T23907] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1059.540064][T23907] hsr_slave_0: entered promiscuous mode [ 1059.546775][T23907] hsr_slave_1: entered promiscuous mode [ 1059.585141][T23907] debugfs: 'hsr0' already exists in 'hsr' [ 1059.592274][T23907] Cannot create hsr debugfs directory [ 1059.718034][T19247] Bluetooth: hci4: command tx timeout [ 1060.278017][T23907] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1060.338205][T23907] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1060.372979][T23907] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1060.415003][T23907] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1060.807356][T23907] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1060.915539][T23907] 8021q: adding VLAN 0 to HW filter on device team0 [ 1060.937691][T23983] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5782'. [ 1060.953385][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 1060.960571][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1061.061870][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state [ 1061.069109][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1061.733099][T23907] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1061.787862][T19247] Bluetooth: hci4: command tx timeout [ 1062.589513][T23907] veth0_vlan: entered promiscuous mode [ 1062.626269][T23907] veth1_vlan: entered promiscuous mode [ 1062.773757][T23907] veth0_macvtap: entered promiscuous mode [ 1062.805810][T23907] veth1_macvtap: entered promiscuous mode [ 1062.880646][T23907] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1062.933337][T23907] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1063.000348][ T36] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1063.031837][ T36] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1063.051119][ T36] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1063.060216][ T36] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1063.498346][T16135] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1063.555392][T16135] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1063.675962][T16135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1063.707164][T16135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1063.856629][T19247] Bluetooth: hci4: command tx timeout [ 1065.931584][T19247] Bluetooth: hci4: command tx timeout [ 1068.234216][T24070] kexec: Could not allocate control_code_buffer [ 1068.998601][T24097] netlink: 334 bytes leftover after parsing attributes in process `syz.4.5811'. [ 1073.488379][T24161] netlink: 93 bytes leftover after parsing attributes in process `syz.2.5829'. [ 1076.819679][T24203] netlink: 334 bytes leftover after parsing attributes in process `syz.2.5838'. [ 1077.424586][T24223] netlink: 93 bytes leftover after parsing attributes in process `syz.5.5842'. [ 1078.323941][T24237] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5847'. [ 1079.819808][T24260] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5852'. [ 1079.895118][T24255] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5851'. [ 1084.100087][T24325] Invalid ELF header magic: != ELF [ 1086.650484][T24353] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5873'. [ 1088.996731][T24390] Invalid ELF header magic: != ELF [ 1092.496514][ T5833] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1092.506919][ T5833] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1092.516863][ T5833] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1092.526818][ T5833] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1092.540381][ T5833] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1093.291278][T24425] chnl_net:caif_netlink_parms(): no params data found [ 1093.787145][T24425] bridge0: port 1(bridge_slave_0) entered blocking state [ 1093.835386][T24425] bridge0: port 1(bridge_slave_0) entered disabled state [ 1093.980333][T24425] bridge_slave_0: entered allmulticast mode [ 1094.007497][T24425] bridge_slave_0: entered promiscuous mode [ 1094.049854][T24425] bridge0: port 2(bridge_slave_1) entered blocking state [ 1094.057005][T24425] bridge0: port 2(bridge_slave_1) entered disabled state [ 1094.082787][T24425] bridge_slave_1: entered allmulticast mode [ 1094.093745][T24425] bridge_slave_1: entered promiscuous mode [ 1094.342252][T24425] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1094.386313][T24425] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1094.515288][T24425] team0: Port device team_slave_0 added [ 1094.561529][T24425] team0: Port device team_slave_1 added [ 1094.656327][ T5833] Bluetooth: hci5: command tx timeout [ 1094.696192][T24425] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1094.703151][T24425] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1094.781598][T24425] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1094.794618][T24425] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1094.814360][T24425] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1094.863184][T24425] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1094.982625][T24425] hsr_slave_0: entered promiscuous mode [ 1094.995380][T24425] hsr_slave_1: entered promiscuous mode [ 1095.003695][T24425] debugfs: 'hsr0' already exists in 'hsr' [ 1095.013756][T24425] Cannot create hsr debugfs directory [ 1095.950443][T24425] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1095.963183][T24425] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1095.976276][T24425] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1096.051383][T24425] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1096.554421][T24425] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1096.679314][T24425] 8021q: adding VLAN 0 to HW filter on device team0 [ 1096.721344][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 1096.728552][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1096.735674][ T5833] Bluetooth: hci5: command tx timeout [ 1096.856404][ T1166] bridge0: port 2(bridge_slave_1) entered blocking state [ 1096.863608][ T1166] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1097.022337][T24425] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1097.704268][T24425] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1098.641263][T24514] kexec: Could not allocate control_code_buffer [ 1098.785227][ T5833] Bluetooth: hci5: command tx timeout [ 1099.050894][T24545] netlink: 306 bytes leftover after parsing attributes in process `syz.5.5921'. [ 1099.165960][T24425] veth0_vlan: entered promiscuous mode [ 1099.228559][T24425] veth1_vlan: entered promiscuous mode [ 1099.382954][T24552] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5922'. [ 1099.385406][T24425] veth0_macvtap: entered promiscuous mode [ 1099.484494][T24425] veth1_macvtap: entered promiscuous mode [ 1099.717848][T24425] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1099.766148][T24425] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1099.874355][ T65] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1099.904640][ T65] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1099.965563][ T65] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1099.998619][ T65] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1100.120388][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1100.146695][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1100.285774][T24564] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5926'. [ 1100.830112][T16135] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1100.840308][T16135] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1100.856033][ T5833] Bluetooth: hci5: command tx timeout [ 1102.148336][ T30] audit: type=1800 audit(4294967302.965:35): pid=24586 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.5930" name="features" dev="configfs" ino=368109 res=0 errno=0 [ 1105.416788][T24648] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5949'. [ 1105.970104][T24656] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1106.628921][T24669] netlink: 12 bytes leftover after parsing attributes in process `syz.5.5954'. [ 1107.603940][T24684] netlink: 338 bytes leftover after parsing attributes in process `syz.6.5958'. [ 1108.131354][ T5833] Bluetooth: hci5: unexpected subevent 0x01 length: 123 > 18 [ 1108.802966][T24691] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5960'. [ 1108.859902][T24710] netlink: 28 bytes leftover after parsing attributes in process `syz.6.5963'. [ 1112.089674][ C1] vcan0: j1939_tp_rxtimer: 0xffff88807694bc00: rx timeout, send abort [ 1112.105555][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88807694bc00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1113.001530][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805d304400: rx timeout, send abort [ 1113.009933][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805c398400: rx timeout, send abort [ 1113.018470][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805d304400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1113.032912][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805c398400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1113.133011][T24753] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5974'. [ 1114.051400][T24758] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5975'. [ 1115.011341][T24789] netlink: 25 bytes leftover after parsing attributes in process `syz.2.5986'. [ 1116.409570][T24811] netlink: 8 bytes leftover after parsing attributes in process `syz.6.5991'. [ 1117.415247][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1117.421944][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1118.327347][T24839] netlink: 334 bytes leftover after parsing attributes in process `syz.5.5997'. [ 1121.163055][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805d30e400: rx timeout, send abort [ 1121.171608][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805d30e400: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1121.213280][T24859] netlink: 186 bytes leftover after parsing attributes in process `syz.2.6005'. [ 1121.272905][T24859] netlink: 186 bytes leftover after parsing attributes in process `syz.2.6005'. [ 1121.525742][T24873] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1121.670269][T24877] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6011'. [ 1121.928226][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805babb800: rx timeout, send abort [ 1121.936633][ C1] vcan0: j1939_tp_rxtimer: 0xffff88805babac00: rx timeout, send abort [ 1121.945478][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805babb800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1121.959946][ C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88805babac00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 1123.181698][T24901] netlink: 17 bytes leftover after parsing attributes in process `syz.5.6019'. [ 1123.520563][T24425] syz-executor invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=0 [ 1123.586134][T24425] CPU: 0 UID: 0 PID: 24425 Comm: syz-executor Tainted: G U L syzkaller #0 PREEMPT(full) [ 1123.586177][T24425] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1123.586198][T24425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1123.586213][T24425] Call Trace: [ 1123.586223][T24425] [ 1123.586232][T24425] dump_stack_lvl+0x100/0x190 [ 1123.586269][T24425] dump_header+0xfb/0x606 [ 1123.586298][T24425] oom_kill_process.cold+0xd/0x321 [ 1123.586328][T24425] out_of_memory+0x340/0x14f0 [ 1123.586369][T24425] ? __pfx_out_of_memory+0x10/0x10 [ 1123.586412][T24425] mem_cgroup_out_of_memory+0xc6/0x130 [ 1123.586441][T24425] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 1123.586467][T24425] ? find_held_lock+0x2b/0x80 [ 1123.586501][T24425] ? do_raw_spin_unlock+0x145/0x1e0 [ 1123.586540][T24425] ? _raw_spin_unlock+0x28/0x50 [ 1123.586571][T24425] try_charge_memcg+0x652/0xc90 [ 1123.586614][T24425] ? __pfx_try_charge_memcg+0x10/0x10 [ 1123.586657][T24425] ? find_held_lock+0x2b/0x80 [ 1123.586683][T24425] ? rcu_read_unlock+0x17/0x60 [ 1123.586718][T24425] ? rcu_read_unlock+0x17/0x60 [ 1123.586759][T24425] charge_memcg+0xa6/0x280 [ 1123.586794][T24425] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 1123.586839][T24425] __read_swap_cache_async+0x449/0x610 [ 1123.586874][T24425] ? __pfx___read_swap_cache_async+0x10/0x10 [ 1123.586905][T24425] ? rcu_is_watching+0x12/0xc0 [ 1123.586930][T24425] ? finish_task_switch.isra.0+0x204/0xb70 [ 1123.586960][T24425] ? lockdep_hardirqs_on+0x78/0x100 [ 1123.586991][T24425] ? finish_task_switch.isra.0+0x204/0xb70 [ 1123.587027][T24425] swap_cluster_readahead+0x541/0x770 [ 1123.587056][T24425] ? __schedule+0xff8/0x5fa0 [ 1123.587091][T24425] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 1123.587123][T24425] ? __lock_acquire+0x4a5/0x2630 [ 1123.587157][T24425] ? __lock_acquire+0x4a5/0x2630 [ 1123.587209][T24425] ? get_vma_policy+0x23f/0x3b0 [ 1123.587249][T24425] swapin_readahead+0x14b/0x12e0 [ 1123.587291][T24425] ? __pfx_swapin_readahead+0x10/0x10 [ 1123.587321][T24425] ? find_held_lock+0x2b/0x80 [ 1123.587345][T24425] ? swap_cache_get_folio+0x272/0x920 [ 1123.587373][T24425] ? swap_cache_get_folio+0x272/0x920 [ 1123.587395][T24425] ? swap_cache_get_folio+0x1f/0x920 [ 1123.587418][T24425] ? swap_cache_get_folio+0x2a2/0x920 [ 1123.587444][T24425] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 1123.587467][T24425] ? __pfx_get_swap_device+0x10/0x10 [ 1123.587504][T24425] ? do_swap_page+0x9ba/0x6810 [ 1123.587527][T24425] do_swap_page+0x9ba/0x6810 [ 1123.587555][T24425] ? __lock_acquire+0x4a5/0x2630 [ 1123.587592][T24425] ? __pfx_do_swap_page+0x10/0x10 [ 1123.587619][T24425] ? __pfx_default_wake_function+0x10/0x10 [ 1123.587647][T24425] ? rcu_is_watching+0x12/0xc0 [ 1123.587668][T24425] ? __free_object+0x2a8/0x400 [ 1123.587698][T24425] ? rcu_is_watching+0x12/0xc0 [ 1123.587720][T24425] ? ___pte_offset_map+0x179/0x310 [ 1123.587756][T24425] __handle_mm_fault+0x18b9/0x2b50 [ 1123.587787][T24425] ? reacquire_held_locks+0xce/0x1e0 [ 1123.587818][T24425] ? __pfx___handle_mm_fault+0x10/0x10 [ 1123.587848][T24425] ? lock_vma_under_rcu+0x17c/0x5a0 [ 1123.587881][T24425] ? get_timespec64+0x136/0x1b0 [ 1123.587916][T24425] handle_mm_fault+0x36d/0xa20 [ 1123.587948][T24425] do_user_addr_fault+0x5a3/0x12f0 [ 1123.587984][T24425] exc_page_fault+0x6f/0xd0 [ 