last executing test programs: 3m23.102874338s ago: executing program 2 (id=298): r0 = openat$auto_proc_pid_maps_operations_internal(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/maps\x00', 0x80101, 0x0) mmap$auto(0x200000ffffff, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) ioctl$auto_PROCMAP_QUERY(r0, 0xc0686611, &(0x7f0000000180)={0x7f, 0x3b, 0x9, 0x81, 0x6, 0x8001, 0x7d6, 0x9a, 0x1, 0xbfaf, 0x7, 0x1, 0x10d9b, 0x8000000000, 0x2}) 3m23.03154065s ago: executing program 2 (id=299): close_range$auto(0x0, 0xfffffffffffff000, 0x2) (async) openat$auto_vhci_fops_hci_vhci(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async) r0 = socket(0x11, 0xa, 0x9) (async) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x0) sysfs$auto(0x2, 0x5, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) timerfd_create$auto(0x9, 0x0) (async) ioctl$auto(0x3, 0x40085400, 0x5) (async) preadv2$auto(0x3, &(0x7f0000001000)={0x0, 0x9}, 0x5, 0xffffffffffffffff, 0x7, 0x2e) (async, rerun: 32) openat$auto_proc_mountinfo_operations_mnt_namespace(0xffffffffffffff9c, &(0x7f0000000000)='/proc/cpuinfo\x00', 0x10280, 0x0) (rerun: 32) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/sequencer\x00', 0x787806, 0x0) (async) close_range$auto(0x2, 0x8, 0x0) (async) r3 = socket(0x10, 0xa, 0x4) sendmsg$auto_NL80211_CMD_NEW_STATION(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000200)={&(0x7f0000000480)=ANY=[@ANYBLOB="380000003daca55d9023509c75122f2b67e5e4ce11367f0c58ad0df31b5e433713cd2059ed889bc12c57f06ac0b91b95fb5b8aa129e3aa42ee9f8ed17c70c289eb5e3ed1e8cc9e393f0b21df733bb3e1c2b50ca56fcc73b9dfffb17924bf27c1bb105936d39d47ccad0c3f8419a6d50f62df892339a517e57c3da862960eb1d98cb22142", @ANYRES16=0x0, @ANYBLOB="00012dbd7000fcdbdf251300000008009e00020000000800c400020000000400b8000600eb00040000000800c40005000000"], 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x40000) (async) close_range$auto(0x2, 0x8, 0x0) (async) socket(0x10, 0x2, 0xc) r4 = syz_genetlink_get_family_id$auto_smc_gen_netlink(&(0x7f00000000c0), r1) sendmsg$auto_SMC_NETLINK_GET_DEV_SMCD(r1, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0xc00}, 0xc, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="8c000000709174a709ac79fc3fc63d9dbed2e9ae832fa0620c3e328b61b480f6b7bfc3c79333b68c1fda57e32efc3da59b7d3243da88f404aa9219969a642542aee3edec008ddd933db2ec67dc4a500892c14296364f8c3178e6919a9b4fc4bb9e7f625f902ed52dd245a7ae", @ANYRES16=r4, @ANYBLOB="010026bd7000fbdbdf250500000069a4a12fcfda7c08500f34d2b1d394a959f1dccd8c92f8fb55b2526527d1ae010179315f890ae9bfe15fd29c53b72941aefe1521c67bab59f54d9ad791c6398e23d3f20992d981f8779a7ba99456bc75533409dfe7926baf7a01c48e4da963d6ccea29c196ed362d5ab6923a793be29731b633585c34f200"], 0x8c}, 0x1, 0x0, 0x0, 0x20000000}, 0x2000) (async, rerun: 64) socket(0x2, 0x1, 0x0) (async, rerun: 64) mq_notify$auto(0x3, 0x0) (async) sendmsg$auto_ETHTOOL_MSG_CHANNELS_GET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000440)=ANY=[@ANYRES64=0x0, @ANYRES8=r0, @ANYRES8=r2], 0x18}, 0x1, 0x0, 0x0, 0x60008004}, 0x2000c082) write$auto(r3, &(0x7f0000000000)='-\x00', 0xfdef) (async) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) (async, rerun: 64) close_range$auto(0x0, 0xfffffffffffff000, 0x4000000000002) (async, rerun: 64) fanotify_init$auto(0x1f53, 0x2000000000002) (async) open(&(0x7f0000000000)='./file0\x00', 0x4bb43, 0x100) (async) socket(0x26, 0x80805, 0x0) (async, rerun: 64) clone$auto(0x20003b4a, 0x8, 0x0, 0x0, 0x2) (async, rerun: 64) pidfd_getfd$auto(0x3, 0x1, 0x100000000) 3m21.294722534s ago: executing program 2 (id=310): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002c80)='/dev/audio1\x00', 0x101800, 0x0) socket(0x2, 0x2, 0x1) r0 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x0, 0x0) readv$auto(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xd}, 0x8) r1 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322ddc) r2 = open_by_handle_at$auto(r1, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/module/parameters/sig_enforce\x00', 0x1, 0x0) sendfile$auto(r2, r1, 0x0, 0x2) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sys/net/ipv4/conf/all/rp_filter\x00', 0x442a81, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'hsr0\x00'}) ioctl$sock_SIOCGIFINDEX(r3, 0x89b1, &(0x7f0000000900)={'syz_tun\x00'}) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) quotactl$auto(0x1, &(0x7f0000000a80)='net-shaper\x00', 0xee00, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xf15a}, 0x6, 0x8, 0x5) mmap$auto(0x0, 0x2020009, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) r4 = socket(0x15, 0x5, 0x0) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') unshare$auto(0x40000080) write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00J:\xdd\xfc\xb6\xc6\x0f\xaf\xe3\x0f\xd1V\xb1yz\\\xa6\xed\ag+\xa3p(\xe2\x1b\xdc7\x1b\xc4TM}\xce\x90\xfa9\x957\xec\xd8\xe0TC\x86\xad\xe1G\xc7\xd4\x96\x12h\x84;Y\xe2\x03i\xa1)`\n\xc3\xfeR\x06\x03\xf5/@\xf0\'\xb9\xdf\xe1\xef\v\x19B\xc0\xe2\xac\xa5^\x01D\xef\xaf#\xbc\xa5\xf9J\xdc\xc3),=1\b\x05\x9d\x82\xd4\'\xe8\xfe\xfd\x9a\x9f\x00\x00\x00\x00\x00\x00\x00\x00', 0x7f) writev$auto(r4, &(0x7f0000000140)={&(0x7f0000000040)="2e4a68c27a01b1d2b299226dfa21fb52520c500021022a4393fa346001e72254a9a4f67fdb2e617d490f90a38fe4fc723eb7b727db8311a883ea86ce9dcd4989f6e9a39409", 0xc4}, 0x9) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002740)='/dev/input/event0\x00', 0x121042, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/event0\x00', 0x2, 0x0) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f00000000c0), 0xd85ac1, 0x0) 3m14.97719307s ago: executing program 2 (id=332): mmap$auto(0x0, 0x20009, 0xdf, 0xeb1, 0x401, 0x8000) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{&(0x7f0000000040), 0x12, 0x0, 0x9, 0x0, 0x1f, 0x101}, 0x8}, 0x7, 0x20020000) madvise$auto(0x0, 0x7fffffffffffffff, 0xa) mmap$auto(0x0, 0x400008, 0x5d, 0x9b72, 0x2, 0x8000) mmap$auto(0x0, 0x2020009, 0x2000000000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) r0 = socket(0xa, 0x801, 0x84) getsockopt$auto(r0, 0x84, 0x4, 0x0, 0x0) setresuid$auto(0x0, 0x8, 0x8000) ioprio_set$auto(0x3, 0x0, 0x4b34) setresuid$auto(0x8000000000000001, 0x1, 0x200) mlockall$auto(0x7) madvise$auto(0x8000, 0x87fff, 0xc) clone$auto(0x9001, 0x5, 0xffffffffffffffff, 0xfffffffffffffffc, 0x6) r1 = ioctl$auto_SIOCSIFHWADDR2(0xffffffffffffffff, 0x8924, &(0x7f0000000040)="d1325f9d351927cad155b44e129ea6145007494e138ad265e324350af517888d4f50609fd3d5dd26816b19c9503cef84467ffd57656577a3d1a4103b179bc977") syz_genetlink_get_family_id$auto_l2tp(&(0x7f00000000c0), r1) r2 = bpf$auto(0xf7fff011, &(0x7f0000000000)=@test={0xffffffffffffffff, 0x4, 0xfaae, 0x8, 0x9, 0x2, 0x8, 0x3, 0x4, 0x1ff, 0x4, 0xb5, 0x4, 0x806, 0xd9ee}, 0xa3) writev$auto(0xca, &(0x7f0000000080)={&(0x7f0000000040), 0x1}, 0x200) r3 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2401, 0x0) statx$auto(r1, &(0x7f0000000100)='./file0\x00', 0xfffffffc, 0x0, &(0x7f0000000180)={0x5, 0xa3, 0x10, 0x80000000, 0xee01, 0xffffffffffffffff, 0x7ff, 0xf001, 0x7, 0x541, 0x6, 0x6, {0x2, 0x1}, {0x473e, 0xffffffff}, {0x2, 0x1000}, {0x5, 0x2}, 0x6, 0x10001, 0x80000000, 0x7fff, 0x1, 0x4, 0x7, 0x1, 0x0, 0x6, 0x3e3, 0x985, [0x10001, 0x10001, 0xfffffffffffffff8, 0x80000000, 0x3, 0xe, 0x80000001, 0x4, 0x4]}) r5 = setfsuid$auto(0xee00) r6 = setfsuid$auto(0xee01) setresuid$auto(r5, r6, r5) ioctl$auto_KVM_HAS_DEVICE_ATTR(r2, 0x4018aee3, &(0x7f0000000280)={0x401, 0xee00, 0x8, 0xffffffffffffffff}) keyctl$auto(0x80000001, r4, r5, r7, 0x2) ioctl$auto_SNAPSHOT_SET_SWAP_AREA(r3, 0x400c330d, 0x0) openat$auto_lockdown_ops_lockdown(0xffffffffffffff9c, &(0x7f0000000040), 0x80001, 0x0) 3m9.264202913s ago: executing program 2 (id=346): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x1880, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0) mmap$auto(0x0, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0x40802, 0x0) read$auto(r2, 0x0, 0x100000001) r3 = io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0xa, 0x0) r4 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000040)='/dev/media11\x00', 0x40, 0x0) ioctl$auto_media_devnode_fops_mc_devnode(r4, 0x80047c05, 0x0) ioctl$auto_BTRFS_IOC_TREE_SEARCH(r3, 0x7c80, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x6, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x5, 0x8000000000000006]}, 0x0) r6 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002f00)='/dev/input/event0\x00', 0x200, 0x0) r7 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/msr/perf_event_mux_interval_ms\x00', 0x982, 0x0) sendfile$auto(r7, r7, 0x0, 0x3) ioctl$auto_EVIOCGEFFECTS(r6, 0x80044584, &(0x7f0000002f40)=0x2) mmap$auto(0x20000000000000, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0x45, 0x0, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) 3m3.074389978s ago: executing program 2 (id=362): socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x14, r1, 0x100, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000811) madvise$auto(0x0, 0x400053, 0x9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) r5 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da06, 0x6, 0x2000000000000102, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) madvise$auto(0x80010002, 0x0, 0x7f9) r6 = waitid$auto(0x9, r2, &(0x7f0000000740)={@_si_pad}, 0x100, &(0x7f00000007c0)={{0x3, 0x1}, {0x6, 0x1}, 0x3ff, 0x1, 0xfffffffffffff41c, 0x3ff, 0x0, 0x1ff, 0x3, 0x8, 0x3, 0x1, 0x3a63203e, 0xd, 0x80, 0x9}) r7 = wait4$auto(0xffffffffffffffff, &(0x7f0000000880)=0x8000, 0x9, &(0x7f00000008c0)={{0x3, 0xfffffffffffffc01}, {0x0, 0x1}, 0x6, 0x7, 0x200, 0x1, 0x6, 0x3, 0x7fffffff, 0x200, 0x5, 0x323d, 0x80000000, 0x73, 0xffffffff, 0x7fffffffffffffff}) r8 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r4, 0x8004b709, &(0x7f0000000980)=0xc) r9 = getpid() process_vm_readv$auto(r9, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0x82}, 0x6, 0x0) r10 = getpid() process_vm_readv$auto(r10, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0) syz_clone3(&(0x7f0000000a00)={0x8000000, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240), {0x40}, &(0x7f0000000340)=""/75, 0x4b, &(0x7f00000006c0)=""/124, &(0x7f00000009c0)=[0x0, 0x0, r6, r7, r8, r9, 0xffffffffffffffff, r10], 0x8, {r5}}, 0x58) madvise$auto(0x0, 0x400053, 0x9) 2m47.892318302s ago: executing program 32 (id=362): socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x14, r1, 0x100, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000811) madvise$auto(0x0, 0x400053, 0x9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) r5 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da06, 0x6, 0x2000000000000102, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) madvise$auto(0x80010002, 0x0, 0x7f9) r6 = waitid$auto(0x9, r2, &(0x7f0000000740)={@_si_pad}, 0x100, &(0x7f00000007c0)={{0x3, 0x1}, {0x6, 0x1}, 0x3ff, 0x1, 0xfffffffffffff41c, 0x3ff, 0x0, 0x1ff, 0x3, 0x8, 0x3, 0x1, 0x3a63203e, 0xd, 0x80, 0x9}) r7 = wait4$auto(0xffffffffffffffff, &(0x7f0000000880)=0x8000, 0x9, &(0x7f00000008c0)={{0x3, 0xfffffffffffffc01}, {0x0, 0x1}, 0x6, 0x7, 0x200, 0x1, 0x6, 0x3, 0x7fffffff, 0x200, 0x5, 0x323d, 0x80000000, 0x73, 0xffffffff, 0x7fffffffffffffff}) r8 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r4, 0x8004b709, &(0x7f0000000980)=0xc) r9 = getpid() process_vm_readv$auto(r9, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0x82}, 0x6, 0x0) r10 = getpid() process_vm_readv$auto(r10, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0) syz_clone3(&(0x7f0000000a00)={0x8000000, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240), {0x40}, &(0x7f0000000340)=""/75, 0x4b, &(0x7f00000006c0)=""/124, &(0x7f00000009c0)=[0x0, 0x0, r6, r7, r8, r9, 0xffffffffffffffff, r10], 0x8, {r5}}, 0x58) madvise$auto(0x0, 0x400053, 0x9) 7.609254271s ago: executing program 4 (id=1023): mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket(0x1e, 0x4, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000180)='/dev/tty60\x00', 0x161203, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/audio\x00', 0x20b42, 0x0) io_uring_setup$auto(0xb, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$auto_urandom_fops_random(0xffffffffffffff9c, &(0x7f00000008c0), 0x400, 0x0) openat$auto_rfkill_fops_core(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x101e81, 0x0) socketpair$auto(0x4004, 0x2, 0xfff, 0x0) ioctl$auto_TIOCSETD2(r0, 0x5423, 0x0) write$auto(r0, 0x0, 0x1) shmctl$auto_IPC_INFO(0x5, 0x3, 0x0) mmap$auto(0x0, 0x4005, 0x2, 0x40eb2, 0x401, 0x300000000000) sendmsg$auto_NL802154_CMD_SET_WPAN_PHY_NETNS(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) r1 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ram7\x00', 0x14f602, 0x0) getrandom$auto(0x0, 0x6000000, 0x3) mmap$auto(0x0, 0x810004, 0x2000000efb, 0x8000000008011, r1, 0x8000) madvise$auto(0x1000000, 0x400053, 0x9) 5.849618371s ago: executing program 4 (id=1030): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x1880, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0) mmap$auto(0x0, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0x40802, 0x0) read$auto(r2, 0x0, 0x100000001) io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0xa, 0x0) r3 = openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000040)='/dev/media11\x00', 0x40, 0x0) ioctl$auto_media_devnode_fops_mc_devnode(r3, 0x80047c05, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x6, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x5, 0x8000000000000006]}, 0x0) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002f00)='/dev/input/event0\x00', 0x200, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/msr/perf_event_mux_interval_ms\x00', 0x982, 0x0) sendfile$auto(r6, r6, 0x0, 0x3) ioctl$auto_EVIOCGEFFECTS(r5, 0x80044584, &(0x7f0000002f40)=0x2) mmap$auto(0x20000000000000, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0x45, 0x0, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 5.763850531s ago: executing program 0 (id=1031): mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) close_range$auto(0x2, 0x8, 0x0) memfd_create$auto(0x0, 0xe) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) read$auto(0x3, 0x0, 0x80) r0 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) r1 = openat$auto_ftrace_set_event_pid_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event_pid\x00', 0x22b01, 0x0) writev$auto(r1, &(0x7f00000002c0)={0x0, 0x3}, 0x5) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) name_to_handle_at$auto(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x0, 0x10}, 0x0, 0x1001) setsockopt$auto(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x4) socket(0x11, 0x3, 0x9) r2 = socket(0xa, 0x3, 0x3a) mmap$auto(0xf1, 0x2020009, 0x3, 0xeb1, r2, 0x4) getsockopt$auto(r2, 0x2a, 0x36, 0x0, 0x0) getrlimit$auto(0x3, 0x0) ioctl$auto_BLKPBSZGET(r0, 0x127b, 0x0) r3 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/nullb0\x00', 0x60742, 0x0) ioctl$auto_BLKZEROOUT(r3, 0x127f, 0x10000000000000) 5.412774274s ago: executing program 0 (id=1033): openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, 0x0, 0x80102, 0x0) sendmmsg$auto(0xffffffffffffffff, &(0x7f0000000140)={{0x0, 0x2, 0x0, 0xe3, 0x0, 0x89b, 0x10b}, 0x5}, 0x10001, 0xc5c) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x6, 0x8000) close_range$auto(0x2, 0x8, 0x0) io_uring_setup$auto(0x6, 0x0) r0 = socket(0x10, 0x2, 0x0) syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[], 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x20000800) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x2, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x0, 0x9}, 0x7}, 0x3, 0x0) recvmmsg$auto(r0, &(0x7f0000000100)={{0x0, 0x4, &(0x7f0000000080)={&(0x7f0000000040), 0xcb}, 0x3, 0x0, 0x80000000, 0x6}, 0x9}, 0x7, 0x6, 0x0) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={0x0, 0x1ac}, 0x1, 0x0, 0x0, 0x4004810}, 0x800) sendmsg$auto_CTRL_CMD_GETPOLICY(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="14000000", @ANYRES16, @ANYBLOB='\a'], 0x14}, 0x1, 0x0, 0x0, 0x20008000}, 0x10004010) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="72010000", @ANYBLOB="1a00"], 0x1ac}}, 0x40000) sendmsg$auto_NL80211_CMD_GET_REG(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=ANY=[@ANYBLOB="5e010000", @ANYBLOB="19"], 0x1ac}}, 0x40000) sendmmsg$auto(0x3, &(0x7f0000000080)={{0x0, 0x1c03, &(0x7f00000002c0)={0x0, 0xc4}, 0x1, 0x0, 0x500, 0x9}, 0x7}, 0x3, 0x0) 5.214319907s ago: executing program 0 (id=1034): socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x14, r1, 0x100, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000811) madvise$auto(0x0, 0x400053, 0x9) r2 = io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da06, 0x6, 0x2000000000000102, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) madvise$auto(0x80010002, 0x0, 0x7f9) waitid$auto(0x9, r2, &(0x7f0000000740)={@_si_pad}, 0x100, &(0x7f00000007c0)={{0x3, 0x1}, {0x6, 0x1}, 0x3ff, 0x1, 0xfffffffffffff41c, 0x3ff, 0x0, 0x1ff, 0x3, 0x8, 0x3, 0x1, 0x3a63203e, 0xd, 0x80, 0x9}) wait4$auto(0xffffffffffffffff, &(0x7f0000000880)=0x8000, 0x9, &(0x7f00000008c0)={{0x3, 0xfffffffffffffc01}, {0x0, 0x1}, 0x6, 0x7, 0x200, 0x1, 0x6, 0x3, 0x7fffffff, 0x200, 0x5, 0x323d, 0x80000000, 0x73, 0xffffffff, 0x7fffffffffffffff}) ioctl$auto_NS_GET_TGID_IN_PIDNS(r4, 0x8004b709, &(0x7f0000000980)=0xc) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0x82}, 0x6, 0x0) r6 = getpid() process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0) madvise$auto(0x0, 0x400053, 0x9) close_range$auto(0x2, 0x8, 0x0) 5.006457497s ago: executing program 3 (id=1035): r0 = socket(0x3, 0x5, 0xc3dc) r1 = getpgid(0x0) prctl$auto_SIGCONT(0x4, 0x12, r1, 0x8, 0x0) bind$auto(r0, &(0x7f0000000040)=@nl=@proc={0x10, 0x0, 0x25dfdbff, 0x2}, 0xe) statmount$auto(0x0, &(0x7f00000005c0)={0x0, 0x2, 0x7, 0x5, 0x7, 0x6, 0x10000, 0x1, 0xa, 0x8, 0x6, 0x9, 0x5, 0x4, 0x1ff, 0x2, 0x8, 0x10000, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], "55f3bd0ae72e22e38504ce0b16c9b02193208f66209b0eff929476da3a1deffd50813c7bfc2ce75701108b9bbcede1420f1603000f1bf163b4ce32fca3383c42a1df07ec16f12c18cd75da9cd01a2645c7b588e0a2e3d26c43fe0da2bc5a5936f4a60d4b9992a97b2282e9fdaee1ed23347fc132e795b31306c37015b97233f1917af51a0974779eacb6bd397fb889522159ddb91ff5a1bd2413"}, 0x800000000006, 0x1000000) openat$auto_regulator_summary_fops_(0xffffffffffffff9c, &(0x7f0000000280), 0x103000, 0x0) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) socket(0x2, 0x80802, 0x0) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x6d) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) write$auto(r2, &(0x7f0000000000)='/sys/kernel/security/integrity/evm/evm_xattrs\x00', 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) pidfd_open$auto(0x1, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x0, 0x9, 0x6, 0x63, 0x0, 0xee01, 0x0, 0x8, 0x1ff, 0x40000002, 0x40000402, 0x9, 0x9, 0x2, 0x9, 0x6, 0x200000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) close_range$auto(0x2, 0x8, 0x0) 4.89493014s ago: executing program 1 (id=1036): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x1880, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0) mmap$auto(0x0, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0x40802, 0x0) read$auto(r2, 0x0, 0x100000001) r3 = io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000040)='/dev/media11\x00', 0x40, 0x0) ioctl$auto_BTRFS_IOC_TREE_SEARCH(r3, 0x7c80, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x6, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x5, 0x8000000000000006]}, 0x0) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002f00)='/dev/input/event0\x00', 0x200, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/msr/perf_event_mux_interval_ms\x00', 0x982, 0x0) sendfile$auto(r6, r6, 0x0, 0x3) ioctl$auto_EVIOCGEFFECTS(r5, 0x80044584, &(0x7f0000002f40)=0x2) mmap$auto(0x20000000000000, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0x45, 0x0, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 4.582490987s ago: executing program 0 (id=1037): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x1880, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0) mmap$auto(0x0, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0x40802, 0x0) read$auto(r2, 0x0, 0x100000001) r3 = io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000040)='/dev/media11\x00', 0x40, 0x0) ioctl$auto_BTRFS_IOC_TREE_SEARCH(r3, 0x7c80, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x6, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x5, 0x8000000000000006]}, 0x0) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002f00)='/dev/input/event0\x00', 0x200, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/msr/perf_event_mux_interval_ms\x00', 0x982, 0x0) sendfile$auto(r6, r6, 0x0, 0x3) ioctl$auto_EVIOCGEFFECTS(r5, 0x80044584, &(0x7f0000002f40)=0x2) mmap$auto(0x20000000000000, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0x45, 0x0, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 4.40546959s ago: executing program 3 (id=1038): mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) madvise$auto(0x0, 0x8000000000000001, 0x15) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x40008000) shutdown$auto(0x200000003, 0x2) io_uring_setup$auto(0x6, 0x0) setsockopt$auto(0x3, 0x1, 0x2e, 0x0, 0x9) socketcall$auto_SYS_ACCEPT(0x5, &(0x7f0000000040)=0x8000000000000) r0 = syz_genetlink_get_family_id$auto_macsec(&(0x7f0000001900), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$auto_MACSEC_CMD_GET_TXSC(r1, &(0x7f00000000c0)={0x0, 0xf000, &(0x7f0000000000)={&(0x7f0000000740)={0x14, r0, 0x186f202170196f7b, 0x703d26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x200008d0}, 0x40080c4) 4.159241309s ago: executing program 3 (id=1039): openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000002c80)='/dev/audio1\x00', 