1123.588011][T24425] asm_exc_page_fault+0x26/0x30 [ 1123.588033][T24425] RIP: 0033:0x7ff6f5d5b78e [ 1123.588052][T24425] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1123.588075][T24425] RSP: 002b:00007ffe5f8359e8 EFLAGS: 00010246 [ 1123.588094][T24425] RAX: 0000000000000000 RBX: 000055557633e500 RCX: 00007ff6f5d5b78e [ 1123.588109][T24425] RDX: 00007ffe5f835a40 RSI: 0000000000000000 RDI: 0000000000000000 [ 1123.588123][T24425] RBP: 00007ffe5f835aac R08: 0000000000000000 R09: 0000000000000000 [ 1123.588137][T24425] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000001388 [ 1123.588151][T24425] R13: 00000000000927c0 R14: 00000000001131b0 R15: 00007ffe5f835b00 [ 1123.588182][T24425] [ 1123.588200][T24425] memory: usage 3072kB, limit 3072kB, failcnt 565 [ 1124.013805][T24425] memory+swap: usage 4836kB, limit 9007199254740988kB, failcnt 0 [ 1124.021590][T24425] kmem: usage 520kB, limit 9007199254740988kB, failcnt 0 [ 1124.038096][T24425] Memory cgroup stats for /syz6: [ 1124.038403][T24425] cache 0 [ 1124.054132][T24425] rss 2592768 [ 1124.057459][T24425] rss_huge 0 [ 1124.060657][T24425] shmem 0 [ 1124.081962][T24425] mapped_file 0 [ 1124.101397][T24425] dirty 0 [ 1124.104538][T24425] writeback 0 [ 1124.107837][T24425] workingset_refault_anon 1125 [ 1124.112701][T24425] workingset_refault_file 0 [ 1124.162853][T24425] swap 1806336 [ 1124.166247][T24425] swapcached 126976 [ 1124.170036][T24425] pgpgin 22451 [ 1124.215872][T24425] pgpgout 21813 [ 1124.219385][T24425] pgfault 10871 [ 1124.234458][T24425] pgmajfault 201 [ 1124.238052][T24425] inactive_anon 20480 [ 1124.242049][T24425] active_anon 0 [ 1124.247683][T24425] inactive_file 0 [ 1124.253495][T24425] active_file 0 [ 1124.257516][T24425] unevictable 2592768 [ 1124.261509][T24425] hierarchical_memory_limit 3145728 [ 1124.267966][T24425] hierarchical_memsw_limit 9223372036854771712 [ 1124.312108][T24425] total_cache 0 [ 1124.318378][T24425] total_rss 2592768 [ 1124.328668][T24425] total_rss_huge 0 [ 1124.351850][T24425] total_shmem 0 [ 1124.358331][T24425] total_mapped_file 0 [ 1124.364976][T24425] total_dirty 0 [ 1124.375112][T24425] total_writeback 0 [ 1124.387787][T24425] total_workingset_refault_anon 1125 [ 1124.427706][T24425] total_workingset_refault_file 0 [ 1124.447379][T24425] total_swap 1806336 [ 1124.462326][T24425] total_swapcached 126976 [ 1124.471194][T24425] total_pgpgin 22451 [ 1124.475136][T24425] total_pgpgout 21813 [ 1124.489348][T24425] total_pgfault 10871 [ 1124.509662][T24425] total_pgmajfault 201 [ 1124.519764][T24425] total_inactive_anon 20480 [ 1124.529864][T24425] total_active_anon 0 [ 1124.544665][T24425] total_inactive_file 0 [ 1124.548864][T24425] total_active_file 0 [ 1124.580652][T24425] total_unevictable 2592768 [ 1124.591627][T24425] anon_cost 0 [ 1124.594973][T24425] file_cost 0 [ 1124.618626][T24425] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.6011,pid=24876,uid=0 [ 1124.668787][T24425] Memory cgroup out of memory: Killed process 24876 (syz.6.6011) total-vm:112784kB, anon-rss:3648kB, file-rss:27900kB, shmem-rss:0kB, UID:0 pgtables:172kB oom_score_adj:1000 [ 1125.214931][T24914] netlink: 17 bytes leftover after parsing attributes in process `syz.2.6022'. [ 1127.336367][T24944] smc: net device dummy0 applied user defined pnetid DUMMY0 [ 1128.508131][T24945] kexec: Could not allocate control_code_buffer [ 1128.641194][T24951] Invalid ELF header magic: != ELF [ 1132.699732][T25011] ptrace attach of "./syz-executor exec"[23907] was attempted by "\x0d`e\x22\x1bb@mF|&`NAˆQd'V8^l\x1b:\x1b5:O\x0aX-q\x22j׷̜CZ֎2L\x1bϒ;Cl8,e1v?\x0c~KiFJ8=PEg`$8˓T1^K2bmE6>\x09%9SLZ|!cϷ:6y =BMiųd*x0b_ђ\x5cN4k\x0c2g?dP0Kղ7Ei`H=3dG=4,d1B>NDsScy0)\x0d(Ơv=K}͵B\x0b=}n^w!iO;\x22w*i<@,\x5c:y,.Ex-\x1b\x22֌?@\x1b'\x0a/8I2AٿƗ.`\x0b\x09r^K5`%TaB]**|?ѮmO|vJ'Sǂ4\x0d N[NX'D`-Y[\x09k-f]\x0arFۯNEy^M*.[^ٶHI\x22b\x0cOp+0.BZ3A%*F^nzS}:K]ad.-~ԺQ\x0c\x0a;Z\x09Ƞl hfyuLn{AS\x5c)DZ:*j_xT6W;O5a\x09A\x0b;\x5cŠMt\x09jo5eZI\x22-\x07@\x0be[M[q<5m폑im|=]?>\x22@1 [ 1133.014301][T25014] device-mapper: ioctl: only supply one of name or uuid, cmd(5) [ 1134.313419][T25026] netlink: 9 bytes leftover after parsing attributes in process `syz.6.6052'. [ 1134.799187][T25035] netlink: 'syz.5.6056': attribute type 2 has an invalid length. [ 1134.806971][T25035] netlink: 5 bytes leftover after parsing attributes in process `syz.5.6056'. [ 1135.970651][T25062] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6063'. [ 1135.992355][T25062] netlink: 354 bytes leftover after parsing attributes in process `syz.2.6063'. [ 1136.942608][T25079] ptrace attach of "./syz-executor exec"[5830] was attempted by " ]7)ˬ\x5c\x1b?MלTQq\x09买e[]hhaՁeCfip\x0bD>L)tF6;Mj$Bac/$0cF>dW ֣yCDZb\x1bq\x22r$H&C bF[ѳj\x0bްNM|m=@'N' D\x0aWxK\x0d'w1Ak3e&)'^ [ 1156.917404][T25339] dump_stack_lvl+0x100/0x190 [ 1156.917444][T25339] should_fail_ex.cold+0x5/0xa [ 1156.917482][T25339] ? prepare_alloc_pages+0x16d/0x5f0 [ 1156.917523][T25339] should_fail_alloc_page+0xeb/0x140 [ 1156.917562][T25339] prepare_alloc_pages+0x1f0/0x5f0 [ 1156.917606][T25339] __alloc_frozen_pages_noprof+0x193/0x2410 [ 1156.917640][T25339] ? lock_acquire+0x17c/0x330 [ 1156.917679][T25339] ? find_held_lock+0x2b/0x80 [ 1156.917707][T25339] ? finish_task_switch.isra.0+0x1ff/0xb70 [ 1156.917740][T25339] ? finish_task_switch.isra.0+0x1ff/0xb70 [ 1156.917777][T25339] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1156.917807][T25339] ? __lock_acquire+0x4a5/0x2630 [ 1156.917843][T25339] ? finish_task_switch.isra.0+0x204/0xb70 [ 1156.917875][T25339] ? rcu_is_watching+0x12/0xc0 [ 1156.917912][T25339] ? find_held_lock+0x2b/0x80 [ 1156.917938][T25339] ? aa_file_perm+0x268/0x1540 [ 1156.917965][T25339] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 1156.917999][T25339] ? policy_nodemask+0xed/0x4f0 [ 1156.918042][T25339] alloc_pages_mpol+0x1fb/0x550 [ 1156.918082][T25339] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 1156.918119][T25339] ? futex_unqueue+0x133/0x2c0 [ 1156.918155][T25339] ? futex_unqueue+0x133/0x2c0 [ 1156.918191][T25339] ? __pfx_aa_file_perm+0x10/0x10 [ 1156.918225][T25339] alloc_pages_noprof+0x131/0x390 [ 1156.918266][T25339] get_free_pages_noprof+0x10/0xb0 [ 1156.918317][T25339] vcs_read+0xba/0xc00 [ 1156.918355][T25339] ? iovec_from_user+0xbb/0x140 [ 1156.918402][T25339] ? common_file_perm+0x1ab/0x4f0 [ 1156.918448][T25339] ? __pfx_vcs_read+0x10/0x10 [ 1156.918483][T25339] ? bpf_lsm_file_permission+0x9/0x10 [ 1156.918521][T25339] ? security_file_permission+0x76/0x210 [ 1156.918567][T25339] ? rw_verify_area+0xce/0x6d0 [ 1156.918597][T25339] ? __pfx_vcs_read+0x10/0x10 [ 1156.918630][T25339] vfs_readv+0x5d8/0x8d0 [ 1156.918665][T25339] ? __pfx_vfs_readv+0x10/0x10 [ 1156.918702][T25339] ? do_raw_spin_lock+0x128/0x260 [ 1156.918744][T25339] ? find_held_lock+0x2b/0x80 [ 1156.918798][T25339] ? do_preadv+0x1ac/0x270 [ 1156.918826][T25339] do_preadv+0x1ac/0x270 [ 1156.918858][T25339] ? __pfx_do_preadv+0x10/0x10 [ 1156.918898][T25339] do_syscall_64+0xc9/0xf80 [ 1156.918936][T25339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1156.918965][T25339] RIP: 0033:0x7ff6f5d9aeb9 [ 1156.918989][T25339] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1156.919018][T25339] RSP: 002b:00007ff6f6d10028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 1156.919046][T25339] RAX: ffffffffffffffda RBX: 00007ff6f6015fa0 RCX: 00007ff6f5d9aeb9 [ 1156.919067][T25339] RDX: 0000000000000002 RSI: 0000200000000240 RDI: 0000000000000006 [ 1156.919085][T25339] RBP: 00007ff6f5e08c1f R08: 0000000000000006 R09: 0000000000000000 [ 1156.919103][T25339] R10: 0000000000003005 R11: 0000000000000246 R12: 0000000000000000 [ 1156.919121][T25339] R13: 00007ff6f6016038 R14: 00007ff6f6015fa0 R15: 00007ffe5f835708 [ 1156.919160][T25339] [ 1157.576022][T25366] futex_wake_op: syz.5.6135 tries to shift op by -2048; fix this program [ 1157.628991][T25366] futex_wake_op: syz.5.6135 tries to shift op by -2048; fix this program [ 1158.190722][T19247] Bluetooth: hci2: hcon ffff888045f7c000 sent 1 < count 256 [ 1158.301034][T25374] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6137'. [ 1158.317325][T25374] netlink: 'syz.6.6137': attribute type 1 has an invalid length. [ 1158.348251][T25374] netlink: 13 bytes leftover after parsing attributes in process `syz.6.6137'. [ 1162.028920][T25412] input: f as /devices/virtual/input/input22 [ 1164.089357][T25439] netlink: 25 bytes leftover after parsing attributes in process `syz.5.6154'. [ 1164.967598][T25451] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6159'. [ 1168.240831][T25484] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6167'. [ 1171.668790][T25522] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6176'. [ 1171.987758][ T5833] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1172.006219][ T5833] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1172.039531][ T5833] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1172.047838][ T5833] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1172.057984][ T5833] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1172.289656][T25527] chnl_net:caif_netlink_parms(): no params data found [ 1172.553474][T25527] bridge0: port 1(bridge_slave_0) entered blocking state [ 1172.592536][T25527] bridge0: port 1(bridge_slave_0) entered disabled state [ 1172.615021][T25527] bridge_slave_0: entered allmulticast mode [ 1172.640002][T25527] bridge_slave_0: entered promiscuous mode [ 1172.669117][T25527] bridge0: port 2(bridge_slave_1) entered blocking state [ 1172.729496][T25527] bridge0: port 2(bridge_slave_1) entered disabled state [ 1172.750436][T25527] bridge_slave_1: entered allmulticast mode [ 1172.770562][T25527] bridge_slave_1: entered promiscuous mode [ 1172.954659][T25527] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1173.013601][T25527] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1173.158117][T25527] team0: Port device team_slave_0 added [ 1173.166992][T25527] team0: Port device team_slave_1 added [ 1173.394986][T25527] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1173.416747][T25527] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1173.546054][T25527] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1173.656707][T25527] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1173.681186][T25527] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1173.730473][T25527] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1173.945888][T25527] hsr_slave_0: entered promiscuous mode [ 1173.952696][T25527] hsr_slave_1: entered promiscuous mode [ 1174.004933][T25527] debugfs: 'hsr0' already exists in 'hsr' [ 1174.011934][T25527] Cannot create hsr debugfs directory [ 1174.082596][T19247] Bluetooth: hci6: command tx timeout [ 1175.366397][T25527] netdevsim netdevsim7 netdevsim0: renamed from eth0 [ 1175.441478][T25527] netdevsim netdevsim7 netdevsim1: renamed from eth1 [ 1175.506988][T25527] netdevsim netdevsim7 netdevsim2: renamed from eth2 [ 1175.562762][T25527] netdevsim netdevsim7 netdevsim3: renamed from eth3 [ 1175.602060][T25557] netlink: 8 bytes leftover after parsing attributes in process `syz.6.6180'. [ 1175.611297][ T30] audit: type=1806 audit(4294967376.797:37): xattr="." res=0 [ 1175.612178][T25561] netlink: 4 bytes leftover after parsing attributes in process `syz.5.6184'. [ 1175.652933][T25561] netlink: 'syz.5.6184': attribute type 1 has an invalid length. [ 1175.666032][T25561] netlink: 'syz.5.6184': attribute type 6 has an invalid length. [ 1176.152587][T19247] Bluetooth: hci6: command tx timeout [ 1176.556605][T25527] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1176.614116][T25527] 8021q: adding VLAN 0 to HW filter on device team0 [ 1176.663535][ T3547] bridge0: port 1(bridge_slave_0) entered blocking state [ 1176.670760][ T3547] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1176.714677][ T3547] bridge0: port 2(bridge_slave_1) entered blocking state [ 1176.721920][ T3547] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1176.884039][T25583] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6189'. [ 1176.958976][T25583] netlink: 354 bytes leftover after parsing attributes in process `syz.6.6189'. [ 1177.645707][T25527] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1177.714370][T25171] syz.6.6091 (25171) used greatest stack depth: 17496 bytes left [ 1178.204656][T25601] __vm_enough_memory: pid: 25601, comm: syz.4.6191, bytes: 4398046511104 not enough memory for the allocation [ 1178.225748][T19247] Bluetooth: hci6: command tx timeout [ 1178.537678][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1178.544167][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1178.947793][T25527] veth0_vlan: entered promiscuous mode [ 1178.967265][T25527] veth1_vlan: entered promiscuous mode [ 1179.139212][T25527] veth0_macvtap: entered promiscuous mode [ 1179.162437][T25527] veth1_macvtap: entered promiscuous mode [ 1179.249154][T25527] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1179.317716][T25527] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1179.382815][ T1166] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.446670][ T1166] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.475433][ T1166] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.661756][ T1166] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1179.877079][T25328] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1179.894236][T25328] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1179.950914][T25328] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1179.972839][T25328] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1180.281626][T23909] Bluetooth: hci6: command tx timeout [ 1180.599497][T23909] Bluetooth: hci4: command 0x0406 tx timeout [ 1180.827074][T25621] FAULT_INJECTION: forcing a failure. [ 1180.827074][T25621] name failslab, interval 1, probability 0, space 0, times 0 [ 1180.868006][T25621] CPU: 1 UID: 0 PID: 25621 Comm: syz.7.6177 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1180.868054][T25621] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1180.868065][T25621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1180.868081][T25621] Call Trace: [ 1180.868090][T25621] [ 1180.868101][T25621] dump_stack_lvl+0x100/0x190 [ 1180.868143][T25621] should_fail_ex.cold+0x5/0xa [ 1180.868188][T25621] should_failslab+0xc2/0x120 [ 