0x101800, 0x0) socket(0x2, 0x2, 0x1) r0 = openat$auto_bm_entry_operations_binfmt_misc(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x0, 0x0) readv$auto(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xd}, 0x8) r1 = open(&(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x80400, 0xb5d1af1605322ddc) r2 = open_by_handle_at$auto(r1, &(0x7f0000001280)={0x8, 0x2, "0200000000000000"}, 0x6) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/module/module/parameters/sig_enforce\x00', 0x1, 0x0) sendfile$auto(r2, r1, 0x0, 0x2) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000280)={'hsr0\x00'}) ioctl$sock_SIOCGIFINDEX(r3, 0x89b1, &(0x7f0000000900)={'syz_tun\x00'}) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) quotactl$auto(0x1, &(0x7f0000000a80)='net-shaper\x00', 0xee00, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/platform/vhci_hcd.0/usbip_debug\x00', 0x8002, 0x0) openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/domain_policy\x00', 0x40602, 0x0) preadv$auto(0x40000000000003, &(0x7f0000000080)={0x0, 0xf15a}, 0x6, 0x8, 0x5) mmap$auto(0x0, 0x2020009, 0x6, 0xf8, 0xfffffffffffffffa, 0x8000) r4 = socket(0x15, 0x5, 0x0) acct$auto(&(0x7f0000000100)='./cgroup/cgroup.subtree_control\x00') unshare$auto(0x40000080) write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00J:\xdd\xfc\xb6\xc6\x0f\xaf\xe3\x0f\xd1V\xb1yz\\\xa6\xed\ag+\xa3p(\xe2\x1b\xdc7\x1b\xc4TM}\xce\x90\xfa9\x957\xec\xd8\xe0TC\x86\xad\xe1G\xc7\xd4\x96\x12h\x84;Y\xe2\x03i\xa1)`\n\xc3\xfeR\x06\x03\xf5/@\xf0\'\xb9\xdf\xe1\xef\v\x19B\xc0\xe2\xac\xa5^\x01D\xef\xaf#\xbc\xa5\xf9J\xdc\xc3),=1\b\x05\x9d\x82\xd4\'\xe8\xfe\xfd\x9a\x9f\x00\x00\x00\x00\x00\x00\x00\x00', 0x7f) writev$auto(r4, &(0x7f0000000140)={&(0x7f0000000040)="2e4a68c27a01b1d2b299226dfa21fb52520c500021022a4393fa346001e72254a9a4f67fdb2e617d490f90a38fe4fc723eb7b727db8311a883ea86ce9dcd4989f6e9a39409", 0xc4}, 0x9) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002740)='/dev/input/event0\x00', 0x121042, 0x0) mmap$auto(0x0, 0x4020009, 0x6, 0xeb1, 0x401, 0x8000) openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000000080)='/dev/input/event0\x00', 0x2, 0x0) openat$auto_binder_ctl_fops_binderfs(0xffffffffffffff9c, &(0x7f00000000c0), 0xd85ac1, 0x0) mbind$auto(0x2, 0x7, 0x0, 0x0, 0x3, 0x7) 3.573117588s ago: executing program 4 (id=1040): add_key$auto_KEY_SPEC_SESSION_KEYRING(&(0x7f0000000440)='keyring\x00', 0x0, &(0x7f00000004c0), 0xff, 0xfffffffffffffffd) prctl$auto_PR_SYS_DISPATCH_ON(0x1000, 0x1, 0xffffffffffffffff, 0x4, 0x7) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @remote}, 0x6a) mmap$auto(0x0, 0x2020009, 0x3, 0x800000000000eb1, 0xfffffffffffffffa, 0x8000) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) set_mempolicy$auto(0x2, &(0x7f0000000080)=0x7e, 0x4) mmap$auto(0x0, 0xd561, 0x10000000000df, 0xeb2, 0xffffffffffffffff, 0x8000) r1 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/thread-self/net/udp6\x00', 0x600, 0x0) r2 = openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, 0x0, 0x1, 0x0) write$auto_seq_oss_f_ops_seq_oss(r2, &(0x7f00000004c0)="445cc19989", 0x5) socket(0xa, 0x1, 0x84) setsockopt$auto(0x3, 0x10000000084, 0x7d, 0x0, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0x40000000000eb1, 0x401, 0x8000) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) mmap$auto(0x2, 0x202000a, 0x3, 0xeb1, r2, 0x20000000008000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) close_range$auto(0x2, 0xa, 0x0) socket(0x18, 0xa, 0x1) socket(0xa, 0x2, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x201, 0x0) connect$auto(0x3, &(0x7f00000018c0)=@generic={0xa, "ab06fdffff00fff500"}, 0x55) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x8000000) sendmmsg$auto(0x3, 0x0, 0x9a6, 0x0) pread64$auto(r1, 0x0, 0x202, 0xfffff000) timer_create$auto(0x2, 0x0, 0x0) timer_settime$auto(0x0, 0x3, &(0x7f00000000c0)={{0x26b, 0x4}, {0x0, 0x83}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) close_range$auto(0x2, 0x8, 0x0) 2.895827652s ago: executing program 0 (id=1041): unshare$auto(0x40000080) r0 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) r1 = prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r0, &(0x7f00000000c0)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xed\xf8\xe1\xbc\x1d\x91D\xe7R\x12\xc4\xcd\xc6\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY2@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf>f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8\xcb?(', 0x100000a3dd) openat$auto_seq_oss_f_ops_seq_oss(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x281, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/queues\x00', 0x20000, 0x0) read$auto_proc_reg_file_ops_compat_inode(r2, &(0x7f00000001c0)=""/218, 0xda) write$auto(0xffffffffffffffff, 0x0, 0x8) write$auto(0xca, &(0x7f00000000c0)='\x04>\x01\x01\x00\x00\x00\x10\x00\x00\x00\x00\x00\x00\x00\x96\b\'\x02\xb0\x93l\xeb\x87\r\b\x87\x14\xf8e6\x9c\f\xb6,NS\xa2(Q\xcc', 0x7f) statmount$auto(0x0, 0x0, 0x0, 0xd) unshare$auto(0x40000080) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) listen$auto(0xffffffffffffffff, 0x0) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x108000) madvise$auto(0x0, 0x20000a, 0x8) mmap$auto(0x0, 0x6, 0x3, 0xeb1, 0x7, 0x8000) futex$auto(0x0, 0x85, 0x38, 0x0, 0x0, 0x80800005) r3 = openat$auto_mtd_fops_mtdchar(0xffffffffffffff9c, &(0x7f0000000400)='/dev/mtd0\x00', 0x68082, 0x0) ioctl$auto_BLKPG2(r3, 0x1269, 0x0) open(0x0, 0x621c2, 0x84) syz_genetlink_get_family_id$auto_seg6(0x0, 0xffffffffffffffff) mmap$auto_mtd_fops_mtdchar(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x0, 0x2010, r1, 0x0) mmap$auto(0x0, 0xfffffffffffffffb, 0xdf, 0x9b72, r3, 0x8000) open(&(0x7f0000000100)='.\x00', 0x595082, 0x0) connect$auto(0xffffffffffffffff, 0x0, 0x6) mmap$auto(0x40000000, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0xcca) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) read$auto(r4, 0x0, 0x20) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/neigh/hsr_slave_0/proxy_delay\x00', 0xb6bb41, 0x0) 2.895581731s ago: executing program 1 (id=1042): r0 = socket(0x2, 0x5, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @remote}, 0x6a) sendmmsg$auto(r0, &(0x7f0000000100)={{&(0x7f0000000040), 0x10, &(0x7f00000000c0)={0x0, 0x10000}, 0x7, 0x0, 0x5, 0xb}, 0xfff}, 0x8, 0x311) syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000002740), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) process_vm_readv$auto(0x0, 0x0, 0x1, 0x0, 0x6, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) madvise$auto(0x900000000000000, 0x2003f2, 0x15) ioctl$auto_BLKALIGNOFF(0xffffffffffffffff, 0x127a, 0x0) openat$auto_tracing_err_log_fops_trace(0xffffffffffffff9c, &(0x7f0000000200)='/sys/kernel/debug/tracing/error_log\x00', 0x0, 0x0) ioctl$auto_PPPIOCSMRU(0xffffffffffffffff, 0xc004743e, 0x0) r1 = socket(0x1d, 0x3, 0x1) setsockopt$auto(r1, 0x65, 0x80007, 0x0, 0x6) ioctl$auto_PPPIOCSMAXCID(0xffffffffffffffff, 0x40047451, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0x11, 0x3, 0x9) mbind$auto(0x0, 0x2091d2, 0x4, 0x0, 0x6, 0x2) 2.763256886s ago: executing program 1 (id=1043): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) sendmsg$auto_NL80211_CMD_SET_WIPHY(0xffffffffffffffff, 0x0, 0x20040890) unshare$auto(0x40000080) mmap$auto(0x0, 0x402000d, 0xdf, 0xeb1, 0xffffffffffffffff, 0x8000) openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, 0x0, 0x8f3b7a51b80eb581, 0x0) mmap$auto(0x0, 0x20009, 0x4000000000df, 0xeb1, 0x401, 0x8000) r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A03:00/device:08/adr\x00', 0x0, 0x0) socket(0x2, 0x80002, 0x73) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000180)='/sys/devices/platform/dummy_hcd.0/usb1/power/autosuspend_delay_ms\x00', 0x20461, 0x0) write$auto_kernfs_file_fops_kernfs_internal(r1, 0x0, 0x0) read$auto(r0, 0x0, 0x10001) r2 = openat$auto_proc_fail_nth_operations_base(0xffffffffffffff9c, &(0x7f00000003c0)='/proc/thread-self/fail-nth\x00', 0x802, 0x0) writev$auto(r2, &(0x7f0000000240)={0x0, 0x7}, 0x2) sysfs$auto(0x2, 0x24, 0x0) r3 = openat$auto_ftrace_set_event_fops_trace_events(0xffffffffffffff9c, &(0x7f0000000100)='/sys/kernel/tracing/set_event\x00', 0x20201, 0x0) write$auto(r3, 0x0, 0xaf0) getsockopt$auto(0xffffffffffffffff, 0x29, 0x42, 0x0, 0x0) io_uring_setup$auto(0x386, 0x0) close_range$auto(0x2, 0x8, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) io_uring_setup$auto(0x7, 0x0) openat$auto_fuse_dev_operations_fuse_i(0xffffffffffffff9c, &(0x7f0000001b40)='/dev/cuse\x00', 0x8640, 0x0) readv$auto(0x3, &(0x7f0000000a80)={0x0, 0xffff}, 0x1) preadv$auto(0x3, 0x0, 0x7fff, 0x2, 0x13) close_range$auto(0x2, 0x8, 0x0) socket(0x34, 0x3, 0x3) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/devices/virtual/block/nbd10/queue/zone_append_max_bytes\x00', 0x80, 0x0) 1.743294129s ago: executing program 1 (id=1044): r0 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/kexec_crash_loaded\x00', 0x100, 0x0) read$auto_kernfs_file_fops_kernfs_internal(r0, &(0x7f0000000240)=""/140, 0x8c) openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000300)='/dev/adsp1\x00', 0x2, 0x0) mmap$auto(0x0, 0xe983, 0x80000df, 0xeb1, 0x401, 0x8000) close_range$auto(0x0, 0x5, 0x0) r1 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000100)='/sys/module/libata/parameters/noacpi\x00', 0x0, 0x0) r2 = openat$auto_proc_reg_file_ops_compat_inode(0xffffffffffffff9c, &(0x7f0000000040)='/proc/asound/card0/pcm0p/info\x00', 0x1b04, 0x0) socket(0xa, 0x5, 0x0) fstat$auto(0x2, 0x0) close_range$auto(0x2, 0x8, 0x0) socket(0xa, 0x800, 0x0) open(0x0, 0x22ac0, 0xc1) r3 = socketpair$auto(0x200020, 0x1001, 0x5, 0x0) close_range$auto(r1, 0x8, 0x0) r4 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000000c0), 0x20c00, 0x0) ioctl$auto_KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$auto(r2, 0x4048aec6, r3) r5 = prctl$auto(0x3, 0x9, 0x2008, 0x0, 0x45af) ioctl$auto_OSS_ALSAEMULVER2(r5, 0x80044df9, &(0x7f0000000380)="9d1762cbb7829f8d3fb18591b084d80d92343101f817b4a6e9a9877102c77979621afb68e30cd1a743be112666b11bd27219201d82d566ff59d1b9f5e0eb4dc8e2f56ac8a0bc5866") landlock_restrict_self$auto(r0, 0xfffffffe) mmap$auto(0xc8, 0xe2, 0x0, 0xeb1, r0, 0x2) timer_settime$auto(0xffffffff, 0x9, &(0x7f0000000140)={{0x7, 0x4}, {0x10}}, 0x0) r6 = openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zram0\x00', 0x6e642, 0x0) write$auto(r6, &(0x7f0000000400)='odev/audio1\x00', 0x100000a3d9) r7 = openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/kernel/sched_rt_period_us\x00', 0x101202, 0x0) sendfile$auto(r7, r7, 0x0, 0x8) socket$nl_generic(0x10, 0x3, 0x10) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) keyctl$auto(0x1f, 0x0, 0x0, 0x0, 0x210000) 1.742932321s ago: executing program 3 (id=1045): socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x14, r1, 0x100, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000811) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da06, 0x6, 0x2000000000000102, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) madvise$auto(0x80010002, 0x0, 0x7f9) waitid$auto(0x9, r2, &(0x7f0000000740)={@_si_pad}, 0x100, &(0x7f00000007c0)={{0x3, 0x1}, {0x6, 0x1}, 0x3ff, 0x1, 0xfffffffffffff41c, 0x3ff, 0x0, 0x1ff, 0x3, 0x8, 0x3, 0x1, 0x3a63203e, 0xd, 0x80, 0x9}) wait4$auto(0xffffffffffffffff, &(0x7f0000000880)=0x8000, 0x9, &(0x7f00000008c0)={{0x3, 0xfffffffffffffc01}, {0x0, 0x1}, 0x6, 0x7, 0x200, 0x1, 0x6, 0x3, 0x7fffffff, 0x200, 0x5, 0x323d, 0x80000000, 0x73, 0xffffffff, 0x7fffffffffffffff}) ioctl$auto_NS_GET_TGID_IN_PIDNS(r4, 0x8004b709, &(0x7f0000000980)=0xc) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0x82}, 0x6, 0x0) r6 = getpid() process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0) madvise$auto(0x0, 0x400053, 0x9) close_range$auto(0x2, 0x8, 0x0) 1.426050788s ago: executing program 4 (id=1046): mmap$auto(0x0, 0x40009, 0xdf, 0x9b72, 0x7, 0x28000) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$auto_nl802154(&(0x7f0000000080), 0xffffffffffffffff) mmap$auto(0x0, 0x61, 0x100001000000004, 0xfa31, 0x400, 0x8000) r3 = socket(0xa, 0x1, 0x84) getsockopt$auto(r3, 0x84, 0x10, 0x0, &(0x7f0000000000)=0x7ffe) sendmsg$auto_NL802154_CMD_GET_INTERFACE(r1, &(0x7f0000000300)={0x0, 0xa6, &(0x7f0000000100)={&(0x7f0000000840)={0x14, r2, 0x305, 0x70bd2c, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4004010}, 0x4040008) process_vm_readv$auto(r0, 0x0, 0x1, 0x0, 0x6, 0x0) close_range$auto(0x0, 0xfffffffffffff000, 0x2) eventfd$auto(0x8c) r4 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000000)='/sys/devices/system/memory/memory12/power/control\x00', 0x100, 0x0) r5 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f00000011c0), 0xae00, 0x0) ioctl$auto_KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$auto(0x3, 0x4018aebd, r4) r6 = openat$auto_vmwgfx_driver_fops_vmwgfx_drv(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dri/card2\x00', 0x8000, 0x0) r7 = prctl$auto_PR_SET_MM_BRK(0xffff, 0x7, r0, 0x3, 0x6) close_range$auto(r6, r7, 0x2) close_range$auto(0x2, 0x8, 0x0) 892.550051ms ago: executing program 3 (id=1047): r0 = socket(0x3, 0x5, 0xc3dc) r1 = getpgid(0x0) prctl$auto_SIGCONT(0x4, 0x12, r1, 0x8, 0x0) bind$auto(r0, &(0x7f0000000040)=@nl=@proc={0x10, 0x0, 0x25dfdbff, 0x2}, 0xe) statmount$auto(0x0, &(0x7f00000005c0)={0x0, 0x2, 0x7, 0x5, 0x7, 0x6, 0x10000, 0x1, 0xa, 0x8, 0x6, 0x9, 0x5, 0x4, 0x1ff, 0x2, 0x8, 0x10000, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9], "55f3bd0ae72e22e38504ce0b16c9b02193208f66209b0eff929476da3a1deffd50813c7bfc2ce75701108b9bbcede1420f1603000f1bf163b4ce32fca3383c42a1df07ec16f12c18cd75da9cd01a2645c7b588e0a2e3d26c43fe0da2bc5a5936f4a60d4b9992a97b2282e9fdaee1ed23347fc132e795b31306c37015b97233f1917af51a0974779eacb6bd397fb889522159ddb91ff5a1bd2413"}, 0x800000000006, 0x1000000) openat$auto_regulator_summary_fops_(0xffffffffffffff9c, &(0x7f0000000280), 0x103000, 0x0) bpf$auto(0x12, &(0x7f0000000040)=@link_detach, 0x26) socket(0x2, 0x80802, 0x0) socket(0x2, 0x1, 0x0) setsockopt$auto(0x3, 0x0, 0x4, 0x0, 0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x3, @local}, 0x6d) connect$auto(0x3, &(0x7f0000000080)=@in={0x2, 0x3, @empty}, 0x51) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) ioctl$auto(0x4000000000000c8, 0x400454cc, 0x6f) r2 = openat$auto_vcs_fops_vc_screen(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa1\x00', 0x101041, 0x0) write$auto(r2, &(0x7f0000000000)='/sys/kernel/security/integrity/evm/evm_xattrs\x00', 0x9) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) close_range$auto(0x0, 0xfffffffffffff000, 0x0) pidfd_open$auto(0x1, 0x0) lstat$auto(0x0, &(0x7f0000000180)={0x0, 0x9, 0x6, 0x63, 0x0, 0xee01, 0x0, 0x8, 0x1ff, 0x40000002, 0x40000402, 0x9, 0x9, 0x2, 0x9, 0x6, 0x200000100103}) sendmsg$auto_OVS_DP_CMD_NEW(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYRES32, @ANYRES16=0x0, @ANYBLOB="0f"], 0x24}, 0x1, 0x0, 0x0, 0x20000800}, 0x4) close_range$auto(0x2, 0x8, 0x0) 774.354688ms ago: executing program 4 (id=1048): socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x14, r1, 0x100, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000811) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da06, 0x6, 0x2000000000000102, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) madvise$auto(0x80010002, 0x0, 0x7f9) waitid$auto(0x9, r2, &(0x7f0000000740)={@_si_pad}, 0x100, &(0x7f00000007c0)={{0x3, 0x1}, {0x6, 0x1}, 0x3ff, 0x1, 0xfffffffffffff41c, 0x3ff, 0x0, 0x1ff, 0x3, 0x8, 0x3, 0x1, 0x3a63203e, 0xd, 0x80, 0x9}) wait4$auto(0xffffffffffffffff, &(0x7f0000000880)=0x8000, 0x9, &(0x7f00000008c0)={{0x3, 0xfffffffffffffc01}, {0x0, 0x1}, 0x6, 0x7, 0x200, 0x1, 0x6, 0x3, 0x7fffffff, 0x200, 0x5, 0x323d, 0x80000000, 0x73, 0xffffffff, 0x7fffffffffffffff}) ioctl$auto_NS_GET_TGID_IN_PIDNS(r4, 0x8004b709, &(0x7f0000000980)=0xc) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0x82}, 0x6, 0x0) r6 = getpid() process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0) madvise$auto(0x0, 0x400053, 0x9) close_range$auto(0x2, 0x8, 0x0) 498.091539ms ago: executing program 1 (id=1049): socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) mmap$auto(0x0, 0xe983, 0xdf, 0xeb1, 0x401, 0x8000) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x14, r1, 0x100, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000811) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da06, 0x6, 0x2000000000000102, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) madvise$auto(0x80010002, 0x0, 0x7f9) waitid$auto(0x9, r2, &(0x7f0000000740)={@_si_pad}, 0x100, &(0x7f00000007c0)={{0x3, 0x1}, {0x6, 0x1}, 0x3ff, 0x1, 0xfffffffffffff41c, 0x3ff, 0x0, 0x1ff, 0x3, 0x8, 0x3, 0x1, 0x3a63203e, 0xd, 0x80, 0x9}) wait4$auto(0xffffffffffffffff, &(0x7f0000000880)=0x8000, 0x9, &(0x7f00000008c0)={{0x3, 0xfffffffffffffc01}, {0x0, 0x1}, 0x6, 0x7, 0x200, 0x1, 0x6, 0x3, 0x7fffffff, 0x200, 0x5, 0x323d, 0x80000000, 0x73, 0xffffffff, 0x7fffffffffffffff}) ioctl$auto_NS_GET_TGID_IN_PIDNS(r4, 0x8004b709, &(0x7f0000000980)=0xc) r5 = getpid() process_vm_readv$auto(r5, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0x82}, 0x6, 0x0) r6 = getpid() process_vm_readv$auto(r6, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0) madvise$auto(0x0, 0x400053, 0x9) close_range$auto(0x2, 0x8, 0x0) 392.160818ms ago: executing program 0 (id=1050): r0 = openat$auto_kvm_chardev_ops_kvm_main(0xffffffffffffff9c, &(0x7f0000000140), 0x1880, 0x0) ioctl$auto_KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$auto_snapshot_fops_user(0xffffffffffffff9c, &(0x7f0000000140), 0x180b03, 0x0) ioctl$auto_SNAPSHOT_ALLOC_SWAP_PAGE(r1, 0x80083314, 0x0) mmap$auto(0x0, 0x2020009, 0x0, 0xeb1, 0xfffffffffffffffa, 0x8000) unshare$auto(0x40000080) mmap$auto(0x0, 0x2020009, 0x3, 0xf8, 0xfffffffffffffffa, 0x8000) r2 = openat$auto_tomoyo_operations_securityfs_if(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/security/tomoyo/stat\x00', 0x40802, 0x0) read$auto(r2, 0x0, 0x100000001) r3 = io_uring_setup$auto(0x2, 0x0) close_range$auto(0x2, 0xa, 0x0) openat$auto_media_devnode_fops_mc_devnode(0xffffffffffffff9c, &(0x7f0000000040)='/dev/media11\x00', 0x40, 0x0) ioctl$auto_BTRFS_IOC_TREE_SEARCH(r3, 0x7c80, 0x0) openat$auto_def_blk_fops_fs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nullb0\x00', 0x14be02, 0x0) openat$auto_dvb_demux_fops_dmxdev(0xffffffffffffff9c, &(0x7f0000000000), 0x40200, 0x0) socketpair$auto(0x1e, 0x1, 0x8000000000000000, 0x0) r4 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r4, &(0x7f0000000180)='/Eev/audio1\x00VI\xa3\xaa\xb1;\x9dJ\xc6\xc0\'\xdbV\xd4\xee\xc2\xdd\xa7\xee$\x8d\xc4\xe9d\x03\rF\xec\xb8\xb1Z|\xffGP\x97)\xcf\a\xfb\\n\x89C:\x84D\x1du\xb4\x9ab\xce\xa7tU\x14w\xb4\x14\x1dU\x9d\x8b\xa4U\x953.O\xab\"4\x8a\xbbY8\xa6\xb6\xaa\x96/OX\xba\x02\xc5\xc6B\x1d}Y\xbc@Z5`\xa4m\xffb\x17\xbb\x7f\xea4*\xa4\xf4\xb4\x90\xc0\xbf\xd4m\xbf\xc7\x15\xbe\x01\x98\xd7lD\x97)}\xfaK\xdf\xd6f\xb8&\x959-\n\xccWw\xe2\x9cK\fE\a\xca\xd36\xe8', 0x100000a3d6) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0xfffffffffffffffb, 0x1, 0x4, 0x3, 0x3, 0x6, 0xffffffffffffffff, 0x3, 0x8000000000400000, 0x3, 0x6d3c, 0x3, 0x5, 0x8000000000000006]}, 0x0) r5 = openat$auto_evdev_fops_evdev(0xffffffffffffff9c, &(0x7f0000002f00)='/dev/input/event0\x00', 0x200, 0x0) r6 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000040)='/sys/devices/msr/perf_event_mux_interval_ms\x00', 0x982, 0x0) sendfile$auto(r6, r6, 0x0, 0x3) ioctl$auto_EVIOCGEFFECTS(r5, 0x80044584, &(0x7f0000002f40)=0x2) mmap$auto(0x20000000000000, 0x8, 0x2, 0x9b72, 0x5, 0x0) socket(0xa, 0x801, 0x106) setsockopt$auto(0x3, 0x1, 0x45, 0x0, 0x9) openat$auto_tty_fops_tty_io(0xffffffffffffff9c, 0x0, 0x300c00, 0x0) mmap$auto(0x0, 0x400008, 0xdf, 0x9b72, 0x2, 0x8000) 299.016617ms ago: executing program 4 (id=1051): socket(0x10, 0x3, 0x6) syz_genetlink_get_family_id$auto_netdev(&(0x7f0000000000), 0xffffffffffffffff) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) socket(0xa, 0x5, 0x0) mmap$auto(0x0, 0x8, 0xdf, 0x9b72, 0x2, 0x8000) openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, 0x0, 0xe2842, 0x0) close_range$auto(0x2, 0x8, 0x0) r0 = socket(0x2, 0x80802, 0x0) r1 = socket(0x2b, 0x1, 0x0) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) sysinfo$auto(0x0) bind$auto(0x3, &(0x7f0000000040)=@in={0x2, 0x4e22, @loopback}, 0x6a) sendmmsg$auto(r1, &(0x7f0000000140)={{&(0x7f0000000040), 0x10, 0x0, 0x9, 0x0, 0x1f, 0x9}, 0x800009}, 0x7, 0x20000000) setsockopt$auto(0x3, 0x1, 0x2f, 0x0, 0x9) setsockopt$auto(r0, 0x1, 0x100, 0x0, 0x9) write$auto(0x3, 0x0, 0xfffffdef) recvfrom$auto(0x3, 0x0, 0x800000000e, 0x100, 0x0, 0xfffffffffffffffd) mmap$auto(0x0, 0x2020009, 0x8000000003, 0xeb1, 0xfffffffffffffffa, 0x8000) socketpair$auto(0x1, 0x2, 0x8000000000000000, 0x0) setsockopt$auto(0x3, 0x1, 0x10, 0x0, 0x9) io_uring_setup$auto(0x1, 0x0) connect$auto(0x3, 0x0, 0x55) connect$auto(0x3, 0x0, 0x55) listen$auto(0x3, 0x81) pwrite64$auto(0xc8, &(0x7f0000000180)='\vX\xb5n\x91p\xe6\x1eRN8\x99\x86\xdde\x1cJ\x99\x00\t/\x00\x00\x00\xfd\xfdX\xd3\x1d\xf8\xbebZ\xddL\x01\x00\x00\x00^\x0fo\x84\xfc\x89\v\xea\x1b\x95\xafQ;CL\"\x01\x88\v\xae\xa9i8W\xe5\x00!\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#)\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd0\xbdn\x1d\x00\xeb]B\xa0\x99/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xa6\xf2\xc1\"\xact\xee\xc9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00v\xd9\xe5H.-\x14\xee\xbc\xae\xe1\x85\xb2b\xd42\x89\x05e\x03z\xe6q\xcd\x91\tM\xd2\x90\xc91\xd9\x86\xe4\x8e\x0fI\xf0b2\nfa\xb8\x1a\xdb\xaa0P\xca\xb2W\xe3\x14\xb9Cx\x0e4\xc9\xb4\xdc4\xe3\x8f\x1c\xa5\x89\x8d\x84V\x97dg \x9f\xcd\x8fA\x16\x01\xc5.\x7fG\x86L\xa4\xd6h\xea\x11x\xce\x96t\xc7~# )\x8c6\x06\xd7\xfcu\x8c{t\xa5\x92JW\x8b\xb3Oj%\xb5H\x91F\x1b\x01\xef\x0e\xc5\xac\xcfK\xd5\x98\xce\xd6?