1180.868227][T25621] kmem_cache_alloc_lru_noprof+0x8e/0x7d0 [ 1180.868278][T25621] ? alloc_inode+0x183/0x250 [ 1180.868326][T25621] ? alloc_inode+0x183/0x250 [ 1180.868369][T25621] alloc_inode+0x183/0x250 [ 1180.868410][T25621] alloc_anon_inode+0x2a/0x3e0 [ 1180.868446][T25621] anon_inode_make_secure_inode+0x2f/0x140 [ 1180.868488][T25621] __anon_inode_getfile+0x1cf/0x280 [ 1180.868522][T25621] ? _copy_to_user+0xaf/0xd0 [ 1180.868567][T25621] io_uring_setup.cold+0x17b6/0x1a89 [ 1180.868609][T25621] ? __pfx_io_uring_setup+0x10/0x10 [ 1180.868648][T25621] ? __pfx_do_futex+0x10/0x10 [ 1180.868703][T25621] ? xfd_validate_state+0x129/0x190 [ 1180.868756][T25621] __x64_sys_io_uring_setup+0xc2/0x170 [ 1180.868793][T25621] do_syscall_64+0xc9/0xf80 [ 1180.868830][T25621] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1180.868860][T25621] RIP: 0033:0x7fe631f9aeb9 [ 1180.868882][T25621] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1180.868910][T25621] RSP: 002b:00007fe632edb028 EFLAGS: 00000246 ORIG_RAX: 00000000000001a9 [ 1180.868937][T25621] RAX: ffffffffffffffda RBX: 00007fe632215fa0 RCX: 00007fe631f9aeb9 [ 1180.868956][T25621] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 1180.868974][T25621] RBP: 00007fe632008c1f R08: 0000000000000000 R09: 0000000000000000 [ 1180.868992][T25621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1180.869010][T25621] R13: 00007fe632216038 R14: 00007fe632215fa0 R15: 00007ffc33135028 [ 1180.869046][T25621] [ 1181.190082][ T30] audit: type=1800 audit(4294967382.386:38): pid=25625 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.6177" name="features" dev="configfs" ino=401226 res=0 errno=0 [ 1184.336640][T25664] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6203'. [ 1184.349671][T25664] bridge0: port 2(bridge_slave_1) entered disabled state [ 1184.467435][T25664] bridge_slave_1 (unregistering): left allmulticast mode [ 1184.484916][T25664] bridge_slave_1 (unregistering): left promiscuous mode [ 1184.514948][T25664] bridge0: port 2(bridge_slave_1) entered disabled state [ 1184.908133][T19247] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 1185.291448][T25677] netlink: 8 bytes leftover after parsing attributes in process `syz.7.6207'. [ 1185.826119][ T30] audit: type=1800 audit(4294967387.060:39): pid=25686 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.6.6204" name="lu_gp_id" dev="configfs" ino=402663 res=0 errno=0 [ 1186.960667][ T30] audit: type=1326 audit(4294967388.216:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25700 comm="syz.4.6214" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbafed9aeb9 code=0x0 [ 1188.601080][T25713] netlink: 4 bytes leftover after parsing attributes in process `syz.6.6217'. [ 1188.685997][T25717] netlink: 25 bytes leftover after parsing attributes in process `syz.6.6217'. [ 1188.864843][T25722] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input23 [ 1190.495277][T19247] Bluetooth: hci2: unexpected event 0x0b length: 440 > 11 [ 1191.150013][T25750] netlink: 5 bytes leftover after parsing attributes in process `syz.4.6226'. [ 1193.103530][T25781] futex_wake_op: syz.4.6233 tries to shift op by -2048; fix this program [ 1193.114577][T25781] futex_wake_op: syz.4.6233 tries to shift op by -2048; fix this program [ 1194.757988][T25813] Console: switching to colour VGA+ 80x25 [ 1195.257382][T25809] FAULT_INJECTION: forcing a failure. [ 1195.257382][T25809] name failslab, interval 1, probability 0, space 0, times 0 [ 1195.420695][T25809] CPU: 1 UID: 0 PID: 25809 Comm: syz.6.6235 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1195.420746][T25809] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1195.420757][T25809] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1195.420775][T25809] Call Trace: [ 1195.420785][T25809] [ 1195.420797][T25809] dump_stack_lvl+0x100/0x190 [ 1195.420839][T25809] should_fail_ex.cold+0x5/0xa [ 1195.420884][T25809] should_failslab+0xc2/0x120 [ 1195.420922][T25809] kmem_cache_alloc_noprof+0x83/0x780 [ 1195.420956][T25809] ? __proc_create+0xc2/0x8c0 [ 1195.420995][T25809] ? __proc_create+0x2cb/0x8c0 [ 1195.421040][T25809] ? __proc_create+0x2cb/0x8c0 [ 1195.421079][T25809] __proc_create+0x2cb/0x8c0 [ 1195.421121][T25809] ? __pfx___proc_create+0x10/0x10 [ 1195.421178][T25809] _proc_mkdir+0xb9/0x210 [ 1195.421206][T25809] ? __pfx__proc_mkdir+0x10/0x10 [ 1195.421231][T25809] ? net_generic+0xea/0x2a0 [ 1195.421271][T25809] nfs_fs_proc_net_init+0x9b/0x1e0 [ 1195.421309][T25809] nfs_net_init+0x130/0x340 [ 1195.421345][T25809] ? __pfx_nfs_net_init+0x10/0x10 [ 1195.421380][T25809] ops_init+0x1e2/0x5f0 [ 1195.421428][T25809] setup_net+0x118/0x3a0 [ 1195.421455][T25809] ? __pfx_setup_net+0x10/0x10 [ 1195.421478][T25809] ? lockdep_init_map_type+0x5c/0x250 [ 1195.421519][T25809] ? mutex_init_lockep+0x110/0x150 [ 1195.421564][T25809] copy_net_ns+0x46f/0x7c0 [ 1195.421597][T25809] create_new_namespaces+0x3ea/0xab0 [ 1195.421640][T25809] copy_namespaces+0x468/0x5e0 [ 1195.421675][T25809] copy_process+0x32d5/0x7890 [ 1195.421741][T25809] ? __pfx_copy_process+0x10/0x10 [ 1195.421796][T25809] kernel_clone+0xfc/0x930 [ 1195.421831][T25809] ? __pfx_futex_wait+0x10/0x10 [ 1195.421862][T25809] ? __pfx_kernel_clone+0x10/0x10 [ 1195.421921][T25809] __do_sys_clone+0xd9/0x120 [ 1195.421957][T25809] ? __pfx___do_sys_clone+0x10/0x10 [ 1195.421988][T25809] ? __fget_files+0x21f/0x3d0 [ 1195.422030][T25809] ? xfd_validate_state+0x129/0x190 [ 1195.422083][T25809] do_syscall_64+0xc9/0xf80 [ 1195.422120][T25809] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1195.422149][T25809] RIP: 0033:0x7ff6f5d9aeb9 [ 1195.422173][T25809] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1195.422204][T25809] RSP: 002b:00007ff6f6ceefd8 EFLAGS: 00000206 ORIG_RAX: 0000000000000038 [ 1195.422232][T25809] RAX: ffffffffffffffda RBX: 00007ff6f6016090 RCX: 00007ff6f5d9aeb9 [ 1195.422251][T25809] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040180211 [ 1195.422269][T25809] RBP: 00007ff6f5e08c1f R08: 0000000000000000 R09: 0000000000000000 [ 1195.422286][T25809] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1195.422302][T25809] R13: 00007ff6f6016128 R14: 00007ff6f6016090 R15: 00007ffe5f835708 [ 1195.422342][T25809] [ 1196.625111][T25829] futex_wake_op: syz.7.6244 tries to shift op by -2048; fix this program [ 1196.642079][T25829] futex_wake_op: syz.7.6244 tries to shift op by -2048; fix this program [ 1199.751558][T25869] input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input24 [ 1209.653927][T25990] zswap: compressor not available [ 1210.626502][T26012] netlink: 28 bytes leftover after parsing attributes in process `syz.5.6281'. [ 1211.021596][T26012] team0: Port device team_slave_0 removed [ 1212.750340][T26003] syz.6.6277 invoked oom-killer: gfp_mask=0x100cca(GFP_HIGHUSER_MOVABLE), order=0, oom_score_adj=1000 [ 1212.788482][T26003] CPU: 0 UID: 0 PID: 26003 Comm: syz.6.6277 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1212.788525][T26003] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1212.788535][T26003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1212.788551][T26003] Call Trace: [ 1212.788561][T26003] [ 1212.788572][T26003] dump_stack_lvl+0x100/0x190 [ 1212.788617][T26003] dump_header+0xfb/0x606 [ 1212.788646][T26003] oom_kill_process.cold+0xd/0x321 [ 1212.788677][T26003] out_of_memory+0x340/0x14f0 [ 1212.788719][T26003] ? __pfx_out_of_memory+0x10/0x10 [ 1212.788763][T26003] mem_cgroup_out_of_memory+0xc6/0x130 [ 1212.788793][T26003] ? __pfx_mem_cgroup_out_of_memory+0x10/0x10 [ 1212.788820][T26003] ? find_held_lock+0x2b/0x80 [ 1212.788852][T26003] ? do_raw_spin_unlock+0x145/0x1e0 [ 1212.788891][T26003] ? _raw_spin_unlock+0x28/0x50 [ 1212.788922][T26003] try_charge_memcg+0x652/0xc90 [ 1212.788964][T26003] ? __pfx_try_charge_memcg+0x10/0x10 [ 1212.789006][T26003] ? find_held_lock+0x2b/0x80 [ 1212.789030][T26003] ? rcu_read_unlock+0x17/0x60 [ 1212.789066][T26003] ? rcu_read_unlock+0x17/0x60 [ 1212.789106][T26003] charge_memcg+0xa6/0x280 [ 1212.789141][T26003] mem_cgroup_swapin_charge_folio+0xeb/0x470 [ 1212.789185][T26003] __read_swap_cache_async+0x449/0x610 [ 1212.789221][T26003] ? __pfx___read_swap_cache_async+0x10/0x10 [ 1212.789250][T26003] ? lock_acquire+0x17c/0x330 [ 1212.789282][T26003] ? find_held_lock+0x2b/0x80 [ 1212.789320][T26003] swap_cluster_readahead+0x541/0x770 [ 1212.789348][T26003] ? finish_task_switch.isra.0+0x2c5/0xb70 [ 1212.789381][T26003] ? rcu_is_watching+0x12/0xc0 [ 1212.789412][T26003] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 1212.789466][T26003] ? get_vma_policy+0x23f/0x3b0 [ 1212.789508][T26003] swapin_readahead+0x14b/0x12e0 [ 1212.789540][T26003] ? __lock_acquire+0x4a5/0x2630 [ 1212.789579][T26003] ? __pfx_swapin_readahead+0x10/0x10 [ 1212.789616][T26003] ? find_held_lock+0x2b/0x80 [ 1212.789642][T26003] ? swap_cache_get_folio+0x272/0x920 [ 1212.789675][T26003] ? swap_cache_get_folio+0x272/0x920 [ 1212.789701][T26003] ? swap_cache_get_folio+0x1f/0x920 [ 1212.789727][T26003] ? swap_cache_get_folio+0x2a2/0x920 [ 1212.789757][T26003] ? __pfx_swap_cache_get_folio+0x10/0x10 [ 1212.789784][T26003] ? __pfx_get_swap_device+0x10/0x10 [ 1212.789827][T26003] ? do_swap_page+0x9ba/0x6810 [ 1212.789853][T26003] do_swap_page+0x9ba/0x6810 [ 1212.789886][T26003] ? __lock_acquire+0x4a5/0x2630 [ 1212.789924][T26003] ? __pfx_validate_mm+0x10/0x10 [ 1212.789956][T26003] ? __pfx_do_swap_page+0x10/0x10 [ 1212.789988][T26003] ? __pfx_default_wake_function+0x10/0x10 [ 1212.790028][T26003] ? rcu_is_watching+0x12/0xc0 [ 1212.790054][T26003] ? ___pte_offset_map+0x179/0x310 [ 1212.790095][T26003] __handle_mm_fault+0x18b9/0x2b50 [ 1212.790132][T26003] ? reacquire_held_locks+0xce/0x1e0 [ 1212.790167][T26003] ? __pfx___handle_mm_fault+0x10/0x10 [ 1212.790202][T26003] ? lock_vma_under_rcu+0x17c/0x5a0 [ 1212.790254][T26003] handle_mm_fault+0x36d/0xa20 [ 1212.790291][T26003] do_user_addr_fault+0x5a3/0x12f0 [ 1212.790332][T26003] exc_page_fault+0x6f/0xd0 [ 1212.790363][T26003] asm_exc_page_fault+0x26/0x30 [ 1212.790388][T26003] RIP: 0033:0x7ff6f5c51617 [ 1212.790410][T26003] Code: f2 40 ef 00 00 41 bc 03 00 00 00 48 8d b8 00 10 00 00 44 0f 45 e2 45 31 c9 44 89 e2 e8 f2 95 14 00 48 89 c5 48 83 f8 ff 74 66 <80> 3d 9a 0a 3c 00 00 75 38 8b 43 20 48 89 6b 18 ba 08 00 00 00 48 [ 1212.790435][T26003] RSP: 002b:00007ffe5f8357d0 EFLAGS: 00010213 [ 1212.790458][T26003] RAX: 00007ff6f3bf6000 RBX: 00007ff6f6016308 RCX: 00007ff6f5d9ac22 [ 1212.790476][T26003] RDX: 0000000000000003 RSI: 0000000000400000 RDI: 00007ff6f3bf6000 [ 1212.790493][T26003] RBP: 00007ff6f3bf6000 R08: 00000000000000db R09: 0000000000000000 [ 1212.790509][T26003] R10: 0000000000000011 R11: 0000000000000206 R12: 0000000000000003 [ 1212.790525][T26003] R13: 0000000000000002 R14: 0000000000000000 R15: 00007ff6f6015fa0 [ 1212.790562][T26003] [ 1212.790573][T26003] memory: usage 3072kB, limit 3072kB, failcnt 51820 [ 1213.182715][T26003] memory+swap: usage 127752kB, limit 9007199254740988kB, failcnt 0 [ 1213.190937][T26003] kmem: usage 1564kB, limit 9007199254740988kB, failcnt 0 [ 1213.198070][T26003] Memory cgroup stats for /syz6: [ 1213.198239][T26003] cache 774144 [ 1213.206949][T26003] rss 589824 [ 1213.210661][T26003] rss_huge 0 [ 1213.213875][T26003] shmem 770048 [ 1213.217259][T26003] mapped_file 0 [ 1213.221301][T26003] dirty 0 [ 1213.224257][T26003] writeback 0 [ 1213.227555][T26003] workingset_refault_anon 4900 [ 1213.232993][T26003] workingset_refault_file 1691 [ 1213.237766][T26003] swap 127672320 [ 1213.242598][T26003] swapcached 180224 [ 1213.246420][T26003] pgpgin 98192 [ 1213.251311][T26003] pgpgout 97815 [ 1213.254780][T26003] pgfault 49202 [ 1213.258245][T26003] pgmajfault 1643 [ 1213.262461][T26003] inactive_anon 864256 [ 1213.266554][T26003] active_anon 675840 [ 1213.270895][T26003] inactive_file 4096 [ 1213.274976][T26003] active_file 0 [ 1213.278450][T26003] unevictable 0 [ 1213.283043][T26003] hierarchical_memory_limit 3145728 [ 1213.288436][T26003] hierarchical_memsw_limit 9223372036854771712 [ 1213.295380][T26003] total_cache 774144 [ 1213.299653][T26003] total_rss 589824 [ 1213.303386][T26003] total_rss_huge 0 [ 1213.307114][T26003] total_shmem 770048 [ 1213.311592][T26003] total_mapped_file 0 [ 1213.315598][T26003] total_dirty 0 [ 1213.319073][T26003] total_writeback 0 [ 1213.323593][T26003] total_workingset_refault_anon 4900 [ 1213.328875][T26003] total_workingset_refault_file 1691 [ 1213.334561][T26003] total_swap 127672320 [ 1213.338645][T26003] total_swapcached 180224 [ 1213.343619][T26003] total_pgpgin 98192 [ 1213.347534][T26003] total_pgpgout 97815 [ 1213.353093][T26003] total_pgfault 49202 [ 1213.357107][T26003] total_pgmajfault 1643 [ 1213.361702][T26003] total_inactive_anon 864256 [ 1213.366829][T26003] total_active_anon 675840 [ 1213.372176][T26003] total_inactive_file 4096 [ 1213.376802][T26003] total_active_file 0 [ 1213.419908][T26003] total_unevictable 0 [ 1213.423914][T26003] anon_cost 0 [ 1213.427189][T26003] file_cost 0 [ 1213.448556][T26003] oom-kill:constraint=CONSTRAINT_MEMCG,nodemask=(null),cpuset=/,mems_allowed=0-1,oom_memcg=/syz6,task_memcg=/syz6,task=syz.6.6220,pid=25729,uid=0 [ 1213.465046][T26003] Memory cgroup out of memory: Killed process 25729 (syz.6.6220) total-vm:104448kB, anon-rss:1344kB, file-rss:64436kB, shmem-rss:128kB, UID:0 pgtables:224kB oom_score_adj:1000 [ 1213.706363][T26029] input: 00 [ 1213.706363][T26029] as /devices/virtual/input/input25 [ 1213.737285][T26029] FAULT_INJECTION: forcing a failure. [ 1213.737285][T26029] name failslab, interval 1, probability 0, space 0, times 0 [ 1213.815139][T26029] CPU: 0 UID: 0 PID: 26029 Comm: syz.7.6284 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1213.815187][T26029] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1213.815199][T26029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1213.815215][T26029] Call Trace: [ 1213.815225][T26029] [ 1213.815235][T26029] dump_stack_lvl+0x100/0x190 [ 1213.815276][T26029] should_fail_ex.cold+0x5/0xa [ 1213.815322][T26029] should_failslab+0xc2/0x120 [ 1213.815362][T26029] kmem_cache_alloc_noprof+0x83/0x780 [ 1213.815397][T26029] ? __asan_memcpy+0x3c/0x60 [ 1213.815426][T26029] ? __kernfs_new_node+0xd2/0x960 [ 1213.815470][T26029] ? __kernfs_new_node+0xd2/0x960 [ 1213.815503][T26029] __kernfs_new_node+0xd2/0x960 [ 