\t\xa8\xb7\xce\x87\xdb\xb0\xaa\x8al8qF\re\xa7\xda\x1f\x9ad\b!\xddBD\xd9', 0x3f, 0x200001000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) r2 = socket(0xa, 0x3, 0x8) getsockopt$auto(r2, 0x3a, 0x1, 0x0, 0x0) connect$auto(0x3, 0x0, 0x55) shutdown$auto(0x200000003, 0x2) 164.472863ms ago: executing program 3 (id=1052): socket(0x2, 0x1, 0x0) socket(0x2, 0x1, 0x106) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xfffffffffffffffa, 0x8000) mmap$auto(0x0, 0x2020009, 0x3, 0xeb1, 0xffffffffffffffff, 0x8000) r0 = socketpair$auto(0xb, 0xd, 0x808e8, 0x0) madvise$auto(0x0, 0xffffffffffff0005, 0x19) r1 = syz_genetlink_get_family_id$auto_mac80211_hwsim(&(0x7f0000000180), r0) sendmsg$auto_HWSIM_CMD_NEW_RADIO(r0, &(0x7f0000000680)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)={0x14, r1, 0x100, 0x70bd28, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0xc000}, 0x4000811) madvise$auto(0x0, 0x400053, 0x9) openat$auto_proc_sys_file_operations_proc_sysctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = io_uring_setup$auto(0x6, 0x0) r3 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) openat$auto_ppp_device_fops_ppp_generic(0xffffffffffffff9c, &(0x7f0000000080), 0x80080, 0x0) poll$auto(&(0x7f0000000040)={0x3, 0x1, 0xa}, 0x5, 0x108) openat$auto_posix_clock_file_operations_posix_clock(0xffffffffffffff9c, &(0x7f0000000000), 0xc0402, 0x0) r5 = openat$auto_ucma_fops_ucma(0xffffffffffffff9c, &(0x7f0000000140), 0x20, 0x0) write$auto(r3, &(0x7f0000000400)='/dev/audio1\x00', 0x100000a3d9) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da06, 0x6, 0x2000000000000102, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) madvise$auto(0x80010002, 0x0, 0x7f9) r6 = waitid$auto(0x9, r2, &(0x7f0000000740)={@_si_pad}, 0x100, &(0x7f00000007c0)={{0x3, 0x1}, {0x6, 0x1}, 0x3ff, 0x1, 0xfffffffffffff41c, 0x3ff, 0x0, 0x1ff, 0x3, 0x8, 0x3, 0x1, 0x3a63203e, 0xd, 0x80, 0x9}) r7 = wait4$auto(0xffffffffffffffff, &(0x7f0000000880)=0x8000, 0x9, &(0x7f00000008c0)={{0x3, 0xfffffffffffffc01}, {0x0, 0x1}, 0x6, 0x7, 0x200, 0x1, 0x6, 0x3, 0x7fffffff, 0x200, 0x5, 0x323d, 0x80000000, 0x73, 0xffffffff, 0x7fffffffffffffff}) r8 = ioctl$auto_NS_GET_TGID_IN_PIDNS(r4, 0x8004b709, &(0x7f0000000980)=0xc) r9 = getpid() process_vm_readv$auto(r9, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={0x0, 0x82}, 0x6, 0x0) r10 = getpid() process_vm_readv$auto(r10, &(0x7f0000000000)={0x0, 0xfff}, 0x1, &(0x7f0000000280)={&(0x7f0000000040), 0xffffffff}, 0x6, 0x0) syz_clone3(&(0x7f0000000a00)={0x8000000, &(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240), {0x40}, &(0x7f0000000340)=""/75, 0x4b, &(0x7f00000006c0)=""/124, &(0x7f00000009c0)=[0x0, 0x0, r6, r7, r8, r9, 0xffffffffffffffff, r10], 0x8, {r5}}, 0x58) madvise$auto(0x0, 0x400053, 0x9) close_range$auto(0x2, 0x8, 0x0) 0s ago: executing program 1 (id=1053): close_range$auto(0x2, 0x8, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/tty27\x00', 0x103e81, 0x0) ioctl$auto_TCSBRKP2(r0, 0x5425, 0x0) r1 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000400)='/dev/ttyS2\x00', 0x103e81, 0x0) recvfrom$auto(r0, &(0x7f0000000200), 0x4, 0x10001, 0x0, &(0x7f0000000480)=0xc) ioctl$auto_TCSBRKP2(r1, 0x5425, 0x0) r2 = openat$auto_snd_pcm_oss_f_reg_pcm_oss(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dsp\x00', 0x20342, 0x0) ioctl$auto_SNDCTL_DSP_SETTRIGGER(r2, 0x40045010, &(0x7f0000000040)) r3 = openat$auto_kernfs_file_fops_kernfs_internal(0xffffffffffffff9c, &(0x7f0000000080)='/sys/devices/virtual/workqueue/cpumask\x00', 0x2, 0x0) write$auto(r3, &(0x7f0000000180)='1\x00\\\xa0\x04|\x9d$\xdcM)\xb9\xdd\xd6', 0x5) mmap$auto(0x80000000000000, 0x810004, 0xffb, 0x8000000008011, 0x3, 0x0) r4 = socket(0xa, 0x1, 0x84) pwrite64$auto(0xc8, &(0x7f0000000340)='\vX\xc9\xb3\xbc\x8c\x1dga08\x90\x86\xdde\x1cJ\x99\x00\x11:\x14\x1a\xd3\xd3\x1d\xf8\xbebZ\xddL\'\x03\xf1`\x9f\x1e\xfe\x80\x12\x00\x00\x00\x00\x00\x0fo\x84\xfc\x89\x01\x97.\x03\x11\xc1\xbaS\x1c\x0e\xa4\xdf\xdav\x1cC\x8a\xeeq\xf0\xcdr\xfa\xa2@X\xb9_\xdd*\xd1\x14^\xbe\xa2E\xd8?\'\x8dg\x81K*&\xab\xaf\x94\x90\xd7\xa6+,\xc3\xc2g\x01JZ\xbb*\xb5\xa1;0\x81\x11\x9a?g`sFh\x00\x00,,\x93\xba\x88\x93\xc6#\xe5\xaae\x9d\xb6\x1a\x7f\xc0%\xb0\rfOJ+\x02\x9b#\x1c\x9b\x17\x82\xd7\xee\xd1\xbf2[\xd8\xbdn\x1d\x00\xeb]B\xa0\x99\xb0R\xb4J}\xa8\xa1\x84]F\xe0\x83/\xc0\xd8\x05f_\xfa\x19\a\x00\xf1\x12lwU&[\xde?\xde8\xf7\xc1\xaf\n1t\xee\xc9:\xcfE\x87Z&i\xd4\x00\x00\x00\x00\x00', 0xedef, 0x3) accept$auto(r4, 0x0, 0x0) setsockopt$auto(0x3, 0x10f, 0x8a, 0x0, 0x14) r5 = openat$auto_snd_rawmidi_f_ops_rawmidi(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/snd/midiC2D0\x00', 0x1, 0x0) prctl$auto(0x3e, 0x1, 0x0, 0x1, 0x0) write$auto(r5, &(0x7f0000000080)='/dev/\x0e?^\xd8[\xa1~\xf5\xdfaudio1\x00\x11I\x9f\xabA\a\x1c\xc4\x06\xde@z\xe0\xf9\xc3R\"\x06a\xa7\xe5\x03\x00\x00', 0x100000a3d9) r6 = openat$auto_tty_fops_tty_io(0xffffffffffffff9c, &(0x7f0000000540)='/dev/tty45\x00', 0x201, 0x0) write$auto_tty_fops_tty_io(r6, 0x0, 0x0) select$auto(0x9, 0x0, 0x0, &(0x7f00000002c0)={[0x1ff, 0x7, 0x3, 0x1, 0x9488, 0x9, 0x15f4da07, 0x6, 0x4, 0x64, 0x80000020, 0x1000, 0xb, 0x9, 0x2, 0xd8]}, 0x0) select$auto(0xe, 0x0, 0x0, &(0x7f00000002c0)={[0x8000000000001fd, 0x20000000007, 0x4, 0x1000000000000bbf, 0x7ff, 0x3, 0xff, 0x10001, 0x1, 0x3, 0x8001, 0xfffffffffffffffe, 0x80000000, 0x335b0ef1, 0xffffdfffffffff81, 0x4]}, 0x0) kernel console output (not intermixed with test programs): 123.700805][ T6358] do_syscall_64+0x10b/0xf80 [ 123.700849][ T6358] ? clear_bhb_loop+0x40/0x90 [ 123.700884][ T6358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 123.700912][ T6358] RIP: 0033:0x7f846879ce59 [ 123.700938][ T6358] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 123.700969][ T6358] RSP: 002b:00007f84669b40e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 123.700995][ T6358] RAX: ffffffffffffffda RBX: 00007f8468a16188 RCX: 00007f846879ce59 [ 123.701013][ T6358] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007f8468a1618c [ 123.701031][ T6358] RBP: 00007f8468a16180 R08: 0000000000000001 R09: 0000000000000000 [ 123.701048][ T6358] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 123.701066][ T6358] R13: 00007f8468a16218 R14: 00007fff2a6bcca0 R15: 00007fff2a6bcd88 [ 123.701103][ T6358] [ 126.340183][ T6381] netlink: 338 bytes leftover after parsing attributes in process `syz.1.127'. [ 126.402184][ T6377] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 126.423221][ T6386] netlink: 338 bytes leftover after parsing attributes in process `syz.1.127'. [ 126.461122][ T6377] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 126.482529][ T6377] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 126.499503][ T6377] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 127.912248][ T5628] Bluetooth: hci0: command 0x0c1a tx timeout [ 128.481793][ T5628] Bluetooth: hci1: command 0x0c1a tx timeout [ 128.552092][ T5628] Bluetooth: hci3: command 0x0c1a tx timeout [ 128.552132][ T5628] Bluetooth: hci2: command 0x0c1a tx timeout syzkaller syzkaller login: [ 130.231107][ T6431] netlink: 206 bytes leftover after parsing attributes in process `syz.0.139'. [ 132.635395][ T6458] can: request_module (can-proto-0) failed. [ 132.796593][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.803773][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.210271][ T6471] netlink: 338 bytes leftover after parsing attributes in process `syz.2.143'. [ 133.455162][ T6472] netlink: 338 bytes leftover after parsing attributes in process `syz.2.143'. [ 134.514862][ T6475] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 134.576706][ T6475] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 134.651129][ T6475] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 134.709885][ T6475] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 136.140888][ T6497] netlink: 342 bytes leftover after parsing attributes in process `syz.2.154'. [ 136.225598][ T6497] netlink: 342 bytes leftover after parsing attributes in process `syz.2.154'. [ 136.298065][ T6497] netlink: 4 bytes leftover after parsing attributes in process `syz.2.154'. [ 136.556013][ T5628] Bluetooth: hci0: command 0x0c1a tx timeout [ 136.636435][ T5628] Bluetooth: hci1: command 0x0c1a tx timeout [ 136.654598][ T6505] FAULT_INJECTION: forcing a failure. [ 136.654598][ T6505] name fail_futex, interval 1, probability 0, space 0, times 0 [ 136.716166][ T5641] Bluetooth: hci2: command 0x0c1a tx timeout [ 136.722251][ T5628] Bluetooth: hci3: command 0x0c1a tx timeout [ 136.742055][ T6505] CPU: 1 UID: 0 PID: 6505 Comm: syz.1.153 Tainted: G L syzkaller #0 PREEMPT(full) [ 136.742101][ T6505] Tainted: [L]=SOFTLOCKUP [ 136.742111][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 136.742127][ T6505] Call Trace: [ 136.742136][ T6505] [ 136.742147][ T6505] dump_stack_lvl+0x100/0x190 [ 136.742184][ T6505] should_fail_ex.cold+0x5/0xa [ 136.742221][ T6505] get_futex_key+0x1d2/0x1510 [ 136.742256][ T6505] ? __pfx_get_futex_key+0x10/0x10 [ 136.742281][ T6505] ? futex_hash+0x2ad/0x370 [ 136.742312][ T6505] ? futex_hash+0x141/0x370 [ 136.742344][ T6505] futex_wake+0xea/0x530 [ 136.742384][ T6505] ? __pfx_futex_wake+0x10/0x10 [ 136.742424][ T6505] ? find_held_lock+0x2b/0x80 [ 136.742460][ T6505] ? do_sys_openat2+0x1b4/0x1e0 [ 136.742510][ T6505] do_futex+0x32b/0x350 [ 136.742541][ T6505] ? __pfx_do_futex+0x10/0x10 [ 136.742582][ T6505] __x64_sys_futex+0x34f/0x4d0 [ 136.742616][ T6505] ? fdget_pos+0x2c0/0x380 [ 136.742673][ T6505] ? __pfx___x64_sys_futex+0x10/0x10 [ 136.742704][ T6505] ? ksys_write+0x1ac/0x250 [ 136.742737][ T6505] ? __pfx_ksys_write+0x10/0x10 [ 136.742772][ T6505] ? rcu_is_watching+0x12/0xc0 [ 136.742811][ T6505] do_syscall_64+0x10b/0xf80 [ 136.742853][ T6505] ? clear_bhb_loop+0x40/0x90 [ 136.742888][ T6505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.742917][ T6505] RIP: 0033:0x7fd1a4d9ce59 [ 136.742940][ T6505] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 136.742966][ T6505] RSP: 002b:00007fd1a5b930e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 136.742995][ T6505] RAX: ffffffffffffffda RBX: 00007fd1a5016188 RCX: 00007fd1a4d9ce59 [ 136.743012][ T6505] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fd1a501618c [ 136.743028][ T6505] RBP: 00007fd1a5016180 R08: 0000000000000001 R09: 0000000000000000 [ 136.743043][ T6505] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 136.743059][ T6505] R13: 00007fd1a5016218 R14: 00007ffcf9611070 R15: 00007ffcf9611158 [ 136.743094][ T6505] [ 138.491524][ T6529] FAULT_INJECTION: forcing a failure. [ 138.491524][ T6529] name failslab, interval 1, probability 0, space 0, times 0 [ 138.535246][ T6529] CPU: 0 UID: 0 PID: 6529 Comm: syz.1.163 Tainted: G L syzkaller #0 PREEMPT(full) [ 138.535292][ T6529] Tainted: [L]=SOFTLOCKUP [ 138.535302][ T6529] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 138.535319][ T6529] Call Trace: [ 138.535328][ T6529] [ 138.535338][ T6529] dump_stack_lvl+0x100/0x190 [ 138.535375][ T6529] should_fail_ex.cold+0x5/0xa [ 138.535412][ T6529] should_failslab+0xc2/0x120 [ 138.535446][ T6529] __kmalloc_cache_noprof+0x7a/0x6f0 [ 138.535488][ T6529] ? vb2_vmalloc_alloc+0xf9/0x410 [ 138.535523][ T6529] ? trace_kmalloc+0xe3/0x110 [ 138.535556][ T6529] ? __kasan_kmalloc+0xaa/0xb0 [ 138.535590][ T6529] vb2_vmalloc_alloc+0xf9/0x410 [ 138.535630][ T6529] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 138.535670][ T6529] __vb2_queue_alloc+0x8d5/0x1160 [ 138.535725][ T6529] vb2_core_reqbufs+0x899/0xf30 [ 138.535777][ T6529] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 138.535835][ T6529] __vb2_init_fileio+0x32d/0x1000 [ 138.535872][ T6529] ? aa_file_perm+0x7f3/0x14d0 [ 138.535918][ T6529] __vb2_perform_fileio+0x91e/0x1380 [ 138.535969][ T6529] ? __pfx___vb2_perform_fileio+0x10/0x10 [ 138.536006][ T6529] ? __pfx___might_resched+0x10/0x10 [ 138.536038][ T6529] ? futex_hash+0x141/0x370 [ 138.536073][ T6529] vb2_fop_read+0x211/0x520 [ 138.536112][ T6529] v4l2_read+0x229/0x2c0 [ 138.536141][ T6529] ? __pfx_v4l2_read+0x10/0x10 [ 138.536172][ T6529] vfs_read+0x1e4/0xb30 [ 138.536209][ T6529] ? __pfx_vfs_read+0x10/0x10 [ 138.536238][ T6529] ? find_held_lock+0x2b/0x80 [ 138.536278][ T6529] ? __fget_files+0x215/0x3d0 [ 138.536310][ T6529] ? __fget_files+0x215/0x3d0 [ 138.536349][ T6529] ? __fget_files+0x21f/0x3d0 [ 138.536392][ T6529] ksys_read+0x12a/0x250 [ 138.536423][ T6529] ? __pfx_ksys_read+0x10/0x10 [ 138.536458][ T6529] ? rcu_is_watching+0x12/0xc0 [ 138.536497][ T6529] do_syscall_64+0x10b/0xf80 [ 138.536539][ T6529] ? clear_bhb_loop+0x40/0x90 [ 138.536574][ T6529] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 138.536602][ T6529] RIP: 0033:0x7fd1a4d9ce59 [ 138.536628][ T6529] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 138.536655][ T6529] RSP: 002b:00007fd1a5bd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 138.536683][ T6529] RAX: ffffffffffffffda RBX: 00007fd1a5015fa0 RCX: 00007fd1a4d9ce59 [ 138.536700][ T6529] RDX: 0000000000000028 RSI: 0000200000000280 RDI: 0000000000000005 [ 138.536716][ T6529] RBP: 00007fd1a4e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 138.536740][ T6529] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 138.536757][ T6529] R13: 00007fd1a5016038 R14: 00007fd1a5015fa0 R15: 00007ffcf9611158 [ 138.536795][ T6529] [ 140.599136][ T6549] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 140.701829][ T6549] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 140.728427][ T6549] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 140.744337][ T6549] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 141.000638][ T6564] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 141.287154][ T6573] FAULT_INJECTION: forcing a failure. [ 141.287154][ T6573] name fail_futex, interval 1, probability 0, space 0, times 0 [ 141.349203][ T6575] overlayfs: missing 'lowerdir' [ 141.362273][ T6573] CPU: 1 UID: 0 PID: 6573 Comm: syz.3.171 Tainted: G L syzkaller #0 PREEMPT(full) [ 141.362315][ T6573] Tainted: [L]=SOFTLOCKUP [ 141.362324][ T6573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 141.362337][ T6573] Call Trace: [ 141.362345][ T6573] [ 141.362355][ T6573] dump_stack_lvl+0x100/0x190 [ 141.362386][ T6573] should_fail_ex.cold+0x5/0xa [ 141.362416][ T6573] get_futex_key+0x1d2/0x1510 [ 141.362443][ T6573] ? __pfx_get_futex_key+0x10/0x10 [ 141.362464][ T6573] ? futex_hash+0x2ad/0x370 [ 141.362489][ T6573] ? futex_hash+0x141/0x370 [ 141.362516][ T6573] futex_wake+0xea/0x530 [ 141.362549][ T6573] ? __pfx_futex_wake+0x10/0x10 [ 141.362581][ T6573] ? find_held_lock+0x2b/0x80 [ 141.362610][ T6573] ? do_sys_openat2+0x1b4/0x1e0 [ 141.362652][ T6573] do_futex+0x32b/0x350 [ 141.362677][ T6573] ? __pfx_do_futex+0x10/0x10 [ 141.362710][ T6573] __x64_sys_futex+0x34f/0x4d0 [ 141.362737][ T6573] ? fdget_pos+0x2c0/0x380 [ 141.362766][ T6573] ? __pfx___x64_sys_futex+0x10/0x10 [ 141.362791][ T6573] ? ksys_write+0x1ac/0x250 [ 141.362817][ T6573] ? __pfx_ksys_write+0x10/0x10 [ 141.362846][ T6573] ? rcu_is_watching+0x12/0xc0 [ 141.362878][ T6573] do_syscall_64+0x10b/0xf80 [ 141.362913][ T6573] ? clear_bhb_loop+0x40/0x90 [ 141.362943][ T6573] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.362967][ T6573] RIP: 0033:0x7fad8879ce59 [ 141.362986][ T6573] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 141.363008][ T6573] RSP: 002b:00007fad869f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 141.363034][ T6573] RAX: ffffffffffffffda RBX: 00007fad88a16188 RCX: 00007fad8879ce59 [ 141.363050][ T6573] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007fad88a1618c [ 141.363065][ T6573] RBP: 00007fad88a16180 R08: 0000000000000001 R09: 0000000000000000 [ 141.363079][ T6573] R10: ffffffffffffffff R11: 0000000000000246 R12: 0000000000000000 [ 141.363094][ T6573] R13: 00007fad88a16218 R14: 00007ffdb4f867b0 R15: 00007ffdb4f86898 [ 141.363125][ T6573] [ 141.838606][ T5628] Bluetooth: hci0: command 0x0c1a tx timeout [ 142.426975][ T6587] netlink: 330 bytes leftover after parsing attributes in process `syz.2.176'. [ 142.465847][ T6587] : renamed from bond_slave_0 [ 142.482958][ T6587] netlink: 330 bytes leftover after parsing attributes in process `syz.2.176'. [ 142.595340][ T6593] ubi0: attaching mtd0 [ 142.686259][ T6593] ubi0: scanning is finished [ 142.720710][ T5628] Bluetooth: hci1: command 0x0c1a tx timeout [ 142.799101][ T5628] Bluetooth: hci3: command 0x0c1a tx timeout [ 142.800557][ T5641] Bluetooth: hci2: command 0x0c1a tx timeout [ 143.063471][ T6593] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 143.096507][ T6593] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 143.123540][ T6593] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 143.142976][ T6593] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 143.168057][ T6593] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 143.185353][ T6593] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 143.201371][ T6593] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3413360672 [ 143.219373][ T6593] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 143.237063][ T6606] ubi0: detaching mtd0 [ 143.238627][ T6609] ubi0: background thread "ubi_bgt0d" started, PID 6609 [ 143.299335][ T6606] ubi0: mtd0 is detached [ 144.050980][ T6618] netlink: 330 bytes leftover after parsing attributes in process `syz.2.180'. [ 144.179926][ T6618] netlink: 330 bytes leftover after parsing attributes in process `syz.2.180'. [ 145.151920][ T6620] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 145.172960][ T6620] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 145.187796][ T6620] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 145.208140][ T6620] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 145.873823][ T6638] futex_wake_op: syz.0.187 tries to shift op by -2048; fix this program [ 146.258361][ T6646] overlayfs: missing 'lowerdir' [ 146.480810][ T5641] Bluetooth: hci0: command 0x0c1a tx timeout [ 146.757140][ T6653] FAULT_INJECTION: forcing a failure. [ 146.757140][ T6653] name failslab, interval 1, probability 0, space 0, times 0 [ 147.029184][ T6653] CPU: 1 UID: 0 PID: 6653 Comm: syz.0.188 Tainted: G L syzkaller #0 PREEMPT(full) [ 147.029230][ T6653] Tainted: [L]=SOFTLOCKUP [ 147.029239][ T6653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 147.029255][ T6653] Call Trace: [ 147.029264][ T6653] [ 147.029275][ T6653] dump_stack_lvl+0x100/0x190 [ 147.029311][ T6653] should_fail_ex.cold+0x5/0xa [ 147.029348][ T6653] should_failslab+0xc2/0x120 [ 147.029382][ T6653] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 147.029422][ T6653] ? __kernfs_new_node+0xd2/0x9f0 [ 147.029438][ T6653] ? __pfx_try_to_wake_up+0x10/0x10 [ 147.029461][ T6653] __kernfs_new_node+0xd2/0x9f0 [ 147.029478][ T6653] ? wake_up_q+0xae/0x130 [ 147.029495][ T6653] ? __pfx___kernfs_new_node+0x10/0x10 [ 147.029516][ T6653] ? find_held_lock+0x2b/0x80 [ 147.029534][ T6653] ? kernfs_root+0xee/0x2a0 [ 147.029549][ T6653] ? kernfs_root+0xee/0x2a0 [ 147.029580][ T6653] kernfs_new_node+0x11b/0x1a0 [ 147.029614][ T6653] __kernfs_create_file+0x53/0x350 [ 147.029638][ T6653] sysfs_add_file_mode_ns+0x207/0x3c0 [ 147.029658][ T6653] sysfs_merge_group+0x194/0x340 [ 147.029676][ T6653] ? __pfx_sysfs_merge_group+0x10/0x10 [ 147.029692][ T6653] ? bus_add_device+0x368/0x6b0 [ 147.029708][ T6653] ? __pfx_bus_add_device+0x10/0x10 [ 147.029721][ T6653] ? __pfx_dev_add_physical_location+0x10/0x10 [ 147.029746][ T6653] dpm_sysfs_add+0x237/0x280 [ 147.029767][ T6653] device_add+0x9ef/0x1950 [ 147.029797][ T6653] ? __pfx_device_add+0x10/0x10 [ 147.029816][ T6653] ? lockdep_init_map_type+0x5c/0x250 [ 147.029832][ T6653] ? __init_waitqueue_head+0xca/0x150 [ 147.029855][ T6653] rfkill_register+0x1ad/0xb30 [ 147.029877][ T6653] nfc_register_device+0x11f/0x3e0 [ 147.029901][ T6653] nci_register_device+0x7f1/0xb80 [ 147.029920][ T6653] ? __pfx_nci_register_device+0x10/0x10 [ 147.029941][ T6653] ? lockdep_init_map_type+0x5c/0x250 [ 147.029959][ T6653] virtual_ncidev_open+0x141/0x220 [ 147.029982][ T6653] ? __pfx_virtual_ncidev_open+0x10/0x10 [ 147.030004][ T6653] misc_open+0x26d/0x450 [ 147.030023][ T6653] ? __pfx_misc_open+0x10/0x10 [ 147.030044][ T6653] chrdev_open+0x234/0x6a0 [ 147.030062][ T6653] ? __pfx_apparmor_file_open+0x10/0x10 [ 147.030078][ T6653] ? __pfx_chrdev_open+0x10/0x10 [ 147.030097][ T6653] ? fsnotify_open_perm_and_set_mode+0x17a/0xa80 [ 147.030120][ T6653] do_dentry_open+0x6d8/0x1660 [ 147.030141][ T6653] ? __pfx_chrdev_open+0x10/0x10 [ 147.030164][ T6653] vfs_open+0x82/0x3f0 [ 147.030186][ T6653] path_openat+0x208c/0x31a0 [ 147.030211][ T6653] ? __pfx_path_openat+0x10/0x10 [ 147.030238][ T6653] do_file_open+0x20e/0x430 [ 147.030258][ T6653] ? __pfx_do_file_open+0x10/0x10 [ 147.030290][ T6653] ? alloc_fd+0x476/0x790 [ 147.030310][ T6653] ? do_getname+0x191/0x390 [ 147.030332][ T6653] do_sys_openat2+0x10d/0x1e0 [ 147.030354][ T6653] ? __pfx_do_sys_openat2+0x10/0x10 [ 147.030377][ T6653] ? __fget_files+0x21f/0x3d0 [ 147.030398][ T6653] __x64_sys_openat+0x12d/0x210 [ 147.030420][ T6653] ? __pfx___x64_sys_openat+0x10/0x10 [ 147.030446][ T6653] ? rcu_is_watching+0x12/0xc0 [ 147.030466][ T6653] do_syscall_64+0x10b/0xf80 [ 147.030487][ T6653] ? clear_bhb_loop+0x40/0x90 [ 147.030505][ T6653] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.030520][ T6653] RIP: 0033:0x7fef9879ce59 [ 147.030533][ T6653] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 147.030548][ T6653] RSP: 002b:00007fef9969c028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 147.030562][ T6653] RAX: ffffffffffffffda RBX: 00007fef98a16180 RCX: 00007fef9879ce59 [ 147.030573][ T6653] RDX: 0000000000000002 