1213.815543][T26029] ? __pfx___kernfs_new_node+0x10/0x10 [ 1213.815591][T26029] ? find_held_lock+0x2b/0x80 [ 1213.815618][T26029] ? kernfs_root+0xee/0x2a0 [ 1213.815654][T26029] ? kernfs_root+0xee/0x2a0 [ 1213.815695][T26029] kernfs_new_node+0x11b/0x1a0 [ 1213.815743][T26029] kernfs_create_link+0xcc/0x240 [ 1213.815787][T26029] sysfs_do_create_link_sd+0x90/0x140 [ 1213.815829][T26029] sysfs_create_link+0x61/0xc0 [ 1213.815863][T26029] device_add+0xb5d/0x1950 [ 1213.815904][T26029] ? __pfx_device_add+0x10/0x10 [ 1213.815946][T26029] ? kobject_get+0xbb/0x150 [ 1213.815987][T26029] cdev_device_add+0x12b/0x270 [ 1213.816025][T26029] evdev_connect+0x3a8/0x4b0 [ 1213.816064][T26029] input_attach_handler.isra.0+0x177/0x1e0 [ 1213.816106][T26029] input_register_device.cold+0x139/0x375 [ 1213.816156][T26029] uinput_ioctl_handler.isra.0+0x8d8/0x1d10 [ 1213.816203][T26029] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1213.816247][T26029] ? __pfx_uinput_ioctl_handler.isra.0+0x10/0x10 [ 1213.816300][T26029] ? find_held_lock+0x2b/0x80 [ 1213.816327][T26029] ? hook_file_ioctl_common+0x146/0x410 [ 1213.816383][T26029] ? __pfx_uinput_ioctl+0x10/0x10 [ 1213.816429][T26029] __x64_sys_ioctl+0x18e/0x210 [ 1213.816475][T26029] do_syscall_64+0xc9/0xf80 [ 1213.816515][T26029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1213.816542][T26029] RIP: 0033:0x7fe631f9aeb9 [ 1213.816564][T26029] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1213.816591][T26029] RSP: 002b:00007fe632edb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1213.816617][T26029] RAX: ffffffffffffffda RBX: 00007fe632215fa0 RCX: 00007fe631f9aeb9 [ 1213.816635][T26029] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000006 [ 1213.816650][T26029] RBP: 00007fe632008c1f R08: 0000000000000000 R09: 0000000000000000 [ 1213.816666][T26029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1213.816680][T26029] R13: 00007fe632216038 R14: 00007fe632215fa0 R15: 00007ffc33135028 [ 1213.816719][T26029] [ 1214.453824][T26029] input: failed to attach handler evdev to device input25, error: -12 [ 1214.913612][T26038] audit: audit_lost=4 audit_rate_limit=0 audit_backlog_limit=64 [ 1214.941434][T26038] audit: out of memory in audit_log_start [ 1215.368074][T23909] Bluetooth: hci6: unexpected event 0x10 length: 440 > 1 [ 1215.371195][T23909] Bluetooth: hci6: hardware error 0x00 [ 1216.419644][T26055] Bluetooth: hci5: command 0x0406 tx timeout [ 1217.614131][T23909] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 1218.563241][T19247] Bluetooth: hci7: Opcode 0x0c03 failed: -110 [ 1218.862512][T26097] netlink: 4 bytes leftover after parsing attributes in process `syz.4.6299'. [ 1218.947649][T26098] netlink: 17 bytes leftover after parsing attributes in process `syz.4.6299'. [ 1223.118572][ T31] INFO: task syz.0.5839:24205 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1223.207739][ T31] Tainted: G U L syzkaller #0 [ 1223.214426][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1223.276370][ T31] task:syz.0.5839 state:D stack:28488 pid:24205 tgid:24204 ppid:5822 task_flags:0x400140 flags:0x00080002 [ 1223.327163][ T31] Call Trace: [ 1223.335251][ T31] [ 1223.359247][ T31] ? __schedule+0xf67/0x5fa0 [ 1223.363865][ T31] __schedule+0xfe6/0x5fa0 [ 1223.377191][ T31] ? __lock_acquire+0x4a5/0x2630 [ 1223.416677][ T31] ? __pfx___schedule+0x10/0x10 [ 1223.436531][ T31] ? find_held_lock+0x2b/0x80 [ 1223.446665][ T31] ? schedule+0x2bf/0x390 [ 1223.451161][ T31] schedule+0xdd/0x390 [ 1223.455282][ T31] schedule_preempt_disabled+0x13/0x30 [ 1223.494733][ T31] __mutex_lock+0xc9a/0x1b90 [ 1223.501250][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 1223.559785][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 1223.593218][ T31] ? net_generic+0xea/0x2a0 [ 1223.615698][ T31] ? net_generic+0xea/0x2a0 [ 1223.698978][ T31] ? nfsd_shutdown_threads+0x5b/0xf0 [ 1223.704335][ T31] nfsd_shutdown_threads+0x5b/0xf0 [ 1223.747119][ T31] nfsd_umount+0x3b/0x60 [ 1223.774809][ T31] deactivate_locked_super+0xc1/0x1b0 [ 1223.780246][ T31] deactivate_super+0xe7/0x110 [ 1223.814599][ T31] cleanup_mnt+0x21f/0x450 [ 1223.819090][ T31] task_work_run+0x150/0x240 [ 1223.823880][ T31] ? __pfx_task_work_run+0x10/0x10 [ 1223.854347][ T31] ? __x64_sys_mount+0x239/0x310 [ 1223.859365][ T31] ? __x64_sys_mount+0x23e/0x310 [ 1223.924016][ T31] exit_to_user_mode_loop+0x100/0x4b0 [ 1223.929469][ T31] ? rcu_is_watching+0x12/0xc0 [ 1223.973781][ T31] do_syscall_64+0x4ea/0xf80 [ 1224.023836][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1224.029793][ T31] RIP: 0033:0x7fdbe6b9aeb9 [ 1224.071961][ T31] RSP: 002b:00007fdbe7980028 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1224.123045][ T31] RAX: fffffffffffffffe RBX: 00007fdbe6e15fa0 RCX: 00007fdbe6b9aeb9 [ 1224.151365][ T31] RDX: 0000200000000100 RSI: 00002000000000c0 RDI: 0000000000000000 [ 1224.172810][ T31] RBP: 00007fdbe6c08c1f R08: 0000000000000000 R09: 0000000000000000 [ 1224.180929][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1224.232392][ T31] R13: 00007fdbe6e16038 R14: 00007fdbe6e15fa0 R15: 00007ffe00b10978 [ 1224.272239][ T31] [ 1224.275436][ T31] [ 1224.275436][ T31] Showing all locks held in the system: [ 1224.312026][ T31] 1 lock held by khungtaskd/31: [ 1224.316935][ T31] #0: ffffffff8e5e3120 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 1224.421551][ T31] 3 locks held by kworker/u8:8/3547: [ 1224.426894][ T31] 2 locks held by sshd-session/5811: [ 1224.441387][ T31] 2 locks held by syz-executor/6366: [ 1224.446723][ T31] 2 locks held by syz.4.1557/10586: [ 1224.455836][ T31] 2 locks held by syz.3.5749/23870: [ 1224.463947][ T31] #0: ffffffff904a2bd0 (cb_lock){++++}-{4:4}, at: genl_rcv+0x19/0x40 [ 1224.530893][ T31] #1: ffffffff8ea476a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_nl_threads_set_doit+0x687/0xbc0 [ 1224.551870][ T31] 2 locks held by syz-executor/23907: [ 1224.557294][ T31] 2 locks held by syz.0.5839/24205: [ 1224.600527][ T31] #0: ffff8880571b40e0 (&type->s_umount_key#58){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1224.630373][ T31] #1: ffffffff8ea476a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1224.660613][ T31] 3 locks held by kworker/0:3/24557: [ 1224.667448][ T31] #0: ffff88813fe15948 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 1224.711081][ T31] #1: ffffc900050f7c98 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 1224.739741][ T31] #2: ffffffff8e5ef7c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1224.761890][ T31] 3 locks held by kworker/u8:7/25328: [ 1224.770470][ T31] #0: ffff88801c29f148 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x11ae/0x1840 [ 1224.792519][ T31] #1: ffffc90018387c98 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x927/0x1840 [ 1224.809454][ T31] #2: ffffffff8e5ef7c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x48/0x6d0 [ 1224.829825][ T31] 2 locks held by syz.2.6134/25359: [ 1224.835068][ T31] #0: ffff888049c180e0 (&type->s_umount_key#58){+.+.}-{4:4}, at: deactivate_super+0xdf/0x110 [ 1224.868916][ T31] #1: ffffffff8ea476a8 (nfsd_mutex){+.+.}-{4:4}, at: nfsd_shutdown_threads+0x5b/0xf0 [ 1224.889007][ T31] 1 lock held by syz.5.6310/26143: [ 1224.895321][ T31] 2 locks held by syz.5.6311/26150: [ 1224.900829][ T31] 1 lock held by syz.7.6319/26154: [ 1224.906147][ T31] #0: ffffffff8e5ef8f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: exp_funnel_lock+0x27f/0x3c0 [ 1224.925303][ T31] [ 1224.927679][ T31] ============================================= [ 1224.927679][ T31] [ 1225.058163][ T31] NMI backtrace for cpu 1 [ 1225.058198][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1225.058238][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1225.058248][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1225.058264][ T31] Call Trace: [ 1225.058274][ T31] [ 1225.058284][ T31] dump_stack_lvl+0x100/0x190 [ 1225.058316][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 1225.058349][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1225.058387][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 1225.058426][ T31] sys_info+0x141/0x190 [ 1225.058455][ T31] watchdog+0xcc3/0xfe0 [ 1225.058489][ T31] ? __pfx_watchdog+0x10/0x10 [ 1225.058518][ T31] ? __kthread_parkme+0x18c/0x230 [ 1225.058546][ T31] ? __pfx_watchdog+0x10/0x10 [ 1225.058574][ T31] ? __pfx_watchdog+0x10/0x10 [ 1225.058593][ T31] kthread+0x3b3/0x730 [ 1225.058624][ T31] ? __pfx_kthread+0x10/0x10 [ 1225.058652][ T31] ? ret_from_fork+0x79/0xaf0 [ 1225.058675][ T31] ? ret_from_fork+0x79/0xaf0 [ 1225.058698][ T31] ? rcu_is_watching+0x12/0xc0 [ 1225.058723][ T31] ? __pfx_kthread+0x10/0x10 [ 1225.058757][ T31] ret_from_fork+0x754/0xaf0 [ 1225.058781][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1225.058809][ T31] ? __switch_to+0x7b9/0x10c0 [ 1225.058840][ T31] ? __pfx_kthread+0x10/0x10 [ 1225.058876][ T31] ret_from_fork_asm+0x1a/0x30 [ 1225.058926][ T31] [ 1225.058935][ T31] Sending NMI from CPU 1 to CPUs 0: [ 1225.206232][ C0] NMI backtrace for cpu 0 [ 1225.206255][ C0] CPU: 0 UID: 0 PID: 1166 Comm: kworker/u8:6 Tainted: G U L syzkaller #0 PREEMPT(full) [ 1225.206291][ C0] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1225.206301][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1225.206318][ C0] Workqueue: events_unbound toggle_allocation_gate [ 1225.206354][ C0] RIP: 0010:insn_get_prefixes+0x900/0x15e0 [ 1225.206383][ C0] Code: 93 f6 48 8b 04 24 41 83 f6 06 44 88 70 51 e9 49 fc ff ff e8 f2 1f 93 f6 48 8b 04 24 48 8d 78 0c 48 b8 00 00 00 00 00 fc ff df <48> 89 fa 48 c1 ea 03 0f b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 [ 1225.206406][ C0] RSP: 0018:ffffc90003f1f6d0 EFLAGS: 00000293 [ 1225.206429][ C0] RAX: dffffc0000000000 RBX: 000000000000000f RCX: ffffffff8b733135 [ 1225.206444][ C0] RDX: ffff8880280c8000 RSI: ffffffff8b732e6e RDI: ffffc90003f1f90c [ 1225.206459][ C0] RBP: ffffffff8263ba8b R08: 0000000000000005 R09: 0000000000000010 [ 1225.206474][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 1225.206488][ C0] R13: 00000000000000e9 R14: 0000000000816000 R15: 00000000000000e9 [ 1225.206504][ C0] FS: 0000000000000000(0000) GS:ffff8881245e2000(0000) knlGS:0000000000000000 [ 1225.206525][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1225.206541][ C0] CR2: 0000001b333f0ff8 CR3: 000000000e392000 CR4: 00000000003526f0 [ 1225.206557][ C0] Call Trace: [ 1225.206564][ C0] [ 1225.206573][ C0] ? __kmalloc_noprof+0x11a/0x9c0 [ 1225.206598][ C0] ? __kmalloc_noprof+0x10b/0x9c0 [ 1225.206622][ C0] insn_get_opcode+0x82/0x11b0 [ 1225.206652][ C0] insn_get_modrm+0x84/0x790 [ 1225.206678][ C0] insn_get_displacement+0x2f9/0x960 [ 1225.206706][ C0] insn_get_immediate+0x84/0x1e00 [ 1225.206730][ C0] ? __asan_memset+0x23/0x50 [ 1225.206756][ C0] insn_decode+0x21d/0x320 [ 1225.206781][ C0] arch_jump_entry_size+0xb6/0x150 [ 1225.206812][ C0] ? __pfx_arch_jump_entry_size+0x10/0x10 [ 1225.206848][ C0] ? __kmalloc_noprof+0x10b/0x9c0 [ 1225.206869][ C0] ? __kmalloc_noprof+0x11a/0x9c0 [ 1225.206890][ C0] ? __kmalloc_noprof+0x10b/0x9c0 [ 1225.206914][ C0] ? __kmalloc_noprof+0x3ac/0x9c0 [ 1225.206937][ C0] ? __kmalloc_noprof+0x10b/0x9c0 [ 1225.206957][ C0] __jump_label_patch+0x85/0x3e0 [ 1225.206991][ C0] arch_jump_label_transform_queue+0x7e/0x120 [ 1225.207024][ C0] ? find_held_lock+0x2b/0x80 [ 1225.207047][ C0] __jump_label_update+0xd7/0x380 [ 1225.207073][ C0] jump_label_update+0x37a/0x550 [ 1225.207096][ C0] static_key_disable_cpuslocked+0x162/0x1c0 [ 1225.207121][ C0] static_key_disable+0x1a/0x20 [ 1225.207142][ C0] toggle_allocation_gate+0x149/0x2d0 [ 1225.207172][ C0] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 1225.207204][ C0] ? process_one_work+0x80b/0x1840 [ 1225.207238][ C0] ? rcu_is_watching+0x12/0xc0 [ 1225.207267][ C0] process_one_work+0x9c2/0x1840 [ 1225.207304][ C0] ? __pfx_process_one_work+0x10/0x10 [ 1225.207343][ C0] ? assign_work+0x19c/0x250 [ 1225.207377][ C0] worker_thread+0x5da/0xe40 [ 1225.207421][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1225.207456][ C0] ? kthread+0x17d/0x730 [ 1225.207486][ C0] ? __pfx_worker_thread+0x10/0x10 [ 1225.207519][ C0] kthread+0x3b3/0x730 [ 1225.207551][ C0] ? __pfx_kthread+0x10/0x10 [ 1225.207580][ C0] ? ret_from_fork+0x79/0xaf0 [ 1225.207601][ C0] ? ret_from_fork+0x79/0xaf0 [ 1225.207623][ C0] ? rcu_is_watching+0x12/0xc0 [ 1225.207645][ C0] ? __pfx_kthread+0x10/0x10 [ 1225.207676][ C0] ret_from_fork+0x754/0xaf0 [ 1225.207699][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 1225.207722][ C0] ? __switch_to+0x7b9/0x10c0 [ 1225.207750][ C0] ? __pfx_kthread+0x10/0x10 [ 1225.207782][ C0] ret_from_fork_asm+0x1a/0x30 [ 1225.207824][ C0] [ 1225.306523][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1225.306556][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G U L syzkaller #0 PREEMPT(full) [ 1225.306597][ T31] Tainted: [U]=USER, [L]=SOFTLOCKUP [ 1225.306608][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 1225.306625][ T31] Call Trace: [ 1225.306636][ T31] [ 1225.306646][ T31] dump_stack_lvl+0x100/0x190 [ 1225.306682][ T31] vpanic+0x20d/0x630 [ 1225.306709][ T31] panic+0xd1/0xd1 [ 1225.306732][ T31] ? __pfx_panic+0x10/0x10 [ 1225.306764][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 1225.306804][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 1225.306843][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 1225.306880][ T31] ? watchdog.cold+0x198/0x1ca [ 1225.306906][ T31] ? watchdog+0xcd3/0xfe0 [ 1225.306935][ T31] watchdog.cold+0x1a9/0x1ca [ 1225.306972][ T31] ? __pfx_watchdog+0x10/0x10 [ 1225.307000][ T31] ? __kthread_parkme+0x18c/0x230 [ 1225.307032][ T31] ? __pfx_watchdog+0x10/0x10 [ 1225.307060][ T31] ? __pfx_watchdog+0x10/0x10 [ 1225.307085][ T31] kthread+0x3b3/0x730 [ 1225.307121][ T31] ? __pfx_kthread+0x10/0x10 [ 1225.307155][ T31] ? ret_from_fork+0x79/0xaf0 [ 1225.307179][ T31] ? ret_from_fork+0x79/0xaf0 [ 1225.307204][ T31] ? rcu_is_watching+0x12/0xc0 [ 1225.307230][ T31] ? __pfx_kthread+0x10/0x10 [ 1225.307267][ T31] ret_from_fork+0x754/0xaf0 [ 1225.307292][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1225.307320][ T31] ? __switch_to+0x7b9/0x10c0 [ 1225.307352][ T31] ? __pfx_kthread+0x10/0x10 [ 1225.307389][ T31] ret_from_fork_asm+0x1a/0x30 [ 1225.307446][ T31] [ 1225.728171][ T31] Kernel Offset: disabled [ 1225.732491][ T31] Rebooting in 86400 seconds..