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 147.030582][ T6653] RBP: 00007fef98832d6f R08: 0000000000000000 R09: 0000000000000000 [ 147.030591][ T6653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 147.030599][ T6653] R13: 00007fef98a16218 R14: 00007fef98a16180 R15: 00007fff1d1f7ec8 [ 147.030619][ T6653] [ 147.532056][ T5641] Bluetooth: hci2: command 0x0c1a tx timeout [ 147.539160][ T5641] Bluetooth: hci1: command 0x0c1a tx timeout [ 147.545317][ T5641] Bluetooth: hci3: command 0x0c1a tx timeout [ 148.999593][ T6704] futex_wake_op: syz.1.201 tries to shift op by -2048; fix this program [ 149.909668][ T6715] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 149.922587][ T6715] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 149.934719][ T6715] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 149.947617][ T6715] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 150.098843][ T6725] netlink: 28 bytes leftover after parsing attributes in process `syz.0.206'. [ 150.143746][ T6725] bridge_slave_1: left allmulticast mode [ 150.177068][ T6725] bridge_slave_1: left promiscuous mode [ 150.193327][ T6725] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.281169][ T6725] bridge_slave_0: left allmulticast mode [ 150.291190][ T6725] bridge_slave_0: left promiscuous mode [ 150.333036][ T6725] bridge0: port 1(bridge_slave_0) entered disabled state [ 151.365372][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout [ 152.009594][ T5641] Bluetooth: hci2: command 0x0c1a tx timeout [ 152.009604][ T5628] Bluetooth: hci1: command 0x0c1a tx timeout [ 152.023360][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout [ 152.256730][ T4945] Bluetooth: hci2: unexpected event 0x14 length: 16 > 6 [ 153.881992][ T6787] ICMPv6: process `syz.0.212' is using deprecated sysctl (syscall) net.ipv6.neigh.wg1.retrans_time - use net.ipv6.neigh.wg1.retrans_time_ms instead [ 154.128899][ T6789] sysfs_service_op_store: Client not running :-5: [ 155.127113][ T6802] sysfs_service_op_store: Client not running :-5: [ 155.472469][ T6811] vhci_hcd vhci_hcd.2: default hub control req: 0000 v0000 i0000 l0 [ 155.644123][ T6813] FAULT_INJECTION: forcing a failure. [ 155.644123][ T6813] name failslab, interval 1, probability 0, space 0, times 0 [ 155.699802][ T6813] CPU: 1 UID: 0 PID: 6813 Comm: syz.0.217 Tainted: G L syzkaller #0 PREEMPT(full) [ 155.699848][ T6813] Tainted: [L]=SOFTLOCKUP [ 155.699861][ T6813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 155.699879][ T6813] Call Trace: [ 155.699888][ T6813] [ 155.699898][ T6813] dump_stack_lvl+0x100/0x190 [ 155.699939][ T6813] should_fail_ex.cold+0x5/0xa [ 155.699977][ T6813] should_failslab+0xc2/0x120 [ 155.700014][ T6813] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 155.700046][ T6813] ? append_filter_err+0x3d6/0x620 [ 155.700107][ T6813] kmemdup_nul+0x49/0xd0 [ 155.700139][ T6813] append_filter_err+0x3d6/0x620 [ 155.700187][ T6813] apply_subsystem_event_filter+0x727/0x17b0 [ 155.700243][ T6813] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 155.700292][ T6813] ? _copy_from_user+0x59/0xd0 [ 155.700329][ T6813] subsystem_filter_write+0x95/0x120 [ 155.700371][ T6813] vfs_write+0x2aa/0x1070 [ 155.700408][ T6813] ? __pfx_subsystem_filter_write+0x10/0x10 [ 155.700454][ T6813] ? __pfx_vfs_write+0x10/0x10 [ 155.700483][ T6813] ? do_futex+0x192/0x350 [ 155.700519][ T6813] ? __pfx_do_futex+0x10/0x10 [ 155.700547][ T6813] ? __pfx_do_sys_openat2+0x10/0x10 [ 155.700603][ T6813] ? __x64_sys_futex+0x34f/0x4d0 [ 155.700634][ T6813] ? __x64_sys_futex+0x358/0x4d0 [ 155.700671][ T6813] ksys_write+0x12a/0x250 [ 155.700706][ T6813] ? __pfx_ksys_write+0x10/0x10 [ 155.700742][ T6813] ? rcu_is_watching+0x12/0xc0 [ 155.700784][ T6813] do_syscall_64+0x10b/0xf80 [ 155.700826][ T6813] ? clear_bhb_loop+0x40/0x90 [ 155.700864][ T6813] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.700893][ T6813] RIP: 0033:0x7fef9879ce59 [ 155.700921][ T6813] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 155.700947][ T6813] RSP: 002b:00007fef996bd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 155.700977][ T6813] RAX: ffffffffffffffda RBX: 00007fef98a16090 RCX: 00007fef9879ce59 [ 155.700996][ T6813] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 155.701013][ T6813] RBP: 00007fef98832d6f R08: 0000000000000000 R09: 0000000000000000 [ 155.701030][ T6813] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 155.701046][ T6813] R13: 00007fef98a16128 R14: 00007fef98a16090 R15: 00007fff1d1f7ec8 [ 155.701092][ T6813] [ 157.194912][ T6832] FAULT_INJECTION: forcing a failure. [ 157.194912][ T6832] name failslab, interval 1, probability 0, space 0, times 0 [ 157.223808][ T6832] CPU: 1 UID: 0 PID: 6832 Comm: syz.1.225 Tainted: G L syzkaller #0 PREEMPT(full) [ 157.223850][ T6832] Tainted: [L]=SOFTLOCKUP [ 157.223859][ T6832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 157.223876][ T6832] Call Trace: [ 157.223884][ T6832] [ 157.223895][ T6832] dump_stack_lvl+0x100/0x190 [ 157.223939][ T6832] should_fail_ex.cold+0x5/0xa [ 157.223978][ T6832] should_failslab+0xc2/0x120 [ 157.224012][ T6832] __kmalloc_cache_noprof+0x7a/0x6f0 [ 157.224051][ T6832] ? mpi_alloc+0x46/0x230 [ 157.224086][ T6832] mpi_alloc+0x46/0x230 [ 157.224114][ T6832] rsa_check_payload+0x3b/0xc0 [ 157.224159][ T6832] rsa_enc+0x198/0x3b0 [ 157.224200][ T6832] ? __pfx_rsa_enc+0x10/0x10 [ 157.224240][ T6832] ? __virt_addr_valid+0x239/0x430 [ 157.224281][ T6832] ? sg_init_one+0xf5/0x1b0 [ 157.224320][ T6832] rsassa_pkcs1_verify+0x4eb/0xc20 [ 157.224358][ T6832] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 157.224405][ T6832] ? rsa_max_size+0xd/0x70 [ 157.224441][ T6832] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 157.224475][ T6832] public_key_verify_signature+0x5ee/0x910 [ 157.224508][ T6832] ? __pfx_public_key_verify_signature+0x10/0x10 [ 157.224552][ T6832] ? __kmalloc_noprof+0x320/0x850 [ 157.224584][ T6832] x509_check_for_self_signed+0x325/0x510 [ 157.224619][ T6832] x509_cert_parse+0x60c/0x910 [ 157.224645][ T6832] ? kasan_save_stack+0x3f/0x50 [ 157.224669][ T6832] ? kasan_save_stack+0x30/0x50 [ 157.224692][ T6832] ? kasan_save_track+0x14/0x30 [ 157.224720][ T6832] pkcs7_extract_cert+0xa4/0x380 [ 157.224756][ T6832] asn1_ber_decoder+0x12b3/0x2170 [ 157.224805][ T6832] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 157.224867][ T6832] pkcs7_parse_message+0x289/0x870 [ 157.224904][ T6832] verify_pkcs7_signature+0x30/0xa0 [ 157.224949][ T6832] valid_regdb+0x211/0x590 [ 157.224987][ T6832] ? __pfx_valid_regdb+0x10/0x10 [ 157.225026][ T6832] reg_reload_regdb+0x11a/0x460 [ 157.225064][ T6832] ? __pfx_reg_reload_regdb+0x10/0x10 [ 157.225101][ T6832] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 157.225127][ T6832] ? nl80211_pre_doit+0x19a/0xae0 [ 157.225158][ T6832] genl_family_rcv_msg_doit+0x214/0x300 [ 157.225189][ T6832] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 157.225216][ T6832] ? genl_get_cmd+0x3e7/0x760 [ 157.225265][ T6832] ? bpf_lsm_capable+0x9/0x10 [ 157.225293][ T6832] ? security_capable+0x80/0x260 [ 157.225340][ T6832] genl_rcv_msg+0x560/0x800 [ 157.225369][ T6832] ? __pfx_genl_rcv_msg+0x10/0x10 [ 157.225394][ T6832] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 157.225419][ T6832] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 157.225453][ T6832] ? __pfx_nl80211_post_doit+0x10/0x10 [ 157.225491][ T6832] netlink_rcv_skb+0x159/0x420 [ 157.225529][ T6832] ? __pfx_genl_rcv_msg+0x10/0x10 [ 157.225557][ T6832] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 157.225608][ T6832] ? netlink_deliver_tap+0x1ae/0xcc0 [ 157.225650][ T6832] genl_rcv+0x28/0x40 [ 157.225670][ T6832] netlink_unicast+0x585/0x850 [ 157.225713][ T6832] ? __pfx_netlink_unicast+0x10/0x10 [ 157.225760][ T6832] netlink_sendmsg+0x8b0/0xda0 [ 157.225804][ T6832] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.225840][ T6832] ? __import_iovec+0x1d2/0x640 [ 157.225871][ T6832] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 157.225916][ T6832] ____sys_sendmsg+0x9e1/0xb70 [ 157.225957][ T6832] ? __pfx_netlink_sendmsg+0x10/0x10 [ 157.225998][ T6832] ? __pfx_____sys_sendmsg+0x10/0x10 [ 157.226042][ T6832] ? __pfx_futex_wake_mark+0x10/0x10 [ 157.226083][ T6832] ___sys_sendmsg+0x190/0x1e0 [ 157.226128][ T6832] ? __pfx____sys_sendmsg+0x10/0x10 [ 157.226211][ T6832] __sys_sendmsg+0x170/0x220 [ 157.226243][ T6832] ? __pfx___sys_sendmsg+0x10/0x10 [ 157.226273][ T6832] ? __x64_sys_futex+0x34f/0x4d0 [ 157.226314][ T6832] ? rcu_is_watching+0x12/0xc0 [ 157.226350][ T6832] do_syscall_64+0x10b/0xf80 [ 157.226389][ T6832] ? clear_bhb_loop+0x40/0x90 [ 157.226421][ T6832] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.226447][ T6832] RIP: 0033:0x7fd1a4d9ce59 [ 157.226468][ T6832] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 157.226492][ T6832] RSP: 002b:00007fd1a5bd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 157.226516][ T6832] RAX: ffffffffffffffda RBX: 00007fd1a5015fa0 RCX: 00007fd1a4d9ce59 [ 157.226533][ T6832] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000005 [ 157.226548][ T6832] RBP: 00007fd1a4e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 157.226564][ T6832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 157.226579][ T6832] R13: 00007fd1a5016038 R14: 00007fd1a5015fa0 R15: 00007ffcf9611158 [ 157.226613][ T6832] [ 158.909137][ T4945] block nbd1: Receive control failed (result -32) [ 159.002639][ T6856] netlink: 338 bytes leftover after parsing attributes in process `syz.3.229'. [ 159.088565][ T6856] netlink: 338 bytes leftover after parsing attributes in process `syz.3.229'. [ 159.097730][ T4945] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 159.105236][ T4945] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 159.363076][ T6841] Process accounting resumed [ 159.784994][ T6864] FAULT_INJECTION: forcing a failure. [ 159.784994][ T6864] name failslab, interval 1, probability 0, space 0, times 0 [ 159.827591][ T6864] CPU: 0 UID: 0 PID: 6864 Comm: syz.3.231 Tainted: G L syzkaller #0 PREEMPT(full) [ 159.827636][ T6864] Tainted: [L]=SOFTLOCKUP [ 159.827646][ T6864] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 159.827661][ T6864] Call Trace: [ 159.827670][ T6864] [ 159.827680][ T6864] dump_stack_lvl+0x100/0x190 [ 159.827717][ T6864] should_fail_ex.cold+0x5/0xa [ 159.827764][ T6864] should_failslab+0xc2/0x120 [ 159.827798][ T6864] __kmalloc_cache_noprof+0x7a/0x6f0 [ 159.827838][ T6864] ? apply_subsystem_event_filter+0x54f/0x17b0 [ 159.827879][ T6864] ? append_filter_err+0x43a/0x620 [ 159.827922][ T6864] apply_subsystem_event_filter+0x54f/0x17b0 [ 159.827976][ T6864] ? __pfx_apply_subsystem_event_filter+0x10/0x10 [ 159.828024][ T6864] ? _copy_from_user+0x59/0xd0 [ 159.828059][ T6864] subsystem_filter_write+0x95/0x120 [ 159.828101][ T6864] vfs_write+0x2aa/0x1070 [ 159.828136][ T6864] ? __pfx_subsystem_filter_write+0x10/0x10 [ 159.828178][ T6864] ? __pfx_vfs_write+0x10/0x10 [ 159.828208][ T6864] ? do_futex+0x192/0x350 [ 159.828240][ T6864] ? __pfx_do_futex+0x10/0x10 [ 159.828268][ T6864] ? __pfx_do_sys_openat2+0x10/0x10 [ 159.828322][ T6864] ? __x64_sys_futex+0x34f/0x4d0 [ 159.828350][ T6864] ? __x64_sys_futex+0x358/0x4d0 [ 159.828384][ T6864] ksys_write+0x12a/0x250 [ 159.828414][ T6864] ? __pfx_ksys_write+0x10/0x10 [ 159.828448][ T6864] ? rcu_is_watching+0x12/0xc0 [ 159.828486][ T6864] do_syscall_64+0x10b/0xf80 [ 159.828528][ T6864] ? clear_bhb_loop+0x40/0x90 [ 159.828564][ T6864] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.828592][ T6864] RIP: 0033:0x7fad8879ce59 [ 159.828614][ T6864] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 159.828639][ T6864] RSP: 002b:00007fad8956f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 159.828666][ T6864] RAX: ffffffffffffffda RBX: 00007fad88a16090 RCX: 00007fad8879ce59 [ 159.828685][ T6864] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 159.828701][ T6864] RBP: 00007fad88832d6f R08: 0000000000000000 R09: 0000000000000000 [ 159.828717][ T6864] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 159.828741][ T6864] R13: 00007fad88a16128 R14: 00007fad88a16090 R15: 00007ffdb4f86898 [ 159.828780][ T6864] [ 162.236054][ T6915] random: crng reseeded on system resumption [ 163.378370][ T6924] FAULT_INJECTION: forcing a failure. [ 163.378370][ T6924] name failslab, interval 1, probability 0, space 0, times 0 [ 163.442591][ T6924] CPU: 0 UID: 0 PID: 6924 Comm: syz.0.251 Tainted: G L syzkaller #0 PREEMPT(full) [ 163.442635][ T6924] Tainted: [L]=SOFTLOCKUP [ 163.442645][ T6924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 163.442661][ T6924] Call Trace: [ 163.442670][ T6924] [ 163.442679][ T6924] dump_stack_lvl+0x100/0x190 [ 163.442715][ T6924] should_fail_ex.cold+0x5/0xa [ 163.442751][ T6924] should_failslab+0xc2/0x120 [ 163.442784][ T6924] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 163.442828][ T6924] ? alloc_empty_file+0x5b/0x1c0 [ 163.442867][ T6924] ? __pfx_stack_trace_save+0x10/0x10 [ 163.442910][ T6924] alloc_empty_file+0x5b/0x1c0 [ 163.442952][ T6924] path_openat+0xe8/0x31a0 [ 163.442984][ T6924] ? kasan_save_stack+0x3f/0x50 [ 163.443011][ T6924] ? kasan_save_stack+0x30/0x50 [ 163.443040][ T6924] ? kasan_save_track+0x14/0x30 [ 163.443066][ T6924] ? __kasan_slab_alloc+0x89/0x90 [ 163.443093][ T6924] ? kmem_cache_alloc_noprof+0x241/0x6e0 [ 163.443136][ T6924] ? do_getname+0x35/0x390 [ 163.443174][ T6924] ? do_sys_openat2+0xc5/0x1e0 [ 163.443215][ T6924] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.443248][ T6924] ? __pfx_path_openat+0x10/0x10 [ 163.443295][ T6924] do_file_open+0x20e/0x430 [ 163.443333][ T6924] ? __pfx_do_file_open+0x10/0x10 [ 163.443393][ T6924] ? alloc_fd+0x476/0x790 [ 163.443430][ T6924] ? do_getname+0x191/0x390 [ 163.443482][ T6924] do_sys_openat2+0x10d/0x1e0 [ 163.443521][ T6924] ? __pfx_do_sys_openat2+0x10/0x10 [ 163.443574][ T6924] __x64_sys_openat+0x12d/0x210 [ 163.443617][ T6924] ? __pfx___x64_sys_openat+0x10/0x10 [ 163.443665][ T6924] ? rcu_is_watching+0x12/0xc0 [ 163.443704][ T6924] do_syscall_64+0x10b/0xf80 [ 163.443746][ T6924] ? clear_bhb_loop+0x40/0x90 [ 163.443780][ T6924] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 163.443807][ T6924] RIP: 0033:0x7fef9879ce59 [ 163.443830][ T6924] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 163.443855][ T6924] RSP: 002b:00007fef996de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 163.443881][ T6924] RAX: ffffffffffffffda RBX: 00007fef98a15fa0 RCX: 00007fef9879ce59 [ 163.443898][ T6924] RDX: 0000000000090800 RSI: 00002000000000c0 RDI: ffffffffffffff9c [ 163.443916][ T6924] RBP: 00007fef98832d6f R08: 0000000000000000 R09: 0000000000000000 [ 163.443932][ T6924] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 163.443948][ T6924] R13: 00007fef98a16038 R14: 00007fef98a15fa0 R15: 00007fff1d1f7ec8 [ 163.443983][ T6924] [ 163.836214][ T5641] block nbd2: Receive control failed (result -32) [ 164.724780][ T6953] FAULT_INJECTION: forcing a failure. [ 164.724780][ T6953] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 164.738197][ T6953] CPU: 0 UID: 0 PID: 6953 Comm: syz.2.247 Tainted: G L syzkaller #0 PREEMPT(full) [ 164.738237][ T6953] Tainted: [L]=SOFTLOCKUP [ 164.738246][ T6953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 164.738262][ T6953] Call Trace: [ 164.738270][ T6953] [ 164.738281][ T6953] dump_stack_lvl+0x100/0x190 [ 164.738317][ T6953] should_fail_ex.cold+0x5/0xa [ 164.738354][ T6953] _copy_from_user+0x2e/0xd0 [ 164.738385][ T6953] get_itimerspec64+0x16c/0x2f0 [ 164.738430][ T6953] ? __pfx_get_itimerspec64+0x10/0x10 [ 164.738473][ T6953] ? __pfx_do_futex+0x10/0x10 [ 164.738511][ T6953] __x64_sys_timerfd_settime+0x15f/0x280 [ 164.738543][ T6953] ? __pfx___x64_sys_timerfd_settime+0x10/0x10 [ 164.738583][ T6953] ? xfd_validate_state+0x129/0x190 [ 164.738620][ T6953] ? rcu_is_watching+0x12/0xc0 [ 164.738656][ T6953] do_syscall_64+0x10b/0xf80 [ 164.738696][ T6953] ? clear_bhb_loop+0x40/0x90 [ 164.738731][ T6953] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.738758][ T6953] RIP: 0033:0x7f846879ce59 [ 164.738779][ T6953] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 164.738803][ T6953] RSP: 002b:00007f84669b4028 EFLAGS: 00000246 ORIG_RAX: 000000000000011e [ 164.738829][ T6953] RAX: ffffffffffffffda RBX: 00007f8468a16180 RCX: 00007f846879ce59 [ 164.738847][ T6953] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000d [ 164.738864][ T6953] RBP: 00007f8468832d6f R08: 0000000000000000 R09: 0000000000000000 [ 164.738880][ T6953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 164.738897][ T6953] R13: 00007f8468a16218 R14: 00007f8468a16180 R15: 00007fff2a6bcd88 [ 164.738934][ T6953] [ 165.303834][ T6961] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 165.456607][ T6967] netlink: 302 bytes leftover after parsing attributes in process `syz.3.252'. [ 165.845309][ T6978] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 165.851822][ T6978] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 166.070195][ T6985] bond0: option arp_interval: invalid value () [ 166.088109][ T6985] bond0: option arp_interval: allowed values 0 - 2147483647 [ 166.472641][ T6991] kafs: addr_prefs: Invalid Command [ 166.846042][ T6997] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 168.290684][ T7032] bond0: option arp_interval: invalid value () [ 168.308672][ T7032] bond0: option arp_interval: allowed values 0 - 2147483647 [ 168.477090][ T7034] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 168.483583][ T7034] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 168.743313][ T7019] FAULT_INJECTION: forcing a failure. [ 168.743313][ T7019] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 168.805956][ T7019] CPU: 0 UID: 0 PID: 7019 Comm: syz.3.267 Tainted: G L syzkaller #0 PREEMPT(full) [ 168.806002][ T7019] Tainted: [L]=SOFTLOCKUP [ 168.806009][ T7019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 168.806073][ T7019] Call Trace: [ 168.806081][ T7019] [ 168.806087][ T7019] dump_stack_lvl+0x100/0x190 [ 168.806109][ T7019] should_fail_ex.cold+0x5/0xa [ 168.806129][ T7019] _copy_from_user+0x2e/0xd0 [ 168.806146][ T7019] get_itimerspec64+0x16c/0x2f0 [ 168.806170][ T7019] ? __pfx_get_itimerspec64+0x10/0x10 [ 168.806192][ T7019] ? __pfx_do_futex+0x10/0x10 [ 168.806213][ T7019] __x64_sys_timerfd_settime+0x15f/0x280 [ 168.806229][ T7019] ? __pfx___x64_sys_timerfd_settime+0x10/0x10 [ 168.806246][ T7019] ? xfd_validate_state+0x129/0x190 [ 168.806268][ T7019] ? rcu_is_watching+0x12/0xc0 [ 168.806288][ T7019] do_syscall_64+0x10b/0xf80 [ 168.806309][ T7019] ? clear_bhb_loop+0x40/0x90 [ 168.806327][ T7019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.806342][ T7019] RIP: 0033:0x7fad8879ce59 [ 168.806355][ T7019] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 168.806369][ T7019] RSP: 002b:00007fad89590028 EFLAGS: 00000246 ORIG_RAX: 000000000000011e [ 168.806384][ T7019] RAX: ffffffffffffffda RBX: 00007fad88a15fa0 RCX: 00007fad8879ce59 [ 168.806394][ T7019] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000d [ 168.806402][ T7019] RBP: 00007fad88832d6f R08: 0000000000000000 R09: 0000000000000000 [ 168.806411][ T7019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 168.806419][ T7019] R13: 00007fad88a16038 R14: 00007fad88a15fa0 R15: 00007ffdb4f86898 [ 168.806438][ T7019] [ 170.008648][ T7064] random: crng reseeded on system resumption [ 171.161465][ T7085] netlink: 28 bytes leftover after parsing attributes in process `syz.3.283'. [ 172.291875][ T7101] zswap: compressor not available [ 173.023731][ T7117] random: crng reseeded on system resumption [ 175.132071][ T7142] cgroup: fork rejected by pids controller in /syz2 [ 175.321174][ T7177] zswap: compressor not available [ 175.445080][ T7196] bridge0: port 4(bond0) entered blocking state [ 175.460285][ T7196] bridge0: port 4(bond0) entered disabled state [ 175.473811][ T7196] bond0: entered allmulticast mode [ 175.486784][ T7196] bond_slave_0: entered allmulticast mode [ 175.498521][ T7196] bond_slave_1: entered allmulticast mode [ 175.519091][ T7196] bond0: entered promiscuous mode [ 175.530156][ T7196] bond_slave_0: entered promiscuous mode [ 175.537856][ T7196] bond_slave_1: entered promiscuous mode [ 175.554714][ T7196] bridge0: port 4(bond0) entered blocking state [ 175.561151][ T7196] bridge0: port 4(bond0) entered forwarding state [ 175.621769][ T5641] Bluetooth: hci0: unexpected event 0x1c length: 725 > 5 [ 175.760799][ T7215] FAULT_INJECTION: forcing a failure. [ 175.760799][ T7215] name failslab, interval 1, probability 0, space 0, times 0 [ 175.830548][ T7215] CPU: 1 UID: 0 PID: 7215 Comm: syz.3.306 Tainted: G L syzkaller #0 PREEMPT(full) [ 175.830594][ T7215] Tainted: [L]=SOFTLOCKUP [ 175.830604][ T7215] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 175.830620][ T7215] Call Trace: [ 175.830629][ T7215] [ 175.830639][ T7215] dump_stack_lvl+0x100/0x190 [ 175.830674][ T7215] should_fail_ex.cold+0x5/0xa [ 175.830709][ T7215] ? sk_prot_alloc+0x10b/0x2a0 [ 175.830746][ T7215] should_failslab+0xc2/0x120 [ 175.830778][ T7215] __kmalloc_noprof+0xe0/0x850 [ 175.830812][ T7215] sk_prot_alloc+0x10b/0x2a0 [ 175.830854][ T7215] sk_alloc+0x36/0xe80 [ 175.830887][ T7215] __netlink_create+0x5e/0x2c0 [ 175.830921][ T7215] ? __wake_up+0x3f/0x60 [ 175.830967][ T7215] netlink_create+0x29b/0x610 [ 175.831004][ T7215] ? __pfx_genl_bind+0x10/0x10 [ 175.831044][ T7215] ? __pfx_genl_unbind+0x10/0x10 [ 175.831083][ T7215] ? __pfx_genl_release+0x10/0x10 [ 175.831112][ T7215] __sock_create+0x339/0x860 [ 175.831158][ T7215] __sys_socket+0x14d/0x260 [ 175.831196][ T7215] ? exc_page_fault+0x6f/0xd0 [ 175.831237][ T7215] ? __pfx___sys_socket+0x10/0x10 [ 175.831291][ T7215] __x64_sys_socket+0x72/0xb0 [ 175.831314][ T7215] ? lockdep_hardirqs_on+0x78/0x100 [ 175.831356][ T7215] do_syscall_64+0x10b/0xf80 [ 175.831397][ T7215] ? clear_bhb_loop+0x40/0x90 [ 175.831430][ T7215] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.831467][ T7215] RIP: 0033:0x7fad8879e6c7 [ 175.831490][ T7215] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 175.831518][ T7215] RSP: 002b:00007fad8956df98 EFLAGS: 00000286 ORIG_RAX: 0000000000000029 [ 175.831546][ T7215] RAX: ffffffffffffffda RBX: 00007fad88a16090 RCX: 00007fad8879e6c7 [ 175.831565][ T7215] RDX: 0000000000000010 RSI: 0000000000000003 RDI: 0000000000000010 [ 175.831581][ T7215] RBP: 00000000ffffffff R08: 0000000000000000 R09: 0000000000000000 [ 175.831597][ T7215] R10: 0000200000000180 R11: 0000000000000286 R12: 0000000000000000 [ 175.831615][ T7215] R13: 00007fad88a16128 R14: 00007fad88a16090 R15: 00007ffdb4f86898 [ 175.831652][ T7215] [ 176.327529][ T7248] random: crng reseeded on system resumption [ 178.055230][ T7281] zswap: compressor not available [ 178.315135][ T5641] Bluetooth: hci2: unexpected subevent 0x01 length: 123 > 18 [ 178.322642][ T5641] Bluetooth: hci2: Invalid handle: 0x3a4a > 0x0eff [ 178.367849][ T7293] futex_wake_op: syz.3.318 tries to shift op by -2048; fix this program [ 178.413295][ T7293] futex_wake_op: syz.3.318 tries to shift op by -2048; fix this program [ 182.489040][ T7265] Process accounting resumed [ 182.762870][ T7338] input: jJǸ-9%vlQ J86 as /devices/virtual/input/input5 [ 183.183549][ T7344] futex_wake_op: syz.0.333 tries to shift op by -2048; fix this program [ 183.204826][ T7344] futex_wake_op: syz.0.333 tries to shift op by -2048; fix this program [ 185.036449][ T7369] NFSD: Failed to start, no listeners configured. [ 185.710509][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 185.718913][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 186.200943][ T7382] ubi0: attaching mtd0 [ 186.219507][ T7382] ubi0: scanning is finished [ 186.277761][ T7376] Process accounting resumed [ 186.764842][ T7388] [ 186.786472][ T5641] Bluetooth: hci2: unexpected event 0x04 length: 64 > 10 [ 186.789128][ T5641] Bluetooth: hci2: connection err: -111 [ 186.922375][ T7382] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 186.956712][ T7382] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 187.003583][ T7382] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 187.027577][ T7386] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 187.041369][ T7382] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 187.062856][ T7386] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 187.069966][ T7382] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 187.104262][ T7382] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 187.148719][ T7382] ubi0: max/mean erase counter: 1/1, WL threshold: 4096, image sequence number: 3413360672 [ 187.189820][ T7382] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 187.233101][ T7395] ubi0: background thread "ubi_bgt0d" started, PID 7395 [ 187.233602][ T7384] ubi0: detaching mtd0 [ 187.258984][ T7386] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 187.330212][ T7384] ubi0: mtd0 is detached [ 187.373679][ T7386] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 188.901955][ T5641] Bluetooth: hci0: command 0x0c1a tx timeout [ 189.143488][ T5641] Bluetooth: hci1: command 0x0c1a tx timeout [ 189.302129][ T5641] Bluetooth: hci2: command 0x0c1a tx timeout [ 189.382186][ T5641] Bluetooth: hci3: command 0x0c1a tx timeout [ 190.141545][ T7428] random: crng reseeded on system resumption [ 190.897085][ T7446] random: crng reseeded on system resumption [ 191.201806][ T5641] Bluetooth: hci3: unexpected event 0x04 length: 64 > 10 [ 191.201878][ T5641] Bluetooth: hci3: connection err: -111 [ 191.393401][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 191.400959][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 191.775471][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 191.783724][ T5641] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 194.052693][ T7452] Process accounting resumed [ 194.269141][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.269220][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.644944][ T7457] Process accounting resumed [ 195.001390][ T5641] Bluetooth: hci1: unexpected event 0x04 length: 64 > 10 [ 195.001441][ T5641] Bluetooth: hci1: connection err: -111 [ 195.323141][ C1] sd 0:0:1:0: [sda] tag#1181 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 195.333611][ C1] sd 0:0:1:0: [sda] tag#1181 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 196.135670][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 196.143721][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 196.862211][ T7505] Process accounting resumed [ 196.951725][ T7530] random: crng reseeded on system resumption [ 200.635751][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 200.635789][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 200.832029][ T7584] random: crng reseeded on system resumption [ 201.650674][ T7571] Process accounting resumed [ 202.565220][ T7613] random: crng reseeded on system resumption [ 203.971099][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 203.978575][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 204.755401][ T7625] Process accounting resumed [ 204.885179][ T7643] random: crng reseeded on system resumption [ 206.585717][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 206.593458][ T5641] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 207.771508][ T7655] Process accounting resumed [ 208.453489][ C1] sd 0:0:1:0: [sda] tag#1180 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 208.464017][ C1] sd 0:0:1:0: [sda] tag#1180 CDB: Write(6) 0a 00 00 00 0b 00 00 00 00 00 00 00 [ 208.477598][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 208.485404][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 209.599816][ T7697] random: crng reseeded on system resumption [ 210.359204][ T4945] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 210.369926][ T4945] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 210.379342][ T4945] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 210.387386][ T4945] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 210.399074][ T4945] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 212.434633][ T5641] Bluetooth: hci4: command tx timeout [ 213.607012][ T7170] Process accounting paused [ 213.714469][ T7684] Process accounting resumed [ 214.021617][ T7705] bridge0: port 1(bridge_slave_0) entered blocking state [ 214.040126][ T7705] bridge0: port 1(bridge_slave_0) entered disabled state [ 214.056130][ T7705] bridge_slave_0: entered allmulticast mode [ 214.077085][ T7705] bridge_slave_0: entered promiscuous mode [ 214.096621][ T7705] bridge0: port 2(bridge_slave_1) entered blocking state [ 214.112769][ T7705] bridge0: port 2(bridge_slave_1) entered disabled state [ 214.130690][ T7705] bridge_slave_1: entered allmulticast mode [ 214.147805][ T7705] bridge_slave_1: entered promiscuous mode [ 214.276871][ T7705] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 214.301093][ T7705] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 214.374455][ T7705] team0: Port device team_slave_0 added [ 214.392434][ T7705] team0: Port device team_slave_1 added [ 214.449065][ T7705] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 214.462082][ T7705] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 214.504614][ T7705] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 214.515308][ T5641] Bluetooth: hci4: command tx timeout [ 214.537568][ T7705] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 214.554795][ T7705] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 214.591234][ T7705] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 215.002616][ T7705] hsr_slave_0: entered promiscuous mode [ 215.012593][ T7705] hsr_slave_1: entered promiscuous mode [ 215.021366][ T7705] debugfs: 'hsr0' already exists in 'hsr' [ 215.028940][ T7705] Cannot create hsr debugfs directory [ 216.403746][ T7705] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 216.458622][ T7705] 8021q: adding VLAN 0 to HW filter on device netdevsim0 [ 216.476515][ T7705] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 216.548193][ T7705] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 216.566786][ T7705] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 216.595894][ T5641] Bluetooth: hci4: command tx timeout [ 216.835143][ T7705] 8021q: adding VLAN 0 to HW filter on device netdevsim2 [ 216.859133][ T7705] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 216.948649][ T7705] 8021q: adding VLAN 0 to HW filter on device netdevsim3 [ 217.220120][ T3280] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 217.648961][ T7705] 8021q: adding VLAN 0 to HW filter on device bond0 [ 217.694996][ T7705] 8021q: adding VLAN 0 to HW filter on device team0 [ 217.723760][ T47] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.730964][ T47] bridge0: port 1(bridge_slave_0) entered forwarding state [ 217.984694][ T3280] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.055826][ T1046] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.063013][ T1046] bridge0: port 2(bridge_slave_1) entered forwarding state [ 218.608162][ T3280] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 218.678705][ T5641] Bluetooth: hci4: command tx timeout [ 219.002823][ T3280] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 219.262071][ T7705] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 220.249545][ T3280] bridge_slave_1: left allmulticast mode [ 220.256225][ T3280] bridge_slave_1: left promiscuous mode [ 220.275814][ T3280] bridge0: port 2(bridge_slave_1) entered disabled state [ 220.376684][ T3280] bridge_slave_0: left allmulticast mode [ 220.392220][ T3280] bridge_slave_0: left promiscuous mode [ 220.403479][ T3280] bridge0: port 1(bridge_slave_0) entered disabled state [ 221.171987][ T3280] bond0 (unregistering): (slave ): Releasing backup interface [ 221.226793][ T3280] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 221.274417][ T3280] bond0 (unregistering): Released all slaves [ 221.433674][ T5289] 8021q: adding VLAN 0 to HW filter on device eth1 [ 221.665581][ T7705] veth0_vlan: entered promiscuous mode [ 221.681097][ T7705] veth1_vlan: entered promiscuous mode [ 221.741706][ T7705] veth0_macvtap: entered promiscuous mode [ 221.755265][ T7705] veth1_macvtap: entered promiscuous mode [ 221.792913][ T7705] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 221.826072][ T7705] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 221.851305][ T3373] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.873859][ T3373] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 221.973888][ T3373] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.067765][ T3373] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 222.275264][ T165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.301012][ T165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.345238][ T3373] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 222.354005][ T3373] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 222.444441][ T5289] 8021q: adding VLAN 0 to HW filter on device eth2 [ 224.269092][ T5289] 8021q: adding VLAN 0 to HW filter on device eth3 [ 224.380522][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 224.388062][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 224.713189][ T7838] futex_wake_op: syz.0.417 tries to shift op by -2048; fix this program [ 225.405839][ T3280] hsr_slave_0: left promiscuous mode [ 225.424440][ T3280] hsr_slave_1: left promiscuous mode [ 225.435401][ T3280] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 225.443442][ T3280] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 225.452756][ T3280] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 225.460641][ T3280] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 225.557291][ T3280] veth1_macvtap: left promiscuous mode [ 225.573522][ T3280] veth0_macvtap: left promiscuous mode [ 225.587625][ T3280] veth1_vlan: left promiscuous mode [ 225.601380][ T3280] veth0_vlan: left promiscuous mode [ 225.604744][ T7857] random: crng reseeded on system resumption [ 226.685225][ T3280] team0 (unregistering): Port device team_slave_1 removed [ 226.768459][ T3280] team0 (unregistering): Port device team_slave_0 removed [ 226.823162][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 226.830643][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 226.988012][ T5289] 8021q: adding VLAN 0 to HW filter on device eth4 [ 227.280825][ T7824] Process accounting resumed [ 227.508400][ T7897] futex_wake_op: syz.0.429 tries to shift op by -2048; fix this program [ 228.196078][ T7880] Process accounting resumed [ 229.314425][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 229.321892][ T4945] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 229.853642][ T7953] random: crng reseeded on system resumption [ 230.131364][ T7925] Process accounting resumed [ 231.342111][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 231.349755][ T4945] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 231.563934][ T7993] random: crng reseeded on system resumption [ 232.092936][ T7980] Process accounting resumed [ 233.035942][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 233.035982][ T5641] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 233.659313][ T8019] Process accounting resumed [ 234.433643][ T4945] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 234.441779][ T4945] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 234.859708][ T8050] Process accounting resumed [ 235.370824][ T8023] Process accounting paused [ 235.394367][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 235.404041][ T4945] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 235.554758][ T8080] random: crng reseeded on system resumption [ 235.898601][ T8064] Process accounting resumed [ 236.845329][ T8103] random: crng reseeded on system resumption [ 237.064583][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 237.072091][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 237.870208][ T4945] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 237.879425][ T4945] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 238.786904][ T8101] Process accounting resumed [ 238.920591][ T8121] Process accounting resumed [ 240.053687][ T8191] random: crng reseeded on system resumption [ 240.275243][ T4945] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 240.282785][ T4945] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 240.373336][ T4945] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 240.380973][ T4945] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 241.519650][ T8185] Process accounting resumed [ 241.687259][ T8187] Process accounting resumed [ 241.711661][ T8231] random: crng reseeded on system resumption [ 242.221055][ T8239] binder: 8234:8239 ioctl c0306201 0 returned -14 [ 242.516376][ T4945] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 242.523937][ T4945] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 242.812649][ T4945] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 242.821145][ T4945] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 243.808210][ T8245] Process accounting resumed [ 244.192497][ T4945] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 244.200015][ T4945] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 244.256366][ T8256] Process accounting resumed [ 244.396701][ T8261] Process accounting resumed [ 244.582857][ T4945] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 244.582897][ T4945] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 244.980166][ T8332] FAULT_INJECTION: forcing a failure. [ 244.980166][ T8332] name failslab, interval 1, probability 0, space 0, times 0 [ 245.005502][ T8332] CPU: 1 UID: 0 PID: 8332 Comm: syz.4.494 Tainted: G L syzkaller #0 PREEMPT(full) [ 245.005546][ T8332] Tainted: [L]=SOFTLOCKUP [ 245.005555][ T8332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 245.005575][ T8332] Call Trace: [ 245.005584][ T8332] [ 245.005593][ T8332] dump_stack_lvl+0x100/0x190 [ 245.005629][ T8332] should_fail_ex.cold+0x5/0xa [ 245.005664][ T8332] ? tomoyo_realpath_from_path+0xb6/0x690 [ 245.005704][ T8332] should_failslab+0xc2/0x120 [ 245.005737][ T8332] __kmalloc_noprof+0xe0/0x850 [ 245.005762][ T8332] ? kfree+0x1dd/0x6c0 [ 245.005807][ T8332] tomoyo_realpath_from_path+0xb6/0x690 [ 245.005853][ T8332] tomoyo_path_number_perm+0x23c/0x580 [ 245.005883][ T8332] ? tomoyo_path_number_perm+0x22e/0x580 [ 245.005917][ T8332] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 245.005948][ T8332] ? futex_wake+0x1ad/0x530 [ 245.006026][ T8332] ? find_held_lock+0x2b/0x80 [ 245.006066][ T8332] ? __fget_files+0x215/0x3d0 [ 245.006096][ T8332] ? hook_file_ioctl_common+0x149/0x410 [ 245.006127][ T8332] ? __fget_files+0x215/0x3d0 [ 245.006166][ T8332] ? __fget_files+0x21f/0x3d0 [ 245.006206][ T8332] security_file_ioctl+0xd3/0x230 [ 245.006238][ T8332] __x64_sys_ioctl+0xb7/0x210 [ 245.006270][ T8332] do_syscall_64+0x10b/0xf80 [ 245.006312][ T8332] ? clear_bhb_loop+0x40/0x90 [ 245.006348][ T8332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.006377][ T8332] RIP: 0033:0x7ff4f0b9ce59 [ 245.006399][ T8332] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 245.006425][ T8332] RSP: 002b:00007ff4f1ad1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 245.006457][ T8332] RAX: ffffffffffffffda RBX: 00007ff4f0e15fa0 RCX: 00007ff4f0b9ce59 [ 245.006474][ T8332] RDX: 0000200000000380 RSI: 0000000000002287 RDI: 0000000000000007 [ 245.006488][ T8332] RBP: 00007ff4f0c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 245.006502][ T8332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 245.006515][ T8332] R13: 00007ff4f0e16038 R14: 00007ff4f0e15fa0 R15: 00007fff23fb9b68 [ 245.006545][ T8332] [ 245.006625][ T8332] ERROR: Out of memory at tomoyo_realpath_from_path. [ 245.707734][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 245.715252][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 245.775206][ T8345] Process accounting resumed [ 245.831881][ T8301] Process accounting resumed [ 246.105564][ T8307] Process accounting resumed [ 246.249372][ T8361] FAULT_INJECTION: forcing a failure. [ 246.249372][ T8361] name failslab, interval 1, probability 0, space 0, times 0 [ 246.280720][ T8361] CPU: 1 UID: 0 PID: 8361 Comm: syz.1.509 Tainted: G L syzkaller #0 PREEMPT(full) [ 246.280762][ T8361] Tainted: [L]=SOFTLOCKUP [ 246.280771][ T8361] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 246.280786][ T8361] Call Trace: [ 246.280795][ T8361] [ 246.280805][ T8361] dump_stack_lvl+0x100/0x190 [ 246.280838][ T8361] should_fail_ex.cold+0x5/0xa [ 246.280880][ T8361] should_failslab+0xc2/0x120 [ 246.280912][ T8361] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 246.280954][ T8361] ? security_inode_alloc+0x3b/0x2c0 [ 246.280982][ T8361] ? lockdep_init_map_type+0x5c/0x250 [ 246.281015][ T8361] security_inode_alloc+0x3b/0x2c0 [ 246.281045][ T8361] inode_init_always_gfp+0xcc0/0x1000 [ 246.281084][ T8361] alloc_inode+0x8e/0x250 [ 246.281125][ T8361] new_inode+0x22/0x1c0 [ 246.281169][ T8361] __debugfs_create_file+0x105/0x4f0 [ 246.281217][ T8361] debugfs_create_file_full+0x41/0x60 [ 246.281264][ T8361] ref_tracker_dir_debugfs+0x19e/0x2e0 [ 246.281299][ T8361] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 246.281369][ T8361] ? lockdep_init_map_type+0x5c/0x250 [ 246.281403][ T8361] preinit_net.part.0+0x43b/0x920 [ 246.281441][ T8361] copy_net_ns+0x339/0x7c0 [ 246.281481][ T8361] create_new_namespaces+0x3ea/0xac0 [ 246.281525][ T8361] unshare_nsproxy_namespaces+0xf2/0x220 [ 246.281564][ T8361] ksys_unshare+0x438/0xab0 [ 246.281607][ T8361] ? __pfx_ksys_unshare+0x10/0x10 [ 246.281643][ T8361] ? xfd_validate_state+0x129/0x190 [ 246.281685][ T8361] __x64_sys_unshare+0x31/0x40 [ 246.281724][ T8361] do_syscall_64+0x10b/0xf80 [ 246.281764][ T8361] ? clear_bhb_loop+0x40/0x90 [ 246.281797][ T8361] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.281826][ T8361] RIP: 0033:0x7fd1a4d9ce59 [ 246.281848][ T8361] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 246.281878][ T8361] RSP: 002b:00007fd1a5b93028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 246.281904][ T8361] RAX: ffffffffffffffda RBX: 00007fd1a5016180 RCX: 00007fd1a4d9ce59 [ 246.281923][ T8361] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000040000080 [ 246.281939][ T8361] RBP: 00007fd1a4e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 246.281956][ T8361] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 246.281972][ T8361] R13: 00007fd1a5016218 R14: 00007fd1a5016180 R15: 00007ffcf9611158 [ 246.282009][ T8361] [ 246.282061][ T8361] debugfs: out of free dentries, can not create file 'net_notrefcnt@ffff8880787e29b8' [ 246.582973][ T8370] random: crng reseeded on system resumption [ 247.408179][ T8383] binder: 8379:8383 ioctl c0306201 0 returned -14 [ 247.738021][ T8367] Process accounting resumed [ 248.134193][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 248.143317][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 248.159161][ T8397] random: crng reseeded on system resumption [ 250.042359][ T8430] binder: 8427:8430 ioctl c0306201 0 returned -14 [ 250.314475][ T8445] random: crng reseeded on system resumption [ 250.506991][ T8440] Process accounting resumed [ 250.693950][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 250.701411][ T5641] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 252.297223][ T8483] random: crng reseeded on system resumption [ 252.760156][ T8485] binder: 8482:8485 ioctl c0306201 0 returned -14 [ 253.583340][ T4945] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 253.590889][ T4945] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 253.649229][ T8517] netlink: 302 bytes leftover after parsing attributes in process `syz.0.532'. [ 254.095227][ T8529] random: crng reseeded on system resumption [ 255.747835][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.758003][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.711086][ T8576] random: crng reseeded on system resumption [ 258.116163][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 258.135642][ T4945] Bluetooth: hci3: unexpected event 0x05 length: 6 > 4 [ 258.447171][ T4945] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 258.461886][ T4945] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 258.648846][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 258.656309][ T4945] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 258.998817][ T8606] Process accounting resumed [ 259.585802][ T8638] random: crng reseeded on system resumption [ 260.137582][ T4945] Bluetooth: hci3: command 0x0c1a tx timeout [ 260.674458][ T8656] random: crng reseeded on system resumption [ 261.618556][ T4945] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 261.625995][ T4945] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 262.931911][ T8672] Process accounting resumed [ 263.316070][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 263.352357][ T5641] Bluetooth: hci1: unexpected event 0x05 length: 6 > 4 [ 264.927251][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 264.942250][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 265.343770][ T4945] Bluetooth: hci1: command 0x0c1a tx timeout [ 266.363847][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 266.373819][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 266.973439][ T8756] Process accounting resumed [ 267.028219][ T4945] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 267.069250][ T4945] Bluetooth: hci0: unexpected event 0x05 length: 6 > 4 [ 267.214783][ T8777] random: crng reseeded on system resumption [ 267.988827][ T8793] random: crng reseeded on system resumption [ 269.118960][ T4945] Bluetooth: hci0: command 0x0c1a tx timeout [ 269.758426][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 269.766789][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 270.384705][ T8818] Process accounting resumed [ 270.616544][ T8843] capability: warning: `syz.3.601' uses 32-bit capabilities (legacy support in use) [ 270.648624][ T8846] random: crng reseeded on system resumption [ 271.578723][ T8858] netlink: 202 bytes leftover after parsing attributes in process `syz.3.606'. [ 272.665382][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 272.672889][ T5641] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 273.789356][ T8876] Process accounting resumed [ 273.819651][ T8893] random: crng reseeded on system resumption [ 273.991386][ T8903] random: crng reseeded on system resumption [ 275.032393][ T8918] netlink: 4 bytes leftover after parsing attributes in process `syz.0.618'. [ 276.253228][ T8906] Process accounting paused [ 277.089138][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 277.096725][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 277.337823][ T8951] random: crng reseeded on system resumption [ 277.564838][ T8959] random: crng reseeded on system resumption [ 278.303845][ T8928] Process accounting resumed [ 278.522792][ T8969] NOTICE: Automounting of tracing to debugfs is deprecated and will be removed in 2030 [ 278.713919][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 278.721545][ T5641] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 279.281680][ T8983] netlink: 4 bytes leftover after parsing attributes in process `syz.3.636'. [ 279.974852][ T8972] Process accounting resumed [ 282.755891][ T9051] random: crng reseeded on system resumption [ 283.715394][ T9067] random: crng reseeded on system resumption [ 285.439577][ T9102] FAULT_INJECTION: forcing a failure. [ 285.439577][ T9102] name failslab, interval 1, probability 0, space 0, times 0 [ 285.480255][ T9102] CPU: 0 UID: 0 PID: 9102 Comm: syz.1.664 Tainted: G L syzkaller #0 PREEMPT(full) [ 285.480302][ T9102] Tainted: [L]=SOFTLOCKUP [ 285.480313][ T9102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 285.480330][ T9102] Call Trace: [ 285.480339][ T9102] [ 285.480350][ T9102] dump_stack_lvl+0x100/0x190 [ 285.480386][ T9102] should_fail_ex.cold+0x5/0xa [ 285.480430][ T9102] ? mpi_alloc_limb_space+0x31/0x60 [ 285.480460][ T9102] should_failslab+0xc2/0x120 [ 285.480492][ T9102] __kmalloc_noprof+0xe0/0x850 [ 285.480525][ T9102] mpi_alloc_limb_space+0x31/0x60 [ 285.480555][ T9102] mpi_powm+0x436/0x1e50 [ 285.480599][ T9102] ? __pfx_mpi_powm+0x10/0x10 [ 285.480626][ T9102] ? mpi_free+0xa0/0x150 [ 285.480650][ T9102] ? mpi_free+0xe1/0x150 [ 285.480675][ T9102] ? kfree+0x223/0x6c0 [ 285.480719][ T9102] ? mpi_free+0xe6/0x150 [ 285.480750][ T9102] rsa_enc+0x1fe/0x3b0 [ 285.480795][ T9102] ? __pfx_rsa_enc+0x10/0x10 [ 285.480838][ T9102] ? __virt_addr_valid+0x239/0x430 [ 285.480883][ T9102] ? sg_init_one+0xf5/0x1b0 [ 285.480925][ T9102] rsassa_pkcs1_verify+0x4eb/0xc20 [ 285.480965][ T9102] ? __pfx_rsassa_pkcs1_verify+0x10/0x10 [ 285.481013][ T9102] ? rsa_max_size+0xd/0x70 [ 285.481052][ T9102] ? rsassa_pkcs1_set_pub_key+0x17d/0x1f0 [ 285.481088][ T9102] public_key_verify_signature+0x5ee/0x910 [ 285.481124][ T9102] ? __pfx_public_key_verify_signature+0x10/0x10 [ 285.481172][ T9102] ? __kmalloc_noprof+0x320/0x850 [ 285.481209][ T9102] x509_check_for_self_signed+0x325/0x510 [ 285.481250][ T9102] x509_cert_parse+0x60c/0x910 [ 285.481278][ T9102] ? kasan_save_stack+0x3f/0x50 [ 285.481305][ T9102] ? kasan_save_stack+0x30/0x50 [ 285.481332][ T9102] ? kasan_save_track+0x14/0x30 [ 285.481362][ T9102] pkcs7_extract_cert+0xa4/0x380 [ 285.481409][ T9102] asn1_ber_decoder+0x12b3/0x2170 [ 285.481464][ T9102] ? __pfx_asn1_ber_decoder+0x10/0x10 [ 285.481531][ T9102] pkcs7_parse_message+0x289/0x870 [ 285.481573][ T9102] verify_pkcs7_signature+0x30/0xa0 [ 285.481609][ T9102] valid_regdb+0x211/0x590 [ 285.481649][ T9102] ? __pfx_valid_regdb+0x10/0x10 [ 285.481693][ T9102] reg_reload_regdb+0x11a/0x460 [ 285.481731][ T9102] ? __pfx_reg_reload_regdb+0x10/0x10 [ 285.481772][ T9102] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 285.481800][ T9102] ? nl80211_pre_doit+0x19a/0xae0 [ 285.481834][ T9102] genl_family_rcv_msg_doit+0x214/0x300 [ 285.481868][ T9102] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 285.481897][ T9102] ? genl_get_cmd+0x3e7/0x760 [ 285.481950][ T9102] ? bpf_lsm_capable+0x9/0x10 [ 285.481981][ T9102] ? security_capable+0x80/0x260 [ 285.482031][ T9102] genl_rcv_msg+0x560/0x800 [ 285.482064][ T9102] ? __pfx_genl_rcv_msg+0x10/0x10 [ 285.482093][ T9102] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 285.482120][ T9102] ? __pfx_nl80211_reload_regdb+0x10/0x10 [ 285.482157][ T9102] ? __pfx_nl80211_post_doit+0x10/0x10 [ 285.482200][ T9102] netlink_rcv_skb+0x159/0x420 [ 285.482242][ T9102] ? __pfx_genl_rcv_msg+0x10/0x10 [ 285.482272][ T9102] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 285.482329][ T9102] ? netlink_deliver_tap+0x1ae/0xcc0 [ 285.482375][ T9102] genl_rcv+0x28/0x40 [ 285.482406][ T9102] netlink_unicast+0x585/0x850 [ 285.482454][ T9102] ? __pfx_netlink_unicast+0x10/0x10 [ 285.482508][ T9102] netlink_sendmsg+0x8b0/0xda0 [ 285.482557][ T9102] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.482596][ T9102] ? __import_iovec+0x1d2/0x640 [ 285.482631][ T9102] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 285.482681][ T9102] ____sys_sendmsg+0x9e1/0xb70 [ 285.482721][ T9102] ? __pfx_netlink_sendmsg+0x10/0x10 [ 285.482766][ T9102] ? __pfx_____sys_sendmsg+0x10/0x10 [ 285.482815][ T9102] ? __pfx_futex_wake_mark+0x10/0x10 [ 285.482859][ T9102] ___sys_sendmsg+0x190/0x1e0 [ 285.482905][ T9102] ? __pfx____sys_sendmsg+0x10/0x10 [ 285.482993][ T9102] __sys_sendmsg+0x170/0x220 [ 285.483029][ T9102] ? __pfx___sys_sendmsg+0x10/0x10 [ 285.483060][ T9102] ? __x64_sys_futex+0x34f/0x4d0 [ 285.483105][ T9102] ? rcu_is_watching+0x12/0xc0 [ 285.483145][ T9102] do_syscall_64+0x10b/0xf80 [ 285.483186][ T9102] ? clear_bhb_loop+0x40/0x90 [ 285.483221][ T9102] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.483250][ T9102] RIP: 0033:0x7fd1a4d9ce59 [ 285.483272][ T9102] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 285.483300][ T9102] RSP: 002b:00007fd1a5bd5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 285.483327][ T9102] RAX: ffffffffffffffda RBX: 00007fd1a5015fa0 RCX: 00007fd1a4d9ce59 [ 285.483347][ T9102] RDX: 0000000000008000 RSI: 0000200000000200 RDI: 0000000000000005 [ 285.483365][ T9102] RBP: 00007fd1a4e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 285.483382][ T9102] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 285.483406][ T9102] R13: 00007fd1a5016038 R14: 00007fd1a5015fa0 R15: 00007ffcf9611158 [ 285.483444][ T9102] [ 286.148244][ T4945] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 286.163720][ T4945] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 286.717025][ T9124] random: crng reseeded on system resumption [ 286.932050][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 286.939516][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 287.137827][ T9100] Process accounting resumed [ 287.263447][ T9132] FAULT_INJECTION: forcing a failure. [ 287.263447][ T9132] name fail_futex, interval 1, probability 0, space 0, times 0 [ 287.291231][ T9132] CPU: 1 UID: 0 PID: 9132 Comm: syz.4.670 Tainted: G L syzkaller #0 PREEMPT(full) [ 287.291274][ T9132] Tainted: [L]=SOFTLOCKUP [ 287.291285][ T9132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 287.291302][ T9132] Call Trace: [ 287.291311][ T9132] [ 287.291322][ T9132] dump_stack_lvl+0x100/0x190 [ 287.291357][ T9132] should_fail_ex.cold+0x5/0xa [ 287.291394][ T9132] get_futex_key+0x1d2/0x1510 [ 287.291427][ T9132] ? __pfx_get_futex_key+0x10/0x10 [ 287.291452][ T9132] ? futex_hash+0x2ad/0x370 [ 287.291481][ T9132] ? futex_hash+0x141/0x370 [ 287.291513][ T9132] futex_wake+0xea/0x530 [ 287.291549][ T9132] ? __pfx_futex_wait+0x10/0x10 [ 287.291586][ T9132] ? __pfx_futex_wake+0x10/0x10 [ 287.291634][ T9132] ? do_writev+0x214/0x340 [ 287.291673][ T9132] do_futex+0x32b/0x350 [ 287.291705][ T9132] ? __pfx_do_futex+0x10/0x10 [ 287.291740][ T9132] ? cap_task_prctl+0x104/0xa50 [ 287.291791][ T9132] __x64_sys_futex+0x34f/0x4d0 [ 287.291826][ T9132] ? __pfx___x64_sys_futex+0x10/0x10 [ 287.291860][ T9132] ? __pfx___do_sys_prctl+0x10/0x10 [ 287.291888][ T9132] ? arch_syscall_is_vdso_sigreturn+0xb6/0x200 [ 287.291932][ T9132] ? syscall_user_dispatch+0x76/0x130 [ 287.291969][ T9132] do_syscall_64+0x10b/0xf80 [ 287.292012][ T9132] ? clear_bhb_loop+0x40/0x90 [ 287.292047][ T9132] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 287.292077][ T9132] RIP: 0033:0x7ff4f0b9ce59 [ 287.292099][ T9132] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 287.292127][ T9132] RSP: 002b:00007ff4f1ad10e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 287.292154][ T9132] RAX: ffffffffffffffda RBX: 00007ff4f0e15fa8 RCX: 00007ff4f0b9ce59 [ 287.292173][ T9132] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff4f0e15fac [ 287.292191][ T9132] RBP: 00007ff4f0e15fa0 R08: 0000000000000001 R09: 0000000000000000 [ 287.292208][ T9132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 287.292225][ T9132] R13: 00007ff4f0e16038 R14: 00007fff23fb9a80 R15: 00007fff23fb9b68 [ 287.292263][ T9132] [ 287.753442][ T9135] bond0: option lp_interval: invalid value () [ 287.772394][ T9135] bond0: option lp_interval: allowed values 1 - 2147483647 [ 287.944710][ T9119] Process accounting resumed [ 288.065257][ T9143] random: crng reseeded on system resumption [ 289.000181][ T9170] netlink: 8 bytes leftover after parsing attributes in process `syz.4.680'. [ 289.307250][ T9180] netlink: 4 bytes leftover after parsing attributes in process `syz.1.690'. [ 289.357791][ T9180] netlink: 25 bytes leftover after parsing attributes in process `syz.1.690'. [ 289.501015][ T9184] random: crng reseeded on system resumption [ 289.528785][ T4945] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 289.537000][ T4945] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 290.187115][ T9179] Process accounting resumed [ 290.340458][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 290.348213][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 290.956044][ T9199] Process accounting resumed [ 291.215967][ T9231] random: crng reseeded on system resumption [ 291.665920][ T9223] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 292.277703][ T9242] can0: slcan on ttyS2. [ 292.679657][ T9241] can0 (unregistered): slcan off ttyS2. [ 293.672588][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 293.680036][ T4945] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 294.196702][ T9273] Process accounting resumed [ 296.096257][ T9341] FAULT_INJECTION: forcing a failure. [ 296.096257][ T9341] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 296.174448][ T9341] CPU: 1 UID: 0 PID: 9341 Comm: syz.0.718 Tainted: G L syzkaller #0 PREEMPT(full) [ 296.174487][ T9341] Tainted: [L]=SOFTLOCKUP [ 296.174496][ T9341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 296.174510][ T9341] Call Trace: [ 296.174518][ T9341] [ 296.174528][ T9341] dump_stack_lvl+0x100/0x190 [ 296.174562][ T9341] should_fail_ex.cold+0x5/0xa [ 296.174602][ T9341] _copy_from_user+0x2e/0xd0 [ 296.174632][ T9341] copy_msghdr_from_user+0x9f/0x4f0 [ 296.174672][ T9341] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 296.174727][ T9341] ___sys_sendmsg+0x106/0x1e0 [ 296.174768][ T9341] ? __pfx____sys_sendmsg+0x10/0x10 [ 296.174847][ T9341] __sys_sendmsg+0x170/0x220 [ 296.174879][ T9341] ? __pfx___sys_sendmsg+0x10/0x10 [ 296.174923][ T9341] ? rcu_is_watching+0x12/0xc0 [ 296.174959][ T9341] do_syscall_64+0x10b/0xf80 [ 296.174997][ T9341] ? clear_bhb_loop+0x40/0x90 [ 296.175028][ T9341] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 296.175055][ T9341] RIP: 0033:0x7fef9879ce59 [ 296.175076][ T9341] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 296.175102][ T9341] RSP: 002b:00007fef996de028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 296.175127][ T9341] RAX: ffffffffffffffda RBX: 00007fef98a15fa0 RCX: 00007fef9879ce59 [ 296.175145][ T9341] RDX: 0000000000008800 RSI: 00002000000000c0 RDI: 0000000000000003 [ 296.175160][ T9341] RBP: 00007fef996de090 R08: 0000000000000000 R09: 0000000000000000 [ 296.175174][ T9341] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 296.175187][ T9341] R13: 00007fef98a16038 R14: 00007fef98a15fa0 R15: 00007fff1d1f7ec8 [ 296.175214][ T9341] [ 296.958255][ T9361] can0: slcan on ttyS2. [ 297.159082][ T9360] can0 (unregistered): slcan off ttyS2. [ 297.215772][ T9356] netlink: 186 bytes leftover after parsing attributes in process `syz.0.722'. [ 297.259043][ T9356] netlink: 186 bytes leftover after parsing attributes in process `syz.0.722'. [ 297.514431][ T9372] zswap: compressor not available [ 298.300991][ T30] audit: type=1800 audit(4294967426.535:2): pid=9395 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.727" name="file0" dev="tmpfs" ino=1025 res=0 errno=0 [ 299.275393][ T4945] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 299.283219][ T4945] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 299.950175][ T9430] Process accounting resumed [ 301.415077][ T9483] random: crng reseeded on system resumption [ 302.115341][ T9457] blktrace: Concurrent blktraces are not allowed on sda1 [ 302.629563][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 302.637024][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 303.201383][ T9490] Process accounting resumed [ 305.220058][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 305.228383][ T4945] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 305.637127][ T9544] Process accounting resumed [ 306.015950][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 306.023454][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 306.693182][ T30] audit: type=1800 audit(4294967434.930:3): pid=9560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.761" name="file0" dev="tmpfs" ino=488 res=0 errno=0 [ 307.317938][ T9543] blktrace: Concurrent blktraces are not allowed on sda1 [ 307.662253][ T9564] Process accounting resumed [ 311.115317][ T9619] blktrace: Concurrent blktraces are not allowed on sda1 [ 311.216196][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 311.223708][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 311.620665][ T30] audit: type=1800 audit(4294967439.848:4): pid=9623 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.776" name="file0" dev="tmpfs" ino=1009 res=0 errno=0 [ 312.215565][ T9625] Process accounting resumed [ 312.325335][ T9641] random: crng reseeded on system resumption [ 312.680610][ T9648] zswap: compressor not available [ 313.129010][ T9661] netlink: 342 bytes leftover after parsing attributes in process `syz.1.785'. [ 313.279121][ T9664] FAULT_INJECTION: forcing a failure. [ 313.279121][ T9664] name failslab, interval 1, probability 0, space 0, times 0 [ 313.324096][ T9664] CPU: 1 UID: 0 PID: 9664 Comm: syz.3.786 Tainted: G L syzkaller #0 PREEMPT(full) [ 313.324147][ T9664] Tainted: [L]=SOFTLOCKUP [ 313.324157][ T9664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 313.324174][ T9664] Call Trace: [ 313.324183][ T9664] [ 313.324193][ T9664] dump_stack_lvl+0x100/0x190 [ 313.324228][ T9664] should_fail_ex.cold+0x5/0xa [ 313.324265][ T9664] should_failslab+0xc2/0x120 [ 313.324300][ T9664] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 313.324346][ T9664] ? seq_open+0x55/0x170 [ 313.324379][ T9664] seq_open+0x55/0x170 [ 313.324406][ T9664] __seq_open_private+0x3e/0xd0 [ 313.324438][ T9664] seq_open_net+0x1ab/0x2a0 [ 313.324477][ T9664] ? __pfx_seq_open_net+0x10/0x10 [ 313.324518][ T9664] proc_reg_open+0x2ab/0x5f0 [ 313.324555][ T9664] do_dentry_open+0x6d8/0x1660 [ 313.324589][ T9664] ? __pfx_proc_reg_open+0x10/0x10 [ 313.324632][ T9664] vfs_open+0x82/0x3f0 [ 313.324678][ T9664] path_openat+0x208c/0x31a0 [ 313.324727][ T9664] ? __pfx_path_openat+0x10/0x10 [ 313.324777][ T9664] do_file_open+0x20e/0x430 [ 313.324814][ T9664] ? __pfx_do_file_open+0x10/0x10 [ 313.324860][ T9664] ? __pfx_kfree_link+0x10/0x10 [ 313.324898][ T9664] ? alloc_fd+0x476/0x790 [ 313.324935][ T9664] ? do_getname+0x191/0x390 [ 313.324979][ T9664] do_sys_openat2+0x10d/0x1e0 [ 313.325022][ T9664] ? __pfx_do_sys_openat2+0x10/0x10 [ 313.325067][ T9664] ? __fget_files+0x21f/0x3d0 [ 313.325114][ T9664] __x64_sys_openat+0x12d/0x210 [ 313.325158][ T9664] ? __pfx___x64_sys_openat+0x10/0x10 [ 313.325213][ T9664] ? rcu_is_watching+0x12/0xc0 [ 313.325252][ T9664] do_syscall_64+0x10b/0xf80 [ 313.325297][ T9664] ? clear_bhb_loop+0x40/0x90 [ 313.325332][ T9664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 313.325361][ T9664] RIP: 0033:0x7fad8879ce59 [ 313.325384][ T9664] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 313.325411][ T9664] RSP: 002b:00007fad89590028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 313.325437][ T9664] RAX: ffffffffffffffda RBX: 00007fad88a15fa0 RCX: 00007fad8879ce59 [ 313.325456][ T9664] RDX: 0000000000000800 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 313.325475][ T9664] RBP: 00007fad88832d6f R08: 0000000000000000 R09: 0000000000000000 [ 313.325492][ T9664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 313.325509][ T9664] R13: 00007fad88a16038 R14: 00007fad88a15fa0 R15: 00007ffdb4f86898 [ 313.325547][ T9664] [ 313.874428][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 313.882861][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 314.228972][ T4945] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 314.236997][ T4945] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 314.703515][ T9667] Process accounting resumed [ 314.744260][ T9685] random: crng reseeded on system resumption [ 315.191353][ T9706] random: crng reseeded on system resumption [ 315.482503][ T9679] Process accounting resumed [ 315.583236][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 315.590841][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 316.769965][ T9708] Process accounting resumed [ 317.207793][ T1314] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.214262][ T1314] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.222906][ T9751] FAULT_INJECTION: forcing a failure. [ 317.222906][ T9751] name failslab, interval 1, probability 0, space 0, times 0 [ 317.237696][ T9751] CPU: 1 UID: 0 PID: 9751 Comm: syz.1.805 Tainted: G L syzkaller #0 PREEMPT(full) [ 317.237719][ T9751] Tainted: [L]=SOFTLOCKUP [ 317.237724][ T9751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 317.237733][ T9751] Call Trace: [ 317.237738][ T9751] [ 317.237743][ T9751] dump_stack_lvl+0x100/0x190 [ 317.237763][ T9751] should_fail_ex.cold+0x5/0xa [ 317.237782][ T9751] ? tomoyo_encode2+0xfb/0x3c0 [ 317.237800][ T9751] should_failslab+0xc2/0x120 [ 317.237818][ T9751] __kmalloc_noprof+0xe0/0x850 [ 317.237830][ T9751] ? d_absolute_path+0x136/0x1b0 [ 317.237851][ T9751] tomoyo_encode2+0xfb/0x3c0 [ 317.237872][ T9751] tomoyo_encode+0x29/0x50 [ 317.237889][ T9751] tomoyo_realpath_from_path+0x18c/0x690 [ 317.237913][ T9751] tomoyo_check_open_permission+0x2af/0x3c0 [ 317.237930][ T9751] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 317.237953][ T9751] ? hook_file_open+0x24e/0x7a0 [ 317.237983][ T9751] ? path_get+0x61/0x80 [ 317.238005][ T9751] tomoyo_file_open+0x6b/0x90 [ 317.238027][ T9751] security_file_open+0xb5/0x1e0 [ 317.238045][ T9751] do_dentry_open+0x5aa/0x1660 [ 317.238064][ T9751] ? security_inode_permission+0xbf/0x250 [ 317.238083][ T9751] vfs_open+0x82/0x3f0 [ 317.238113][ T9751] path_openat+0x208c/0x31a0 [ 317.238138][ T9751] ? __pfx_path_openat+0x10/0x10 [ 317.238163][ T9751] do_file_open+0x20e/0x430 [ 317.238182][ T9751] ? __pfx_do_file_open+0x10/0x10 [ 317.238213][ T9751] ? alloc_fd+0x476/0x790 [ 317.238233][ T9751] ? do_getname+0x191/0x390 [ 317.238256][ T9751] do_sys_openat2+0x10d/0x1e0 [ 317.238277][ T9751] ? __pfx_do_sys_openat2+0x10/0x10 [ 317.238300][ T9751] ? __sys_connect+0xe4/0x170 [ 317.238320][ T9751] __x64_sys_openat+0x12d/0x210 [ 317.238343][ T9751] ? __pfx___x64_sys_openat+0x10/0x10 [ 317.238364][ T9751] ? ksys_write+0x1ac/0x250 [ 317.238386][ T9751] ? rcu_is_watching+0x12/0xc0 [ 317.238406][ T9751] do_syscall_64+0x10b/0xf80 [ 317.238429][ T9751] ? clear_bhb_loop+0x40/0x90 [ 317.238447][ T9751] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 317.238462][ T9751] RIP: 0033:0x7fd1a4d9ce59 [ 317.238474][ T9751] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 317.238488][ T9751] RSP: 002b:00007fd1a5bd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 317.238504][ T9751] RAX: ffffffffffffffda RBX: 00007fd1a5015fa0 RCX: 00007fd1a4d9ce59 [ 317.238521][ T9751] RDX: 0000000000080001 RSI: 0000200000000000 RDI: ffffffffffffff9c [ 317.238538][ T9751] RBP: 00007fd1a4e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 317.238549][ T9751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 317.238558][ T9751] R13: 00007fd1a5016038 R14: 00007fd1a5015fa0 R15: 00007ffcf9611158 [ 317.238577][ T9751] [ 317.238605][ T9751] ERROR: Out of memory at tomoyo_realpath_from_path. [ 317.995227][ T9752] FAULT_INJECTION: forcing a failure. [ 317.995227][ T9752] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 318.022780][ T9752] CPU: 0 UID: 0 PID: 9752 Comm: syz.3.804 Tainted: G L syzkaller #0 PREEMPT(full) [ 318.022823][ T9752] Tainted: [L]=SOFTLOCKUP [ 318.022832][ T9752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 318.022846][ T9752] Call Trace: [ 318.022854][ T9752] [ 318.022863][ T9752] dump_stack_lvl+0x100/0x190 [ 318.022895][ T9752] should_fail_ex.cold+0x5/0xa [ 318.022930][ T9752] core_sys_select+0x5d1/0xbb0 [ 318.022967][ T9752] ? __pfx_core_sys_select+0x10/0x10 [ 318.022996][ T9752] ? get_pid_task+0xfc/0x250 [ 318.023037][ T9752] ? get_pid_task+0x106/0x250 [ 318.023080][ T9752] ? __mutex_unlock_slowpath+0x15d/0x8a0 [ 318.023095][ T9752] ? kernel_write+0x5e3/0x6c0 [ 318.023111][ T9752] ? __fget_files+0x215/0x3d0 [ 318.023128][ T9752] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 318.023145][ T9752] kern_select+0x1d0/0x280 [ 318.023164][ T9752] ? __pfx_kern_select+0x10/0x10 [ 318.023183][ T9752] ? __pfx_ksys_write+0x10/0x10 [ 318.023202][ T9752] __x64_sys_select+0xbd/0x160 [ 318.023218][ T9752] ? do_syscall_64+0x90/0xf80 [ 318.023240][ T9752] ? lockdep_hardirqs_on+0x78/0x100 [ 318.023262][ T9752] do_syscall_64+0x10b/0xf80 [ 318.023283][ T9752] ? clear_bhb_loop+0x40/0x90 [ 318.023301][ T9752] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.023316][ T9752] RIP: 0033:0x7fad8879ce59 [ 318.023328][ T9752] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 318.023342][ T9752] RSP: 002b:00007fad8956f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 318.023357][ T9752] RAX: ffffffffffffffda RBX: 00007fad88a16090 RCX: 00007fad8879ce59 [ 318.023366][ T9752] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000e [ 318.023374][ T9752] RBP: 00007fad8956f090 R08: 0000000000000000 R09: 0000000000000000 [ 318.023383][ T9752] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 318.023392][ T9752] R13: 00007fad88a16128 R14: 00007fad88a16090 R15: 00007ffdb4f86898 [ 318.023410][ T9752] [ 318.587231][ T9777] random: crng reseeded on system resumption [ 318.665784][ T9773] netlink: 28 bytes leftover after parsing attributes in process `syz.4.808'. [ 318.720918][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 318.728551][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 318.773943][ T9773] batadv0: entered promiscuous mode [ 318.797765][ T9773] netlink: 28 bytes leftover after parsing attributes in process `syz.4.808'. [ 319.203680][ T9780] Process accounting resumed [ 319.734899][ T9802] random: crng reseeded on system resumption [ 320.803431][ T9830] vhci_hcd vhci_hcd.2: vhci_device speed not set [ 321.068268][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 321.075836][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 321.706729][ T9829] Process accounting resumed [ 323.466115][ T9879] random: crng reseeded on system resumption [ 323.796810][ T9888] bond0: option arp_interval: invalid value () [ 323.806018][ T9888] bond0: option arp_interval: allowed values 0 - 2147483647 [ 324.117542][ T9894] netlink: 186 bytes leftover after parsing attributes in process `syz.1.836'. [ 324.361221][ T9900] random: crng reseeded on system resumption [ 325.484519][ T9920] FAULT_INJECTION: forcing a failure. [ 325.484519][ T9920] name failslab, interval 1, probability 0, space 0, times 0 [ 325.508145][ T9920] CPU: 0 UID: 0 PID: 9920 Comm: syz.1.843 Tainted: G L syzkaller #0 PREEMPT(full) [ 325.508187][ T9920] Tainted: [L]=SOFTLOCKUP [ 325.508196][ T9920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 325.508212][ T9920] Call Trace: [ 325.508221][ T9920] [ 325.508230][ T9920] dump_stack_lvl+0x100/0x190 [ 325.508265][ T9920] should_fail_ex.cold+0x5/0xa [ 325.508302][ T9920] ? kernfs_fop_write_iter+0x26a/0x5f0 [ 325.508339][ T9920] should_failslab+0xc2/0x120 [ 325.508370][ T9920] __kmalloc_noprof+0xe0/0x850 [ 325.508395][ T9920] ? __pfx_aa_file_perm+0x10/0x10 [ 325.508436][ T9920] kernfs_fop_write_iter+0x26a/0x5f0 [ 325.508479][ T9920] do_iter_readv_writev+0x6ee/0x920 [ 325.508511][ T9920] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 325.508558][ T9920] vfs_writev+0x360/0xe10 [ 325.508596][ T9920] ? __pfx_vfs_writev+0x10/0x10 [ 325.508624][ T9920] ? find_held_lock+0x2b/0x80 [ 325.508684][ T9920] ? __fget_files+0x21f/0x3d0 [ 325.508725][ T9920] ? do_pwritev+0x1ac/0x270 [ 325.508751][ T9920] do_pwritev+0x1ac/0x270 [ 325.508782][ T9920] ? __pfx_do_pwritev+0x10/0x10 [ 325.508811][ T9920] ? ksys_write+0x1ac/0x250 [ 325.508841][ T9920] ? __pfx_ksys_write+0x10/0x10 [ 325.508878][ T9920] __x64_sys_pwritev2+0xef/0x160 [ 325.508915][ T9920] do_syscall_64+0x10b/0xf80 [ 325.508954][ T9920] ? clear_bhb_loop+0x40/0x90 [ 325.508988][ T9920] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 325.509016][ T9920] RIP: 0033:0x7fd1a4d9ce59 [ 325.509038][ T9920] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 325.509064][ T9920] RSP: 002b:00007fd1a5bd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 325.509090][ T9920] RAX: ffffffffffffffda RBX: 00007fd1a5015fa0 RCX: 00007fd1a4d9ce59 [ 325.509115][ T9920] RDX: 0000000000000004 RSI: 0000200000001080 RDI: 0000000000000003 [ 325.509131][ T9920] RBP: 00007fd1a5bd5090 R08: 00000000000007ce R09: 0000000000000002 [ 325.509148][ T9920] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 325.509163][ T9920] R13: 00007fd1a5016038 R14: 00007fd1a5015fa0 R15: 00007ffcf9611158 [ 325.509201][ T9920] [ 325.824555][ T9923] bond0: option arp_interval: invalid value (0WO_XhT0X>?@k$w{/,%vrCgk<_ߪp[}2\Y$vBw0=41;eGhóe1Ĉm) [ 325.894509][ T9919] random: crng reseeded on system resumption [ 325.905023][ T9923] bond0: option arp_interval: allowed values 0 - 2147483647 [ 326.433091][ T9947] openvswitch: netlink: Key 18 has unexpected len 16 expected 2 [ 326.647635][ T9942] netlink: 186 bytes leftover after parsing attributes in process `syz.1.848'. [ 326.667700][ T9942] netlink: 186 bytes leftover after parsing attributes in process `syz.1.848'. [ 327.005814][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 327.013462][ T4945] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 327.225792][ T9960] random: crng reseeded on system resumption [ 327.472778][ T9956] Process accounting resumed [ 327.875930][ T9967] netlink: 28 bytes leftover after parsing attributes in process `syz.0.852'. [ 327.980921][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 327.989551][ T4945] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 328.041468][ T9967] batadv0: entered promiscuous mode [ 328.056732][ T9967] netlink: 28 bytes leftover after parsing attributes in process `syz.0.852'. [ 329.432848][ T9991] netlink: 8 bytes leftover after parsing attributes in process `syz.0.857'. [ 329.570058][ T9974] Process accounting resumed [ 330.141733][T10008] Process accounting paused [ 330.444971][ T4945] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 330.452451][ T4945] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 330.675393][T10020] random: crng reseeded on system resumption [ 330.938924][T10013] Process accounting resumed [ 331.618635][T10046] random: crng reseeded on system resumption [ 333.932380][T10073] openvswitch: netlink: Key 18 has unexpected len 16 expected 2 [ 334.276267][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 334.283732][ T5641] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 334.463776][T10084] random: crng reseeded on system resumption [ 334.658328][ T5641] Bluetooth: hci4: command 0x0406 tx timeout [ 334.803587][T10077] Process accounting resumed [ 335.387144][T10096] netlink: 186 bytes leftover after parsing attributes in process `syz.3.877'. [ 335.498380][T10104] netlink: 186 bytes leftover after parsing attributes in process `syz.3.877'. [ 335.634170][ T4945] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 335.642136][ T4945] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 335.767474][T10102] hub 1-0:1.0: USB hub found [ 335.818526][T10102] hub 1-0:1.0: 1 port detected [ 336.029498][T10113] random: crng reseeded on system resumption [ 337.110292][T10129] FAULT_INJECTION: forcing a failure. [ 337.110292][T10129] name failslab, interval 1, probability 0, space 0, times 0 [ 337.159265][T10129] CPU: 0 UID: 0 PID: 10129 Comm: syz.1.882 Tainted: G L syzkaller #0 PREEMPT(full) [ 337.159311][T10129] Tainted: [L]=SOFTLOCKUP [ 337.159322][T10129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 337.159339][T10129] Call Trace: [ 337.159347][T10129] [ 337.159358][T10129] dump_stack_lvl+0x100/0x190 [ 337.159395][T10129] should_fail_ex.cold+0x5/0xa [ 337.159435][T10129] should_failslab+0xc2/0x120 [ 337.159469][T10129] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 337.159517][T10129] ? __d_alloc+0x34/0xa40 [ 337.159560][T10129] __d_alloc+0x34/0xa40 [ 337.159602][T10129] d_alloc_parallel+0x111/0x14e0 [ 337.159648][T10129] ? find_held_lock+0x2b/0x80 [ 337.159686][T10129] ? __d_lookup+0x25c/0x4a0 [ 337.159713][T10129] ? __pfx_d_alloc_parallel+0x10/0x10 [ 337.159745][T10129] ? __d_lookup+0x266/0x4a0 [ 337.159778][T10129] lookup_open.isra.0+0x57c/0x11b0 [ 337.159816][T10129] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 337.159850][T10129] ? __pfx___might_resched+0x10/0x10 [ 337.159883][T10129] ? mnt_get_write_access+0x52/0x2f0 [ 337.159937][T10129] ? __pfx_down_write+0x10/0x10 [ 337.159966][T10129] ? mnt_get_write_access+0x1e9/0x2f0 [ 337.160016][T10129] path_openat+0x2291/0x31a0 [ 337.160068][T10129] ? __pfx_path_openat+0x10/0x10 [ 337.160119][T10129] do_file_open+0x20e/0x430 [ 337.160168][T10129] ? __pfx_do_file_open+0x10/0x10 [ 337.160232][T10129] ? alloc_fd+0x476/0x790 [ 337.160272][T10129] ? do_getname+0x191/0x390 [ 337.160317][T10129] do_sys_openat2+0x10d/0x1e0 [ 337.160361][T10129] ? __pfx_do_sys_openat2+0x10/0x10 [ 337.160416][T10129] __x64_sys_openat+0x12d/0x210 [ 337.160461][T10129] ? __pfx___x64_sys_openat+0x10/0x10 [ 337.160503][T10129] ? ksys_write+0x1ac/0x250 [ 337.160541][T10129] ? rcu_is_watching+0x12/0xc0 [ 337.160581][T10129] do_syscall_64+0x10b/0xf80 [ 337.160623][T10129] ? clear_bhb_loop+0x40/0x90 [ 337.160658][T10129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 337.160687][T10129] RIP: 0033:0x7fd1a4d9ce59 [ 337.160711][T10129] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 337.160738][T10129] RSP: 002b:00007fd1a5bb4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 337.160765][T10129] RAX: ffffffffffffffda RBX: 00007fd1a5016090 RCX: 00007fd1a4d9ce59 [ 337.160785][T10129] RDX: 0000000000000040 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 337.160803][T10129] RBP: 00007fd1a4e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 337.160820][T10129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 337.160837][T10129] R13: 00007fd1a5016128 R14: 00007fd1a5016090 R15: 00007ffcf9611158 [ 337.160875][T10129] [ 338.174165][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 338.181768][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 338.311086][T10107] Process accounting resumed [ 338.521749][T10142] random: crng reseeded on system resumption [ 338.911094][T10137] Process accounting resumed [ 339.856743][T10161] netlink: 28 bytes leftover after parsing attributes in process `syz.3.890'. [ 340.020007][T10166] netlink: 186 bytes leftover after parsing attributes in process `syz.1.889'. [ 340.098003][T10166] netlink: 186 bytes leftover after parsing attributes in process `syz.1.889'. [ 340.688529][T10185] random: crng reseeded on system resumption [ 340.774295][ T30] audit: type=1800 audit(4294967468.993:5): pid=10185 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.894" name="lu_gp_id" dev="configfs" ino=35258 res=0 errno=0 [ 341.268133][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 341.277257][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 341.289894][T10197] FAULT_INJECTION: forcing a failure. [ 341.289894][T10197] name failslab, interval 1, probability 0, space 0, times 0 [ 341.333896][T10197] CPU: 1 UID: 0 PID: 10197 Comm: syz.0.898 Tainted: G L syzkaller #0 PREEMPT(full) [ 341.333944][T10197] Tainted: [L]=SOFTLOCKUP [ 341.333955][T10197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 341.333973][T10197] Call Trace: [ 341.333982][T10197] [ 341.333993][T10197] dump_stack_lvl+0x100/0x190 [ 341.334030][T10197] should_fail_ex.cold+0x5/0xa [ 341.334068][T10197] should_failslab+0xc2/0x120 [ 341.334103][T10197] __kmalloc_node_track_caller_noprof+0xe3/0x850 [ 341.334135][T10197] ? kstrdup_const+0x63/0x80 [ 341.334180][T10197] kstrdup+0x51/0xe0 [ 341.334211][T10197] kstrdup_const+0x63/0x80 [ 341.334242][T10197] alloc_vfsmnt+0xe5/0x6a0 [ 341.334294][T10197] clone_mnt+0x4b/0x930 [ 341.334328][T10197] copy_mnt_ns+0x8a1/0x1180 [ 341.334376][T10197] ? __pfx_copy_mnt_ns+0x10/0x10 [ 341.334421][T10197] ? kmem_cache_alloc_noprof+0x292/0x6e0 [ 341.334465][T10197] ? create_new_namespaces+0x30/0xac0 [ 341.334501][T10197] ? rcu_is_watching+0x12/0xc0 [ 341.334541][T10197] create_new_namespaces+0xd3/0xac0 [ 341.334577][T10197] ? bpf_lsm_capable+0x9/0x10 [ 341.334608][T10197] ? security_capable+0x80/0x260 [ 341.334654][T10197] unshare_nsproxy_namespaces+0xf2/0x220 [ 341.334692][T10197] ksys_unshare+0x438/0xab0 [ 341.334735][T10197] ? __pfx_ksys_unshare+0x10/0x10 [ 341.334774][T10197] ? xfd_validate_state+0x129/0x190 [ 341.334802][T10197] ? ksys_write+0x1ac/0x250 [ 341.334848][T10197] __x64_sys_unshare+0x31/0x40 [ 341.334889][T10197] do_syscall_64+0x10b/0xf80 [ 341.334932][T10197] ? clear_bhb_loop+0x40/0x90 [ 341.334967][T10197] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.334996][T10197] RIP: 0033:0x7fef9879ce59 [ 341.335019][T10197] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 341.335048][T10197] RSP: 002b:00007fef996de028 EFLAGS: 00000246 ORIG_RAX: 0000000000000110 [ 341.335076][T10197] RAX: ffffffffffffffda RBX: 00007fef98a15fa0 RCX: 00007fef9879ce59 [ 341.335096][T10197] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000008100000 [ 341.335114][T10197] RBP: 00007fef98832d6f R08: 0000000000000000 R09: 0000000000000000 [ 341.335131][T10197] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 341.335155][T10197] R13: 00007fef98a16038 R14: 00007fef98a15fa0 R15: 00007fff1d1f7ec8 [ 341.335193][T10197] [ 341.581120][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 341.589207][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 341.975934][T10187] Process accounting resumed [ 342.055513][T10193] Process accounting resumed [ 342.302540][T10215] futex_wake_op: syz.0.901 tries to shift op by -2048; fix this program [ 342.453447][T10219] random: crng reseeded on system resumption [ 342.709525][T10228] random: crng reseeded on system resumption [ 342.765423][ T30] audit: type=1800 audit(4294967470.982:6): pid=10228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.906" name="lu_gp_id" dev="configfs" ino=35465 res=0 errno=0 [ 345.001972][T10262] random: crng reseeded on system resumption [ 345.085781][ T4945] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 345.093324][ T4945] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 345.171216][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 345.179084][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 345.353337][T10250] Process accounting resumed [ 345.655809][T10275] futex_wake_op: syz.1.915 tries to shift op by -2048; fix this program [ 345.696597][T10275] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 345.766688][T10277] hub 1-0:1.0: USB hub found [ 345.809200][T10277] hub 1-0:1.0: 1 port detected [ 346.153350][T10283] bond0: option packets_per_slave: invalid value () [ 346.163124][T10283] bond0: option packets_per_slave: allowed values 0 - 65535 [ 346.356646][T10253] Process accounting resumed [ 347.198706][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 347.206250][ T5641] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 347.558105][T10306] Process accounting resumed [ 348.186784][T10333] FAULT_INJECTION: forcing a failure. [ 348.186784][T10333] name failslab, interval 1, probability 0, space 0, times 0 [ 348.261645][T10333] CPU: 1 UID: 0 PID: 10333 Comm: syz.0.928 Tainted: G L syzkaller #0 PREEMPT(full) [ 348.261695][T10333] Tainted: [L]=SOFTLOCKUP [ 348.261706][T10333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 348.261727][T10333] Call Trace: [ 348.261737][T10333] [ 348.261749][T10333] dump_stack_lvl+0x100/0x190 [ 348.261794][T10333] should_fail_ex.cold+0x5/0xa [ 348.261835][T10333] should_failslab+0xc2/0x120 [ 348.261872][T10333] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 348.261925][T10333] ? __d_alloc+0x34/0xa40 [ 348.261977][T10333] __d_alloc+0x34/0xa40 [ 348.262022][T10333] d_alloc_parallel+0x111/0x14e0 [ 348.262067][T10333] ? find_held_lock+0x2b/0x80 [ 348.262108][T10333] ? __d_lookup+0x25c/0x4a0 [ 348.262138][T10333] ? __pfx_d_alloc_parallel+0x10/0x10 [ 348.262176][T10333] ? __d_lookup+0x266/0x4a0 [ 348.262217][T10333] lookup_open.isra.0+0x57c/0x11b0 [ 348.262260][T10333] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 348.262311][T10333] ? __pfx___might_resched+0x10/0x10 [ 348.262349][T10333] ? mnt_get_write_access+0x52/0x2f0 [ 348.262408][T10333] ? __pfx_down_write+0x10/0x10 [ 348.262440][T10333] ? mnt_get_write_access+0x1e9/0x2f0 [ 348.262496][T10333] path_openat+0x2291/0x31a0 [ 348.262551][T10333] ? __pfx_path_openat+0x10/0x10 [ 348.262607][T10333] do_file_open+0x20e/0x430 [ 348.262652][T10333] ? __pfx_do_file_open+0x10/0x10 [ 348.262722][T10333] ? alloc_fd+0x476/0x790 [ 348.262765][T10333] ? do_getname+0x191/0x390 [ 348.262816][T10333] do_sys_openat2+0x10d/0x1e0 [ 348.262867][T10333] ? __pfx_do_sys_openat2+0x10/0x10 [ 348.262929][T10333] __x64_sys_openat+0x12d/0x210 [ 348.262980][T10333] ? __pfx___x64_sys_openat+0x10/0x10 [ 348.263034][T10333] ? ksys_write+0x1ac/0x250 [ 348.263076][T10333] ? rcu_is_watching+0x12/0xc0 [ 348.263121][T10333] do_syscall_64+0x10b/0xf80 [ 348.263168][T10333] ? clear_bhb_loop+0x40/0x90 [ 348.263209][T10333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 348.263243][T10333] RIP: 0033:0x7fef9879ce59 [ 348.263276][T10333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 348.263309][T10333] RSP: 002b:00007fef996bd028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 348.263340][T10333] RAX: ffffffffffffffda RBX: 00007fef98a16090 RCX: 00007fef9879ce59 [ 348.263361][T10333] RDX: 0000000000000040 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 348.263384][T10333] RBP: 00007fef98832d6f R08: 0000000000000000 R09: 0000000000000000 [ 348.263403][T10333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 348.263423][T10333] R13: 00007fef98a16128 R14: 00007fef98a16090 R15: 00007fff1d1f7ec8 [ 348.263467][T10333] [ 348.562052][T10339] sysfs_service_op_store: Client not running :-5: [ 348.668043][T10341] zswap: compressor not available [ 349.479160][T10365] futex_wake_op: syz.4.934 tries to shift op by -1; fix this program [ 349.677026][T10363] bonding: unable to delete non-existent ) [ 350.206650][T10389] binder: 10388:10389 ioctl c0306201 0 returned -14 [ 350.214315][T10387] ubi0: attaching mtd0 [ 350.251877][T10387] ubi0: scanning is finished [ 350.547104][T10396] futex_wake_op: syz.3.940 tries to shift op by -2048; fix this program [ 350.576518][T10396] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 350.665973][T10387] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 350.685132][T10387] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 350.701133][T10387] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 350.714572][T10387] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 350.728701][T10387] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 350.798709][T10387] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 350.811459][T10387] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 3413360672 [ 350.917048][T10387] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 350.955923][T10390] ubi0: detaching mtd0 [ 350.961637][T10402] ubi0: background thread "ubi_bgt0d" started, PID 10402 [ 351.015760][T10390] ubi0: mtd0 is detached [ 351.103881][T10409] queue_state_write: operation too long [ 351.153920][T10409] queue_state_write: use 'run', 'start' or 'kick' [ 351.289794][T10409] can: request_module (can-proto-0) failed. [ 351.877783][T10401] netlink: 'syz.1.942': attribute type 11 has an invalid length. [ 352.482363][T10428] FAULT_INJECTION: forcing a failure. [ 352.482363][T10428] name failslab, interval 1, probability 0, space 0, times 0 [ 352.496993][T10428] CPU: 0 UID: 0 PID: 10428 Comm: syz.3.945 Tainted: G L syzkaller #0 PREEMPT(full) [ 352.497034][T10428] Tainted: [L]=SOFTLOCKUP [ 352.497044][T10428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 352.497060][T10428] Call Trace: [ 352.497068][T10428] [ 352.497079][T10428] dump_stack_lvl+0x100/0x190 [ 352.497114][T10428] should_fail_ex.cold+0x5/0xa [ 352.497159][T10428] should_failslab+0xc2/0x120 [ 352.497193][T10428] kmem_cache_alloc_lru_noprof+0x80/0x6e0 [ 352.497239][T10428] ? __d_alloc+0x34/0xa40 [ 352.497281][T10428] __d_alloc+0x34/0xa40 [ 352.497319][T10428] d_alloc_parallel+0x111/0x14e0 [ 352.497357][T10428] ? find_held_lock+0x2b/0x80 [ 352.497393][T10428] ? __d_lookup+0x25c/0x4a0 [ 352.497420][T10428] ? __pfx_d_alloc_parallel+0x10/0x10 [ 352.497451][T10428] ? __d_lookup+0x266/0x4a0 [ 352.497486][T10428] lookup_open.isra.0+0x57c/0x11b0 [ 352.497523][T10428] ? __pfx_lookup_open.isra.0+0x10/0x10 [ 352.497559][T10428] ? __pfx___might_resched+0x10/0x10 [ 352.497591][T10428] ? mnt_get_write_access+0x52/0x2f0 [ 352.497641][T10428] ? __pfx_down_write+0x10/0x10 [ 352.497670][T10428] ? mnt_get_write_access+0x1e9/0x2f0 [ 352.497719][T10428] path_openat+0x2291/0x31a0 [ 352.497767][T10428] ? __pfx_path_openat+0x10/0x10 [ 352.497815][T10428] do_file_open+0x20e/0x430 [ 352.497854][T10428] ? __pfx_do_file_open+0x10/0x10 [ 352.497915][T10428] ? alloc_fd+0x476/0x790 [ 352.497953][T10428] ? do_getname+0x191/0x390 [ 352.497993][T10428] do_sys_openat2+0x10d/0x1e0 [ 352.498033][T10428] ? __pfx_do_sys_openat2+0x10/0x10 [ 352.498091][T10428] __x64_sys_openat+0x12d/0x210 [ 352.498142][T10428] ? __pfx___x64_sys_openat+0x10/0x10 [ 352.498184][T10428] ? ksys_write+0x1ac/0x250 [ 352.498221][T10428] ? rcu_is_watching+0x12/0xc0 [ 352.498261][T10428] do_syscall_64+0x10b/0xf80 [ 352.498302][T10428] ? clear_bhb_loop+0x40/0x90 [ 352.498336][T10428] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.498366][T10428] RIP: 0033:0x7fad8879ce59 [ 352.498389][T10428] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 352.498417][T10428] RSP: 002b:00007fad8956f028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 352.498444][T10428] RAX: ffffffffffffffda RBX: 00007fad88a16090 RCX: 00007fad8879ce59 [ 352.498462][T10428] RDX: 0000000000000040 RSI: 0000200000000040 RDI: ffffffffffffff9c [ 352.498480][T10428] RBP: 00007fad88832d6f R08: 0000000000000000 R09: 0000000000000000 [ 352.498497][T10428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 352.498513][T10428] R13: 00007fad88a16128 R14: 00007fad88a16090 R15: 00007ffdb4f86898 [ 352.498553][T10428] [ 353.113989][T10437] FAULT_INJECTION: forcing a failure. [ 353.113989][T10437] name failslab, interval 1, probability 0, space 0, times 0 [ 353.127362][T10437] CPU: 1 UID: 0 PID: 10437 Comm: syz.4.950 Tainted: G L syzkaller #0 PREEMPT(full) [ 353.127407][T10437] Tainted: [L]=SOFTLOCKUP [ 353.127416][T10437] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 353.127433][T10437] Call Trace: [ 353.127443][T10437] [ 353.127454][T10437] dump_stack_lvl+0x100/0x190 [ 353.127490][T10437] should_fail_ex.cold+0x5/0xa [ 353.127525][T10437] should_failslab+0xc2/0x120 [ 353.127562][T10437] kmem_cache_alloc_noprof+0x7b/0x6e0 [ 353.127606][T10437] ? seq_open+0x55/0x170 [ 353.127640][T10437] seq_open+0x55/0x170 [ 353.127665][T10437] __seq_open_private+0x3e/0xd0 [ 353.127695][T10437] seq_open_net+0x1ab/0x2a0 [ 353.127733][T10437] ? __pfx_seq_open_net+0x10/0x10 [ 353.127774][T10437] proc_reg_open+0x2ab/0x5f0 [ 353.127812][T10437] do_dentry_open+0x6d8/0x1660 [ 353.127844][T10437] ? __pfx_proc_reg_open+0x10/0x10 [ 353.127887][T10437] vfs_open+0x82/0x3f0 [ 353.127936][T10437] path_openat+0x208c/0x31a0 [ 353.127985][T10437] ? __pfx_path_openat+0x10/0x10 [ 353.128036][T10437] do_file_open+0x20e/0x430 [ 353.128083][T10437] ? __pfx_do_file_open+0x10/0x10 [ 353.128134][T10437] ? __pfx_kfree_link+0x10/0x10 [ 353.128174][T10437] ? alloc_fd+0x476/0x790 [ 353.128212][T10437] ? do_getname+0x191/0x390 [ 353.128257][T10437] do_sys_openat2+0x10d/0x1e0 [ 353.128302][T10437] ? __pfx_do_sys_openat2+0x10/0x10 [ 353.128347][T10437] ? __fget_files+0x21f/0x3d0 [ 353.128385][T10437] __x64_sys_openat+0x12d/0x210 [ 353.128428][T10437] ? __pfx___x64_sys_openat+0x10/0x10 [ 353.128476][T10437] ? rcu_is_watching+0x12/0xc0 [ 353.128515][T10437] do_syscall_64+0x10b/0xf80 [ 353.128557][T10437] ? clear_bhb_loop+0x40/0x90 [ 353.128592][T10437] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 353.128622][T10437] RIP: 0033:0x7ff4f0b9ce59 [ 353.128643][T10437] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 353.128671][T10437] RSP: 002b:00007ff4f1ad1028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 353.128697][T10437] RAX: ffffffffffffffda RBX: 00007ff4f0e15fa0 RCX: 00007ff4f0b9ce59 [ 353.128716][T10437] RDX: 0000000000000800 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 353.128734][T10437] RBP: 00007ff4f0c32d6f R08: 0000000000000000 R09: 0000000000000000 [ 353.128751][T10437] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 353.128767][T10437] R13: 00007ff4f0e16038 R14: 00007ff4f0e15fa0 R15: 00007fff23fb9b68 [ 353.128802][T10437] [ 354.321179][T10460] ubi0: attaching mtd0 [ 354.355860][T10460] ubi0: scanning is finished [ 354.520468][T10460] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 354.592725][T10460] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 354.601313][T10460] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 354.645347][T10460] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 354.673496][T10460] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 354.731384][T10460] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 354.761875][T10460] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 3413360672 [ 354.817729][T10460] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 354.864901][T10463] ubi0: background thread "ubi_bgt0d" started, PID 10463 [ 354.873351][T10461] ubi0: detaching mtd0 [ 354.957669][T10461] ubi0: mtd0 is detached [ 356.078718][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 356.086325][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 356.413435][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 356.421460][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 356.893050][T10488] Process accounting resumed [ 357.071279][T10470] Process accounting resumed [ 357.313210][T10504] FAULT_INJECTION: forcing a failure. [ 357.313210][T10504] name failslab, interval 1, probability 0, space 0, times 0 [ 357.375281][T10504] CPU: 0 UID: 0 PID: 10504 Comm: syz.1.959 Tainted: G L syzkaller #0 PREEMPT(full) [ 357.375324][T10504] Tainted: [L]=SOFTLOCKUP [ 357.375334][T10504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 357.375350][T10504] Call Trace: [ 357.375360][T10504] [ 357.375370][T10504] dump_stack_lvl+0x100/0x190 [ 357.375405][T10504] should_fail_ex.cold+0x5/0xa [ 357.375439][T10504] ? tomoyo_realpath_from_path+0xb6/0x690 [ 357.375475][T10504] should_failslab+0xc2/0x120 [ 357.375508][T10504] __kmalloc_noprof+0xe0/0x850 [ 357.375532][T10504] ? kfree+0x1dd/0x6c0 [ 357.375575][T10504] tomoyo_realpath_from_path+0xb6/0x690 [ 357.375620][T10504] tomoyo_path_number_perm+0x23c/0x580 [ 357.375650][T10504] ? tomoyo_path_number_perm+0x22e/0x580 [ 357.375683][T10504] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 357.375758][T10504] ? find_held_lock+0x2b/0x80 [ 357.375792][T10504] ? __fget_files+0x215/0x3d0 [ 357.375823][T10504] ? hook_file_ioctl_common+0x149/0x410 [ 357.375853][T10504] ? __fget_files+0x215/0x3d0 [ 357.375891][T10504] ? __fget_files+0x21f/0x3d0 [ 357.375929][T10504] security_file_ioctl+0xd3/0x230 [ 357.375961][T10504] __x64_sys_ioctl+0xb7/0x210 [ 357.375992][T10504] do_syscall_64+0x10b/0xf80 [ 357.376034][T10504] ? clear_bhb_loop+0x40/0x90 [ 357.376067][T10504] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 357.376096][T10504] RIP: 0033:0x7fd1a4d9ce59 [ 357.376117][T10504] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 357.376144][T10504] RSP: 002b:00007fd1a5bd5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 357.376171][T10504] RAX: ffffffffffffffda RBX: 00007fd1a5015fa0 RCX: 00007fd1a4d9ce59 [ 357.376190][T10504] RDX: 0000000000000000 RSI: 0000000040186f40 RDI: 0000000000000003 [ 357.376206][T10504] RBP: 00007fd1a5bd5090 R08: 0000000000000000 R09: 0000000000000000 [ 357.376223][T10504] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 357.376240][T10504] R13: 00007fd1a5016038 R14: 00007fd1a5015fa0 R15: 00007ffcf9611158 [ 357.376278][T10504] [ 357.660770][T10504] ERROR: Out of memory at tomoyo_realpath_from_path. [ 358.111209][T10518] device-mapper: ioctl: Unable to rename non-existent device, to uuid [ 358.351449][T10522] ubi0: attaching mtd0 [ 358.380629][T10522] ubi0: scanning is finished [ 358.675146][T10522] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 358.704774][T10522] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 358.772458][T10522] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 358.858843][T10522] ubi0: VID header offset: 64 (aligned 64), data offset: 128 [ 358.905992][T10522] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 358.972976][T10522] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 358.983218][T10522] ubi0: max/mean erase counter: 2/1, WL threshold: 4096, image sequence number: 3413360672 [ 358.995013][T10522] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 359.018834][T10536] ubi0: background thread "ubi_bgt0d" started, PID 10536 [ 359.026006][T10528] ubi0: detaching mtd0 [ 359.139863][T10528] ubi0: mtd0 is detached [ 359.602228][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 359.610445][ T5641] Bluetooth: hci4: Invalid handle: 0x3a4a > 0x0eff [ 359.780487][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 359.789364][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 360.010256][T10541] Process accounting resumed [ 360.061784][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 360.069410][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 360.230999][T10545] Process accounting resumed [ 361.174059][T10583] usb usb21: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 361.352625][T10590] random: crng reseeded on system resumption [ 361.873134][T10564] Process accounting resumed [ 363.272723][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 363.497078][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 363.504846][ T5641] Bluetooth: hci1: Invalid handle: 0x3a4a > 0x0eff [ 363.698897][T10628] futex_wake_op: syz.3.991 tries to shift op by -2048; fix this program [ 363.743768][T10628] futex_wake_op: syz.3.991 tries to shift op by -2048; fix this program [ 363.878827][T10639] Process accounting resumed [ 364.024041][T10628] 0x000000000001-0x000000020000 : "" [ 364.286370][T10628] ftl_cs: FTL header corrupt! [ 364.412000][T10652] netlink: 8 bytes leftover after parsing attributes in process `syz.1.995'. [ 366.918486][ T5641] Bluetooth: hci4: unexpected subevent 0x01 length: 123 > 18 [ 367.991062][T10712] futex_wake_op: syz.4.1009 tries to shift op by -2048; fix this program [ 367.999824][T10712] futex_wake_op: syz.4.1009 tries to shift op by -2048; fix this program [ 368.015744][T10712] 0x000000000001-0x000000020000 : "" [ 368.037712][T10712] ftl_cs: FTL header corrupt! [ 368.490033][T10736] random: crng reseeded on system resumption [ 369.319788][T10761] block nbd3: Unsupported socket: should be TCP or UNIX. [ 370.489010][ T5641] Bluetooth: hci1: unexpected subevent 0x01 length: 123 > 18 [ 370.714157][T10791] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1024'. [ 371.265646][T10777] futex_wake_op: syz.1.1022 tries to shift op by -2048; fix this program [ 371.274424][T10777] futex_wake_op: syz.1.1022 tries to shift op by -2048; fix this program [ 371.311259][T10777] 0x000000000001-0x000000020000 : "" [ 371.380997][T10777] ftl_cs: FTL header corrupt! [ 371.497887][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 371.505454][ T5641] Bluetooth: hci3: Invalid handle: 0x3a4a > 0x0eff [ 371.867688][T10804] Process accounting resumed [ 372.113964][T10823] random: crng reseeded on system resumption [ 372.915561][T10846] random: crng reseeded on system resumption [ 373.257342][T10852] random: crng reseeded on system resumption [ 373.899033][ T5641] Bluetooth: hci0: unexpected subevent 0x01 length: 123 > 18 [ 373.906453][ T5641] Bluetooth: hci0: Invalid handle: 0x3a4a > 0x0eff [ 374.950754][T10859] Process accounting resumed [ 374.992232][ T5641] Bluetooth: hci3: unexpected subevent 0x01 length: 123 > 18 [ 375.163655][T10878] FAULT_INJECTION: forcing a failure. [ 375.163655][T10878] name failslab, interval 1, probability 0, space 0, times 0 [ 375.179365][T10878] CPU: 0 UID: 0 PID: 10878 Comm: syz.1.1043 Tainted: G L syzkaller #0 PREEMPT(full) [ 375.179390][T10878] Tainted: [L]=SOFTLOCKUP [ 375.179396][T10878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 375.179405][T10878] Call Trace: [ 375.179411][T10878] [ 375.179417][T10878] dump_stack_lvl+0x100/0x190 [ 375.179437][T10878] should_fail_ex.cold+0x5/0xa [ 375.179456][T10878] ? tracepoint_add_func+0x3a8/0x1150 [ 375.179478][T10878] should_failslab+0xc2/0x120 [ 375.179496][T10878] __kmalloc_noprof+0xe0/0x850 [ 375.179513][T10878] ? __pfx_trace_event_raw_event_nfsd_file_cons_err+0x10/0x10 [ 375.179533][T10878] tracepoint_add_func+0x3a8/0x1150 [ 375.179553][T10878] ? __pfx_trace_event_raw_event_nfsd_file_cons_err+0x10/0x10 [ 375.179576][T10878] ? __pfx_trace_event_raw_event_nfsd_file_cons_err+0x10/0x10 [ 375.179595][T10878] tracepoint_probe_register+0xc4/0x110 [ 375.179618][T10878] ? __pfx_tracepoint_probe_register+0x10/0x10 [ 375.179639][T10878] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 375.179653][T10878] ? __pfx_trace_event_raw_event_nfsd_file_cons_err+0x10/0x10 [ 375.179671][T10878] ? __pfx_probe_sched_switch+0x10/0x10 [ 375.179698][T10878] trace_event_reg+0x209/0x350 [ 375.179719][T10878] __ftrace_event_enable_disable+0x211/0x6f0 [ 375.179744][T10878] __ftrace_set_clr_event_nolock+0x390/0xc30 [ 375.179765][T10878] ftrace_set_clr_event+0x1b7/0x3f0 [ 375.179783][T10878] ? __pfx_ftrace_set_clr_event+0x10/0x10 [ 375.179800][T10878] ? trace_get_user+0x3ae/0xa70 [ 375.179827][T10878] ftrace_event_write+0x259/0x2c0 [ 375.179844][T10878] ? __pfx_ftrace_event_write+0x10/0x10 [ 375.179868][T10878] vfs_write+0x2aa/0x1070 [ 375.179886][T10878] ? __pfx_ftrace_event_write+0x10/0x10 [ 375.179904][T10878] ? __pfx_vfs_write+0x10/0x10 [ 375.179920][T10878] ? __fget_files+0x215/0x3d0 [ 375.179941][T10878] ? __fget_files+0x21f/0x3d0 [ 375.179964][T10878] ksys_write+0x12a/0x250 [ 375.179980][T10878] ? __pfx_ksys_write+0x10/0x10 [ 375.179998][T10878] ? rcu_is_watching+0x12/0xc0 [ 375.180019][T10878] do_syscall_64+0x10b/0xf80 [ 375.180040][T10878] ? clear_bhb_loop+0x40/0x90 [ 375.180058][T10878] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 375.180081][T10878] RIP: 0033:0x7fd1a4d9ce59 [ 375.180095][T10878] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 375.180109][T10878] RSP: 002b:00007fd1a5bb4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 375.180125][T10878] RAX: ffffffffffffffda RBX: 00007fd1a5016090 RCX: 00007fd1a4d9ce59 [ 375.180135][T10878] RDX: 0000000000000af0 RSI: 0000000000000000 RDI: 0000000000000007 [ 375.180144][T10878] RBP: 00007fd1a4e32d6f R08: 0000000000000000 R09: 0000000000000000 [ 375.180153][T10878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 375.180162][T10878] R13: 00007fd1a5016128 R14: 00007fd1a5016090 R15: 00007ffcf9611158 [ 375.180182][T10878] [ 375.180190][T10878] event trace: Could not enable event nfsd_file_cons_err [ 375.839119][T10879] futex_wake_op: syz.0.1041 tries to shift op by -2048; fix this program [ 375.859920][T10879] futex_wake_op: syz.0.1041 tries to shift op by -2048; fix this program [ 375.891920][T10879] 0x000000000001-0x000000020000 : "" [ 375.960403][T10879] ftl_cs: FTL header corrupt! [ 377.414976][T10911] random: crng reseeded on system resumption [ 378.036583][ T9] ================================================================== [ 378.036608][ T9] BUG: KASAN: vmalloc-out-of-bounds in sys_imageblit+0x19fb/0x1d60 [ 378.036655][ T9] Write of size 8 at addr ffffc90004961be0 by task kworker/0:0/9 [ 378.036678][ T9] [ 378.036694][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 378.036733][ T9] Tainted: [L]=SOFTLOCKUP [ 378.036743][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 378.036766][ T9] Workqueue: events_power_efficient fb_flashcursor [ 378.036796][ T9] Call Trace: [ 378.036805][ T9] [ 378.036815][ T9] dump_stack_lvl+0x100/0x190 [ 378.036844][ T9] print_report+0x13d/0x4b0 [ 378.036879][ T9] ? _raw_spin_lock_irqsave+0x52/0x60 [ 378.036919][ T9] ? sys_imageblit+0x19fb/0x1d60 [ 378.036956][ T9] kasan_report+0xdf/0x1d0 [ 378.036988][ T9] ? sys_imageblit+0x19fb/0x1d60 [ 378.037038][ T9] sys_imageblit+0x19fb/0x1d60 [ 378.037081][ T9] ? __pfx_sys_imageblit+0x10/0x10 [ 378.037126][ T9] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 378.037162][ T9] soft_cursor+0x524/0xa10 [ 378.037202][ T9] bit_cursor+0xca1/0x1490 [ 378.037241][ T9] ? __pfx_bit_cursor+0x10/0x10 [ 378.037279][ T9] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 378.037319][ T9] ? get_color+0x1da/0x450 [ 378.037348][ T9] ? __pfx_bit_cursor+0x10/0x10 [ 378.037380][ T9] fb_flashcursor+0x338/0x430 [ 378.037410][ T9] process_one_work+0xa0e/0x1980 [ 378.037445][ T9] ? __pfx_process_one_work+0x10/0x10 [ 378.037478][ T9] ? __pfx_fb_flashcursor+0x10/0x10 [ 378.037508][ T9] worker_thread+0x5ef/0xe50 [ 378.037540][ T9] ? kthread+0x13a/0x450 [ 378.037562][ T9] ? __pfx_worker_thread+0x10/0x10 [ 378.037586][ T9] kthread+0x370/0x450 [ 378.037607][ T9] ? __pfx_kthread+0x10/0x10 [ 378.037630][ T9] ret_from_fork+0x72b/0xd50 [ 378.037658][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 378.037686][ T9] ? __switch_to+0x800/0x1100 [ 378.037718][ T9] ? __switch_to_asm+0x39/0x70 [ 378.037752][ T9] ? __pfx_kthread+0x10/0x10 [ 378.037775][ T9] ret_from_fork_asm+0x1a/0x30 [ 378.037815][ T9] [ 378.037823][ T9] [ 378.037830][ T9] The buggy address belongs to a vmalloc virtual mapping [ 378.037855][ T9] Memory state around the buggy address: [ 378.037869][ T9] ffffc90004961a80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 378.037892][ T9] ffffc90004961b00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 378.037912][ T9] >ffffc90004961b80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 378.037927][ T9] ^ [ 378.037943][ T9] ffffc90004961c00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 378.037963][ T9] ffffc90004961c80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 378.037978][ T9] ================================================================== [ 378.038009][ T9] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 378.038038][ T9] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Tainted: G L syzkaller #0 PREEMPT(full) [ 378.038078][ T9] Tainted: [L]=SOFTLOCKUP [ 378.038088][ T9] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 378.038107][ T9] Workqueue: events_power_efficient fb_flashcursor [ 378.038138][ T9] Call Trace: [ 378.038146][ T9] [ 378.038156][ T9] dump_stack_lvl+0x100/0x190 [ 378.038185][ T9] vpanic+0x552/0x970 [ 378.038211][ T9] ? __pfx_vpanic+0x10/0x10 [ 378.038237][ T9] ? mark_held_locks+0x40/0x70 [ 378.038263][ T9] ? irqentry_exit+0x24d/0x7e0 [ 378.038305][ T9] ? sys_imageblit+0x19fb/0x1d60 [ 378.038343][ T9] panic+0xd1/0xe0 [ 378.038368][ T9] ? __pfx_panic+0x10/0x10 [ 378.038399][ T9] ? check_panic_on_warn+0x1f/0x90 [ 378.038428][ T9] check_panic_on_warn.cold+0x19/0x34 [ 378.038458][ T9] end_report.part.0+0x3a/0x90 [ 378.038495][ T9] kasan_report.cold+0xe/0x18 [ 378.038534][ T9] ? sys_imageblit+0x19fb/0x1d60 [ 378.038578][ T9] sys_imageblit+0x19fb/0x1d60 [ 378.038622][ T9] ? __pfx_sys_imageblit+0x10/0x10 [ 378.038670][ T9] drm_fbdev_shmem_defio_imageblit+0x20/0x130 [ 378.038704][ T9] soft_cursor+0x524/0xa10 [ 378.038743][ T9] bit_cursor+0xca1/0x1490 [ 378.038780][ T9] ? __pfx_bit_cursor+0x10/0x10 [ 378.038817][ T9] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 378.038855][ T9] ? get_color+0x1da/0x450 [ 378.038881][ T9] ? __pfx_bit_cursor+0x10/0x10 [ 378.038911][ T9] fb_flashcursor+0x338/0x430 [ 378.038940][ T9] process_one_work+0xa0e/0x1980 [ 378.038974][ T9] ? __pfx_process_one_work+0x10/0x10 [ 378.039006][ T9] ? __pfx_fb_flashcursor+0x10/0x10 [ 378.039044][ T9] worker_thread+0x5ef/0xe50 [ 378.039076][ T9] ? kthread+0x13a/0x450 [ 378.039098][ T9] ? __pfx_worker_thread+0x10/0x10 [ 378.039125][ T9] kthread+0x370/0x450 [ 378.039147][ T9] ? __pfx_kthread+0x10/0x10 [ 378.039172][ T9] ret_from_fork+0x72b/0xd50 [ 378.039202][ T9] ? __pfx_ret_from_fork+0x10/0x10 [ 378.039233][ T9] ? __switch_to+0x800/0x1100 [ 378.039267][ T9] ? __switch_to_asm+0x39/0x70 [ 378.039302][ T9] ? __pfx_kthread+0x10/0x10 [ 378.039328][ T9] ret_from_fork_asm+0x1a/0x30 [ 378.039371][ T9] [ 378.039709][ T9] Kernel Offset: disabled